Offensive Security
Explore 160 curated tools and resources
Search by name, description, or purpose... (⌘+K)
PINNED
Promoted • 6 toolsCommercial
Data Protection
Commercial
Network Security
Commercial
Consulting
Commercial
Application Security
Commercial
Cloud Security
Commercial
Application Security
Want your tool featured here?
Get maximum visibility with pinned placement
LATEST ADDITIONS
An MCP server that allows AI agents to autonomously execute 150+ cybersecurity tools for automated penetration testing, vulnerability discovery, and security research.
An MCP server that allows AI agents to autonomously execute 150+ cybersecurity tools for automated penetration testing, vulnerability discovery, and security research.
A web-based payload repository that generates and encodes ready-to-use exploits for SQL injection, XSS, file inclusion, and command injection vulnerabilities.
A web-based payload repository that generates and encodes ready-to-use exploits for SQL injection, XSS, file inclusion, and command injection vulnerabilities.
An open-source framework that enables building and deploying AI-powered security automation tools for both offensive and defensive cybersecurity operations using over 300 AI models.
An open-source framework that enables building and deploying AI-powered security automation tools for both offensive and defensive cybersecurity operations using over 300 AI models.
A Python script that scans file systems to identify hardcoded credentials, API keys, and other sensitive secrets using configurable regex patterns.
A Python script that scans file systems to identify hardcoded credentials, API keys, and other sensitive secrets using configurable regex patterns.
A comprehensive educational resource that provides structured guidance on penetration testing methodology, tools, and techniques organized around the penetration testing attack chain.
A comprehensive educational resource that provides structured guidance on penetration testing methodology, tools, and techniques organized around the penetration testing attack chain.
An AI-powered penetration testing platform that autonomously discovers, exploits, and documents vulnerabilities while generating NIST-compliant reports.
An AI-powered penetration testing platform that autonomously discovers, exploits, and documents vulnerabilities while generating NIST-compliant reports.
A proof-of-concept Node.js tool that demonstrates automated MFA bypass techniques for Microsoft Outlook accounts using browser automation.
A proof-of-concept Node.js tool that demonstrates automated MFA bypass techniques for Microsoft Outlook accounts using browser automation.
A C++ staged shellcode loader with evasion capabilities, compatible with Sliver and other shellcode sources, designed for offensive security testing.
A C++ staged shellcode loader with evasion capabilities, compatible with Sliver and other shellcode sources, designed for offensive security testing.
An AI-powered wrapper for ffuf that automatically suggests relevant file extensions for web fuzzing based on target URL analysis and response headers.
An AI-powered wrapper for ffuf that automatically suggests relevant file extensions for web fuzzing based on target URL analysis and response headers.
A visual guide that maps attack vectors and exploitation techniques for identifying vulnerabilities in GitHub Actions configurations and CI/CD pipelines.
A visual guide that maps attack vectors and exploitation techniques for identifying vulnerabilities in GitHub Actions configurations and CI/CD pipelines.
A comprehensive repository of red teaming resources including cheatsheets, detailed notes, automation scripts, and practice platforms covering multiple cybersecurity domains.
A comprehensive repository of red teaming resources including cheatsheets, detailed notes, automation scripts, and practice platforms covering multiple cybersecurity domains.
A Docker-based penetration testing toolkit that provides a portable environment with GUI support and pre-installed security tools for web application testing and CTF activities.
A Docker-based penetration testing toolkit that provides a portable environment with GUI support and pre-installed security tools for web application testing and CTF activities.
A Python-based tool that automates the identification and exploitation of file inclusion and directory traversal vulnerabilities in web applications.
A Python-based tool that automates the identification and exploitation of file inclusion and directory traversal vulnerabilities in web applications.
SQLi-Hunter is an HTTP/HTTPS proxy server and SQLMAP API wrapper that simplifies the identification and exploitation of SQL injection vulnerabilities in web applications.
SQLi-Hunter is an HTTP/HTTPS proxy server and SQLMAP API wrapper that simplifies the identification and exploitation of SQL injection vulnerabilities in web applications.
A Go-based web spider tool for automated crawling and data collection from web resources across multiple protocols and formats.
A Go-based web spider tool for automated crawling and data collection from web resources across multiple protocols and formats.
A tool for identifying and exploiting SSRF vulnerabilities in modern cloud environments by filtering host lists to find viable attack candidates.
A tool for identifying and exploiting SSRF vulnerabilities in modern cloud environments by filtering host lists to find viable attack candidates.
An automated reconnaissance tool that crawls domains to discover URLs and scan for exposed secrets, API keys, and sensitive files during security assessments.
An automated reconnaissance tool that crawls domains to discover URLs and scan for exposed secrets, API keys, and sensitive files during security assessments.
