A vast collection of security tools for bug bounty, pentest and red teaming

#scanner

122 results
nuclei-burp-plugin on offsec.tools
Sponsor
nuclei-burp-plugin

A Burp Suite plugin intended to help with Nuclei template generation.

#burpsuite   #scanner  

Nuclei templates on offsec.tools
Sponsor
Nuclei templates

Community curated list of templates for the Nuclei engine to find security vulnerabilities.

#cves   #fuzzing   #payloads   #resources   #scanner   #secrets   #vulnerabilities  

mapcidr on offsec.tools
Sponsor
mapcidr

Small utility program to perform multiple operations for a given subnet/CIDR ranges.

#network   #ports   #scanner  

Naabu on offsec.tools
Sponsor
Naabu

A fast port scanner written in go with a focus on reliability and simplicity.

#network   #scanner  

Nuclei on offsec.tools
Sponsor
Nuclei

Fast and customizable vulnerability scanner based on simple YAML based DSL.

#allinone   #cves   #fuzzing   #scanner   #subto  

Java Deserialization Scanner on offsec.tools
Featured
Java Deserialization Scanner

All-in-one plugin for the detection and exploitation of Java deserialization vulnerabilities.

#deserialization   #java   #scanner  

TerminatorZ on offsec.tools
TerminatorZ

Scan for top potential vulnerabilities with known CVEs in your web applications.

#csrf   #cves   #rce   #scanner   #sqli   #xss  

Unicornscan on offsec.tools
Unicornscan

An asynchronous TCP and UDP port scanner.

#ips   #network   #ports   #scanner   #utils  

Grendel-Scan on offsec.tools
Grendel-Scan

A tool for automated security scanning of web applications.

#scanner   #vulnerabilities  

amap on offsec.tools
amap

Identify applications even if they are running on a different port than normal.

#fingerprint   #ports   #scanner  

ike-scan on offsec.tools
ike-scan

Discover and fingerprint IKE hosts.

#fingerprint   #ike   #scanner  

ratproxy on offsec.tools
ratproxy

A semi-automated largely passive web application security audit tool.

#csrf   #proxy   #scanner   #xss  

wikto on offsec.tools
wikto

Nikto for Windows with some extra features.

#directories   #scanner  

WebInspect on offsec.tools
WebInspect

An automated dynamic testing solution that provides comprehensive vulnerability detection.

#allinone   #cves   #reports   #scanner   #vulnerabilities  

Invicti on offsec.tools
Invicti

Web Application Security For Enterprise.

#allinone   #cves   #monitoring   #reports   #scanner   #vulnerabilities  

Striker on offsec.tools
Striker

Offensive information and vulnerability scanner.

#ports   #scanner   #subdomains   #vulnerabilities  

celerystalk on offsec.tools
celerystalk

An asynchronous enumeration & vulnerability scanner.

#automation   #nessus   #scanner   #screenshots   #subdomains  

RedTeam_toolkit on offsec.tools
RedTeam_toolkit

Open source Django offensive webapp which is keeping the best tools used in the redteaming.

#cves   #directories   #reports   #scanner   #vulnerabilities   #xss  

smb-scanner on offsec.tools
smb-scanner

Samba scanning tool.

#samba   #scanner  

RED HAWK on offsec.tools
RED HAWK

All in one tool for information gathering, vulnerability scanning and crawling.

#cms   #crawler   #dns   #recon   #scanner   #sqli   #subdomains   #vulnerabilities  

Vulmap on offsec.tools
Vulmap

Online local vulnerability scanners project.

#cves   #exploits   #scanner   #vulnerabilities  

Skanuvaty on offsec.tools
Skanuvaty

Dangerously fast DNS/network/port scanner.

#dns   #ips   #ports   #scanner  

autoSSRF on offsec.tools
autoSSRF

Smart context-based SSRF vulnerability scanner.

#scanner   #ssrf  

CMSeek on offsec.tools
CMSeek

CMS Detection and Exploitation suite that supports over 180 other CMSs.

