| TOOLS | DISCRIPTION |
|---|---|
| Burp Suite | Proxy for intercepting and manipulating web traffic You can use community version(free) or proffessional version(paid). |
| Wireshark | For analyzing network protocols. |
| OWASP ZAP | Proxy for intercepting and manipulating web traffic. |
| TOOLS | DISCRIPTION |
|---|---|
| Whois | WHOIS looks for the owner of a domain or IP |
| nslookup | It queries internet name servers for IP information about host. |
| FFUF | For Brute forcing directories. |
| sublist3r | Sub-domain enumerator. |
| Gobuster | For enumerating Sub-domains |
| Altdns | Bruteforces subdomains |
| Dirsearch | Directory bruteforcers for hidden file paths |
| dnsdumpster | Finding WAF and Sub-domain enumeration |
| crt.sh | SSL Certificate search tool. |
| Wfuzz | For brute forcing directories. |
| Lazys3 | Brute force buckets by using keywords |
| GHDB | Usefull Google search terms that frequently reveal vulnerable or sensitive files |
| WayBack Machinr | For finding old versions of site |
| TruffleHog | Specializes in finding secrets in public GitHub |
| Gitrob | Finds potential sensitive files that are pushed to public repositaries |
| Wapalyzer | To identfy frameworks, prgramming languages |
| Retire.js | Deteccts outdated Javascript libraries and Node,js packages |
| TOOLS | DISCRIPTION |
|---|---|
| sqlmap | Automate exploitation of sql. |
| XSStrike | Automate exploitation of XSS. |
| CNAME-Lookup | Bash script made by me, for subdomain takeover |
| TOOLS | DISCRIPTION |
|---|---|
| nmap | A well known and multi-purpose tool. |
| Masscan | Port scanner tool |
| Nikto | Excellent web app vulnerability scanner. |
| TOOLS | DISCRIPTION |
|---|---|
| Seclist | A huge collection of wordlists. |
| webhook.site | A perfect hookup tool. |
| TOOLS | DISCRIPTION |
|---|---|
| Android studio | For android applications |
| Visual studio code | For coding and code analysis |