OffSecKit

Free, browser-based offensive security tools. 100% client-side — no data leaves your browser.

# Tools

Generate reverse shell one-liners in multiple languages with encoding and obfuscation options.

Soon

Encode and decode Base64, URL, Hex, HTML entities, and more. Chain multiple operations together.

Soon

Identify unknown hash types and generate hashes in MD5, SHA1, SHA256, SHA512, NTLM, and more.

Soon

Decode JWT tokens, inspect headers and payloads, check expiration, and identify weak algorithms.

Soon

Visual builder for nmap commands. Select scan types, flags, and scripts with explanations.

Soon

Context-aware XSS payload generation with WAF bypass variants and filter evasion techniques.

Soon

Analyze HTTP response headers for security misconfigurations with remediation guidance.

Soon

Interactive CVSS 3.1 and 4.0 vector builder with real-time score calculation.

Soon

Calculate network addresses, broadcast addresses, host ranges, and split subnets from CIDR notation.

Soon

Paste terminal output from security tools and generate styled, Dracula-themed screenshots.

OffSecKit is a collection of free, open-source security tools built for pentesters, red teamers, bug bounty hunters, and security professionals.

Every tool runs entirely in your browser. No data is sent to any server. No tracking, no accounts, no BS.

Each tool is also available as a standalone CLI tool on GitHub.