A vast collection of security tools

660 tools filtered
0d1n on offsec.tools
0d1n

Tool for automating customized attacks against web applications.

2tearsinabucket on offsec.tools
2tearsinabucket

Enumerate s3 buckets for a specific target.

4-ZERO-3 on offsec.tools
4-ZERO-3

403/401 Bypass Methods.

ActiveScan++ on offsec.tools
ActiveScan++

Extends Burp Suite's active and passive scanning capabilities.

Acunetix on offsec.tools
Acunetix

Quickly find and fix the vulnerabilities that put your web applications at risk of attack.

ADAPE Script on offsec.tools
ADAPE Script

Active Directory assessment and privilege escalation script.

ADenum on offsec.tools
ADenum

Find misconfiguration through LDAP to exploit weaknesses with Kerberos.

ADReaper on offsec.tools
ADReaper

Enumerate an Active Directory environment with LDAP queries.

ADRT on offsec.tools
ADRT

Active Directory Report Tool.

AdvancedKeyHacks on offsec.tools
AdvancedKeyHacks

API Key/Token Exploitation Made easy.

Agartha on offsec.tools
Agartha

Burp Suite extension for dynamic payload generation to detect injection flaws.

airbash on offsec.tools
airbash

Fully automated WPA PSK PMKID and handshake capture script.

aircrack-ng on offsec.tools
aircrack-ng

Complete suite of tools to assess WiFi network security.

AllAboutBugBounty on offsec.tools
AllAboutBugBounty

Bug Bounty notes gathered from various sources.

Altdns on offsec.tools
Altdns

Generates permutations, alterations and mutations of subdomains and then resolves them.

Amass on offsec.tools
Amass

In-depth Attack Surface Mapping and Asset Discovery.

andor on offsec.tools
andor

Blind SQL Injection Tool with Golang.

Angry IP Scanner on offsec.tools
Angry IP Scanner

Fast and simple-to-use open-source/cross-platform network scanner.

Apidor on offsec.tools
Apidor

Tool for automating the search for IDOR vulnerabilities in web applications and APIs.

APKEnum on offsec.tools
APKEnum

Passive enumeration utility For Android applications.

apkurlgrep on offsec.tools
apkurlgrep

Extract endpoints from APK files.

Aquatone on offsec.tools
Aquatone

A Tool for Domain Flyovers.

Arachni on offsec.tools
Arachni

Web Application Security Scanner Framework.

archaeologit on offsec.tools
archaeologit

Scans the history of GitHub repositories to find sensitive things.

Arjun on offsec.tools
Arjun

HTTP parameter discovery suite.

As3nt on offsec.tools
As3nt

Another Subdomain ENumeration Tool.

ASNLookup on offsec.tools
ASNLookup

Leverage ASN to look up IP addresses owned by a specific organization.

ASNmap on offsec.tools
ASNmap

Quickly maps organization network ranges using ASN information.

#dns  #ips 

assetfinder on offsec.tools
assetfinder

Find domains and subdomains related to a given domain.

Async DNS Brute on offsec.tools
Async DNS Brute

DNS asynchronous brute force utility.

ATOR on offsec.tools
ATOR

Authentication Token Obtain and Replace Extender.

AttackSurfaceMapper on offsec.tools
AttackSurfaceMapper

AttackSurfaceMapper is a tool that aims to automate the reconnaissance process.

Auth Analyzer on offsec.tools
Auth Analyzer

The Burp extension helps you to find authorization bugs.

AuthMatrix on offsec.tools
AuthMatrix

Provides a simple way to test authorization in web applications and web services.

authz on offsec.tools
authz

Burp Suite plugin to test for authorization flaws.

AutoRecon on offsec.tools
AutoRecon

Multi-threaded network reconnaissance tool which performs automated enumeration of services.

AutoRepeater on offsec.tools
AutoRepeater

Automated HTTP Request Repeating With Burp Suite.

Autorize on offsec.tools
Autorize

Automatic authorization enforcement detection extension for Burp Suite.

AutoSploit on offsec.tools
AutoSploit

Automated Mass Exploiter.

autoSubTakeover on offsec.tools
autoSubTakeover

A tool used to check if a CNAME resolves to the scope address.

Autowasp on offsec.tools
Autowasp

A one-stop pentesting checklist and logger tool.

Awesome Bug Bounty on offsec.tools
Awesome Bug Bounty

A comprehensive curated list of available Bug Bounty & disclosure programs and writeups.

Awesome BugBounty Writeups on offsec.tools
Awesome BugBounty Writeups

A curated list of bugbounty writeups (Bug type wise).

AWS Extender CLI on offsec.tools
AWS Extender CLI

Command-line script to test cloud storage for common misconfiguration issues.

