OffensiveSecurity Toolkit

A curated collection of offensive security tools, exploits, and scripts for penetration testing and security research.

If you enjoy this repository and want more advanced red teaming resources, OSWE-focused code snippets, private tooling, and exclusive offensive security content, check out https://strikoder/coffee.

Access is available through the Red Teamer subscription tier and includes private repositories, OSWE code snippets, advanced material, and additional offensive security resources.

Repository Structure

Bug Bounty

Tools for web application security testing and bug hunting:

• webEnum.sh - Web enumeration automation script
• xssAI.sh - AI-assisted XSS detection and exploitation

CVEs & Exploits

Proof-of-concept exploits for known vulnerabilities (check readme in the folder).

Web & Reverse Shells

Various reverse shell implementations:

• ASP/ASPX - asp_rev_shell.aspx, cmd-asp-5.1.asp, cmdasp.asp, cmdasp.aspx
• PowerShell - Invoke-ConPtyShell.ps1, Invoke-PowerShellTcp.ps1, powercat.ps1
• PHP - php-reverse-shell.php, simple-backdoor.PHP
• WordPress - rev-shell-wp-plugin.zip

Scripts & Utilities

• commands - Useful command references
• enum - Enumeration scripts and tools
• turbo_intruder.py - High-speed HTTP request fuzzer
• check_disabled_functions.php - PHP function restrictions checker
• dotfiles.sh - Environment setup script

---

Remember: With great power comes great responsibility. Hack ethically. 🛡️