View in browser

Weekly newsletter n°52

offsec.tools

A vast collection of security tools for bug bounty, pentest and red teaming
offsec.tools is a vast listing of security tools designed to help pentesters and bug hunters in their daily task. The list is organized by tags and provide a quick search engine. The list is feeded by the author and the community. Anyone can add a tool and be listed as a contributor, feel free to check the GitHub repository.

Go to offsec.tools

Tools featured this week
RustHound
Active Directory data collector for BloodHound written in Rust.
bounty-targets
Crawls bug bounty platform scopes.
Gopherus
Generates gopher link for exploiting SSRF and gaining RCE in various servers.
PortSwigger Cross-Site Scripting cheatsheet data
All the XSS cheatsheet data to allow contributions from the community.
rekall
Rekall Memory Forensic Framework.
Venom
Popular Pentesting scanner for SQLi/XSS/LFI/RFI and other Vulns.
enum4linux-ng
A Windows/Samba enumeration tool with additional features like JSON/YAML export.
GrayhatWarfare
Search for buckets and URL shorteners.
Jaeles
The Swiss Army knife for automated Web Application Testing
WiFi-Pumpkin
Framework for rogue Wi-Fi access point attack.

Tools added last week
HARpwn
Designed to streamline the extraction and sanitization of HARTokens from HTTP archives.
JS-Tap
JavaScript payload and supporting software to be used as XSS payload or post exploitation implant.
Gsec
Web security scanner.
LocalPotato
Another local Windows privilege escalation using a new potato technique.
Mosint
An automated e-mail OSINT tool.
LEAKEY
Bash script which checks and validates for leaked credentials.
DVenom
Helps to bypass antiviruses by providing an encryption wrapper and loader for your shellcode.
MetaDetective
Unleash metadata intelligence, bridging the chasm in metadata extraction and analysis.
DeepSecrets
Secrets scanner that understands code.
Porch-Pirate
The most comprehensive Postman recon / OSINT client and framework.
secbutler
The perfect butler for pentesters, bug-bounty hunters and security researchers.
moonwalk-back
Cover your tracks during Linux exploitation by leaving zero traces on the exploited system.
GTFONow
Automatic privilege escalation for misconfigured capabilities, sudo and suid binaries using GTFOBins.
Moriarty
Designed to enumerate missing KBs, detect various vulnerabilities, and suggest potential.
WebCopilot
Automation tool designed to enumerate subdomains and detect bugs using different open-source tools.
D3m0n1z3dShell
An advanced tool for persistence in Linux.
endoflife.date
Informative site with EoL dates of everything.

Want to see more tools?
Go to offsec.tools

Sponsors
You received this email because you signed up on our website.
You can unsubscribe anytime.

Unsubscribe