CloudScraper is an enumeration tool that discovers cloud storage resources including S3 buckets, Azure blobs, and DigitalOcean Spaces across target environments.
CloudScraper is an enumeration tool that discovers cloud storage resources including S3 buckets, Azure blobs, and DigitalOcean Spaces across target environments.
A correlated injection proxy tool that integrates with XSS Hunter for automated cross-site scripting vulnerability testing and payload tracking.
A correlated injection proxy tool that integrates with XSS Hunter for automated cross-site scripting vulnerability testing and payload tracking.
Educational repository containing materials on advanced subdomain enumeration techniques from Bugcrowd LevelUp 2017 conference.
Educational repository containing materials on advanced subdomain enumeration techniques from Bugcrowd LevelUp 2017 conference.
A format conversion tool for S3 buckets designed to assist bug bounty hunters and security testers in standardizing bucket data during reconnaissance activities.
A format conversion tool for S3 buckets designed to assist bug bounty hunters and security testers in standardizing bucket data during reconnaissance activities.
A command-line tool for identifying NoSQL injection vulnerabilities in MongoDB databases through automated scanning and reporting.
A command-line tool for identifying NoSQL injection vulnerabilities in MongoDB databases through automated scanning and reporting.
A payload generator that creates malicious deserialization payloads for testing .NET applications against insecure deserialization vulnerabilities.
A payload generator that creates malicious deserialization payloads for testing .NET applications against insecure deserialization vulnerabilities.
A command-line tool that replaces all query string parameter values in URLs with a user-supplied value for security testing purposes.
A command-line tool that replaces all query string parameter values in URLs with a user-supplied value for security testing purposes.
A security tool for discovering and analyzing interesting files in AWS S3 buckets across multiple regions and bucket types.
A security tool for discovering and analyzing interesting files in AWS S3 buckets across multiple regions and bucket types.
ESC is an interactive .NET SQL console client with enhanced SQL Server discovery and data exfiltration features designed for penetration testing and red team engagements.
ESC is an interactive .NET SQL console client with enhanced SQL Server discovery and data exfiltration features designed for penetration testing and red team engagements.
A framework for testing and exploiting race condition vulnerabilities through concurrent request analysis and timing attack automation.
A framework for testing and exploiting race condition vulnerabilities through concurrent request analysis and timing attack automation.
A collection of three tools for extracting, dumping, and scanning exposed .git repositories on websites to identify sensitive information and security vulnerabilities.
A collection of three tools for extracting, dumping, and scanning exposed .git repositories on websites to identify sensitive information and security vulnerabilities.
A collection of customizable automation scripts for Turbo Intruder that facilitate vulnerability scanning, exploitation, and data extraction in penetration testing workflows.
A collection of customizable automation scripts for Turbo Intruder that facilitate vulnerability scanning, exploitation, and data extraction in penetration testing workflows.
A malicious DNS server that executes DNS Rebinding attacks on-demand to bypass same-origin policy restrictions and access internal network resources.
A malicious DNS server that executes DNS Rebinding attacks on-demand to bypass same-origin policy restrictions and access internal network resources.
A command line utility for searching and downloading exploits from multiple exploit databases including Exploit-DB and Packet Storm.
A command line utility for searching and downloading exploits from multiple exploit databases including Exploit-DB and Packet Storm.
A tool that generates .NET serialized gadgets for triggering assembly load and execution through BinaryFormatter deserialization in JavaScript, VBScript, and VBA scripts.
A tool that generates .NET serialized gadgets for triggering assembly load and execution through BinaryFormatter deserialization in JavaScript, VBScript, and VBA scripts.
Yar is a reconnaissance tool for scanning organizations, users, and repositories to identify vulnerabilities and security risks during security assessments.
Yar is a reconnaissance tool for scanning organizations, users, and repositories to identify vulnerabilities and security risks during security assessments.
InternalBlue is a Bluetooth experimentation framework that enables low-level firmware interaction with Broadcom chips for security research and attack prototype development.
InternalBlue is a Bluetooth experimentation framework that enables low-level firmware interaction with Broadcom chips for security research and attack prototype development.
C3 is a framework by WithSecureLabs for rapid prototyping of custom command and control channels that integrates with existing offensive security toolkits.
C3 is a framework by WithSecureLabs for rapid prototyping of custom command and control channels that integrates with existing offensive security toolkits.
Skyhook is an HTTP-based file transfer tool that uses obfuscation techniques to evade detection by Intrusion Detection Systems.
Skyhook is an HTTP-based file transfer tool that uses obfuscation techniques to evade detection by Intrusion Detection Systems.
A cloud-focused attack simulation framework that provides granular, self-contained offensive techniques mapped to MITRE ATT&CK for red team exercises.
