{"id":599745,"date":"2023-01-21T06:49:29","date_gmt":"2023-01-21T12:49:29","guid":{"rendered":"https:\/\/news.sellorbuyhomefast.com\/index.php\/2023\/01\/21\/offsec-tools-a-vast-collection-of-security-tools\/"},"modified":"2023-01-21T06:49:29","modified_gmt":"2023-01-21T12:49:29","slug":"offsec-tools-a-vast-collection-of-security-tools","status":"publish","type":"post","link":"https:\/\/newsycanuse.com\/index.php\/2023\/01\/21\/offsec-tools-a-vast-collection-of-security-tools\/","title":{"rendered":"Offsec.tools \u2013 A vast collection of security tools"},"content":{"rendered":"<div data-v-b7c37e8a>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"0d1n on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/b317da2e9b068f7dadf8d7b14591c01b.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/0d1n\" data-v-02830d79>0d1n<\/a><\/h6>\n<p data-v-02830d79>Tool for automating customized attacks against web applications.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"2tearsinabucket on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/0557ad2adf3a2c36d5824a79622beb47.png\" data-v-02830d79><\/p>\n<\/p><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"4-ZERO-3 on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/1c16628abd8e19287e23b94ca0126016.png\" data-v-02830d79><\/p>\n<\/p><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"ActiveScan++ on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/acb8672efd9c1bf0639ff5fdc8119bdf.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/active-scan-plus-plus\" data-v-02830d79>ActiveScan++<\/a><\/h6>\n<p data-v-02830d79>Extends Burp Suite&#8217;s active and passive scanning capabilities.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"Acunetix on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/3051c6aeb856444cd53e06b325735f93.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/acunetix\" data-v-02830d79>Acunetix<\/a><\/h6>\n<p data-v-02830d79>Quickly find and fix the vulnerabilities that put your web applications at risk of attack.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"ADAPE Script on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/25dddeda5e35307c1bc5486ed3c8396a.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/adape-script\" data-v-02830d79>ADAPE Script<\/a><\/h6>\n<p data-v-02830d79>Active Directory assessment and privilege escalation script.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"ADenum on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/5be0e55096bce47e2380a92aeac222af.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/adenum\" data-v-02830d79>ADenum<\/a><\/h6>\n<p data-v-02830d79>Find misconfiguration through LDAP to exploit weaknesses with Kerberos.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"ADReaper on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/74cf7a7ac21005a0054c2e22c448ff6e.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/adreaper\" data-v-02830d79>ADReaper<\/a><\/h6>\n<p data-v-02830d79>Enumerate an Active Directory environment with LDAP queries.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"ADRT on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/a5e06d235663150fa7d0e43fd4cc5ad9.jpg\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/adrt\" data-v-02830d79>ADRT<\/a><\/h6>\n<p data-v-02830d79>Active Directory Report Tool.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"airbash on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/5696eadbbd455deeb8ce1e97f184dba1.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/airbash\" data-v-02830d79>airbash<\/a><\/h6>\n<p data-v-02830d79>Fully automated WPA PSK PMKID and handshake capture script.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"aircrack-ng on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/eba1d66eeab69eda1b3be37f2cb9f3b1.jpeg\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/aircrack-ng\" data-v-02830d79>aircrack-ng<\/a><\/h6>\n<p data-v-02830d79>Complete suite of tools to assess WiFi network security.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"AllAboutBugBounty on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/fdd4f0768fa2de6f46779bffe72a22b7.png\" data-v-02830d79><\/p>\n<\/p><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"Altdns on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/e0bec4fcf892b41a42f278e9c1719b87.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/altdns\" data-v-02830d79>Altdns<\/a><\/h6>\n<p data-v-02830d79>Generates permutations, alterations and mutations of subdomains and then resolves them.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"Amass on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/bba78214980e1be9d8c31207a3e6a034.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/amass\" data-v-02830d79>Amass<\/a><\/h6>\n<p data-v-02830d79>In-depth Attack Surface Mapping and Asset Discovery.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"andor on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/f26c149695a7663262df94ccda35f4c7.gif\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/andor\" data-v-02830d79>andor<\/a><\/h6>\n<p data-v-02830d79>Blind SQL Injection Tool with Golang.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"Angry IP Scanner on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/dd15439c46bee02975c2832c1a834a59.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/angry-ip-scanner\" data-v-02830d79>Angry IP Scanner<\/a><\/h6>\n<p data-v-02830d79>Fast and simple-to-use open-source\/cross-platform network scanner.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"APKEnum on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/2c6f364bdd79d5ee75b9e2c1e1dcebba.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/apkenum\" data-v-02830d79>APKEnum<\/a><\/h6>\n<p data-v-02830d79>Passive enumeration utility For Android applications.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"apkurlgrep on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/7c70ee29c5cb661647ef503a80b09c05.png\" data-v-02830d79><\/p>\n<\/p><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"Aquatone on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/4a93b64bb20ffd1f10d7cd03c6f4f480.png\" data-v-02830d79><\/p>\n<\/p><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"Arachni on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/b57c5d8cc81ffb379575d1515198b80f.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/arachni\" data-v-02830d79>Arachni<\/a><\/h6>\n<p data-v-02830d79>Web Application Security Scanner Framework.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"archaeologit on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/37f92ba0cbeaae72a7910a5fd8fb1e51.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/archaeologit\" data-v-02830d79>archaeologit<\/a><\/h6>\n<p data-v-02830d79>Scans the history of GitHub repositories to find sensitive things.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"Arjun on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/508cbc52237fc0e9451a25532f5a8004.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/arjun\" data-v-02830d79>Arjun<\/a><\/h6>\n<p data-v-02830d79>HTTP parameter discovery suite.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"As3nt on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/05ac4773078d217b2e79a86e6911d97f.gif\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/as3nt\" data-v-02830d79>As3nt<\/a><\/h6>\n<p data-v-02830d79>Another Subdomain ENumeration Tool.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"ASNLookup on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/a3c074e3cebced6826de37c0793fb358.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/asnlookup\" data-v-02830d79>ASNLookup<\/a><\/h6>\n<p data-v-02830d79>Leverage ASN to look up IP addresses owned by a specific organization.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"ASNmap on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/a8d02ffdd4652ef648caa0b037b07474.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/asnmap\" data-v-02830d79>ASNmap<\/a><\/h6>\n<p data-v-02830d79>Quickly maps organization network ranges using ASN information.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"assetfinder on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/4617ec9026c4dbfec6692df1956cca6d.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/assetfinder\" data-v-02830d79>assetfinder<\/a><\/h6>\n<p data-v-02830d79>Find domains and subdomains related to a given domain.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"Async DNS Brute on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/1eba5fc38c90bf5b980cd41541421b70.png\" data-v-02830d79><\/p>\n<\/p><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"ATOR on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/26ec29b1dd0d1229843de7b5e59afa39.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/ator\" data-v-02830d79>ATOR<\/a><\/h6>\n<p data-v-02830d79>Authentication Token Obtain and Replace Extender.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"AttackSurfaceMapper on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/ed74bf1b064bf90180ded3a97e962d64.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/attacksurfacemapper\" data-v-02830d79>AttackSurfaceMapper<\/a><\/h6>\n<p data-v-02830d79>AttackSurfaceMapper is a tool that aims to automate the reconnaissance process.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"Auth Analyzer on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/9a406f9cab6f5f8219d8469f4f80545b.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/auth-analyzer\" data-v-02830d79>Auth Analyzer<\/a><\/h6>\n<p data-v-02830d79>The Burp extension helps you to find authorization bugs.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"AuthMatrix on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/848ac1d78af335cbe317a4a964a8da0c.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/authmatrix\" data-v-02830d79>AuthMatrix<\/a><\/h6>\n<p data-v-02830d79>Provides a simple way to test authorization in web applications and web services.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"authz on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/c7ecdd26491d814edb5476a1efdbd4be.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/authz\" data-v-02830d79>authz<\/a><\/h6>\n<p data-v-02830d79>Burp Suite plugin to test for authorization flaws.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"AutoRecon on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/614c4ae2af1b27121c5960189d43c8f3.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/autorecon\" data-v-02830d79>AutoRecon<\/a><\/h6>\n<p data-v-02830d79>Multi-threaded network reconnaissance tool which performs automated enumeration of services.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"AutoRepeater on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/78725b538d44c2f7ae4a3c8a42e4f0a9.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/autorepeater\" data-v-02830d79>AutoRepeater<\/a><\/h6>\n<p data-v-02830d79>Automated HTTP Request Repeating With Burp Suite.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"Autorize on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/ce495e559039ea357e61e23fa1cce816.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/autorize\" data-v-02830d79>Autorize<\/a><\/h6>\n<p data-v-02830d79>Automatic authorization enforcement detection extension for Burp Suite.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"AutoSploit on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/4831f0c7ab9c4e8b1a347e686eb3339f.png\" data-v-02830d79><\/p>\n<\/p><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"autoSubTakeover on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/f2ae0f448ff2350009eadbd76a409d57.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/autosubtakeover\" data-v-02830d79>autoSubTakeover<\/a><\/h6>\n<p data-v-02830d79>A tool used to check if a CNAME resolves to the scope address.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"Autowasp on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/7d11438caa82c92ab38e87f41646c639.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/autowasp\" data-v-02830d79>Autowasp<\/a><\/h6>\n<p data-v-02830d79>A one-stop pentesting checklist and logger tool.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"Awesome Bug Bounty on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/7a1e3eda5c5c4013dde1d9810fd3c85c.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/awesome-bug-bounty\" data-v-02830d79>Awesome Bug Bounty<\/a><\/h6>\n<p data-v-02830d79>A comprehensive curated list of available Bug Bounty &#038; disclosure programs and writeups.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"Awesome BugBounty Writeups on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/ff586d921ac598d14196cd1a7c93305d.png\" data-v-02830d79><\/p>\n<\/p><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"AWS Extender CLI on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/2af92a0f51a6c243e38c2dc078bb1ad7.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/aws-extender-cli\" data-v-02830d79>AWS Extender CLI<\/a><\/h6>\n<p data-v-02830d79>Command-line script to test cloud storage for common misconfiguration issues.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"AWS security checks on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/2187f2603590d910ce571e7ff7c3b9e3.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/aws-security-checks\" data-v-02830d79>AWS security checks<\/a><\/h6>\n<p data-v-02830d79>This Burp Suite provides additional Scanner checks for AWS security issues.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"AWSBucketDump on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/ca1f7031af65857b6a1559d37bf3698d.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/awsbucketdump\" data-v-02830d79>AWSBucketDump<\/a><\/h6>\n<p data-v-02830d79>Security Tool to Look For Interesting Files in S3 Buckets.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"B-XSSRF on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/ca4fead5efd8e7bec3afbe3c72d650ee.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/b-xssrf\" data-v-02830d79>B-XSSRF<\/a><\/h6>\n<p data-v-02830d79>Toolkit to detect and keep track on Blind XSS, XXE &#038; SSRF.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"backslash-powered-scanner on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/f63ae54ecdd4ebd9913e7aa60a598f09.png\" data-v-02830d79><\/p>\n<\/p><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"barq on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/27233a4c162dfb2ef09313b991c3fd13.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/barq\" data-v-02830d79>barq<\/a><\/h6>\n<p data-v-02830d79>The AWS Cloud Post Exploitation framework!<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"BeEF on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/2dd014c89f17027406b6efead8663d6b.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/beef\" data-v-02830d79>BeEF<\/a><\/h6>\n<p data-v-02830d79>The Browser Exploitation Framework is a penetration testing tool that focuses on the web browser.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"BeRoot on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/21c0efffe05e96f72c493676e21f8dfe.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/beroot\" data-v-02830d79>BeRoot<\/a><\/h6>\n<p data-v-02830d79>Multiplaform privilege escalation project.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"bettercap on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/c35edef30241afb39a88ef0431839641.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/bettercap\" data-v-02830d79>bettercap<\/a><\/h6>\n<p data-v-02830d79>The Swiss Army knife for WiFi, BLE, IPv4 and IPv6 networks reconnaissance and MITM attacks.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"Betterscan on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/25dd8ff9ff04f009a207f30041bf9430.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/betterscan\" data-v-02830d79>Betterscan<\/a><\/h6>\n<p data-v-02830d79>Code Scanning\/SAST\/static analysis\/linting using many tools\/scanners with one report.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"BFAC on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/cd1e50c37e8c440cce8ed3580fe7b6b3.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/bfac\" data-v-02830d79>BFAC<\/a><\/h6>\n<p data-v-02830d79>Check for backup artifacts that may disclose the web-application&#8217;s source code.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"BitBlinder on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/1968e50ae8eba50e4c533aa71eb94189.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/bitblinder\" data-v-02830d79>BitBlinder<\/a><\/h6>\n<p data-v-02830d79>Injects custom XSS payloads on every form\/request submitted to detect blind XSS.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"BlackWidow on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/f51578f47fb4b680aca97cc489556fbe.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/blackwidow\" data-v-02830d79>BlackWidow<\/a><\/h6>\n<p data-v-02830d79>Web application scanner to gather OSINT and fuzz for OWASP vulnerabilities on a target website.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"bounty-targets-data on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/01693183964bc56e01ee287b6d6837ee.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/bounty-targets-data\" data-v-02830d79>bounty-targets-data<\/a><\/h6>\n<p data-v-02830d79>Hourly-updated data dumps of bug bounty platform scopes that are eligible for reports.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"bountyplz on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/9855f387b6851650cec55e50b28bfe19.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/bountyplz\" data-v-02830d79>bountyplz<\/a><\/h6>\n<p data-v-02830d79>Automated security reporting from markdown templates.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"brutesubs on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/5481d81a617db947d4ef9afeb2eb948d.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/brutesubs\" data-v-02830d79>brutesubs<\/a><\/h6>\n<p data-v-02830d79>Automation framework for running multiple open sourced subdomain bruteforcing tools in parallel.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"BruteX on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/f2492389ece40cd804d234ac288088a6.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/brutex\" data-v-02830d79>BruteX<\/a><\/h6>\n<p data-v-02830d79>Automatically brute force all services running on a target.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"BruteXSS on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/338b1d7a2d813dabd4ee70f6376b265a.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/brutexss\" data-v-02830d79>BruteXSS<\/a><\/h6>\n<p data-v-02830d79>Tool written in Python simply to find XSS vulnerabilities in web application.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"Bug Bounty Guide on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/fc06140c92872d2e33a0b9af346ce562.png\" data-v-02830d79><\/p>\n<\/p><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"Bug Bounty Reference on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/42cc42e9aaabf22c2572e86de463d847.png\" data-v-02830d79><\/p>\n<\/p><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"BugBountyHunter on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/42576fc93dd1ced8b26bfeb6c20a6611.png\" data-v-02830d79><\/p>\n<\/p><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"Bugcrowd VRT on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/d4a83cddd99a7421d759960a85f8f214.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/bugcrowd-vrt\" data-v-02830d79>Bugcrowd VRT<\/a><\/h6>\n<p data-v-02830d79>Bugcrowd\u2019s baseline priority ratings for common security vulnerabilities.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"Burp Extender API on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/f66811bec7cd87f7b56f2b67ff365dd5.png\" data-v-02830d79><\/p>\n<\/p><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"Burp NTLM Challenge Decoder on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/ac035977739363ee607ff094d630ba29.gif\" data-v-02830d79><\/p>\n<\/p><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"Burp Suite on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/8373702544d5dd64345c4bf3ffc9561d.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/burp-suite\" data-v-02830d79>Burp Suite<\/a><\/h6>\n<p data-v-02830d79>The class-leading vulnerability scanning, penetration testing, and web app security platform.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"Burp WP on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/767e5e6510f1575cd2a03e37ea3a4c76.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/burp-wp\" data-v-02830d79>Burp WP<\/a><\/h6>\n<p data-v-02830d79>Find known vulnerabilities in WordPress plugins and themes, WPScan like plugin for Burp.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"Burp-AnonymousCloud on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/947a5b76f0be326748befc93ecfd5b03.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/burp-anonymouscloud\" data-v-02830d79>Burp-AnonymousCloud<\/a><\/h6>\n<p data-v-02830d79>Performs passive scan to identify buckets and test them for publicly accessible vulnerabilities.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"burp-exporter on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/58f0d52e267676bfeb2722963f4c14d6.jpeg\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/burp-exporter\" data-v-02830d79>burp-exporter<\/a><\/h6>\n<p data-v-02830d79>Copy a Burp Suite request to a file or the clipboard as multiple programming languages functions.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"Burp-to-SQLMap on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/c370a99d4bbbcab48a31083634a00b82.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/burp-to-sqlmap\" data-v-02830d79>Burp-to-SQLMap<\/a><\/h6>\n<p data-v-02830d79>Performing SQLInjection test on Burp Suite Bulk Requests using SQLMap.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"burp-vulners-scanner on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/124e4513cd41a5488eb601a22b23b1cb.png\" data-v-02830d79><\/p>\n<\/p><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"BurpBeautifier on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/f494c5d9f6bce64c2b2826b318b77f8c.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/burpbeautifier\" data-v-02830d79>BurpBeautifier<\/a><\/h6>\n<p data-v-02830d79>Burpsuite extension for beautifying request\/response body.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"BurpBounty on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/5e527ee8aea498f5b33e44477071e23f.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/burpbounty\" data-v-02830d79>BurpBounty<\/a><\/h6>\n<p data-v-02830d79>Improve the active and passive Burp Suite scanner by means of custom rules through GUI.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"BurpJSLinkFinder on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/e9c8d42e6f71ede85d0da051a5de685f.gif\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/burpjslinkfinder\" data-v-02830d79>BurpJSLinkFinder<\/a><\/h6>\n<p data-v-02830d79>Burp Extension for a passive scanning JS files for endpoint links.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"BurpSentinel on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/bc5f0bb3f44b181d3d1117ec061da39c.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/burpsentinel\" data-v-02830d79>BurpSentinel<\/a><\/h6>\n<p data-v-02830d79>GUI Burp Plugin to ease discovering of security holes in web applications.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"BurpSmartBuster on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/54a21f0474b5b9bc28058dbc127705e6.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/burpsmartbuster\" data-v-02830d79>BurpSmartBuster<\/a><\/h6>\n<p data-v-02830d79>A Burp Suite content discovery plugin that add the smart into the Buster.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"BurpSuiteHTTPSmuggler on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/e5e0d6d04aa19d88b420c8fcc82947b9.jpeg\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/burpsuitehttpsmuggler\" data-v-02830d79>BurpSuiteHTTPSmuggler<\/a><\/h6>\n<p data-v-02830d79>A Burp Suite extension to bypass WAFs or test their effectiveness using a number of techniques.