offsec.tools

A vast collection of security tools for bug bounty, pentest and red teaming

Go to offsec.tools

Tools featured this week

A framework including all the tools that work on Windows.

A simple CORS misconfiguration scanner.

Used for REST API pentesting and provide UI solution for gem.

Intelligence tool to do OSINT tasks and more but without any API key.

Salesforce lightning recon and exploitation tool.

Simple latest CVE collector written in Python.

Fully customizable Windows-based pentesting virtual machine distribution.

Runs a scan using Dastardly by Burp Suite against a target site and generates a report.

Payload toolkit for bypassing EDRs using suspended processes, direct syscalls written.

Searches for automated subdomain enumeration and runs SQLi tests.

	OpenBuckets
	Online platform for finding open buckets in cloud storage systems effortlessly.

	BucketLoot
	An automated S3-compatible bucket inspector.

	Certipy
	Active Directory Certificate Services enumeration and abuse.

	MANSPIDER
	Spider entire networks for juicy files sitting on SMB shares.

	NetExec
	Network service exploitation tool that helps automate assessing the security of large networks.

	tun2socks
	Handle all network traffic of any internet programs sent by the device through a proxy.

	HEKATOMB
	Connects to LDAP directory to retrieve all computers and users informations.

	Commando VM
	Fully customizable Windows-based pentesting virtual machine distribution.

	SharPersist
	Windows persistence toolkit written in C#.

	mitm6
	pwning IPv4 via IPv6.

	msfpc
	A quick way to generate various basic Meterpreter payloads via MSFvenom.

	crowbar
	Brute forcing tool that support several uncommon protocols.

Go to offsec.tools