A vast collection of security tools for bug bounty, pentest and red teaming

#scanner

nuclei-burp-plugin on offsec.tools
Sponsor
nuclei-burp-plugin

A Burp Suite plugin intended to help with Nuclei template generation.

Nuclei templates on offsec.tools
Sponsor
Nuclei templates

Community curated list of templates for the Nuclei engine to find security vulnerabilities.

mapcidr on offsec.tools
Sponsor
mapcidr

Small utility program to perform multiple operations for a given subnet/CIDR ranges.

Naabu on offsec.tools
Sponsor
Naabu

A fast port scanner written in go with a focus on reliability and simplicity.

Nuclei on offsec.tools
Sponsor
Nuclei

Fast and customizable vulnerability scanner based on simple YAML based DSL.

Java Deserialization Scanner on offsec.tools
Featured
Java Deserialization Scanner

All-in-one plugin for the detection and exploitation of Java deserialization vulnerabilities.

TerminatorZ on offsec.tools
TerminatorZ

Scan for top potential vulnerabilities with known CVEs in your web applications.

#csrf   #cves   #rce   #scanner   #sqli   #xss  

Unicornscan on offsec.tools
Unicornscan

An asynchronous TCP and UDP port scanner.

Grendel-Scan on offsec.tools
Grendel-Scan

A tool for automated security scanning of web applications.

amap on offsec.tools
amap

Identify applications even if they are running on a different port than normal.

ike-scan on offsec.tools
ike-scan

Discover and fingerprint IKE hosts.

ratproxy on offsec.tools
ratproxy

A semi-automated largely passive web application security audit tool.

#csrf   #proxy   #scanner   #xss  

wikto on offsec.tools
wikto

Nikto for Windows with some extra features.

WebInspect on offsec.tools
WebInspect

An automated dynamic testing solution that provides comprehensive vulnerability detection.

Invicti on offsec.tools
Invicti

Web Application Security For Enterprise.

Striker on offsec.tools
Striker

Offensive information and vulnerability scanner.

celerystalk on offsec.tools
celerystalk

An asynchronous enumeration & vulnerability scanner.

RedTeam_toolkit on offsec.tools
RedTeam_toolkit

Open source Django offensive webapp which is keeping the best tools used in the redteaming.

smb-scanner on offsec.tools
smb-scanner

Samba scanning tool.

RED HAWK on offsec.tools
RED HAWK

All in one tool for information gathering, vulnerability scanning and crawling.

Vulmap on offsec.tools
Vulmap

Online local vulnerability scanners project.

Skanuvaty on offsec.tools
Skanuvaty

Dangerously fast DNS/network/port scanner.

#dns   #ips   #ports   #scanner  

autoSSRF on offsec.tools
autoSSRF

Smart context-based SSRF vulnerability scanner.

CMSeek on offsec.tools
CMSeek

CMS Detection and Exploitation suite that supports over 180 other CMSs.

afrog on offsec.tools
afrog

A vulnerability scanning tools for penetration testing.

Qualys Cloud Platform on offsec.tools
Qualys Cloud Platform

The revolutionary architecture that powers Qualys' IT, security, and compliance cloud apps.

SSTImap on offsec.tools
SSTImap

Automatic SSTI detection tool with interactive interface.

AORT on offsec.tools
AORT

All in one recon tool for bug bounty.

LanGuard on offsec.tools
LanGuard

Patch management, vulnerability scanning, and network auditing.

Nexpose on offsec.tools
Nexpose

Vulnerability scanner which aims to support the entire vulnerability management lifecycle.

Core Impact on offsec.tools
Core Impact

Designed to enable security teams to conduct advanced penetration tests with ease.

WebScarab on offsec.tools
WebScarab

Framework for analysing applications that communicate using the HTTP and HTTPS protocols.

Paros Proxy on offsec.tools
Paros Proxy

HTTP(S) proxy for assessing web application vulnerability.

Nessus on offsec.tools
Nessus

The global gold standard in vulnerability assessment built for the modern attack surface.

Ronin on offsec.tools
Ronin

A free and open source Ruby toolkit for security research and development.

Vuls on offsec.tools
Vuls

Agent-less vulnerability scanner.

jok3r on offsec.tools
jok3r

Network and Web Pentest Automation Framework.

Legion on offsec.tools
Legion

Aids in discovery, reconnaissance and exploitation of information systems.

IntelSpy on offsec.tools
IntelSpy

Perform automated network reconnaissance scans to gather network intelligence.

