A vast collection of security tools for bug bounty, pentest and red teaming

#exploits

102 results
Shells on offsec.tools
Sponsor
Shells

A script for generating common revshells fast and easily.

#exploits   #rce   #shell  

mimikittenz on offsec.tools
mimikittenz

A post-exploitation powershell tool for extracting juicy info from memory.

#exploits   #memory   #secrets   #windows  

PowerShdll on offsec.tools
PowerShdll

Run PowerShell with rundll32 in order to bypass software restrictions.

#exploits   #payloads   #powershell   #windows  

PSByPassCLM on offsec.tools
PSByPassCLM

Bypass for PowerShell Constrained Language Mode.

#exploits   #payloads   #powershell   #windows  

Invoke-BSOD on offsec.tools
Invoke-BSOD

For when you want a computer to be done - without admin!.

#bsod   #exploits   #windows  

Invoke-PSImage on offsec.tools
Invoke-PSImage

Encodes a PowerShell script in the pixels of a PNG file and generates a oneliner to execute.

#exploits   #images   #payloads  

unix-privesc-check on offsec.tools
unix-privesc-check

Shell script to check for simple privilege escalation vectors on Unix systems.

#exploits   #privesc   #unix  

windows-privesc-check on offsec.tools
windows-privesc-check

Standalone executable to check for simple privilege escalation vectors.

#exploits   #privesc   #windows  

VBad on offsec.tools
VBad

VBA obfuscation tools combined with an MS Office document generator .

#documents   #exploits   #obfuscation   #office  

PowerSploit on offsec.tools
PowerSploit

A PowerShell Post-Exploitation Framework.

#exploits   #privesc   #rce   #shell   #windows  

FakeImageExploiter on offsec.tools
FakeImageExploiter

Use a Fake image.jpg to exploit targets (hide known file extensions).

#exploits   #images  

Vegile on offsec.tools
Vegile

Post exploitation tool to maintain some level of acces.

#access   #backdoor   #exploits   #postexploitation  

Phishery on offsec.tools
Phishery

An SSL enabled basic auth credential harvester with a Word document template URL injector.

#credentials   #documents   #exploits   #phishing   #word  

upload_bypass on offsec.tools
upload_bypass

File upload restrictions bypass by using different techniques!

#bypass   #exploits   #fileupload   #payloads  

Kwetza on offsec.tools
Kwetza

Infect an existing Android application with a Meterpreter payload.

#android   #exploits   #metasploit   #meterpreter   #mobile   #payloads  

reGeorg on offsec.tools
reGeorg

Pwn a bastion webserver and create SOCKS proxies through the DMZ.

#exploits   #http   #rce   #shell   #tunnel  

reDuh on offsec.tools
reDuh

Create a TCP circuit through validly formed HTTP requests.

#exploits   #http   #rce   #shell   #tunnel  

linuxprivchecker on offsec.tools
linuxprivchecker

A Linux privilege escalation check script.

#exploits   #linux   #privesc  

Snaffler on offsec.tools
Snaffler

A tool to help at finding delicious candy needles in a bunch of horrible boring haystacks.

#activedirectory   #exploits   #privesc   #windows  

Responder on offsec.tools
Responder

Responder is a LLMNR, NBT-NS and MDNS poisoner.

#dns   #exploits   #ftp   #hash   #ldap   #mssql   #passwords   #samba   #windows  

weevely3 on offsec.tools
weevely3

Weaponized web shell.

#exploits   #http   #php   #rce   #shell  

SUDO_KILLER on offsec.tools
SUDO_KILLER

A tool to identify and exploit sudo rules misconfigurations and vulnerabilities.

#exploits   #privesc   #rce   #root   #sudo  

BetterBackdoor on offsec.tools
BetterBackdoor

A backdoor with a multitude of features.

#backdoor   #exploits  

TrevorC2 on offsec.tools
TrevorC2

A legitimate website that tunnels client/server communications for covert command execution.

#c2c   #exploits   #tunnel  

Vulmap on offsec.tools
Vulmap

Online local vulnerability scanners project.

