TOOLS | DISCRIPTION |
---|---|
Burp Suite | Proxy for intercepting and manipulating web traffic You can use community version(free) or proffessional version(paid). |
Wireshark | For analyzing network protocols. |
OWASP ZAP | Proxy for intercepting and manipulating web traffic. |
TOOLS | DISCRIPTION |
---|---|
Whois | WHOIS looks for the owner of a domain or IP |
nslookup | It queries internet name servers for IP information about host. |
FFUF | For Brute forcing directories. |
sublist3r | Sub-domain enumerator. |
Gobuster | For enumerating Sub-domains |
Altdns | Bruteforces subdomains |
Dirsearch | Directory bruteforcers for hidden file paths |
dnsdumpster | Finding WAF and Sub-domain enumeration |
crt.sh | SSL Certificate search tool. |
Wfuzz | For brute forcing directories. |
Lazys3 | Brute force buckets by using keywords |
GHDB | Usefull Google search terms that frequently reveal vulnerable or sensitive files |
WayBack Machinr | For finding old versions of site |
TruffleHog | Specializes in finding secrets in public GitHub |
Gitrob | Finds potential sensitive files that are pushed to public repositaries |
Wapalyzer | To identfy frameworks, prgramming languages |
Retire.js | Deteccts outdated Javascript libraries and Node,js packages |
TOOLS | DISCRIPTION |
---|---|
sqlmap | Automate exploitation of sql. |
XSStrike | Automate exploitation of XSS. |
CNAME-Lookup | Bash script made by me, for subdomain takeover |
TOOLS | DISCRIPTION |
---|---|
nmap | A well known and multi-purpose tool. |
Masscan | Port scanner tool |
Nikto | Excellent web app vulnerability scanner. |
TOOLS | DISCRIPTION |
---|---|
Seclist | A huge collection of wordlists. |
webhook.site | A perfect hookup tool. |
TOOLS | DISCRIPTION |
---|---|
Android studio | For android applications |
Visual studio code | For coding and code analysis |