#exploits

Shells on offsec.tools
Sponsor
Shells

A script for generating common revshells fast and easily.

Payloads All The Things on offsec.tools
Featured
Payloads All The Things

A list of useful payloads and bypass for Web Application Security.

ufonet on offsec.tools
ufonet

Denial of Service Toolkit.

fuxploider on offsec.tools
fuxploider

File upload vulnerability scanner and exploitation tool.

BloodHound on offsec.tools
BloodHound

Six Degrees of Domain Admin.

cve on offsec.tools
cve

Gather and update all available and newest CVEs with their PoC.

P4wnP1 A.L.O.A. on offsec.tools
P4wnP1 A.L.O.A.

Turn a Rapsberry Pi Zero W into a flexible, low-cost platform for pentesting, red teaming or PE.

HTSHELLS on offsec.tools
HTSHELLS

Self contained web shells and other attacks via .htaccess files.

Shellcrypt on offsec.tools
Shellcrypt

A QoL tool to obfuscate shellcode.

DNSExfiltrator on offsec.tools
DNSExfiltrator

Data exfiltration over DNS request covert channel.

toxssin on offsec.tools
toxssin

Open-source penetration testing tool that automates the process of exploiting XSS.

JNDI-Injection-Exploit on offsec.tools
JNDI-Injection-Exploit

Generates JNDI links can start several servers to exploit JNDI Injection vulnerabilities.

DripLoader on offsec.tools
DripLoader

Evasive shellcode loader for bypassing injection detection.

Nishang on offsec.tools
Nishang

Offensive PowerShell for red team, penetration testing and offensive security.

unicorn on offsec.tools
unicorn

Simple tool for using a PowerShell downgrade attack and inject shellcode into memory.

Hades on offsec.tools
Hades

Go shellcode loader that combines multiple evasion techniques.

gef on offsec.tools
gef

A modern experience for GDB with advanced debugging capabilities.

PyShell on offsec.tools
PyShell

Multiplatform Python webshell.

Kraken on offsec.tools
Kraken

A modular multi-language webshell.

Mimicry on offsec.tools
Mimicry

A dynamic deception tool that actively deceives an attacker.

Reverse Shell Generator on offsec.tools
Reverse Shell Generator

A tool to generate various ways to do a reverse shell.

phpsploit on offsec.tools
phpsploit

Full-featured C2 framework which silently persists on webserver with a single-line PHP backdoor.

LAZYPARIAH on offsec.tools
LAZYPARIAH

Generate reverse shell payloads on the fly.

Storm breaker on offsec.tools
Storm breaker

Social engineering tool, access eebcam & microphone & location finder.

mimikittenz on offsec.tools
mimikittenz

A post-exploitation powershell tool for extracting juicy info from memory.

PowerShdll on offsec.tools
PowerShdll

Run PowerShell with rundll32 in order to bypass software restrictions.

PSByPassCLM on offsec.tools
PSByPassCLM

Bypass for PowerShell Constrained Language Mode.

Invoke-BSOD on offsec.tools
Invoke-BSOD

For when you want a computer to be done - without admin!.

Invoke-PSImage on offsec.tools
Invoke-PSImage

Encodes a PowerShell script in the pixels of a PNG file and generates a oneliner to execute.

unix-privesc-check on offsec.tools
unix-privesc-check

Shell script to check for simple privilege escalation vectors on Unix systems.

windows-privesc-check on offsec.tools
windows-privesc-check

Standalone executable to check for simple privilege escalation vectors.

VBad on offsec.tools
VBad

VBA obfuscation tools combined with an MS Office document generator .

PowerSploit on offsec.tools
PowerSploit

A PowerShell Post-Exploitation Framework.

FakeImageExploiter on offsec.tools
FakeImageExploiter

Use a Fake image.jpg to exploit targets (hide known file extensions).

Vegile on offsec.tools
Vegile

Post exploitation tool to maintain some level of acces.

Phishery on offsec.tools
Phishery

An SSL enabled basic auth credential harvester with a Word document template URL injector.

upload_bypass on offsec.tools
upload_bypass

File upload restrictions bypass by using different techniques!

Kwetza on offsec.tools
Kwetza

Infect an existing Android application with a Meterpreter payload.

reDuh on offsec.tools
reDuh

Create a TCP circuit through validly formed HTTP requests.

reGeorg on offsec.tools
reGeorg

Pwn a bastion webserver and create SOCKS proxies through the DMZ.

weevely3 on offsec.tools
weevely3

Weaponized web shell.