#cms   #drupal   #joomla   #scanner   #wordpress  

afrog on offsec.tools
afrog

A vulnerability scanning tools for penetration testing.

#cves   #fingerprint   #passwords   #scanner   #vulnerabilities  

Qualys Cloud Platform on offsec.tools
Qualys Cloud Platform

The revolutionary architecture that powers Qualys' IT, security, and compliance cloud apps.

#allinone   #cves   #reports   #scanner   #vulnerabilities  

SSTImap on offsec.tools
SSTImap

Automatic SSTI detection tool with interactive interface.

#codeinjection   #scanner   #ssti  

AORT on offsec.tools
AORT

All in one recon tool for bug bounty.

#dns   #ips   #recon   #scanner   #subdomains  

LanGuard on offsec.tools
LanGuard

Patch management, vulnerability scanning, and network auditing.

#allinone   #cves   #network   #reports   #scanner   #vulnerabilities  

Nexpose on offsec.tools
Nexpose

Vulnerability scanner which aims to support the entire vulnerability management lifecycle.

#allinone   #cves   #reports   #scanner   #vulnerabilities  

Core Impact on offsec.tools
Core Impact

Designed to enable security teams to conduct advanced penetration tests with ease.

#allinone   #cves   #exploits   #reports   #scanner   #vulnerabilities  

WebScarab on offsec.tools
WebScarab

Framework for analysing applications that communicate using the HTTP and HTTPS protocols.

#framewwork   #proxy   #scanner  

Paros Proxy on offsec.tools
Paros Proxy

HTTP(S) proxy for assessing web application vulnerability.

#allinone   #cves   #proxy   #reports   #scanner   #vulnerabilities  

Nessus on offsec.tools
Nessus

The global gold standard in vulnerability assessment built for the modern attack surface.

#allinone   #cves   #reports   #scanner   #vulnerabilities  

Ronin on offsec.tools
Ronin

A free and open source Ruby toolkit for security research and development.

#allinone   #asn   #dns   #exploits   #ips   #payloads   #scanner  

Vuls on offsec.tools
Vuls

Agent-less vulnerability scanner.

#scanner   #vulnerabilities  

jok3r on offsec.tools
jok3r

Network and Web Pentest Automation Framework.

#allinone   #cves   #fingerprint   #framework   #organizer   #scanner  

Legion on offsec.tools
Legion

Aids in discovery, reconnaissance and exploitation of information systems.

#cves   #directories   #framework   #network   #reports   #scanner   #ssl  

IntelSpy on offsec.tools
IntelSpy

Perform automated network reconnaissance scans to gather network intelligence.

#exploits   #ips   #ports   #probing   #recon   #reports   #scanner   #subdomains  

Trishul on offsec.tools
Trishul

Burp Suite Extension to hunt for common vulnerabilities found in websites.

#burpsuite   #scanner   #vulnerabilities  

ATOR on offsec.tools
ATOR

Authentication Token Obtain and Replace Extender.

#auth   #burpsuite   #cookies   #scanner  

Coercer on offsec.tools
Coercer

Automatically coerce a Windows server to authenticate on an arbitrary machine.

#fuzzing   #network   #reports   #samba   #scanner   #windows  

Raccoon on offsec.tools
Raccoon

A high performance offensive security tool for reconnaissance and vulnerability scanning.

#dns   #endpoints   #fingerprint   #firewall   #fuzzing   #ips   #scanner   #ssl   #subdomains  

Angry IP Scanner on offsec.tools
Angry IP Scanner

Fast and simple-to-use open-source/cross-platform network scanner.

#ips   #ports   #recon   #scanner  

RouterSploit on offsec.tools
RouterSploit

Exploitation framework for embedded devices.

#exploits   #framework   #passwords   #payloads   #routers   #scanner  

TLD Scanner on offsec.tools
TLD Scanner

Scan all possible TLD's for a given domain name.

#domains   #recon   #scanner   #tld  

ChopChop on offsec.tools
ChopChop

Scan endpoints and identify exposition of sensitive services/files/folders.