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"bXSS on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/28ed92302521788a1374119ccbb06e0a.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/bxss\" data-v-02830d79>bXSS<\/a><\/h6>\n<p data-v-02830d79>bXSS is a utility which can be used identify Blind Cross-Site Scripting.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"bypasswaf on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/7889705c76709364f0aa72d5aba3057d.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/bypasswaf\" data-v-02830d79>bypasswaf<\/a><\/h6>\n<p data-v-02830d79>Add headers to all Burp requests to bypass some WAF products.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"Can I take over XYZ? on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/c1a5bf8f9f9a18c5744c8e7e130c0775.png\" data-v-02830d79><\/p>\n<\/p><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"cariddi on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/737fd618c10de9244b40e761c9fdb32a.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/cariddi\" data-v-02830d79>cariddi<\/a><\/h6>\n<p data-v-02830d79>Crawl urls and scan for endpoints, secrets, api keys, file extensions, tokens and more.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"cc.py on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/4c57c19483e0e6a9e1b82d8d94dee0d1.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/cc.py\" data-v-02830d79>cc.py<\/a><\/h6>\n<p data-v-02830d79>Extracting URLs of a specific target based on the results of commoncrawl.org.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"Censys Enumeration on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/65c36b2907795c87bddc216d55e770d5.gif\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/censys-enumeration\" data-v-02830d79>Censys Enumeration<\/a><\/h6>\n<p data-v-02830d79>Extract subdomains\/emails for a given domain using SSL\/TLS certificate dataset on Censys.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"Censys subdomain finder on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/214c8f6025d46de730908e576dca2e98.png\" data-v-02830d79><\/p>\n<\/p><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"cero on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/31e765dcd6ffb5af2ec96d17c432b327.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/cero\" data-v-02830d79>cero<\/a><\/h6>\n<p data-v-02830d79>Scrape domain names from SSL certificates of arbitrary hosts.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"CertCrunchy on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/aeeeaf808ec1b9defbff3a39af939702.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/certcrunchy\" data-v-02830d79>CertCrunchy<\/a><\/h6>\n<p data-v-02830d79>Uses data from SSL Certificates to find potential host names.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"Certificate Ripper on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/1441beff9ac2613c6bce0765e2e33772.png\" data-v-02830d79><\/p>\n<\/p><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"Certificate Search on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/05a79c5be0724013f7106b7e76be8be5.png\" data-v-02830d79><\/p>\n<\/p><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"CeWL on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/e4038f87431b26a9dc0d5b63c63dcdd5.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/cewl\" data-v-02830d79>CeWL<\/a><\/h6>\n<p data-v-02830d79>Custom Word List Generator.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"changeme on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/625a18377b062a1e4b11131f3dcadd63.gif\" data-v-02830d79><\/p>\n<\/p><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"Chaos Client on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/b96af67ef0aa9b3b99045e504d9217a8.png\" data-v-02830d79><\/p>\n<\/p><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"ChopChop on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/b7ea12fb432e13209fb6593c64bff680.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/chopchop\" data-v-02830d79>ChopChop<\/a><\/h6>\n<p data-v-02830d79>Scan endpoints and identify exposition of sensitive services\/files\/folders.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"clairvoyance on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/b8da4a5a65446feadca6b46ee2de6451.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/clairvoyance\" data-v-02830d79>clairvoyance<\/a><\/h6>\n<p data-v-02830d79>Obtain GraphQL API Schema even if the introspection is not enabled.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"cloud_enum on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/98176fe95f5fe37a152fc7d8d1afe870.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/cloud_enum\" data-v-02830d79>cloud_enum<\/a><\/h6>\n<p data-v-02830d79>Multi-cloud OSINT tool. Enumerate public resources in AWS, Azure, and Google Cloud.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"CloudBrute on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/1c334e41f7850bcd73f7ed6d414297d1.png\" data-v-02830d79><\/p>\n<\/p><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"CloudFail on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/2f420487dc0a149ce8c60ecdf1b4fc36.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/cloudfail\" data-v-02830d79>CloudFail<\/a><\/h6>\n<p data-v-02830d79>Utilize misconfigured DNS and old database records to find hidden IPs behind CloudFlare network.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"cloudflare-origin-ip on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/f6cca5285e6863f29f2264e5fef6302b.png\" data-v-02830d79><\/p>\n<\/p><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"Cloudfox on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/eaa1e26b5f74f8c6f8e201e1b651e603.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/cloudfox\" data-v-02830d79>Cloudfox<\/a><\/h6>\n<p data-v-02830d79>Automating situational awareness for cloud penetration tests.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"cloudlist on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/3b95c28e7dff6842212b5f135e8f0798.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/cloudlist\" data-v-02830d79>cloudlist<\/a><\/h6>\n<p data-v-02830d79>Cloudlist is a tool for listing Assets from multiple Cloud Providers.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"CloudScraper on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/bafdaee3853119553dfc1045fcf4f077.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/cloudscraper\" data-v-02830d79>CloudScraper<\/a><\/h6>\n<p data-v-02830d79>Tool to enumerate targets in search of cloud resources.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"CMSmap on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/bfbc7fed19d4a18e6633baa99facbd7c.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/cmsmap\" data-v-02830d79>CMSmap<\/a><\/h6>\n<p data-v-02830d79>CMS scanner that automates the process of detecting security flaws of the most popular CMSs.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"cnames on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/836b499ad126c6a77ad50d08988de6bc.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/cnames\" data-v-02830d79>cnames<\/a><\/h6>\n<p data-v-02830d79>Take a list of resolved subdomains and output any corresponding CNAMES en masse.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"Coercer on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/9bd40bec7815a779b1a2beed8ba69e28.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/coercer\" data-v-02830d79>Coercer<\/a><\/h6>\n<p data-v-02830d79>Automatically coerce a Windows server to authenticate on an arbitrary machine.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"Collaborator Everywhere on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/2d13b0199a018f184471ab6f84fdbc70.png\" data-v-02830d79><\/p>\n<\/p><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"commit-stream on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/a1d99283ffa94c2ced1cb4a627e223e6.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/commit-stream\" data-v-02830d79>commit-stream<\/a><\/h6>\n<p data-v-02830d79>OSINT tool for finding Github repositories by extracting commit logs in real time.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"Commix on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/d491781f02533fa740d4ee98c95ea0de.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/commix\" data-v-02830d79>Commix<\/a><\/h6>\n<p data-v-02830d79>Automated All-in-One OS Command Injection Exploitation Tool.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"cook on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/509b3adc494221fddea308922c84c591.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/cook\" data-v-02830d79>cook<\/a><\/h6>\n<p data-v-02830d79>Overpower wordlist generator, words permutation and combinations, encoding\/decoding&#8230;<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"CORS Scanner on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/cbd350c600498a7be9c7c1810b1d34f9.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/cors-scanner\" data-v-02830d79>CORS Scanner<\/a><\/h6>\n<p data-v-02830d79>A multi-threaded scanner that helps identify CORS flaws\/misconfigurations.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"CorsMe on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/b6210e65c5578cde4e293a60042a02c2.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/corsme\" data-v-02830d79>CorsMe<\/a><\/h6>\n<p data-v-02830d79>CORS misconfiguration scanner tool with speed and precision in mind!<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"CORStest on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/62bc1661d143b956fe28da5d4a183ac3.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/corstest\" data-v-02830d79>CORStest<\/a><\/h6>\n<p data-v-02830d79>A simple CORS misconfiguration scanner.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"Corsy on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/0a600160c27c7a46c7c427612849361b.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/corsy\" data-v-02830d79>Corsy<\/a><\/h6>\n<p data-v-02830d79>CORS Misconfiguration Scanner.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"Covenant on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/b57888b4780b96e41ff3149ba2f71d2b.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/covenant\" data-v-02830d79>Covenant<\/a><\/h6>\n<p data-v-02830d79>Collaborative C2 framework for red teamers.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"Cr3dOv3r on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/a8aa58fd711a35d0b5817144bf794b3e.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/cr3dov3r\" data-v-02830d79>Cr3dOv3r<\/a><\/h6>\n<p data-v-02830d79>Know the dangers of credential reuse attacks.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"Crawlergo on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/a23430bd96968f19a66dee6c81bae305.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/crawlergo\" data-v-02830d79>Crawlergo<\/a><\/h6>\n<p data-v-02830d79>A powerful browser crawler for web vulnerability scanners<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"crawley on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/42f09702cfefaa4edaf8bbff4b23b490.png\" data-v-02830d79><\/p>\n<\/p><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"crithit on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/b115d2c6cb3a0181e892cfa2c687c7ea.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/crithit\" data-v-02830d79>crithit<\/a><\/h6>\n<p data-v-02830d79>Takes a single wordlist item and tests it one by one over a large collection of websites.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"CRLF-Injection-Scanner on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/04c1841dbb582a8ae2735609a5ed5783.png\" data-v-02830d79><\/p>\n<\/p><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"CRLFMap on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/e7c024bc41b8cd74dee1dc3d55c913f2.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/crlfmap\" data-v-02830d79>CRLFMap<\/a><\/h6>\n<p data-v-02830d79>CRLFMap is a tool to find HTTP Splitting vulnerabilities.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"CRLFsuite on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/2f0b21d46239a88f4ebff1a348e2688c.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/crlfsuite\" data-v-02830d79>CRLFsuite<\/a><\/h6>\n<p data-v-02830d79>The most powerful CRLF injection scanner.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"CRLFuzz on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/476ae58073bafed5253b695d987576fe.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/crlfuzz\" data-v-02830d79>CRLFuzz<\/a><\/h6>\n<p data-v-02830d79>A fast tool to scan CRLF vulnerability written in Go.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"Cross-site scripting cheat sheet on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/e33ad5094d27e7ddf0831cf5d09fe644.png\" data-v-02830d79><\/p>\n<\/p><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"crtndtry on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/ea0b98e8b8620f7b8c1626199c3dd027.png\" data-v-02830d79><\/p>\n<\/p><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"crunch on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/b37733040fe1d8669e0f70cb8c0734ac.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/crunch\" data-v-02830d79>crunch<\/a><\/h6>\n<p data-v-02830d79>Wordlist generator where you can specify a character set or any set of characters to be used.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"csp-analyzer on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/577fc8b17899722c4d8ac18d52d79418.jpeg\" data-v-02830d79><\/p>\n<\/p><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"csprecon on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/2f878a68c3174621eec120dba1f1df1e.jpg\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/csprecon\" data-v-02830d79>csprecon<\/a><\/h6>\n<p data-v-02830d79>Discover new target domains using Content Security Policy.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"cstc on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/8013e2cd28dace4253abf8c8ead7c53b.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/cstc\" data-v-02830d79>cstc<\/a><\/h6>\n<p data-v-02830d79>Burp Suite extension that allows request\/response modification using a GUI.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"ctf-tools on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/d945d8b46ee74b0644978c0e96f4e44f.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/ctf-tools\" data-v-02830d79>ctf-tools<\/a><\/h6>\n<p data-v-02830d79>Some setup scripts for security research tools.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"CTFR on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/f679873946de2423dc698e14ee18da43.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/ctfr\" data-v-02830d79>CTFR<\/a><\/h6>\n<p data-v-02830d79>Abusing Certificate Transparency logs for getting HTTPS websites subdomains.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"curate on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/f9886f7436b8ab4284a305f5ef416381.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/curate\" data-v-02830d79>curate<\/a><\/h6>\n<p data-v-02830d79>A tool for fetching archived URLs.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"DalFox on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/b3e28ad5334c353c9cf9230f428b5665.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/dalfox\" data-v-02830d79>DalFox<\/a><\/h6>\n<p data-v-02830d79>Powerful open source XSS scanning tool and parameter analyzer, utility.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"Dangerous Methods on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/46d835d0369ea968a27e3eb756bf5997.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/dangerous-methods\" data-v-02830d79>Dangerous Methods<\/a><\/h6>\n<p data-v-02830d79>A Burp Suite extension for finding the use of potentially dangerous methods\/functions.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"Dastardly Scan Action on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/09ffe45a16dfe981cc2f0aedc61132b3.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/dastardly-scan-action\" data-v-02830d79>Dastardly Scan Action<\/a><\/h6>\n<p data-v-02830d79>Runs a scan using Dastardly by Burp Suite against a target site and generates a report.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"DataExtractor on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/5907253cf7d58a83c4467b981bd4e4aa.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/dataextractor\" data-v-02830d79>DataExtractor<\/a><\/h6>\n<p data-v-02830d79>A Burp Suite extension to extract data from source code while browsing.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"Default Credentials Cheat Sheet on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/5b5587428b384cfde63a492619af0cf5.jpeg\" data-v-02830d79><\/p>\n<\/p><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"default-http-login-hunter on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/d5fe6e12ba93930d585fc5fe449a5302.png\" data-v-02830d79><\/p>\n<\/p><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"DefaultPassword on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/6d05b0f9d5d82d253b990241e48334d4.png\" data-v-02830d79><\/p>\n<\/p><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"Demiguise on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/74b6611399bdafa81c534f057f52ce0e.gif\" data-v-02830d79><\/p>\n<\/p><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"DependencyCheck on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/fb98c19e4e5883bf45546f442686e8f5.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/dependencycheck\" data-v-02830d79>DependencyCheck<\/a><\/h6>\n<p data-v-02830d79>Utility that detects publicly disclosed vulnerabilities in application dependencies.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"Depix on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/7fb2d5d5aa4dc969ba2858e8fe01025f.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/depix\" data-v-02830d79>Depix<\/a><\/h6>\n<p data-v-02830d79>Recovers passwords from pixelized screenshots.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"detectify-cves on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/dce2ca8679198a1fe6d057027c0270af.png\" data-v-02830d79><\/p>\n<\/p><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"differer on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/05b8e3586edf765292f83beb721dd8ea.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/differer\" data-v-02830d79>differer<\/a><\/h6>\n<p data-v-02830d79>differer finds how URLs are parsed by different languages in order to help bug hunters break filters.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"Dirb on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/49ed91fe98748bf07bc37d37d9220b2a.png\" data-v-02830d79><\/p>\n<\/p><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"dirhunt on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/cd8108bf5d1d58904ebfada7b8ef16d4.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/dirhunt\" data-v-02830d79>dirhunt<\/a><\/h6>\n<p data-v-02830d79>Find web directories without bruteforce.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"dirlstr on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/bfa2da4d8820ec24fd7cca2344b7460b.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/dirlstr\" data-v-02830d79>dirlstr<\/a><\/h6>\n<p data-v-02830d79>Finds Directory Listings or open S3 buckets from a list of URLs.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"dirsearch on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/92ff53eeb2f0cb4579c8dd07c5b8420a.png\" data-v-02830d79><\/p>\n<\/p><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"DirSearch on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/e3eee2f0a3e2b2614afcd9254417dcef.png\" data-v-02830d79><\/p>\n<\/p><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"Dirstalk on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/340aaa6c012d4ef7d7529d8e6dc0ff2f.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/dirstalk\" data-v-02830d79>Dirstalk<\/a><\/h6>\n<p data-v-02830d79>Multi threaded application designed to brute force paths on web servers.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"Distribute Damage on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/e46021da2adbb5b0c4664b7a38ea7b62.png\" data-v-02830d79><\/p>\n<\/p><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"dnscan on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/327b99baac48f4ea23826a35203a2d2a.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/dnscan\" data-v-02830d79>dnscan<\/a><\/h6>\n<p data-v-02830d79>Python wordlist-based DNS subdomain scanner.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"dnsenum on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/2a1a6c09120c70e1a6f2a738a045c291.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/dnsenum\" data-v-02830d79>dnsenum<\/a><\/h6>\n<p data-v-02830d79>Enumerates DNS information of a domain and to discover non-contiguous ip blocks.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"dnsgen on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/032d282daac32f6b5108892a973db9fe.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/dnsgen\" data-v-02830d79>dnsgen<\/a><\/h6>\n<p data-v-02830d79>Generates combination of domain names from the provided input.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"DNSProbe on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/636496b585d46141ac975eeb8b0b8dd8.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/dnsprobe\" data-v-02830d79>DNSProbe<\/a><\/h6>\n<p data-v-02830d79>Allows you to perform multiple dns queries of your choice with a list of user supplied resolvers.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"dnsReaper on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/c063232706414e89be52b6427ca690f6.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/dnsreaper\" data-v-02830d79>dnsReaper<\/a><\/h6>\n<p data-v-02830d79>Subdomain takeover tool for attackers, bug bounty hunters and the blue team!<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"DNSRecon on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/eb4ac2848db59e0f1fe9460c3420513e.png\" data-v-02830d79><\/p>\n<\/p><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"DNSTake on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/66fc1f069b9b1c1079d0d76c69cb58b7.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/dnstake\" data-v-02830d79>DNSTake<\/a><\/h6>\n<p data-v-02830d79>A fast tool to check missing hosted DNS zones that can lead to subdomain takeover.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"dnsX on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/f673ab345650ec842b4adaac4213f40a.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/dnsx\" data-v-02830d79>dnsX<\/a><\/h6>\n<p data-v-02830d79>Fast and multi-purpose DNS toolkit designed for running DNS queries.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"docem on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/b96ce364f7f57db6073a9a1ca973338c.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/docem\" data-v-02830d79>docem<\/a><\/h6>\n<p data-v-02830d79>Utility to embed XXE and XSS payloads in docx, odt, pptx&#8230;<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"DOM based XSS finder on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/60b72c6a31b1aca0d79445ed4e53dd70.png\" data-v-02830d79><\/p>\n<\/p><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"DOM XSS Scanner on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/ea4fa26006e59f19768da24611549b77.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/dom-xss-scanner\" data-v-02830d79>DOM XSS Scanner<\/a><\/h6>\n<p data-v-02830d79>A tool to scan source code for DOM based XSS vulnerabilities.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"dom-red on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/1703f3ffa75bc4f5c7d494c2ce7ca4c2.