A vast collection of security tools for bug bounty, pentest and red teaming

#vulnerabilities

132 results
Nuclei templates on offsec.tools
Sponsor
Nuclei templates

Community curated list of templates for the Nuclei engine to find security vulnerabilities.

#cves   #fuzzing   #payloads   #resources   #scanner   #secrets   #vulnerabilities  

HTTPoxy Scanner on offsec.tools
Featured
HTTPoxy Scanner

A Burp Suite extension that checks for the HTTPoxy vulnerability.

#burpsuite   #httpoxy   #scanner   #vulnerabilities  

kxss on offsec.tools
Featured
kxss

Adaption of tomnomnom's kxss tool with a different output format.

#vulnerabilities   #xss  

DVCA on offsec.tools
DVCA

Damn vulnerable cloud application.

#aws   #cloud   #training   #vulnerabilities  

Grendel-Scan on offsec.tools
Grendel-Scan

A tool for automated security scanning of web applications.

#scanner   #vulnerabilities  

Samurai WTF on offsec.tools
Samurai WTF

The best security training environment for developers and AppSec professionals.

#framework   #training   #vulnerabilities  

WebInspect on offsec.tools
WebInspect

An automated dynamic testing solution that provides comprehensive vulnerability detection.

#allinone   #cves   #reports   #scanner   #vulnerabilities  

Invicti on offsec.tools
Invicti

Web Application Security For Enterprise.

#allinone   #cves   #monitoring   #reports   #scanner   #vulnerabilities  

Striker on offsec.tools
Striker

Offensive information and vulnerability scanner.

#ports   #scanner   #subdomains   #vulnerabilities  

RedTeam_toolkit on offsec.tools
RedTeam_toolkit

Open source Django offensive webapp which is keeping the best tools used in the redteaming.

#cves   #directories   #reports   #scanner   #vulnerabilities   #xss  

RED HAWK on offsec.tools
RED HAWK

All in one tool for information gathering, vulnerability scanning and crawling.

#cms   #crawler   #dns   #recon   #scanner   #sqli   #subdomains   #vulnerabilities  

APTRS on offsec.tools
APTRS

Automated penetration testing reporting system.

#organizer   #reports   #vulnerabilities  

Pentest Mapper on offsec.tools
Pentest Mapper

Burp Suite extension for application pentest to write test cases and map flows and vulnerabilities.

#burpsuite   #mapping   #vulnerabilities  

Vulmap on offsec.tools
Vulmap

Online local vulnerability scanners project.

#cves   #exploits   #scanner   #vulnerabilities  

afrog on offsec.tools
afrog

A vulnerability scanning tools for penetration testing.

#cves   #fingerprint   #passwords   #scanner   #vulnerabilities  

awesome-cve-poc on offsec.tools
awesome-cve-poc

A collection about Proof of Concepts of Common Vulnerabilities and Exposures.

#cves   #exploits   #poc   #resources   #vulnerabilities  

reapoc on offsec.tools
reapoc

OpenSource Poc && Vulnerable-Target Storage Box.

#cves   #exploits   #poc   #resources   #vulnerabilities  

Qualys Cloud Platform on offsec.tools
Qualys Cloud Platform

The revolutionary architecture that powers Qualys' IT, security, and compliance cloud apps.

#allinone   #cves   #reports   #scanner   #vulnerabilities  

LanGuard on offsec.tools
LanGuard

Patch management, vulnerability scanning, and network auditing.

#allinone   #cves   #network   #reports   #scanner   #vulnerabilities  

Nexpose on offsec.tools
Nexpose

Vulnerability scanner which aims to support the entire vulnerability management lifecycle.

#allinone   #cves   #reports   #scanner   #vulnerabilities  

Core Impact on offsec.tools
Core Impact

Designed to enable security teams to conduct advanced penetration tests with ease.

#allinone   #cves   #exploits   #reports   #scanner   #vulnerabilities  

Paros Proxy on offsec.tools
Paros Proxy

HTTP(S) proxy for assessing web application vulnerability.

#allinone   #cves   #proxy   #reports   #scanner   #vulnerabilities  

Nessus on offsec.tools
Nessus

The global gold standard in vulnerability assessment built for the modern attack surface.

#allinone   #cves   #reports   #scanner   #vulnerabilities  

bWAPP on offsec.tools
bWAPP

An extremely buggy web application!.

#learning   #resources   #training   #vulnerabilities  

WebGoat on offsec.tools
WebGoat

Deliberately insecure application.

