Free offensive security toolkit for your terminal — reverse shells, encoding, hashing, JWT analysis, nmap building, XSS payloads, SQLi payloads, header security analysis, CVSS scoring, subnet calculation, terminal output formatting, wordlist generation, chmod permissions calculator, and more.
Part of OffSecKit — all tools also available as browser tools.
pip install offseckitOr clone and install locally:
git clone https://github.com/offseckit/osk.git
cd osk
pip install .# Generate a reverse shell
osk revshell -i 10.10.10.10 -l python
# Encode text to Base64
osk encode -o base64-encode "Hello World"
# Identify a hash
osk hash id 5d41402abc4b2a76b9719d911017c592
# Decode a JWT token
osk jwt decode eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...
# Build an nmap command
osk nmap build -t 10.10.10.0/24 --syn --top-ports 1000
# Generate XSS payloads
osk xss gen --context html-attr --action alert
# Generate SQLi payloads
osk sqli gen -d mysql -t union -c 3
# Analyze security headers
curl -sI https://example.com | osk headers analyze
# Calculate a CVSS score
osk cvss calc CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
# Calculate subnet details
osk subnet calc 192.168.1.0/24
# Generate a wordlist with mutations
osk wordlist gen password admin --leet --numbers
# Convert and explain a chmod mode
osk chmod 4755 --explain
# Format terminal output with a styled frame
nmap -sV 10.10.10.10 | osk format render| Command | Description |
|---|---|
osk revshell |
Generate reverse shell one-liners in 12+ languages |
osk encode |
Encode/decode text (Base64, URL, Hex, HTML, Unicode, Binary, ROT13, ...) |
osk hash |
Identify hash types and generate hashes (MD5, SHA1, SHA256, NTLM, ...) |
osk jwt |
Decode and analyze JWT tokens for security issues |
osk nmap |
Build nmap commands with scan types, scripts, timing, and evasion |
osk xss |
Generate context-aware XSS payloads with WAF bypass and encoding |
osk sqli |
Generate SQL injection payloads for MySQL, MSSQL, PostgreSQL, Oracle, SQLite |
osk headers |
Analyze HTTP response headers for security misconfigurations |
osk cvss |
Calculate CVSS 3.1 and 4.0 vulnerability scores |
osk subnet |
Calculate subnet details, split networks, check IP containment |
osk format |
Format and beautify terminal output with styled window frames |
osk wordlist |
Generate custom wordlists with leet speak, case mutations, and password patterns |
osk chmod |
Convert and explain Linux file permissions, list common presets, hunt for setuid binaries |
# Bash reverse shell
osk revshell -i 10.10.10.10 -p 4444
# Python reverse shell with Base64 encoding
osk revshell -i 10.10.10.10 -l python -e base64
# PowerShell reverse shell
osk revshell -i 10.10.10.10 -l powershell
# Show all netcat variants
osk revshell -i 10.10.10.10 -l netcat --all
# List all supported languages
osk revshell list| Flag | Description | Default |
|---|---|---|
-i, --ip |
Attacker IP address | (required) |
-p, --port |
Attacker port | 4444 |
-l, --lang |
Language | bash |
-v, --variant |
Specific variant | first available |
-e, --encoding |
raw, base64, url, double-url |
raw |
--all |
Show all variants | — |
--no-listener |
Hide listener command | — |
# Base64 encode
osk encode -o base64-encode "Hello World"
# URL decode
osk encode -o url-decode "%48%65%6C%6C%6F"
# Chain: Base64 then URL encode
osk encode -o base64-encode -o url-encode "test payload"
# Double URL encode for WAF bypass
osk encode -o url-encode -o url-encode "<script>alert(1)</script>"
# Show intermediate steps
osk encode -o base64-encode -o url-encode -o hex-encode "test" --steps
# Pipe from stdin
echo "secret" | osk encode -o hex-encode
# List all operations
osk encode list# Identify a hash
osk hash id 5d41402abc4b2a76b9719d911017c592
# Generate MD5 + SHA-256 + NTLM
osk hash generate -a md5 -a sha256 -a ntlm "password"
# Generate all default hashes
osk hash generate "hello"
# List supported algorithms
osk hash list# Decode a JWT token
osk jwt decode eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIn0.dozjgNryP4J3jVmNHl0w5N_XgL0n3I9PlFUP0THsR8U
# Analyze for security issues
osk jwt analyze eyJhbGciOiJIUzI1NiIs...
