offsec.tools

A vast collection of security tools for bug bounty, pentest and red teaming

#fuzzing

45 results

Nuclei templates on offsec.tools

Sponsor

Nuclei templates

Community curated list of templates for the Nuclei engine to find security vulnerabilities.

#cves #fuzzing #payloads #resources #scanner #secrets #vulnerabilities

Nuclei on offsec.tools

Sponsor

Nuclei

Fast and customizable vulnerability scanner based on simple YAML based DSL.

#allinone #cves #fuzzing #scanner #subto

litefuzz on offsec.tools

litefuzz

A multi-platform fuzzer for poking at userland binaries and servers.

#fuzzing #network

Wordsmith on offsec.tools

Wordsmith

Assist with creating tailored wordlists, mostly based on geolocation.

#fuzzing #utils #wordlists

Firefly on offsec.tools

Firefly

Black box fuzzer for web applications.

#fuzzing #payloads #wordlists

Oculus on offsec.tools

Oculus

OSINT tool used to discover environments, directories, and subdomains of a particular domain.

#aws #azure #cloud #directories #emails #firebase #fuzzing #osint #subdomains

Nozaki on offsec.tools

Nozaki

HTTP fuzzer engine security oriented.

#fuzzing #http #yaml

Coercer on offsec.tools

Coercer

Automatically coerce a Windows server to authenticate on an arbitrary machine.

#fuzzing #network #reports #samba #scanner #windows

userefuzz on offsec.tools

userefuzz

User-Agent, X-Forwarded-For and Referer SQLI Fuzzer.

#fuzzing #headers #sqli

Raccoon on offsec.tools

Raccoon

A high performance offensive security tool for reconnaissance and vulnerability scanning.

#dns #endpoints #fingerprint #firewall #fuzzing #ips #scanner #ssl #subdomains

TheftFuzzer on offsec.tools

TheftFuzzer

Fuzz Cross-Origin Resource Sharing implementations for common misconfigurations.

#cors #fuzzing #vulnerabilities

Scout on offsec.tools

Scout

Discover a web server's undisclosed files, directories and VHOSTs.

#directories #fuzzing #subdomains

0d1n on offsec.tools

0d1n

Tool for automating customized attacks against web applications.

#allinone #bruteforce #fuzzing #reports

Shelling on offsec.tools

Shelling

A comprehensive OS command injection payload generator.

#burpsuite #fuzzing #rce #shell

SecLists on offsec.tools

SecLists

Collection of multiple types of lists used during security assessments, collected in one place.

#fuzzing #passwords #payloads #resources #wordlists

BlackWidow on offsec.tools

BlackWidow

Web application scanner to gather OSINT and fuzz for OWASP vulnerabilities on a target website.

#emails #endpoints #forms #fuzzing #osint #owasp #parameters #phones #subdomains

XSS Radar on offsec.tools

XSS Radar

A Chrome extension for fast and easy XSS fuzzing.

#browser #chrome #fuzzing #vulnerabilities #xss

SSRFmap on offsec.tools

SSRFmap

Automatic SSRF fuzzer and exploitation tool.

#exploits #fuzzing #ssrf #vulnerabilities

Race The Web on offsec.tools

Race The Web

Tests for race conditions in web applications.

#api #fuzzing #racecondition

Oralyzer on offsec.tools

Oralyzer

Open Redirection Analyzer.

#exploits #fuzzing #openredirect #vulnerabilities

headi on offsec.tools

headi

Customisable and automated HTTP header injection.

#fuzzing #headers #http

IntruderPayloads on offsec.tools

IntruderPayloads

Payloads, fuzz lists, malicious file uploads and web pentesting methodologies and checklists.

#burpsuite #fuzzing #owasp #resources #wordlists

DotDotPwn on offsec.tools

DotDotPwn

The Directory Traversal Fuzzer.

#fuzzing #lfi #vulnerabilities

Injectus on offsec.tools

Injectus

CRLF and open redirect fuzzer.

#crlf #fuzzing #openredirect #vulnerabilities

vaf on offsec.tools

vaf

Cross-platform very advanced and fast web fuzzer written in nim.

Fuzzapi on offsec.tools

Fuzzapi

Used for REST API pentesting and provide UI solution for gem.

#api #fuzzing #scanner

FuzzDB on offsec.tools

FuzzDB

Attack patterns and primitives for black-box application fault injection and resource discovery.

#fuzzing #payloads #resources #wordlists

Filebuster on offsec.tools

Filebuster

An extremely fast and flexible web fuzzer.

#directories #endpoints #fuzzing

fuzzagotchi on offsec.tools

fuzzagotchi

A fuzzing tool written in Go. It helps your pentesting journey.

#directories #endpoints #fuzzing #parameters

graphw00f on offsec.tools

graphw00f

GraphQL Server Engine Fingerprinting utility for software security professionals.

#fuzzing #graphql

Crawlergo on offsec.tools

Crawlergo

A powerful browser crawler for web vulnerability scanners

#fuzzing #scanner

4-ZERO-3 on offsec.tools

4-ZERO-3

403/401 Bypass Methods.

#bypass #fuzzing

Arjun on offsec.tools

Arjun

HTTP parameter discovery suite.

#endpoints #fuzzing #parameters

CRLFuzz on offsec.tools

CRLFuzz

A fast tool to scan CRLF vulnerability written in Go.

cook on offsec.tools

cook

Overpower wordlist generator, words permutation and combinations, encoding/decoding...

#fuzzing #passwords #wordlists

qsreplace on offsec.tools

qsreplace

Accept URLs on stdin, replace all query string values with a user-supplied value.

Feroxbuster on offsec.tools

Feroxbuster

A fast, simple, recursive content discovery tool written in Rust.

#directories #endpoints #fuzzing

Knoxnl on offsec.tools

Knoxnl

This is a python wrapper around the amazing KNOXSS.

#fuzzing #vulnerabilities #xss

recollapse on offsec.tools

recollapse

REcollapse is a helper tool for black-box regex fuzzing to bypass validations

Wapiti on offsec.tools

Wapiti

The web-application vulnerability scanner.

#allinone #exploits #fuzzing #scanner

qsfuzz on offsec.tools

qsfuzz

qsfuzz is a tool that allows to write simple rules in YAML that define what value to inject

Wfuzz on offsec.tools

Wfuzz

Web application fuzzer.

#directories #endpoints #fuzzing

Zed Attack Proxy on offsec.tools

Zed Attack Proxy

The world's most widely used web app scanner.

#allinone #fuzzing #owasp #proxy #scanner

fuzzuli on offsec.tools

fuzzuli

Find critical backup files by creating a dynamic wordlist based on the domain.

#backups #endpoints #fuzzing #secrets

Burp Suite on offsec.tools

Burp Suite

The class-leading vulnerability scanning, penetration testing, and web app security platform.

#allinone #burpsuite #cves #fuzzing #proxy #scanner