#learning   #resources   #training   #vulnerabilities  

VulnHub on offsec.tools
VulnHub

Provide materials that allows anyone to gain practical 'hands-on' experience in security.

#learning   #resources   #training   #vm   #vulnerabilities  

Vuls on offsec.tools
Vuls

Agent-less vulnerability scanner.

#scanner   #vulnerabilities  

Weaponised XSS Payloads on offsec.tools
Weaponised XSS Payloads

XSS payloads designed to turn alert(1) into P1.

#payloads   #privesc   #vulnerabilities   #xss  

Apidor on offsec.tools
Apidor

Tool for automating the search for IDOR vulnerabilities in web applications and APIs.

#idor   #vulnerabilities  

MagicRecon on offsec.tools
MagicRecon

A powerful shell script to maximize the recon and data collection process.

#allinone   #cloud   #emails   #recon   #screenshots   #subdomains   #vulnerabilities  

Trishul on offsec.tools
Trishul

Burp Suite Extension to hunt for common vulnerabilities found in websites.

#burpsuite   #scanner   #vulnerabilities  

Bug Bounty Reference on offsec.tools
Bug Bounty Reference

A list of Bug Bounty writeups that is categorized by the bug nature.

#bugbounty   #resources   #vulnerabilities   #writeups  

AllAboutBugBounty on offsec.tools
AllAboutBugBounty

Bug Bounty notes gathered from various sources.

#bugbounty   #cms   #framework   #payloads   #resources   #vulnerabilities  

SQLRecon on offsec.tools
SQLRecon

A C# MS-SQL toolkit designed for offensive reconnaissance and post-exploitation.

#azure   #mssql   #sqli   #vulnerabilities   #windows  

DependencyCheck on offsec.tools
DependencyCheck

Utility that detects publicly disclosed vulnerabilities in application dependencies.

#cves   #dependencies   #reports   #vulnerabilities  

TheftFuzzer on offsec.tools
TheftFuzzer

Fuzz Cross-Origin Resource Sharing implementations for common misconfigurations.

#cors   #fuzzing   #vulnerabilities  

BurpSuiteHTTPSmuggler on offsec.tools
BurpSuiteHTTPSmuggler

A Burp Suite extension to bypass WAFs or test their effectiveness using a number of techniques.

#burpsuite   #hrs   #vulnerabilities  

JSgen on offsec.tools
JSgen

Generate javascript code to be injected in case you find a Server Side Javascript Injection.

#javascript   #payloads   #shell   #ssji   #vulnerabilities  

Kadimus on offsec.tools
Kadimus

Check for and exploit LFI vulnerabilities with a focus on PHP systems.

#exploits   #lfi   #vulnerabilities  

Acunetix on offsec.tools
Acunetix

Quickly find and fix the vulnerabilities that put your web applications at risk of attack.

#allinone   #cves   #reports   #scanner   #vulnerabilities  

OpenVAS on offsec.tools
OpenVAS

This repository contains the scanner component for Greenbone Community Edition.

#cves   #scanners   #vulnerabilities  

Bugcrowd VRT on offsec.tools
Bugcrowd VRT

Bugcrowd’s baseline priority ratings for common security vulnerabilities.

#bugbounty   #bugcrowd   #vulnerabilities  

Exploitalert on offsec.tools
Exploitalert

Exploits found on the INTERNET.

#cves   #exploits   #resources   #vulnerabilities  

The Exploit Database on offsec.tools
The Exploit Database

Archive of public exploits and corresponding vulnerable software.

#cves   #exploits   #resources   #vulnerabilities  

burp-vulners-scanner on offsec.tools
burp-vulners-scanner

Vulnerability scanner based on vulners.com search API.

#burpsuite   #cves   #scanner   #vulnerabilities  

UploadScanner on offsec.tools
UploadScanner

HTTP file upload scanner for Burp Proxy.

#burpsuite   #fileupload   #scanner   #vulnerabilities  

BurpSentinel on offsec.tools
BurpSentinel

GUI Burp Plugin to ease discovering of security holes in web applications.

#burpsuite   #payloads   #sqli   #vulnerabilities   #xss  

Eagle on offsec.tools
Eagle

Vulnerability scanner for mass detection of web-based applications vulnerabilities.

#cves   #scanner   #vulnerabilities  

backslash-powered-scanner on offsec.tools
backslash-powered-scanner

Finds unknown classes of injection vulnerabilities.

#burpsuite   #scanner   #vulnerabilities  

flan on offsec.tools
flan

A pretty sweet vulnerability scanner.

