Offensive Security

Ethical hacking tools and resources for penetration testing and red team operations.Explore 311 curated tools and resources

Search by name, description, or purpose... (⌘+K)

PINNED

Promoted • 6 tools

Proton Pass

Commercial

Data Protection

NordVPN

Commercial

Network Security

Mandos

Commercial

Consulting

Checkmarx SCA

Commercial

Application Security

Orca Security

Commercial

Cloud Security

DryRun

Commercial

Application Security

Want your tool featured here?

Get maximum visibility with pinned placement

LATEST ADDITIONS

C3
C3 is a framework for creating custom C2 channels, integrating with existing offensive toolkits.
0
Free
Offensive Security
C2
Command And Control
Offensive Security
Pentest
Red Team
Toolkit
C3
C3 is a framework for creating custom C2 channels, integrating with existing offensive toolkits.
0
Free
Offensive Security
C2
Command And Control
Offensive Security
+3
Sticky-Keys-Slayer
A tool that scans for accessibility tools backdoors via RDP
0
Free
Offensive Security
Remote Desktop
Rdp
Sticky-Keys-Slayer
A tool that scans for accessibility tools backdoors via RDP
0
Free
Offensive Security
Remote Desktop
Rdp
Brute Ratel C4
Advanced command and control tool for red teaming and adversary simulation with extensive features and evasion capabilities.
0
Free
Offensive Security
C2
Command And Control
Red Team
Brute Ratel C4
Advanced command and control tool for red teaming and adversary simulation with extensive features and evasion capabilities.
0
Free
Offensive Security
C2
Command And Control
Red Team
Skyhook
Skyhook is an HTTP-based file transfer tool that uses obfuscation techniques to evade detection by Intrusion Detection Systems.
0
Free
Offensive Security
Offensive Security
Evasion
Http
Obfuscation
Ids
Red Team
Data Exfiltration
Skyhook
Skyhook is an HTTP-based file transfer tool that uses obfuscation techniques to evade detection by Intrusion Detection Systems.
0
Free
Offensive Security
Offensive Security
Evasion
Http
+4
Stratus Red Team
Emulate offensive attack techniques in the cloud with a self-contained Go binary.
0
Free
Offensive Security
Cloud
Red Team
Mitre Attack
Go
Docker
Stratus Red Team
Emulate offensive attack techniques in the cloud with a self-contained Go binary.
0
Free
Offensive Security
Cloud
Red Team
Mitre Attack
+2
Tugarecon
A subdomain enumeration tool for penetration testers and security researchers.
0
Free
Offensive Security
Subdomain Enumeration
Penetration Testing
Security Research
Search Engine
Database
Enumeration
Tugarecon
A subdomain enumeration tool for penetration testers and security researchers.
0
Free
Offensive Security
Subdomain Enumeration
Penetration Testing
Security Research
+3
Randomized Malleable C2 Profiles Made Easy
Tool for randomizing Cobalt Strike Malleable C2 profiles to evade static, signature-based detection controls.
0
Free
Offensive Security
C2
Cobalt Strike
Malleable C2
Red Team
Penetration Testing
Randomized Malleable C2 Profiles Made Easy
Tool for randomizing Cobalt Strike Malleable C2 profiles to evade static, signature-based detection controls.
0
Free
Offensive Security
C2
Cobalt Strike
Malleable C2
+2
WayMore
A tool that finds more information about a given URL or domain by querying multiple data sources.
0
Free
Offensive Security
Url Scanning
Subdomain Discovery
Ip Address
Security Research
Penetration Testing
WayMore
A tool that finds more information about a given URL or domain by querying multiple data sources.
0
Free
Offensive Security
Url Scanning
Subdomain Discovery
Ip Address
+2
ParamSpider
A tool for mining URLs from dark corners of Web Archives for bug hunting/fuzzing/further probing
1
Free
Offensive Security
Bug Bounty
Bug Hunting
Fuzzing
Security Research
Web Application Security
Web Scraping
ParamSpider
