View in browser

Weekly newsletter n°40

offsec.tools

A vast collection of security tools for bug bounty, pentest and red teaming
offsec.tools is a vast listing of security tools designed to help pentesters and bug hunters in their daily task. The list is organized by tags and provide a quick search engine. The list is feeded by the author and the community. Anyone can add a tool and be listed as a contributor, feel free to check the GitHub repository.

Go to offsec.tools

Tools featured this week
Wfuzz
Web application fuzzer.
Altdns
Generates permutations, alterations and mutations of subdomains and then resolves them.
SharpCookieMonster
Extracts cookies from Chrome.
http-request-smuggling
HTTP Request Smuggling Detection Tool.
MSDorkDump
Google Dork File Finder.
GCPBucketBrute
Enumerate Google Storage buckets, check the access and if they can be privilege escalated.
Can I Take Over DNS?
A list of DNS providers and how to claim (sub)domains via missing hosted zones.
DNSMORPH
Domain name permutation engine written in Go.
Core Impact
Designed to enable security teams to conduct advanced penetration tests with ease.
dnstwist_
A tool to monitor for potential spear phishing domains and send to Slack.

Tools added last week
Parsero
Robots.txt audit tool.
exiv2
Image metadata library and tools.
qemu
A generic and open source machine emulator and virtualizer.
terraform
Enables you to safely and predictably create, change, and improve infrastructure.
mfoc
Mifare classic offline cracker.
jadx
Dex to Java decompiler.
nasm
A cross-platform x86 assembler with an Intel-like syntax.
Xenotix
An advanced Cross Site Scripting vulnerability detection and exploitation framework.
DOMPurify
A DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG.

Want to see more tools?
Go to offsec.tools

Sponsors
You received this email because you signed up on our website.
You can unsubscribe anytime.

Unsubscribe