ARS3NAL v1.0.0
First stable release. ARS3NAL is an offline arsenal for pentesters and bug bounty hunters: payloads, click-to-build commands, GTFOBins, scripts, checklists, and one search across everything. Fully offline, RU/EN.
What's new in 1.0
📜 Scripts module
110 full, copy-paste-and-run pentest scripts (Python / Bash / JS / HTML PoC) across 27 categories: boolean / time / error / UNION blind SQLi extractors, JWT forging, SSRF & XXE OOB listeners, IDOR matrices, recon pipelines, cloud / k8s probes, CVE PoCs and more. Filterable by group and language, each with its dependencies, parameters and safety badges. RU and EN.
⭐ Favorites everywhere
Star any payload, command, GTFOBin, script or Burp page from its reader and find it all under Favorites.
🎯 Consistent target substitution
Set your target / LHOST once; {TARGET}/{LHOST}, the *_IP placeholders and example hosts now resolve the same way across Payloads and Commands.
💾 Safer backups
A backup now contains only your personal layer (custom entries, favorites, notes, checklist progress, engagements). Restoring no longer wipes the bundled reference content.
Plus a pass of UX and audit fixes
- Copy buttons fixed on long, horizontally-scrolling code blocks.
- Checklist payload suggestions reworked for better coverage and fewer duplicates.
- Recon command builders, command-builder mode fixes, the command palette opens Scripts and Notes, and many smaller fixes throughout.
Live demo: https://inflictx.github.io/Arsenal/