A tool for mining URLs from dark corners of Web Archives for bug hunting/fuzzing/further probing
1
Free
Offensive Security
Bug Bounty
Bug Hunting
Fuzzing
+3
OneFuzz
Self-hosted Fuzzing-As-A-Service platform for continuous developer-driven fuzzing.
0
Free
Offensive Security
Fuzzing
Security Testing
Devsecops
OneFuzz
Self-hosted Fuzzing-As-A-Service platform for continuous developer-driven fuzzing.
0
Free
Offensive Security
Fuzzing
Security Testing
Devsecops
Gato
A tool for enumerating and attacking GitHub Actions pipelines
0
Free
Offensive Security
Github
Security Research
Penetration Testing
Gato
A tool for enumerating and attacking GitHub Actions pipelines
0
Free
Offensive Security
Github
Security Research
Penetration Testing
SecLists
SecLists is a comprehensive repository of security testing lists including usernames, passwords, URLs, fuzzing payloads, and web shells used during penetration testing and security assessments.
0
Free
Offensive Security
Penetration Testing
Fuzzing
Wordlists
Payloads
Reconnaissance
Web Security
Password Cracking
Offensive Security
Security Testing
Pentesting
SecLists
SecLists is a comprehensive repository of security testing lists including usernames, passwords, URLs, fuzzing payloads, and web shells used during penetration testing and security assessments.
0
Free
Offensive Security
Penetration Testing
Fuzzing
Wordlists
+7
PETEP (PEnetration TEsting Proxy)
Open-source Java application for creating proxies for traffic analysis & modification.
0
Free
Offensive Security
Proxy
Penetration Testing
Java
Traffic Analysis
PETEP (PEnetration TEsting Proxy)
Open-source Java application for creating proxies for traffic analysis & modification.
0
Free
Offensive Security
Proxy
Penetration Testing
Java
+1
ExploitDB
A CVE compliant archive of public exploits and corresponding vulnerable software, and a categorized index of Internet search engine queries designed to uncover sensitive information.
1
Free
Offensive Security
Exploit
Vulnerability Research
Penetration Testing
Cybersecurity
Cve
ExploitDB
A CVE compliant archive of public exploits and corresponding vulnerable software, and a categorized index of Internet search engine queries designed to uncover sensitive information.
1
Free
Offensive Security
Exploit
Vulnerability Research
Penetration Testing
+2
Cobalt Strike's ExternalC2 framework
A specification/framework for extending default C2 communication channels in Cobalt Strike
1
Free
Offensive Security
C2
Cobalt Strike
External C2
Framework
Hacking Tool
Pentest
Cobalt Strike's ExternalC2 framework
A specification/framework for extending default C2 communication channels in Cobalt Strike
1
Free
Offensive Security
C2
Cobalt Strike
External C2
+3
LockBoxx
Introduction to using GScript for Red Teams
0
Free
Offensive Security
Red Team
Offensive Security
Automation
LockBoxx
Introduction to using GScript for Red Teams
0
Free
Offensive Security
Red Team
Offensive Security
Automation
pybof
PyBOF is a Python library that enables in-memory loading and execution of Beacon Object Files (BOFs) with support for argument passing and function targeting.
0
Free
Offensive Security
Python
Python Library
Offensive Security
C2
Cobalt Strike
Payload
Exploitation
Red Team
Pentesting
Automation
pybof
PyBOF is a Python library that enables in-memory loading and execution of Beacon Object Files (BOFs) with support for argument passing and function targeting.
0
Free
Offensive Security
Python
Python Library
Offensive Security
+7
Linux Exploit Suggester (LES)
A Linux privilege escalation auditing tool that identifies potential kernel vulnerabilities and suggests applicable exploits based on system analysis.
0
Free
Offensive Security
Privilege Escalation
Linux
Vulnerability Assessment
Penetration Testing
Exploit
Kernel