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/dom-red\" data-v-02830d79>dom-red<\/a><\/h6>\n<p data-v-02830d79>Small script to check a list of domains against open redirect vulnerability.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"Domain Analyzer on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/b43f76037ba3b9cde9a46a71603734a3.gif\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/domain-analyzer\" data-v-02830d79>Domain Analyzer<\/a><\/h6>\n<p data-v-02830d79>Analyze the security of any domain by finding all the information possible. Made in python.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"Domain Hunter on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/473f9864552fe44a9c1d4ff5920fec9b.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/domain-hunter\" data-v-02830d79>Domain Hunter<\/a><\/h6>\n<p data-v-02830d79>Try to find all subdomains, similar-domains and related-domains of an organization.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"domained on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/19a27ee2320f2640aac4190a607f7a65.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/domained\" data-v-02830d79>domained<\/a><\/h6>\n<p data-v-02830d79>Multi Tool Subdomain Enumeration.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"DOMDig on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/627eece1578aeded9f8c960c978a5712.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/domdig\" data-v-02830d79>DOMDig<\/a><\/h6>\n<p data-v-02830d79>DOM XSS scanner for Single Page Applications.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"DotDotPwn on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/cedfc18258d1be7e46302cd45c633ce8.png\" data-v-02830d79><\/p>\n<\/p><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"DotGit on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/85526d979fb6b9aeee22bacd1f51ea37.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/dotgit\" data-v-02830d79>DotGit<\/a><\/h6>\n<p data-v-02830d79>An extension for checking if .git is exposed in visited websites.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"DroneSploit on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/de75a17e896f96b6e32ac05f13a41d91.png\" data-v-02830d79><\/p>\n<\/p><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"Drupwn on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/184919cb9351f67f46ae152e1700164c.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/drupwn\" data-v-02830d79>Drupwn<\/a><\/h6>\n<p data-v-02830d79>Drupal enumeration &#038; exploitation tool.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"dsieve on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/9c0865c34955f4d5373dcf800da03ff1.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/dsieve\" data-v-02830d79>dsieve<\/a><\/h6>\n<p data-v-02830d79>Filter and enrich a list of subdomains by level.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"DTD Finder on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/915378b039ebd673c75531ea0e0370b7.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/dtd-finder\" data-v-02830d79>DTD Finder<\/a><\/h6>\n<p data-v-02830d79>List DTDs and generate XXE payloads using those local DTDs.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"dufflebag on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/1c356b195408e157a82f0efa34cb9366.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/dufflebag\" data-v-02830d79>dufflebag<\/a><\/h6>\n<p data-v-02830d79>Search exposed EBS volumes for secrets.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"DumpsterDiver on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/856db6a97485a6f3c238bd5db46eda4c.png\" data-v-02830d79><\/p>\n<\/p><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"dvcs-ripper on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/5a9e671b21f0c2cfc6697392757881e1.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/dvcs-ripper\" data-v-02830d79>dvcs-ripper<\/a><\/h6>\n<p data-v-02830d79>Rip web accessible version control systems: svn, git&#8230;<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"Eagle on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/d3c28d2189b0087929df3b5c1fa660e8.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/eagle\" data-v-02830d79>Eagle<\/a><\/h6>\n<p data-v-02830d79>Vulnerability scanner for mass detection of web-based applications vulnerabilities.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"EDD on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/d487cb96ba01a4926d2147bfdd58e1e8.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/edd\" data-v-02830d79>EDD<\/a><\/h6>\n<p data-v-02830d79>Ultimate domain enumeration tool.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"eLdap-Ldap-Search-and-Filter on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/9c0c0f984b43f1fd4ec36a52e1704b8f.png\" data-v-02830d79><\/p>\n<\/p><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"EMBA on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/839a10531d0b75b0f3aa9f3c1ceff37a.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/emba\" data-v-02830d79>EMBA<\/a><\/h6>\n<p data-v-02830d79>The security analyzer for firmware of embedded devices.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"eos on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/6806cbe09b2a46b6a51772c0c81db0a8.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/eos\" data-v-02830d79>eos<\/a><\/h6>\n<p data-v-02830d79>Enemies Of Symfony &#8211; debug mode Symfony looter.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"espionage on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/36a66ed70ecf32c21b2e299faa6ad223.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/espionage\" data-v-02830d79>espionage<\/a><\/h6>\n<p data-v-02830d79>Collects informations related to domains whois, history, dns records and more.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"Evil SQL Client on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/c6d7de5804e3627208ac65cff53a13e3.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/evil-sql-client\" data-v-02830d79>Evil SQL Client<\/a><\/h6>\n<p data-v-02830d79>Interactive .NET SQL console client with enhanced SQL Server discovery\/access\/exfiltration features.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"evil SSDP on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/892a1e1623bc07dd71895d82d9c48198.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/evil-ssdp\" data-v-02830d79>evil SSDP<\/a><\/h6>\n<p data-v-02830d79>Spoof SSDP replies to phish for credentials and NetNTLM challenge\/response.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"exfilkit on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/713ac7a99f490f187fa5a5a0ff728fa9.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/exfilkit\" data-v-02830d79>exfilkit<\/a><\/h6>\n<p data-v-02830d79>Data exfiltration utility for testing detection capabilities.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"ExifTool on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/104437442351edd6ea9719ae20c7d346.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/exiftool\" data-v-02830d79>ExifTool<\/a><\/h6>\n<p data-v-02830d79>ExifTool meta information reader\/writer.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"Exploitalert on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/ae9ffc1c62ea8ef61ca70433a83443a8.png\" data-v-02830d79><\/p>\n<\/p><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"Extended SSRF search on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/3ad2f987afc0dd24af0706d9db78a77f.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/extended-ssrf-search\" data-v-02830d79>Extended SSRF search<\/a><\/h6>\n<p data-v-02830d79>Smart SSRF scanner using different methods like parameter brute forcing in POST and GET.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"Extended XSS Searcher and Finder on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/88c04889601581a382defafe2c2730b9.png\" data-v-02830d79><\/p>\n<\/p><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"extract-endpoints on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/d02be61fa884944f1205526665953e5d.png\" data-v-02830d79><\/p>\n<\/p><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"Eyeballer on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/e0a5f45364f97f698e7c45d1a18fcd18.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/eyeballer\" data-v-02830d79>Eyeballer<\/a><\/h6>\n<p data-v-02830d79>Convolutional neural network for analyzing pentest screenshots.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"EyeWitness on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/bf0fdbe9914e9c0960e2bf3e17159f9d.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/eyewitness\" data-v-02830d79>EyeWitness<\/a><\/h6>\n<p data-v-02830d79>Take screenshots of websites, provide server header info and identify default credentials.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"ezXSS on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/d1d908c393cdc3ad21f5a907e21f7251.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/ezxss\" data-v-02830d79>ezXSS<\/a><\/h6>\n<p data-v-02830d79>An easy way for penetration testers and bug bounty hunters to test (blind) XSS.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"Faraday security on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/5b65855ae563b1a50e70b2636ed9eadd.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/faraday-security\" data-v-02830d79>Faraday security<\/a><\/h6>\n<p data-v-02830d79>Open source sulnerability management and orchestration platform.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"favicon-hashtrick on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/195e15d08949c5144d6f303a3e9e3e43.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/favicon-hashtrick\" data-v-02830d79>favicon-hashtrick<\/a><\/h6>\n<p data-v-02830d79>Python script implementing the favicon hash trick to find subdomains.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"fcrackzip on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/bab4d05580072c2df2a323ea7f3b6652.png\" data-v-02830d79><\/p>\n<\/p><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"FDsploit on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/ae4b1f362469b36c01df9ec3771cc936.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/fdsploit\" data-v-02830d79>FDsploit<\/a><\/h6>\n<p data-v-02830d79>File Inclusion &#038; Directory Traversal fuzzing, enumeration &#038; exploitation tool.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"Femida on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/d4efee01fe0114c2bb65eb83bcbc5d20.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/femida\" data-v-02830d79>Femida<\/a><\/h6>\n<p data-v-02830d79>Automated blind-xss search for Burp Suite.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"Feroxbuster on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/18e27387d9ba7929ae0c758318377ae2.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/feroxbuster\" data-v-02830d79>Feroxbuster<\/a><\/h6>\n<p data-v-02830d79>A fast, simple, recursive content discovery tool written in Rust.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"FestIN on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/eff6693463c177b3a5f1e8ba62e04f66.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/festin\" data-v-02830d79>FestIN<\/a><\/h6>\n<p data-v-02830d79>The powered S3 bucket finder and content discover.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"ffuf on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/bcb03f41529bcb2d300f1cb3e46b3712.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/ffuf\" data-v-02830d79>ffuf<\/a><\/h6>\n<p data-v-02830d79>Fast web fuzzer written in Go.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"Fierce on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/df75b7cec7131154bddf40331a7c7ed5.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/fierce\" data-v-02830d79>Fierce<\/a><\/h6>\n<p data-v-02830d79>A DNS reconnaissance tool for locating non-contiguous IP space.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"Filebuster on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/9dc9c8fb306b0bdd991258f02192a464.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/filebuster\" data-v-02830d79>Filebuster<\/a><\/h6>\n<p data-v-02830d79>An extremely fast and flexible web fuzzer.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"FinDOM-XSS on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/81a21b32d5aea0ca673d742a4163e2a0.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/findom-xss\" data-v-02830d79>FinDOM-XSS<\/a><\/h6>\n<p data-v-02830d79>A fast DOM based XSS vulnerability scanner with simplicity.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"Findomain on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/7a3e99f1529e10bc651844b0d2af5a67.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/findomain\" data-v-02830d79>Findomain<\/a><\/h6>\n<p data-v-02830d79>The complete solution for domain recognition.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"findsecuritycontacts.com on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/f71a4309357f993e785276f6a5f87f54.png\" data-v-02830d79><\/p>\n<\/p><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"Findsploit on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/5e4bcb4af93e0969db6a71e01c97b409.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/findsploit\" data-v-02830d79>Findsploit<\/a><\/h6>\n<p data-v-02830d79>Find exploits in local and online databases instantly.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"Fingerprinter on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/903bbc4e08132752664ad12b2c35a46c.png\" data-v-02830d79><\/p>\n<\/p><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"fingerprintx on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/9d4d50cb85bc749c2f5bbf126bcd19b8.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/fingerprintx\" data-v-02830d79>fingerprintx<\/a><\/h6>\n<p data-v-02830d79>Standalone utility for service discovery on open ports!<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"Firebase-Extractor on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/fd9f32e73ad103a768ee1aaedcbfb6b9.png\" data-v-02830d79><\/p>\n<\/p><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"FireShodanMap on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/40340a5563a5e90c03500a4ed37c4874.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/fireshodanmap\" data-v-02830d79>FireShodanMap<\/a><\/h6>\n<p data-v-02830d79>Realtime map that integrates Firebase, Google Maps and Shodan.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"flan on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/d8869ecf4da5d497b745811942842377.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/flan\" data-v-02830d79>flan<\/a><\/h6>\n<p data-v-02830d79>A pretty sweet vulnerability scanner.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"Flow on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/870a174300f9516c582013eed8706c9f.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/flow\" data-v-02830d79>Flow<\/a><\/h6>\n<p data-v-02830d79>Provides view with filtering capabilities for all requests from all Burp Suite tools.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"Fluxion on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/52bd072a58150751a45cce4fab4c4d97.jpeg\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/fluxion\" data-v-02830d79>Fluxion<\/a><\/h6>\n<p data-v-02830d79>Fluxion is the future of MITM WPA attacks.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"FOCA on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/47b400a5a8b6ef1b2ca0f6e31ede213e.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/foca\" data-v-02830d79>FOCA<\/a><\/h6>\n<p data-v-02830d79>Tool to find metadata and hidden information in the documents.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"Freddy Deserialization Bug Finder on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/980a23f0856858e10579285030906ff0.png\" data-v-02830d79><\/p>\n<\/p><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"FridaAndroidTracer on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/9af6f9f473f753d1c5feb8f45e42d384.png\" data-v-02830d79><\/p>\n<\/p><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"fuzzagotchi on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/7d7f083c5eb331b43cc0834a6b9c011c.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/fuzzagotchi\" data-v-02830d79>fuzzagotchi<\/a><\/h6>\n<p data-v-02830d79>A fuzzing tool written in Go. It helps your pentesting journey.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"Fuzzapi on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/504aefec4a67bb6c5e24befb234987ed.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/fuzzapi\" data-v-02830d79>Fuzzapi<\/a><\/h6>\n<p data-v-02830d79>Used for REST API pentesting and provide UI solution for gem.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"FuzzDB on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/ed69f53cfe87fdf6f76145e152647a78.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/fuzzdb\" data-v-02830d79>FuzzDB<\/a><\/h6>\n<p data-v-02830d79>Attack patterns and primitives for black-box application fault injection and resource discovery.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"fuzzuli on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/123c0d8d3572b60c925bdc02e33d908f.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/fuzzuli\" data-v-02830d79>fuzzuli<\/a><\/h6>\n<p data-v-02830d79>Find critical backup files by creating a dynamic wordlist based on the domain.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"GadgetProbe on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/1c6c98ca3d5f5e3214e2da83051c5f54.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/gadgetprobe\" data-v-02830d79>GadgetProbe<\/a><\/h6>\n<p data-v-02830d79>Probe endpoints consuming Java serialized objects for fingerprinting.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"GAP on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/58b9f67709693f28fb798da02aa3e49c.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/gap\" data-v-02830d79>GAP<\/a><\/h6>\n<p data-v-02830d79>A Burp Suite extension to find potential endpoints and parameters.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"gau on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/8717ee561da8443aa0186262b90dd9d1.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/gau\" data-v-02830d79>gau<\/a><\/h6>\n<p data-v-02830d79>Fetch known URLs from several sources.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"gaussrf on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/ce713ab3fdb3c4512647f0e34a0cb76f.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/gaussrf\" data-v-02830d79>gaussrf<\/a><\/h6>\n<p data-v-02830d79>Fetch known URLs from several sources and Filter Urls With OpenRedirection or SSRF Parameters.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"GET-ACQ on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/303dd84c07b26f2fb285d3cdbb5e17af.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/get-acq\" data-v-02830d79>GET-ACQ<\/a><\/h6>\n<p data-v-02830d79>Gather all companies acquired by a given company domain name.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"getJS on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/c88f246b365ae2d4ccbee9093ee8d848.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/getjs\" data-v-02830d79>getJS<\/a><\/h6>\n<p data-v-02830d79>A tool to fastly get all javascript sources\/files.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"getsploit on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/d1fab9c04e9d5f7229a84ceb57540cd7.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/getsploit\" data-v-02830d79>getsploit<\/a><\/h6>\n<p data-v-02830d79>Command line utility for searching and downloading exploits.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"gf on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/f5835678fb19b8d727ad38391c41901b.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/gf\" data-v-02830d79>gf<\/a><\/h6>\n<p data-v-02830d79>A wrapper around grep to avoid typing common patterns.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"Ghauri on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/3d8d2ab22d50611fbff7ce004862752e.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/ghauri\" data-v-02830d79>Ghauri<\/a><\/h6>\n<p data-v-02830d79>Automates the process of detecting and exploiting SQL injection security flaws.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"GHunt on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/29dc22bab27d3b3d4ae37d50f29e9f45.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/ghunt\" data-v-02830d79>GHunt<\/a><\/h6>\n<p data-v-02830d79>Offensive Google framework.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"git-all-secrets on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/87da6b6e1cf32611295f9397be7ed593.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/git-all-secrets\" data-v-02830d79>git-all-secrets<\/a><\/h6>\n<p data-v-02830d79>Capture all the git secrets by leveraging multiple open source git searching tools.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"git-dumper on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/89ca50285300240be2132f720eb7710d.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/git-dumper\" data-v-02830d79>git-dumper<\/a><\/h6>\n<p data-v-02830d79>A tool to dump a git repository from a website.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"git-vuln-finder on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/f45a5baba0c587f17cc688f5d9c5f113.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/git-vuln-finder\" data-v-02830d79>git-vuln-finder<\/a><\/h6>\n<p data-v-02830d79>Find potential software vulnerabilities from git commit messages.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"git-wild-hunt on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/3fd31deb288ffc4dc73059c9eb1b8dc5.jpeg\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/git-wild-hunt\" data-v-02830d79>git-wild-hunt<\/a><\/h6>\n<p data-v-02830d79>A tool to hunt for credentials in GitHub wild AKA git*hunt.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"GitFive on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/7478b7e63c3fee4c153af4fd5e9914f3.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/gitfive\" data-v-02830d79>GitFive<\/a><\/h6>\n<p data-v-02830d79>An OSINT tool to investigate GitHub profiles.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"GitGot on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/5fb66bf44db82a5cdd160bf8a7995e3d.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/gitgot\" data-v-02830d79>GitGot<\/a><\/h6>\n<p data-v-02830d79>Rapidly search through troves of public data on GitHub for sensitive secrets.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"gitGraber on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/a263cd9e79fb41459d81e4028e75fcc7.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/gitgraber\" data-v-02830d79>gitGraber<\/a><\/h6>\n<p data-v-02830d79>Monitor GitHub to search and find sensitive data in real time.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"github-subdomains on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/0408cf3b89112ebd66069e3b1e5abb4b.png\" data-v-02830d79><\/p>\n<\/p><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"GitHunter on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/cea4ea4dfe84650d316bed9718b33e91.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/githunter\" data-v-02830d79>GitHunter<\/a><\/h6>\n<p data-v-02830d79>A tool for searching a Git repository for interesting content.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"gitjacker on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/5538f2e91cf81a510d6fe6e6d821263e.gif\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/gitjacker\" data-v-02830d79>gitjacker<\/a><\/h6>\n<p data-v-02830d79>Leak git repositories from misconfigured websites.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"gitlab-subdomains on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/000cfc6cbba5a3ed8b6a06fabad65663.png\" data-v-02830d79><\/p>\n<\/p><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"GitMiner on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/8b137b82f9864fe6139253162b5d36cb.