AWS security checks on offsec.tools
AWS security checks

This Burp Suite provides additional Scanner checks for AWS security issues.

AWSBucketDump on offsec.tools
AWSBucketDump

Security Tool to Look For Interesting Files in S3 Buckets.

B-XSSRF on offsec.tools
B-XSSRF

Toolkit to detect and keep track on Blind XSS, XXE & SSRF.

backslash-powered-scanner on offsec.tools
backslash-powered-scanner

Finds unknown classes of injection vulnerabilities.

barq on offsec.tools
barq

The AWS Cloud Post Exploitation framework!

bbscope on offsec.tools
bbscope

Scope gathering tool for multiple Bug Bounty platforms.

BeEF on offsec.tools
BeEF

The Browser Exploitation Framework is a penetration testing tool that focuses on the web browser.

BeRoot on offsec.tools
BeRoot

Multiplaform privilege escalation project.

bettercap on offsec.tools
bettercap

The Swiss Army knife for WiFi, BLE, IPv4 and IPv6 networks reconnaissance and MITM attacks.

Betterscan on offsec.tools
Betterscan

Code Scanning/SAST/static analysis/linting using many tools/scanners with one report.

BFAC on offsec.tools
BFAC

Check for backup artifacts that may disclose the web-application's source code.

BitBlinder on offsec.tools
BitBlinder

Injects custom XSS payloads on every form/request submitted to detect blind XSS.

BlackWidow on offsec.tools
BlackWidow

Web application scanner to gather OSINT and fuzz for OWASP vulnerabilities on a target website.

bounty-targets-data on offsec.tools
bounty-targets-data

Hourly-updated data dumps of bug bounty platform scopes that are eligible for reports.

bountyplz on offsec.tools
bountyplz

Automated security reporting from markdown templates.

brutesubs on offsec.tools
brutesubs

Automation framework for running multiple open sourced subdomain bruteforcing tools in parallel.

BruteX on offsec.tools
BruteX

Automatically brute force all services running on a target.

BruteXSS on offsec.tools
BruteXSS

Tool written in Python simply to find XSS vulnerabilities in web application.

Bug Bounty Guide on offsec.tools
Bug Bounty Guide

Launchpad for bug bounty programs and bug bounty hunters.

Bug Bounty Reference on offsec.tools
Bug Bounty Reference

A list of Bug Bounty writeups that is categorized by the bug nature.

BugBountyHunter on offsec.tools
BugBountyHunter

Helping you become a BugBountyHunter.

Bugcrowd VRT on offsec.tools
Bugcrowd VRT

Bugcrowd’s baseline priority ratings for common security vulnerabilities.

Burp Extender API on offsec.tools
Burp Extender API

Burp Extender API.

Burp NTLM Challenge Decoder on offsec.tools
Burp NTLM Challenge Decoder

Burp extension to decode NTLM SSP headers and extract domain/host information.

Burp Suite on offsec.tools
Burp Suite

The class-leading vulnerability scanning, penetration testing, and web app security platform.

Burp WP on offsec.tools
Burp WP

Find known vulnerabilities in WordPress plugins and themes, WPScan like plugin for Burp.

Burp-AnonymousCloud on offsec.tools
Burp-AnonymousCloud

Performs passive scan to identify buckets and test them for publicly accessible vulnerabilities.

burp-exporter on offsec.tools
burp-exporter

Copy a Burp Suite request to a file or the clipboard as multiple programming languages functions.

Burp-to-SQLMap on offsec.tools
Burp-to-SQLMap

Performing SQLInjection test on Burp Suite Bulk Requests using SQLMap.

burp-vulners-scanner on offsec.tools
burp-vulners-scanner

Vulnerability scanner based on vulners.com search API.

BurpBeautifier on offsec.tools
BurpBeautifier

Burpsuite extension for beautifying request/response body.

BurpBounty on offsec.tools
BurpBounty

Improve the active and passive Burp Suite scanner by means of custom rules through GUI.

BurpJSLinkFinder on offsec.tools
BurpJSLinkFinder

Burp Extension for a passive scanning JS files for endpoint links.

BurpSentinel on offsec.tools
BurpSentinel

GUI Burp Plugin to ease discovering of security holes in web applications.

BurpSmartBuster on offsec.tools
BurpSmartBuster

A Burp Suite content discovery plugin that add the smart into the Buster.

BurpSuiteHTTPSmuggler on offsec.tools
BurpSuiteHTTPSmuggler

A Burp Suite extension to bypass WAFs or test their effectiveness using a number of techniques.

bXSS on offsec.tools
bXSS

bXSS is a utility which can be used identify Blind Cross-Site Scripting.

bypasswaf on offsec.tools
bypasswaf

Add headers to all Burp requests to bypass some WAF products.

Can I take over XYZ? on offsec.tools
Can I take over XYZ?

