View in browser

Weekly newsletter n°27

offsec.tools

A vast collection of security tools for bug bounty, pentest and red teaming
offsec.tools is a vast listing of security tools designed to help pentesters and bug hunters in their daily task. The list is organized by tags and provide a quick search engine. The list is feeded by the author and the community. Anyone can add a tool and be listed as a contributor, feel free to check the GitHub repository.

Go to offsec.tools

Tools featured this week
Dirstalk
Multi threaded application designed to brute force paths on web servers.
RDP Scraper
Enumerates users based off RDP Screenshots.
SharpSCCM
A post-exploitation tool designed to leverage Microsoft Endpoint Configuration Manager.
BlackWidow
Web application scanner to gather OSINT and fuzz for OWASP vulnerabilities on a target website.
graphql-path-enum
Lists the different ways of reaching a given type in a GraphQL schema.
Tamper Dev
Allows you to intercept and edit HTTP/HTTPS requests and responses.
FuzzDB
Attack patterns and primitives for black-box application fault injection and resource discovery.
Turbo Intruder
Burp Suite extension for sending large numbers of HTTP requests and analyzing the results.
Burp Suite
The class-leading vulnerability scanning, penetration testing, and web app security platform.
sub-domain enumeration techniques
Esoteric sub-domain enumeration techniques - Bugcrowd LevelUp

Tools added last week
Tool capa
The FLARE team's open-source tool to identify capabilities in executable files.
TEx
Telegram Explorer created to help researchers, investigators and law enforcement agent.
PersistenceSniper
Hunt persistences implanted in Windows machines.
Inspeckage
Android package inspector.
DivideAndScan
Divide full port scan results and use it for targeted Nmap runs.
HAITI
Hash type identifier.
Locksmith
Detect and fix common misconfigurations in Active Directory Certificate Services.
RustHound
Active Directory data collector for BloodHound written in Rust.
Redacted Request
Enhance the security and confidentiality of HTTP request handling within the Burp Suite.
ScriptSentry
ScriptSentry finds misconfigured and dangerous logon scripts.
Burp-Encode-IP
Burp Suite extension to encode an IP address focused to bypass application IP/domain blacklist.
SBOMb
SBOM parser that performs cursory vulnerability assessment.
SynapsInt
Consulting different intelligence services, search engines and datasets for OSINT.
bbradar.io
Fetches latest bug bounty programs from many platforms and consolidates them in one place.
certmitm
A tool for testing for certificate validation vulnerabilities of TLS connections.

Want more to see more tools?
Go to offsec.tools

Sponsors
You received this email because you signed up on our website.
You can unsubscribe anytime.

Unsubscribe