A vast collection of security tools for bug bounty, pentest and red teaming

#payloads

Nuclei templates on offsec.tools
Sponsor
Nuclei templates

Community curated list of templates for the Nuclei engine to find security vulnerabilities.

SSRFPwned on offsec.tools
SSRFPwned

Checks for SSRF using custom payloads after fetching URLs from sources & applying complex patterns.

upload_bypass on offsec.tools
upload_bypass

File upload restrictions bypass by using different techniques!

Kwetza on offsec.tools
Kwetza

Infect an existing Android application with a Meterpreter payload.

Firefly on offsec.tools
Firefly

Black box fuzzer for web applications.

hoaxshell on offsec.tools
hoaxshell

Windows reverse shell payload generator and handler that abuses the http(s) protocol.

PayGen on offsec.tools
PayGen

Tool to generate stable undetected payload.

XSSRocket on offsec.tools
XSSRocket

Written by Black Hat Ethical Hacking and #ChatGPT for offensive security and XSS attacks.

Ronin on offsec.tools
Ronin

A free and open source Ruby toolkit for security research and development.

Agartha on offsec.tools
Agartha

Burp Suite extension for dynamic payload generation to detect injection flaws.

#burpsuite   #lfi   #payloads   #rce   #sqli   #xss  

Weaponised XSS Payloads on offsec.tools
Weaponised XSS Payloads

XSS payloads designed to turn alert(1) into P1.

xssor2 on offsec.tools
xssor2

Hack with JavaScript.

qsinject on offsec.tools
qsinject

Allows you to quickly substitute query string values with regex matches, one-at-a-time.

eLdap-Ldap-Search-and-Filter on offsec.tools
eLdap-Ldap-Search-and-Filter

A tool that helps users searching and filtering queries in Ldap environment.

Transformations on offsec.tools
Transformations

Understand how input is transformed on a system, which can help to craft payloads.

AllAboutBugBounty on offsec.tools
AllAboutBugBounty

Bug Bounty notes gathered from various sources.

RouterSploit on offsec.tools
RouterSploit

Exploitation framework for embedded devices.

JSgen on offsec.tools
JSgen

Generate javascript code to be injected in case you find a Server Side Javascript Injection.

Cross-site scripting cheat sheet on offsec.tools
Cross-site scripting cheat sheet

PortSwigger XSS cheat sheet that contains many vectors that can help you bypass WAFs and filters.

Hackingtool on offsec.tools
Hackingtool

ALL IN ONE Hacking Tool For Hackers.

Hackvertor on offsec.tools
Hackvertor

Tag based conversion tool written in Java implemented as a Burp Suite extension.

PortSwigger Cross-Site Scripting cheatsheet data on offsec.tools
PortSwigger Cross-Site Scripting cheatsheet data

All the XSS cheatsheet data to allow contributions from the community.

SecLists on offsec.tools
SecLists

Collection of multiple types of lists used during security assessments, collected in one place.

BurpSentinel on offsec.tools
BurpSentinel

GUI Burp Plugin to ease discovering of security holes in web applications.

Payloads All The Things on offsec.tools
Payloads All The Things

A list of useful payloads and bypass for Web Application Security.

JSONBee on offsec.tools
JSONBee

A ready to use JSONP endpoints/payloads to help bypass Content Security Policy.

xxeserv on offsec.tools
xxeserv

A mini webserver with FTP support for XXE payloads.

#ftp   #http   #payloads   #server   #xxe  

xss2png on offsec.tools
xss2png

PNG IDAT chunks XSS payload generator.

Xss-Sql-Fuzz on offsec.tools
Xss-Sql-Fuzz

Burp Suite plugin for XSS and SQLi which add our payload to all parameters with one click.

BitBlinder on offsec.tools
BitBlinder

Injects custom XSS payloads on every form/request submitted to detect blind XSS.

Sleepy Puppy on offsec.tools
Sleepy Puppy

Sleepy Puppy XSS Payload Management Framework.

XSS'OR on offsec.tools
XSS'OR

Hack with JavaScript.

oxml_xxe on offsec.tools
oxml_xxe

Embeds XXE/XML exploits into different filetypes.

XXE-FTP on offsec.tools
XXE-FTP

A mini webserver with FTP support for XXE payloads.

#ftp   #payloads   #xxe  

docem on offsec.tools
docem

Utility to embed XXE and XSS payloads in docx, odt, pptx...

#payloads   #xss   #xxe  

DTD Finder on offsec.tools
DTD Finder

List DTDs and generate XXE payloads using those local DTDs.

PHPGGC on offsec.tools
PHPGGC

PHP unserialize() payloads along with a tool to generate them.

ysoserial.net on offsec.tools
ysoserial.net

Deserialization payload generator for a variety of .NET formatters.

ysoserial on offsec.tools
ysoserial

Generates payloads that exploit unsafe Java object deserialization.

FuzzDB on offsec.tools
FuzzDB

Attack patterns and primitives for black-box application fault injection and resource discovery.