View in browser

Weekly newsletter n°11

offsec.tools

A vast collection of security tools for bug bounty, pentest and red teaming
offsec.tools is a vast listing of security tools designed to help pentesters and bug hunters in their daily task. The list is organized by tags and provide a quick search engine. The list is feeded by the author and the community. Anyone can add a tool and be listed as a contributor, feel free to check the GitHub repository.

This week I changed a little bit the model so by now tools can have several links and several images. Because of that I had to update the format of the issue on GitHub so take care to read the new guidelines.

I also setted public analytics so everyone can see how things goes :)

Happy reading!
Go to offsec.tools

Tools featured this week
MicroBurst
A collection of scripts for assessing Microsoft Azure security.
docem
Utility to embed XXE and XSS payloads in docx, odt, pptx...
PentesterLand
Sharing knowledge that makes your life as bug hunters and pentesters easier.
WitnessMe
Web Inventory tool, takes screenshots and provides some extra bells&whistles to make life easier.
Wappalyzer
Identify technology on websites.
dnscat2
Create an encrypted command-and-control (C&C) channel over the DNS protocol.
EMBA
The security analyzer for firmware of embedded devices.
gau
Fetch known URLs from several sources.
recollapse
REcollapse is a helper tool for black-box regex fuzzing to bypass validations
ADRT
Active Directory Report Tool.

Tools added last week
webpalm
A tool that traverses a website and generates a tree of all the webpages and their links.
NanoDump
A flexible tool that creates a minidump of the LSASS process.
hrekt
A really fast HTTP prober.
subnerium
A fast passive subdomain enumeration tool that uses various sources to gather data.
SharpSCCM
A post-exploitation tool designed to leverage Microsoft Endpoint Configuration Manager.
Go365
Go365 performs user enumeration and password guessing attacks on organizations that use Office365.
haktrails
Golang client for querying SecurityTrails API data.
MSOLSpray
A password spraying tool for Microsoft Online accounts (Azure/O365).
s3cXSSer
This extension will help you to detect GET/POST based XSS vulnerability in any website easily.
certmon
A simple certificate expiration monitor script.
Pymeta
Search the web for files on a domain to download and extract metadata.
CTFd
A Capture The Flag framework focusing on ease of use and customizability.
SpiderSuite
Advanced web spider/crawler for cyber security professionals.
hakip2host
Takes a list of IP addresses then does a series of checks to return associated domain names.
hakoriginfinder
Discover the origin host behind a reverse proxy, useful for bypassing cloud WAFs!.
hakfindinternaldomains
Feed it a list of subdomains, it will resolve them and tell you which ones are internal.
haklistgen
Turns any junk text into a usable wordlist for brute-forcing.
PowerMeta
Searches for publicly available files hosted on various websites for a particular domain.

Want more to see more tools?
Go to offsec.tools

Sponsors
You received this email because you signed up on our website.
You can unsubscribe anytime.

Unsubscribe