#cves   #fingerprint   #ports   #scanner   #vulnerabilities  

takeover on offsec.tools
takeover

A tool for testing subdomain takeover possibilities at a mass scale.

#subdomains   #subto   #vulnerabilities  

Second Order on offsec.tools
Second Order

Second-order subdomain takeover scanner.

#scanner   #subdomains   #subto   #vulnerabilities  

HostileSubBruteforcer on offsec.tools
HostileSubBruteforcer

Bruteforce existing subdomains and provide informations about them.

#bruteforce   #subdomains   #subto   #vulnerabilities  

tko-subs on offsec.tools
tko-subs

A tool that can help detect and takeover subdomains with dead DNS records.

#dns   #subdomains   #subto   #vulnerabilities  

subHijack on offsec.tools
subHijack

Hijacking forgotten & misconfigured subdomains.

#subdomains   #subto   #vulnerabilities  

Can I take over XYZ? on offsec.tools
Can I take over XYZ?

A list of services and how to claim (sub)domains with dangling DNS records.

#resources   #subdomains   #subto   #vulnerabilities  

SubOver on offsec.tools
SubOver

A Powerful Subdomain Takeover Tool.

#subdomains   #subto   #vulnerabilities  

git-vuln-finder on offsec.tools
git-vuln-finder

Find potential software vulnerabilities from git commit messages.

#cves   #git   #regexp   #vulnerabilities  

BitBlinder on offsec.tools
BitBlinder

Injects custom XSS payloads on every form/request submitted to detect blind XSS.

#burpsuite   #payloads   #vulnerabilities   #xss  

XSSCon on offsec.tools
XSSCon

Simple XSS Scanner tool.

#scanner   #vulnerabilities   #xss  

XSSMap on offsec.tools
XSSMap

Detect XSS vulnerability in Web Applications.

#vulnerabilities   #xss  

DOM XSS Scanner on offsec.tools
DOM XSS Scanner

A tool to scan source code for DOM based XSS vulnerabilities.

#vulnerabilities   #xss  

Femida on offsec.tools
Femida

Automated blind-xss search for Burp Suite.

#burpsuite   #oob   #vulnerabilities   #xss  

DOMDig on offsec.tools
DOMDig

DOM XSS scanner for Single Page Applications.

#scanner   #vulnerabilities   #xss  

BruteXSS on offsec.tools
BruteXSS

Tool written in Python simply to find XSS vulnerabilities in web application.

#vulnerabilities   #xss  

XSS Radar on offsec.tools
XSS Radar

A Chrome extension for fast and easy XSS fuzzing.

#browser   #chrome   #fuzzing   #vulnerabilities   #xss  

bXSS on offsec.tools
bXSS

bXSS is a utility which can be used identify Blind Cross-Site Scripting.

#oob   #vulnerabilities   #xss  

xssValidator on offsec.tools
xssValidator

A Burp Intruder extender designed for automation and validation of XSS vulnerabilities.

#burpsuite   #vulnerabilities   #xss  

Tracy on offsec.tools
Tracy

Assists with finding all sinks and sources of a webapp and display the results in a nice way.

#browser   #chrome   #firefox   #vulnerabilities   #xss  

XSpear on offsec.tools
XSpear

Powerfull XSS Scanning and Parameter analysis tool&gem.

#exploits   #parameters   #scanner   #vulnerabilities   #xss  

XSSer on offsec.tools
XSSer

Automatic framework to detect, exploit and report XSS vulnerabilities in web-based applications.

#exploits   #framework   #scanner   #vulnerabilities   #xss  

ezXSS on offsec.tools
ezXSS

An easy way for penetration testers and bug bounty hunters to test (blind) XSS.

#vulnerabilities   #xss  

Sleepy Puppy on offsec.tools
Sleepy Puppy

Sleepy Puppy XSS Payload Management Framework.

#framework   #payloads   #vulnerabilities   #xss  

xsscrapy on offsec.tools
xsscrapy

Fast, thorough, XSS/SQLi spider.

#sqli   #vulnerabilities   #xss  

XSS'OR on offsec.tools
XSS'OR

Hack with JavaScript.

#exploits   #payloads   #vulnerabilities   #xss  

DTD Finder on offsec.tools
DTD Finder

List DTDs and generate XXE payloads using those local DTDs.

#dtd   #payloads   #vulnerabilities   #xxe  

Ground control on offsec.tools
Ground control

A collection of scripts mainly for debugging SSRF, blind XSS, and XXE vulnerabilities.

