View in browser

Weekly newsletter n°6

offsec.tools

A vast collection of security tools for bug bounty, pentest and red teaming
offsec.tools is a vast listing of security tools designed to help pentesters and bug hunters in their daily task. The list is organized by tags and provide a quick search engine. The list is feeded by the author and the community. Anyone can add a tool and be listed as a contributor, feel free to check the GitHub repository.

As the community is more and more active, we have more and more tools listed. We are close to reach the thousand, keep it up!

Don't forget to use the search engine if you are looking for something specific, it should do the trick.

I'm currently working on the design and data to display more details about the tools.

Gwen.
Go to offsec.tools

Tools featured this week
mimikatz
A little tool to play with Windows security.
ReconNess
Continuous recon and pipeline tools setup.
Apidor
Tool for automating the search for IDOR vulnerabilities in web applications and APIs.
AWSloot
Pull secrets from an AWS environment.
getsploit
Command line utility for searching and downloading exploits.
FireShodanMap
Realtime map that integrates Firebase, Google Maps and Shodan.
Autorize
Automatic authorization enforcement detection extension for Burp Suite.
Hash Buster
Crack hashes in seconds.
LDAP Password Hunter
Password Hunter in active directory.
assetfinder
Find domains and subdomains related to a given domain.

Tools added last week
JSpector
Burp Suite extension to crawl JS files in passive mode and display the results on the issues.
SecretFinder
SecretFinder is a script based on LinkFinder, written to find sensitive data in JavaScript files.
github-endpoints
Find endpoints on GitHub.
github-regexp
Basically a regexp over a GitHub search.
keyhacks.sh
Automation of tokens/api keys testing.
Dismap
Asset discovery and identification tool.
dnscat2
Create an encrypted command-and-control (C&C) channel over the DNS protocol.
PyExfil
Set as many exfiltration, techniques that CAN be used to bypass various.
jsleak
Find secrets, paths or links in the source code.
urless
De-clutter a list of URLs.
GD-Thief
Exfiltrate files from a target's Google Drive that you have access to, via Google's API.
Storm breaker
Social engineering tool, access eebcam & microphone & location finder.

Want more to see more tools?
Go to offsec.tools

Sponsors
You received this email because you signed up on our website.
You can unsubscribe anytime.

Unsubscribe