![](https://assets.offsec.tools/tools/sqlmutant-1272.png) |
SQLMutant |
Searches for automated subdomain enumeration and runs SQLi tests. |
|
|
![](https://assets.offsec.tools/tools/terminatorz-5341.png) |
TerminatorZ |
Scan for top potential vulnerabilities with known CVEs in your web applications. |
|
|
![](https://assets.offsec.tools/tools/ssrfpwned-3274.png) |
SSRFPwned |
Checks for SSRF using custom payloads after fetching URLs from sources & applying complex patterns. |
|
|
![](https://assets.offsec.tools/tools/scopehunter-4131.png) |
ScopeHunter |
Command-line tool for finding in-scope targets for bug bounty programs. |
|
|
![](https://assets.offsec.tools/tools/ciphey-1500.png) |
Ciphey |
Automates decryptions & decodings with encodings, classical ciphers, hashes, or more. |
|
|
![](https://assets.offsec.tools/tools/sdbf-1882.png) |
SDBF |
Smart DNS Brute Forcer. |
|
|
![](https://assets.offsec.tools/tools/invoke-psimage-8970.png) |
Invoke-PSImage |
Encodes a PowerShell script in the pixels of a PNG file and generates a oneliner to execute. |
|
|
![](https://assets.offsec.tools/tools/invoke-wcmdump-3373.png) |
Invoke-WCMDump |
PowerShell script to dump Windows credentials from the Credential Manager. |
|
|
![](https://assets.offsec.tools/tools/invoke-bsod-2759.png) |
Invoke-BSOD |
For when you want a computer to be done - without admin!. |
|
|
|
|
![](https://assets.offsec.tools/tools/carboncopy-7919.jpeg) |
CarbonCopy |
Creates a spoofed certificate of any online website and signs an executable for AV evasion. |
|
|
![](https://assets.offsec.tools/tools/psbypassclm-6073.jpeg) |
PSByPassCLM |
Bypass for PowerShell Constrained Language Mode. |
|
|
![](https://assets.offsec.tools/tools/powershdll-7169.png) |
PowerShdll |
Run PowerShell with rundll32 in order to bypass software restrictions. |
|
|
|
|
|
|
|
|
|
|
![](https://assets.offsec.tools/tools/dumpert-8777.png) |
Dumpert |
LSASS memory dumper using direct system calls and API unhooking. |
|
|
![](https://assets.offsec.tools/tools/mimikittenz-9237.png) |
mimikittenz |
A post-exploitation powershell tool for extracting juicy info from memory. |
|
|
![](https://assets.offsec.tools/tools/sub404-3022.png) |
sub404 |
A fast tool to check subdomain takeover vulnerability. |
|
|
![](https://assets.offsec.tools/tools/nmapify-9290.png) |
NMapify |
Quickly and accurately create a visual representation of their Nmap output. |
|
|
|
|
![](https://assets.offsec.tools/tools/scarecrow-6854.png) |
ScareCrow |
Payload creation framework designed around EDR bypass. |
|
|
![](https://assets.offsec.tools/tools/h8mail-3769.gif) |
h8mail |
Powerful and user-friendly password hunting tool. |
|
|
![](https://assets.offsec.tools/tools/ffufpostprocessing-3709.png) |
ffufPostprocessing |
Golang tool which helps dropping the irrelevant entries from your ffuf result file. |
|
|