#cves   #exploits   #scanner   #vulnerabilities  

bypass-url-parser on offsec.tools
bypass-url-parser

Tool that tests MANY url bypasses to reach a 40X protected page.

#bypass   #exploits  

Villain on offsec.tools
Villain

Backdoor generator and multi-session handler for sibling servers and sessions sharing.

#backdoor   #exploits   #shell  

SpoolSploit on offsec.tools
SpoolSploit

Collection of Windows print spooler exploits and other utilities for practical exploitation.

#exploits   #printer  

PayGen on offsec.tools
PayGen

Tool to generate stable undetected payload.

#exploits   #payloads  

ShellPop on offsec.tools
ShellPop

Pop shells like a master.

#exploits   #privesc   #rce   #shell  

awesome-cve-poc on offsec.tools
awesome-cve-poc

A collection about Proof of Concepts of Common Vulnerabilities and Exposures.

#cves   #exploits   #poc   #resources   #vulnerabilities  

reapoc on offsec.tools
reapoc

OpenSource Poc && Vulnerable-Target Storage Box.

#cves   #exploits   #poc   #resources   #vulnerabilities  

yersinia on offsec.tools
yersinia

A framework for layer 2 attacks.

#dos   #exploits   #network   #protocols  

Core Impact on offsec.tools
Core Impact

Designed to enable security teams to conduct advanced penetration tests with ease.

#allinone   #cves   #exploits   #reports   #scanner   #vulnerabilities  

GitHacker on offsec.tools
GitHacker

A Git source leak exploit tool that restores the entire Git repository, including data from stash.

#codeanalysis   #exploits   #git  

XSSRocket on offsec.tools
XSSRocket

Written by Black Hat Ethical Hacking and #ChatGPT for offensive security and XSS attacks.

#exploits   #payloads   #xss  

Ronin on offsec.tools
Ronin

A free and open source Ruby toolkit for security research and development.

#allinone   #asn   #dns   #exploits   #ips   #payloads   #scanner  

Canvas on offsec.tools
Canvas

Assessment tool that allows penetration testing and hostile attack simulations.

#allinone   #exploits   #framework  

WES-NG on offsec.tools
WES-NG

Windows Exploit Suggester - Next Generation.

#cves   #exploits   #metasploit   #windows  

IntelSpy on offsec.tools
IntelSpy

Perform automated network reconnaissance scans to gather network intelligence.

#exploits   #ips   #ports   #probing   #recon   #reports   #scanner   #subdomains  

AdvancedKeyHacks on offsec.tools
AdvancedKeyHacks

API Key/Token Exploitation Made easy.

#exploits   #secrets  

Linux Exploit Suggester on offsec.tools
Linux Exploit Suggester

Based on operating system release number.

#cves   #exploits   #linux  

Windows Exploit Suggester on offsec.tools
Windows Exploit Suggester

Compares target patch levels against the Microsoft vulnerability DB to detect missing patches.

#cves   #exploits   #metasploit   #windows  

windows-kernel-exploits on offsec.tools
windows-kernel-exploits

A list of Windows kernel exploits.

#cves   #exploits   #kernel   #resources   #windows  

Print-My-Shell on offsec.tools
Print-My-Shell

Automate the process of generating various reverse shells.

#exploits   #privesc   #shell  

DroneSploit on offsec.tools
DroneSploit

Drone pentesting framework console.

#drone   #exploits   #framework   #iot  

SharpImpersonation on offsec.tools
SharpImpersonation

A User Impersonation tool - via Token or Shellcode injection.

#exploits   #windows  

WinPwn on offsec.tools
WinPwn

Automation for internal Windows pentest / AD-Security.

#activedirectory   #cves   #exploits   #windows  

pwncat on offsec.tools
pwncat

Netcat on steroids with many extra features.

#exploits   #privesc   #shell  

Rubeus on offsec.tools
Rubeus

Rubeus is a toolkit for Kerberos interaction and abuses.

#activedirectory   #auth   #exploits   #windows  

malicious-pdf on offsec.tools
malicious-pdf

Generates a bunch of malicious pdf files with phone-home functionality.

