View in browser

Weekly newsletter n°8

offsec.tools

A vast collection of security tools for bug bounty, pentest and red teaming
offsec.tools is a vast listing of security tools designed to help pentesters and bug hunters in their daily task. The list is organized by tags and provide a quick search engine. The list is feeded by the author and the community. Anyone can add a tool and be listed as a contributor, feel free to check the GitHub repository.

Here are few tips that greatly improved my hunting in the past weeks:
- good sleep (seriously)
- not putting too much on me to find bugs
- improve my knowledge about cloud resources
- strong use of @projectdiscovery tools
- constant usage of tmux and screen


Can't wait to hear yours! Happy hacking!


Gwen
Go to offsec.tools

Tools featured this week
bountyplz
Automated security reporting from markdown templates.
Have i been pwned?
Check if your email or phone is in a data breach.
metahttp
Script that automates the scanning of a target network for HTTP resources through XXE.
PentesterLab
Learn Web Penetration Testing: The Right Way.
PyExfil
Set as many exfiltration, techniques that CAN be used to bypass various.
git-vuln-finder
Find potential software vulnerabilities from git commit messages.
Shelling
A comprehensive OS command injection payload generator.
authz
Burp Suite plugin to test for authorization flaws.
Async DNS Brute
DNS asynchronous brute force utility.
trurl
Command line tool for URL parsing and manipulation.

Tools added last week
wmiexec-Pro
The new generation of wmiexec.py with all operations performed on port 135 for antivirus evasion.
nmapAutomater
Automate the process of enumeration & recon that is run every time.
wmiexec-RegOut
Modify version of impacket wmiexec.py, get output from registry.
impacket
Collection of Python classes for working with network protocols.
MalBuzz
It's a handy tool to help you analyze malware.
WebScrape
A web scraper to scrape email's and phone numbers from websites.
GPT_Vuln-Analyzer
A powerful network scanner, DNS recon, subdomain enumeration and IP Geolocator tool powered by GPT.
QuadraInspect
A comprehensive approach to the vulnerability analysis of Android application.
MalwareBazaar
Malware sample database.
Nmap-API
Create a Nmap API that can do scans with a good speed online and is easy to deploy.
Mimicry
A dynamic deception tool that actively deceives an attacker.

Want more to see more tools?
Go to offsec.tools

Sponsors
You received this email because you signed up on our website.
You can unsubscribe anytime.

Unsubscribe