🔒SecurityRepoIndex
🎯

Offensive Security

Tools for pentesting, red teaming, vuln assessment

89 tools in this category

AutoSploit

PythonMIT

4.0

AI automated exploit framework with target analysis

5,200 starsMultiple
Offensive SecurityExploitationOpen Source

Metasploit Framework

RubyBSD-3-Clause

4.6

The de-facto exploitation framework — a massive library of payloads and exploit modules with a consistent console

38,554 starsExploitation / Post-Exploitation
Offensive SecurityExploitationOpen Source

SQLMap

PythonGPL-2.0

4.5

The standard, automatic SQL injection exploitation tool — detect, fingerprint and dump databases through a vulnerable parameter

37,862 starsInitial Access / Exploitation
Offensive SecurityExploitationOpen Source

Nuclei

GoMIT

4.7

Template-driven vulnerability scanner that fires thousands of community-maintained checks against live hosts in minutes

29,704 starsVulnerability Analysis / Initial Access recon
Offensive SecurityVulnerability ScannerOpen Source

Burp Suite Community

JavaProprietary (free tier)

4.5

The free edition of the industry-standard web pentest proxy — manual intercept, repeater and intruder (throttled) for hands-on testing

0 starsVulnerability Analysis
Offensive SecurityWeb ScanningFree

Impacket

PythonMIT

4.9

Python network protocol classes

14,000 starsMultiple
Offensive SecurityExploitationOpen Source

BloodHound

GoApache-2.0

4.8

Maps Active Directory attack paths so you can see — and prove — how a low-priv user becomes Domain Admin

3,183 starsPrivilege Escalation / Lateral Movement / Domain Dominance
Offensive SecurityActive DirectoryOpen Source