#directories   #endpoints   #recon   #scanner  

Acunetix on offsec.tools
Acunetix

Quickly find and fix the vulnerabilities that put your web applications at risk of attack.

#allinone   #cves   #reports   #scanner   #vulnerabilities  

FOCA on offsec.tools
FOCA

Tool to find metadata and hidden information in the documents.

#documents   #fingerprint   #metadata   #network   #osint   #scanner  

AWS security checks on offsec.tools
AWS security checks

This Burp Suite provides additional Scanner checks for AWS security issues.

#aws   #buckets   #burpsuite   #cloud   #scanner  

burp-vulners-scanner on offsec.tools
burp-vulners-scanner

Vulnerability scanner based on vulners.com search API.

#burpsuite   #cves   #scanner   #vulnerabilities  

Simple Basic Malware Scanner on offsec.tools
Simple Basic Malware Scanner

Simple Malware Scanner based on file hash scan.

#malware   #scanner  

Betterscan on offsec.tools
Betterscan

Code Scanning/SAST/static analysis/linting using many tools/scanners with one report.

#cloud   #codeanalysis   #cves   #exploits   #malwares   #reports   #sbom   #scanner   #secrets  

Burp WP on offsec.tools
Burp WP

Find known vulnerabilities in WordPress plugins and themes, WPScan like plugin for Burp.

#burpsuite   #cms   #scanner   #wordpress  

Distribute Damage on offsec.tools
Distribute Damage

Evenly distributes scanner load across targets.

#burpsuite   #scanner  

J2EEScan on offsec.tools
J2EEScan

Improve the test coverage during web application penetration tests on J2EE applications.

#burpsuite   #j2ee   #scanner  

scan-check-builder on offsec.tools
scan-check-builder

Burp Suite extension which helps to improve the active and passive scanner by yourself.

#burpsuite   #scanner  

Dastardly Scan Action on offsec.tools
Dastardly Scan Action

Runs a scan using Dastardly by Burp Suite against a target site and generates a report.

#burpsuite   #reports   #scanner  

HTTPoxy Scanner on offsec.tools
HTTPoxy Scanner

A Burp Suite extension that checks for the HTTPoxy vulnerability.

#burpsuite   #httpoxy   #scanner   #vulnerabilities  

UploadScanner on offsec.tools
UploadScanner

HTTP file upload scanner for Burp Proxy.

#burpsuite   #fileupload   #scanner   #vulnerabilities  

ActiveScan++ on offsec.tools
ActiveScan++

Extends Burp Suite's active and passive scanning capabilities.

#burpsuite   #scanner  

EMBA on offsec.tools
EMBA

The security analyzer for firmware of embedded devices.

#embedded   #firmware   #iot   #linux   #sbom   #scanner  

Eagle on offsec.tools
Eagle

Vulnerability scanner for mass detection of web-based applications vulnerabilities.

#cves   #scanner   #vulnerabilities  

backslash-powered-scanner on offsec.tools
backslash-powered-scanner

Finds unknown classes of injection vulnerabilities.

#burpsuite   #scanner   #vulnerabilities  

flan on offsec.tools
flan

A pretty sweet vulnerability scanner.

#cves   #fingerprint   #ports   #scanner   #vulnerabilities  

Arachni on offsec.tools
Arachni

Web Application Security Scanner Framework.

#framework   #monitoring   #scanner  

Second Order on offsec.tools
Second Order

Second-order subdomain takeover scanner.

#scanner   #subdomains   #subto   #vulnerabilities  

pyfiscan on offsec.tools
pyfiscan

Free web-application vulnerability and version scanner.

#cms   #fingerprint   #scanner  

WPRecon on offsec.tools
WPRecon

Tool for the recognition of vulnerabilities and blackbox information for Wordpress.

#scanner   #wordpress  

WPSpider on offsec.tools
WPSpider

A centralized dashboard for running and scheduling WordPress scans powered by WPScan utility.

#organizer   #scanner   #wordpress  

S3Scanner on offsec.tools
S3Scanner

Scan for open S3 buckets and dump the contents.