Trishul on offsec.tools
Trishul

Burp Suite Extension to hunt for common vulnerabilities found in websites.

ATOR on offsec.tools
ATOR

Authentication Token Obtain and Replace Extender.

Coercer on offsec.tools
Coercer

Automatically coerce a Windows server to authenticate on an arbitrary machine.

Raccoon on offsec.tools
Raccoon

A high performance offensive security tool for reconnaissance and vulnerability scanning.

Angry IP Scanner on offsec.tools
Angry IP Scanner

Fast and simple-to-use open-source/cross-platform network scanner.

#ips   #ports   #recon   #scanner  

RouterSploit on offsec.tools
RouterSploit

Exploitation framework for embedded devices.

TLD Scanner on offsec.tools
TLD Scanner

Scan all possible TLD's for a given domain name.

ChopChop on offsec.tools
ChopChop

Scan endpoints and identify exposition of sensitive services/files/folders.

Acunetix on offsec.tools
Acunetix

Quickly find and fix the vulnerabilities that put your web applications at risk of attack.

FOCA on offsec.tools
FOCA

Tool to find metadata and hidden information in the documents.

AWS security checks on offsec.tools
AWS security checks

This Burp Suite provides additional Scanner checks for AWS security issues.

burp-vulners-scanner on offsec.tools
burp-vulners-scanner

Vulnerability scanner based on vulners.com search API.

Simple Basic Malware Scanner on offsec.tools
Simple Basic Malware Scanner

Simple Malware Scanner based on file hash scan.

Betterscan on offsec.tools
Betterscan

Code Scanning/SAST/static analysis/linting using many tools/scanners with one report.

Burp WP on offsec.tools
Burp WP

Find known vulnerabilities in WordPress plugins and themes, WPScan like plugin for Burp.

Distribute Damage on offsec.tools
Distribute Damage

Evenly distributes scanner load across targets.

J2EEScan on offsec.tools
J2EEScan

Improve the test coverage during web application penetration tests on J2EE applications.

scan-check-builder on offsec.tools
scan-check-builder

Burp Suite extension which helps to improve the active and passive scanner by yourself.

Dastardly Scan Action on offsec.tools
Dastardly Scan Action

Runs a scan using Dastardly by Burp Suite against a target site and generates a report.

HTTPoxy Scanner on offsec.tools
HTTPoxy Scanner

A Burp Suite extension that checks for the HTTPoxy vulnerability.

UploadScanner on offsec.tools
UploadScanner

HTTP file upload scanner for Burp Proxy.

ActiveScan++ on offsec.tools
ActiveScan++

Extends Burp Suite's active and passive scanning capabilities.

EMBA on offsec.tools
EMBA

The security analyzer for firmware of embedded devices.

Eagle on offsec.tools
Eagle

Vulnerability scanner for mass detection of web-based applications vulnerabilities.

backslash-powered-scanner on offsec.tools
backslash-powered-scanner

Finds unknown classes of injection vulnerabilities.

flan on offsec.tools
flan

A pretty sweet vulnerability scanner.

Arachni on offsec.tools
Arachni

Web Application Security Scanner Framework.

Second Order on offsec.tools
Second Order

Second-order subdomain takeover scanner.

pyfiscan on offsec.tools
pyfiscan

Free web-application vulnerability and version scanner.

WPRecon on offsec.tools
WPRecon

Tool for the recognition of vulnerabilities and blackbox information for Wordpress.

WPSpider on offsec.tools
WPSpider

A centralized dashboard for running and scheduling WordPress scans powered by WPScan utility.

S3Scanner on offsec.tools
S3Scanner

Scan for open S3 buckets and dump the contents.

changeme on offsec.tools
changeme

A default credential scanner.

XSSwagger on offsec.tools
XSSwagger

A simple Swagger-ui scanner that can detect old versions vulnerable to various XSS attacks.

See-SURF on offsec.tools
See-SURF

Detect Vulnerable SSRF parameters.

XSSCon on offsec.tools
XSSCon

Simple XSS Scanner tool.

Extended XSS Searcher and Finder on offsec.tools
Extended XSS Searcher and Finder

Scans for different types of XSS on a list of urls.

#scanner   #xss  

DOMDig on offsec.tools
DOMDig

DOM XSS scanner for Single Page Applications.

XSpear on offsec.tools
XSpear

Powerfull XSS Scanning and Parameter analysis tool&gem.

XSSer on offsec.tools
XSSer

Automatic framework to detect, exploit and report XSS vulnerabilities in web-based applications.

metahttp on offsec.tools
metahttp

Script that automates the scanning of a target network for HTTP resources through XXE.