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/gitminer\" data-v-02830d79>GitMiner<\/a><\/h6>\n<p data-v-02830d79>Tool for advanced mining for content on Github.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"gitpillage on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/34053e02462b16d9156f1be1b2c0e412.png\" data-v-02830d79><\/p>\n<\/p><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"Gitrob on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/9d6ed89c144b4c70374cac9aacb3ab26.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/gitrob\" data-v-02830d79>Gitrob<\/a><\/h6>\n<p data-v-02830d79>Reconnaissance tool for GitHub organizations.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"gitscraper on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/ec1fffe7ad92834989727f6e946f0cd9.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/gitscraper\" data-v-02830d79>gitscraper<\/a><\/h6>\n<p data-v-02830d79>Scrapes public GitHub repositories for common naming conventions in variables, folders and files.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"GitTools on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/d26386ee0b4f348c07d7773204e58bb2.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/gittools\" data-v-02830d79>GitTools<\/a><\/h6>\n<p data-v-02830d79>A repository with 3 tools for pwn&#8217;ing websites with .git repositories available.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"GoAltdns on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/00338d7ef3b5dee791e2fdf080afa9f5.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/goaltdns\" data-v-02830d79>GoAltdns<\/a><\/h6>\n<p data-v-02830d79>A permutation generation tool written in golang.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"Gobuster on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/aa0017fa57b7990451fb66c603c3f310.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/gobuster\" data-v-02830d79>Gobuster<\/a><\/h6>\n<p data-v-02830d79>Directory\/File, DNS and VHost busting tool written in Go.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"GoCloud on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/ee5ba49dd5ccfe7ebfa36fd0010f142e.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/gocloud\" data-v-02830d79>GoCloud<\/a><\/h6>\n<p data-v-02830d79>Checks whether a domain is hosted on a cloud service.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"GoLinkFinder on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/fb5aad6c69cf2d3a8c98141a1d7ee052.png\" data-v-02830d79><\/p>\n<\/p><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"Gopherus on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/f7fe2fa153e9d33ff46bf3ac6d49c775.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/gopherus\" data-v-02830d79>Gopherus<\/a><\/h6>\n<p data-v-02830d79>Generates gopher link for exploiting SSRF and gaining RCE in various servers.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"gospider on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/3750852a92be1ba066ba3fc6318d9cf3.png\" data-v-02830d79><\/p>\n<\/p><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"gotator on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/332f9e7fea96e0295291a26b1ccbbcc4.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/gotator\" data-v-02830d79>gotator<\/a><\/h6>\n<p data-v-02830d79>Generates DNS wordlists through permutations.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"gowitness on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/f4b63771e02f7a6be9220457ab505dab.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/gowitness\" data-v-02830d79>gowitness<\/a><\/h6>\n<p data-v-02830d79>A golang, web screenshot utility using Chrome Headless.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"grafana-ssrf on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/4b95b06d1013bb4b6108fa501aecc49f.png\" data-v-02830d79><\/p>\n<\/p><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"GraphQL Beautifier on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/5d8fd8cadfa0f558dd9d0aa4b91bc0d8.png\" data-v-02830d79><\/p>\n<\/p><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"GraphQL Threat Matrix on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/5ad7543d6223ba2639f8143d7a39f98c.png\" data-v-02830d79><\/p>\n<\/p><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"graphql-introspection-analyzer on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/b52391fe3381d0eac7db13d346962c01.png\" data-v-02830d79><\/p>\n<\/p><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"graphql-path-enum on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/28988ba8ceaf3bd1f02f06f98753fe4a.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/graphql-path-enum\" data-v-02830d79>graphql-path-enum<\/a><\/h6>\n<p data-v-02830d79>Lists the different ways of reaching a given type in a GraphQL schema.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"GraphQLmap on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/4e9405c1eda4f8fe50db81c58aa98ffe.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/graphqlmap\" data-v-02830d79>GraphQLmap<\/a><\/h6>\n<p data-v-02830d79>Scripting engine to interact with a graphql endpoint for pentesting purposes.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"graphw00f on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/ac5c4fa42aaafbd15277deef738ed44f.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/graphw00f\" data-v-02830d79>graphw00f<\/a><\/h6>\n<p data-v-02830d79>GraphQL Server Engine Fingerprinting utility for software security professionals.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"GrayhatWarfare on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/f7b8e2801c1e2bd9cc0496bd44761d7a.png\" data-v-02830d79><\/p>\n<\/p><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"GRecon on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/3ba4926e464d4dcca3673e0d03e3c539.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/grecon\" data-v-02830d79>GRecon<\/a><\/h6>\n<p data-v-02830d79>Run a Google based passive recon against your scope.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"grep.app on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/843b5317a467d879f1aca41264d7a143.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/grep.app\" data-v-02830d79>grep.app<\/a><\/h6>\n<p data-v-02830d79>Searches code from over a half million public repositories on GitHub.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"Ground control on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/e8c567bd580726bd63c30da97de81f97.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/ground-control\" data-v-02830d79>Ground control<\/a><\/h6>\n<p data-v-02830d79>A collection of scripts mainly for debugging SSRF, blind XSS, and XXE vulnerabilities.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"GSAN on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/50df20e58b707c0a48fc4b9874b7d5fb.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/gsan\" data-v-02830d79>GSAN<\/a><\/h6>\n<p data-v-02830d79>Extract subdomains from SSL certificates in HTTPS sites.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"gwdomains on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/05c2b748559036371ca4b216777f9a45.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/gwdomains\" data-v-02830d79>gwdomains<\/a><\/h6>\n<p data-v-02830d79>Sub domain wild card filtering tool.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"GyoiThon on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/101e6d118dc72732b92c37ba57c72625.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/gyoithon\" data-v-02830d79>GyoiThon<\/a><\/h6>\n<p data-v-02830d79>Growing penetration test tool using Machine Learning.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"H1 Report Finder on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/86db2729eb5abd297e915b453f6f4c2c.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/h1-report-finder\" data-v-02830d79>H1 Report Finder<\/a><\/h6>\n<p data-v-02830d79>A burpsuite extension to find security reports published on HackerOne based on the selected host.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"h1-search on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/3a149df8528fae783fe0304f31dd00b2.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/h1-search\" data-v-02830d79>h1-search<\/a><\/h6>\n<p data-v-02830d79>Request the public disclosures on a specific HackerOne program.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"h2cSmuggler on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/9f37ca3623f63be63a19ec8c201421e2.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/h2csmuggler\" data-v-02830d79>h2cSmuggler<\/a><\/h6>\n<p data-v-02830d79>HTTP Request Smuggling over HTTP\/2 Cleartext.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"Hackability on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/5098c9c8449da676e076aca06987e04f.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/hackability\" data-v-02830d79>Hackability<\/a><\/h6>\n<p data-v-02830d79>Probe a rendering engine for vulnerabilities and other features.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"Hacker101 on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/fb5f0d427fb441b654593ad586bd571c.png\" data-v-02830d79><\/p>\n<\/p><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"Hackingtool on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/8d75fabe6585abf3b97a7c79ec32ef14.png\" data-v-02830d79><\/p>\n<\/p><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"Hackvertor on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/292c70ba58d7b7125d71ab0acbb57c86.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/hackvertor\" data-v-02830d79>Hackvertor<\/a><\/h6>\n<p data-v-02830d79>Tag based conversion tool written in Java implemented as a Burp Suite extension.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"Hakrawler on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/129818580f6f50cc4ef239f3465e27cd.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/hakrawler\" data-v-02830d79>Hakrawler<\/a><\/h6>\n<p data-v-02830d79>Simple, fast web crawler designed for discovery of endpoints and assets within a web application.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"hakrevdns on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/3ed8a055a408ab05b27d13061debb58b.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/hakrevdns\" data-v-02830d79>hakrevdns<\/a><\/h6>\n<p data-v-02830d79>Small, fast tool for performing reverse DNS lookups en masse.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"haktldextract on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/b666c3384fbefb761a8b088c37386f15.png\" data-v-02830d79><\/p>\n<\/p><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"Hamburglar on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/f97b4a6b2de7d9fae0f45a891659bd80.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/hamburglar\" data-v-02830d79>Hamburglar<\/a><\/h6>\n<p data-v-02830d79>Collect useful information from urls, directories, and files.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"Hash Buster on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/e8f64e04bae6e49d57f9855a608ded54.png\" data-v-02830d79><\/p>\n<\/p><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"Hashcat on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/b187d66497365928bcec1038c1889243.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/hashcat\" data-v-02830d79>Hashcat<\/a><\/h6>\n<p data-v-02830d79>World&#8217;s fastest and most advanced password recovery utility<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"Have i been pwned? on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/f8a94a31e8a8905ad1e22e34d08ebae1.png\" data-v-02830d79><\/p>\n<\/p><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"Hawkeye on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/841987263566939688acb1bbf407fd3b.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/hawkeye\" data-v-02830d79>Hawkeye<\/a><\/h6>\n<p data-v-02830d79>Filesystem analysis tool\/directory looking for interesting stuff.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"headi on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/9e6700d7d5bdf92bdb9019b9b6599166.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/headi\" data-v-02830d79>headi<\/a><\/h6>\n<p data-v-02830d79>Customisable and automated HTTP header injection.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"Headless Burp on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/a106a4490641140f99d15638a6f3981e.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/headless-burp\" data-v-02830d79>Headless Burp<\/a><\/h6>\n<p data-v-02830d79>Provides a suite of extensions and a maven plugin to automate security tests using Burp Suite.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"HostileSubBruteforcer on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/3ea251f0f8c1bae81e89fef633f55cea.png\" data-v-02830d79><\/p>\n<\/p><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"House on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/15759e8f67b7b197f7bbc0f336bb8016.gif\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/house\" data-v-02830d79>House<\/a><\/h6>\n<p data-v-02830d79>A runtime mobile application analysis toolkit with a Web GUI.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"HTTP Request Smuggler on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/3eb68d9198d4a336f2c52bf677bffab6.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/http-request-smuggler\" data-v-02830d79>HTTP Request Smuggler<\/a><\/h6>\n<p data-v-02830d79>Extension for Burp Suite designed to help you launch HTTP Request Smuggling attacks.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"http-request-smuggling on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/bff21db2b726dfa19945fb88ed010190.png\" data-v-02830d79><\/p>\n<\/p><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"HTTPoxy Scanner on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/f74cf2ef0178da9e4ab12816ce4468e0.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/httpoxy-scanner\" data-v-02830d79>HTTPoxy Scanner<\/a><\/h6>\n<p data-v-02830d79>A Burp Suite extension that checks for the HTTPoxy vulnerability.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"httprebind on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/dc9ad5a38f53b3c389face9d0625e264.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/httprebind\" data-v-02830d79>httprebind<\/a><\/h6>\n<p data-v-02830d79>Automatic tool for DNS rebinding-based SSRF attacks.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"httprobe on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/cbcca260acca6bcd4e7a304f97c43648.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/httprobe\" data-v-02830d79>httprobe<\/a><\/h6>\n<p data-v-02830d79>Take a list of domains and probe for working HTTP and HTTPS servers.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"httpscreenshot on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/a61457c633b325be734b6d99a7014e4a.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/httpscreenshot\" data-v-02830d79>httpscreenshot<\/a><\/h6>\n<p data-v-02830d79>Grabs screenshots and HTML of large numbers of websites.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"httpx on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/ec8c62be294a8d1155dca163fd414bd2.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/httpx\" data-v-02830d79>httpx<\/a><\/h6>\n<p data-v-02830d79>HTTP toolkit that allows running multiple probes using the retryablehttp library.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"Hydra on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/3df74b28f4719b9e36f4c3fbb569cb7d.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/hydra\" data-v-02830d79>Hydra<\/a><\/h6>\n<p data-v-02830d79>Very fast password cracking tool.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"IDontSpeakSSL on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/9a50ef61f1dcaeb06404a0fec636855f.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/idontspeakssl\" data-v-02830d79>IDontSpeakSSL<\/a><\/h6>\n<p data-v-02830d79>Simple tool to scan large scope and provide SSL\/TLS vulnerabilities.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"Injectify on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/33c2f08b9836f64833165ce62dc4dc37.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/injectify\" data-v-02830d79>Injectify<\/a><\/h6>\n<p data-v-02830d79>Perform advanced MiTM attacks on websites with ease.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"Injectus on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/1c2c12eef78b5a9b74d39fe1e3e0e5c4.png\" data-v-02830d79><\/p>\n<\/p><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"InQL on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/4810b13f6ef8b1fb3dacd4c8c875f33f.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/inql\" data-v-02830d79>InQL<\/a><\/h6>\n<p data-v-02830d79>Burp Extension for GraphQL Security Testing.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"interactsh on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/199d9f4e09a563618dcf1f7a83200cd0.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/interactsh\" data-v-02830d79>interactsh<\/a><\/h6>\n<p data-v-02830d79>An OOB interaction gathering server and client library<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"Interlace on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/c3ecbe7da158071e8a9f49cf69639913.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/interlace\" data-v-02830d79>Interlace<\/a><\/h6>\n<p data-v-02830d79>Turn single threaded command line applications into a fast, multi-threaded application.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"IntruderPayloads on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/f39dcfa2386cfcd42cc9034e0efb1aa8.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/intruderpayloads\" data-v-02830d79>IntruderPayloads<\/a><\/h6>\n<p data-v-02830d79>Payloads, fuzz lists, malicious file uploads and web pentesting methodologies and checklists.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"IPRotate on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/1ec3b3efb0000c4d23822a4db681da36.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/iprotate\" data-v-02830d79>IPRotate<\/a><\/h6>\n<p data-v-02830d79>Extension for Burp Suite which uses AWS API Gateway to rotate your IP on every request.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"J2EEScan on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/255834e3fc38020d5b8c282d66142627.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/j2eescan\" data-v-02830d79>J2EEScan<\/a><\/h6>\n<p data-v-02830d79>Improve the test coverage during web application penetration tests on J2EE applications.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"Jaeles on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/7320ccf7836baba9d983afb73e48b777.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/jaeles\" data-v-02830d79>Jaeles<\/a><\/h6>\n<p data-v-02830d79>The Swiss Army knife for automated Web Application Testing<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"Java Deserialization Scanner on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/ef509051c5fb0a0e20522bb24322b453.png\" data-v-02830d79><\/p>\n<\/p><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"John The Ripper on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/e97e76a5e0bd0cf876b87ad6dfcf326c.png\" data-v-02830d79><\/p>\n<\/p><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"JoomScan on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/a04d97c5498c7484af10750bc156f986.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/joomscan\" data-v-02830d79>JoomScan<\/a><\/h6>\n<p data-v-02830d79>OWASP Joomla Vulnerability Scanner Project.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"JOSEPH on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/312b8f9857e72321764295f2bca225c1.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/joseph\" data-v-02830d79>JOSEPH<\/a><\/h6>\n<p data-v-02830d79>JavaScript Object Signing and Encryption Pentesting Helper.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"JS-Scan on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/0c5661216feb652dce0e1c87f0ff3180.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/js-scan\" data-v-02830d79>JS-Scan<\/a><\/h6>\n<p data-v-02830d79>A .js scanner, built in PHP, designed to scrape urls and other info.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"JSgen on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/2e6a49093238a7318fe71b4b2c48201c.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/jsgen\" data-v-02830d79>JSgen<\/a><\/h6>\n<p data-v-02830d79>Generate javascript code to be injected in case you find a Server Side Javascript Injection.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"JSONBeautifier on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/24fe17b5084f0bc99bf782492a248709.png\" data-v-02830d79><\/p>\n<\/p><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"JSONBee on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/6502c5896054ae484b5d756093111170.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/jsonbee\" data-v-02830d79>JSONBee<\/a><\/h6>\n<p data-v-02830d79>A ready to use JSONP endpoints\/payloads to help bypass Content Security Policy.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"JSParser on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/7a979ed5714980249a0904096a7f103c.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/jsparser\" data-v-02830d79>JSParser<\/a><\/h6>\n<p data-v-02830d79>Python script to parse relative URLs from JavaScript files.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"jSQL Injection on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/ce734aff17019fb2046f73323701a430.png\" data-v-02830d79><\/p>\n<\/p><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"JSShell on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/28542a1b73ff2d691214ad34734191bd.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/jsshell\" data-v-02830d79>JSShell<\/a><\/h6>\n<p data-v-02830d79>An interactive multi-user web JS shell.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"JWT cracker on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/8df09cb44583187ebb047af1961f2ca5.png\" data-v-02830d79><\/p>\n<\/p><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"JWT Key ID Injector on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/3521e3af06bc7d4728cdefddbacd85cd.png\" data-v-02830d79><\/p>\n<\/p><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"JWT Tool on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/e91979568953e5d8ed4bfb757e2ab0b9.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/jwt-tool\" data-v-02830d79>JWT Tool<\/a><\/h6>\n<p data-v-02830d79>A toolkit for testing, tweaking and cracking JSON Web Tokens.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"jwt-hack on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/57cae290e199890a26faf5fdc0fb55d8.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/jwt-hack\" data-v-02830d79>jwt-hack<\/a><\/h6>\n<p data-v-02830d79>JWT encoding\/decoding, generates payloads for JWT attack and very fast cracking.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"jwt-heartbreaker on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/6001a69812273fcef0aa19baf3c7185b.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/jwt-heartbreaker\" data-v-02830d79>jwt-heartbreaker<\/a><\/h6>\n<p data-v-02830d79>Burp Suite extension to check JWT for using keys from known from public sources.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"JWT4B on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/d47728b012cf686b31b3b1b91f94b8c2.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/jwt4b\" data-v-02830d79>JWT4B<\/a><\/h6>\n<p data-v-02830d79>JWT Support for Burp Suite.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"jwtear on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/d3ccb1955e2c85546873b79e7d8a97db.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/jwtear\" data-v-02830d79>jwtear<\/a><\/h6>\n<p data-v-02830d79>Modular command-line tool to parse, create and manipulate JWT tokens.