A cloud-focused attack simulation framework that provides granular, self-contained offensive techniques mapped to MITRE ATT&CK for red team exercises.
A Python tool that mines URLs from web archives to assist security researchers in discovering potential attack surfaces for bug hunting and vulnerability assessment.
A Python tool that mines URLs from web archives to assist security researchers in discovering potential attack surfaces for bug hunting and vulnerability assessment.
SecLists is a comprehensive repository of security testing lists including usernames, passwords, URLs, fuzzing payloads, and web shells used during penetration testing and security assessments.
SecLists is a comprehensive repository of security testing lists including usernames, passwords, URLs, fuzzing payloads, and web shells used during penetration testing and security assessments.
Introduction to using GScript for Red Teams
Sysreptor offers a customizable security reporting solution for penetration testers and red teamers.
Sysreptor offers a customizable security reporting solution for penetration testers and red teamers.
PyBOF is a Python library that enables in-memory loading and execution of Beacon Object Files (BOFs) with support for argument passing and function targeting.
PyBOF is a Python library that enables in-memory loading and execution of Beacon Object Files (BOFs) with support for argument passing and function targeting.
A Linux privilege escalation auditing tool that identifies potential kernel vulnerabilities and suggests applicable exploits based on system analysis.
A Linux privilege escalation auditing tool that identifies potential kernel vulnerabilities and suggests applicable exploits based on system analysis.
A Python-based red team toolkit that leverages AWS boto3 SDK to perform offensive operations including credential extraction and file exfiltration from EC2 instances.
A Python-based red team toolkit that leverages AWS boto3 SDK to perform offensive operations including credential extraction and file exfiltration from EC2 instances.
A bash-based framework for discovering and extracting exposed .git repositories from web servers during penetration testing and bug bounty activities.
A bash-based framework for discovering and extracting exposed .git repositories from web servers during penetration testing and bug bounty activities.
A collection of Return-Oriented Programming (ROP) challenges designed for practicing binary exploitation techniques and developing offensive security skills.
A collection of Return-Oriented Programming (ROP) challenges designed for practicing binary exploitation techniques and developing offensive security skills.
SigThief extracts digital signatures from signed PE files and appends them to other files to create invalid signatures for testing Anti-Virus detection mechanisms.
A command-line tool for discovering domains and subdomains related to a target domain during reconnaissance activities.
A command-line tool for discovering domains and subdomains related to a target domain during reconnaissance activities.
A black-box reconnaissance tool that discovers cloud infrastructure, files, and applications across major cloud providers for security testing purposes.
A black-box reconnaissance tool that discovers cloud infrastructure, files, and applications across major cloud providers for security testing purposes.
Macro_Pack automates the generation and obfuscation of Office documents and scripts for penetration testing and security assessments.
Macro_Pack automates the generation and obfuscation of Office documents and scripts for penetration testing and security assessments.
A Python framework for building custom Command and Control interfaces that implements Cobalt Strike's External C2 specification for data transfer between frameworks.
A Python framework for building custom Command and Control interfaces that implements Cobalt Strike's External C2 specification for data transfer between frameworks.
A shellcode generator that creates position-independent code for loading and executing .NET Assemblies, PE files, and Windows payloads from memory.
A shellcode generator that creates position-independent code for loading and executing .NET Assemblies, PE files, and Windows payloads from memory.
A customizable offensive security reporting solution for pentesters and red teamers to generate detailed reports of their findings and vulnerabilities.
A customizable offensive security reporting solution for pentesters and red teamers to generate detailed reports of their findings and vulnerabilities.
AFE Android Framework for Exploitation is a framework that provides tools and techniques for exploiting vulnerabilities in Android devices and applications.
AFE Android Framework for Exploitation is a framework that provides tools and techniques for exploiting vulnerabilities in Android devices and applications.
A Windows kernel driver intentionally designed with various vulnerabilities to help security researchers practice kernel exploitation techniques.
A Windows kernel driver intentionally designed with various vulnerabilities to help security researchers practice kernel exploitation techniques.
Ropper is a multi-architecture binary analysis tool that searches for ROP gadgets and displays information about executable files for exploit development.
Ropper is a multi-architecture binary analysis tool that searches for ROP gadgets and displays information about executable files for exploit development.
echoCTF is a cybersecurity framework for running Capture the Flag competitions and training exercises on real IT infrastructure.
echoCTF is a cybersecurity framework for running Capture the Flag competitions and training exercises on real IT infrastructure.
A Python library that simplifies format string vulnerability exploitation by providing tools for payload generation, memory manipulation, and automated parameter detection.
A Python library that simplifies format string vulnerability exploitation by providing tools for payload generation, memory manipulation, and automated parameter detection.
A cross-platform HTTP/2 Command & Control framework written in Golang for post-exploitation activities and remote system management.
