#Offensive-security

Showing 60 of 265 repositories tagged #offensive-security, ranked by stars

x64dbg
x64dbg
x64dbg

An open-source user mode debugger for Windows. Optimized for reverse engineering and malware analysis.

Score
100
โ˜… 48.8k โ‘‚ 2.8k +40/day
C++
usestrix
usestrix
strix

Open-source AI penetration testing tool to find and fix your appโ€™s vulnerabilities.

Score
100
โ˜… 39.8k โ‘‚ 4.2k +443/day
Python
vxcontrol
vxcontrol
pentagi

Fully autonomous AI Agents system capable of performing complex penetration testing tasks

Score
100
โ˜… 18.5k โ‘‚ 2.5k +414/day
Go
ihebski
ihebski
DefaultCreds-cheat-sheet

One place for all the default credentials to assist the Blue/Red teamers identifying devices with default password ๐Ÿ›ก๏ธ

Score
90
โ˜… 6.6k โ‘‚ 780 +3/day
Python
infinition
infinition
Bjorn

Bjorn is a powerful network scanning and offensive security tool for the Raspberry Pi with a 2.13-inch e-Paper HAT. It discovers network targets, identifies open ports, exposed services, and potential vulnerabilities. Bjorn can perform brute force attacks, file stealing, host zombification, and supports custom attack scripts.

Score
80
โ˜… 6.1k โ‘‚ 358 +11/day
Python
nicocha30
nicocha30
ligolo-ng

An advanced, yet simple, tunneling/pivoting tool that uses a TUN interface.

Score
80
โ˜… 4.7k โ‘‚ 445 +12/day
Go
t3l3machus
t3l3machus
Villain

Villain is a high level stage 0/1 C2 framework that can handle multiple reverse TCP & HoaxShell-based shells, enhance their functionality with additional features (commands, utilities) and share them among connected sibling servers (Villain instances running on different machines).

Score
91
โ˜… 4.4k โ‘‚ 691 โ€”
Python
skerkour
skerkour
black-hat-rust

Applied offensive security with Rust - https://kerkour.com/black-hat-rust

Score
100
โ˜… 4.4k โ‘‚ 434 โ€”
Rust
0xsyr0
0xsyr0
OSCP

OSCP Cheat Sheet

Score
100
โ˜… 3.8k โ‘‚ 775 +4/day
PowerShell
evyatarmeged
evyatarmeged
Raccoon

A high performance offensive security tool for reconnaissance and vulnerability scanning

Score
99
โ˜… 3.8k โ‘‚ 473 +28/day
Python
0xsyr0
0xsyr0
Awesome-Cybersecurity-Handbooks

A huge chunk of my personal notes since I started playing CTFs and working as a Red Teamer.

Score
99
โ˜… 3.8k โ‘‚ 547 +34/day
0x4D31
0x4D31
awesome-oscp

A curated list of awesome OSCP resources

Score
89
โ˜… 3.4k โ‘‚ 720 โ€”
codingo
codingo
NoSQLMap

Automated NoSQL database enumeration and web application exploitation tool.

Score
98
โ˜… 3.3k โ‘‚ 625 โ€”
Python
mikeroyal
mikeroyal
Digital-Forensics-Guide

Digital Forensics Guide. Learn all about Digital Forensics, Computer Forensics, Mobile device Forensics, Network Forensics, and Database Forensics.

Score
87
โ˜… 2.9k โ‘‚ 353 +9/day
Python
aydinnyunus
aydinnyunus
Keylogger

Get Keyboard,Mouse,ScreenShot,Microphone Inputs from Target Computer and Send to your Mail.

Score
60
โ˜… 2.8k โ‘‚ 550 +3/day
Python
x90skysn3k
x90skysn3k
brutespray

Fast, multi-protocol credential brute-forcer. Parses Nmap, Nessus, and Nexpose output to automatically test default and custom credentials across 30+ protocols.

Score
60
โ˜… 2.5k โ‘‚ 434 โ€”
Go
codingo
codingo
Reconnoitre

A security tool for multithreaded information gathering and service enumeration whilst building directory structures to store results, along with writing out recommendations for further testing.

Score
84
โ˜… 2.2k โ‘‚ 454 +2/day
Python
skavngr
skavngr
rapidscan

:new: The Multi-Tool Web Vulnerability Scanner.

Score
83
โ˜… 2.1k โ‘‚ 433 +26/day
Python
Armur-Ai
Armur-Ai
Pentest-Swarm-AI

Autonomous penetration testing using a swarm of AI agents. Orchestrates recon, classification, exploitation, and reporting specialists with ReAct reasoning โ€” supports bug bounty, continuous monitoring, and CTF modes. Built with Go, Claude API, and 7+ native security tools.

Score
98
โ˜… 2.0k โ‘‚ 401 +24/day
Go
0xSteph
0xSteph
pentest-ai-agents

Turn Claude Code into your offensive security research assistant. Specialized AI subagents for authorized penetration testing plan engagements, analyze recon, research exploits, build detections, audit STIGs, and write reports.

