Offensive Security
Offensive security tools for penetration testing, red team exercises, exploit development, and ethical hacking activities.
Browse 458 offensive security tools
FEATURED
RELATED TASKS
KeeFarce extracts cleartext password database information from KeePass 2.x processes in memory using DLL injection and .NET runtime manipulation.
KeeFarce extracts cleartext password database information from KeePass 2.x processes in memory using DLL injection and .NET runtime manipulation.
A tutorial on how to use Apache mod_rewrite to randomly serve payloads in phishing attacks
A tutorial on how to use Apache mod_rewrite to randomly serve payloads in phishing attacks
Java decompiler GUI tool for Procyon under Apache License.
An open-source security tool that simulates network breaches by self-propagating across data centers to test organizational resilience against lateral movement attacks.
An open-source security tool that simulates network breaches by self-propagating across data centers to test organizational resilience against lateral movement attacks.
Learn how to create new Malleable C2 profiles for Cobalt Strike to avoid detection and signatured toolset
Learn how to create new Malleable C2 profiles for Cobalt Strike to avoid detection and signatured toolset
A proof-of-concept tool that demonstrates the Dirty COW kernel exploit (CVE-2016-5195) for privilege escalation within Docker containers, specifically targeting nginx images while providing mitigation guidance through AppArmor profiles.
A proof-of-concept tool that demonstrates the Dirty COW kernel exploit (CVE-2016-5195) for privilege escalation within Docker containers, specifically targeting nginx images while providing mitigation guidance through AppArmor profiles.
A vulnerable web site for testing Sentinel features
InsecureBankv2 is an intentionally vulnerable Android application with a Python back-end server designed for educational purposes in mobile security testing and Android vulnerability research.
InsecureBankv2 is an intentionally vulnerable Android application with a Python back-end server designed for educational purposes in mobile security testing and Android vulnerability research.
Tool for attacking Active Directory environments through SQL Server access.
Tool for attacking Active Directory environments through SQL Server access.
Using Apache mod_rewrite rules to rewrite incident responder or security appliance requests to an innocuous website or the target's real website.
Using Apache mod_rewrite rules to rewrite incident responder or security appliance requests to an innocuous website or the target's real website.
A dynamic redirect rules generator that creates custom redirect configurations for penetration testing and security assessment scenarios.
A dynamic redirect rules generator that creates custom redirect configurations for penetration testing and security assessment scenarios.
Fernflower is an analytical decompiler for Java with command-line options and support for external classes.
Fernflower is an analytical decompiler for Java with command-line options and support for external classes.
BeEF is a specialized penetration testing tool for exploiting web browser vulnerabilities to assess security.
BeEF is a specialized penetration testing tool for exploiting web browser vulnerabilities to assess security.
Weaponizing Kerberos protocol flaws for stealthy attacks on domain users.
Weaponizing Kerberos protocol flaws for stealthy attacks on domain users.
A proxy aware C2 framework for penetration testing, red teaming, post-exploitation, and lateral movement with modular format and highly configurable payloads.
A proxy aware C2 framework for penetration testing, red teaming, post-exploitation, and lateral movement with modular format and highly configurable payloads.
DIVA Android is an intentionally vulnerable Android application designed to teach security professionals and developers about mobile application security flaws through hands-on learning.
DIVA Android is an intentionally vulnerable Android application designed to teach security professionals and developers about mobile application security flaws through hands-on learning.
A unified repository for different Metasploit Framework payloads.
A unified repository for different Metasploit Framework payloads.
ILSpy is the open-source .NET assembly browser and decompiler with various decompiler frontends and features.
ILSpy is the open-source .NET assembly browser and decompiler with various decompiler frontends and features.
Pack up to 3MB of data into a tweetable PNG polyglot file.
A repository containing material for Android greybox fuzzing with AFL++ Frida mode
A repository containing material for Android greybox fuzzing with AFL++ Frida mode
A script to assist in creating templates for VirtualBox to enhance VM detection evasion.
A script to assist in creating templates for VirtualBox to enhance VM detection evasion.
A guide to bypassing RFID card reader security mechanisms using specialized hardware
A guide to bypassing RFID card reader security mechanisms using specialized hardware
A Burp Suite plugin that performs intelligent content discovery by analyzing current requests to identify directories, files, and variations based on the application's structure.
A Burp Suite plugin that performs intelligent content discovery by analyzing current requests to identify directories, files, and variations based on the application's structure.
Back-end component for red team operations with crucial design considerations.
Back-end component for red team operations with crucial design considerations.
Offensive Security Tools - FAQ
Common questions about Offensive Security tools including selection guides, pricing, and comparisons.
Offensive security tools for penetration testing, red team exercises, exploit development, and ethical hacking activities.