BetterBackdoor on offsec.tools
BetterBackdoor

A backdoor with a multitude of features.

SUDO_KILLER on offsec.tools
SUDO_KILLER

A tool to identify and exploit sudo rules misconfigurations and vulnerabilities.

Responder on offsec.tools
Responder

Responder is a LLMNR, NBT-NS and MDNS poisoner.

linuxprivchecker on offsec.tools
linuxprivchecker

A Linux privilege escalation check script.

Snaffler on offsec.tools
Snaffler

A tool to help at finding delicious candy needles in a bunch of horrible boring haystacks.

TrevorC2 on offsec.tools
TrevorC2

A legitimate website that tunnels client/server communications for covert command execution.

Vulmap on offsec.tools
Vulmap

Online local vulnerability scanners project.

bypass-url-parser on offsec.tools
bypass-url-parser

Tool that tests MANY url bypasses to reach a 40X protected page.

SpoolSploit on offsec.tools
SpoolSploit

Collection of Windows print spooler exploits and other utilities for practical exploitation.

PayGen on offsec.tools
PayGen

Tool to generate stable undetected payload.

awesome-cve-poc on offsec.tools
awesome-cve-poc

A collection about Proof of Concepts of Common Vulnerabilities and Exposures.

reapoc on offsec.tools
reapoc

OpenSource Poc && Vulnerable-Target Storage Box.

ShellPop on offsec.tools
ShellPop

Pop shells like a master.

yersinia on offsec.tools
yersinia

A framework for layer 2 attacks.

Core Impact on offsec.tools
Core Impact

Designed to enable security teams to conduct advanced penetration tests with ease.

GitHacker on offsec.tools
GitHacker

A Git source leak exploit tool that restores the entire Git repository, including data from stash.

XSSRocket on offsec.tools
XSSRocket

Written by Black Hat Ethical Hacking and #ChatGPT for offensive security and XSS attacks.

Ronin on offsec.tools
Ronin

A free and open source Ruby toolkit for security research and development.

Canvas on offsec.tools
Canvas

Assessment tool that allows penetration testing and hostile attack simulations.

windows-kernel-exploits on offsec.tools
windows-kernel-exploits

A list of Windows kernel exploits.

Linux Exploit Suggester on offsec.tools
Linux Exploit Suggester

Based on operating system release number.

AdvancedKeyHacks on offsec.tools
AdvancedKeyHacks

API key/token exploitation made easy.

IntelSpy on offsec.tools
IntelSpy

Perform automated network reconnaissance scans to gather network intelligence.

WES-NG on offsec.tools
WES-NG

Windows Exploit Suggester - Next Generation.

Windows Exploit Suggester on offsec.tools
Windows Exploit Suggester

Compares target patch levels against the Microsoft vulnerability DB to detect missing patches.

WinPwn on offsec.tools
WinPwn

Automation for internal Windows pentest / AD-Security.

SharpImpersonation on offsec.tools
SharpImpersonation

A User Impersonation tool - via Token or Shellcode injection.

DroneSploit on offsec.tools
DroneSploit

Drone pentesting framework console.

Print-My-Shell on offsec.tools
Print-My-Shell

Automate the process of generating various reverse shells.

pwncat on offsec.tools
pwncat

Netcat on steroids with many extra features.

Rubeus on offsec.tools
Rubeus

Rubeus is a toolkit for Kerberos interaction and abuses.

malicious-pdf on offsec.tools
malicious-pdf

Generates a bunch of malicious pdf files with phone-home functionality.

AutoSploit on offsec.tools
AutoSploit

Automated Mass Exploiter.

Hawkeye on offsec.tools
Hawkeye

Filesystem analysis tool/directory looking for interesting stuff.

barq on offsec.tools
barq

The AWS Cloud Post Exploitation framework!

RouterSploit on offsec.tools
RouterSploit

Exploitation framework for embedded devices.

GyoiThon on offsec.tools
GyoiThon

Growing penetration test tool using Machine Learning.

Kadimus on offsec.tools
Kadimus

Check for and exploit LFI vulnerabilities with a focus on PHP systems.

RevShells on offsec.tools
RevShells

Hosted Reverse Shell generator with a ton of functionality.

Exploitalert on offsec.tools
Exploitalert

Exploits found on the INTERNET.

