A vast collection of security tools for bug bounty, pentest and red teaming

#fuzzing

Nuclei templates on offsec.tools
Sponsor
Nuclei templates

Community curated list of templates for the Nuclei engine to find security vulnerabilities.

Nuclei on offsec.tools
Sponsor
Nuclei

Fast and customizable vulnerability scanner based on simple YAML based DSL.

litefuzz on offsec.tools
litefuzz

A multi-platform fuzzer for poking at userland binaries and servers.

Wordsmith on offsec.tools
Wordsmith

Assist with creating tailored wordlists, mostly based on geolocation.

Firefly on offsec.tools
Firefly

Black box fuzzer for web applications.

Oculus on offsec.tools
Oculus

OSINT tool used to discover environments, directories, and subdomains of a particular domain.

Nozaki on offsec.tools
Nozaki

HTTP fuzzer engine security oriented.

#fuzzing   #http   #yaml  

Coercer on offsec.tools
Coercer

Automatically coerce a Windows server to authenticate on an arbitrary machine.

userefuzz on offsec.tools
userefuzz

User-Agent, X-Forwarded-For and Referer SQLI Fuzzer.

Raccoon on offsec.tools
Raccoon

A high performance offensive security tool for reconnaissance and vulnerability scanning.

TheftFuzzer on offsec.tools
TheftFuzzer

Fuzz Cross-Origin Resource Sharing implementations for common misconfigurations.

Scout on offsec.tools
Scout

Discover a web server's undisclosed files, directories and VHOSTs.

0d1n on offsec.tools
0d1n

Tool for automating customized attacks against web applications.

Shelling on offsec.tools
Shelling

A comprehensive OS command injection payload generator.

SecLists on offsec.tools
SecLists

Collection of multiple types of lists used during security assessments, collected in one place.

BlackWidow on offsec.tools
BlackWidow

Web application scanner to gather OSINT and fuzz for OWASP vulnerabilities on a target website.

XSS Radar on offsec.tools
XSS Radar

A Chrome extension for fast and easy XSS fuzzing.

SSRFmap on offsec.tools
SSRFmap

Automatic SSRF fuzzer and exploitation tool.

Race The Web on offsec.tools
Race The Web

Tests for race conditions in web applications.

Oralyzer on offsec.tools
Oralyzer

Open Redirection Analyzer.

headi on offsec.tools
headi

Customisable and automated HTTP header injection.

IntruderPayloads on offsec.tools
IntruderPayloads

Payloads, fuzz lists, malicious file uploads and web pentesting methodologies and checklists.

DotDotPwn on offsec.tools
DotDotPwn

The Directory Traversal Fuzzer.

Injectus on offsec.tools
Injectus

CRLF and open redirect fuzzer.

vaf on offsec.tools
vaf

Cross-platform very advanced and fast web fuzzer written in nim.

Fuzzapi on offsec.tools
Fuzzapi

Used for REST API pentesting and provide UI solution for gem.

FuzzDB on offsec.tools
FuzzDB

Attack patterns and primitives for black-box application fault injection and resource discovery.

Filebuster on offsec.tools
Filebuster

An extremely fast and flexible web fuzzer.

fuzzagotchi on offsec.tools
fuzzagotchi

A fuzzing tool written in Go. It helps your pentesting journey.

graphw00f on offsec.tools
graphw00f

GraphQL Server Engine Fingerprinting utility for software security professionals.

Crawlergo on offsec.tools
Crawlergo

A powerful browser crawler for web vulnerability scanners

4-ZERO-3 on offsec.tools
4-ZERO-3

403/401 Bypass Methods.

Arjun on offsec.tools
Arjun

HTTP parameter discovery suite.

CRLFuzz on offsec.tools
CRLFuzz

A fast tool to scan CRLF vulnerability written in Go.

cook on offsec.tools
cook

Overpower wordlist generator, words permutation and combinations, encoding/decoding...

qsreplace on offsec.tools
qsreplace

Accept URLs on stdin, replace all query string values with a user-supplied value.

Feroxbuster on offsec.tools
Feroxbuster

A fast, simple, recursive content discovery tool written in Rust.

Knoxnl on offsec.tools
Knoxnl

This is a python wrapper around the amazing KNOXSS.

recollapse on offsec.tools
recollapse

REcollapse is a helper tool for black-box regex fuzzing to bypass validations

Wapiti on offsec.tools
Wapiti

The web-application vulnerability scanner.

qsfuzz on offsec.tools
qsfuzz

qsfuzz is a tool that allows to write simple rules in YAML that define what value to inject

Wfuzz on offsec.tools
Wfuzz

Web application fuzzer.

Zed Attack Proxy on offsec.tools
Zed Attack Proxy

The world's most widely used web app scanner.

fuzzuli on offsec.tools
fuzzuli

Find critical backup files by creating a dynamic wordlist based on the domain.

Burp Suite on offsec.tools
Burp Suite

The class-leading vulnerability scanning, penetration testing, and web app security platform.