A vast collection of security tools for bug bounty, pentest and red teaming

Featured tools this week

10 results
socialhunter on offsec.tools
Featured
socialhunter

Crawls the website and finds broken social media links that can be hijacked

#404   #crawler   #endpoints   #second-order   #takeover  

PyExfil on offsec.tools
Featured
PyExfil

Set as many exfiltration, techniques that CAN be used to bypass various.

#c2c   #dns   #exfiltration   #http   #network   #steganography   #wifi  

Vajra on offsec.tools
Featured
Vajra

UI-based tool with multiple techniques for attacking and enumerating Azure and AWS environment.

#aws   #azure   #cloud   #passwords   #subdomains  

brutespray on offsec.tools
Featured
brutespray

Automatically attempts default creds on found services based on Nmap output.

#passwords  

PortSwigger WebSecurity Academy on offsec.tools
Featured
PortSwigger WebSecurity Academy

Free, online web security training from the creators of Burp Suite.

#challenges   #exercices   #learning   #training  

Freddy Deserialization Bug Finder on offsec.tools
Featured
Freddy Deserialization Bug Finder

A Burp Suite extension to aid in detecting and exploiting serialisation libraries/APIs.

#burpsuite   #deserialization   #dotnet   #java  

pyfiscan on offsec.tools
Featured
pyfiscan

Free web-application vulnerability and version scanner.

#cms   #fingerprint   #scanner  

XSSwagger on offsec.tools
Featured
XSSwagger

A simple Swagger-ui scanner that can detect old versions vulnerable to various XSS attacks.

#scanner   #swagger   #xss  

Shadow Workers on offsec.tools
Featured
Shadow Workers

C2 and proxy designed to help in the exploitation of XSS and malicious Service Workers.

#exploits   #xss  

mx-takeover on offsec.tools
Featured
mx-takeover

Focuses DNS MX records and detects misconfigured MX records.

#emails   #subdomains   #subto   #vulnerabilities