A list of services and how to claim (sub)domains with dangling DNS records.

Canvas on offsec.tools
Canvas

Assessment tool that allows penetration testing and hostile attack simulations.

cariddi on offsec.tools
cariddi

Crawl urls and scan for endpoints, secrets, api keys, file extensions, tokens and more.

cc.py on offsec.tools
cc.py

Extracting URLs of a specific target based on the results of commoncrawl.org.

Censys Enumeration on offsec.tools
Censys Enumeration

Extract subdomains/emails for a given domain using SSL/TLS certificate dataset on Censys.

Censys subdomain finder on offsec.tools
Censys subdomain finder

Perform subdomain enumeration using the certificate transparency logs from Censys.

cero on offsec.tools
cero

Scrape domain names from SSL certificates of arbitrary hosts.

CertCrunchy on offsec.tools
CertCrunchy

Uses data from SSL Certificates to find potential host names.

Certificate Ripper on offsec.tools
Certificate Ripper

A CLI tool to extract server certificates.

Certificate Search on offsec.tools
Certificate Search

Get informations about SSL certificates.

CeWL on offsec.tools
CeWL

Custom Word List Generator.

changeme on offsec.tools
changeme

A default credential scanner.

Chaos on offsec.tools
Chaos

Collect and maintain internet-wide assets data for public Bug Bounty programs.

ChopChop on offsec.tools
ChopChop

Scan endpoints and identify exposition of sensitive services/files/folders.

clairvoyance on offsec.tools
clairvoyance

Obtain GraphQL API Schema even if the introspection is not enabled.

cloud_enum on offsec.tools
cloud_enum

Multi-cloud OSINT tool. Enumerate public resources in AWS, Azure, and Google Cloud.

CloudBrute on offsec.tools
CloudBrute

Awesome cloud enumerator.

CloudFail on offsec.tools
CloudFail

Utilize misconfigured DNS and old database records to find hidden IPs behind CloudFlare network.

cloudflare-origin-ip on offsec.tools
cloudflare-origin-ip

Try to find the origin IP of a webapp protected by Cloudflare.

Cloudfox on offsec.tools
Cloudfox

Automating situational awareness for cloud penetration tests.

cloudlist on offsec.tools
cloudlist

Cloudlist is a tool for listing Assets from multiple Cloud Providers.

CloudScraper on offsec.tools
CloudScraper

Tool to enumerate targets in search of cloud resources.

CMSmap on offsec.tools
CMSmap

CMS scanner that automates the process of detecting security flaws of the most popular CMSs.

cnames on offsec.tools
cnames

Take a list of resolved subdomains and output any corresponding CNAMES en masse.

Coercer on offsec.tools
Coercer

Automatically coerce a Windows server to authenticate on an arbitrary machine.

Collaborator Everywhere on offsec.tools
Collaborator Everywhere

Burp Suite extension which injects non-invasive headers to reveal backend systems.

commit-stream on offsec.tools
commit-stream

OSINT tool for finding Github repositories by extracting commit logs in real time.

Commix on offsec.tools
Commix

Automated All-in-One OS Command Injection Exploitation Tool.

cook on offsec.tools
cook

Overpower wordlist generator, words permutation and combinations, encoding/decoding...

CORS Scanner on offsec.tools
CORS Scanner

A multi-threaded scanner that helps identify CORS flaws/misconfigurations.

CorsMe on offsec.tools
CorsMe

CORS misconfiguration scanner tool with speed and precision in mind!

CORStest on offsec.tools
CORStest

A simple CORS misconfiguration scanner.

Corsy on offsec.tools
Corsy

CORS Misconfiguration Scanner.

Covenant on offsec.tools
Covenant

Collaborative C2 framework for red teamers.

Cr3dOv3r on offsec.tools
Cr3dOv3r

Know the dangers of credential reuse attacks.

crackerjack on offsec.tools
crackerjack

Hashcat Web Interface.

Crawlergo on offsec.tools
Crawlergo

A powerful browser crawler for web vulnerability scanners

crawley on offsec.tools
crawley

The unix-way web crawler.

crithit on offsec.tools
crithit

Takes a single wordlist item and tests it one by one over a large collection of websites.

CRLF-Injection-Scanner on offsec.tools
CRLF-Injection-Scanner

Command line tool for testing CRLF injection on a list of domains.

CRLFMap on offsec.tools
CRLFMap

CRLFMap is a tool to find HTTP Splitting vulnerabilities.

CRLFsuite on offsec.tools
CRLFsuite

The most powerful CRLF injection scanner.

CRLFuzz on offsec.tools
CRLFuzz

A fast tool to scan CRLF vulnerability written in Go.

