View in browser

Weekly newsletter n°13

offsec.tools

A vast collection of security tools for bug bounty, pentest and red teaming
offsec.tools is a vast listing of security tools designed to help pentesters and bug hunters in their daily task. The list is organized by tags and provide a quick search engine. The list is feeded by the author and the community. Anyone can add a tool and be listed as a contributor, feel free to check the GitHub repository.



Dear hackers,

This week has been dedicated to tags. I did a bit of cleaning, many tags have been removed.
The survivors are now classified in 17 categories. Hope this will help you to find the best tools you need to do some magic and find great bugs :)

Happy hacking !
Go to offsec.tools

Tools featured this week
Faraday security
Open source sulnerability management and orchestration platform.
LAZYPARIAH
Generate reverse shell payloads on the fly.
SubOver
A Powerful Subdomain Takeover Tool.
tplmap
Server-Side Template Injection and Code Injection Detection and Exploitation Tool.
qscan
Quick network scanner library.
rexsser
Burp Suite plugin that extracts keywords from response using and test for reflected XSS.
Unicornscan
An asynchronous TCP and UDP port scanner.
NSDetect
Utility to detect AWS NS Takeover.
ShadowSpray
Spray shadow credentials across an entire domain.
eos
Enemies Of Symfony - debug mode Symfony looter.

Tools added last week
DorkGPT
Generate Google dorks with AI.
HTTP-traceroute
HTTP-traceroute in Go.
CSRFT
A lightweight CSRF Toolkit for easy Proof of Concept.
The PenTesters Framework
The Penetration Testers Framework (PTF) is a way for modular support for up-to-date tools.
unicorn
Simple tool for using a PowerShell downgrade attack and inject shellcode into memory.
orpheus
Bypass Kerberoast detections with modified KDC options and encryption types.
deser-node
NodeJS deserialization payload generator.
postmaniac
Postman OSINT tool to extract creds, token, username, email & more from Postman Public Workspaces.
XXElixir
This tool is designed to test for file upload and XXE vulnerabilities by poisoning XLSX files.
c{api}tal
A built-to-be-vulnerable API application based on the OWASP top 10 API vulnerabilities.
Poastal
The Email OSINT tool.
Nishang
Offensive PowerShell for red team, penetration testing and offensive security.
cadaver
Command-line WebDAV client.
google-authenticator-exporter
Get the TOTP secrets exported by Google Authenticator.
badsecrets
A library for detecting known secrets across many web frameworks.
Blacklist3r
Identify usage of pre-shared Machine Keys in a application for encryption and decryption.
web2shell
Automate converting webshells into reverse shells.
CypherDog
PowerShell Cmdlets to interact with BloodHound Data via Neo4j HTTP API.
adPEAS
Powershell tool to automate Active Directory enumeration.
Fresh Resolvers
List of fresh DNS resolvers updated every 12h.
wgen.io
Generate rich wordlists for targeted attacks online.

Want more to see more tools?
Go to offsec.tools

Sponsors
You received this email because you signed up on our website.
You can unsubscribe anytime.

Unsubscribe