50+ Tools

Burp Suite

Burp Suite is the world's #1 web penetration testing toolkit. It has all the tools required for performing security testing.

Metasploit

Metasploit is a open-source tool and is the world's most used penetration testing framework for finding security issues.

Sublist3r

Sublist3r is a python tool designed to enumerate subdomains of websites using OSINT.

Amass

The OWASP Amass Project performs network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques.

assetfinder

assetfinder is a command-line tool designed to find domains and subdomains associated with a specific domain.

subfinder

subfinder is a subdomain discovery tool that returns valid subdomains for websites, using passive online sources.

Nmap

Nmap ('Network Mapper') is a free and open source utility for network discovery and security auditing.

MASSCAN

MASSCAN can scan the entire Internet in under 5 minutes, transmitting 10 million packets per second, from a single machine.

EyeWitness

EyeWitness is designed to take screenshots of websites, provide some server header info, and identify default credentials if possible.

WhatWeb

WhatWeb identifies websites. Its goal is to answer the question, 'What is that Website?'

Retire.js

A scanner detecting the use of JavaScript libraries with known vulnerabilities. Can also generate an SBOM of the libraries it finds.

sqlmap

sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers.

Gobuster

Gobuster is a open-source, high-performance directory/file, DNS and virtual host brute-forcing tool written in Go.

dirsearch

dirsearch is an open-source command-line tool designed to brute force directories and files in webservers.

Katana

Katana is a command-line interface (CLI) web crawling tool written in Golang, designed to be fast, efficient, and provide simple output.

LinkFinder

LinkFinder is a open-source python script that finds endpoints in JavaScript files.

waybackurls

Fetch all the URLs that the Wayback Machine knows about for a domain.

getallurls (gau)

Fetch known URLs from AlienVault's Open Threat Exchange, the Wayback Machine, and Common Crawl.

Arjun

Arjun is an open-source tool that can find query parameters for URL endpoints.

ffuf

ffuf is a fast web fuzzer written in Go that allows typical directory discovery, virtual host discovery and GET and POST parameter fuzzing.

commix

Commix is an open source penetration testing tool that automates the detection and exploitation of command injection vulnerabilities.

Corsy

Corsy is a lightweight program that scans for all known misconfigurations in CORS implementations.

XSStrike

XSStrike is a Cross Site Scripting detection suite equipped with four hand written parsers, an intelligent payload generator, a powerful fuzzing engine and an incredibly fast crawler.

Photon

Photon is an open-source, incredibly fast and flexible crawler designed for open source intelligence (OSINT).

Smap

Smap is a port scanner and a drop-in replacement for Nmap powered by shodan.io's free API.

XSRFProbe

XSRFProbe is a open-source, Cross Site Request Forgery (CSRF) Audit and Exploitation Toolkit.

DotDotPwn

DotDotPwn is a very flexible intelligent fuzzer to discover traversal directory vulnerabilities written in perl.

LFI Suite

LFI Suite is a totally automatic tool able to scan and exploit Local File Inclusion vulnerabilities using many different methods of attack

Liffy

A powerful Python tool for Local File Inclusion (LFI) exploitation with advanced features including WAF bypass.

InQL

InQL is a robust, open-source Burp Suite extension for advanced GraphQL testing, offering intuitive vulnerability detection and customizable scans.

GraphQLmap

GraphQLmap is a scripting engine to interact with a graphql endpoint for pentesting purposes.

Oralyzer

Oralyzer is a simple python script that probes for Open Redirection vulnerability in a website.

SSRFmap

SSRFmap is an open-source automatic SSRF fuzzer and exploitation tool.

Gopherus

Gopherus is a tool that generates gopher link for exploiting SSRF and gaining RCE in various servers.

NoSQLMap

NoSQLMap is an open-source tool that automates NoSQL database enumeration and web application exploitation tool.

Ghauri

Ghauri is an advanced cross-platform tool that automates the process of detecting and exploiting SQL injection security flaws.

XXEinjector

A Tool for automatic exploitation of XXE vulnerability using direct and different out of band methods.

SSTImap

SSTImap is a penetration testing software that can check websites for Code Injection and Server-Side Template Injection vulnerabilities.

Hydra

Hydra is a parallelized login cracker which supports numerous protocols to attack. It is very fast and flexible.

Default Credentials

One place for all the default credentials to assist the Blue/Red teamers identifying devices with default password.

Gitleaks

Gitleaks is a tool for detecting secrets like passwords, API keys, and tokens in git repos, files, and whatever else you wanna throw at it via stdin.

Nosey Parker

Nosey Parker is a command-line tool that finds secrets and sensitive information in textual data and Git history.

S3Scanner

A tool to scan misconfigured S3 buckets in AWS or other cloud providers.

WPScan

WPScan scans remote WordPress installations to find security issues.

dnsReaper

DNS Reaper is yet another sub-domain takeover tool, but with an emphasis on accuracy, speed and the number of signatures in our arsenal.

Nuclei

Nuclei is a modern, high-performance vulnerability scanner that leverages simple YAML-based templates.

Sn1per

Sn1per is a next-generation information gathering tool that provides automated, deep, and continuous security for organizations of all sizes.

Osmedeus

Osmedeus is a Workflow Engine for Offensive Security that allows you to build and run a reconnaissance system on a wide range of targets.

ZAP

Zed Attack Proxy (ZAP) by Checkmarx is a free, open-source and world's most widely used penetration testing tool.

Shodan

Shodan is a search engine that lets users search for various types of servers (webcams, routers, servers, etc.) connected to the internet.

Dalfox

Dalfox is a powerful open-source XSS scanner and utility focused on automation making it ideal for quickly scanning for XSS flaws.

Sourcemapper

Sourcemapper is a bit of golang to parse a sourcemap, as generated by webpack or similar, and spit out the original JavaScript files.

ZoomEye

ZoomEye is a cyberspace search engine for IPs, domains, internet asset discovery, and exposure analysis of servers, routers, and webcams.

FOFA

FOFA is a search engine that helps researchers match network assets, such as vulnerability impact range analysis, application distribution statistics and more.