Offensive Security
Offensive security tools for penetration testing, red team exercises, exploit development, and ethical hacking activities.
Explore 455 curated cybersecurity tools, with 16,024+ visitors searching for solutions
FEATURED
Cybercrime intelligence tools for searching compromised credentials from infostealers
Password manager with end-to-end encryption and identity protection features
VPN service providing encrypted internet connections and privacy protection
Fractional CISO services for B2B companies to accelerate sales and compliance
Get Featured
Feature your product and reach thousands of professionals.
RELATED TASKS
A high-level C++ library for creating and decoding network packets with a Scapy-like interface.
A high-level C++ library for creating and decoding network packets with a Scapy-like interface.
A cheat sheet providing examples of creating reverse shells for penetration testing.
A cheat sheet providing examples of creating reverse shells for penetration testing.
Open source penetration testing tool for detecting and exploiting command injection vulnerabilities.
Open source penetration testing tool for detecting and exploiting command injection vulnerabilities.
mitmproxy is an interactive, SSL/TLS-capable intercepting proxy with a console interface for HTTP/1, HTTP/2, and WebSockets.
mitmproxy is an interactive, SSL/TLS-capable intercepting proxy with a console interface for HTTP/1, HTTP/2, and WebSockets.
An API for constructing and injecting network packets with additional functionality.
An API for constructing and injecting network packets with additional functionality.
ezXSS is a testing framework that helps penetration testers and bug bounty hunters identify Cross Site Scripting vulnerabilities, especially blind XSS attacks.
ezXSS is a testing framework that helps penetration testers and bug bounty hunters identify Cross Site Scripting vulnerabilities, especially blind XSS attacks.
Exploiting WordPress With Metasploit, containing 45 modules for exploits and auxiliaries.
Exploiting WordPress With Metasploit, containing 45 modules for exploits and auxiliaries.
A hardware security validation toolkit for x86 platforms that provides bootable tools for checking platform configuration registers and managing SecureBoot keys.
A hardware security validation toolkit for x86 platforms that provides bootable tools for checking platform configuration registers and managing SecureBoot keys.
An open-source shellcode and PE packer for creating and managing portable executable files.
An open-source shellcode and PE packer for creating and managing portable executable files.
A modular and script-friendly multithread bruteforcer for managing task parameters in Python scripts.
A modular and script-friendly multithread bruteforcer for managing task parameters in Python scripts.
Sysreptor provides a customizable security reporting solution for penetration testers and red teamers.
Sysreptor provides a customizable security reporting solution for penetration testers and red teamers.
A PHP-based command and control framework that maintains persistent web server access through polymorphic backdoors and HTTP header communication tunneling.
A PHP-based command and control framework that maintains persistent web server access through polymorphic backdoors and HTTP header communication tunneling.
DOS attack by sending fake BPDUs to disrupt switches' STP engines.
DOS attack by sending fake BPDUs to disrupt switches' STP engines.
Preparation process for participating in the Pacific Rim CCDC 2015.
Preparation process for participating in the Pacific Rim CCDC 2015.
Sysreptor offers a customizable reporting solution for penetration testers and red teamers to streamline their security assessments.
Sysreptor offers a customizable reporting solution for penetration testers and red teamers to streamline their security assessments.
A Python utility that calculates RSA cryptographic parameters and generates OpenSSL-compatible private keys from prime numbers or modulus/exponent pairs.
A Python utility that calculates RSA cryptographic parameters and generates OpenSSL-compatible private keys from prime numbers or modulus/exponent pairs.
GraphSpy is a browser-based post-exploitation tool for Azure Active Directory and Office 365 environments that enables token management, reconnaissance, and interaction with Microsoft 365 services.
GraphSpy is a browser-based post-exploitation tool for Azure Active Directory and Office 365 environments that enables token management, reconnaissance, and interaction with Microsoft 365 services.
Semi-tethered jailbreak for iPhone 5s to iPhone X, running iOS 12.0 and up, using the 'checkm8' bootrom exploit.
Semi-tethered jailbreak for iPhone 5s to iPhone X, running iOS 12.0 and up, using the 'checkm8' bootrom exploit.
A planning framework document that guides red team exercise preparation with focus on blue team development and constructive learning outcomes.
A planning framework document that guides red team exercise preparation with focus on blue team development and constructive learning outcomes.
CrossC2 is a cross-platform payload generator that extends CobaltStrike's capabilities to Linux and macOS environments for red team operations.
CrossC2 is a cross-platform payload generator that extends CobaltStrike's capabilities to Linux and macOS environments for red team operations.
KeeFarce extracts cleartext password database information from KeePass 2.x processes in memory using DLL injection and .NET runtime manipulation.
KeeFarce extracts cleartext password database information from KeePass 2.x processes in memory using DLL injection and .NET runtime manipulation.
A tutorial on how to use Apache mod_rewrite to randomly serve payloads in phishing attacks
A tutorial on how to use Apache mod_rewrite to randomly serve payloads in phishing attacks
Java decompiler GUI tool for Procyon under Apache License.
Offensive Security Tools - FAQ
Common questions about Offensive Security tools including selection guides, pricing, and comparisons.
Offensive security tools for penetration testing, red team exercises, exploit development, and ethical hacking activities.