#aws   #buckets   #cloud   #scanner  

changeme on offsec.tools
changeme

A default credential scanner.

#passwords   #scanner  

XSSwagger on offsec.tools
XSSwagger

A simple Swagger-ui scanner that can detect old versions vulnerable to various XSS attacks.

#scanner   #swagger   #xss  

See-SURF on offsec.tools
See-SURF

Detect Vulnerable SSRF parameters.

#dns   #http   #parameters   #scanner   #ssrf  

XSSCon on offsec.tools
XSSCon

Simple XSS Scanner tool.

#scanner   #vulnerabilities   #xss  

Extended XSS Searcher and Finder on offsec.tools
Extended XSS Searcher and Finder

Scans for different types of XSS on a list of urls.

#scanner   #xss  

DOMDig on offsec.tools
DOMDig

DOM XSS scanner for Single Page Applications.

#scanner   #vulnerabilities   #xss  

XSpear on offsec.tools
XSpear

Powerfull XSS Scanning and Parameter analysis tool&gem.

#exploits   #parameters   #scanner   #vulnerabilities   #xss  

XSSer on offsec.tools
XSSer

Automatic framework to detect, exploit and report XSS vulnerabilities in web-based applications.

#exploits   #framework   #scanner   #vulnerabilities   #xss  

metahttp on offsec.tools
metahttp

Script that automates the scanning of a target network for HTTP resources through XXE.

#exploits   #scanner   #xxe  

SQLiv on offsec.tools
SQLiv

Massive SQL injection vulnerability scanner.

#scanner   #sqli   #vulnerabilities  

SQLTruncSanner on offsec.tools
SQLTruncSanner

Messy BurpSuite plugin for SQL Truncation vulnerabilities.

#burpsuite   #scanner   #sqli   #vulnerabilities  

Evil SQL Client on offsec.tools
Evil SQL Client

Interactive .NET SQL console client with enhanced SQL Server discovery/access/exfiltration features.

#data   #dotnet   #exploits   #mssql   #scanner   #shell   #sqli   #sqlserver  

SQLiScanner on offsec.tools
SQLiScanner

Automatic SQL injection with Charles and sqlmap API.

#scanner   #sqli   #vulnerabilities  

Extended SSRF search on offsec.tools
Extended SSRF search

Smart SSRF scanner using different methods like parameter brute forcing in POST and GET.

#scanner   #ssrf   #vulnerabilities  

InQL on offsec.tools
InQL

Burp Extension for GraphQL Security Testing.

#burpsuite   #graphql   #scanner  

BurpBounty on offsec.tools
BurpBounty

Improve the active and passive Burp Suite scanner by means of custom rules through GUI.

#burpsuite   #scanner  

off-by-slash on offsec.tools
off-by-slash

Burp extension to detect alias traversal via NGINX misconfiguration at scale.

#burpsuite   #scanner   #vulnerabilities  

CRLF-Injection-Scanner on offsec.tools
CRLF-Injection-Scanner

Command line tool for testing CRLF injection on a list of domains.

#crlf   #scanner   #vulnerabilities  

CRLFsuite on offsec.tools
CRLFsuite

The most powerful CRLF injection scanner.

#crlf   #scanner   #vulnerabilities  

CorsMe on offsec.tools
CorsMe

CORS misconfiguration scanner tool with speed and precision in mind!

#cors   #scanner   #vulnerabilities  

CORS Scanner on offsec.tools
CORS Scanner

A multi-threaded scanner that helps identify CORS flaws/misconfigurations.

#cors   #scanner   #vulnerabilities  

CORStest on offsec.tools
CORStest

A simple CORS misconfiguration scanner.

#cors   #scanner   #vulnerabilities  

Corsy on offsec.tools
Corsy

CORS Misconfiguration Scanner.

#cors   #scanner   #vulnerabilities  

Fuzzapi on offsec.tools
Fuzzapi

Used for REST API pentesting and provide UI solution for gem.

