Offensive Security Tools
Offensive security tools for penetration testing, red team exercises, exploit development, and ethical hacking activities.
Browse 246 offensive security tools
FEATURED
USE CASES
FOCA is a tool used to find metadata and hidden information in scanned documents, with capabilities to analyze various file types and extract EXIF information.
A command line steganography tool that uses LSB technique to hide files within images without visible alteration.
Pack up to 3MB of data into a tweetable PNG polyglot file.
PinCTF is a Python wrapper tool that uses Intel's Pin framework to instrument binaries and count instructions for reverse engineering analysis.
Collection of Kubernetes manifests creating pods with elevated privileges for security testing.
Open source application for retrieving passwords stored on a local computer with support for various software and platforms.
A hardware security validation toolkit for x86 platforms that provides bootable tools for checking platform configuration registers and managing SecureBoot keys.
Simple C++ Encryption and Steganography tool for hiding files inside images using LSB encoding.
Sysreptor provides a customizable security reporting solution for penetration testers and red teamers.
A proof-of-concept tool that generates Excel BIFF8 files with embedded 4.0 macros programmatically without requiring Microsoft Excel installation.
TikiTorch is a process injection tool that executes code within the address space of other processes using various injection techniques.
SourcePoint generates customizable C2 profiles for Cobalt Strike servers to enhance evasion capabilities against security defenses.
Adversary emulation framework for testing security measures in network environments.
Skyhook is an HTTP-based file transfer tool that uses obfuscation techniques to evade detection by Intrusion Detection Systems.
A comprehensive .NET post-exploitation library designed for advanced security testing.
SharpC2 is a C#-based Command and Control framework that provides remote access capabilities for penetration testing and red team operations.
A post-exploitation framework designed to operate covertly on heavily monitored environments.
A payload creation framework designed to bypass Endpoint Detection and Response (EDR) systems.
A C/C++ tool for remote process injection, supporting x64 and x86 operations, with system call macros generated by SysWhispers script.
RedWarden is a Cobalt Strike C2 reverse proxy that uses packet inspection and malleable profile correlation to evade detection by security controls during red team operations.
A dynamic redirect rules generator that creates custom redirect configurations for penetration testing and security assessment scenarios.
RedGuard is a C2 front flow control tool that helps evade detection by security systems through traffic filtering and redirection capabilities.
Pwndrop is a self-deployable file hosting service for red teamers, allowing easy upload and sharing of payloads over HTTP and WebDAV.
Offensive Security Tools FAQ
Common questions about Offensive Security tools, selection guides, pricing, and comparisons.
Penetration testing evaluates specific systems or applications for vulnerabilities within a defined scope and timeframe. Red teaming simulates a real adversary with minimal restrictions, attempting to achieve specific objectives (access CEO email, exfiltrate customer data) using any attack vector: technical exploitation, social engineering, and physical access. Red teaming tests your entire security program, not just your technology.