Cve
Security Audit
Pentesting
Offensive Security
Linux Exploit Suggester (LES)
A Linux privilege escalation auditing tool that identifies potential kernel vulnerabilities and suggests applicable exploits based on system analysis.
0
Free
Offensive Security
Privilege Escalation
Linux
Vulnerability Assessment
+7
hakrawler
A simple, fast web crawler for discovering endpoints and assets in a web application
1
Free
Offensive Security
Crawler
Web Crawler
Web Security
Vulnerability Scanning
Penetration Testing
Security Research
hakrawler
A simple, fast web crawler for discovering endpoints and assets in a web application
1
Free
Offensive Security
Crawler
Web Crawler
Web Security
+3
Redboto
A Python-based red team toolkit that leverages AWS boto3 SDK to perform offensive operations including credential extraction and file exfiltration from EC2 instances.
0
Free
Offensive Security
Red Team
Aws
Offensive Security
Penetration Testing
Python
Ec2
S3
Data Extraction
Cloud Security
Redboto
A Python-based red team toolkit that leverages AWS boto3 SDK to perform offensive operations including credential extraction and file exfiltration from EC2 instances.
0
Free
Offensive Security
Red Team
Aws
Offensive Security
+6
MTKPI
Docker image with essential tools for Kubernetes penetration testing.
0
Free
Offensive Security
Kubernetes
Pentest
Docker
Kubernetes Security
MTKPI
Docker image with essential tools for Kubernetes penetration testing.
0
Free
Offensive Security
Kubernetes
Pentest
Docker
+1
Pentest Lab
Local pentest lab using docker compose to spin up victim and attacker services.
2
Free
Offensive Security
Docker
Docker Compose
Red Team
Pentest Lab
Local pentest lab using docker compose to spin up victim and attacker services.
2
Free
Offensive Security
Docker
Docker Compose
Red Team
ROP Wargame Repository
A collection of Return-Oriented Programming (ROP) challenges designed for practicing binary exploitation techniques and developing offensive security skills.
0
Free
Offensive Security
Rop
Binary Exploitation
Offensive Security
Exploitation
Wargames
Challenge
Educational
Binary Security
Exploit Development
Ctf
Penetration Testing
Vulnerability Research
ROP Wargame Repository
A collection of Return-Oriented Programming (ROP) challenges designed for practicing binary exploitation techniques and developing offensive security skills.
0
Free
Offensive Security
Rop
Binary Exploitation
Offensive Security
+9
SigThief
SigThief extracts digital signatures from signed PE files and appends them to other files to create invalid signatures for testing Anti-Virus detection mechanisms.
0
Free
Offensive Security
Pe File
Signature
Antivirus
Testing
Evasion
Binary Analysis
Windows
Executable Analysis
Security Testing
Offensive Security
SigThief
SigThief extracts digital signatures from signed PE files and appends them to other files to create invalid signatures for testing Anti-Virus detection mechanisms.
0
Free
Offensive Security
Pe File
Signature
Antivirus
+7

Offensive Security

RELATED TASKS

PINNED

LATEST ADDITIONS

C3

C3

Sticky-Keys-Slayer

Sticky-Keys-Slayer

Brute Ratel C4

Brute Ratel C4

Skyhook

Skyhook

Stratus Red Team

Stratus Red Team

Tugarecon

Tugarecon

Randomized Malleable C2 Profiles Made Easy

Randomized Malleable C2 Profiles Made Easy

WayMore

WayMore

ParamSpider

ParamSpider

OneFuzz

OneFuzz

Gato

Gato

SecLists

SecLists

PETEP (PEnetration TEsting Proxy)

PETEP (PEnetration TEsting Proxy)

ExploitDB

ExploitDB

Cobalt Strike's ExternalC2 framework

Cobalt Strike's ExternalC2 framework

LockBoxx

LockBoxx

pybof

pybof

Linux Exploit Suggester (LES)

Linux Exploit Suggester (LES)

hakrawler

hakrawler

Redboto

Redboto

MTKPI

MTKPI

Pentest Lab

Pentest Lab

ROP Wargame Repository

ROP Wargame Repository

SigThief

SigThief