#api   #fuzzing   #scanner  

Retire.js on offsec.tools
Retire.js

Detects the use of JavaScript libraries with known vulnerabilities.

#fingerprint   #javascript   #scanner  

webanalyze on offsec.tools
webanalyze

Uncovers technologies used on websites to automate mass scanning.

#scanner   #technologies  

skipfish on offsec.tools
skipfish

Active web application security reconnaissance tool.

#crawler   #directories   #endpoints   #reports   #scanner   #sitemap  

Wireshark on offsec.tools
Wireshark

Network sniffer that captures and analyzes packets off the wire.

#mitm   #network   #scanner   #sniffing  

reconFTW on offsec.tools
reconFTW

Runs the best set of tools to perform scanning and finding out vulnerabilities on a target domain.

#allinone   #scanner   #vulnerabilities  

Crawlergo on offsec.tools
Crawlergo

A powerful browser crawler for web vulnerability scanners

#fuzzing   #scanner  

Sudomy on offsec.tools
Sudomy

Collects subdomains and analyzes domains performing automated reconnaissance.

#endpoints   #ips   #ports   #scanner   #screenshots   #subdomains   #subto  

Nginxpwner on offsec.tools
Nginxpwner

Simple tool to look for common Nginx misconfigurations and vulnerabilities.

#exploits   #scanner  

sns on offsec.tools
sns

IIS shortname scanner written in Go.

#exploits   #iis   #scanner  

Nmap on offsec.tools
Nmap

The network mapper.

#cves   #ips   #network   #ports   #scanner   #utils  

Rengine on offsec.tools
Rengine

Automated reconnaissance framework for webapps, highly configurable streamlined recon process.

#allinone   #framework   #ips   #osint   #scanner   #screenshots   #subdomains  

w3af on offsec.tools
w3af

Web Application Attack and Audit Framework.

#cves   #framework   #scanner   #vulnerabilities  

Venom on offsec.tools
Venom

Popular Pentesting scanner for SQLi/XSS/LFI/RFI and other Vulns.

#lfi   #rfi   #scanner   #sqli   #vulnerabilities   #xss  

Metasploit on offsec.tools
Metasploit

The world’s most used penetration testing framework.

#allinone   #cves   #exploits   #framework   #network   #scanner  

Sn1per on offsec.tools
Sn1per

Attack Surface Management Platform.

#allinone   #scanner  

Wapiti on offsec.tools
Wapiti

The web-application vulnerability scanner.

#allinone   #exploits   #fuzzing   #scanner  

Nikto on offsec.tools
Nikto

Nikto web server scanner.

#directories   #scanner  

Osmedeus on offsec.tools
Osmedeus

A Workflow Engine for Offensive Security

#framework   #scanner  

Jaeles on offsec.tools
Jaeles

The Swiss Army knife for automated Web Application Testing

#framework   #scanner  

Masscan on offsec.tools
Masscan

TCP port scanner, spews SYN packets asynchronously, scanning entire Internet in under 5 minutes.

#dns   #network   #ports   #scanner   #utils  

WhatWeb on offsec.tools
WhatWeb

Next generation web scanner.

#scanner  

Zed Attack Proxy on offsec.tools
Zed Attack Proxy

The world's most widely used web app scanner.

#allinone   #fuzzing   #owasp   #proxy   #scanner  

xray on offsec.tools
xray

Security assessment tool that supports common web security issue scanning and custom PoC.

#allinone   #scanner  

detectify-cves on offsec.tools
detectify-cves

Find CVEs that don't have a Detectify modules.

#cves   #detectify   #scanner  

Burp Suite on offsec.tools
Burp Suite

The class-leading vulnerability scanning, penetration testing, and web app security platform.

#allinone   #burpsuite   #cves   #fuzzing   #proxy   #scanner  

Aquatone on offsec.tools
Aquatone

A Tool for Domain Flyovers.

#network   #scanner  

WPScan on offsec.tools
WPScan

WPScan WordPress Security Scanner

#cms   #cves   #scanner   #wordpress