#debug   #ssrf   #vulnerabilities   #xss   #xxe  

NoSQL Injector on offsec.tools
NoSQL Injector

NoSql Injection CLI tool for finding vulnerable websites using MongoDB.

#mongodb   #nosqli   #sqli   #vulnerabilities  

SQLiv on offsec.tools
SQLiv

Massive SQL injection vulnerability scanner.

#scanner   #sqli   #vulnerabilities  

andor on offsec.tools
andor

Blind SQL Injection Tool with Golang.

#sqli   #vulnerabilities  

SQLTruncSanner on offsec.tools
SQLTruncSanner

Messy BurpSuite plugin for SQL Truncation vulnerabilities.

#burpsuite   #scanner   #sqli   #vulnerabilities  

Burp-to-SQLMap on offsec.tools
Burp-to-SQLMap

Performing SQLInjection test on Burp Suite Bulk Requests using SQLMap.

#bursuite   #exploits   #sqli   #vulnerabilities  

MSSQLi-DUET on offsec.tools
MSSQLi-DUET

SQL injection script for Microsoft SQL Server.

#burpsuite   #firewall   #mssql   #sqli   #sqlserver   #vulnerabilities  

waybackSqliScanner on offsec.tools
waybackSqliScanner

Gather urls from wayback machine then test each GET parameter for SQL injection.

#endpoints   #sqli   #vulnerabilities  

SQLi-Hunter on offsec.tools
SQLi-Hunter

Simple HTTP(S) proxy server and a SQLMAP API wrapper that makes digging SQLi easy.

#api   #sqli   #vulnerabilities  

SQLiScanner on offsec.tools
SQLiScanner

Automatic SQL injection with Charles and sqlmap API.

#scanner   #sqli   #vulnerabilities  

Extended SSRF search on offsec.tools
Extended SSRF search

Smart SSRF scanner using different methods like parameter brute forcing in POST and GET.

#scanner   #ssrf   #vulnerabilities  

B-XSSRF on offsec.tools
B-XSSRF

Toolkit to detect and keep track on Blind XSS, XXE & SSRF.

#ssrf   #vulnerabilities   #xss   #xxe  

SSRF Sheriff on offsec.tools
SSRF Sheriff

A simple SSRF-testing sheriff written in Go.

#ssrf   #vulnerabilities  

httprebind on offsec.tools
httprebind

Automatic tool for DNS rebinding-based SSRF attacks.

#aws   #google   #ssrf   #vulnerabilities  

Gopherus on offsec.tools
Gopherus

Generates gopher link for exploiting SSRF and gaining RCE in various servers.

#exploits   #rce   #shell   #ssrf   #vulnerabilities  

SSRFmap on offsec.tools
SSRFmap

Automatic SSRF fuzzer and exploitation tool.

#exploits   #fuzzing   #ssrf   #vulnerabilities  

h2cSmuggler on offsec.tools
h2cSmuggler

HTTP Request Smuggling over HTTP/2 Cleartext.

#hrs   #vulnerabilities  

Smuggler on offsec.tools
Smuggler

An HTTP Request Smuggling / Desync testing tool.

#hrs   #vulnerabilities  

Requests-Racer on offsec.tools
Requests-Racer

Exploit race conditions in web apps with Requests.

#exploits   #racecondition   #vulnerabilities  

dom-red on offsec.tools
dom-red

Small script to check a list of domains against open redirect vulnerability.

#openredirect   #vulnerabilities  

Oralyzer on offsec.tools
Oralyzer

Open Redirection Analyzer.

#exploits   #fuzzing   #openredirect   #vulnerabilities  

LFI Suite on offsec.tools
LFI Suite

Totally Automatic LFI Exploiter and Scanner.

#exploits   #lfi   #shell   #vulnerabilities  

Liffy on offsec.tools
Liffy

Local file inclusion exploitation tool.

#exploits   #lfi   #vulnerabilities  

off-by-slash on offsec.tools
off-by-slash

Burp extension to detect alias traversal via NGINX misconfiguration at scale.

#burpsuite   #scanner   #vulnerabilities  

DotDotPwn on offsec.tools
DotDotPwn

The Directory Traversal Fuzzer.

#fuzzing   #lfi   #vulnerabilities  

XSRFProbe on offsec.tools
XSRFProbe

The Prime Cross Site Request Forgery Audit and Exploitation Toolkit.

#audit   #csrf   #exploits   #vulnerabilities  

Injectus on offsec.tools
Injectus

CRLF and open redirect fuzzer.

#crlf   #fuzzing   #openredirect   #vulnerabilities  

CRLF-Injection-Scanner on offsec.tools
CRLF-Injection-Scanner

Command line tool for testing CRLF injection on a list of domains.

