Offensive Security Tools
Offensive security tools for penetration testing, red team exercises, exploit development, and ethical hacking activities.
Browse 246 offensive security tools
FEATURED
USE CASES
SILENTTRINITY is a Python-based, asynchronous C2 framework that uses .NET scripting languages for post-exploitation activities without relying on PowerShell.
A Go-based crash analysis tool that processes and reproduces crash files from fuzzing tools like AFL with multiple debugging engines and output formats.
A powerful and extensible framework for reconnaissance and attacking various networks and devices.
Reformat and re-indent bookmarklets, ugly JavaScript, and unpack scripts with options available via UI.
Kiterunner is a tool for lightning-fast traditional content discovery and bruteforcing API endpoints in modern applications.
Tcpreplay is a network traffic editing and replay tool used for testing network devices and applications.
A repository documenting AppLocker bypass techniques with verified methods, legacy DLL execution approaches, and a PowerShell module for identifying AppLocker weaknesses.
angr is a Python-based binary analysis framework that provides disassembly, symbolic execution, and program analysis capabilities for cross-platform binary examination.
A webshell manager via terminal for controlling web servers running PHP or MySQL.
A tool for managing multiple reverse shell sessions/clients via terminal with a RESTful API.
A Python framework for building custom Command and Control interfaces that implements Cobalt Strike's External C2 specification for data transfer between frameworks.
Data exfiltration & infiltration tool using text-based steganography to evade security controls.
A Java bytecode assembler and disassembler toolkit that converts classfiles to human-readable format and provides decompilation capabilities for reverse engineering Java applications.
PLCinject is a tool for injecting and patching blocks on PLCs with a call instruction.
Documentation of an AWS IAM privilege escalation technique that exploits the iam:CreatePolicyVersion permission to gain elevated access through policy manipulation.
A collection of tips and tricks for container and container orchestration hacking and security testing.
PowerSploit is a PowerShell-based penetration testing framework containing modules for code execution, injection techniques, persistence, and various offensive security operations.
DET (extensible) Data Exfiltration Toolkit is a proof of concept tool for performing Data Exfiltration using multiple channels simultaneously.
Anti-forensics tool for Red Teamers to erase footprints and test incident response capabilities.
Fridump is an open source memory dumping tool that uses the Frida framework to extract accessible memory addresses from iOS, Android, and Windows applications for security testing and analysis.
A demonstration of a method to delete a locked executable or currently running file from disk.
Assembler/disassembler for the dex format used by Dalvik, Android's Java VM implementation.
Ebowla is a tool for generating payloads in Python, GO, and PowerShell with support for Reflective DLLs.
Offensive Security Tools FAQ
Common questions about Offensive Security tools, selection guides, pricing, and comparisons.
Penetration testing evaluates specific systems or applications for vulnerabilities within a defined scope and timeframe. Red teaming simulates a real adversary with minimal restrictions, attempting to achieve specific objectives (access CEO email, exfiltrate customer data) using any attack vector: technical exploitation, social engineering, and physical access. Red teaming tests your entire security program, not just your technology.
