Offensive Security
Ethical hacking tools and resources for penetration testing and red team operations.Explore 277 curated tools and resources
Search tools and resources by name, description, or purpose... (⌘+K)
RELATED TASKS
PINNED
An AI-powered penetration testing platform that autonomously discovers, exploits, and documents vulnerabilities while generating NIST-compliant reports.
An AI-powered penetration testing platform that autonomously discovers, exploits, and documents vulnerabilities while generating NIST-compliant reports.
A tiered cyber threat intelligence service providing detection rules from public repositories with varying levels of analysis, processing, and guidance for security teams.
A tiered cyber threat intelligence service providing detection rules from public repositories with varying levels of analysis, processing, and guidance for security teams.
OSINTLeak is a tool for discovering and analyzing leaked sensitive information across various online sources to identify potential security risks.
OSINTLeak is a tool for discovering and analyzing leaked sensitive information across various online sources to identify potential security risks.
ImmuniWeb Discovery is an attack surface management platform that continuously monitors an organization's external digital assets for security vulnerabilities, misconfigurations, and threats across domains, applications, cloud resources, and the dark web.
ImmuniWeb Discovery is an attack surface management platform that continuously monitors an organization's external digital assets for security vulnerabilities, misconfigurations, and threats across domains, applications, cloud resources, and the dark web.
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.
LATEST ADDITIONS
Local pentest lab using docker compose to spin up victim and attacker services.
Local pentest lab using docker compose to spin up victim and attacker services.
Collection of Return-Oriented Programming challenges for practicing exploitation skills.
Collection of Return-Oriented Programming challenges for practicing exploitation skills.
Stealing Signatures and Making One Invalid Signature at a Time.
A simple file format fuzzer for Android that can fuzz multiple readers at once
A simple file format fuzzer for Android that can fuzz multiple readers at once
Macro_Pack is a tool used to automate obfuscation and generation of Office documents for pentest, demo, and social engineering assessments.
Macro_Pack is a tool used to automate obfuscation and generation of Office documents for pentest, demo, and social engineering assessments.
Python framework for building and utilizing interfaces to transfer data between frameworks with a focus on Command and Control frameworks.
Python framework for building and utilizing interfaces to transfer data between frameworks with a focus on Command and Control frameworks.
Ophcrack is a free Windows password cracker based on rainbow tables with various features for password recovery.
Ophcrack is a free Windows password cracker based on rainbow tables with various features for password recovery.
A post-exploitation framework for attacking running AWS infrastructure
Generates shellcode that loads Windows payloads from memory and runs them with parameters.
Generates shellcode that loads Windows payloads from memory and runs them with parameters.
A tool for managing multiple reverse shell sessions/clients via terminal with a RESTful API.
A tool for managing multiple reverse shell sessions/clients via terminal with a RESTful API.
A framework for exploiting Android-based devices and applications
A framework for exploiting Android-based devices and applications
A credit card/magstripe spoofer that can emulate any magnetic stripe or credit card wirelessly.
A credit card/magstripe spoofer that can emulate any magnetic stripe or credit card wirelessly.
Open source application for retrieving passwords stored on a local computer with support for various software and platforms.
Open source application for retrieving passwords stored on a local computer with support for various software and platforms.