View in browser

Weekly newsletter n°12

offsec.tools

A vast collection of security tools for bug bounty, pentest and red teaming
offsec.tools is a vast listing of security tools designed to help pentesters and bug hunters in their daily task. The list is organized by tags and provide a quick search engine. The list is feeded by the author and the community. Anyone can add a tool and be listed as a contributor, feel free to check the GitHub repository.



Hello my friends,

This week we passed the thousand bar, this is crazy, thanks to all contributors, you're amazing!!

You may have noticed some pertubations on the website lately, as I was using the server for bug hunting ;) I finally decided to move the application to a dedicated instance on AWS so let me know if it's better or worst...

I also started a bit of cleaning in the tags list. About 50 tags have been deleted, mainly because of typo errors.

That's all for today, see you soon guys!

Gwen.
Go to offsec.tools

Tools featured this week

Pentest Mapper
Burp Suite extension for application pentest to write test cases and map flows and vulnerabilities.
trurl
Command line tool for URL parsing and manipulation.
h2cSmuggler
HTTP Request Smuggling over HTTP/2 Cleartext.
csprecon
Discover new target domains using Content Security Policy.
spaces-finder
A tool to hunt for publicly accessible DigitalOcean Spaces.
GraphQL Beautifier
Burp Suite extension to help make Graphql request more readable.
ysoserial.net
Deserialization payload generator for a variety of .NET formatters.
Sherlock
Hunt down social media accounts by username across social networks.
bucket_finder
DigiNinja's bucket_finder utility.
AllAboutBugBounty
Bug Bounty notes gathered from various sources.

Tools added last week

Kscan
Kscan is an all-round scanner developed purely in Go, with functions such as port scanning, protocol.

Klyda
Highly configurable script for dictionary/spray attacks against online web applications.

John Hammond
John Hammond YouTube channel.

NetworkChuck
Network Chuck YouTube channel.

nuclei-wordfence-cve
Collection of Nuclei templates dedicated to WordPress core, plugins and themes vulnerabilities.

socialhunter
Crawls the website and finds broken social media links that can be hijacked

Haylxon
Blazing-fast tool to grab screenshots of your domain list right from terminal.

deps.dev
Better understand the structure, construction, and security of open source software packages.

bbrf
Help you coordinate your reconnaissance workflows across multiple devices.

octosql
CLI tool which lets you query a plethora of databases and file formats.

BugBountyScanner
A Bash script and Docker image for Bug Bounty reconnaissance, intended for headless use.

Scopein
A Go tool for scope management.

kiterunner
Contextual content discovery tool.

Gowhois
Whois command implemented by golang with awesome whois servers list.

HBSQLI
Automated tool for testing header based blind SQL injection.

Nimbo-C2
Yet another (simple and lightweight) C2 framework.

API fuzzer
Fuzz request attributes using common pentesting techniques and lists vulnerabilities.

evilginx2
Standalone MITM attack framework allowing for the bypass of 2-factor authentication.

Invoke-ADEnum
Automate Active Directory Enumeration using PowerView.

Want more to see more tools?

Go to offsec.tools

Sponsors