View in browser

Weekly newsletter n°27

A vast collection of security tools for bug bounty, pentest and red teaming is a vast listing of security tools designed to help pentesters and bug hunters in their daily task. The list is organized by tags and provide a quick search engine. The list is feeded by the author and the community. Anyone can add a tool and be listed as a contributor, feel free to check the GitHub repository.

Go to

Tools featured this week

Multi threaded application designed to brute force paths on web servers.
RDP Scraper
Enumerates users based off RDP Screenshots.
A post-exploitation tool designed to leverage Microsoft Endpoint Configuration Manager.
Web application scanner to gather OSINT and fuzz for OWASP vulnerabilities on a target website.
Lists the different ways of reaching a given type in a GraphQL schema.
Tamper Dev
Allows you to intercept and edit HTTP/HTTPS requests and responses.
Attack patterns and primitives for black-box application fault injection and resource discovery.
Turbo Intruder
Burp Suite extension for sending large numbers of HTTP requests and analyzing the results.
Burp Suite
The class-leading vulnerability scanning, penetration testing, and web app security platform.
sub-domain enumeration techniques
Esoteric sub-domain enumeration techniques - Bugcrowd LevelUp

Tools added last week

Tool capa
The FLARE team's open-source tool to identify capabilities in executable files.

Telegram Explorer created to help researchers, investigators and law enforcement agent.

Hunt persistences implanted in Windows machines.

Android package inspector.

Divide full port scan results and use it for targeted Nmap runs.

Hash type identifier.

Detect and fix common misconfigurations in Active Directory Certificate Services.

Active Directory data collector for BloodHound written in Rust.

Redacted Request
Enhance the security and confidentiality of HTTP request handling within the Burp Suite.

ScriptSentry finds misconfigured and dangerous logon scripts.

Burp Suite extension to encode an IP address focused to bypass application IP/domain blacklist.

SBOM parser that performs cursory vulnerability assessment.

Consulting different intelligence services, search engines and datasets for OSINT.
Fetches latest bug bounty programs from many platforms and consolidates them in one place.

A tool for testing for certificate validation vulnerabilities of TLS connections.

Want more to see more tools?

Go to