Offensive Security

PINNED

• 

  CTIChef.com Detection Feeds

  A tiered cyber threat intelligence service providing detection rules from public repositories with varying levels of analysis, processing, and guidance for security teams.

  1

  Commercial

  Threat Management

  Threat Intelligence

  Detection Rules

  Siem

  Security Operations

  Cti

  Threat Detection

  Security Monitoring

  Rule Management

  Threat Hunting

  Security Information And Event Management

  

  CTIChef.com Detection Feeds

  A tiered cyber threat intelligence service providing detection rules from public repositories with varying levels of analysis, processing, and guidance for security teams.

  1

  Commercial

  Threat Management

  Threat Intelligence

  Detection Rules

  Siem

  +7
• 

  OSINTLeak

  OSINTLeak is a tool for discovering and analyzing leaked sensitive information across various online sources to identify potential security risks.

  2

  Commercial

  Digital Forensics

  Osint

  Information Security

  Security Tools

  Data Breach

  Reconnaissance

  Security Research

  Threat Intelligence

  Red Team

  Blue Team

  Vulnerability Assessment

  

  OSINTLeak

  OSINTLeak is a tool for discovering and analyzing leaked sensitive information across various online sources to identify potential security risks.

  2

  Commercial

  Digital Forensics

  Osint

  Information Security

  Security Tools

  +7
• 

  ImmuniWeb® Discovery

  ImmuniWeb Discovery is an attack surface management platform that continuously monitors an organization's external digital assets for security vulnerabilities, misconfigurations, and threats across domains, applications, cloud resources, and the dark web.

  0

  Commercial

  Attack Surface Management

  Attack Surface Management

  Attack Surface

  Continuous Monitoring

  Dark Web Monitoring

  Cloud Security

  Vulnerability Management

  Compliance

  Third Party Risk

  Threat Intelligence

  Security Monitoring

  

  ImmuniWeb® Discovery

  ImmuniWeb Discovery is an attack surface management platform that continuously monitors an organization's external digital assets for security vulnerabilities, misconfigurations, and threats across domains, applications, cloud resources, and the dark web.

  0

  Commercial

  Attack Surface Management

  Attack Surface Management

  Attack Surface

  Continuous Monitoring

  +7
• 

  Checkmarx SCA

  A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.

  1

  Commercial

  Application Security

  Application Security

  Dependency Scanning

  Vulnerability Management

  Software Supply Chain

  Open Source

  Sbom

  Security Scanning

  Devsecops

  Vulnerability Detection

  

  Checkmarx SCA

  A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.

  1

  Commercial

  Application Security

  Application Security

  Dependency Scanning

  Vulnerability Management

  +6
• 

  Orca Security

  A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.

  0

  Commercial

  Cloud Security

  Cloud Security

  Cloud Native

  Vulnerability Management

  Compliance

  Container Security

  Cloud Compliance

  Api Security

  Kubernetes Security

  Security Monitoring

  Security Automation

  

  Orca Security

  A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.

  0

  Commercial

  Cloud Security

  Cloud Security

  Cloud Native

  Vulnerability Management

  +7
• 

  DryRun

  A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.

  1

  Commercial

  Application Security

  Application Security

  Github

  Code Security

  Static Analysis

  Security Automation

  Devsecops

  

  DryRun

  A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.

  1

  Commercial

  Application Security

  Application Security

  Github

  Code Security

  +3

LATEST ADDITIONS

• 

  Randomized Malleable C2 Profiles Made Easy

  Tool for randomizing Cobalt Strike Malleable C2 profiles to evade static, signature-based detection controls.

  0

  Free

  Offensive Security

  C2

  Cobalt Strike

  Malleable C2

  Red Team

  Penetration Testing

  

  Randomized Malleable C2 Profiles Made Easy

  Tool for randomizing Cobalt Strike Malleable C2 profiles to evade static, signature-based detection controls.

  0

  Free

  Offensive Security

  C2

  Cobalt Strike

  Malleable C2

  +2
• 

  WayMore

  A tool that finds more information about a given URL or domain by querying multiple data sources.

  0

  Free

  Offensive Security

  Url Scanning

  Subdomain Discovery

  Ip Address

  Security Research

  Penetration Testing

  

  WayMore

  A tool that finds more information about a given URL or domain by querying multiple data sources.

  0

  Free

  Offensive Security

  Url Scanning

  Subdomain Discovery

  Ip Address

  +2
• 

  ParamSpider

  A tool for mining URLs from dark corners of Web Archives for bug hunting/fuzzing/further probing

  1

  Free

  Offensive Security

  Bug Bounty

  Bug Hunting

  Fuzzing

  Security Research

  Web Application Security

  Web Scraping

  

  ParamSpider

  A tool for mining URLs from dark corners of Web Archives for bug hunting/fuzzing/further probing

  1

  Free

  Offensive Security

  Bug Bounty

  Bug Hunting

  Fuzzing

  +3
• 

  OneFuzz

  Self-hosted Fuzzing-As-A-Service platform for continuous developer-driven fuzzing.

