Offensive Security Tools
Offensive security tools for penetration testing, red team exercises, exploit development, and ethical hacking activities.
Browse 246 offensive security tools
FEATURED
USE CASES
Fuzzilli is a JavaScript engine fuzzer that helps identify vulnerabilities in JavaScript engines.
A golang utility to spider through a website searching for additional links.
A Python script that finds endpoints in JavaScript files to identify potential security vulnerabilities.
A next-generation crawling and spidering framework for extracting data from websites
A Go-based web spider tool for automated crawling and data collection from web resources across multiple protocols and formats.
An automated tool for identifying technologies used on websites with mass scanning capabilities, based on the Wappalyzer detection engine.
A tool for collecting and analyzing screenshots from remote desktop protocols, web applications, and VNC connections.
A Go-based command-line tool that uses Chrome Headless to automatically capture screenshots of web pages for reconnaissance and analysis purposes.
A command-line tool for capturing automated screenshots of websites and mobile applications with support for multiple browsers and device emulations.
A subdomain enumeration tool for penetration testers and security researchers.
A tool that exposes the functionality of the Volume Shadow Copy Service (VSS) for creation, enumeration, and manipulation of volume shadow copies, with features for persistence and evasion.
A command line utility for managing volume shadow copies with capabilities for evasion, persistence, and file extraction.
Tool for randomizing Cobalt Strike Malleable C2 profiles to evade static, signature-based detection controls.
A tutorial on how to use Apache mod_rewrite to randomly serve payloads in phishing attacks
Customize Empire's GET request URIs, user agent, and headers for evading detection and masquerading as other applications.
Learn how to create new Malleable C2 profiles for Cobalt Strike to avoid detection and signatured toolset
Collection of Windows oneliners for executing arbitrary code and downloading remote payloads.
Online Java decompiler tool with support for modern Java features.
Offensive Security Tools FAQ
Common questions about Offensive Security tools, selection guides, pricing, and comparisons.
Penetration testing evaluates specific systems or applications for vulnerabilities within a defined scope and timeframe. Red teaming simulates a real adversary with minimal restrictions, attempting to achieve specific objectives (access CEO email, exfiltrate customer data) using any attack vector: technical exploitation, social engineering, and physical access. Red teaming tests your entire security program, not just your technology.
