Offensive Security
Offensive security tools for penetration testing, red team exercises, exploit development, and ethical hacking activities.
Browse 458 offensive security tools
FEATURED
RELATED TASKS
A toolkit for testing, tweaking and cracking JSON Web Tokens
A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.
A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.
A tool for Local File Inclusion (LFI) exploitation and scanning
LinksDumper extracts links and endpoints from HTTP responses to support web application security testing and reconnaissance activities.
LinksDumper extracts links and endpoints from HTTP responses to support web application security testing and reconnaissance activities.
A tool for collecting and analyzing screenshots from remote desktop protocols, web applications, and VNC connections.
A tool for collecting and analyzing screenshots from remote desktop protocols, web applications, and VNC connections.
A tool for detecting and taking over subdomains with dead DNS records
A tool to embed XXE and XSS payloads in various file formats
A front-end JavaScript toolkit for creating DNS rebinding attacks
A front-end JavaScript toolkit for creating DNS rebinding attacks
A Go-based command-line tool that uses Chrome Headless to automatically capture screenshots of web pages for reconnaissance and analysis purposes.
A Go-based command-line tool that uses Chrome Headless to automatically capture screenshots of web pages for reconnaissance and analysis purposes.
A Python script that finds endpoints in JavaScript files to identify potential security vulnerabilities.
A Python script that finds endpoints in JavaScript files to identify potential security vulnerabilities.
A tool to search for Sentry config on a page or in JavaScript files and check for blind SSRF
A tool to search for Sentry config on a page or in JavaScript files and check for blind SSRF
A format conversion tool for S3 buckets designed to assist bug bounty hunters and security testers in standardizing bucket data during reconnaissance activities.
A format conversion tool for S3 buckets designed to assist bug bounty hunters and security testers in standardizing bucket data during reconnaissance activities.
A tool for testing subdomain takeover possibilities at a mass scale.
Fuzzilli is a JavaScript engine fuzzer that helps identify vulnerabilities in JavaScript engines.
Fuzzilli is a JavaScript engine fuzzer that helps identify vulnerabilities in JavaScript engines.
A brute force parameter discovery tool for identifying hidden GET and POST parameters in web applications during security assessments.
A brute force parameter discovery tool for identifying hidden GET and POST parameters in web applications during security assessments.
A tool to bypass Content Security Policy (CSP) restrictions
A fast and multi-purpose DNS toolkit for DNS reconnaissance and testing
A payload generator that creates malicious deserialization payloads for testing .NET applications against insecure deserialization vulnerabilities.
A payload generator that creates malicious deserialization payloads for testing .NET applications against insecure deserialization vulnerabilities.
Offensive Security Tools - FAQ
Common questions about Offensive Security tools including selection guides, pricing, and comparisons.
Offensive security tools for penetration testing, red team exercises, exploit development, and ethical hacking activities.