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"JWTweak on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/15dec5f3ad441556a68d08c250f04dd4.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/jwtweak\" data-v-02830d79>JWTweak<\/a><\/h6>\n<p data-v-02830d79>Detects JWT algorithm and provides options to generate a new JWT based on another algorithm.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"Kadimus on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/9e10c152568182f9aa2f6ee8d9b8a292.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/kadimus\" data-v-02830d79>Kadimus<\/a><\/h6>\n<p data-v-02830d79>Check for and exploit LFI vulnerabilities with a focus on PHP systems.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"katana on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/1c1994ab1256e4ae0fa020c4034738b4.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/katana\" data-v-02830d79>katana<\/a><\/h6>\n<p data-v-02830d79>A next-generation crawling and spidering framework.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"Keyfinder on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/8bbf4cc6e0c7ce10ecc2026f3193d34e.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/keyfinder\" data-v-02830d79>Keyfinder<\/a><\/h6>\n<p data-v-02830d79>Find and analyze private\/public key files and Android APK files.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"kicks3 on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/e541a0fe6b834c9bae980f17fbb427ca.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/kicks3\" data-v-02830d79>kicks3<\/a><\/h6>\n<p data-v-02830d79>S3 bucket finder from html,js and bucket misconfiguration testing tool.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"Knockpy on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/1f4a91b943529c03aa4647c3413d72f3.png\" data-v-02830d79><\/p>\n<\/p><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"Knoxnl on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/733beec114d59945668e773392266be5.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/knoxnl\" data-v-02830d79>Knoxnl<\/a><\/h6>\n<p data-v-02830d79>This is a python wrapper around the amazing KNOXSS.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"KNOXSS on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/47039b02c6755b0f4d1336ce3a48c590.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/knoxss\" data-v-02830d79>KNOXSS<\/a><\/h6>\n<p data-v-02830d79>Online XSS tool with demonstration of vulnerability.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"kxss on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/43d937ae7b58b7b4002b01d47f12d2c7.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/kxss\" data-v-02830d79>kxss<\/a><\/h6>\n<p data-v-02830d79>Adaption of tomnomnom&#8217;s kxss tool with a different output format.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"LazyHunter on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/996aeab208d54c7d26709af94d21fc30.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/lazyhunter\" data-v-02830d79>LazyHunter<\/a><\/h6>\n<p data-v-02830d79>A framework that provides a web UI to commonly used Bug Hunting\/Pentesting tools.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"lazys3 on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/4a2c6d1e1a544398bed9c247eeea3c91.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/lazys3\" data-v-02830d79>lazys3<\/a><\/h6>\n<p data-v-02830d79>Ruby script to bruteforce for AWS s3 buckets using different permutations.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"leakScraper on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/5d809f303900da3a6fd43c9b8befac31.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/leakscraper\" data-v-02830d79>leakScraper<\/a><\/h6>\n<p data-v-02830d79>Set of tools to process and visualize huge text files containing credentials.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"LFI Suite on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/7b1219d12764cc01b1a59de156e8cd90.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/lfi-suite\" data-v-02830d79>LFI Suite<\/a><\/h6>\n<p data-v-02830d79>Totally Automatic LFI Exploiter and Scanner.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"LFI-Enum on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/c5ba2899ae960edc423c5bf9ca43ce3d.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/lfi-enum\" data-v-02830d79>LFI-Enum<\/a><\/h6>\n<p data-v-02830d79>Scripts to execute enumeration via LFI<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"Liffy on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/18354c45a983643a4e827e2ed1e76ed3.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/liffy\" data-v-02830d79>Liffy<\/a><\/h6>\n<p data-v-02830d79>Local file inclusion exploitation tool.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"LinEnum on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/cadd99fb7d09d0502ea17dbbc51184c2.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/linenum\" data-v-02830d79>LinEnum<\/a><\/h6>\n<p data-v-02830d79>Scripted Local Linux Enumeration &#038; Privilege Escalation Checks.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"LinkFinder on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/6d655e1c519bafb896adfc29a1763ffd.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/linkfinder\" data-v-02830d79>LinkFinder<\/a><\/h6>\n<p data-v-02830d79>A python script that finds endpoints in JavaScript files.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"linWinPwn on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/abd28e7cf9d13850962c25baf57e110e.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/linwinpwn\" data-v-02830d79>linWinPwn<\/a><\/h6>\n<p data-v-02830d79>Automates a number of Active Directory enumeration and vulnerability.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"linx on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/782a2ed7cde13a11e6373107a479e4ee.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/linx\" data-v-02830d79>linx<\/a><\/h6>\n<p data-v-02830d79>Reveals invisible links within JavaScript files.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"LiveOverflow on offsec.tools\" src=\"\/assets\/img\/tools\/https:\/\/raw.githubusercontent.com\/gwen001\/offsectools_www\/main\/da8d63a180cb90ac51d05b8272ae5e2f.png\" data-v-02830d79><\/p>\n<\/p><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"lk_scraper on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/82dc70626a74e3338249ca66163901c8.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/lk_scraper\" data-v-02830d79>lk_scraper<\/a><\/h6>\n<p data-v-02830d79>A fully configurable LinkedIn scraper: scrape anything within LinkedIn.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"lnkbomb on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/bebe3ada27f988a74810a8c0e9bbcffe.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/lnkbomb\" data-v-02830d79>lnkbomb<\/a><\/h6>\n<p data-v-02830d79>Malicious shortcut generator for collecting NTLM hashes from insecure file shares.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"localdataHog on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/075e892358dda9ffbea64f945611740e.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/localdatahog\" data-v-02830d79>localdataHog<\/a><\/h6>\n<p data-v-02830d79>String-based secret-searching tool, high entropy and regexes.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"Logger++ on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/2166275f9731d458257fcf8fbfdb5ec1.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/logger-plus-plus\" data-v-02830d79>Logger++<\/a><\/h6>\n<p data-v-02830d79>Log activities of all the tools in Burp Suite.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"lorsrf on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/faf49bc86b4021a3234d60b939e0cbe4.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/lorsrf\" data-v-02830d79>lorsrf<\/a><\/h6>\n<p data-v-02830d79>Fast CLI tool to find the parameters that can be used to find SSRF or Out-of-band resource load.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"MagicRecon on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/715cac1cbf5f9884c98076cb573c4910.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/magicrecon\" data-v-02830d79>MagicRecon<\/a><\/h6>\n<p data-v-02830d79>A powerful shell script to maximize the recon and data collection process.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"Maigret on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/54d1c639ce6a441c262648e1a75c9e7e.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/maigret\" data-v-02830d79>Maigret<\/a><\/h6>\n<p data-v-02830d79>????\ufe0f\u200d\u2642\ufe0f Collect a dossier on a person by username from thousands of sites.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"Malicious PDF Generator on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/32badf8b6cb4603f550fc7ec71105a6f.png\" data-v-02830d79><\/p>\n<\/p><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"Maltego on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/1dd99832050ca9ae65ce2e95e50c8d6a.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/maltego\" data-v-02830d79>Maltego<\/a><\/h6>\n<p data-v-02830d79>Open source intelligence and forensics application.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"mapcidr on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/e196a4b7810482b7ac53e809acae0df3.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/mapcidr\" data-v-02830d79>mapcidr<\/a><\/h6>\n<p data-v-02830d79>Small utility program to perform multiple operations for a given subnet\/CIDR ranges.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"Maryam on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/42513ae8bf03315c2e09ff4122233950.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/maryam\" data-v-02830d79>Maryam<\/a><\/h6>\n<p data-v-02830d79>Open-source Intelligence Framework.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"mass-s3-bucket-tester on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/109b729ac77b4cf530462f57b3a1700c.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/mass-s3-bucket-tester\" data-v-02830d79>mass-s3-bucket-tester<\/a><\/h6>\n<p data-v-02830d79>Tests a list of s3 buckets to see if they have dir listings enabled or if they are uploadable.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"Mass3 on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/168e57ff2758ffc17bd33bd0bf705cce.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/mass3\" data-v-02830d79>Mass3<\/a><\/h6>\n<p data-v-02830d79>Enumerate through a pre-compiled list of AWS S3 buckets using DNS instead of HTTP.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"Masscan on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/66d93c656c2c7c8c4bf45e02c27fd71c.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/masscan\" data-v-02830d79>Masscan<\/a><\/h6>\n<p data-v-02830d79>TCP port scanner, spews SYN packets asynchronously, scanning entire Internet in under 5 minutes.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"MassDNS on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/3365882deacd5787f5cd003088d20371.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/massdns\" data-v-02830d79>MassDNS<\/a><\/h6>\n<p data-v-02830d79>A high-performance DNS stub resolver for bulk lookups and reconnaissance.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"meg on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/5af7bdf0ff439d99ff18eeb2ac738f96.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/meg\" data-v-02830d79>meg<\/a><\/h6>\n<p data-v-02830d79>Fetch many paths for many hosts, without killing the hosts.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"Metagoofil on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/fdff5d204049efd0c6877e874816cfc5.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/metagoofil\" data-v-02830d79>Metagoofil<\/a><\/h6>\n<p data-v-02830d79>Search Google and download specific file types.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"metahttp on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/d4ba2fc0f97779c3ef76c76562eca794.gif\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/metahttp\" data-v-02830d79>metahttp<\/a><\/h6>\n<p data-v-02830d79>Script that automates the scanning of a target network for HTTP resources through XXE.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"Metasploit on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/3875ea58986df527f692242bf4733e1a.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/metasploit\" data-v-02830d79>Metasploit<\/a><\/h6>\n<p data-v-02830d79>The world\u2019s most used penetration testing framework.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"mitmproxy on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/5cf95ecc1d7a0fe29203feb0907368c8.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/mitmproxy\" data-v-02830d79>mitmproxy<\/a><\/h6>\n<p data-v-02830d79>An interactive TLS-capable intercepting HTTP proxy.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"mksub on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/91fa92784e1ee75815ac72ba8e4b2940.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/mksub\" data-v-02830d79>mksub<\/a><\/h6>\n<p data-v-02830d79>Generate tens of thousands of subdomain combinations in a matter of seconds.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"MSDNSScan on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/79808e02a006da8eab111cc8f4641f7e.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/msdnsscan\" data-v-02830d79>MSDNSScan<\/a><\/h6>\n<p data-v-02830d79>Identify DNS records, check for zone transfers and conduct subdomain enumeration.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"MSDorkDump on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/515735c0bb5d4a75b7fd33957b3ca47a.png\" data-v-02830d79><\/p>\n<\/p><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"msldap on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/a629a82481a4833e670e052569301130.gif\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/msldap\" data-v-02830d79>msldap<\/a><\/h6>\n<p data-v-02830d79>LDAP library for auditing Microsoft Active Directory.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"MSSQLi-DUET on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/9b65b8004e8c6d21ed45ac5b8b898ff4.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/mssqli-duet\" data-v-02830d79>MSSQLi-DUET<\/a><\/h6>\n<p data-v-02830d79>SQL injection script for Microsoft SQL Server.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"mx-takeover on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/4c4dc7558b5d4a8e2cd69bf7424cce41.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/mx-takeover\" data-v-02830d79>mx-takeover<\/a><\/h6>\n<p data-v-02830d79>Focuses DNS MX records and detects misconfigured MX records.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"Naabu on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/ef6d7a0fa708c2bfc3e9bb0e353c0a69.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/naabu\" data-v-02830d79>Naabu<\/a><\/h6>\n<p data-v-02830d79>A fast port scanner written in go with a focus on reliability and simplicity.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"NahamSec on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/9934e36b9b61ec8be91b118017d47344.png\" data-v-02830d79><\/p>\n<\/p><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"Namechk on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/124a6ddb1805c1d5dd82cc33fe2378d2.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/namechk\" data-v-02830d79>Namechk<\/a><\/h6>\n<p data-v-02830d79>Check usernames on more than 100 websites, forums and social networks.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"Nessus database export on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/1084f65adaf9746449ca17ce285c146a.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/nessus-database-export\" data-v-02830d79>Nessus database export<\/a><\/h6>\n<p data-v-02830d79>Export Nessus results to a relational database for use in reports, analysis, or whatever else.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"Nginxpwner on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/8f6237d8960f59b6f0550082ba048aa5.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/nginxpwner\" data-v-02830d79>Nginxpwner<\/a><\/h6>\n<p data-v-02830d79>Simple tool to look for common Nginx misconfigurations and vulnerabilities.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"Nikto on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/a4f68babbaef9f5e6ed06576e64447f6.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/nikto\" data-v-02830d79>Nikto<\/a><\/h6>\n<p data-v-02830d79>Nikto web server scanner.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"Nmap on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/7ba3dd22d0a55b6425879423b65e0236.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/nmap\" data-v-02830d79>Nmap<\/a><\/h6>\n<p data-v-02830d79>Nmap &#8211; the Network Mapper.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"nmap-query-xml on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/7b054d63c4386e4dbdde70bf5f5ab20d.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/nmap-query-xml\" data-v-02830d79>nmap-query-xml<\/a><\/h6>\n<p data-v-02830d79>A simple program to query nmap XML files in the terminal.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"NoSQL Injector on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/86afd392f5830879e72fba3811206fb6.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/nosql-injector\" data-v-02830d79>NoSQL Injector<\/a><\/h6>\n<p data-v-02830d79>NoSql Injection CLI tool for finding vulnerable websites using MongoDB.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"NoSQLMap on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/b9121ae748b42e2d09559c241b59d2bc.jpg\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/nosqlmap\" data-v-02830d79>NoSQLMap<\/a><\/h6>\n<p data-v-02830d79>Automated NoSQL database enumeration and web application exploitation tool.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"Nozaki on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/eb185e71631958402b969f7e8adcde5f.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/nozaki\" data-v-02830d79>Nozaki<\/a><\/h6>\n<p data-v-02830d79>HTTP fuzzer engine security oriented.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"NSBrute on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/57be2e662081524d3b1175a28598fce3.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/nsbrute\" data-v-02830d79>NSBrute<\/a><\/h6>\n<p data-v-02830d79>Python utility to takeover domains vulnerable to AWS NS Takeover.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"NSDetect on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/637ad34ace341dfc78b184e127829083.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/nsdetect\" data-v-02830d79>NSDetect<\/a><\/h6>\n<p data-v-02830d79>Utility to detect AWS NS Takeover.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"Nuclei on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/b0c6035cd41cf99839e26e3dae0b52b9.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/nuclei\" data-v-02830d79>Nuclei<\/a><\/h6>\n<p data-v-02830d79>Fast and customizable vulnerability scanner based on simple YAML based DSL.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"Nuclei templates on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/e8f69f6a36e6a7a26349d10b2663848e.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/nuclei-templates\" data-v-02830d79>Nuclei templates<\/a><\/h6>\n<p data-v-02830d79>Community curated list of templates for the Nuclei engine to find security vulnerabilities.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"OAUTHScan on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/df26e99c69557eea257c6660886d7dff.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/oauthscan\" data-v-02830d79>OAUTHScan<\/a><\/h6>\n<p data-v-02830d79>Burp Suite Extension useful to verify OAUTHv2 and OpenID security.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"off-by-slash on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/5ed19721bb50adee643334387d79b0e2.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/off-by-slash\" data-v-02830d79>off-by-slash<\/a><\/h6>\n<p data-v-02830d79>Burp extension to detect alias traversal via NGINX misconfiguration at scale.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"Oh365UserFinder on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/4fa807ee29ce9fac6ef1099535556a2c.jpg\" data-v-02830d79><\/p>\n<\/p><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"OneForAll on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/d5c7d31564a1c5f27efe939f9130ee36.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/oneforall\" data-v-02830d79>OneForAll<\/a><\/h6>\n<p data-v-02830d79>A powerful subdomain integration tool.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"open-sesame on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/2c7717b10feb2825a828ac0b5cf46ad8.jpeg\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/open-sesame\" data-v-02830d79>open-sesame<\/a><\/h6>\n<p data-v-02830d79>Contains HackerOne disclosed reports and other bug bounty writeups.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"OpenAPI on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/0a31d96d67e5f50b71d80ec30ea4d5a3.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/openapi\" data-v-02830d79>OpenAPI<\/a><\/h6>\n<p data-v-02830d79>Parse OpenAPI specifications into the BurpSuite for automating RESTful API testing.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"OpenRedireX on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/0664b169bd40fd86b79336d980a58f3c.png\" data-v-02830d79><\/p>\n<\/p><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"OpenVAS on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/456c59f162affed01dc4c51dba2925e3.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/openvas\" data-v-02830d79>OpenVAS<\/a><\/h6>\n<p data-v-02830d79>This repository contains the scanner component for Greenbone Community Edition.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"Oralyzer on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/647726186294459c0f93b66113129bb3.png\" data-v-02830d79><\/p>\n<\/p><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"Osmedeus on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/07a0b16fdeb90553f2d12f9d6796378e.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/osmedeus\" data-v-02830d79>Osmedeus<\/a><\/h6>\n<p data-v-02830d79>A Workflow Engine for Offensive Security<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"OWASP on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/ccb2b9c040308a4470c537b5cb4a01b7.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/owasp\" data-v-02830d79>OWASP<\/a><\/h6>\n<p data-v-02830d79>A nonprofit foundation that works to improve the security of software.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"oxml_xxe on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/6c4e947b281ba74933cae9447c56cf17.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/oxml_xxe\" data-v-02830d79>oxml_xxe<\/a><\/h6>\n<p data-v-02830d79>Embeds XXE\/XML exploits into different filetypes.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"Pacu on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/66f5b824c3f6d06b9c4589aa28e14645.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/pacu\" data-v-02830d79>Pacu<\/a><\/h6>\n<p data-v-02830d79>The exploitation framework designed for testing the security of AWS environments.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"padding-oracle-attacker on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/18f27898990f1d13c645083c6b0dea1a.gif\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/padding-oracle-attacker\" data-v-02830d79>padding-oracle-attacker<\/a><\/h6>\n<p data-v-02830d79>Execute padding oracle attacks with support for concurrent network requests and an elegant UI.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"param-miner on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/1f206572e426e55a7779e2d431ea6a68.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/param-miner\" data-v-02830d79>param-miner<\/a><\/h6>\n<p data-v-02830d79>Identifies hidden, unlinked parameters, useful for finding web cache poisoning vulnerabilities.