The Ultimate Directory for Offensive Security

The eCPPT certification validates practical penetration testing skills, covering reconnaissance, web app testing, exploit development, and Active Directory.

ffuf is a fast web fuzzer written in Go, designed for content discovery and web application security testing.

Garak is an LLM vulnerability scanner that probes for weaknesses like prompt injection, data leakage, hallucination, and toxicity.

GraphQL Server Engine Fingerprinting utility for software security professionals.

World's fastest password recovery utility, supporting CPUs, GPUs, and hardware accelerators on Linux, Windows, and macOS.

hostap is a project providing hostapd, a user space daemon for access point and authentication server functionality, and wpa_supplicant.

Modified hostapd for advanced wifi attacks, enabling rogue access points and sophisticated wireless penetration testing scenarios.

Modified hostapd to facilitate AP impersonation attacks, obtaining client credentials and enabling further attacks.

httpx is a fast and multi-purpose HTTP toolkit for reconnaissance, probing, and information gathering with retries and backoffs.

Ethical hacking toolkit for iOS devices using iSH Shell, providing various security and reconnaissance tools for mobile pen-testing.

Mimikatz is a tool to extract plaintexts passwords, hash, PIN code and kerberos tickets from memory on Windows systems.

A complete runtime environment for GCC & LLVM on Windows (x86, x64, ARM64), enabling native Windows application and library development.