#burpsuite   #exploits   #pdf   #phones  

AutoSploit on offsec.tools
AutoSploit

Automated Mass Exploiter.

#automation   #censys   #exploits   #metasploit   #rce   #shell   #shodan  

Hawkeye on offsec.tools
Hawkeye

Filesystem analysis tool/directory looking for interesting stuff.

#backups   #exploits   #files   #logs   #privesc   #secrets  

barq on offsec.tools
barq

The AWS Cloud Post Exploitation framework!

#aws   #cloud   #exploits   #framework  

RouterSploit on offsec.tools
RouterSploit

Exploitation framework for embedded devices.

#exploits   #framework   #passwords   #payloads   #routers   #scanner  

GyoiThon on offsec.tools
GyoiThon

Growing penetration test tool using Machine Learning.

#cloud   #crawler   #dorks   #exploits   #ssl   #subdomains  

Kadimus on offsec.tools
Kadimus

Check for and exploit LFI vulnerabilities with a focus on PHP systems.

#exploits   #lfi   #vulnerabilities  

RevShells on offsec.tools
RevShells

Hosted Reverse Shell generator with a ton of functionality.

#exploits   #rce   #shell  

Exploitalert on offsec.tools
Exploitalert

Exploits found on the INTERNET.

#cves   #exploits   #resources   #vulnerabilities  

The Exploit Database on offsec.tools
The Exploit Database

Archive of public exploits and corresponding vulnerable software.

#cves   #exploits   #resources   #vulnerabilities  

Betterscan on offsec.tools
Betterscan

Code Scanning/SAST/static analysis/linting using many tools/scanners with one report.

#cloud   #codeanalysis   #cves   #exploits   #malwares   #reports   #sbom   #scanner   #secrets  

Hackingtool on offsec.tools
Hackingtool

ALL IN ONE Hacking Tool For Hackers.

#allinone   #exploits   #framework   #network   #osint   #payloads   #secrets   #sqli   #subdomains   #wifi   #wordlists   #xss  

Payloads All The Things on offsec.tools
Payloads All The Things

A list of useful payloads and bypass for Web Application Security.

#bypass   #exploits   #payloads   #resources  

SearchSploit on offsec.tools
SearchSploit

Cli tool for Exploit-DB that also allows you to take a copy of Exploit Database with you.

#cves   #exploits  

Findsploit on offsec.tools
Findsploit

Find exploits in local and online databases instantly.

#exploits  

getsploit on offsec.tools
getsploit

Command line utility for searching and downloading exploits.

#exploits  

lnkbomb on offsec.tools
lnkbomb

Malicious shortcut generator for collecting NTLM hashes from insecure file shares.

#exploits   #passwords   #smb  

Shadow Workers on offsec.tools
Shadow Workers

C2 and proxy designed to help in the exploitation of XSS and malicious Service Workers.

#exploits   #xss  

JSShell on offsec.tools
JSShell

An interactive multi-user web JS shell.

#exploits   #javascript   #shell   #xss  

XSpear on offsec.tools
XSpear

Powerfull XSS Scanning and Parameter analysis tool&gem.

#exploits   #parameters   #scanner   #vulnerabilities   #xss  

XSSer on offsec.tools
XSSer

Automatic framework to detect, exploit and report XSS vulnerabilities in web-based applications.

#exploits   #framework   #scanner   #vulnerabilities   #xss  

XSS Hunter Express on offsec.tools
XSS Hunter Express

The fastest way to set up XSS Hunter to test and find blind XSS vulnerabilities.

#exploits   #oob   #xss  

XSS'OR on offsec.tools
XSS'OR

Hack with JavaScript.

#exploits   #payloads   #vulnerabilities   #xss  

metahttp on offsec.tools
metahttp

Script that automates the scanning of a target network for HTTP resources through XXE.

#exploits   #scanner   #xxe  

oxml_xxe on offsec.tools
oxml_xxe

Embeds XXE/XML exploits into different filetypes.

#exploits   #payloads   #xxe  

XXEinjector on offsec.tools
XXEinjector

Exploitation of XXE vulnerability using direct and different out of band methods.

