A vast collection of security tools for bug bounty, pentest and red teaming

#last7days

ffufPostprocessing on offsec.tools
ffufPostprocessing

Golang tool which helps dropping the irrelevant entries from your ffuf result file.

h8mail on offsec.tools
h8mail

Powerful and user-friendly password hunting tool.

ScareCrow on offsec.tools
ScareCrow

Payload creation framework designed around EDR bypass.

LDAP Password Hunter on offsec.tools
LDAP Password Hunter

Password Hunter in active directory.

NMapify on offsec.tools
NMapify

Quickly and accurately create a visual representation of their Nmap output.

sub404 on offsec.tools
sub404

A fast tool to check subdomain takeover vulnerability.

mimikittenz on offsec.tools
mimikittenz

A post-exploitation powershell tool for extracting juicy info from memory.

Dumpert on offsec.tools
Dumpert

LSASS memory dumper using direct system calls and API unhooking.

#api   #lsass   #memory  

WiFi-Pumpkin on offsec.tools
WiFi-Pumpkin

Framework for rogue Wi-Fi access point attack.

FindUncommonShares on offsec.tools
FindUncommonShares

Quickly find uncommon shares in vast Windows domains.

Invoke-TmpDavFS on offsec.tools
Invoke-TmpDavFS

Memory Backed Powershell WebDav Server.

Invoke-SocksProxy on offsec.tools
Invoke-SocksProxy

Socks proxy, and reverse socks server using powershell.

PowerShdll on offsec.tools
PowerShdll

Run PowerShell with rundll32 in order to bypass software restrictions.

PSByPassCLM on offsec.tools
PSByPassCLM

Bypass for PowerShell Constrained Language Mode.

CarbonCopy on offsec.tools
CarbonCopy

Creates a spoofed certificate of any online website and signs an executable for AV evasion.

DNSTracer on offsec.tools
DNSTracer

Trace the path of a DNS query.

#dms   #utils  

Invoke-BSOD on offsec.tools
Invoke-BSOD

For when you want a computer to be done - without admin!.

Invoke-WCMDump on offsec.tools
Invoke-WCMDump

PowerShell script to dump Windows credentials from the Credential Manager.

Invoke-PSImage on offsec.tools
Invoke-PSImage

Encodes a PowerShell script in the pixels of a PNG file and generates a oneliner to execute.

SDBF on offsec.tools
SDBF

Smart DNS Brute Forcer.

Ciphey on offsec.tools
Ciphey

Automates decryptions & decodings with encodings, classical ciphers, hashes, or more.

ScopeHunter on offsec.tools
ScopeHunter

Command-line tool for finding in-scope targets for bug bounty programs.

SSRFPwned on offsec.tools
SSRFPwned

Checks for SSRF using custom payloads after fetching URLs from sources & applying complex patterns.

TerminatorZ on offsec.tools
TerminatorZ

Scan for top potential vulnerabilities with known CVEs in your web applications.

#csrf   #cves   #rce   #scanner   #sqli   #xss  

SQLMutant on offsec.tools
SQLMutant

Searches for automated subdomain enumeration and runs SQLi tests.