Loading...

Popular Free Commercial Categories Tasks Blog

CyberSecTools

Explore the largest curated directory of cybersecurity tools and resources to enhance your security practices. Find the right solution for your domain.

Operated by:

Mandos Cyber • KVK: 97994448

Netherlands • contact@mandos.io

VAT: NL005301434B12

Copyright © 2025 - All rights reserved

LINKS

LEGAL

Terms of services Privacy policy

Offensive Security

Ethical hacking tools and resources for penetration testing and red team operations.Explore 313 curated tools and resources

Search by name, description, or purpose... (⌘+K)

Home
Categories
Offensive Security

RELATED TASKS

active-directory (3)ai (2)analytics (1)android (3)android-security (2)anti-forensics (2)antivirus (4)apache (3)api (3)api-security (2)

PINNED

Promoted • 6 tools

Commercial

Data Protection

Commercial

Network Security

Commercial

Consulting

Commercial

Application Security

Commercial

Cloud Security

Commercial

Application Security

Want your tool featured here?

Get maximum visibility with pinned placement

LATEST ADDITIONS

XSSOauthPersistence
Maintaining account persistence via XSS and Oauth
0
Free
Offensive Security
Xss
XSSOauthPersistence
Maintaining account persistence via XSS and Oauth
0
Free
Offensive Security
Xss
LFISuite
A tool for Local File Inclusion (LFI) exploitation and scanning
0
Free
Offensive Security
Lfi
Scanner
Reverse Shell
Exploit
File Inclusion
LFISuite
A tool for Local File Inclusion (LFI) exploitation and scanning
0
Free
Offensive Security
Lfi
Scanner
Reverse Shell
+2
tko-subs
A tool for detecting and taking over subdomains with dead DNS records
0
Free
Offensive Security
Dns
Subdomain Takeover
Security Research
Penetration Testing
tko-subs
A tool for detecting and taking over subdomains with dead DNS records
0
Free
Offensive Security
Dns
Subdomain Takeover
Security Research
+1
DNS Rebind Toolkit
A front-end JavaScript toolkit for creating DNS rebinding attacks
0
Free
Offensive Security
Dns
Rebinding
Attack Tool
Penetration Testing
Security Research
DNS Rebind Toolkit
A front-end JavaScript toolkit for creating DNS rebinding attacks
0
Free
Offensive Security
Dns
Rebinding
Attack Tool
+2
SSRFmap
Automatic SSRF fuzzer and exploitation tool
0
Free
Offensive Security
Ssrf
Fuzzer
Exploitation
Penetration Testing
SSRFmap
Automatic SSRF fuzzer and exploitation tool
0
Free
Offensive Security
Ssrf
Fuzzer
Exploitation
+1
xsshunter_client
A correlated injection proxy tool that integrates with XSS Hunter for automated cross-site scripting vulnerability testing and payload tracking.
0
Free
Offensive Security
Xss
Penetration Testing
Vulnerability Testing
Proxy
Web Security
Offensive Security
Payload
Injection
Web Application Security
Pentesting
xsshunter_client
A correlated injection proxy tool that integrates with XSS Hunter for automated cross-site scripting vulnerability testing and payload tracking.
0
Free
Offensive Security
Xss
Penetration Testing
Vulnerability Testing
+7
s3reverse
A format conversion tool for S3 buckets designed to assist bug bounty hunters and security testers in standardizing bucket data during reconnaissance activities.
0
Free
Offensive Security
S3
Aws
Cloud Security
Bug Bounty
Reconnaissance
Penetration Testing
Offensive Security
Enumeration
Security Testing
Aws Security
s3reverse
A format conversion tool for S3 buckets designed to assist bug bounty hunters and security testers in standardizing bucket data during reconnaissance activities.
0
Free
Offensive Security
S3
Aws
Cloud Security
+7
vaf
A cross-platform web fuzzer written in Nim
0
Free
Offensive Security
Fuzzing
Protocol Analysis
Security Testing
vaf
A cross-platform web fuzzer written in Nim
0
Free
Offensive Security
Fuzzing
Protocol Analysis
Security Testing
Sudomy
A subdomain enumeration tool for bug hunting and pentesting
0
Free
Offensive Security
Subdomain Enumeration
Bug Hunting
Pentesting
Security Research
Sudomy
A subdomain enumeration tool for bug hunting and pentesting
0
Free
Offensive Security
Subdomain Enumeration
Bug Hunting
Pentesting
+1
SSRF-Sheriff
A simple SSRF-testing sheriff written in Go
0
Free
Offensive Security
Ssrf
Go
Web Security
Vulnerability Scanning
SSRF-Sheriff
A simple SSRF-testing sheriff written in Go
0
Free
Offensive Security
Ssrf
Go
Web Security
+1
Turbo Intruder
A Burp Suite extension for sending large numbers of HTTP requests and analyzing the results.
0
Free
Offensive Security
Burp Suite
Vulnerability Scanning
Http Requests
Penetration Testing
Security Testing
Turbo Intruder
A Burp Suite extension for sending large numbers of HTTP requests and analyzing the results.
0
Free
Offensive Security
Burp Suite
Vulnerability Scanning
Http Requests
+2
ysoserial.net
A payload generator that creates malicious deserialization payloads for testing .NET applications against insecure deserialization vulnerabilities.
0
Free
Offensive Security
Deserialization
Payload Generation
Dotnet
Net
Exploit
Penetration Testing
Vulnerability Testing
Offensive Security
Payload
Security Testing
ysoserial.net
A payload generator that creates malicious deserialization payloads for testing .NET applications against insecure deserialization vulnerabilities.
0
Free
Offensive Security
Deserialization
Payload Generation
Dotnet
+7
AWSBucketDump
A security tool for discovering and analyzing interesting files in AWS S3 buckets across multiple regions and bucket types.
0
Free
Offensive Security
Aws
S3
Penetration Testing
Reconnaissance
Cloud Security
Security Testing