A cross-platform HTTP/2 Command & Control framework written in Golang for post-exploitation activities and remote system management.
Tplmap is a command-line tool that detects and exploits server-side template injection vulnerabilities in web applications across multiple template engines.
Tplmap is a command-line tool that detects and exploits server-side template injection vulnerabilities in web applications across multiple template engines.
PowerSploit is a PowerShell-based penetration testing framework containing modules for code execution, injection techniques, persistence, and various offensive security operations.
PowerSploit is a PowerShell-based penetration testing framework containing modules for code execution, injection techniques, persistence, and various offensive security operations.
InvalidSign is a security research tool that bypasses endpoint solutions by obtaining valid signed files with different hashes to evade signature-based detection mechanisms.
InvalidSign is a security research tool that bypasses endpoint solutions by obtaining valid signed files with different hashes to evade signature-based detection mechanisms.
CloudCopy implements a cloud version of the Shadow Copy attack to extract domain user hashes from AWS-hosted domain controllers by creating and mounting volume snapshots.
CloudCopy implements a cloud version of the Shadow Copy attack to extract domain user hashes from AWS-hosted domain controllers by creating and mounting volume snapshots.
Sysreptor offers a customizable reporting solution for penetration testing and red teaming.
Sysreptor offers a customizable reporting solution for penetration testing and red teaming.
Hash Extender is a command-line tool that automates length extension attacks against various hashing algorithms including MD5, SHA-1, SHA-256, and others.
Hash Extender is a command-line tool that automates length extension attacks against various hashing algorithms including MD5, SHA-1, SHA-256, and others.
A Python-based framework that generates evidence of MITRE ATT&CK tactics to help blue teams test their detection capabilities against simulated malicious activities.
A Python-based framework that generates evidence of MITRE ATT&CK tactics to help blue teams test their detection capabilities against simulated malicious activities.
CloudFox is an open source command line tool that helps penetration testers and offensive security professionals identify exploitable attack paths and gain situational awareness in cloud infrastructure environments.
CloudFox is an open source command line tool that helps penetration testers and offensive security professionals identify exploitable attack paths and gain situational awareness in cloud infrastructure environments.
A collection of security research tools from Google's Project Zero team for testing and analyzing iPhone messaging systems including SMS, iMessage, and IMAP protocols.
A collection of security research tools from Google's Project Zero team for testing and analyzing iPhone messaging systems including SMS, iMessage, and IMAP protocols.
Shadow Workers is an open source C2 framework and proxy tool for penetration testers to exploit XSS vulnerabilities and malicious Service Workers.
Shadow Workers is an open source C2 framework and proxy tool for penetration testers to exploit XSS vulnerabilities and malicious Service Workers.
SourcePoint generates customizable C2 profiles for Cobalt Strike servers to enhance evasion capabilities against security defenses.
SourcePoint generates customizable C2 profiles for Cobalt Strike servers to enhance evasion capabilities against security defenses.
Pacu is an open-source AWS exploitation framework designed for offensive security testing against cloud environments through modular attack capabilities.
Pacu is an open-source AWS exploitation framework designed for offensive security testing against cloud environments through modular attack capabilities.
A lightweight Command and Control (C2) implant written in Nim that provides remote access capabilities for penetration testing and red team operations.
A lightweight Command and Control (C2) implant written in Nim that provides remote access capabilities for penetration testing and red team operations.
A dynamic multi-cloud infrastructure framework that enables rapid deployment of disposable instances pre-loaded with security tools for distributed offensive and defensive security operations.
A dynamic multi-cloud infrastructure framework that enables rapid deployment of disposable instances pre-loaded with security tools for distributed offensive and defensive security operations.
A covert channel technique that uses WebDAV protocol features to deliver malicious payloads and establish C2 communication while bypassing security controls.
A covert channel technique that uses WebDAV protocol features to deliver malicious payloads and establish C2 communication while bypassing security controls.
MSBuildAPICaller is an offensive security tool that enables interaction with the MSBuild API to execute arbitrary scripts for red teaming and penetration testing purposes.
MSBuildAPICaller is an offensive security tool that enables interaction with the MSBuild API to execute arbitrary scripts for red teaming and penetration testing purposes.
A tool for working with Direct System Calls in Cobalt Strike's Beacon Object Files (BOF) for offensive security purposes.
A tool for working with Direct System Calls in Cobalt Strike's Beacon Object Files (BOF) for offensive security purposes.
A utility that attempts to decrypt data from weak RSA public keys and recover private keys using multiple integer factorization algorithms.
A utility that attempts to decrypt data from weak RSA public keys and recover private keys using multiple integer factorization algorithms.
A collection of tools that execute programs directly in memory using various delivery methods including URL downloads and netcat connections.
A collection of tools that execute programs directly in memory using various delivery methods including URL downloads and netcat connections.
