View in browser

Weekly newsletter n°3

offsec.tools

A vast collection of security tools for bug bounty, pentest and red teaming
offsec.tools is a vast listing of security tools designed to help pentesters and bug hunters in their daily task. The list is organized by tags and provide a quick search engine. The list is feeded by the author and the community. Anyone can add a tool and be listed as a contributor, feel free to check the GitHub repository.

Features currently in the pipe:
- tools ratings
- tools reviews
- newsletter history
- load on scroll
- images improvement
- tools details improvement

Check the GitHub issues list to see more or drop your opinion so we could focus on what is the most important for you :)
Go to offsec.tools

Tools featured this week
SSRF Sheriff
A simple SSRF-testing sheriff written in Go.
p0f
Identify the operating system of a target host simply by examining captured packets.
PyCript
Bypass client-side encryption using custom logic for testing with Python and NodeJS.
Scilla
Information Gathering tool - DNS / Subdomains / Ports / Directories enumeration.
GoLinkFinder
A fast and minimal JS endpoint extractor.
bypasswaf
Add headers to all Burp requests to bypass some WAF products.
CeWL
Custom Word List Generator.
nipper-ng
Network infrastructure configuration parser.
l0phtcrack
Crack Windows passwords from hashes.
DataExtractor
A Burp Suite extension to extract data from source code while browsing.

Tools added this week
CDK
Make security testing of K8s, Docker, and Containerd easier.
jsfinder
Fetches JavaScript files quickly and comprehensively from a defined list of URLs or domains.
EAPHammer
Targeted attacks against WPA2-Enterprise networks, wireless pivots using hostile portal attacks.
katoolin3
Get your favourite Kali Linux tools on Debian/Ubuntu/Linux Mint.
Phishery
An SSL enabled basic auth credential harvester with a Word document template URL injector.
CDN Proxy
Create a copy of a targeted website with CDN and WAF restrictions disabled.
WinPwnage
UAC bypass, Elevate, Persistence methods.
catphish
Generate similar-looking domains for phishing attacks.
GCPBucketBrute
Enumerate Google Storage buckets, check the access and if they can be privilege escalated.
RedHunt-OS
Virtual machine for adversary emulation and threat hunting.
securityonion
Free and open platform for threat hunting, enterprise security monitoring, and log management.
litefuzz
A multi-platform fuzzer for poking at userland binaries and servers.
Vegile
Post exploitation tool to maintain some level of acces.
Microsploit
Quickly and easily create backdoor Office exploitation using module Metasploit packet.
FiercePhish
Full-fledged phishing framework to manage all phishing engagements.
radare2
UNIX-like reverse engineering framework and command-line toolset.
FakeImageExploiter
Use a Fake image.jpg to exploit targets (hide known file extensions).
SMBetray
Attack clients through file content swapping and compromise any data passed in cleartext.

Want more to see more tools?
Go to offsec.tools

Sponsors
You received this email because you signed up on our website.
You can unsubscribe anytime.

Unsubscribe