Enumeration
Aws Security
Offensive Security
Cloud
AWSBucketDump
A security tool for discovering and analyzing interesting files in AWS S3 buckets across multiple regions and bucket types.
0
Free
Offensive Security
Aws
S3
Penetration Testing
+7
ESC
ESC is an interactive .NET SQL console client with enhanced SQL Server discovery and data exfiltration features designed for penetration testing and red team engagements.
0
Free
Offensive Security
Offensive Security
Penetration Testing
Red Team
Sql
Database Security
Data Exfiltration
Enumeration
Dotnet
Powershell
Cli
ESC
ESC is an interactive .NET SQL console client with enhanced SQL Server discovery and data exfiltration features designed for penetration testing and red team engagements.
0
Free
Offensive Security
Offensive Security
Penetration Testing
Red Team
+7
dref
A DNS rebinding exploitation framework
0
Free
Offensive Security
Dns
Rebinding
Exploitation
Framework
Security Research
Penetration Testing
dref
A DNS rebinding exploitation framework
0
Free
Offensive Security
Dns
Rebinding
Exploitation
+3
racepwn
A framework for testing and exploiting race conditions in software
0
Free
Offensive Security
Blue Team
Red Team
Penetration Testing
Penetration Testing Framework
racepwn
A framework for testing and exploiting race conditions in software
0
Free
Offensive Security
Blue Team
Red Team
Penetration Testing
+1
Findomain
A domain reconnaissance tool that automates subdomain discovery, port scanning, and monitoring with support for multiple data sources and notification integrations.
0
Free
Offensive Security
Reconnaissance
Subdomain Enumeration
Subdomain Discovery
Port Scanning
Network Reconnaissance
Osint
Penetration Testing
Attack Surface
Domain Enumeration
Recon
Findomain
A domain reconnaissance tool that automates subdomain discovery, port scanning, and monitoring with support for multiple data sources and notification integrations.
0
Free
Offensive Security
Reconnaissance
Subdomain Enumeration
Subdomain Discovery
+7
GitTools
A collection of three tools for extracting, dumping, and scanning exposed .git repositories on websites to identify sensitive information and security vulnerabilities.
0
Free
Offensive Security
Offensive Security
Penetration Testing
Reconnaissance
Information Security
Git
Web Security
Vulnerability Assessment
Sensitive Data
Pentesting
Security Testing
GitTools
A collection of three tools for extracting, dumping, and scanning exposed .git repositories on websites to identify sensitive information and security vulnerabilities.
0
Free
Offensive Security
Offensive Security
Penetration Testing
Reconnaissance
+7
Injectus
A CRLF and open redirect fuzzer
0
Free
Offensive Security
Fuzzer
Open Redirect
Security Testing
Vulnerability Scanning
Injectus
A CRLF and open redirect fuzzer
0
Free
Offensive Security
Fuzzer
Open Redirect
Security Testing
+1
Turbo Intruder Scripts
A collection of customizable automation scripts for Turbo Intruder that facilitate vulnerability scanning, exploitation, and data extraction in penetration testing workflows.
0
Free
Offensive Security
Penetration Testing
Automation
Vulnerability Scanning
Exploitation
Offensive Security
Pentesting
Security Testing
Scripting
Workflow Automation
Pentest
Turbo Intruder Scripts
A collection of customizable automation scripts for Turbo Intruder that facilitate vulnerability scanning, exploitation, and data extraction in penetration testing workflows.
0
Free
Offensive Security
Penetration Testing
Automation
Vulnerability Scanning
+7
Singularity
A DNS rebinding attack framework for security researchers and penetration testers.
0
Free
Offensive Security
Dns Rebinding
Penetration Testing
Security Research
Web Application Security
Network Security
Singularity
A DNS rebinding attack framework for security researchers and penetration testers.
0
Free
Offensive Security
Dns Rebinding
Penetration Testing
Security Research
+2
Whonow
A malicious DNS server that executes DNS Rebinding attacks on-demand to bypass same-origin policy restrictions and access internal network resources.
0
Free
Offensive Security
Dns
Dns Rebinding
Offensive Security
Penetration Testing
Attack Tool
Network Security
Server
Rebinding
Exploitation
Security Testing
Whonow
A malicious DNS server that executes DNS Rebinding attacks on-demand to bypass same-origin policy restrictions and access internal network resources.
0
Free
Offensive Security
Dns
Dns Rebinding
Offensive Security
+7
ThreatCheck
A comprehensive malware-analysis tool that utilizes external AV scanners to identify malicious elements in binary files.
0
Free
Offensive Security
Malware Analysis
Binary Analysis
Antivirus
File Analysis
ThreatCheck
A comprehensive malware-analysis tool that utilizes external AV scanners to identify malicious elements in binary files.
0
Free
Offensive Security
Malware Analysis
Binary Analysis
Antivirus
+1
GadgetToJScript
A tool that generates .NET serialized gadgets for triggering assembly load and execution through BinaryFormatter deserialization in JavaScript, VBScript, and VBA scripts.
0
Free
Offensive Security
Offensive Security
Payload Generation
Deserialization
Net
Dotnet
Exploit
Payload
Javascript
Penetration Testing
Code Injection
GadgetToJScript
A tool that generates .NET serialized gadgets for triggering assembly load and execution through BinaryFormatter deserialization in JavaScript, VBScript, and VBA scripts.
0
Free
Offensive Security
Offensive Security
Payload Generation
Deserialization
+7

Previous
1
2
3
4
14
Next