Cross-site scripting cheat sheet on offsec.tools
Cross-site scripting cheat sheet

PortSwigger XSS cheat sheet that contains many vectors that can help you bypass WAFs and filters.

crtndtry on offsec.tools
crtndtry

Yet another subdomain finder.

crunch on offsec.tools
crunch

Wordlist generator where you can specify a character set or any set of characters to be used.

csp-analyzer on offsec.tools
csp-analyzer

Analyze CSP header of a given URL.

#csp 

csprecon on offsec.tools
csprecon

Discover new target domains using Content Security Policy.

cstc on offsec.tools
cstc

Burp Suite extension that allows request/response modification using a GUI.

ctf-tools on offsec.tools
ctf-tools

Some setup scripts for security research tools.

CTFR on offsec.tools
CTFR

Abusing Certificate Transparency logs for getting HTTPS websites subdomains.

curate on offsec.tools
curate

A tool for fetching archived URLs.

CyberChef on offsec.tools
CyberChef

A web app for encryption, encoding, compression and data analysis.

DalFox on offsec.tools
DalFox

Powerful open source XSS scanning tool and parameter analyzer, utility.

Dangerous Methods on offsec.tools
Dangerous Methods

A Burp Suite extension for finding the use of potentially dangerous methods/functions.

Dastardly Scan Action on offsec.tools
Dastardly Scan Action

Runs a scan using Dastardly by Burp Suite against a target site and generates a report.

DataExtractor on offsec.tools
DataExtractor

A Burp Suite extension to extract data from source code while browsing.

Default Credentials Cheat Sheet on offsec.tools
Default Credentials Cheat Sheet

One place for all the default credentials to assist on finding devices with default password.

default-http-login-hunter on offsec.tools
default-http-login-hunter

Login hunter of default credentials for administrative web interfaces.

DefaultPassword on offsec.tools
DefaultPassword

Default passwords database sorted by manufacturers.

Demiguise on offsec.tools
Demiguise

HTA encryption tool for Red Teams.

DependencyCheck on offsec.tools
DependencyCheck

Utility that detects publicly disclosed vulnerabilities in application dependencies.

Depix on offsec.tools
Depix

Recovers passwords from pixelized screenshots.

detectify-cves on offsec.tools
detectify-cves

Find CVEs that don't have a Detectify modules.

differer on offsec.tools
differer

differer finds how URLs are parsed by different languages in order to help bug hunters break filters.

Dirb on offsec.tools
Dirb

Web Fuzzer.

DirBuster on offsec.tools
DirBuster

Multi threaded application to brute force directories and files names on web/application servers.

dirhunt on offsec.tools
dirhunt

Find web directories without bruteforce.

dirlstr on offsec.tools
dirlstr

Finds Directory Listings or open S3 buckets from a list of URLs.

dirsearch on offsec.tools
dirsearch

Web path scanner.

DirSearch on offsec.tools
DirSearch

A Go implementation of dirsearch.

Dirstalk on offsec.tools
Dirstalk

Multi threaded application designed to brute force paths on web servers.

Distribute Damage on offsec.tools
Distribute Damage

Evenly distributes scanner load across targets.

dnscan on offsec.tools
dnscan

Python wordlist-based DNS subdomain scanner.

dnsenum on offsec.tools
dnsenum

Enumerates DNS information of a domain and to discover non-contiguous ip blocks.

dnsgen on offsec.tools
dnsgen

Generates combination of domain names from the provided input.

DNSProbe on offsec.tools
DNSProbe

Allows you to perform multiple dns queries of your choice with a list of user supplied resolvers.

dnsReaper on offsec.tools
dnsReaper

Subdomain takeover tool for attackers, bug bounty hunters and the blue team!

DNSRecon on offsec.tools
DNSRecon

DNS Enumeration Script.

DNSTake on offsec.tools
DNSTake

A fast tool to check missing hosted DNS zones that can lead to subdomain takeover.

dnsX on offsec.tools
dnsX

Fast and multi-purpose DNS toolkit designed for running DNS queries.

docem on offsec.tools
docem

Utility to embed XXE and XSS payloads in docx, odt, pptx...

DOM based XSS finder on offsec.tools
DOM based XSS finder

Chrome extension that finds DOM based XSS vulnerabilities.

DOM XSS Scanner on offsec.tools
DOM XSS Scanner

A tool to scan source code for DOM based XSS vulnerabilities.

dom-red on offsec.tools
dom-red

Small script to check a list of domains against open redirect vulnerability.

Domain Analyzer on offsec.tools
Domain Analyzer

Analyze the security of any domain by finding all the information possible. Made in python.

Domain Hunter on offsec.tools
Domain Hunter

Try to find all subdomains, similar-domains and related-domains of an organization.

domained on offsec.tools
domained

Multi Tool Subdomain Enumeration.