Social Engineer Toolkit

PythonMIT

5.0

Social engineering framework

28,000 starsMultiple
Offensive SecurityExploitationOpen Source

Gophish

PythonMIT

4.7

Phishing simulation platform

12,000 starsMultiple
Offensive SecurityExploitationOpen Source

Dirsearch

PythonMIT

4.7

Web path brute-forcer

12,000 starsMultiple
Offensive SecurityExploitationOpen Source

BetterCAP

C/PythonMIT

5.0

Network Swiss army knife

15,000 starsMultiple
Offensive SecurityExploitationOpen Source

CrackMapExec

PythonMIT

4.5

Post-exploitation AD tool

10,000 starsMultiple
Offensive SecurityExploitationOpen Source

Atomic Red Team

PythonMIT

4.5

Library of 2000+ ATT&CK tests

10,000 starsMultiple
Offensive SecurityExploitationOpen Source

ffuf

GoMIT

4.7

Fast web fuzzer

12,000 starsMultiple
Offensive SecurityExploitationOpen Source

Gobuster

GoMIT

4.5

Directory/DNS brute-forcer

9,500 starsMultiple
Offensive SecurityExploitationOpen Source

HTTPx

GoMIT

4.2

HTTP prober

7,500 starsMultiple
Offensive SecurityExploitationOpen Source

Feroxbuster

GoMIT

4.1

Rust directory brute-forcer

6,000 starsMultiple
Offensive SecurityExploitationOpen Source

ReconFTW

PythonMIT

4.1

Automated reconnaissance pipeline

6,000 starsMultiple
Offensive SecurityExploitationOpen Source

Evilginx2

PythonMIT

4.6

MITM phishing framework

11,000 starsMultiple
Offensive SecurityExploitationOpen Source

Caldera

PythonMIT

4.0

Adversary emulation platform

5,200 starsMultiple
Offensive SecurityExploitationOpen Source

Sn1per

PythonMIT

4.3

Automated recon scanner

8,000 starsMultiple
Offensive SecurityExploitationOpen Source

Osmedeus

PythonMIT

4.0

Offensive security framework

5,500 starsMultiple
Offensive SecurityExploitationOpen Source

Commix

PythonMIT

3.9

Automated command injection

4,000 starsMultiple
Offensive SecurityExploitationOpen Source

XSSer

C/PythonMIT

3.8

Automated XSS detection

2,500 starsMultiple
Offensive SecurityExploitationOpen Source

Weevely3

PythonMIT

3.8

PHP web shell

3,100 starsMultiple
Offensive SecurityExploitationOpen Source

Pupy

PythonMIT

4.4

Cross-platform RAT

9,000 starsMultiple
Offensive SecurityExploitationOpen Source

Merlin

GoMIT

4.0

HTTP/2 C2 agent

5,500 starsMultiple
Offensive SecurityExploitationOpen Source

Sliver

C/PythonMIT

4.3

Multi-user implant framework

8,000 starsMultiple
Offensive SecurityExploitationOpen Source

Havoc

PythonMIT

4.2

Modern post-exploitation framework

7,000 starsMultiple
Offensive SecurityExploitationOpen Source

Mythic

PythonMIT

4.0

Collaborative red team framework

4,500 starsMultiple
Offensive SecurityExploitationOpen Source

Invoke-Mimikatz

PythonMIT

3.9

PowerShell credential extraction

3,500 starsMultiple
Offensive SecurityExploitationOpen Source

Modlishka

PythonMIT

4.0

Reverse proxy phishing

5,000 starsMultiple
Offensive SecurityExploitationOpen Source

King Phisher

C/PythonMIT

3.8

Phishing campaign tool

2,500 starsMultiple
Offensive SecurityExploitationOpen Source

BeEF

PythonMIT

4.5

Browser exploitation framework

10,000 starsMultiple
Offensive SecurityExploitationOpen Source

Rubeus

PythonMIT

4.2

Kerberos abuse toolkit

6,500 starsMultiple
Offensive SecurityExploitationOpen Source

SharpHound

PythonMIT

3.9

BloodHound data collector

3,800 starsMultiple
Offensive SecurityExploitationOpen Source

Certipy

PythonMIT

3.7

AD CS exploitation tool

1,800 starsMultiple
Offensive SecurityExploitationOpen Source

Kerbrute

PythonMIT

3.8

Kerberos brute-forcing

2,500 starsMultiple
Offensive SecurityExploitationOpen Source

Responder

PythonMIT

3.9

LLMNR/NBT-NS poisoner

3,500 starsMultiple
Offensive SecurityExploitationOpen Source

Ettercap

C/PythonMIT

3.9

Man-in-the-middle suite

4,000 starsMultiple
Offensive SecurityExploitationOpen Source

Armitage

C/PythonMIT

4.0

Metasploit GUI

5,000 starsMultiple
Offensive SecurityExploitationOpen Source

Faraday

PythonMIT

4.0

Collaborative pentest platform

5,500 starsMultiple
Offensive SecurityExploitationOpen Source

Naabu

GoMIT

4.0

Fast port scanner

4,500 starsMultiple
Offensive SecurityExploitationOpen Source

Katana

GoMIT

3.9

Web crawling framework

3,500 starsMultiple
Offensive SecurityExploitationOpen Source

Gau

GoMIT

3.9

URL fetcher from Wayback Machine

4,000 starsMultiple
Offensive SecurityExploitationOpen Source

Waybackurls

GoMIT

3.9

Wayback Machine URL fetcher

3,500 starsMultiple
Offensive SecurityExploitationOpen Source

Findomain

GoMIT

3.6

Subdomain finder

1,500 starsMultiple
Offensive SecurityExploitationOpen Source

Assetfinder

GoMIT

3.7

Subdomain finder

2,000 starsMultiple
Offensive SecurityExploitationOpen Source

Shuffledns

GoMIT

3.8

MassDNS wrapper

3,000 starsMultiple
Offensive SecurityExploitationOpen Source

DNSX

GoMIT

3.8

DNS toolkit

2,500 starsMultiple
Offensive SecurityExploitationOpen Source

AlterX

GoMIT

3.6

Subdomain permutation generator

1,000 starsMultiple
Offensive SecurityExploitationOpen Source

ParamSpider

PythonMIT

3.8

Parameter mining tool

2,500 starsMultiple
Offensive SecurityExploitationOpen Source

GF-Patterns

PythonMIT

3.7

Greppable patterns

2,000 starsMultiple
Offensive SecurityExploitationOpen Source

CORStest

PythonMIT

3.5

CORS misconfiguration scanner

400 starsMultiple
Offensive SecurityExploitationOpen Source

Smuggler

PythonMIT

3.8

HTTP request smuggling tester

3,000 starsMultiple
Offensive SecurityExploitationOpen Source

Turbo Intruder

PythonMIT

4.1

High-speed HTTP fuzzer

6,000 starsMultiple
Offensive SecurityExploitationOpen Source

Autorize

PythonMIT

3.8

Authorization testing Burp ext

2,500 starsMultiple
Offensive SecurityExploitationOpen Source

Param Miner

PythonMIT

3.7

Unhidden parameter discovery Burp ext

2,000 starsMultiple
Offensive SecurityExploitationOpen Source

SecretFinder

PythonMIT

3.9

Secret finder in JavaScript

4,000 starsMultiple
Offensive SecurityExploitationOpen Source

LinkFinder

PythonMIT

3.9

JS endpoint extractor

3,500 starsMultiple
Offensive SecurityExploitationOpen Source

Retire.js

JavaScriptMIT

3.9

Vulnerable JS library scanner

3,500 starsMultiple
Offensive SecurityExploitationOpen Source

Velociraptor

GoAGPL-3.0

4.6

Endpoint visibility and DFIR at scale using VQL — query live hosts and hunt across a fleet in one language

