Offensive Security
Offensive security tools for penetration testing, red team exercises, exploit development, and ethical hacking activities.
Explore 454 curated cybersecurity tools, with 14,784+ visitors searching for solutions
FEATURED
Password manager with end-to-end encryption and identity protection features
VPN service providing encrypted internet connections and privacy protection
Fractional CISO services for B2B companies to accelerate sales and compliance
Get Featured
Feature your product and reach thousands of professionals.
RELATED TASKS
MagSpoof is a hardware device that emulates magnetic stripe cards using electromagnetic fields for security research and educational purposes.
MagSpoof is a hardware device that emulates magnetic stripe cards using electromagnetic fields for security research and educational purposes.
A Windows kernel driver intentionally designed with various vulnerabilities to help security researchers practice kernel exploitation techniques.
A Windows kernel driver intentionally designed with various vulnerabilities to help security researchers practice kernel exploitation techniques.
Ropper is a multi-architecture binary analysis tool that searches for ROP gadgets and displays information about executable files for exploit development.
Ropper is a multi-architecture binary analysis tool that searches for ROP gadgets and displays information about executable files for exploit development.
Open source application for retrieving passwords stored on a local computer with support for various software and platforms.
Open source application for retrieving passwords stored on a local computer with support for various software and platforms.
Collection of Kubernetes manifests creating pods with elevated privileges for security testing.
Collection of Kubernetes manifests creating pods with elevated privileges for security testing.
A suite of tools for Wi-Fi network security assessment and penetration testing.
A suite of tools for Wi-Fi network security assessment and penetration testing.
A Python library that simplifies format string vulnerability exploitation by providing tools for payload generation, memory manipulation, and automated parameter detection.
A Python library that simplifies format string vulnerability exploitation by providing tools for payload generation, memory manipulation, and automated parameter detection.
Online Java decompiler tool with support for modern Java features.
Online Java decompiler tool with support for modern Java features.
Metta is an information security preparedness tool for adversarial simulation.
Metta is an information security preparedness tool for adversarial simulation.
CredMaster enhances password spraying tactics with IP rotation to maintain anonymity and efficiency.
CredMaster enhances password spraying tactics with IP rotation to maintain anonymity and efficiency.
A macOS Initial Access Payload Generator for penetration testing and red teaming exercises.
A macOS Initial Access Payload Generator for penetration testing and red teaming exercises.
A webshell manager via terminal for controlling web servers running PHP or MySQL.
A webshell manager via terminal for controlling web servers running PHP or MySQL.
Tcpreplay is a network traffic editing and replay tool used for testing network devices and applications.
Tcpreplay is a network traffic editing and replay tool used for testing network devices and applications.
Weaponize Word documents with PowerShell Empire using the Microsoft DDE exploit.
Weaponize Word documents with PowerShell Empire using the Microsoft DDE exploit.
A cross-platform HTTP/2 Command & Control framework written in Golang for post-exploitation activities and remote system management.
A cross-platform HTTP/2 Command & Control framework written in Golang for post-exploitation activities and remote system management.
PowerSploit is a PowerShell-based penetration testing framework containing modules for code execution, injection techniques, persistence, and various offensive security operations.
PowerSploit is a PowerShell-based penetration testing framework containing modules for code execution, injection techniques, persistence, and various offensive security operations.
InvalidSign is a security research tool that bypasses endpoint solutions by obtaining valid signed files with different hashes to evade signature-based detection mechanisms.
InvalidSign is a security research tool that bypasses endpoint solutions by obtaining valid signed files with different hashes to evade signature-based detection mechanisms.
A reconnaissance tool that retrieves information from Office 365 and Azure Active Directory using a valid credential.
A reconnaissance tool that retrieves information from Office 365 and Azure Active Directory using a valid credential.
CloudCopy implements a cloud version of the Shadow Copy attack to extract domain user hashes from AWS-hosted domain controllers by creating and mounting volume snapshots.
CloudCopy implements a cloud version of the Shadow Copy attack to extract domain user hashes from AWS-hosted domain controllers by creating and mounting volume snapshots.
Hackazon is a vulnerable web application storefront designed for security professionals to practice testing modern web technologies and identifying common vulnerabilities.
Hackazon is a vulnerable web application storefront designed for security professionals to practice testing modern web technologies and identifying common vulnerabilities.
Sysreptor offers a customizable reporting solution for penetration testing and red teaming.
Sysreptor offers a customizable reporting solution for penetration testing and red teaming.
A tool for identifying and analyzing Java serialized objects in network traffic
A tool for identifying and analyzing Java serialized objects in network traffic
Hash Extender is a command-line tool that automates length extension attacks against various hashing algorithms including MD5, SHA-1, SHA-256, and others.
Hash Extender is a command-line tool that automates length extension attacks against various hashing algorithms including MD5, SHA-1, SHA-256, and others.
Boofuzz is a network protocol fuzzing tool that aims to fuzz everything
