Offensive Security Tools
Offensive security tools for penetration testing, red team exercises, exploit development, and ethical hacking activities.
Browse 246 offensive security tools
FEATURED
USE CASES
UPX is a high-performance executable packer for various executable formats.
A featured networking utility for reading and writing data across network connections with advanced capabilities.
A workshop on hacking Bluetooth Smart locks, covering architecture, vulnerabilities, and exploitation techniques.
iOS application for testing iOS penetration testing skills in a legal environment.
Bastille-Linux is a system hardening program that proactively configures the system for increased security and educates users about security settings.
A project for demonstrating AWS attack techniques with a focus on ethical hacking practices.
A Python-based red team toolkit that leverages AWS boto3 SDK to perform offensive operations including credential extraction and file exfiltration from EC2 instances.
CloudFox is an open source command line tool that helps penetration testers and offensive security professionals identify exploitable attack paths and gain situational awareness in cloud infrastructure environments.
A post-exploitation framework for attacking AWS infrastructure, enabling attacks on EC2 instances without SSH keypairs and extraction of AWS secrets and parameters.
CloudCopy implements a cloud version of the Shadow Copy attack to extract domain user hashes from AWS-hosted domain controllers by creating and mounting volume snapshots.
A collection of setup scripts for various security research tools with installers for tools like afl, angr, barf, and more.
steg86 is a steganographic tool that hides information within x86 and AMD64 binary executables without affecting their performance or file size.
InvalidSign is a security research tool that bypasses endpoint solutions by obtaining valid signed files with different hashes to evade signature-based detection mechanisms.
An open-source penetration testing framework for social engineering with custom attack vectors.
DOS attack by sending fake BPDUs to disrupt switches' STP engines.
A framework for creating XNU based rootkits for OS X and iOS security research
Online Telegram bot for collecting information on individuals from various websites.
A command-line tool that analyzes SPF and DMARC records to identify domains vulnerable to email spoofing attacks.
A tool for interacting with Exchange servers remotely and exploiting client-side Outlook features.
SigThief extracts digital signatures from signed PE files and appends them to other files to create invalid signatures for testing Anti-Virus detection mechanisms.
A proof-of-concept tool that demonstrates the Dirty COW kernel exploit (CVE-2016-5195) for privilege escalation within Docker containers, specifically targeting nginx images while providing mitigation guidance through AppArmor profiles.
MagSpoof is a hardware device that emulates magnetic stripe cards using electromagnetic fields for security research and educational purposes.
A library for integrating communication channels with the Cobalt Strike External C2 server.
Offensive Security Tools FAQ
Common questions about Offensive Security tools, selection guides, pricing, and comparisons.
Penetration testing evaluates specific systems or applications for vulnerabilities within a defined scope and timeframe. Red teaming simulates a real adversary with minimal restrictions, attempting to achieve specific objectives (access CEO email, exfiltrate customer data) using any attack vector: technical exploitation, social engineering, and physical access. Red teaming tests your entire security program, not just your technology.