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"parameth on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/3b63d52129f9c7a735667d91c73d24a7.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/parameth\" data-v-02830d79>parameth<\/a><\/h6>\n<p data-v-02830d79>Brute discover GET and POST parameters.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"ParamPamPam on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/f55c00ca38e48355587f69053297fb72.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/parampampam\" data-v-02830d79>ParamPamPam<\/a><\/h6>\n<p data-v-02830d79>This tool for brute discover GET and POST parameters.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"ParamSpider on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/d3c727d68600f611c1e9f1d201194d46.PNG\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/paramspider\" data-v-02830d79>ParamSpider<\/a><\/h6>\n<p data-v-02830d79>Mining parameters from dark corners of Web Archives.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"Patator on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/dd80bed15cc6544832384f05ed4fd181.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/patator\" data-v-02830d79>Patator<\/a><\/h6>\n<p data-v-02830d79>Multi-purpose brute-forcer, with a modular design and a flexible usage.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"Payloads All The Things on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/e5dbce090337f01adcd6ca3492fec718.png\" data-v-02830d79><\/p>\n<\/p><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"PCredz on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/226821a362bef6444d5a75d5fe10e31f.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/pcredz\" data-v-02830d79>PCredz<\/a><\/h6>\n<p data-v-02830d79>This tool extracts secrets from a pcap file or from a live interface.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"PEAS-ng on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/7c6448e684acf22dfd72cc190ec70227.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/peas-ng\" data-v-02830d79>PEAS-ng<\/a><\/h6>\n<p data-v-02830d79>Privilege Escalation Awesome Scripts SUITE.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"PentesterLab on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/1010922a219bcf4058918b1fe2a9bd84.png\" data-v-02830d79><\/p>\n<\/p><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"PentesterLand on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/4818b47c91bdb7c4ece858d1a8d49c70.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/pentesterland\" data-v-02830d79>PentesterLand<\/a><\/h6>\n<p data-v-02830d79>Sharing knowledge that makes your life as bug hunters and pentesters easier.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"Photon on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/38dc9f63520fa5f2e879ffbd0325fb5b.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/photon\" data-v-02830d79>Photon<\/a><\/h6>\n<p data-v-02830d79>Incredibly fast crawler designed for OSINT.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"PHPGGC on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/db434101fdcfe0b97cbba80b7cebd368.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/phpggc\" data-v-02830d79>PHPGGC<\/a><\/h6>\n<p data-v-02830d79>PHP unserialize() payloads along with a tool to generate them.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"pivotnacci on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/e1511c4717157656d7bade0adde95154.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/pivotnacci\" data-v-02830d79>pivotnacci<\/a><\/h6>\n<p data-v-02830d79>A tool to make socks connections through HTTP agents.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"PortBender on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/c01dcff506afc0b4a10d16b3d3c13add.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/portbender\" data-v-02830d79>PortBender<\/a><\/h6>\n<p data-v-02830d79>A TCP port redirection utility that allows inbound traffic redirection.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"PortSwigger Cross-Site Scripting cheatsheet data. on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/6fd5b24c38a4d06a13ed7d181393cd14.png\" data-v-02830d79><\/p>\n<\/p><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"PostMessage_Fuzz_Tool on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/0e4251dda928fc65e19c3f7d8072d5bf.png\" data-v-02830d79><\/p>\n<\/p><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"postMessage-tracker on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/bbd1c12e15193edd3e55b59af59315ce.png\" data-v-02830d79><\/p>\n<\/p><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"pown.js on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/7506fd6e80a84fa2650ee6f600cbf5db.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/pown.js\" data-v-02830d79>pown.js<\/a><\/h6>\n<p data-v-02830d79>Security testing and exploitation toolkit.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"Print-My-Shell on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/e6fa354b74fb5b8a7d78cc4153107d06.gif\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/print-my-shell\" data-v-02830d79>Print-My-Shell<\/a><\/h6>\n<p data-v-02830d79>Automate the process of generating various reverse shells.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"Prowler on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/6f373005f74eb57691b23309e15965ab.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/prowler\" data-v-02830d79>Prowler<\/a><\/h6>\n<p data-v-02830d79>Open Source Security tool to perform Cloud Security best practices<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"proxify on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/f34cf65ef79e2ed9c9ffaa6aa4c941f4.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/proxify\" data-v-02830d79>proxify<\/a><\/h6>\n<p data-v-02830d79>Swiss Army knife Proxy tool for HTTP(S) traffic capture, manipulation, and replay on the go.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"psudohash on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/368ecbdcf14116e9820df8527ee1fc3b.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/psudohash\" data-v-02830d79>psudohash<\/a><\/h6>\n<p data-v-02830d79>Password list generator for orchestrating brute force attacks.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"puredns on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/8078144f54564065836b155e410c1087.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/puredns\" data-v-02830d79>puredns<\/a><\/h6>\n<p data-v-02830d79>Puredns is a fast domain resolver &#038; subdomain bruteforcing tool.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"pwncat on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/da4c714b89e7f540bdc863b68f031de1.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/pwncat\" data-v-02830d79>pwncat<\/a><\/h6>\n<p data-v-02830d79>Netcat on steroids with many extra features.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"pyBuster on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/36788bfa3e809c899f32a62f546e1dee.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/pybuster\" data-v-02830d79>pyBuster<\/a><\/h6>\n<p data-v-02830d79>A multi-target URL bruteforcer.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"pyfiscan on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/f3152c7260951ebef12dd4e4b53d011b.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/pyfiscan\" data-v-02830d79>pyfiscan<\/a><\/h6>\n<p data-v-02830d79>Free web-application vulnerability and version scanner.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"qsfuzz on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/ce10172ae469db512eb4b62d4327e1aa.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/qsfuzz\" data-v-02830d79>qsfuzz<\/a><\/h6>\n<p data-v-02830d79>qsfuzz is a tool that allows to write simple rules in YAML that define what value to inject<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"qsinject on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/ef5368a60de56ea5a593ed9cc6c99d7a.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/qsinject\" data-v-02830d79>qsinject<\/a><\/h6>\n<p data-v-02830d79>Allows you to quickly substitute query string values with regex matches, one-at-a-time.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"qsreplace on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/3ddc574cd090f59a1ff89e0ab0f8730b.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/qsreplace\" data-v-02830d79>qsreplace<\/a><\/h6>\n<p data-v-02830d79>Accept URLs on stdin, replace all query string values with a user-supplied value.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"Raccoon on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/3cd2556139aab9e6bcb05f5b8fa4b031.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/raccoon\" data-v-02830d79>Raccoon<\/a><\/h6>\n<p data-v-02830d79>A high performance offensive security tool for reconnaissance and vulnerability scanning.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"Race The Web on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/f6a0109b70c6f45292bcae9df435782e.png\" data-v-02830d79><\/p>\n<\/p><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"RacePWN on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/f9c41c3da572a40f2ed48889e8796318.png\" data-v-02830d79><\/p>\n<\/p><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"RainbowCrack on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/bef3cc76b5e4cfd662a13ec453e835d9.png\" data-v-02830d79><\/p>\n<\/p><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"rate-limit-checker on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/704b2f4f48fba904c5bedd59cc02c2b4.png\" data-v-02830d79><\/p>\n<\/p><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"Reaver on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/9ac38afaa7b928e7eb7756758ecbd6cd.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/reaver\" data-v-02830d79>Reaver<\/a><\/h6>\n<p data-v-02830d79>Implements a brute force attack against Wifi Protected Setup (WPS) registrar PINs.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"recollapse on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/b5b7ea19c7b510725b373d151f00469b.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/recollapse\" data-v-02830d79>recollapse<\/a><\/h6>\n<p data-v-02830d79>REcollapse is a helper tool for black-box regex fuzzing to bypass validations<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"Recon-ng on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/9668cc26286f91e70529ed5b06d40bc6.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/recon-ng\" data-v-02830d79>Recon-ng<\/a><\/h6>\n<p data-v-02830d79>OSINT tool aimed at reducing the time spent harvesting information from open sources.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"reconFTW on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/27b29b6841e8d963959e67cb2a2c2096.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/reconftw\" data-v-02830d79>reconFTW<\/a><\/h6>\n<p data-v-02830d79>Runs the best set of tools to perform scanning and finding out vulnerabilities on a target domain.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"ReconNess on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/781d1ca21127e392882b6753f79fd700.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/reconness\" data-v-02830d79>ReconNess<\/a><\/h6>\n<p data-v-02830d79>Continuous recon and pipeline tools setup.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"RecurseBuster on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/f5231ebfb4bfc82c2aff5648e1f3867c.gif\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/recursebuster\" data-v-02830d79>RecurseBuster<\/a><\/h6>\n<p data-v-02830d79>Rapid content discovery tool for recursively querying webservers.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"regulator on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/7bfc043c57c4aff03e709584bc345ce7.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/regulator\" data-v-02830d79>regulator<\/a><\/h6>\n<p data-v-02830d79>Automated learning of regexes for DNS discovery.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"Rekono on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/997140d8b14400593e5994c9d36326f4.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/rekono\" data-v-02830d79>Rekono<\/a><\/h6>\n<p data-v-02830d79>Execute full pentesting processes combining multiple hacking tools automatically.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"related-domains on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/7c1e9222d8e65d5f24f9f7c88ef97e4c.png\" data-v-02830d79><\/p>\n<\/p><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"Rengine on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/d09662eab5a9f153b67531b1b157add8.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/rengine\" data-v-02830d79>Rengine<\/a><\/h6>\n<p data-v-02830d79>Automated reconnaissance framework for webapps, highly configurable streamlined recon process.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"Replicator on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/97e463559ce50d4246627bfd27ddb558.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/replicator\" data-v-02830d79>Replicator<\/a><\/h6>\n<p data-v-02830d79>Burp Suite extension to help developers replicate findings from pentests.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"Request Highlighter on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/b3219310b4e1d523f64ad6336c66ade9.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/request-highlighter\" data-v-02830d79>Request Highlighter<\/a><\/h6>\n<p data-v-02830d79>Burp Suite extension that automatically highlights different HTTP requests.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"Requests-Racer on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/549b0323c1728bdd132e3ac76857cce7.png\" data-v-02830d79><\/p>\n<\/p><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"Retire.js on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/39b17fd9580612acbb7ca53dac613055.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/retire.js\" data-v-02830d79>Retire.js<\/a><\/h6>\n<p data-v-02830d79>Detects the use of JavaScript libraries with known vulnerabilities.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"RevShells on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/b10e37117fb3c20829aac82e7398d7b8.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/revshells\" data-v-02830d79>RevShells<\/a><\/h6>\n<p data-v-02830d79>Hosted Reverse Shell generator with a ton of functionality.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"rexsser on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/40050e432209aff43577496828c1445d.jpeg\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/rexsser\" data-v-02830d79>rexsser<\/a><\/h6>\n<p data-v-02830d79>Burp Suite plugin that extracts keywords from response using and test for reflected XSS.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"RouterSploit on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/5d3377786c87b8ac114f46b04d902569.png\" data-v-02830d79><\/p>\n<\/p><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"RsaCtfTool on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/420a3f4e9368fbdd083c10626dc5e7d7.jpg\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/rsactftool\" data-v-02830d79>RsaCtfTool<\/a><\/h6>\n<p data-v-02830d79>RSA multi-attacks tool: uncypher data from a weak public key and try to recover a private key.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"Rubeus on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/7916182515d1cd6e2184cfb967b42519.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/rubeus\" data-v-02830d79>Rubeus<\/a><\/h6>\n<p data-v-02830d79>Rubeus is a toolkit for Kerberos interaction and abuses.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"Runtime Mobile Security on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/f28ff63d67a5c2a2cad436716d6be80e.png\" data-v-02830d79><\/p>\n<\/p><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"rush on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/4838b88337a78e18e210dd7d003f150a.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/rush\" data-v-02830d79>rush<\/a><\/h6>\n<p data-v-02830d79>A cross-platform command-line tool for executing jobs in parallel.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"RustScan on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/54267ce581f0e87b47bb48581f8adeb8.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/rustscan\" data-v-02830d79>RustScan<\/a><\/h6>\n<p data-v-02830d79>The Modern Port Scanner. Fast, smart, effective.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"Rusty Hog on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/a9c0f056e3225320d1d15609dae52e71.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/rusty-hog\" data-v-02830d79>Rusty Hog<\/a><\/h6>\n<p data-v-02830d79>A suite of secret scanners built in Rust for performance.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"S3 Objects Check on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/58adf021f2251fd7add8d08f0f2b57f6.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/s3-objects-check\" data-v-02830d79>S3 Objects Check<\/a><\/h6>\n<p data-v-02830d79>Whitebox evaluation of effective S3 object permissions, to identify publicly accessible files.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"s3-buckets-finder on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/48b05988cf7f12a3c57e1d447450bb28.png\" data-v-02830d79><\/p>\n<\/p><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"S3BucketList on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/e7ffe59ae22fc92b89b3d0f60ece3607.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/s3bucketlist\" data-v-02830d79>S3BucketList<\/a><\/h6>\n<p data-v-02830d79>Firefox plugin that lists Amazon S3 Buckets found in requests.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"s3cario on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/213625ad95986bc11408902a3d222e65.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/s3cario\" data-v-02830d79>s3cario<\/a><\/h6>\n<p data-v-02830d79>Performs buckets checks from a given list of subdomains.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"S3Cruze on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/8a58405fe728c207d0ff3e3ae0c2ead8.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/s3cruze\" data-v-02830d79>S3Cruze<\/a><\/h6>\n<p data-v-02830d79>All-in-one AWS S3 bucket tool.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"s3reverse on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/09990cc5629c05e27064a2cff48394d6.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/s3reverse\" data-v-02830d79>s3reverse<\/a><\/h6>\n<p data-v-02830d79>The format of various S3 buckets is convert in one format.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"S3Scanner on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/ea28d164baddbb4fd1d145240adb52da.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/s3scanner\" data-v-02830d79>S3Scanner<\/a><\/h6>\n<p data-v-02830d79>Scan for open S3 buckets and dump the contents.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"s3tk on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/b67f8aa6ec1a14cb6622ce17bac2bced.gif\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/s3tk\" data-v-02830d79>s3tk<\/a><\/h6>\n<p data-v-02830d79>A security toolkit for Amazon S3.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"S3Viewer on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/1a3d7358494514ad165f0968a4290e26.gif\" data-v-02830d79><\/p>\n<\/p><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"safecopy on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/416aec84f3a541541a08f8e560b28577.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/safecopy\" data-v-02830d79>safecopy<\/a><\/h6>\n<p data-v-02830d79>Burp Extension for copying requests safely.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"Sandcastle on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/35c6f335b01a9229f514185cfb09cff3.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/sandcastle\" data-v-02830d79>Sandcastle<\/a><\/h6>\n<p data-v-02830d79>A Python script for AWS S3 bucket enumeration.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"scan-check-builder on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/a8e36d15b8ff7e25af345ac5854b3487.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/scan-check-builder\" data-v-02830d79>scan-check-builder<\/a><\/h6>\n<p data-v-02830d79>Burp Suite extension which helps to improve the active and passive scanner by yourself.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"ScanCannon on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/fe6f75db4de419544852b5a7f46cdde9.jpeg\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/scancannon\" data-v-02830d79>ScanCannon<\/a><\/h6>\n<p data-v-02830d79>Combines the speed of masscan with the reliability and detailed enumeration of nmap.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"Scilla on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/5e825eba94ba24498925e2290320074e.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/scilla\" data-v-02830d79>Scilla<\/a><\/h6>\n<p data-v-02830d79>Information Gathering tool &#8211; DNS \/ Subdomains \/ Ports \/ Directories enumeration.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"Scout on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/d16a20d275c94609de86ac76f0c64349.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/scout\" data-v-02830d79>Scout<\/a><\/h6>\n<p data-v-02830d79>Discover a web server&#8217;s undisclosed files, directories and VHOSTs.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"ScrapeIn on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/cf2063b96c636b606f4d705bc2ef30d7.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/scrapein\" data-v-02830d79>ScrapeIn<\/a><\/h6>\n<p data-v-02830d79>Harvest employee email addresses from a specific company through LinkedIn.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"ScreenShooter on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/7c0c2c4427aa9ff0a7787c81feef95f9.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/screenshooter\" data-v-02830d79>ScreenShooter<\/a><\/h6>\n<p data-v-02830d79>Convert your masscan\/subdomain-scan results into screenshots for better analysis.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"Screenshoteer on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/c587d941fa3fefd661b5319347493880.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/screenshoteer\" data-v-02830d79>Screenshoteer<\/a><\/h6>\n<p data-v-02830d79>Makes web screenshots and mobile emulations from the command line.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"Scrying on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/f540375735eb7b32b4204a635f183b7a.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/scrying\" data-v-02830d79>Scrying<\/a><\/h6>\n<p data-v-02830d79>Collects RDP, web and VNC screenshots all in one place.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"SearchSploit on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/ec25a57a30c5d62375bf0ff0989f37f8.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/searchsploit\" data-v-02830d79>SearchSploit<\/a><\/h6>\n<p data-v-02830d79>Cli tool for Exploit-DB that also allows you to take a copy of Exploit Database with you.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"SecLists on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/8d5c77fe8413001a5412a33b8bfdf63b.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/seclists\" data-v-02830d79>SecLists<\/a><\/h6>\n<p data-v-02830d79>Collection of multiple types of lists used during security assessments, collected in one place.