A COM Command & Control framework that uses JScript to provide fileless remote access capabilities on Windows systems through a modular plugin architecture.
A COM Command & Control framework that uses JScript to provide fileless remote access capabilities on Windows systems through a modular plugin architecture.
A collection of vulnerable web applications containing command injection flaws designed to test and evaluate detection and exploitation tools like commix.
A collection of vulnerable web applications containing command injection flaws designed to test and evaluate detection and exploitation tools like commix.
A Linux exploit suggestion tool that identifies potential privilege escalation vulnerabilities by analyzing kernel versions and matching them against a database of known exploits.
A Linux exploit suggestion tool that identifies potential privilege escalation vulnerabilities by analyzing kernel versions and matching them against a database of known exploits.
Pwntools is a Python CTF framework and exploit development library that provides tools for rapid prototyping and development of exploits and CTF challenge solutions.
A modular, cross-platform framework for creating repeatable, time-delayed security events and scenarios for Blue Team training and Red Team operations.
A modular, cross-platform framework for creating repeatable, time-delayed security events and scenarios for Blue Team training and Red Team operations.
Sysreptor offers a customizable security reporting solution for penetration testers and red teamers.
Sysreptor offers a customizable security reporting solution for penetration testers and red teamers.
Sysreptor offers a customizable reporting solution for penetration testing and red teaming activities.
Sysreptor offers a customizable reporting solution for penetration testing and red teaming activities.
Sysreptor offers a customizable security reporting solution for penetration testers and red teamers.
Sysreptor offers a customizable security reporting solution for penetration testers and red teamers.
A deliberately vulnerable ARM/ARM64 application with 14 different vulnerability levels designed for CTF-style exploitation training and education.
A deliberately vulnerable ARM/ARM64 application with 14 different vulnerability levels designed for CTF-style exploitation training and education.
Sysreptor offers a customizable reporting solution for offensive security assessments.
Sysreptor offers a customizable reporting solution for offensive security assessments.
A distributed systems simulator that creates intentionally vulnerable Kubernetes clusters in AWS for security training and attack scenario practice.
A distributed systems simulator that creates intentionally vulnerable Kubernetes clusters in AWS for security training and attack scenario practice.
A fully customizable, offensive security reporting solution for pentesters, red teamers, and other security professionals.
A fully customizable, offensive security reporting solution for pentesters, red teamers, and other security professionals.
AEM (Adobe Experience Manager) Hacker is a tool designed to help security researchers and penetration testers identify and exploit vulnerabilities in AEM-based systems.
AEM (Adobe Experience Manager) Hacker is a tool designed to help security researchers and penetration testers identify and exploit vulnerabilities in AEM-based systems.
A repository providing hourly-updated data dumps of bug bounty platform scopes from major platforms like HackerOne, Bugcrowd, and Intigriti for security researchers.
A repository providing hourly-updated data dumps of bug bounty platform scopes from major platforms like HackerOne, Bugcrowd, and Intigriti for security researchers.
BeEF is a penetration testing framework that exploits web browsers to assess client-side security vulnerabilities and launch attacks from within the browser context.
BeEF is a penetration testing framework that exploits web browsers to assess client-side security vulnerabilities and launch attacks from within the browser context.
AutoTTP automates complex attack sequences and testing scenarios for regression tests and research using frameworks like Empire, Metasploit, and Cobalt Strike.
AutoTTP automates complex attack sequences and testing scenarios for regression tests and research using frameworks like Empire, Metasploit, and Cobalt Strike.
A cross-platform post-exploitation HTTP/2 Command & Control framework designed specifically for testing and exploiting containerized environments including Docker and Kubernetes.
A cross-platform post-exploitation HTTP/2 Command & Control framework designed specifically for testing and exploiting containerized environments including Docker and Kubernetes.
A penetration testing tool that intercepts SSH connections by patching OpenSSH source code to act as a proxy and log plaintext passwords and sessions.
A penetration testing tool that intercepts SSH connections by patching OpenSSH source code to act as a proxy and log plaintext passwords and sessions.
A repository documenting AppLocker bypass techniques with verified methods, legacy DLL execution approaches, and a PowerShell module for identifying AppLocker weaknesses.
A repository documenting AppLocker bypass techniques with verified methods, legacy DLL execution approaches, and a PowerShell module for identifying AppLocker weaknesses.
InvisibilityCloak is a proof-of-concept C# code obfuscation toolkit designed for red teaming and penetration testing to conceal post-exploitation tools from detection.
InvisibilityCloak is a proof-of-concept C# code obfuscation toolkit designed for red teaming and penetration testing to conceal post-exploitation tools from detection.
Educational repository containing RPISEC's course materials for teaching modern binary exploitation, vulnerability research, and reverse engineering at Rensselaer Polytechnic Institute.