The Exploit Database on offsec.tools
The Exploit Database

Archive of public exploits and corresponding vulnerable software.

Betterscan on offsec.tools
Betterscan

Code Scanning/SAST/static analysis/linting using many tools/scanners with one report.

Hackingtool on offsec.tools
Hackingtool

ALL IN ONE Hacking Tool For Hackers.

SearchSploit on offsec.tools
SearchSploit

Cli tool for Exploit-DB that also allows you to take a copy of Exploit Database with you.

Findsploit on offsec.tools
Findsploit

Find exploits in local and online databases instantly.

getsploit on offsec.tools
getsploit

Command line utility for searching and downloading exploits.

lnkbomb on offsec.tools
lnkbomb

Malicious shortcut generator for collecting NTLM hashes from insecure file shares.

Shadow Workers on offsec.tools
Shadow Workers

C2 and proxy designed to help in the exploitation of XSS and malicious Service Workers.

XSS'OR on offsec.tools
XSS'OR

Hack with JavaScript.

XSS Hunter Express on offsec.tools
XSS Hunter Express

The fastest way to set up XSS Hunter to test and find blind XSS vulnerabilities.

XSSer on offsec.tools
XSSer

Automatic framework to detect, exploit and report XSS vulnerabilities in web-based applications.

XSpear on offsec.tools
XSpear

Powerfull XSS Scanning and Parameter analysis tool&gem.

JSShell on offsec.tools
JSShell

An interactive multi-user web JS shell.

metahttp on offsec.tools
metahttp

Script that automates the scanning of a target network for HTTP resources through XXE.

oxml_xxe on offsec.tools
oxml_xxe

Embeds XXE/XML exploits into different filetypes.

XXEinjector on offsec.tools
XXEinjector

Exploitation of XXE vulnerability using direct and different out of band methods.

XXExploiter on offsec.tools
XXExploiter

Tool to help exploit XXE vulnerabilities.

LFI-Enum on offsec.tools
LFI-Enum

Scripts to execute enumeration via LFI

Burp-to-SQLMap on offsec.tools
Burp-to-SQLMap

Performing SQLInjection test on Burp Suite Bulk Requests using SQLMap.

Evil SQL Client on offsec.tools
Evil SQL Client

Interactive .NET SQL console client with enhanced SQL Server discovery/access/exfiltration features.

grafana-ssrf on offsec.tools
grafana-ssrf

Authenticated SSRF in Grafana.

Gopherus on offsec.tools
Gopherus

Generates gopher link for exploiting SSRF and gaining RCE in various servers.

SSRFmap on offsec.tools
SSRFmap

Automatic SSRF fuzzer and exploitation tool.

Requests-Racer on offsec.tools
Requests-Racer

Exploit race conditions in web apps with Requests.

Oralyzer on offsec.tools
Oralyzer

Open Redirection Analyzer.

ysoserial on offsec.tools
ysoserial

Generates payloads that exploit unsafe Java object deserialization.

LFI Suite on offsec.tools
LFI Suite

Totally Automatic LFI Exploiter and Scanner.

Liffy on offsec.tools
Liffy

Local file inclusion exploitation tool.

XSRFProbe on offsec.tools
XSRFProbe

The Prime Cross Site Request Forgery Audit and Exploitation Toolkit.

BeEF on offsec.tools
BeEF

The Browser Exploitation Framework is a penetration testing tool that focuses on the web browser.

sns on offsec.tools
sns

IIS shortname scanner written in Go.

Nginxpwner on offsec.tools
Nginxpwner

Simple tool to look for common Nginx misconfigurations and vulnerabilities.

Metasploit on offsec.tools
Metasploit

The world’s most used penetration testing framework.

Ghauri on offsec.tools
Ghauri

Automates the process of detecting and exploiting SQL injection security flaws.

Wapiti on offsec.tools
Wapiti

The web-application vulnerability scanner.

sqlmap on offsec.tools
sqlmap

Automatic SQL injection and database takeover tool.

Commix on offsec.tools
Commix

Automated All-in-One OS Command Injection Exploitation Tool.

DalFox on offsec.tools
DalFox

Powerful open source XSS scanning tool and parameter analyzer, utility.

XSStrike on offsec.tools
XSStrike

Most advanced XSS scanner.

git-dumper on offsec.tools
git-dumper

A tool to dump a git repository from a website.

Drupwn on offsec.tools
Drupwn

Drupal enumeration & exploitation tool.