Offensive Security
Ethical hacking tools and resources for penetration testing and red team operations.Explore 338 curated tools and resources
Search by name, description, or purpose... (⌘+K)
RELATED TASKS
PINNED
Promoted • 6 toolsCommercial
Data Protection
Commercial
Network Security
Commercial
Consulting
Commercial
Application Security
Commercial
Cloud Security
Commercial
Application Security
Want your tool featured here?
Get maximum visibility with pinned placement
LATEST ADDITIONS
Comprehensive tutorial on modern exploitation techniques with a focus on understanding exploitation from scratch.
Comprehensive tutorial on modern exploitation techniques with a focus on understanding exploitation from scratch.
A VM for mobile application security testing, Android and iOS applications, with custom-made tools and scripts.
A VM for mobile application security testing, Android and iOS applications, with custom-made tools and scripts.
A collection of precompiled Windows exploits for privilege escalation.
A collection of precompiled Windows exploits for privilege escalation.
A utility that attempts to decrypt data from weak RSA public keys and recover private keys using multiple integer factorization algorithms.
A utility that attempts to decrypt data from weak RSA public keys and recover private keys using multiple integer factorization algorithms.
Participation in the Red Team for Pacific Rim CCDC 2017 with insights on infrastructure design and competition tips.
Participation in the Red Team for Pacific Rim CCDC 2017 with insights on infrastructure design and competition tips.
Adversary emulation framework for testing security measures in network environments.
Adversary emulation framework for testing security measures in network environments.
A collection of tools that execute programs directly in memory using various delivery methods including URL downloads and netcat connections.
A collection of tools that execute programs directly in memory using various delivery methods including URL downloads and netcat connections.
A COM Command & Control framework that uses JScript to provide fileless remote access capabilities on Windows systems through a modular plugin architecture.
A COM Command & Control framework that uses JScript to provide fileless remote access capabilities on Windows systems through a modular plugin architecture.
A collection of vulnerable web applications containing command injection flaws designed to test and evaluate detection and exploitation tools like commix.
A collection of vulnerable web applications containing command injection flaws designed to test and evaluate detection and exploitation tools like commix.
A Linux exploit suggestion tool that identifies potential privilege escalation vulnerabilities by analyzing kernel versions and matching them against a database of known exploits.
A Linux exploit suggestion tool that identifies potential privilege escalation vulnerabilities by analyzing kernel versions and matching them against a database of known exploits.
FOCA is a tool used to find metadata and hidden information in scanned documents, with capabilities to analyze various file types and extract EXIF information.
FOCA is a tool used to find metadata and hidden information in scanned documents, with capabilities to analyze various file types and extract EXIF information.
Linux Virtual Machine for Mobile Application Pentesting and Mobile Malware Analysis with various tools and resources.
Linux Virtual Machine for Mobile Application Pentesting and Mobile Malware Analysis with various tools and resources.
Phrack Magazine is a digital magazine that focuses on computer security and hacking, featuring articles, interviews, and tutorials on various topics related to computer security.
Phrack Magazine is a digital magazine that focuses on computer security and hacking, featuring articles, interviews, and tutorials on various topics related to computer security.
SharpEDRChecker scans system components to detect security products and tools.
SharpEDRChecker scans system components to detect security products and tools.
idb is a tool that simplifies iOS penetration testing and security research tasks, available in both command line and GUI versions.
idb is a tool that simplifies iOS penetration testing and security research tasks, available in both command line and GUI versions.
Utilizing Alternate Data Streams (ADS) to bypass AppLocker default policies by loading DLL/CPL binaries.
Utilizing Alternate Data Streams (ADS) to bypass AppLocker default policies by loading DLL/CPL binaries.
A collection of vulnerable ARM binaries designed for educational exploit development and vulnerability research practice across different architectures and exploitation techniques.
A collection of vulnerable ARM binaries designed for educational exploit development and vulnerability research practice across different architectures and exploitation techniques.
Pwntools is a Python CTF framework and exploit development library that provides tools for rapid prototyping and development of exploits and CTF challenge solutions.
Chameleon aids in evading proxy categorization to bypass internet filters.
Chameleon aids in evading proxy categorization to bypass internet filters.
A collection of Python scripts for password spraying attacks against Lync/S4B & OWA, featuring Atomizer, Vaporizer, Aerosol, and Spindrift tools.
A collection of Python scripts for password spraying attacks against Lync/S4B & OWA, featuring Atomizer, Vaporizer, Aerosol, and Spindrift tools.
A modular, cross-platform framework for creating repeatable, time-delayed security events and scenarios for Blue Team training and Red Team operations.
A modular, cross-platform framework for creating repeatable, time-delayed security events and scenarios for Blue Team training and Red Team operations.
A project for demonstrating AWS attack techniques with a focus on ethical hacking practices.
A project for demonstrating AWS attack techniques with a focus on ethical hacking practices.
Havoc is a malleable post-exploitation command and control framework that provides a client-server architecture with payload generation, customizable C2 profiles, and team collaboration capabilities for red team operations.
Havoc is a malleable post-exploitation command and control framework that provides a client-server architecture with payload generation, customizable C2 profiles, and team collaboration capabilities for red team operations.