Educational repository containing RPISEC's course materials for teaching modern binary exploitation, vulnerability research, and reverse engineering at Rensselaer Polytechnic Institute.
A Linux process injection tool that uses ptrace() to inject assembly-based shellcode into running processes without NULL byte restrictions.
A Linux process injection tool that uses ptrace() to inject assembly-based shellcode into running processes without NULL byte restrictions.
FeatherDuster is a cryptanalysis tool that automatically identifies and exploits weaknesses in cryptographic systems by analyzing ciphertext files.
FeatherDuster is a cryptanalysis tool that automatically identifies and exploits weaknesses in cryptographic systems by analyzing ciphertext files.
A comprehensive repository of payloads and bypass techniques for web application security testing and penetration testing across multiple platforms and attack vectors.
A comprehensive repository of payloads and bypass techniques for web application security testing and penetration testing across multiple platforms and attack vectors.
OneGadget is a CTF-focused tool that uses symbolic execution to find RCE gadgets in binaries that can execute shell commands through execve('/bin/sh', NULL, NULL).
OneGadget is a CTF-focused tool that uses symbolic execution to find RCE gadgets in binaries that can execute shell commands through execve('/bin/sh', NULL, NULL).
Sysreptor offers a customizable reporting solution for offensive security assessments.
Sysreptor offers a customizable reporting solution for offensive security assessments.
Sysreptor provides a customizable reporting platform for pentesters and red teamers to efficiently document security assessments.
Sysreptor provides a customizable reporting platform for pentesters and red teamers to efficiently document security assessments.
Comprehensive host-survey tool for security checks in C#.
AHHHZURE is an automated deployment script that creates vulnerable Azure cloud lab environments for offensive security training and cloud penetration testing practice.
AHHHZURE is an automated deployment script that creates vulnerable Azure cloud lab environments for offensive security training and cloud penetration testing practice.
SharpC2 is a C#-based Command and Control framework that provides remote access capabilities for penetration testing and red team operations.
SharpC2 is a C#-based Command and Control framework that provides remote access capabilities for penetration testing and red team operations.
A Python script that performs security testing attacks against AWS Cognito services including account creation, user enumeration, and privilege escalation vulnerabilities.
A Python script that performs security testing attacks against AWS Cognito services including account creation, user enumeration, and privilege escalation vulnerabilities.
Sysreptor offers a customizable reporting solution for penetration testing and red teaming.
Sysreptor offers a customizable reporting solution for penetration testing and red teaming.
CloudGoat is a vulnerable-by-design AWS deployment tool that creates intentionally insecure cloud environments for hands-on cybersecurity training through capture-the-flag scenarios.
CloudGoat is a vulnerable-by-design AWS deployment tool that creates intentionally insecure cloud environments for hands-on cybersecurity training through capture-the-flag scenarios.
Covenant is a collaborative .NET command and control framework designed for red team operations and offensive security engagements.
Covenant is a collaborative .NET command and control framework designed for red team operations and offensive security engagements.
NoSQLMap is an open source Python tool that automates NoSQL injection attacks and exploits configuration weaknesses in NoSQL databases to disclose or clone data.
NoSQLMap is an open source Python tool that automates NoSQL injection attacks and exploits configuration weaknesses in NoSQL databases to disclose or clone data.
A command line tool that generates randomized malleable C2 profiles for Cobalt Strike to vary command and control communication patterns.
A command line tool that generates randomized malleable C2 profiles for Cobalt Strike to vary command and control communication patterns.
A proof-of-concept executable injection tool that compiles and launches parasitic executables within target processes using standard or stealth injection techniques.
A proof-of-concept executable injection tool that compiles and launches parasitic executables within target processes using standard or stealth injection techniques.
Sysreptor offers a customizable reporting solution for pentesters and red teamers to enhance security documentation.
Sysreptor offers a customizable reporting solution for pentesters and red teamers to enhance security documentation.
The Hacker News is a leading cybersecurity news platform providing updates, insights, and information to professionals and enthusiasts in the field.
The Hacker News is a leading cybersecurity news platform providing updates, insights, and information to professionals and enthusiasts in the field.
EvilClippy is a cross-platform tool that creates malicious MS Office documents with hidden VBA macros and evasion techniques for penetration testing and red team operations.
EvilClippy is a cross-platform tool that creates malicious MS Office documents with hidden VBA macros and evasion techniques for penetration testing and red team operations.
Sysreptor offers a customizable security reporting solution for penetration testers and red teamers.
Sysreptor offers a customizable security reporting solution for penetration testers and red teamers.
AzureGoat is a deliberately vulnerable Azure cloud infrastructure that incorporates OWASP Top 10 vulnerabilities and Azure service misconfigurations for security training and penetration testing practice.
