![](https://assets.offsec.tools/tools/lazypariah-8435.png) |
LAZYPARIAH |
Generate reverse shell payloads on the fly. |
|
|
![](https://assets.offsec.tools/tools/o365recon-8989.png) |
o365recon |
Retrieve information via O365 and AzureAD with valid credentials. |
|
|
![](https://assets.offsec.tools/tools/lyncsmash-7192.png) |
lyncsmash |
Locate and attack Lync and Skype for Business. |
|
|
![](https://assets.offsec.tools/tools/trurl-7177.png) |
trurl |
Command line tool for URL parsing and manipulation. |
|
|
![](https://assets.offsec.tools/tools/athena-os-3331.png) |
Athena OS |
Arch Linux-based distro focused on Cybersecurity. Learn, practice and enjoy with any hacking tool! |
|
|
![](https://assets.offsec.tools/tools/aem-detector-2276.png) |
aem-detector |
Discover Adobe Experience Manager (AEM) Content Management System (CMS) websites. |
|
|
![](https://assets.offsec.tools/tools/alterx-8368.png) |
alterx |
Fast and customizable subdomain wordlist generator using DSL. |
|
|
![](https://assets.offsec.tools/tools/r3c0nizer-2515.png) |
R3C0Nizer |
The first ever CLI based menu-driven web application B-Tier recon framework. |
|
|
![](https://assets.offsec.tools/tools/osintui-3449.png) |
OSINTui |
OSINT from your favorite services in a friendly terminal user interface. |
|
|
![](https://assets.offsec.tools/tools/ncrack-5350.png) |
ncrack |
Open source tool for network authentication cracking. |
|
|
![](https://assets.offsec.tools/tools/phpsploit-5534.png) |
phpsploit |
Full-featured C2 framework which silently persists on webserver with a single-line PHP backdoor. |
|
|
![](https://assets.offsec.tools/tools/kerberoast-6676.png) |
kerberoast |
Series of tools for attacking MS Kerberos implementations. |
|
|
![](https://assets.offsec.tools/tools/barmie-5067.png) |
BaRMIe |
Enumerating and attacking Java RMI (Remote Method Invocation) services. |
|
|
![](https://assets.offsec.tools/tools/poshc2-8410.png) |
PoshC2 |
A proxy aware C2 framework used to aid with post-exploitation and lateral movement. |
|
|
|
|
![](https://assets.offsec.tools/tools/powerupsql-6172.png) |
PowerUpSQL |
A PowerShell toolkit for attacking SQL Server. |
|
|
![](https://assets.offsec.tools/tools/microburst-9888.png) |
MicroBurst |
A collection of scripts for assessing Microsoft Azure security. |
|
|
![](https://assets.offsec.tools/tools/dnsmorph-4045.gif) |
DNSMORPH |
Domain name permutation engine written in Go. |
|
|
![](https://assets.offsec.tools/tools/dnstwist-1160.gif) |
dnstwist |
Domain name permutation engine for detecting several types of attacks. |
|
|
![](https://assets.offsec.tools/tools/ssh-auditor-2041.png) |
ssh-auditor |
The best way to scan for weak ssh passwords on your network. |
|
|
|
|
![](https://assets.offsec.tools/tools/t14m4t-1087.png) |
t14m4t |
Automated brute-forcing attack tool. |
|
|
![](https://assets.offsec.tools/tools/vcsmap-5197.png) |
vcsmap |
Plugin-based tool to scan public version control systems for sensitive information. |
|
|
|
|
|
|
|
|
|
|
![](https://assets.offsec.tools/tools/autopwn-5618.png) |
autopwn |
Specify targets and run sets of tools against them. |
|
|
|
|
![](https://assets.offsec.tools/tools/sshlooter-3275.png) |
sshLooter |
Script to steal passwords from ssh. |
|
|
![](https://assets.offsec.tools/tools/ghidra-7231.png) |
ghidra |
Software reverse engineering (SRE) framework. |
|
|
![](https://assets.offsec.tools/tools/socialpwned-9503.png) |
SocialPwned |
Allows to get the emails from a target published in social networks to find possible credentials. |
|
|
![](https://assets.offsec.tools/tools/lsassy-5141.png) |
lsassy |
Python tool to remotely extract credentials on a set of hosts. |
|
|