Weekly newsletter n°4

offsec.tools

A vast collection of security tools for bug bounty, pentest and red teaming

offsec.tools is a vast listing of security tools designed to help pentesters and bug hunters in their daily task. The list is organized by tags and provide a quick search engine. The list is feeded by the author and the community. Anyone can add a tool and be listed as a contributor, feel free to check the GitHub repository.

Today a kind word for my sponsors who support my work and make the things possible. Eurico Nicacio is the last on the list and he is also a good contributors as he added many great tools. Thanks guys for all your support, I truely appreciate ❤️

Go to offsec.tools

Tools featured this week

gospider

Fast web spider written in Go.

WinPwnage

UAC bypass, Elevate, Persistence methods.

WMEye

Post exploitation tool that uses WMI event filter and MSBuild execution for lateral movement.

Burp-AnonymousCloud

Performs passive scan to identify buckets and test them for publicly accessible vulnerabilities.

kxss

Adaption of tomnomnom's kxss tool with a different output format.

fuzzagotchi

A fuzzing tool written in Go. It helps your pentesting journey.

VBad

VBA obfuscation tools combined with an MS Office document generator .

CTFR

Abusing Certificate Transparency logs for getting HTTPS websites subdomains.

HTTPoxy Scanner

A Burp Suite extension that checks for the HTTPoxy vulnerability.

TruffleHog

Find credentials all over the place.

Tools added last week

	MSDAT
	Microsoft SQL database attacking tool.

	NTLMRecon
	Enumerate information from NTLM authentication enabled web endpoints.

	WMEye
	Post exploitation tool that uses WMI event filter and MSBuild execution for lateral movement.

	SMBeagle
	Fileshare auditing tool.

	nuclei-burp-plugin
	A Burp Suite plugin intended to help with Nuclei template generation.

	PowerSploit
	A PowerShell Post-Exploitation Framework.

	dumpcreds
	May be used to extract various credentials from running processes.

	VBad
	VBA obfuscation tools combined with an MS Office document generator .

	windows-privesc-check
	Standalone executable to check for simple privilege escalation vectors.

	unix-privesc-check
	Shell script to check for simple privilege escalation vectors on Unix systems.

	AWSGoat
	A damn vulnerable AWS infrastructure.

	AzureGoat
	A damn vulnerable Azure infrastructure.

	DVWS
	Vulnerable application with a web service and an API.

	Vampi
	Vulnerable REST API with OWASP top 10 vulnerabilities for security testing.

	DVCA
	Damn vulnerable cloud application.

	moniorg
	Leverage crt.sh website to monitor domains of a target.

Want more to see more tools?