DOMDig on offsec.tools
DOMDig

DOM XSS scanner for Single Page Applications.

DotDotPwn on offsec.tools
DotDotPwn

The Directory Traversal Fuzzer.

DotGit on offsec.tools
DotGit

An extension for checking if .git is exposed in visited websites.

DroneSploit on offsec.tools
DroneSploit

Drone pentesting framework console.

Drupwn on offsec.tools
Drupwn

Drupal enumeration & exploitation tool.

dsieve on offsec.tools
dsieve

Filter and enrich a list of subdomains by level.

DTD Finder on offsec.tools
DTD Finder

List DTDs and generate XXE payloads using those local DTDs.

dufflebag on offsec.tools
dufflebag

Search exposed EBS volumes for secrets.

DumpsterDiver on offsec.tools
DumpsterDiver

Tool to search secrets in various filetypes.

dvcs-ripper on offsec.tools
dvcs-ripper

Rip web accessible version control systems: svn, git...

Eagle on offsec.tools
Eagle

Vulnerability scanner for mass detection of web-based applications vulnerabilities.

EDD on offsec.tools
EDD

Ultimate domain enumeration tool.

eLdap-Ldap-Search-and-Filter on offsec.tools
eLdap-Ldap-Search-and-Filter

A tool that helps users searching and filtering queries in Ldap environment.

EMBA on offsec.tools
EMBA

The security analyzer for firmware of embedded devices.

eos on offsec.tools
eos

Enemies Of Symfony - debug mode Symfony looter.

espionage on offsec.tools
espionage

Collects informations related to domains whois, history, dns records and more.

Evil SQL Client on offsec.tools
Evil SQL Client

Interactive .NET SQL console client with enhanced SQL Server discovery/access/exfiltration features.

evil SSDP on offsec.tools
evil SSDP

Spoof SSDP replies to phish for credentials and NetNTLM challenge/response.

exfilkit on offsec.tools
exfilkit

Data exfiltration utility for testing detection capabilities.

ExifTool on offsec.tools
ExifTool

ExifTool meta information reader/writer.

Exploitalert on offsec.tools
Exploitalert

Exploits found on the INTERNET.

Extended SSRF search on offsec.tools
Extended SSRF search

Smart SSRF scanner using different methods like parameter brute forcing in POST and GET.

Extended XSS Searcher and Finder on offsec.tools
Extended XSS Searcher and Finder

Scans for different types of XSS on a list of urls.

extract-endpoints on offsec.tools
extract-endpoints

Extract endpoints from source files.

Eyeballer on offsec.tools
Eyeballer

Convolutional neural network for analyzing pentest screenshots.

EyeWitness on offsec.tools
EyeWitness

Take screenshots of websites, provide server header info and identify default credentials.

ezXSS on offsec.tools
ezXSS

An easy way for penetration testers and bug bounty hunters to test (blind) XSS.

Faraday security on offsec.tools
Faraday security

Open source sulnerability management and orchestration platform.

favicon-hashtrick on offsec.tools
favicon-hashtrick

Python script implementing the favicon hash trick to find subdomains.

fcrackzip on offsec.tools
fcrackzip

Zip password cracker.

FDsploit on offsec.tools
FDsploit

File Inclusion & Directory Traversal fuzzing, enumeration & exploitation tool.

Femida on offsec.tools
Femida

Automated blind-xss search for Burp Suite.

Feroxbuster on offsec.tools
Feroxbuster

A fast, simple, recursive content discovery tool written in Rust.

FestIN on offsec.tools
FestIN

The powered S3 bucket finder and content discover.

ffuf on offsec.tools
ffuf

Fast web fuzzer written in Go.

Fierce on offsec.tools
Fierce

A DNS reconnaissance tool for locating non-contiguous IP space.

#dns  #ips 

Filebuster on offsec.tools
Filebuster

An extremely fast and flexible web fuzzer.

FinDOM-XSS on offsec.tools
FinDOM-XSS

A fast DOM based XSS vulnerability scanner with simplicity.

Findomain on offsec.tools
Findomain

The complete solution for domain recognition.

findsecuritycontacts.com on offsec.tools
findsecuritycontacts.com

Scans the top 500 sites daily for their security.txt file or DNS records.

Findsploit on offsec.tools
Findsploit

Find exploits in local and online databases instantly.

Fingerprinter on offsec.tools
Fingerprinter

CMS/LMS/Library etc Versions Fingerprinter.

fingerprintx on offsec.tools
fingerprintx

Standalone utility for service discovery on open ports!

Firebase-Extractor on offsec.tools
Firebase-Extractor

A tool written in python for scraping firebase data.

FireShodanMap on offsec.tools
FireShodanMap

Realtime map that integrates Firebase, Google Maps and Shodan.

flan on offsec.tools
flan

A pretty sweet vulnerability scanner.

