View in browser

Weekly newsletter n°16

offsec.tools

A vast collection of security tools for bug bounty, pentest and red teaming
offsec.tools is a vast listing of security tools designed to help pentesters and bug hunters in their daily task. The list is organized by tags and provide a quick search engine. The list is feeded by the author and the community. Anyone can add a tool and be listed as a contributor, feel free to check the GitHub repository.
Go to offsec.tools

Tools featured this week
wmiexec-Pro
The new generation of wmiexec.py with all operations performed on port 135 for antivirus evasion.
CloudBrute
Awesome cloud enumerator.
yersinia
A framework for layer 2 attacks.
nipper-ng
Network infrastructure configuration parser.
repo-supervisor
Scan your code for security misconfiguration, search for passwords and secrets.
Findomain
The complete solution for domain recognition.
ShapeShifter
GraphQL security testing tool.
NSDetect
Utility to detect AWS NS Takeover.
hakip2host
Takes a list of IP addresses then does a series of checks to return associated domain names.
autopwn
Specify targets and run sets of tools against them.

Tools added last week
GTFOArgs
Unix binaries that can be manipulated for argument injection.
LOLBAS
Living Off The Land Binaries, Scripts and Libraries.
SQLiDetector
Helps you to detect SQL injection "Error based" by sending multiple requests.
Sshimpanzee
Reverse shell based on sshd supporting DNS and ICMP tunnelling as well as HTTP and Socks proxies.
APKLeaks
Scanning APK file for URIs, endpoints & secrets.
SubScraper
Perform subdomain enumeration through various techniques and retrieve detailed output.
Shellcrypt
A QoL tool to obfuscate shellcode.
GeoWordlists
Generate wordlists of passwords containing cities at a defined distance around the client city.
TLDHunt
Domain availability checker.
RegStrike
RegStrike is a .reg payload generator.
HackBrowserData
Decrypt passwords/cookies/history/bookmarks from the browser.
LOOBins
Living Off the Orchard: macOS Binaries.
subjs
Fetches javascript file from a list of URLS or subdomains.
GTFOBins
Unix binaries that can be used to bypass local security restrictions in misconfigured systems.
Frida
Dynamic instrumentation toolkit for developers, reverse-engineers, and security researchers.
DEFCON
The world’s most prominent and well-known computer security conferences.
BugBountyHunting
Search Bug Bounty writeups easily.

Want more to see more tools?
Go to offsec.tools

Sponsors
You received this email because you signed up on our website.
You can unsubscribe anytime.

Unsubscribe