Weekly newsletter n°1

offsec.tools

A vast collection of security tools for bug bounty, pentest and red teaming

offsec.tools is a vast listing of security tools designed to help pentesters and bug hunters in their daily task. The list is organized by tags and provide a quick search engine. The list is feeded by the author and the community. Anyone can add a tool and be listed as a contributor, feel free to check the GitHub repository.

Welcome to the very first newsletter! For now it contains the list of the tools featured on the website this week, the list of all tools added in the database the last 7 days and the list of the sponsors who really help to build of all this. Thanks to them. Feel free to contact me on Twitter if anything goes wrong.

Go to offsec.tools

Tools featured this week

andor

Blind SQL Injection Tool with Golang.

House

A runtime mobile application analysis toolkit with a Web GUI.

Censys Enumeration

Extract subdomains/emails for a given domain using SSL/TLS certificate dataset on Censys.

Villain

Backdoor generator and multi-session handler for sibling servers and sessions sharing.

Burp-AnonymousCloud

Performs passive scan to identify buckets and test them for publicly accessible vulnerabilities.

uro

Declutters url lists for crawling/pentesting.

FestIN

The powered S3 bucket finder and content discover.

IPRotate

Extension for Burp Suite which uses AWS API Gateway to rotate your IP on every request.

Hack The Box

Massive hacking playground, and infosec community.

gowitness

A golang, web screenshot utility using Chrome Headless.

Tools added this week

	BetterBackdoor
	A backdoor with a multitude of features.

	SUDO_KILLER
	A tool to identify and exploit sudo rules misconfigurations and vulnerabilities.

	smb-scanner
	Samba scanning tool.

	AzureADLateralMovement
	Lateral movement graph for Azure Active Directory.

	weevely3
	Weaponized web shell.

	PhoneInfoga
	Information gathering framework for phone numbers.

	Responder
	Responder is a LLMNR, NBT-NS and MDNS poisoner.

	ikeforce
	Command line IPSEC VPN brute forcing tool for Linux.

	KeyTabExtract
	Extracts Key Values from .keytab files.

	Snaffler
	A tool to help at finding delicious candy needles in a bunch of horrible boring haystacks.

	linuxprivchecker
	A Linux privilege escalation check script.

	RidRelay
	Enumerate usernames on a domain where you have no creds by using SMB relay.

	pypykatz
	Mimikatz implementation in pure Python.

	jackdaw
	Gather gather gather.

	Wordsmith
	Assist with creating tailored wordlists, mostly based on geolocation.

	SimplyEmail
	Email recon made fast and easy, with a framework to build on.

	Rock-ON
	All in one recon tool that just get a single domain name and do all of the work alone.

	RedTeam_toolkit
	Open source Django offensive webapp which is keeping the best tools used in the redteaming.

	web-hacking-toolkit
	A web hacking toolkit.

	smbmap
	A handy SMB enumeration tool.

	celerystalk
	An asynchronous enumeration & vulnerability scanner.

	Graphicator
	Enumerate and extract GraphQL APIs.

	UserEnum
	Domain user enumeration tool.

	reDuh
	Create a TCP circuit through validly formed HTTP requests.

	reGeorg
	Pwn a bastion webserver and create SOCKS proxies through the DMZ.

	Kwetza
	Infect an existing Android application with a Meterpreter payload.

	ADRecon
	Gather information about the Active Directory and generates a report.

	AWSloot
	Pull secrets from an AWS environment.

	Striker
	Offensive information and vulnerability scanner.

	sqlmate
	A friend of SQLmap which will do what you always expected from SQLmap.

	favirecon
	Use favicon.ico to improve your target recon phase.

	Spy Extension
	This Chrome extension will read literally everything it can.

Want more to see more tools?