Score
97
โ˜… 2.0k โ‘‚ 388 +30/day
Shell
joaoviictorti
joaoviictorti
RustRedOps

Repository for advanced Red Team techniques focused on Rust

Score
75
โ˜… 1.9k โ‘‚ 215 +2/day
Rust
tokyoneon
tokyoneon
Chimera

Chimera is a PowerShell obfuscation script designed to bypass AMSI and commercial antivirus solutions.

Score
78
โ˜… 1.6k โ‘‚ 255 โ€”
PowerShell
Viralmaniar
Viralmaniar
BigBountyRecon

BigBountyRecon tool utilises 58 different techniques using various Google dorks and open source tools to expedite the process of initial reconnaissance on the target organisation.

Score
79
โ˜… 1.6k โ‘‚ 290 +4/day
C#
BlackSnufkin
BlackSnufkin
LitterBox

A self-hosted sandbox for red teams to test payloads against modern detection before deployment. MCP integration lets an LLM agent drive analysis end to end.

Score
96
โ˜… 1.5k โ‘‚ 166 +4/day
YARA
urbanadventurer
urbanadventurer
username-anarchy

Username tools for penetration testing

Score
76
โ˜… 1.4k โ‘‚ 165 +5/day
Ruby
JesseCHale
JesseCHale
HaleHound-CYD

ESP32-DIV HaleHound Edition for Cheap Yellow Display - Multi-protocol offensive security toolkit

Score
97
โ˜… 1.4k โ‘‚ 105 +8/day
codingo
codingo
VHostScan

A virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, work around wildcards, aliases and dynamic default pages.

Score
77
โ˜… 1.3k โ‘‚ 239 +1/day
Python
0xSteph
0xSteph
pentest-ai

Offensive-security MCP server with 205 wrapped tools, 17 specialist agents, and 60 SPA-aware probes for OWASP Top 10. CLI + MCP, BYO LLM. No API key needed on MCP path.

Score
97
โ˜… 1.3k โ‘‚ 246 +26/day
Python
CyberStrikeus
CyberStrikeus
CyberStrike

AI-powered offensive security agent with 7,300+ actionable security skills. Autonomous pentesting powered by MITRE ATT&CK (2,000+ Atomic tests), CIS Benchmarks (1,500+ controls), OWASP, NIST. Lazy-loading, zero context pollution. Your AI red team.

Score
96
โ˜… 1.2k โ‘‚ 192 +75/day
TypeScript
Zeyad-Azima
Zeyad-Azima
Offensive-Resources

A Huge Learning Resources with Labs For Offensive Security Players

Score
93
โ˜… 1.2k โ‘‚ 244 +1/day
loseys
loseys
BlackMamba

C2/post-exploitation framework

Score
50
โ˜… 1.2k โ‘‚ 178 โ€”
Python
ForbiddenProgrammer
ForbiddenProgrammer
conti-pentester-guide-leak

Leaked pentesting manuals given to Conti ransomware crooks

Score
74
โ˜… 1.1k โ‘‚ 262 +1/day
Batchfile
SaadAhla
SaadAhla
FilelessPELoader

Loading Remote AES Encrypted PE in memory , Decrypted it and run it

Score
73
โ˜… 1.0k โ‘‚ 197 โ€”
C++
bountyyfi
bountyyfi
lonkero

Lonkero - Wraps around your attack surface. Professional-grade scanner for real penetration testing. Fast. Modular. Rust.

Score
88
โ˜… 965 โ‘‚ 80 +4/day
Rust
Syslifters
Syslifters
OffSec-Reporting

Offensive Security OSCP+, OSEP, OSWP, OSWA, OSWE, OSED, OSMR, OSEE, OSDA, OSIR, OSTH Exam and Lab Reporting / Note-Taking Tool

Score
83
โ˜… 929 โ‘‚ 117 โ€”
goshs-labs
goshs-labs
goshs

Feature-rich single-binary file server for red teamers and developers. HTTP/S ยท WebDAV ยท FTP/SFTP ยท SMB ยท LDAP/S ยท NTLM hash capture ยท DNS/SMTP callbacks ยท TLS ยท Auth ยท Share links. A powerful python3 -m http.server replacement.

Score
40
โ˜… 924 โ‘‚ 53 +20/day
Go
UCYBERS
UCYBERS
Awesome-Blackhat-Tools

A curated list of tools officially presented at Black Hat events

Score
95
โ˜… 915 โ‘‚ 90 +96/day
six2dez
six2dez
OSCP-Human-Guide

My own OSCP guide

Score
72
โ˜… 854 โ‘‚ 225 +2/day
ivan-sincek
ivan-sincek
penetration-testing-cheat-sheet

Work in progress...