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"Second Order on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/64743cac006f525b32b28d61a9a40cd2.png\" data-v-02830d79><\/p>\n<\/p><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"secret-bridge on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/7a5aefe7c0126e9257198e788a85b6fa.png\" data-v-02830d79><\/p>\n<\/p><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"SecretMagpie on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/81abecc512f66173d2d736dc1d058e9b.png\" data-v-02830d79><\/p>\n<\/p><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"SecurityTrails on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/1699c169fba3a6d363aab339ccde8605.png\" data-v-02830d79><\/p>\n<\/p><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"See-SURF on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/f243413084e81ac58e3c3e5cd3d94c2a.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/see-surf\" data-v-02830d79>See-SURF<\/a><\/h6>\n<p data-v-02830d79>Detect Vulnerable SSRF parameters.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"sentrySSRF on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/a30236be3d3a578591166df66a48cbc7.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/sentryssrf\" data-v-02830d79>sentrySSRF<\/a><\/h6>\n<p data-v-02830d79>Searching for Sentry config on page or in Javascript files and check blind SSRF.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"Shadow Workers on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/54fdcf8bb1bb14708086ae3885551d92.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/shadow-workers\" data-v-02830d79>Shadow Workers<\/a><\/h6>\n<p data-v-02830d79>C2 and proxy designed to help in the exploitation of XSS and malicious Service Workers.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"ShapeShifter on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/b6ea7423ad89e826c44a8ef1a2040c6c.png\" data-v-02830d79><\/p>\n<\/p><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"SharpHose on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/eb95b21271d344daf9ace729ad32b362.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/sharphose\" data-v-02830d79>SharpHose<\/a><\/h6>\n<p data-v-02830d79>Asynchronous password spraying tool for Windows environments.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"Shelling on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/56cf99c130ab631926d157b1e3a797a1.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/shelling\" data-v-02830d79>Shelling<\/a><\/h6>\n<p data-v-02830d79>A comprehensive OS command injection payload generator.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"Shells on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/4f8a9265a43b23520df345d5ab1055fd.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/shells\" data-v-02830d79>Shells<\/a><\/h6>\n<p data-v-02830d79>A script for generating common revshells fast and easily.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"Sherlock on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/91f16822d44108da18018ab6b56fb2fe.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/sherlock\" data-v-02830d79>Sherlock<\/a><\/h6>\n<p data-v-02830d79>Hunt down social media accounts by username across social networks.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"shhgit on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/1a111b07f981b2b2631dab65660db5da.gif\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/shhgit\" data-v-02830d79>shhgit<\/a><\/h6>\n<p data-v-02830d79>Secrets detection for your GitHub, GitLab and Bitbucket repositories.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"Shotlooter on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/e23dd43a45cc70579fa0913be1e2ad30.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/shotlooter\" data-v-02830d79>Shotlooter<\/a><\/h6>\n<p data-v-02830d79>Find sensitive data inside the screenshots uploaded to prnt.sc.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"shuffleDNS on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/9d255bfc15998286419b6beaac40a56d.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/shuffledns\" data-v-02830d79>shuffleDNS<\/a><\/h6>\n<p data-v-02830d79>Enumerate valid subdomains using active bruteforce and DNS resolution.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"Simple Basic Malware Scanner on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/989f319076b11ebf75de314511cb1a19.jpeg\" data-v-02830d79><\/p>\n<\/p><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"SiteBroker on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/709cc865086e0c7fb0ed37ef7a85f044.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/sitebroker\" data-v-02830d79>SiteBroker<\/a><\/h6>\n<p data-v-02830d79>Utility for information gathering and penetration testing automation.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"skipfish on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/b6285cfffa90abf170c0b042cf0e9958.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/skipfish\" data-v-02830d79>skipfish<\/a><\/h6>\n<p data-v-02830d79>Web application security scanner.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"Slack Watchman on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/1481116323dbde2910e992127670f97f.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/slack-watchman\" data-v-02830d79>Slack Watchman<\/a><\/h6>\n<p data-v-02830d79>Monitoring your Slack workspaces for sensitive informations.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"Sleepy Puppy on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/f4362feff5df02480efa57ec1a955a51.png\" data-v-02830d79><\/p>\n<\/p><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"SleuthQL on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/745ebac9b21ebcaeecf31fada23d1e76.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/sleuthql\" data-v-02830d79>SleuthQL<\/a><\/h6>\n<p data-v-02830d79>Burp History parsing tool to discover potential SQL injection points.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"Slurp on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/e59f01f228abd93bd13cca6b9b41d8cb.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/slurp\" data-v-02830d79>Slurp<\/a><\/h6>\n<p data-v-02830d79>A blazing fast &#038; feature rich Amazon S3 bucket enumerator.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"smap on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/4499907a017b7037a39fa15765dca6a1.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/smap\" data-v-02830d79>smap<\/a><\/h6>\n<p data-v-02830d79>A drop-in replacement for Nmap powered by shodan.io.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"SMBploit on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/f16b75a8b9ca5a6a76b360879977dbbb.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/smbploit\" data-v-02830d79>SMBploit<\/a><\/h6>\n<p data-v-02830d79>Offensive tool to scan &#038; exploit vulnerabilities in Windows over SMB using Metasploit.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"Smogcloud on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/69871018eb5b48066ac4aee070676152.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/smogcloud\" data-v-02830d79>Smogcloud<\/a><\/h6>\n<p data-v-02830d79>Find cloud assets that no one wants exposed.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"Smuggler on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/c2f5fbb656e16a059c383c1a41110a31.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/smuggler\" data-v-02830d79>Smuggler<\/a><\/h6>\n<p data-v-02830d79>An HTTP Request Smuggling \/ Desync testing tool.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"Sn1per on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/00d0cb456670b44a6b2a3ac1cec9f28c.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/sn1per\" data-v-02830d79>Sn1per<\/a><\/h6>\n<p data-v-02830d79>Attack Surface Management Platform.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"Sniff-Paste on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/982491451b7ca639feed4b2fdb1ab3e0.png\" data-v-02830d79><\/p>\n<\/p><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"sns on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/ee0a4d66ac8fa6c0bcebe20c92552bd3.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/sns\" data-v-02830d79>sns<\/a><\/h6>\n<p data-v-02830d79>IIS shortname scanner written in Go.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"SonarSearch on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/1f9881d0dc79e7d0afa1ae7e1b9a4e67.png\" data-v-02830d79><\/p>\n<\/p><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"Sourcegraph on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/f54ccbc194e9c44943378c52af0ab822.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/sourcegraph\" data-v-02830d79>Sourcegraph<\/a><\/h6>\n<p data-v-02830d79>Search millions of open source repositories.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"spaces-finder on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/4429b1f2ade707e1844e20352512193b.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/spaces-finder\" data-v-02830d79>spaces-finder<\/a><\/h6>\n<p data-v-02830d79>A tool to hunt for publicly accessible DigitalOcean Spaces.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"SpiderFoot on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/6ba00d51303f6a7a7f32c020059d6f29.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/spiderfoot\" data-v-02830d79>SpiderFoot<\/a><\/h6>\n<p data-v-02830d79>Automates OSINT for threat intelligence and mapping your attack surface.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"Spoofy on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/136d82fd7f7692849ce4f227672688b7.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/spoofy\" data-v-02830d79>Spoofy<\/a><\/h6>\n<p data-v-02830d79>Checks if a list of domains can be spoofed based on SPF and DMARC records.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"SprayCannon on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/656b68d0440caab9daf3535366c7be40.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/spraycannon\" data-v-02830d79>SprayCannon<\/a><\/h6>\n<p data-v-02830d79>Fast multithreaded password spraying tool with backend database.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"SQLi-Hunter on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/c2d543064450c5dbd3684f53beee7466.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/sqli-hunter\" data-v-02830d79>SQLi-Hunter<\/a><\/h6>\n<p data-v-02830d79>Simple HTTP(S) proxy server and a SQLMAP API wrapper that makes digging SQLi easy.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"sqlipy on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/6769c07070d846af03f3482018684df4.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/sqlipy\" data-v-02830d79>sqlipy<\/a><\/h6>\n<p data-v-02830d79>Python plugin for Burp Suite that integrates SQLMap using the SQLMap API.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"SQLiScanner on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/41d8e904b5e582641552e034567a3e1f.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/sqliscanner\" data-v-02830d79>SQLiScanner<\/a><\/h6>\n<p data-v-02830d79>Automatic SQL injection with Charles and sqlmap API.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"SQLiv on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/1eedf6c924029d374fc8a5c09816908a.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/sqliv\" data-v-02830d79>SQLiv<\/a><\/h6>\n<p data-v-02830d79>Massive SQL injection vulnerability scanner.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"sqlmap on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/25552333b8b240591c666e44f533b4f2.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/sqlmap\" data-v-02830d79>sqlmap<\/a><\/h6>\n<p data-v-02830d79>Automatic SQL injection and database takeover tool.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"SqlmapDnsCollaborator on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/d2a1c955808dc1705fc34b065c1415f6.png\" data-v-02830d79><\/p>\n<\/p><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"SQLninja on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/8a37142373a2047b987237cb7633d605.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/sqlninja\" data-v-02830d79>SQLninja<\/a><\/h6>\n<p data-v-02830d79>Exploit SQL Injection vulnerabilities on a web application that uses Microsoft SQL Server.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"SQLRecon on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/1ab9e1e9172682d6b868d86e2ce13946.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/sqlrecon\" data-v-02830d79>SQLRecon<\/a><\/h6>\n<p data-v-02830d79>A C# MS-SQL toolkit designed for offensive reconnaissance and post-exploitation.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"SQLTruncSanner on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/4e5d1f1860a355332a8388ba5fb28709.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/sqltruncsanner\" data-v-02830d79>SQLTruncSanner<\/a><\/h6>\n<p data-v-02830d79>Messy BurpSuite plugin for SQL Truncation vulnerabilities.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"SSH PuTTY login bruteforcer on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/24f9723225ae24ff8fdc13733d0ce32d.png\" data-v-02830d79><\/p>\n<\/p><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"ssh-audit on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/808c40da3a4593b402fb02ae963919b2.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/ssh-audit\" data-v-02830d79>ssh-audit<\/a><\/h6>\n<p data-v-02830d79>SSH server auditing: banner, key exchange, encryption, compatibility, security&#8230;<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"sslscan on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/aa2fc839595379833c950e7f106addf2.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/sslscan\" data-v-02830d79>sslscan<\/a><\/h6>\n<p data-v-02830d79>Tests SSL\/TLS enabled services to discover supported cipher suites.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"SSLyze on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/f41cbab2599c3093b272118b06eca66d.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/sslyze\" data-v-02830d79>SSLyze<\/a><\/h6>\n<p data-v-02830d79>Fast and powerful SSL\/TLS scanning library.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"SSRF Detector on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/05102712b120d94ee7bf75c82b19ec09.png\" data-v-02830d79><\/p>\n<\/p><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"SSRF Sheriff on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/4dfdac937c4599f66e6fe935088af6c3.png\" data-v-02830d79><\/p>\n<\/p><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"SSRFire on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/4d1f08837d31dc8b0e7111e4631010eb.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/ssrfire\" data-v-02830d79>SSRFire<\/a><\/h6>\n<p data-v-02830d79>An automated SSRF finder. Just give the domain name and your server and chill!<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"SSRFmap on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/15beeec075f536e1ccdc1af0c52be785.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/ssrfmap\" data-v-02830d79>SSRFmap<\/a><\/h6>\n<p data-v-02830d79>Automatic SSRF fuzzer and exploitation tool.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"SSRFTest on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/2ad6e1ea1bfd8d90d30b26de8a251e99.png\" data-v-02830d79><\/p>\n<\/p><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"StaCoAn on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/2a0f2112eb5f174c280189637f70db3c.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/stacoan\" data-v-02830d79>StaCoAn<\/a><\/h6>\n<p data-v-02830d79>Crossplatform tool which help to perform static code analysis on mobile applications.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"steghide on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/12596e33b24a2f58e3269bf5be104248.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/steghide\" data-v-02830d79>steghide<\/a><\/h6>\n<p data-v-02830d79>Steganography program that hides secrets in the least significant bits of a file.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"Stepper on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/6f2a837ec9d61b240f48c07aeacb315e.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/stepper\" data-v-02830d79>Stepper<\/a><\/h6>\n<p data-v-02830d79>A natural evolution of Burp Suite&#8217;s Repeater tool.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"ST\u00d6K Fredrik on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/5b1398b62ee968750eaa6147f9f12c23.png\" data-v-02830d79><\/p>\n<\/p><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"sub-domain enumeration techniques on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/cebf432c2205966517761798c0f73481.png\" data-v-02830d79><\/p>\n<\/p><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"Sub3 Suite on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/cbbaffbe2cde47a2bb455a5ab735f6ec.gif\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/sub3-suite\" data-v-02830d79>Sub3 Suite<\/a><\/h6>\n<p data-v-02830d79>A free, open source, cross platform Intelligence gathering tool.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"SubBrute on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/d468f856a36bfe2930e3b7d14515697a.jpeg\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/subbrute\" data-v-02830d79>SubBrute<\/a><\/h6>\n<p data-v-02830d79>A DNS meta-query spider that enumerates DNS records, and subdomains.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"SubDomainizer on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/1a1a1c13718f4aaeaecdc363bffcf727.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/subdomainizer\" data-v-02830d79>SubDomainizer<\/a><\/h6>\n<p data-v-02830d79>A tool to find subdomains and interesting things hidden inside.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"Subfinder on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/78d8814efd28d00e122e2d9f0dd6bc41.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/subfinder\" data-v-02830d79>Subfinder<\/a><\/h6>\n<p data-v-02830d79>Discovery tool that discovers valid subdomains for websites.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"subHijack on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/3ff83d8f9efbf41a0669baa4d4c81325.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/subhijack\" data-v-02830d79>subHijack<\/a><\/h6>\n<p data-v-02830d79>Hijacking forgotten &#038; misconfigured subdomains.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"Subjack on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/f6f0d45097eb2394eb9eb87e22ac50e7.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/subjack\" data-v-02830d79>Subjack<\/a><\/h6>\n<p data-v-02830d79>Subdomain Takeover tool written in Go.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"Sublert on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/6c76439fc405144001604c1201c51b01.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/sublert\" data-v-02830d79>Sublert<\/a><\/h6>\n<p data-v-02830d79>Monitor new subdomains deployed by specific organizations and issued TLS\/SSL certificate.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"Sublist3r on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/ff15df4738366d57f2e16d9d81821b93.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/sublist3r\" data-v-02830d79>Sublist3r<\/a><\/h6>\n<p data-v-02830d79>Fast subdomains enumeration tool for penetration testers.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"SubOver on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/2b25304c8ac21a44d24cb89dcae6eeb3.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/subover\" data-v-02830d79>SubOver<\/a><\/h6>\n<p data-v-02830d79>A Powerful Subdomain Takeover Tool.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"Substr3am on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/c71c88f719c8980a85df5ebc9eb50290.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/substr3am\" data-v-02830d79>Substr3am<\/a><\/h6>\n<p data-v-02830d79>Passive reconnaissance\/enumeration of interesting targets by watching for SSL certificates.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"subzuf on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/1d97432571343d7017ac7fccbdde7529.gif\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/subzuf\" data-v-02830d79>subzuf<\/a><\/h6>\n<p data-v-02830d79>A smart DNS response-guided subdomain fuzzer.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"Sudomy on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/50936bc63ae29a7010feb6bb6e1a446d.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/sudomy\" data-v-02830d79>Sudomy<\/a><\/h6>\n<p data-v-02830d79>Collects subdomains and analyzes domains performing automated reconnaissance.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"SweetPotato on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/be65c5df1698778e56867b15fcc9e47f.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/sweetpotato\" data-v-02830d79>SweetPotato<\/a><\/h6>\n<p data-v-02830d79>A collection of various Windows privilege escalation techniques from service accounts to SYSTEM.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"takeover on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/cd6c61aabc6d70862ac2326eeef05645.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/takeover\" data-v-02830d79>takeover<\/a><\/h6>\n<p data-v-02830d79>A tool for testing subdomain takeover possibilities at a mass scale.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"Teh S3 Bucketeers on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/3d1e4025942e4e897a35fc83ecc4a050.png\" data-v-02830d79><\/p>\n<\/p><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"Th3inspector on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/c3582a7939c38ed8a281bcf6d8443db8.png\" data-v-02830d79><\/p>\n<\/p><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"The Exploit Database on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/4ba7acd505929babca04dfcab2e476dc.png\" data-v-02830d79><\/p>\n<\/p><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"The Social-Engineer Toolkit on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/1c93d5487facb0ab052a14c344e3f175.png\" data-v-02830d79><\/p>\n<\/p><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"The XSS rat on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/0e0872026e800eb453ba3e3674cf2bcd.png\" data-v-02830d79><\/p>\n<\/p><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"TheftFuzzer on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/95764e3d51b3a4d2dce06ec0ab9fe80b.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/theftfuzzer\" data-v-02830d79>TheftFuzzer<\/a><\/h6>\n<p data-v-02830d79>Fuzz Cross-Origin Resource Sharing implementations for common misconfigurations.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"theHarvester on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/cdbcfa8821375466d033781aba675b2f.png\" data-v-02830d79><\/p>\n<\/p><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"tko-subs on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/0ef1d896cb9488895510d8ea0e641f6a.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/tko-subs\" data-v-02830d79>tko-subs<\/a><\/h6>\n<p data-v-02830d79>A tool that can help detect and takeover subdomains with dead DNS records.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"TLD Scanner on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/6c74cdc97373696c5c89cccb589ad75a.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/tld-scanner\" data-v-02830d79>TLD Scanner<\/a><\/h6>\n<p data-v-02830d79>Scan all possible TLD&#8217;s for a given domain name.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"tlsx on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/4b404e325ec005d0e841a9faf85090e8.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/tlsx\" data-v-02830d79>tlsx<\/a><\/h6>\n<p data-v-02830d79>Fast and configurable TLS grabber focused on TLS based data collection.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"tplmap on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/9ab07e1e317db079f34a3d445688cf09.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/tplmap\" data-v-02830d79>tplmap<\/a><\/h6>\n<p data-v-02830d79>Server-Side Template Injection and Code Injection Detection and Exploitation Tool.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"Tracy on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/d51bb9351413a05cba6881328bd1ed16.