AzureGoat is a deliberately vulnerable Azure cloud infrastructure that incorporates OWASP Top 10 vulnerabilities and Azure service misconfigurations for security training and penetration testing practice.
CobaltBus integrates Cobalt Strike with Azure Service Bus to create covert C2 communication channels for red team operations.
CobaltBus integrates Cobalt Strike with Azure Service Bus to create covert C2 communication channels for red team operations.
ROPgadget is a cross-platform command-line tool that searches for ROP gadgets in binary files across multiple architectures to facilitate exploit development and ROP chain construction.
ROPgadget is a cross-platform command-line tool that searches for ROP gadgets in binary files across multiple architectures to facilitate exploit development and ROP chain construction.
Documentation of an AWS IAM privilege escalation technique that exploits the iam:CreatePolicyVersion permission to gain elevated access through policy manipulation.
Documentation of an AWS IAM privilege escalation technique that exploits the iam:CreatePolicyVersion permission to gain elevated access through policy manipulation.
A reconnaissance tool that analyzes expired domains for categorization, reputation, and Archive.org history to identify candidates suitable for phishing and C2 operations.
A reconnaissance tool that analyzes expired domains for categorization, reputation, and Archive.org history to identify candidates suitable for phishing and C2 operations.
RedGuard is a C2 front flow control tool that helps evade detection by security systems through traffic filtering and redirection capabilities.
RedGuard is a C2 front flow control tool that helps evade detection by security systems through traffic filtering and redirection capabilities.
Hack Night is a thirteen-week educational program by NYU Tandon's OSIRIS Lab that provides an accelerated introduction to offensive security concepts, techniques, and practical applications.
Hack Night is a thirteen-week educational program by NYU Tandon's OSIRIS Lab that provides an accelerated introduction to offensive security concepts, techniques, and practical applications.
RedWarden is a Cobalt Strike C2 reverse proxy that uses packet inspection and malleable profile correlation to evade detection by security controls during red team operations.
RedWarden is a Cobalt Strike C2 reverse proxy that uses packet inspection and malleable profile correlation to evade detection by security controls during red team operations.
A payload creation framework for generating and executing C# code payloads with anti-evasion capabilities for offensive security operations.
A payload creation framework for generating and executing C# code payloads with anti-evasion capabilities for offensive security operations.
WeirdAAL is an open-source framework that provides tools and libraries for simulating attacks and testing security vulnerabilities in AWS environments.
WeirdAAL is an open-source framework that provides tools and libraries for simulating attacks and testing security vulnerabilities in AWS environments.
A training program that teaches security professionals how to conduct penetration testing and attack simulations against AWS and Azure cloud infrastructure.
A training program that teaches security professionals how to conduct penetration testing and attack simulations against AWS and Azure cloud infrastructure.
A PowerShell toolkit for penetration testing Microsoft Azure environments, providing discovery, configuration auditing, and post-exploitation capabilities.
A PowerShell toolkit for penetration testing Microsoft Azure environments, providing discovery, configuration auditing, and post-exploitation capabilities.
A tool for analyzing and visualizing control relationships and privilege escalation paths within Active Directory environments using graph-based representations.
A tool for analyzing and visualizing control relationships and privilege escalation paths within Active Directory environments using graph-based representations.
Pupy is an open-source, cross-platform C2 framework that provides remote access and control capabilities for compromised systems across Windows, Linux, OSX, and Android platforms.
Pupy is an open-source, cross-platform C2 framework that provides remote access and control capabilities for compromised systems across Windows, Linux, OSX, and Android platforms.
A collection of tips and tricks for container and container orchestration hacking and security testing.
A collection of tips and tricks for container and container orchestration hacking and security testing.
An Azure Function that validates and relays Cobalt Strike beacon traffic based on Malleable C2 profile authentication.
An Azure Function that validates and relays Cobalt Strike beacon traffic based on Malleable C2 profile authentication.
TikiTorch is a process injection tool that executes code within the address space of other processes using various injection techniques.
TikiTorch is a process injection tool that executes code within the address space of other processes using various injection techniques.
PwnAuth is an open-source tool for generating and managing authentication tokens across multiple protocols, designed for penetration testing and red team exercises.
PwnAuth is an open-source tool for generating and managing authentication tokens across multiple protocols, designed for penetration testing and red team exercises.
A proof-of-concept tool that generates Excel BIFF8 files with embedded 4.0 macros programmatically without requiring Microsoft Excel installation.
A proof-of-concept tool that generates Excel BIFF8 files with embedded 4.0 macros programmatically without requiring Microsoft Excel installation.
A Mac OS X code injection library that enables copying code into target processes and remotely executing it through new thread creation.
A Mac OS X code injection library that enables copying code into target processes and remotely executing it through new thread creation.