4,070 starsDetection / Response / IR
Offensive SecurityDFIROpen Source

Semgrep

PythonMIT

4.7

Static analysis for 30+ languages

12,000 starsMultiple
Offensive SecurityOpen Source

OWASP ZAP

JavaApache-2.0

4.4

The open-source web app security scanner (DAST) — proxy, spider, active/passive scanning and a baseline you can CI

15,391 starsVulnerability Analysis
Offensive SecurityWeb ScanningOpen Source

SonarQube Community

MultipleMIT

4.5

Code quality and security

10,000 starsMultiple
Offensive SecurityOpen Source

Bandit

PythonMIT

4.2

Python security linter

6,500 starsMultiple
Offensive SecurityOpen Source

ESLint Security

JavaScriptMIT

3.9

JS security analysis

4,000 starsMultiple
Offensive SecurityOpen Source

FindSecBugs

PythonMIT

3.9

Java security audit plugin

3,500 starsMultiple
Offensive SecurityOpen Source

Nikto

C/PythonMIT

4.4

Web server scanner

9,000 starsMultiple
Offensive SecurityOpen Source

Autopsy

PythonMIT

3.8

Digital forensics platform

3,000 starsMultiple
Offensive SecurityOpen Source

Sleuth Kit

C/PythonMIT

3.8

File system analysis tools

2,500 starsMultiple
Offensive SecurityOpen Source

Volatility

PythonGPL-2.0

4.3

The open-source memory forensics framework — analyze a RAM dump to reveal what was actually running

8,042 starsIR / DFIR
Offensive SecurityDFIRMalware Analysis

RegRipper

PythonMIT

3.6

Windows registry analysis

1,500 starsMultiple
Offensive SecurityOpen Source

Bulk Extractor

C/PythonMIT

3.6

Extract emails, URLs, CCs from disk images

1,200 starsMultiple
Offensive SecurityOpen Source

Log2Timeline

PythonMIT

3.7

Super timeline creation

2,000 starsMultiple
Offensive SecurityOpen Source

Timesketch

MultipleMIT

3.8

Collaborative timeline analysis

2,500 starsMultiple
Offensive SecurityOpen Source

Redline

PythonMIT

3.6

Free IR endpoint triage

1,500 starsMultiple
Offensive SecurityOpen Source

Ghidra

PythonMIT

4.0

NSA reverse engineering tool

5,000 starsMultiple
Offensive SecurityOpen Source

Radare2

PythonMIT

4.0

Framework for reverse engineering

4,500 starsMultiple
Offensive SecurityOpen Source

YARA

C/PythonMIT

4.3

Pattern matching for malware researchers

8,000 starsMultiple
Offensive SecurityOpen Source

Capa

PythonMIT

3.9

Automated capability detection for malware

4,000 starsMultiple
Offensive SecurityOpen Source

MalwareBazaar

PythonMIT

3.6

Share and search malware samples

1,500 starsMultiple
Offensive SecurityOpen Source

Cuckoo Sandbox

PythonMIT

3.9

Automated malware analysis sandbox

3,500 starsMultiple
Offensive SecurityOpen Source

VirusTotal CLI

PythonMIT

3.6

Command-line interface to VirusTotal

1,200 starsMultiple
Offensive SecurityOpen Source

Wapiti

PythonMIT

3.7

Black-box web app scanner

2,000 starsMultiple
Offensive SecurityOpen Source

Skipfish

C/PythonMIT

3.8

Web app security scanner

2,500 starsMultiple
Offensive SecurityOpen Source

Nuclei Templates

PythonMIT

4.4

Community-driven vulnerability templates

9,000 starsMultiple
Offensive SecurityExploitationOpen Source

Metasploit Modules

PythonMIT

3.5

Community Metasploit modules

500 starsMultiple
Offensive SecurityExploitationOpen Source

FuzzDB

PythonMIT

3.9

Wordlist and payload database for fuzzing

4,000 starsMultiple
Offensive SecurityExploitationOpen Source