#crlf   #scanner   #vulnerabilities  

CRLFsuite on offsec.tools
CRLFsuite

The most powerful CRLF injection scanner.

#crlf   #scanner   #vulnerabilities  

CorsMe on offsec.tools
CorsMe

CORS misconfiguration scanner tool with speed and precision in mind!

#cors   #scanner   #vulnerabilities  

CORS Scanner on offsec.tools
CORS Scanner

A multi-threaded scanner that helps identify CORS flaws/misconfigurations.

#cors   #scanner   #vulnerabilities  

CORStest on offsec.tools
CORStest

A simple CORS misconfiguration scanner.

#cors   #scanner   #vulnerabilities  

Corsy on offsec.tools
Corsy

CORS Misconfiguration Scanner.

#cors   #scanner   #vulnerabilities  

jSQL Injection on offsec.tools
jSQL Injection

Java application for automatic SQL database injection.

#java   #sqli   #vulnerabilities  

BeEF on offsec.tools
BeEF

The Browser Exploitation Framework is a penetration testing tool that focuses on the web browser.

#browser   #exploits   #framework   #vulnerabilities   #xss  

mx-takeover on offsec.tools
mx-takeover

Focuses DNS MX records and detects misconfigured MX records.

#emails   #subdomains   #subto   #vulnerabilities  

OpenRedireX on offsec.tools
OpenRedireX

A Fuzzer for OpenRedirect issues.

#openredirect   #vulnerabilities  

FDsploit on offsec.tools
FDsploit

File Inclusion & Directory Traversal fuzzing, enumeration & exploitation tool.

#lfd   #lfi   #rfi   #vulnerabilities  

http-request-smuggling on offsec.tools
http-request-smuggling

HTTP Request Smuggling Detection Tool.

#hrs   #vulnerabilities  

FinDOM-XSS on offsec.tools
FinDOM-XSS

A fast DOM based XSS vulnerability scanner with simplicity.

#vulnerabilities   #xss  

CRLFMap on offsec.tools
CRLFMap

CRLFMap is a tool to find HTTP Splitting vulnerabilities.

#crlf   #vulnerabilities  

reconFTW on offsec.tools
reconFTW

Runs the best set of tools to perform scanning and finding out vulnerabilities on a target domain.

#allinone   #scanner   #vulnerabilities  

w3af on offsec.tools
w3af

Web Application Attack and Audit Framework.

#cves   #framework   #scanner   #vulnerabilities  

Venom on offsec.tools
Venom

Popular Pentesting scanner for SQLi/XSS/LFI/RFI and other Vulns.

#lfi   #rfi   #scanner   #sqli   #vulnerabilities   #xss  

Ghauri on offsec.tools
Ghauri

Automates the process of detecting and exploiting SQL injection security flaws.

#exploits   #sqli   #vulnerabilities  

tplmap on offsec.tools
tplmap

Server-Side Template Injection and Code Injection Detection and Exploitation Tool.

#ssti   #vulnerabilities  

Knoxnl on offsec.tools
Knoxnl

This is a python wrapper around the amazing KNOXSS.

#fuzzing   #vulnerabilities   #xss  

SSRFTest on offsec.tools
SSRFTest

SSRF testing tool.

#ssrf   #vulnerabilities  

sqlmap on offsec.tools
sqlmap

Automatic SQL injection and database takeover tool.

#exploits   #sqli   #vulnerabilities  

NoSQLMap on offsec.tools
NoSQLMap

Automated NoSQL database enumeration and web application exploitation tool.

#sqli   #vulnerabilities  

SQLninja on offsec.tools
SQLninja

Exploit SQL Injection vulnerabilities on a web application that uses Microsoft SQL Server.

#sqli   #vulnerabilities  

Subjack on offsec.tools
Subjack

Subdomain Takeover tool written in Go.

#subto   #vulnerabilities  

XSStrike on offsec.tools
XSStrike

Most advanced XSS scanner.

#exploits   #vulnerabilities   #xss  

DalFox on offsec.tools
DalFox

Powerful open source XSS scanning tool and parameter analyzer, utility.

#exploits   #vulnerabilities   #xss  

Commix on offsec.tools
Commix

Automated All-in-One OS Command Injection Exploitation Tool.

#exploits   #rce   #vulnerabilities  

KNOXSS on offsec.tools
KNOXSS

Online XSS tool with demonstration of vulnerability.

#browser   #online   #vulnerabilities   #xss