RedELK is a SIEM tool designed for red teams to monitor and receive alerts about blue team detection activities during penetration testing engagements.
RedELK is a SIEM tool designed for red teams to monitor and receive alerts about blue team detection activities during penetration testing engagements.
A comprehensive repository of open-source security tools organized by attack phases for red team operations, adversary simulation, and threat hunting purposes.
A comprehensive repository of open-source security tools organized by attack phases for red team operations, adversary simulation, and threat hunting purposes.
A collection of Python scripts for conducting penetration testing activities against Amazon Web Services (AWS) environments.
A collection of Python scripts for conducting penetration testing activities against Amazon Web Services (AWS) environments.
A Python utility that identifies and exploits domains vulnerable to AWS name server takeover attacks by detecting misconfigured DNS settings.
An automation framework that runs multiple open-source subdomain bruteforcing tools in parallel using Docker Compose and custom wordlists.
An automation framework that runs multiple open-source subdomain bruteforcing tools in parallel using Docker Compose and custom wordlists.
A framework for executing cloud attacker tactics, techniques, and procedures (TTPs) that can generate APIs, Sigma detection rules, and documentation from YAML-based definitions.
A framework for executing cloud attacker tactics, techniques, and procedures (TTPs) that can generate APIs, Sigma detection rules, and documentation from YAML-based definitions.
Python exploitation tool for gaining root access to Sixnet RTUs in SCADA networks by exploiting application-level vulnerabilities.
Python exploitation tool for gaining root access to Sixnet RTUs in SCADA networks by exploiting application-level vulnerabilities.
A proof-of-concept toolkit for fingerprinting and exploiting Amazon Web Services cloud infrastructures using the boto library.
A proof-of-concept toolkit for fingerprinting and exploiting Amazon Web Services cloud infrastructures using the boto library.
A template-driven framework for creating custom evasion techniques to test Anti-Virus and EDR detection capabilities.
A template-driven framework for creating custom evasion techniques to test Anti-Virus and EDR detection capabilities.
ezXSS is a testing framework that helps penetration testers and bug bounty hunters identify Cross Site Scripting vulnerabilities, especially blind XSS attacks.
ezXSS is a testing framework that helps penetration testers and bug bounty hunters identify Cross Site Scripting vulnerabilities, especially blind XSS attacks.
Sysreptor provides a customizable security reporting solution for penetration testers and red teamers.
Sysreptor provides a customizable security reporting solution for penetration testers and red teamers.
An educational workshop providing hands-on training materials, lab environments, and tools for learning local privilege escalation techniques on Windows and Linux systems.
An educational workshop providing hands-on training materials, lab environments, and tools for learning local privilege escalation techniques on Windows and Linux systems.
Sysreptor offers a customizable reporting solution for penetration testers and red teamers to streamline their security assessments.
Sysreptor offers a customizable reporting solution for penetration testers and red teamers to streamline their security assessments.
GraphSpy is a browser-based post-exploitation tool for Azure Active Directory and Office 365 environments that enables token management, reconnaissance, and interaction with Microsoft 365 services.
GraphSpy is a browser-based post-exploitation tool for Azure Active Directory and Office 365 environments that enables token management, reconnaissance, and interaction with Microsoft 365 services.
A planning framework document that guides red team exercise preparation with focus on blue team development and constructive learning outcomes.
A planning framework document that guides red team exercise preparation with focus on blue team development and constructive learning outcomes.
A security testing framework for assessing container environment security across AWS and GCP cloud platforms.
A security testing framework for assessing container environment security across AWS and GCP cloud platforms.
CrossC2 is a cross-platform payload generator that extends CobaltStrike's capabilities to Linux and macOS environments for red team operations.
CrossC2 is a cross-platform payload generator that extends CobaltStrike's capabilities to Linux and macOS environments for red team operations.
KeeFarce extracts cleartext password database information from KeePass 2.x processes in memory using DLL injection and .NET runtime manipulation.
KeeFarce extracts cleartext password database information from KeePass 2.x processes in memory using DLL injection and .NET runtime manipulation.
A dynamic redirect rules generator that creates custom redirect configurations for penetration testing and security assessment scenarios.
A dynamic redirect rules generator that creates custom redirect configurations for penetration testing and security assessment scenarios.
A three-part educational series documenting techniques for achieving domain administrator privileges in Windows environments, covering attack methods, defenses, and remediation strategies.
A three-part educational series documenting techniques for achieving domain administrator privileges in Windows environments, covering attack methods, defenses, and remediation strategies.
A comprehensive collection of SQL injection syntax references and payloads for testing various database management systems during penetration testing and security assessments.
A comprehensive collection of SQL injection syntax references and payloads for testing various database management systems during penetration testing and security assessments.