tools.ofjaaah.com

ARSENAL DE FERRAMENTAS

Colecao de 32 ferramentas de seguranca ofensiva desenvolvidas para bug bounty e pentest. Recon, scanners, cloud security, secrets hunting e muito mais.

32Tools

17Rust

6Python

7JS/TS

3Go

1Bash

Featured

DESTAQUES

RustFeatured

MonRust3

Flagship — full-stack recon platform with real-time UI

Acesso via treinamento

RustFeatured

CloudFinder

Multi-cloud + 100+ secret types + JS vuln engine

Acesso via treinamento

TSFeatured

mcpBurp

MCP server — Burp Suite controlled by Claude

Acesso via treinamento

Browse

CATEGORIAS

Recon Platforms

Flagship products with UI - SaaS & Dashboards

RustPrivate

MonRust3

Flagship — full-stack recon platform with real-time UI

RustPrivate

MonRust 2.0

Predecessor — tmux-driven monitor with parallel orchestration

PythonPrivate

BLOB Hunter

Multi-org Git secrets SaaS (FastAPI + React)

JSPrivate

GitHub Intelligence

GitHub MRI account intel dashboard

PythonPrivate

PostRecon

Web UI + MCP for Postman public scanning

TSPrivate

LovableExpl

Supabase JWT validator + DB explorer with web UI

NodePrivate

FirebaseEx

Firebase enumerator (Web UI + CLI + REST API)

RustPrivate

EnumRust

Real-time security scanner with web dashboard

Web Vulnerability Scanners

Point at a target, get findings

RustPrivate

BLH-Hunter

Broken link hijacking across 23+ platforms

RustPrivate

ORSCAN

Open redirect scanner — crawl + hidden params + 30+ payloads

RustPrivate

Cache Storm

Web cache poisoning at scale (11 techniques, CDN-aware)

RustPrivate

ActuatoRust

Spring Boot Actuator scanner with heap dump validation

RustPrivate

NagliRecon

All-in-one recon + 40K vuln patterns from WooYun

RustPrivate

EnumInfra

CTF / pentest infra enum (18+ tools, AD coverage)

Cloud & Storage

AWS / GCP / Azure / R2 buckets

RustPrivate

CloudFinder

Multi-cloud + 100+ secret types + JS vuln engine

GoPrivate

S3Scan

8-cloud bucket scanner with Lambda fan-out

PythonPrivate

MongoDBCRAWL

Open MongoDB scanner with auto-dump

Secrets & Tokens

JS / Git / Postman / GTM secret hunting

RustPrivate

JSHunter

Deep JS analysis + Cognito exploitation chain

RustPrivate

IACrawl

132 patterns across 52+ AI/cloud services + exploit engine

RustPrivate

CrawAlgolia

Specialist Algolia key hunter with index siege

PythonPrivate

crawlGTM

GTM container OSINT + reverse lookup (7 sources)

RustPrivate

PostEvil

Postman public-library credential hunter

JSPrivate

JS Realtime

Chrome extension passively captures JS secrets

NodePrivate

JS Realtime Server

Companion server — 40+ secret patterns + token validation

JSPrivate

JWT Token Hunter

Browser extension that finds JWTs (Supabase / Vercel)

Identity Providers

Cognito / Supabase / Firebase / JWT

GoPrivate

CrawlCognito

AWS Cognito 8-step auto-exploitation chain

RustPrivate

JSHunter

Cognito module — 330+ AWS permission tests

TSPrivate

LovableExpl

Supabase JWT → full DB dump

NodePrivate

FirebaseEx

Firestore + RTDB enumeration

Supply Chain

Dependency confusion across ecosystems

RustPrivate

DependencyRust

Manifest scan + dorks + PoC payloads (9 ecosystems)

RustPrivate

Confussed

Auto-publish PoC packages with OOB callbacks

Distributed / AI

Lambda fan-out + LLM-driven engines

PythonPrivate

Lemma

Multi-Lambda recon suite (40+ tools on AWS)

TSPrivate

mcpBurp

MCP server — Burp Suite controlled by Claude

Browser & Fuzzing

Extensions, MCP servers, Postman

JSPrivate

JWT Token Hunter

Chrome extension for JWT detection

JSPrivate

JS Realtime

Chrome extension that streams JS to analyzer

BashPrivate

FFUF Master

Bug-bounty-grade FFUF wrapper with 5 modes

QUER ACESSO AS FERRAMENTAS?

Todas as ferramentas sao privadas e disponiveis exclusivamente para alunos do treinamento. Entre em contato para saber mais.