Flow on offsec.tools
Flow

Provides view with filtering capabilities for all requests from all Burp Suite tools.

Fluxion on offsec.tools
Fluxion

Fluxion is the future of MITM WPA attacks.

FOCA on offsec.tools
FOCA

Tool to find metadata and hidden information in the documents.

fprobe on offsec.tools
fprobe

Take a list of domains/subdomains and probe for working http/https server.

Freddy Deserialization Bug Finder on offsec.tools
Freddy Deserialization Bug Finder

A Burp Suite extension to aid in detecting and exploiting serialisation libraries/APIs.

FridaAndroidTracer on offsec.tools
FridaAndroidTracer

Android application tracer powered by Frida.

fuzzagotchi on offsec.tools
fuzzagotchi

A fuzzing tool written in Go. It helps your pentesting journey.

Fuzzapi on offsec.tools
Fuzzapi

Used for REST API pentesting and provide UI solution for gem.

FuzzDB on offsec.tools
FuzzDB

Attack patterns and primitives for black-box application fault injection and resource discovery.

fuzzuli on offsec.tools
fuzzuli

Find critical backup files by creating a dynamic wordlist based on the domain.

GadgetProbe on offsec.tools
GadgetProbe

Probe endpoints consuming Java serialized objects for fingerprinting.

GAP on offsec.tools
GAP

A Burp Suite extension to find potential endpoints and parameters.

gau on offsec.tools
gau

Fetch known URLs from several sources.

gaussrf on offsec.tools
gaussrf

Fetch known URLs from several sources and Filter Urls With OpenRedirection or SSRF Parameters.

GET-ACQ on offsec.tools
GET-ACQ

Gather all companies acquired by a given company domain name.

getJS on offsec.tools
getJS

A tool to fastly get all javascript sources/files.

getsploit on offsec.tools
getsploit

Command line utility for searching and downloading exploits.

gf on offsec.tools
gf

A wrapper around grep to avoid typing common patterns.

Ghauri on offsec.tools
Ghauri

Automates the process of detecting and exploiting SQL injection security flaws.

GHunt on offsec.tools
GHunt

Offensive Google framework.

git-all-secrets on offsec.tools
git-all-secrets

Capture all the git secrets by leveraging multiple open source git searching tools.

git-dumper on offsec.tools
git-dumper

A tool to dump a git repository from a website.

git-vuln-finder on offsec.tools
git-vuln-finder

Find potential software vulnerabilities from git commit messages.

git-wild-hunt on offsec.tools
git-wild-hunt

A tool to hunt for credentials in GitHub wild AKA git*hunt.

GitFive on offsec.tools
GitFive

An OSINT tool to investigate GitHub profiles.

GitGot on offsec.tools
GitGot

Rapidly search through troves of public data on GitHub for sensitive secrets.

gitGraber on offsec.tools
gitGraber

Monitor GitHub to search and find sensitive data in real time.

github-subdomains on offsec.tools
github-subdomains

Find subdomains on GitHub.

GitHunter on offsec.tools
GitHunter

A tool for searching a Git repository for interesting content.

gitjacker on offsec.tools
gitjacker

Leak git repositories from misconfigured websites.

gitlab-subdomains on offsec.tools
gitlab-subdomains

Find subdomains on GitLab.

GitMiner on offsec.tools
GitMiner

Tool for advanced mining for content on Github.

gitpillage on offsec.tools
gitpillage

Extract data from a .git directory.

Gitrob on offsec.tools
Gitrob

Reconnaissance tool for GitHub organizations.

gitscraper on offsec.tools
gitscraper

Scrapes public GitHub repositories for common naming conventions in variables, folders and files.

GitTools on offsec.tools
GitTools

A repository with 3 tools for pwn'ing websites with .git repositories available.

go-dork on offsec.tools
go-dork

The fastest dork scanner written in Go.

GoAltdns on offsec.tools
GoAltdns

A permutation generation tool written in golang.

Gobuster on offsec.tools
Gobuster

Directory/File, DNS and VHost busting tool written in Go.

GoCloud on offsec.tools
GoCloud

Checks whether a domain is hosted on a cloud service.

GoLinkFinder on offsec.tools
GoLinkFinder

A fast and minimal JS endpoint extractor.

Gopherus on offsec.tools
Gopherus

Generates gopher link for exploiting SSRF and gaining RCE in various servers.

gospider on offsec.tools
gospider

Fast web spider written in Go.

gotator on offsec.tools
gotator

Generates DNS wordlists through permutations.

gowitness on offsec.tools
gowitness

A golang, web screenshot utility using Chrome Headless.

grafana-ssrf on offsec.tools
grafana-ssrf

Authenticated SSRF in Grafana.

