View in browser

Weekly newsletter n°28

A vast collection of security tools for bug bounty, pentest and red teaming is a vast listing of security tools designed to help pentesters and bug hunters in their daily task. The list is organized by tags and provide a quick search engine. The list is feeded by the author and the community. Anyone can add a tool and be listed as a contributor, feel free to check the GitHub repository.

The tools images have been moved on AWS, which is supposed to help to reduce the loading time.
A sharing module is now available on tools page so you can share them on social networks.
Few design improvements like the video background on some pages.
The design of this newsletter was kind of broken on some mail providers, fixed with CSS tricks, and the search engine was also dead so I repaired it...

Happy hacking my friends :)
Go to

Tools featured this week
Better understand the structure, construction, and security of open source software packages.
Qualys Cloud Platform
The revolutionary architecture that powers Qualys' IT, security, and compliance cloud apps.
REcollapse is a helper tool for black-box regex fuzzing to bypass validations
An extremely fast and flexible web fuzzer.
Vulnerability scanner for mass detection of web-based applications vulnerabilities.
Detect XSS vulnerability in Web Applications.
Automated HTTP Request Repeating With Burp Suite.
Self contained web shells and other attacks via .htaccess files.
Web path scanner.
The global gold standard in vulnerability assessment built for the modern attack surface.

Tools added last week

Simple latest CVE collector written in Python.

Free Certifications
A curated list of free courses & certifications.

Perform permutations, mutations and alteration of subdomains.

Search across 20 million exposed secrets in public GitHub repositories, gists, issues and comments.

NET Decompiler with support for PDB generation, ReadyToRun, Metadata (&more) - cross-platform!.

A comprehensive scanner for Google Cloud.

Truly open-source general purpose vulnerability scanner.

LDAP enumeration tool implemented in Python3.

An all-in-one GitHub open-source intelligence framework.

Find origin servers of websites behind Cloudflare by using Internet-wide scan data from Censys.

Want more to see more tools?

Go to