A vast collection of security tools for bug bounty, pentest and red teaming

#passwords

pypykatz on offsec.tools
Featured
pypykatz

Mimikatz implementation in pure Python.

mimikatz on offsec.tools
Featured
mimikatz

A little tool to play with Windows security.

h8mail on offsec.tools
h8mail

Powerful and user-friendly password hunting tool.

LDAP Password Hunter on offsec.tools
LDAP Password Hunter

Password Hunter in active directory.

Invoke-WCMDump on offsec.tools
Invoke-WCMDump

PowerShell script to dump Windows credentials from the Credential Manager.

Ciphey on offsec.tools
Ciphey

Automates decryptions & decodings with encodings, classical ciphers, hashes, or more.

NetworkMiner on offsec.tools
NetworkMiner

Network forensic analysis tool for Windows.

jackdaw on offsec.tools
jackdaw

Gather gather gather.

Responder on offsec.tools
Responder

Responder is a LLMNR, NBT-NS and MDNS poisoner.

Vajra on offsec.tools
Vajra

UI-based tool with multiple techniques for attacking and enumerating Azure and AWS environment.

ShadowSpray on offsec.tools
ShadowSpray

Spray shadow credentials across an entire domain.

brutespray on offsec.tools
brutespray

Automatically attempts default creds on found services based on Nmap output.

afrog on offsec.tools
afrog

A vulnerability scanning tools for penetration testing.

ggshield on offsec.tools
ggshield

Find multiple types of hardcoded secrets & types of infrastructure-as-code misconfigurations.

l0phtcrack on offsec.tools
l0phtcrack

Crack Windows passwords from hashes.

Ophcrack on offsec.tools
Ophcrack

Windows password cracker based on rainbow tables.

dsniff on offsec.tools
dsniff

Collection of tools for network auditing and penetration testing.

Cain and Abel on offsec.tools
Cain and Abel

Password recovery tool for Microsoft Operating Systems.

OrbitalDump on offsec.tools
OrbitalDump

A simple multi-threaded distributed SSH brute-forcing tool.

Medusa on offsec.tools
Medusa

Medusa is a speedy, parallel, and modular, login brute-forcer.

crackerjack on offsec.tools
crackerjack

Hashcat Web Interface.

ADRT on offsec.tools
ADRT

Active Directory Report Tool.

padding-oracle-attacker on offsec.tools
padding-oracle-attacker

Execute padding oracle attacks with support for concurrent network requests and an elegant UI.

default-http-login-hunter on offsec.tools
default-http-login-hunter

Login hunter of default credentials for administrative web interfaces.

SharpHose on offsec.tools
SharpHose

Asynchronous password spraying tool for Windows environments.

Words Scraper on offsec.tools
Words Scraper

Selenium based web scraper to generate passwords list.

JWTweak on offsec.tools
JWTweak

Detects JWT algorithm and provides options to generate a new JWT based on another algorithm.

cstc on offsec.tools
cstc

Burp Suite extension that allows request/response modification using a GUI.

Cr3dOv3r on offsec.tools
Cr3dOv3r

Know the dangers of credential reuse attacks.

airbash on offsec.tools
airbash

Fully automated WPA PSK PMKID and handshake capture script.

evil SSDP on offsec.tools
evil SSDP

Spoof SSDP replies to phish for credentials and NetNTLM challenge/response.

RouterSploit on offsec.tools
RouterSploit

Exploitation framework for embedded devices.

leakScraper on offsec.tools
leakScraper

Set of tools to process and visualize huge text files containing credentials.

Hash Buster on offsec.tools
Hash Buster

Crack hashes in seconds.

Have i been pwned? on offsec.tools
Have i been pwned?

Check if your email or phone is in a data breach.

AttackSurfaceMapper on offsec.tools
AttackSurfaceMapper

AttackSurfaceMapper is a tool that aims to automate the reconnaissance process.

SSH PuTTY login bruteforcer on offsec.tools
SSH PuTTY login bruteforcer

A wrapper script which uses PuTTY to perform SSH login bruteforce attacks.

DefaultPassword on offsec.tools
DefaultPassword

Default passwords database sorted by manufacturers.

SprayCannon on offsec.tools
SprayCannon

Fast multithreaded password spraying tool with backend database.

JWT4B on offsec.tools
JWT4B

JWT Support for Burp Suite.

JOSEPH on offsec.tools
JOSEPH

JavaScript Object Signing and Encryption Pentesting Helper.

SecLists on offsec.tools
SecLists

Collection of multiple types of lists used during security assessments, collected in one place.

cariddi on offsec.tools
cariddi

Crawl urls and scan for endpoints, secrets, api keys, file extensions, tokens and more.

jwt-hack on offsec.tools
jwt-hack

JWT encoding/decoding, generates payloads for JWT attack and very fast cracking.

JWT Key ID Injector on offsec.tools
JWT Key ID Injector

Simple python script to check against hypothetical JWT vulnerability.

jwtear on offsec.tools
jwtear

Modular command-line tool to parse, create and manipulate JWT tokens.

jwt-heartbreaker on offsec.tools
jwt-heartbreaker

Burp Suite extension to check JWT for using keys from known from public sources.

JWT cracker on offsec.tools
JWT cracker

JWT brute force cracker written in C.

BruteX on offsec.tools
BruteX

Automatically brute force all services running on a target.

changeme on offsec.tools
changeme

A default credential scanner.

Default Credentials Cheat Sheet on offsec.tools
Default Credentials Cheat Sheet

One place for all the default credentials to assist on finding devices with default password.

lnkbomb on offsec.tools
lnkbomb

Malicious shortcut generator for collecting NTLM hashes from insecure file shares.

Oh365UserFinder on offsec.tools
Oh365UserFinder

O365 user enumeration and password spraying tool.

Depix on offsec.tools
Depix

Recovers passwords from pixelized screenshots.

RainbowCrack on offsec.tools
RainbowCrack

It crack hashes with rainbow tables.

Reaver on offsec.tools
Reaver

Implements a brute force attack against Wifi Protected Setup (WPS) registrar PINs.

fcrackzip on offsec.tools
fcrackzip

Zip password cracker.

crunch on offsec.tools
crunch

Wordlist generator where you can specify a character set or any set of characters to be used.

wifite on offsec.tools
wifite

Runs existing wireless-auditing tools for you. Stop memorizing command arguments & switches!

aircrack-ng on offsec.tools
aircrack-ng

Complete suite of tools to assess WiFi network security.

CeWL on offsec.tools
CeWL

Custom Word List Generator.

cook on offsec.tools
cook

Overpower wordlist generator, words permutation and combinations, encoding/decoding...

Patator on offsec.tools
Patator

Multi-purpose brute-forcer, with a modular design and a flexible usage.

Hydra on offsec.tools
Hydra

Very fast password cracking tool.

John The Ripper on offsec.tools
John The Ripper

Password cracker tool.

Hashcat on offsec.tools
Hashcat

World's fastest and most advanced password recovery utility

JWT Tool on offsec.tools
JWT Tool

A toolkit for testing, tweaking and cracking JSON Web Tokens.

EyeWitness on offsec.tools
EyeWitness

Take screenshots of websites, provide server header info and identify default credentials.

DumpsterDiver on offsec.tools
DumpsterDiver

Tool to search secrets in various filetypes.