GraphQL Beautifier on offsec.tools
GraphQL Beautifier

Burp Suite extension to help make Graphql request more readable.

GraphQL Threat Matrix on offsec.tools
GraphQL Threat Matrix

Threat framework to research security gaps in GraphQL implementations.

graphql-introspection-analyzer on offsec.tools
graphql-introspection-analyzer

Graphql introspection query analyzer.

graphql-path-enum on offsec.tools
graphql-path-enum

Lists the different ways of reaching a given type in a GraphQL schema.

GraphQLmap on offsec.tools
GraphQLmap

Scripting engine to interact with a graphql endpoint for pentesting purposes.

graphw00f on offsec.tools
graphw00f

GraphQL Server Engine Fingerprinting utility for software security professionals.

GrayhatWarfare on offsec.tools
GrayhatWarfare

Search for buckets and URL shorteners.

GRecon on offsec.tools
GRecon

Run a Google based passive recon against your scope.

grep.app on offsec.tools
grep.app

Searches code from over a half million public repositories on GitHub.

Ground control on offsec.tools
Ground control

A collection of scripts mainly for debugging SSRF, blind XSS, and XXE vulnerabilities.

GSAN on offsec.tools
GSAN

Extract subdomains from SSL certificates in HTTPS sites.

gwdomains on offsec.tools
gwdomains

Sub domain wild card filtering tool.

GyoiThon on offsec.tools
GyoiThon

Growing penetration test tool using Machine Learning.

H1 Report Finder on offsec.tools
H1 Report Finder

A burpsuite extension to find security reports published on HackerOne based on the selected host.

h1-search on offsec.tools
h1-search

Request the public disclosures on a specific HackerOne program.

h2cSmuggler on offsec.tools
h2cSmuggler

HTTP Request Smuggling over HTTP/2 Cleartext.

Hackability on offsec.tools
Hackability

Probe a rendering engine for vulnerabilities and other features.

Hacker101 on offsec.tools
Hacker101

A free class for web security.

Hackingtool on offsec.tools
Hackingtool

ALL IN ONE Hacking Tool For Hackers.

Hackvertor on offsec.tools
Hackvertor

Tag based conversion tool written in Java implemented as a Burp Suite extension.

Hakrawler on offsec.tools
Hakrawler

Simple, fast web crawler designed for discovery of endpoints and assets within a web application.

hakrevdns on offsec.tools
hakrevdns

Small, fast tool for performing reverse DNS lookups en masse.

haktldextract on offsec.tools
haktldextract

Extract domains/subdomains from URLs en masse.

Hamburglar on offsec.tools
Hamburglar

Collect useful information from urls, directories, and files.

Hash Buster on offsec.tools
Hash Buster

Crack hashes in seconds.

Hashcat on offsec.tools
Hashcat

World's fastest and most advanced password recovery utility

Have i been pwned? on offsec.tools
Have i been pwned?

Check if your email or phone is in a data breach.

Hawkeye on offsec.tools
Hawkeye

Filesystem analysis tool/directory looking for interesting stuff.

headi on offsec.tools
headi

Customisable and automated HTTP header injection.

Headless Burp on offsec.tools
Headless Burp

Provides a suite of extensions and a maven plugin to automate security tests using Burp Suite.

Highlighter and Extractor on offsec.tools
Highlighter and Extractor

Collect, categorize and highlight requests and/or responses according to their content.

HostileSubBruteforcer on offsec.tools
HostileSubBruteforcer

Bruteforce existing subdomains and provide informations about them.

House on offsec.tools
House

A runtime mobile application analysis toolkit with a Web GUI.

HTTP Request Smuggler on offsec.tools
HTTP Request Smuggler

Extension for Burp Suite designed to help you launch HTTP Request Smuggling attacks.

http-request-smuggling on offsec.tools
http-request-smuggling

HTTP Request Smuggling Detection Tool.

HTTPoxy Scanner on offsec.tools
HTTPoxy Scanner

A Burp Suite extension that checks for the HTTPoxy vulnerability.

httprebind on offsec.tools
httprebind

Automatic tool for DNS rebinding-based SSRF attacks.

httprobe on offsec.tools
httprobe

Take a list of domains and probe for working HTTP and HTTPS servers.

httpscreenshot on offsec.tools
httpscreenshot

Grabs screenshots and HTML of large numbers of websites.

httpx on offsec.tools
httpx

HTTP toolkit that allows running multiple probes using the retryablehttp library.

Hydra on offsec.tools
Hydra

Very fast password cracking tool.

IDontSpeakSSL on offsec.tools
IDontSpeakSSL

Simple tool to scan large scope and provide SSL/TLS vulnerabilities.

Injectify on offsec.tools
Injectify

Perform advanced MiTM attacks on websites with ease.

