View in browser

Weekly newsletter n°54

offsec.tools

A vast collection of security tools for bug bounty, pentest and red teaming
offsec.tools is a vast listing of security tools designed to help pentesters and bug hunters in their daily task. The list is organized by tags and provide a quick search engine. The list is feeded by the author and the community. Anyone can add a tool and be listed as a contributor, feel free to check the GitHub repository.

Go to offsec.tools

Tools featured this week
trackerjacker
Like nmap for mapping wifi networks you're not connected to, plus device tracking.
JNDI-Injection-Exploit
Generates JNDI links can start several servers to exploit JNDI Injection vulnerabilities.
LeakLooker-X
Discover, browse and monitor database/source code leaks.
AWS security checks
This Burp Suite provides additional Scanner checks for AWS security issues.
NetProbe
A tool you can use to scan for devices on your network.
PhoneSploit-Pro
Remotely exploit Android devices using ADB and Metasploit.
CypherDog
PowerShell Cmdlets to interact with BloodHound Data via Neo4j HTTP API.
Collaborator Everywhere
Burp Suite extension which injects non-invasive headers to reveal backend systems.
Kwetza
Infect an existing Android application with a Meterpreter payload.
HackTricks
Find trick/technique/whatever learnt from CTFs, real life apps, reading researches, and news.

Tools added last week
ScrapedIn
Scrape LinkedIn without API restrictions for data reconnaissance.
Template INJection Analyzer
CLI tool for testing web pages for template injection vulnerabilities.
Watson
Enumerate missing KBs and suggest exploits for useful privilege escalation vulnerabilities.
linux-smart-enumeration
Linux enumeration tool for pentesting and CTFs with verbosity levels.
Ligolo-ng
An advanced, yet simple, tunneling/pivoting tool that uses a TUN interface.
Donut
Generates x86, x64, or AMD64+x86 position-independent shellcode that loads .NET Assemblies, PE files.
spoofcheck
Simple script that checks a domain for email protection.
SmuggleFuzz
A rapid HTTP downgrade smuggling scanner written in Go.
Damn Vulnerable RESTaurant
An intentionally vulnerable web API game for learning and training purposes.

Want to see more tools?
Go to offsec.tools

Sponsors
You received this email because you signed up on our website.
You can unsubscribe anytime.

Unsubscribe