Offensive Security

A command line steganography tool that uses LSB technique to hide files within images without visible alteration.

Tool for randomizing Cobalt Strike Malleable C2 profiles to evade static, signature-based detection controls.

Intercepts and examines mobile app connections by stripping SSL/TLS layer.

Deliberately vulnerable web application for security professionals to practice attack techniques.

Copy executables with execute, but no read permission on Unix systems.

A Python tool that mines URLs from web archives to assist security researchers in discovering potential attack surfaces for bug hunting and vulnerability assessment.

Scripts to automate the process of enumerating a Linux system through a Local File Inclusion (LFI) vulnerability.

A tool that generates pseudo-malicious files to trigger YARA rules.

An intentionally vulnerable web application containing multiple web service security flaws designed for educational purposes and security testing practice.

A portable version of XSSHunter.com for finding and exploiting Cross-Site Scripting (XSS) vulnerabilities.

OneFuzz is a self-hosted Fuzzing-As-A-Service platform developed by Microsoft that enables continuous developer-driven security testing through automated fuzzing capabilities.

A tool for enumerating and attacking GitHub Actions pipelines

SecLists is a comprehensive repository of security testing lists including usernames, passwords, URLs, fuzzing payloads, and web shells used during penetration testing and security assessments.

Open-source Java application for creating proxies for traffic analysis & modification.

A CVE compliant archive of public exploits and corresponding vulnerable software, and a categorized index of Internet search engine queries designed to uncover sensitive information.

Hack with JavaScript XSS'OR tool for encoding/decoding and various XSS related functionalities.

A specification/framework for extending default C2 communication channels in Cobalt Strike

A workshop on hacking Bluetooth Smart locks, covering architecture, vulnerabilities, and exploitation techniques.

Introduction to using GScript for Red Teams

Sysreptor offers a customizable security reporting solution for penetration testers and red teamers.

Script to find exploits for vulnerable software packages on Linux systems using an exploit database.

PyBOF is a Python library that enables in-memory loading and execution of Beacon Object Files (BOFs) with support for argument passing and function targeting.

x8 is a hidden parameters discovery suite that automatically identifies undocumented parameters in web applications and APIs for security testing purposes.

A collection of 132 exploits added to Packet Storm in April 2024