#exploits   #oob   #xxe  

XXExploiter on offsec.tools
XXExploiter

Tool to help exploit XXE vulnerabilities.

#exploits   #xxe  

LFI-Enum on offsec.tools
LFI-Enum

Scripts to execute enumeration via LFI

#exploits   #lfi  

Burp-to-SQLMap on offsec.tools
Burp-to-SQLMap

Performing SQLInjection test on Burp Suite Bulk Requests using SQLMap.

#bursuite   #exploits   #sqli   #vulnerabilities  

Evil SQL Client on offsec.tools
Evil SQL Client

Interactive .NET SQL console client with enhanced SQL Server discovery/access/exfiltration features.

#data   #dotnet   #exploits   #mssql   #scanner   #shell   #sqli   #sqlserver  

grafana-ssrf on offsec.tools
grafana-ssrf

Authenticated SSRF in Grafana.

#azure   #cloud   #exploits   #google   #grafana   #ssrf  

Gopherus on offsec.tools
Gopherus

Generates gopher link for exploiting SSRF and gaining RCE in various servers.

#exploits   #rce   #shell   #ssrf   #vulnerabilities  

SSRFmap on offsec.tools
SSRFmap

Automatic SSRF fuzzer and exploitation tool.

#exploits   #fuzzing   #ssrf   #vulnerabilities  

Requests-Racer on offsec.tools
Requests-Racer

Exploit race conditions in web apps with Requests.

#exploits   #racecondition   #vulnerabilities  

Oralyzer on offsec.tools
Oralyzer

Open Redirection Analyzer.

#exploits   #fuzzing   #openredirect   #vulnerabilities  

ysoserial on offsec.tools
ysoserial

Generates payloads that exploit unsafe Java object deserialization.

#deserialization   #exploits   #java   #payloads  

LFI Suite on offsec.tools
LFI Suite

Totally Automatic LFI Exploiter and Scanner.

#exploits   #lfi   #shell   #vulnerabilities  

Liffy on offsec.tools
Liffy

Local file inclusion exploitation tool.

#exploits   #lfi   #vulnerabilities  

XSRFProbe on offsec.tools
XSRFProbe

The Prime Cross Site Request Forgery Audit and Exploitation Toolkit.

#audit   #csrf   #exploits   #vulnerabilities  

BeEF on offsec.tools
BeEF

The Browser Exploitation Framework is a penetration testing tool that focuses on the web browser.

#browser   #exploits   #framework   #vulnerabilities   #xss  

Nginxpwner on offsec.tools
Nginxpwner

Simple tool to look for common Nginx misconfigurations and vulnerabilities.

#exploits   #scanner  

sns on offsec.tools
sns

IIS shortname scanner written in Go.

#exploits   #iis   #scanner  

Metasploit on offsec.tools
Metasploit

The world’s most used penetration testing framework.

#allinone   #cves   #exploits   #framework   #network   #scanner  

Ghauri on offsec.tools
Ghauri

Automates the process of detecting and exploiting SQL injection security flaws.

#exploits   #sqli   #vulnerabilities  

Wapiti on offsec.tools
Wapiti

The web-application vulnerability scanner.

#allinone   #exploits   #fuzzing   #scanner  

sqlmap on offsec.tools
sqlmap

Automatic SQL injection and database takeover tool.

#exploits   #sqli   #vulnerabilities  

gitpillage on offsec.tools
gitpillage

Extract data from a .git directory.

#exploits   #git  

XSStrike on offsec.tools
XSStrike

Most advanced XSS scanner.

#exploits   #vulnerabilities   #xss  

DalFox on offsec.tools
DalFox

Powerful open source XSS scanning tool and parameter analyzer, utility.

#exploits   #vulnerabilities   #xss  

Commix on offsec.tools
Commix

Automated All-in-One OS Command Injection Exploitation Tool.

#exploits   #rce   #vulnerabilities  

git-dumper on offsec.tools
git-dumper

A tool to dump a git repository from a website.

#exploits   #git  

Drupwn on offsec.tools
Drupwn

Drupal enumeration & exploitation tool.

#cms   #drupal   #exploits