# List supported algorithms
osk jwt algorithms# Quick recon scan
osk nmap preset quick-recon -t 10.10.10.0/24
# Full port SYN scan with service detection
osk nmap build -t 10.10.10.10 --syn --all-ports --service-version
# Stealth scan with evasion
osk nmap build -t 10.10.10.10 --syn --timing T2 --fragment
# List presets
osk nmap presets
# List scan types
osk nmap scans# Generate payloads for HTML attribute context
osk xss gen --context html-attr --action alert
# Generate with WAF bypass encoding
osk xss gen --context js-string --waf cloudflare
# Generate with blocked characters
osk xss gen --context html-tag --block "<" --block ">"
# Show polyglot payloads
osk xss polyglots
# List all contexts
osk xss contexts# Generate UNION-based payloads for MySQL
osk sqli gen -d mysql -t union -c 3
# Generate error-based payloads for MSSQL
osk sqli gen -d mssql -t error-based
# Generate time-blind payloads for PostgreSQL
osk sqli gen -d postgresql -t time-blind
# Generate with WAF bypass (case swap)
osk sqli gen -d mysql -t union --waf case-swap
# Show authentication bypass payloads
osk sqli auth
# List supported databases
osk sqli dbs# Fetch headers directly from a URL
osk headers analyze -u https://example.com
# Pipe headers from curl
curl -sI https://example.com | osk headers analyze
# Read from a file
osk headers analyze -f response-headers.txt
# Output as JSON for CI/CD
osk headers analyze -u https://example.com --json
# List all security headers checked
osk headers list# Calculate CVSS 3.1 score from a vector
osk cvss calc CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
# Calculate CVSS 4.0 score
osk cvss calc CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
# Output as JSON for CI/CD
osk cvss calc CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H --json
# Show common vulnerability presets
osk cvss presets
# Compare two vectors
osk cvss compare CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H# Calculate subnet details from CIDR
osk subnet calc 192.168.1.0/24
# Calculate with JSON output for scripting
osk subnet calc 10.10.10.0/26 --json
# Split a network into equal subnets
osk subnet split 10.0.0.0/16 --into 4
# Check if an IP is within a CIDR range
osk subnet contains 192.168.1.0/24 192.168.1.100
# List all usable hosts in a subnet
osk subnet list 192.168.1.0/28# Render terminal output with a styled window frame
nmap -sV 10.10.10.10 | osk format render
# Render from a file with a custom title
osk format render -f output.txt --title "Nmap Scan Results"
# Add line numbers
cat output.log | osk format render -n --title "Server Logs"
# Strip all ANSI escape codes
cat colored-output.log | osk format strip
# Get output statistics
cat output.log | osk format stats --json# Generate wordlist from base words with case variations
osk wordlist gen password admin
# Enable leet speak mutations
osk wordlist gen password --leet
# Append numbers (0-9) and symbols
osk wordlist gen company --numbers --symbols
# Full mutation suite and save to file
osk wordlist gen company admin john -o wordlist.txt --case --leet --numbers --symbols --suffixes
# Read base words from a file
osk wordlist gen -f base_words.txt --leet --numbers
# Append years instead of single digits
osk wordlist gen company --numbers --number-range years --year-start 2020 --year-end 2026
# Show leet speak mappings
osk wordlist leet# Convert octal to symbolic and back
osk chmod 755
osk chmod rwxr-xr-x
# Explain a setuid binary's mode bit-by-bit
osk chmod 4755 --explain
# Apply POSIX symbolic notation against a base mode
osk chmod 644 --apply u+x
osk chmod 755 --apply go-w
# Detect risky permissions only
osk chmod 777 --warnings
# Output JSON for scripting
osk chmod 4755 --json
# List common permission presets (755, 644, 600, 1777, 4755, ...)
osk chmod presets
# Print find(1) recipes for privesc hunting
osk chmod hunt- Python 3.8+
- OffSecKit — free browser-based security toolkit
- Reverse Shell Generator — browser version
- Encoding Multi-Tool — browser version
- Hash Identifier — browser version
- JWT Decoder — browser version
- Nmap Builder — browser version
- XSS Generator — browser version
- Header Security Analyzer — browser version
- CVSS Calculator — browser version
- Subnet Calculator — browser version
- SQLi Payload Generator — browser version
- CLI Output Formatter — browser version
- Wordlist Generator — browser version
- Chmod Calculator — browser version
MIT