Offensive Security Tools
Offensive security tools for penetration testing, red team exercises, exploit development, and ethical hacking activities.
Browse 246 offensive security tools
FEATURED
USE CASES
A Mac OS X code injection library that enables copying code into target processes and remotely executing it through new thread creation.
A Python script that detects and removes Thinkst Canary Tokens from files using signature-based detection methods.
A unified repository for different Metasploit Framework payloads.
Linux packet crafting tool for testing IDS/IPS and creating attack signatures.
A repository containing material for Android greybox fuzzing with AFL++ Frida mode
A dynamic multi-cloud infrastructure framework that enables rapid deployment of disposable instances pre-loaded with security tools for distributed offensive and defensive security operations.
A high-level C++ library for creating and decoding network packets with a Scapy-like interface.
DIVA Android is an intentionally vulnerable Android application designed to teach security professionals and developers about mobile application security flaws through hands-on learning.
OVAA is an intentionally vulnerable Android application that aggregates common platform security vulnerabilities for educational and security testing purposes.
Discontinued project for file-less persistence, attacks, and anti-forensic capabilities on Windows 7 32-bit systems.
A script to assist in creating templates for VirtualBox to enhance VM detection evasion.
A PHP-based command and control framework that maintains persistent web server access through polymorphic backdoors and HTTP header communication tunneling.
A powerful tool for hiding the true location of your Teamserver, evading detection from Incident Response, redirecting users, blocking specific IP addresses, and managing Malleable C2 traffic in Red Team engagements.
OneFuzz is a self-hosted Fuzzing-As-A-Service platform developed by Microsoft that enables continuous developer-driven security testing through automated fuzzing capabilities.
A payload creation framework for generating and executing C# code payloads with anti-evasion capabilities for offensive security operations.
nudge4j is a tool to control Java applications from the browser and experiment with live code.
An API for constructing and injecting network packets with additional functionality.
A JavaScript steganography module that hides encrypted secrets within text using invisible Unicode characters for covert communication across web platforms.
PINCE is a front-end/reverse engineering tool for the GNU Project Debugger (GDB), focused on games, with CheatEngine-like value type support and memory searching capabilities.
A simple file format fuzzer for Android that can fuzz multiple readers at once
A tool that simplifies the installation of tools and configuration for Kali Linux
JD-GUI is a graphical Java decompiler that reconstructs and displays source code from compiled ".class" files for reverse engineering and code analysis purposes.
A Python utility that calculates RSA cryptographic parameters and generates OpenSSL-compatible private keys from prime numbers or modulus/exponent pairs.
Offensive Security Tools FAQ
Common questions about Offensive Security tools, selection guides, pricing, and comparisons.
Penetration testing evaluates specific systems or applications for vulnerabilities within a defined scope and timeframe. Red teaming simulates a real adversary with minimal restrictions, attempting to achieve specific objectives (access CEO email, exfiltrate customer data) using any attack vector: technical exploitation, social engineering, and physical access. Red teaming tests your entire security program, not just your technology.
