View in browser

Weekly newsletter n°24

offsec.tools

A vast collection of security tools for bug bounty, pentest and red teaming
offsec.tools is a vast listing of security tools designed to help pentesters and bug hunters in their daily task. The list is organized by tags and provide a quick search engine. The list is feeded by the author and the community. Anyone can add a tool and be listed as a contributor, feel free to check the GitHub repository.

Go to offsec.tools

Tools featured this week
qsinject
Allows you to quickly substitute query string values with regex matches, one-at-a-time.
Wappalyzer
Identify technology on websites.
MSDAT
Microsoft SQL database attacking tool.
SQLTruncSanner
Messy BurpSuite plugin for SQL Truncation vulnerabilities.
cookie_crimes
Read local Chrome cookies without root or decrypting.
ysoserial.net
Deserialization payload generator for a variety of .NET formatters.
SMBAT
Find secrets in file and secret files among the SMB target shares.
BurpGPT
A Burp Suite extension that integrates OpenAI's GPT to perform an additional passive scan.
Bugcrowd VRT
Bugcrowd’s baseline priority ratings for common security vulnerabilities.
Mr.SIP
SIP-based audit and attack tool.

Tools added last week
SharpC2
Command and Control Framework written in C#.
NimPlant
A light-weight first-stage C2 implant written in Nim.
WeakestLink
Browser extension that extracts users from LinkedIn company pages.
jsluice
Extract URLs, paths, secrets, and other interesting bits from JavaScript.
brute ratel
A customized command and control center for red team and adversary simulation.
jswzl
Improve your web application aecurity testing with rich data from static analysis.

Want more to see more tools?
Go to offsec.tools

Sponsors
You received this email because you signed up on our website.
You can unsubscribe anytime.

Unsubscribe