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/tracy\" data-v-02830d79>Tracy<\/a><\/h6>\n<p data-v-02830d79>Assists with finding all sinks and sources of a webapp and display the results in a nice way.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"Transformations on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/ba75b37363c18584d9baccab4a91ed57.jpeg\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/transformations\" data-v-02830d79>Transformations<\/a><\/h6>\n<p data-v-02830d79>Understand how input is transformed on a system, which can help to craft payloads.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"Trishul on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/af44c48b085cce3e2f07c39e2b12740e.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/trishul\" data-v-02830d79>Trishul<\/a><\/h6>\n<p data-v-02830d79>Burp Suite Extension to hunt for common vulnerabilities found in websites.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"TruffleHog on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/baef1abc12a020db352f8cafedd136d8.png\" data-v-02830d79><\/p>\n<\/p><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"TugaRecon on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/cc05e893348dad16ea00966f8d41aea3.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/tugarecon\" data-v-02830d79>TugaRecon<\/a><\/h6>\n<p data-v-02830d79>Subdomains enumeration tool for penetration testers.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"Turbo Intruder on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/23443e303c61dd8a1f7bb191b40167ef.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/turbo-intruder\" data-v-02830d79>Turbo Intruder<\/a><\/h6>\n<p data-v-02830d79>Burp Suite extension for sending large numbers of HTTP requests and analyzing the results.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"Turbolist3r on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/c64bd3951aa6b6a716303b4e6d629b28.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/turbolist3r\" data-v-02830d79>Turbolist3r<\/a><\/h6>\n<p data-v-02830d79>Subdomain enumeration tool with analysis features for discovered domains.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"uncover on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/355d89383cc6db0071d4b084d18356d0.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/uncover\" data-v-02830d79>uncover<\/a><\/h6>\n<p data-v-02830d79>Quickly discover exposed hosts on the internet using multiple search engines.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"unfurl on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/89921530ac9ea90ca33df81b7867b0fa.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/unfurl\" data-v-02830d79>unfurl<\/a><\/h6>\n<p data-v-02830d79>An Entropy-Based Link Vulnerability Tool.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"UploadScanner on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/15e19aa11b28593ece600287f1c514c1.png\" data-v-02830d79><\/p>\n<\/p><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"urlgrab on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/4c3b67c0b56dc15c79c8be4e8ab5faa9.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/urlgrab\" data-v-02830d79>urlgrab<\/a><\/h6>\n<p data-v-02830d79>A golang utility to spider through a website searching for additional links.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"uro on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/d19a0ff8be6338ba9443750cd7b29c26.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/uro\" data-v-02830d79>uro<\/a><\/h6>\n<p data-v-02830d79>Declutters url lists for crawling\/pentesting.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"userefuzz on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/9b5dbe9e5d0967b21c11af2e16a63333.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/userefuzz\" data-v-02830d79>userefuzz<\/a><\/h6>\n<p data-v-02830d79>User-Agent, X-Forwarded-For and Referer SQLI Fuzzer.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"vaf on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/dfec25aa44556cc1e8fb9703efa21e03.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/vaf\" data-v-02830d79>vaf<\/a><\/h6>\n<p data-v-02830d79>Cross-platform very advanced and fast web fuzzer written in nim.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"vaya-ciego-nen on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/27e20a7618e965ad4804bb03d2ec84e1.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/vaya-ciego-nen\" data-v-02830d79>vaya-ciego-nen<\/a><\/h6>\n<p data-v-02830d79>Detect, manage and exploit Blind Cross-site scripting (XSS) vulnerabilities.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"Venom on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/3c4e5df6bb1c12bf0ac99ae196ecf55a.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/venom\" data-v-02830d79>Venom<\/a><\/h6>\n<p data-v-02830d79>Popular Pentesting scanner for SQLi\/XSS\/LFI\/RFI and other Vulns.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"vhosts-sieve on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/ba3ebfd13ff55a203d11c98da9f5b614.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/vhosts-sieve\" data-v-02830d79>vhosts-sieve<\/a><\/h6>\n<p data-v-02830d79>Searching for virtual hosts among non-resolvable domains.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"VHostScan on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/1dd23b1ee8ad19ec8309b1e385b874dd.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/vhostscan\" data-v-02830d79>VHostScan<\/a><\/h6>\n<p data-v-02830d79>Virtual host scanner that performs reverse lookups.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"Virtual host scanner on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/b66239103dc7c983acf034b5f7df91fd.png\" data-v-02830d79><\/p>\n<\/p><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"w3af on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/218eef6d88492125420382710dd75cdb.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/w3af\" data-v-02830d79>w3af<\/a><\/h6>\n<p data-v-02830d79>Web Application Attack and Audit Framework.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"wafw00f on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/63352130d41814860573276558594e59.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/wafw00f\" data-v-02830d79>wafw00f<\/a><\/h6>\n<p data-v-02830d79>Identify and fingerprint Web Application Firewall products protecting a website.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"Wapiti on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/699da42f9b34a356d9dbba9182f6c957.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/wapiti\" data-v-02830d79>Wapiti<\/a><\/h6>\n<p data-v-02830d79>The web-application vulnerability scanner.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"Wappalyzer on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/755c03b8909b8165730c24d25286115e.png\" data-v-02830d79><\/p>\n<\/p><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"Wayback Machine on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/bb84e2e00dcb2a88639f2c3514f14604.png\" data-v-02830d79><\/p>\n<\/p><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"waybackSqliScanner on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/4809618a545f3957208cb3dd59d9bec7.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/waybacksqliscanner\" data-v-02830d79>waybackSqliScanner<\/a><\/h6>\n<p data-v-02830d79>Gather urls from wayback machine then test each GET parameter for SQL injection.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"waybackurls on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/e730b8ad1584ed77246de91138b4fc4e.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/waybackurls\" data-v-02830d79>waybackurls<\/a><\/h6>\n<p data-v-02830d79>Fetch all the URLs that the Wayback Machine knows about for a domain.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"Waymore on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/19f26feb73fb831e165996582e88e9d2.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/waymore\" data-v-02830d79>Waymore<\/a><\/h6>\n<p data-v-02830d79>Find way more from the Wayback Machine!<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"Web Crawler Security Tool on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/b4bf4558745641c0be8d521b6aa5c31d.png\" data-v-02830d79><\/p>\n<\/p><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"webanalyze on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/d4c25e55a10932eef9997f047dc1a5c6.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/webanalyze\" data-v-02830d79>webanalyze<\/a><\/h6>\n<p data-v-02830d79>Uncovers technologies used on websites to automate mass scanning.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"webscreenshot on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/3204b1769e1dc2da4bcd52d8ac1d3104.png\" data-v-02830d79><\/p>\n<\/p><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"websy on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/26b1a4738181387226d1a54a0bc9893e.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/websy\" data-v-02830d79>websy<\/a><\/h6>\n<p data-v-02830d79>Keep an eye on your targets to get quickly notified for any change they push on their server.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"WeirdAAL on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/0e54823cf67b68bbb464d64ee6e1611a.jpeg\" data-v-02830d79><\/p>\n<\/p><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"Wfuzz on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/19c84de5e75013b5cc4650abc53fb5c8.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/wfuzz\" data-v-02830d79>Wfuzz<\/a><\/h6>\n<p data-v-02830d79>Web application fuzzer.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"WhatsMyName on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/5b734f115ac32d01cd94a06a89dd0be4.png\" data-v-02830d79><\/p>\n<\/p><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"WhatWeb on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/e3fd27e545eaed7a5fd65620e11a1e70.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/whatweb\" data-v-02830d79>WhatWeb<\/a><\/h6>\n<p data-v-02830d79>Next generation web scanner.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"Whispers on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/59ab210f4fb37bd3c1112c1ae9842334.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/whispers\" data-v-02830d79>Whispers<\/a><\/h6>\n<p data-v-02830d79>Identify hardcoded secrets in static structured text.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"wifipumpkin3 on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/cede53b722446e9c9c2287e14603114a.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/wifipumpkin3\" data-v-02830d79>wifipumpkin3<\/a><\/h6>\n<p data-v-02830d79>Powerful framework for rogue access point attack.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"wifite on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/46d6c276b49340c82efc4b3f0ce62b48.gif\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/wifite\" data-v-02830d79>wifite<\/a><\/h6>\n<p data-v-02830d79>Runs existing wireless-auditing tools for you. Stop memorizing command arguments &#038; switches!<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"windapsearch on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/eef0d84e6c0f294a0cb13b6d9c7e21e0.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/windapsearch\" data-v-02830d79>windapsearch<\/a><\/h6>\n<p data-v-02830d79>Enumerate users, groups and computers from a Windows domain through LDAP queries.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"Wireshark on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/45fa3ac9de44cdd12891f114e953511d.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/wireshark\" data-v-02830d79>Wireshark<\/a><\/h6>\n<p data-v-02830d79>Network sniffer that captures and analyzes packets off the wire.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"WitnessMe on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/7a7203c5adc48eb25ac5240ae835f1b1.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/witnessme\" data-v-02830d79>WitnessMe<\/a><\/h6>\n<p data-v-02830d79>Web Inventory tool, takes screenshots and provides some extra bells&#038;whistles to make life easier.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"Words Scraper on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/449dee0e9037ea13e71cbea0fcfeb986.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/words-scraper\" data-v-02830d79>Words Scraper<\/a><\/h6>\n<p data-v-02830d79>Selenium based web scraper to generate passwords list.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"WPRecon on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/2ff4388a85a280f1d98177346c57f23a.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/wprecon\" data-v-02830d79>WPRecon<\/a><\/h6>\n<p data-v-02830d79>Tool for the recognition of vulnerabilities and blackbox information for WordPress.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"WPScan on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/01a082793e2e246a71f8299f9d429883.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/wpscan\" data-v-02830d79>WPScan<\/a><\/h6>\n<p data-v-02830d79>WPScan WordPress Security Scanner<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"WPSpider on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/a7e5a658aafd19e1202a09ae3400c835.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/wpspider\" data-v-02830d79>WPSpider<\/a><\/h6>\n<p data-v-02830d79>A centralized dashboard for running and scheduling WordPress scans powered by WPScan utility.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"WSDL Wizard on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/66b32ef9fb13830fd2ba62f259dd95ad.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/wsdl-wizard\" data-v-02830d79>WSDL Wizard<\/a><\/h6>\n<p data-v-02830d79>Burp Suite plugin to detect current and discover new WSDL files.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"X8 on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/79bf1bc99e7fcaf90082a8ced276789b.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/x8\" data-v-02830d79>X8<\/a><\/h6>\n<p data-v-02830d79>Hidden parameters discovery suite.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"XFFenum on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/6d8ed9103343e5a280da3fbc44288cb6.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/xffenum\" data-v-02830d79>XFFenum<\/a><\/h6>\n<p data-v-02830d79>X-Forwarded-For [403 forbidden] enumeration.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"xnLinkFinder on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/0e65ea2eb5ace2f461a4847e461d1d4d.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/xnlinkfinder\" data-v-02830d79>xnLinkFinder<\/a><\/h6>\n<p data-v-02830d79>A python tool used to discover endpoints and potential parameters for a given target.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"xray on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/94215f20122c5f4006065a64fc8e3a64.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/xray\" data-v-02830d79>xray<\/a><\/h6>\n<p data-v-02830d79>Security assessment tool that supports common web security issue scanning and custom PoC.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"XSpear on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/a940b2c4c92ff2b8520daeec331d3f4b.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/xspear\" data-v-02830d79>XSpear<\/a><\/h6>\n<p data-v-02830d79>Powerfull XSS Scanning and Parameter analysis tool&#038;gem.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"XSRFProbe on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/879ed0696167ce3a2f8b5e79db11378c.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/xsrfprobe\" data-v-02830d79>XSRFProbe<\/a><\/h6>\n<p data-v-02830d79>The Prime Cross Site Request Forgery Audit and Exploitation Toolkit.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"XSS Hunter Express on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/e6e328e9319bba4fd275b84f49cc3dfd.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/xss-hunter-express\" data-v-02830d79>XSS Hunter Express<\/a><\/h6>\n<p data-v-02830d79>The fastest way to set up XSS Hunter to test and find blind XSS vulnerabilities.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"XSS Radar on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/5fbc14fa4c79d3f428d37ad535fb11ff.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/xss-radar\" data-v-02830d79>XSS Radar<\/a><\/h6>\n<p data-v-02830d79>A Chrome extension for fast and easy XSS fuzzing.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"Xss-Sql-Fuzz on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/3413e84f8055356384618442c1390d40.jpeg\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/xss-sql-fuzz\" data-v-02830d79>Xss-Sql-Fuzz<\/a><\/h6>\n<p data-v-02830d79>Burp Suite plugin for XSS and SQLi which add our payload to all parameters with one click.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"XSS'OR on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/204d4e039dc216be4903a55bac64100c.png\" data-v-02830d79><\/p>\n<\/p><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"xss2png on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/a41dd5cd1932730fbe6caceadb9ccded.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/xss2png\" data-v-02830d79>xss2png<\/a><\/h6>\n<p data-v-02830d79>PNG IDAT chunks XSS payload generator.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"XSSCon on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/95bc236640cffead4276ffd4867cd081.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/xsscon\" data-v-02830d79>XSSCon<\/a><\/h6>\n<p data-v-02830d79>Simple XSS Scanner tool.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"xsscrapy on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/a31e18613b375ab639556475e940c669.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/xsscrapy\" data-v-02830d79>xsscrapy<\/a><\/h6>\n<p data-v-02830d79>Fast, thorough, XSS\/SQLi spider.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"XSSer on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/ed50b99efb8bf26d6c3ccfbb152034ad.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/xsser\" data-v-02830d79>XSSer<\/a><\/h6>\n<p data-v-02830d79>Automatic framework to detect, exploit and report XSS vulnerabilities in web-based applications.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"XSSMap on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/abe5d3425ea2c1cdc3b9991f92f8599e.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/xssmap\" data-v-02830d79>XSSMap<\/a><\/h6>\n<p data-v-02830d79>Detect XSS vulnerability in Web Applications.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"XSStrike on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/ceb1f2219b403b9790949719a31ca91f.png\" data-v-02830d79><\/p>\n<\/p><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"xssValidator on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/147af13ce7cca65a47f8d614e2178a4f.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/xssvalidator\" data-v-02830d79>xssValidator<\/a><\/h6>\n<p data-v-02830d79>A Burp Intruder extender designed for automation and validation of XSS vulnerabilities.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"XSSwagger on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/67efe7610083f689effc59c9de716c25.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/xsswagger\" data-v-02830d79>XSSwagger<\/a><\/h6>\n<p data-v-02830d79>A simple Swagger-ui scanner that can detect old versions vulnerable to various XSS attacks.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"XXE-FTP on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/fc9edb153cead1b8385349454306c1cd.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/xxe-ftp\" data-v-02830d79>XXE-FTP<\/a><\/h6>\n<p data-v-02830d79>A mini webserver with FTP support for XXE payloads.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"XXEinjector on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/9186a520baace93ab4c5deb050840a20.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/xxeinjector\" data-v-02830d79>XXEinjector<\/a><\/h6>\n<p data-v-02830d79>Exploitation of XXE vulnerability using direct and different out of band methods.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"xxeserv on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/01486143e8b7f750c52f222403b4bab0.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/xxeserv\" data-v-02830d79>xxeserv<\/a><\/h6>\n<p data-v-02830d79>A mini webserver with FTP support for XXE payloads.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"XXExploiter on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/2028251e8320ed5d72cd7a3a6e1faa2e.png\" data-v-02830d79><\/p>\n<\/p><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"Yet Another Robber on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/313a7e67987813302738a4e8a43fdc6d.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/yet-another-robber\" data-v-02830d79>Yet Another Robber<\/a><\/h6>\n<p data-v-02830d79>Yar is a tool for plunderin&#8217; organizations, users and\/or repositories&#8230;<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"Yet Another Sniffer on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/dbd20e3de74a125e83567f0ab500cfb2.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/yet-another-sniffer\" data-v-02830d79>Yet Another Sniffer<\/a><\/h6>\n<p data-v-02830d79>A network analyzer that make easy to extract informations about network traffic.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"Yoga on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/ceb04930ed94b454686a86a05d7eea21.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/yoga\" data-v-02830d79>Yoga<\/a><\/h6>\n<p data-v-02830d79>Your OSINT Graphical Analyzer.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"ysoserial on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/f24cfc3330a4c00e7f5d657dae30ea4f.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/ysoserial\" data-v-02830d79>ysoserial<\/a><\/h6>\n<p data-v-02830d79>Generates payloads that exploit unsafe Java object deserialization.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"ysoserial.net on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/52065497a24961ef50534433d8264323.png\" data-v-02830d79><\/p>\n<div data-v-02830d79>\n<h6 data-v-02830d79><a href=\"http:\/\/offsec.tools\/tool\/ysoserial.net\" data-v-02830d79>ysoserial.net<\/a><\/h6>\n<p data-v-02830d79>Deserialization payload generator for a variety of .NET formatters.<\/p>\n<\/div><\/div>\n<div data-v-02830d79 data-v-b7c37e8a>\n<p><img decoding=\"async\" alt=\"Zed Attack Proxy on offsec.tools\" src=\"http:\/\/offsec.tools\/assets\/img\/tools\/61857f8c60b73365934201293506eb49.png\" data-v-02830d79><\/p>\n<\/p><\/div>\n<\/div>\n<p><a href=\"https:\/\/offsec.tools\/\" class=\"button purchase\" rel=\"nofollow noopener\" target=\"_blank\">Read More<\/a><br \/>\n Tyisha Grisby<\/p>\n","protected":false},"excerpt":{"rendered":"<p>0d1n Tool for automating customized attacks against web applications. ActiveScan++ Extends Burp Suite&#8217;s active and passive scanning capabilities. Acunetix Quickly find and fix the vulnerabilities that put your web applications at risk of attack. ADAPE Script Active Directory assessment and privilege escalation script. ADenum Find misconfiguration through LDAP to exploit weaknesses with Kerberos. ADReaper Enumerate<\/p>\n","protected":false},"author":1,"featured_media":599746,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[118236,46,682],"tags":[],"class_list":{"0":"post-599745","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-offsec","8":"category-technology","9":"category-tools"},"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/posts\/599745","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/comments?post=599745"}],"version-history":[{"count":0,"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/posts\/599745\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/media\/599746"}],"wp:attachment":[{"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/media?parent=599745"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/categories?post=599745"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/tags?post=599745"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}