SQLiv on offsec.tools
SQLiv

Massive SQL injection vulnerability scanner.

SQLTruncSanner on offsec.tools
SQLTruncSanner

Messy BurpSuite plugin for SQL Truncation vulnerabilities.

Evil SQL Client on offsec.tools
Evil SQL Client

Interactive .NET SQL console client with enhanced SQL Server discovery/access/exfiltration features.

SQLiScanner on offsec.tools
SQLiScanner

Automatic SQL injection with Charles and sqlmap API.

Extended SSRF search on offsec.tools
Extended SSRF search

Smart SSRF scanner using different methods like parameter brute forcing in POST and GET.

InQL on offsec.tools
InQL

Burp Extension for GraphQL Security Testing.

BurpBounty on offsec.tools
BurpBounty

Improve the active and passive Burp Suite scanner by means of custom rules through GUI.

off-by-slash on offsec.tools
off-by-slash

Burp extension to detect alias traversal via NGINX misconfiguration at scale.

CRLF-Injection-Scanner on offsec.tools
CRLF-Injection-Scanner

Command line tool for testing CRLF injection on a list of domains.

CRLFsuite on offsec.tools
CRLFsuite

The most powerful CRLF injection scanner.

CorsMe on offsec.tools
CorsMe

CORS misconfiguration scanner tool with speed and precision in mind!

CORS Scanner on offsec.tools
CORS Scanner

A multi-threaded scanner that helps identify CORS flaws/misconfigurations.

CORStest on offsec.tools
CORStest

A simple CORS misconfiguration scanner.

Corsy on offsec.tools
Corsy

CORS Misconfiguration Scanner.

Fuzzapi on offsec.tools
Fuzzapi

Used for REST API pentesting and provide UI solution for gem.

Retire.js on offsec.tools
Retire.js

Detects the use of JavaScript libraries with known vulnerabilities.

webanalyze on offsec.tools
webanalyze

Uncovers technologies used on websites to automate mass scanning.

skipfish on offsec.tools
skipfish

Active web application security reconnaissance tool.

Wireshark on offsec.tools
Wireshark

Network sniffer that captures and analyzes packets off the wire.

reconFTW on offsec.tools
reconFTW

Runs the best set of tools to perform scanning and finding out vulnerabilities on a target domain.

Crawlergo on offsec.tools
Crawlergo

A powerful browser crawler for web vulnerability scanners

Sudomy on offsec.tools
Sudomy

Collects subdomains and analyzes domains performing automated reconnaissance.

Nginxpwner on offsec.tools
Nginxpwner

Simple tool to look for common Nginx misconfigurations and vulnerabilities.

sns on offsec.tools
sns

IIS shortname scanner written in Go.

Nmap on offsec.tools
Nmap

The network mapper.

Rengine on offsec.tools
Rengine

Automated reconnaissance framework for webapps, highly configurable streamlined recon process.

w3af on offsec.tools
w3af

Web Application Attack and Audit Framework.

Venom on offsec.tools
Venom

Popular Pentesting scanner for SQLi/XSS/LFI/RFI and other Vulns.

Metasploit on offsec.tools
Metasploit

The world’s most used penetration testing framework.

Sn1per on offsec.tools
Sn1per

Attack Surface Management Platform.

Wapiti on offsec.tools
Wapiti

The web-application vulnerability scanner.

Nikto on offsec.tools
Nikto

Nikto web server scanner.

Osmedeus on offsec.tools
Osmedeus

A Workflow Engine for Offensive Security

Jaeles on offsec.tools
Jaeles

The Swiss Army knife for automated Web Application Testing

Masscan on offsec.tools
Masscan

TCP port scanner, spews SYN packets asynchronously, scanning entire Internet in under 5 minutes.

WhatWeb on offsec.tools
WhatWeb

Next generation web scanner.

Zed Attack Proxy on offsec.tools
Zed Attack Proxy

The world's most widely used web app scanner.

xray on offsec.tools
xray

Security assessment tool that supports common web security issue scanning and custom PoC.

detectify-cves on offsec.tools
detectify-cves

Find CVEs that don't have a Detectify modules.

Burp Suite on offsec.tools
Burp Suite

The class-leading vulnerability scanning, penetration testing, and web app security platform.

Aquatone on offsec.tools
Aquatone

A Tool for Domain Flyovers.

WPScan on offsec.tools
WPScan

WPScan WordPress Security Scanner