View in browser

Weekly newsletter n°1

offsec.tools

A vast collection of security tools for bug bounty, pentest and red teaming
offsec.tools is a vast listing of security tools designed to help pentesters and bug hunters in their daily task. The list is organized by tags and provide a quick search engine. The list is feeded by the author and the community. Anyone can add a tool and be listed as a contributor, feel free to check the GitHub repository.

Welcome to the very first newsletter! For now it contains the list of the tools featured on the website this week, the list of all tools added in the database the last 7 days and the list of the sponsors who really help to build of all this. Thanks to them. Feel free to contact me on Twitter if anything goes wrong.
Go to offsec.tools

Tools featured this week

andor
Blind SQL Injection Tool with Golang.
House
A runtime mobile application analysis toolkit with a Web GUI.
Censys Enumeration
Extract subdomains/emails for a given domain using SSL/TLS certificate dataset on Censys.
Villain
Backdoor generator and multi-session handler for sibling servers and sessions sharing.
Burp-AnonymousCloud
Performs passive scan to identify buckets and test them for publicly accessible vulnerabilities.
uro
Declutters url lists for crawling/pentesting.
FestIN
The powered S3 bucket finder and content discover.
IPRotate
Extension for Burp Suite which uses AWS API Gateway to rotate your IP on every request.
Hack The Box
Massive hacking playground, and infosec community.
gowitness
A golang, web screenshot utility using Chrome Headless.

Tools added this week

BetterBackdoor
A backdoor with a multitude of features.

SUDO_KILLER
A tool to identify and exploit sudo rules misconfigurations and vulnerabilities.

smb-scanner
Samba scanning tool.

AzureADLateralMovement
Lateral movement graph for Azure Active Directory.

weevely3
Weaponized web shell.

PhoneInfoga
Information gathering framework for phone numbers.

Responder
Responder is a LLMNR, NBT-NS and MDNS poisoner.

ikeforce
Command line IPSEC VPN brute forcing tool for Linux.

KeyTabExtract
Extracts Key Values from .keytab files.

Snaffler
A tool to help at finding delicious candy needles in a bunch of horrible boring haystacks.

linuxprivchecker
A Linux privilege escalation check script.

RidRelay
Enumerate usernames on a domain where you have no creds by using SMB relay.

pypykatz
Mimikatz implementation in pure Python.

jackdaw
Gather gather gather.

Wordsmith
Assist with creating tailored wordlists, mostly based on geolocation.

SimplyEmail
Email recon made fast and easy, with a framework to build on.

Rock-ON
All in one recon tool that just get a single domain name and do all of the work alone.

RedTeam_toolkit
Open source Django offensive webapp which is keeping the best tools used in the redteaming.

web-hacking-toolkit
A web hacking toolkit.

smbmap
A handy SMB enumeration tool.

celerystalk
An asynchronous enumeration & vulnerability scanner.

Graphicator
Enumerate and extract GraphQL APIs.

UserEnum
Domain user enumeration tool.

reDuh
Create a TCP circuit through validly formed HTTP requests.

reGeorg
Pwn a bastion webserver and create SOCKS proxies through the DMZ.

Kwetza
Infect an existing Android application with a Meterpreter payload.

ADRecon
Gather information about the Active Directory and generates a report.

AWSloot
Pull secrets from an AWS environment.

Striker
Offensive information and vulnerability scanner.

sqlmate
A friend of SQLmap which will do what you always expected from SQLmap.

favirecon
Use favicon.ico to improve your target recon phase.

Spy Extension
This Chrome extension will read literally everything it can.

Want more to see more tools?

Go to offsec.tools

Sponsors