  0

  Free

  Offensive Security

  Fuzzing

  Security Testing

  Devsecops

  

  OneFuzz

  Self-hosted Fuzzing-As-A-Service platform for continuous developer-driven fuzzing.

  0

  Free

  Offensive Security

  Fuzzing

  Security Testing

  Devsecops
• 

  Gato

  A tool for enumerating and attacking GitHub Actions pipelines

  0

  Free

  Offensive Security

  Github

  Security Research

  Penetration Testing

  

  Gato

  A tool for enumerating and attacking GitHub Actions pipelines

  0

  Free

  Offensive Security

  Github

  Security Research

  Penetration Testing
• 

  PETEP (PEnetration TEsting Proxy)

  Open-source Java application for creating proxies for traffic analysis & modification.

  0

  Free

  Offensive Security

  Proxy

  Penetration Testing

  Java

  Traffic Analysis

  

  PETEP (PEnetration TEsting Proxy)

  Open-source Java application for creating proxies for traffic analysis & modification.

  0

  Free

  Offensive Security

  Proxy

  Penetration Testing

  Java

  +1
• 

  ExploitDB

  A CVE compliant archive of public exploits and corresponding vulnerable software, and a categorized index of Internet search engine queries designed to uncover sensitive information.

  1

  Free

  Offensive Security

  Exploit

  Vulnerability Research

  Penetration Testing

  Cybersecurity

  Cve

  

  ExploitDB

  A CVE compliant archive of public exploits and corresponding vulnerable software, and a categorized index of Internet search engine queries designed to uncover sensitive information.

  1

  Free

  Offensive Security

  Exploit

  Vulnerability Research

  Penetration Testing

  +2
• 

  Cobalt Strike's ExternalC2 framework

  A specification/framework for extending default C2 communication channels in Cobalt Strike

  1

  Free

  Offensive Security

  C2

  Cobalt Strike

  External C2

  Framework

  Hacking Tool

  Pentest

  

  Cobalt Strike's ExternalC2 framework

  A specification/framework for extending default C2 communication channels in Cobalt Strike

  1

  Free

  Offensive Security

  C2

  Cobalt Strike

  External C2

  +3
• 

  LockBoxx

  Introduction to using GScript for Red Teams

  0

  Free

  Offensive Security

  Red Team

  Offensive Security

  Automation

  

  LockBoxx

  Introduction to using GScript for Red Teams

  0

  Free

  Offensive Security

  Red Team

  Offensive Security

  Automation
• 

  x8

  Hidden parameters discovery suite

  1

  Free

  Offensive Security

  Appsec

  Apparmor

  Appsecurity

  Bug Bounty

  Exploit

  Penetration Testing

  

  x8

  Hidden parameters discovery suite

  1

  Free

  Offensive Security

  Appsec

  Apparmor

  Appsecurity

  +3
• 

  hakrawler

  A simple, fast web crawler for discovering endpoints and assets in a web application

  1

  Free

  Offensive Security

  Crawler

  Web Crawler

  Web Security

  Vulnerability Scanning

  Penetration Testing

  Security Research

  

  hakrawler

  A simple, fast web crawler for discovering endpoints and assets in a web application

  1

  Free

  Offensive Security

  Crawler

  Web Crawler

  Web Security

  +3
• 

  Redboto

  Redboto is a collection of scripts for red team operations against the AWS API.

  0

  Free

  Offensive Security

  Aws

  Aws Security

  Red Team

  

  Redboto

  Redboto is a collection of scripts for red team operations against the AWS API.

  0

  Free

  Offensive Security

  Aws

  Aws Security

  Red Team
• 

  MTKPI

  Docker image with essential tools for Kubernetes penetration testing.

  0

  Free

  Offensive Security

  Kubernetes

  Pentest

  Docker

  Kubernetes Security

  

  MTKPI

  Docker image with essential tools for Kubernetes penetration testing.

  0

  Free

  Offensive Security

  Kubernetes

  Pentest

  Docker

  +1
• 

  Pentest Lab

  Local pentest lab using docker compose to spin up victim and attacker services.

  2

  Free

  Offensive Security

  Docker

  Docker Compose

  Red Team

  

  Pentest Lab

  Local pentest lab using docker compose to spin up victim and attacker services.

  2

  Free

  Offensive Security

  Docker

  Docker Compose

  Red Team