Free
SSRFmap
Adversary emulation framework for testing security measures in network environments.
Offensive Security
Offensive security testing uncovers vulnerabilities through simulated attacks.
Try these 279 AI Offensive Security Tools
Free
Stratus Red Team
Ivy is a payload creation framework for executing arbitrary VBA source code directly in memory, utilizing programmatical access to load, decrypt, and execute shellcode.
Free
Sticky-Keys-Slayer
A tool that visits suspected phishing pages, takes screenshots, and extracts interesting files.
Free
Strengthen Your Phishing with Apache mod_rewrite and Mobile User Redirection
A managed code hooking template for .NET assemblies, enabling API hooking, code injection, and runtime manipulation.
Free
Sublist3r
A guide on basic Linux privilege escalation techniques including enumeration, data analysis, exploit customization, and trial and error.
Free
Sudomy
A tool that checks expired domains for categorization/reputation and Archive.org history to determine good candidates for phishing and C2 domain names.
Free
thc-hydra
Charlotte is an undetected C++ shellcode launcher for executing shellcode with stealth.
Free
The Absurdly Underestimated Dangers of CSV Injection
A tool for enumerating and attacking GitHub Actions pipelines
Free
The Penetration Testing Execution Standard
A quick and dirty dynamic redirect.rules generator for penetration testers and security professionals.
Free
ThreatCheck
A tool for working with Direct System Calls in Cobalt Strike's Beacon Object Files (BOF) for offensive security purposes.
Free
tko-subs
A collaborative, multi-platform, red teaming framework for simulating attacks and testing defenses.
Free
Tugarecon
A free online wargame for practicing hacking skills and learning security concepts.
Free
Turbo Intruder Scripts
Darkarmour is a Windows AV evasion tool that helps bypass antivirus software, allowing for the creation of undetectable malware.
Free
Turbo Intruder
A blog post discussing the often overlooked dangers of CSV injection in applications.
Free
Using a SCF file to Gather Hashes
A Burp Suite extension for sending large numbers of HTTP requests and analyzing the results.
Free
Vezir-Project
Merlin is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in Golang for efficient and secure communication.
Free
Vulnerable-AD
Sublist3r is a python tool for enumerating subdomains using OSINT and various search engines.
Free
Free
WayBackMachine
A repository containing material for Android greybox fuzzing with AFL++ Frida mode
Free
Wfuzz
A login cracker that can be used to crack many types of authentication protocols.