Injectus on offsec.tools
Injectus

CRLF and open redirect fuzzer.

InQL on offsec.tools
InQL

Burp Extension for GraphQL Security Testing.

IntelSpy on offsec.tools
IntelSpy

Perform automated network reconnaissance scans to gather network intelligence.

interactsh on offsec.tools
interactsh

An OOB interaction gathering server and client library

#oob 

Interlace on offsec.tools
Interlace

Turn single threaded command line applications into a fast, multi-threaded application.

IntruderPayloads on offsec.tools
IntruderPayloads

Payloads, fuzz lists, malicious file uploads and web pentesting methodologies and checklists.

IPRotate on offsec.tools
IPRotate

Extension for Burp Suite which uses AWS API Gateway to rotate your IP on every request.

J2EEScan on offsec.tools
J2EEScan

Improve the test coverage during web application penetration tests on J2EE applications.

Jaeles on offsec.tools
Jaeles

The Swiss Army knife for automated Web Application Testing

Java Deserialization Scanner on offsec.tools
Java Deserialization Scanner

All-in-one plugin for the detection and exploitation of Java deserialization vulnerabilities.

John The Ripper on offsec.tools
John The Ripper

Password cracker tool.

jok3r on offsec.tools
jok3r

Network and Web Pentest Automation Framework.

JoomScan on offsec.tools
JoomScan

OWASP Joomla Vulnerability Scanner Project.

JOSEPH on offsec.tools
JOSEPH

JavaScript Object Signing and Encryption Pentesting Helper.

JS-Scan on offsec.tools
JS-Scan

A .js scanner, built in PHP, designed to scrape urls and other info.

JSgen on offsec.tools
JSgen

Generate javascript code to be injected in case you find a Server Side Javascript Injection.

JSONBeautifier on offsec.tools
JSONBeautifier

JSON Beautifier for Burp written in Java.

JSONBee on offsec.tools
JSONBee

A ready to use JSONP endpoints/payloads to help bypass Content Security Policy.

JSParser on offsec.tools
JSParser

Python script to parse relative URLs from JavaScript files.

jSQL Injection on offsec.tools
jSQL Injection

Java application for automatic SQL database injection.

JSShell on offsec.tools
JSShell

An interactive multi-user web JS shell.

JWT cracker on offsec.tools
JWT cracker

JWT brute force cracker written in C.

JWT Key ID Injector on offsec.tools
JWT Key ID Injector

Simple python script to check against hypothetical JWT vulnerability.

JWT Tool on offsec.tools
JWT Tool

A toolkit for testing, tweaking and cracking JSON Web Tokens.

jwt-hack on offsec.tools
jwt-hack

JWT encoding/decoding, generates payloads for JWT attack and very fast cracking.

jwt-heartbreaker on offsec.tools
jwt-heartbreaker

Burp Suite extension to check JWT for using keys from known from public sources.

JWT4B on offsec.tools
JWT4B

JWT Support for Burp Suite.

jwtear on offsec.tools
jwtear

Modular command-line tool to parse, create and manipulate JWT tokens.

JWTweak on offsec.tools
JWTweak

Detects JWT algorithm and provides options to generate a new JWT based on another algorithm.

Kadimus on offsec.tools
Kadimus

Check for and exploit LFI vulnerabilities with a focus on PHP systems.

katana on offsec.tools
katana

A next-generation crawling and spidering framework.

Keyfinder on offsec.tools
Keyfinder

Find and analyze private/public key files and Android APK files.

kicks3 on offsec.tools
kicks3

S3 bucket finder from html,js and bucket misconfiguration testing tool.

Knockpy on offsec.tools
Knockpy

Knock Subdomain Scan.

Knoxnl on offsec.tools
Knoxnl

This is a python wrapper around the amazing KNOXSS.

KNOXSS on offsec.tools
KNOXSS

Online XSS tool with demonstration of vulnerability.

kxss on offsec.tools
kxss

Adaption of tomnomnom's kxss tool with a different output format.

LazyHunter on offsec.tools
LazyHunter

A framework that provides a web UI to commonly used Bug Hunting/Pentesting tools.

lazys3 on offsec.tools
lazys3

Ruby script to bruteforce for AWS s3 buckets using different permutations.

LeakLooker-X on offsec.tools
LeakLooker-X

Discover, browse and monitor database/source code leaks.

leakScraper on offsec.tools
leakScraper

Set of tools to process and visualize huge text files containing credentials.

Legion on offsec.tools
Legion

Aids in discovery, reconnaissance and exploitation of information systems.

LFI Suite on offsec.tools
LFI Suite

Totally Automatic LFI Exploiter and Scanner.

LFI-Enum on offsec.tools
LFI-Enum

Scripts to execute enumeration via LFI