Score
94
โ˜… 829 โ‘‚ 165 โ€”
PHP
FuzzingLabs
FuzzingLabs
secpipe

MCP server for AI-driven security pipelines

Score
93
โ˜… 798 โ‘‚ 95 โ€”
Python
uphiago
uphiago
recon-skills

156 offensive security skills for recon and pentest. Field-validated techniques from 600+ targets across 45+ sectors. Updated with browser fingerprint evasion, anti-bot bypass, hardcoded credential hunting, SCADA/ICS enumeration.

Score
95
โ˜… 723 โ‘‚ 138 +146/day
Python
FuzzingLabs
FuzzingLabs
mcp-security-hub

A growing collection of MCP servers bringing offensive security tools to AI assistants. Nmap, Ghidra, Nuclei, SQLMap, Hashcat and more.

Score
92
โ˜… 717 โ‘‚ 93 +15/day
Python
ASCIT31
ASCIT31
Dark-Moon

Autonomous AI pentesting engine performing continuous offensive security across web, cloud, AD and Kubernetes. Uses agentic reasoning, real exploit execution and attack path analysis to deliver proof-based vulnerabilities.

Score
94
โ˜… 703 โ‘‚ 124 +48/day
Python
urbanadventurer
urbanadventurer
urlcrazy

Generate and test domain typos and variations to detect and perform typo squatting, URL hijacking, phishing, and corporate espionage.

Score
70
โ˜… 686 โ‘‚ 107 +3/day
Ruby
KiExitDispatcher
KiExitDispatcher
GoRedOps

๐Ÿฆซ | GoRedOps is a repository dedicated to gathering and sharing advanced techniques and offensive malware for Red Team, with a specific focus on the Go programming language, all is made for educational purpoeses only.

Score
0
โ˜… 669 โ‘‚ 95 โ€”
Go
Frissi0n
Frissi0n
GTFONow

Automatic privilege escalation for misconfigured capabilities, sudo and suid binaries using GTFOBins.

Score
93
โ˜… 636 โ‘‚ 74 โ€”
Python
The-Viper-One
The-Viper-One
Pentest-Everything

A collection of CTF write-ups, pentesting topics, guides and notes. Notes compiled from multiple sources and my own lab research. Topics also support OSCP, Active Directory, CRTE, eJPT and eCPPT.

Score
77
โ˜… 615 โ‘‚ 123 โ€”
TupleType
TupleType
awesome-cicd-attacks

Practical resources for offensive CI/CD security research. Curated the best resources I've seen since 2021.

Score
92
โ˜… 608 โ‘‚ 57 +3/day
ivan-sincek
ivan-sincek
php-reverse-shell

PHP shells that work on Linux OS, macOS, and Windows OS.

Score
90
โ˜… 565 โ‘‚ 161 +2/day
PHP
abhisharma404
abhisharma404
vault

swiss army knife for hackers

Score
67
โ˜… 552 โ‘‚ 98 โ€”
Python
ivan-sincek
ivan-sincek
wifi-penetration-testing-cheat-sheet

Work in progress...

Score
67
โ˜… 545 โ‘‚ 87 โ€”
ttpreport
ttpreport
ligolo-mp

Multiplayer pivoting solution

Score
90
โ˜… 524 โ‘‚ 55 โ€”
Go
frizb
frizb
Vanquish

Vanquish is Kali Linux based Enumeration Orchestrator. Vanquish leverages the opensource enumeration tools on Kali to perform multiple active information gathering phases.

Score
68
โ˜… 516 โ‘‚ 132 +3/day
Python
edoardottt
edoardottt
csprecon

Discover new target domains using Content Security Policy

Score
20
โ˜… 515 โ‘‚ 52 โ€”
Go
georgesotiriadis
georgesotiriadis
Chimera

Automated DLL Sideloading Tool With EDR Evasion Capabilities

Score
40
โ˜… 507 โ‘‚ 57 โ€”
Python
Zarcolio
Zarcolio
flipperzero

This repo contains my own Ducky/BadUSB scripts, related PowerShell scripts and other Flipper Zero related stuff.

Score
60
โ˜… 496 โ‘‚ 30 +1/day
PowerShell
ivan-sincek
ivan-sincek
android-penetration-testing-cheat-sheet

Work in progress...

Score
89
โ˜… 484 โ‘‚ 75 โ€”
JavaScript
verylazytech
verylazytech
OSCP-Resources

A comprehensive collection of resources, tools, tips, and guides for preparing and succeeding in the OSCP (Offensive Security Certified Professional) certification.

Score
65
โ˜… 482 โ‘‚ 103 +5/day
gh0x0st
gh0x0st
Buffer_Overflow

Don't let buffer overflows overflow your mind

Score
66
โ˜… 459 โ‘‚ 118 โ€”
Python
r3vn
r3vn
badKarma

network reconnaissance toolkit

Score
30
โ˜… 437 โ‘‚ 93 โ€”
Python
Related Topics
#penetration-testing#security#hacking#pentesting#cybersecurity#security-tools#oscp#red-team#bug-bounty#osint#infosec#pentest

ยฉ 2026 GitRepoTrend ยท GitHub repositories by topic ยท Updated weekly