Tools and hackers go hand in hand, tools make the job of a hacker that much easier. There are thousands of tools out there and it can be a difficult job to find and test them all. So we did that for you. We made a list of some tools we found and think are worth looking into.

Index

Recon

Subdomain Enumeration

OWASP Amass

Amass is an in-depth attack surface mapping tool designed by OWASP. It is great for asset discovery! Amass also has some build in functionality for graphic visualisation.

Httprobe

This tool is perfect for finding working HTTP and HTTPS servers. It just needs a list of domains and it’s ready to go.

Subfinder

Subfinder is a tool optimized for a single task, subdomain enumeration. It is lightweight and very fast, perfect for people who want a great tool specific for a single action.

Massdns

If you ever have to scan a big amount of domain names then you might consider Massdns. It is capable of resolving a massive amount of names per second.

Gospider

Gospider is a realy fast web spider written in go. This tool is perfect for quickly finding assets. 

Sublist3r

A very light weight python tool for subdomain enumeration. Perfect for adding to your own enumeration scripts.

Content Discovery

Dirsearch

Dirsearch is a web path scanner tool. It brute forces URL’s to find as much  directories and files as possible in a website.

Dirhunt

Like Dirsearch dirhunt is designed to find directories and files. However Dirhunt takes a different approach and does not brute force. Instead it crawls the web in search for content.

Ffuf

Ffuf is a very fast webfuzzer written in go. It is perfect for quickly finding subdirectories. Ffuf has some other great functionalities. It can also be used to fuzz GET or POST parameters.

Visual Recon

Aquatone

Aquatone is a tool for visual inspection of websites on a large amount of hosts. This tool takes screenshots so the attacker can quickly gain an overview of the HTTP-based attack surface.

EyeWitness

Like aquatone, this tool also takes screenshots of websites but it has some other cool functionalities. If the tool finds a login form, it will try to identify the default login credentials if known.

Subdomain Takeover

Subjack

A subdomain takeover tool designed to scan a list of subdomains and identify ones that are able to be hijacked.

Monitoring

 

Gitgraber

Gitgraber is a tool that monitors Github for a period of time. It searches for sensitive data (access tokens, API keys, …). When something interesting appears it will be send to you Slack workspace.

Port scanning

Nmap

This tool doesn’t need much of an introduction. It has been the default port scanning, ping-sweeping tool for years and for good reason.

Masscan

Like nmap this tool is designed for port scanning and ping sweeping. The reason Masscan is in this list is because Masscan is able to scan a large amount of targets way faster than nmap. 

Automation

LazyRecon

This is a tool designed for those who like to sit back and let the tool do all the work. This tool automates a lot of the tools we have covered up until this point. It is one of the most complete recon tools we have come across but be cautious when using this as it can be quite heavy on the server side.

Rock-ON

Another great automated recon tool written in Go. Like LazyRecon, be cautious when using for it can be heavy.

Vulnerability Assessment

Inception

You need to test on specific vulnerability or misconfigurations on any number of hosts? Inception can help you with that. All given domains are scanned and checked against a list of items

CORScanner

CORScanner is a python tool designed for finding CORS misconfigurations vulnerabilities  of websites.

Apktool

Is there a mobile application in your targets scope? Then you can use this tool. Apktool is a reverse engineering tool for reading apk files. 

XSShunter

XSShunter is an automated tool that makes your life easier in finding XSS. It can either be used as an online service or downloaded and run as a standalone server.

XSStrike

XSStrike is an advanced XSS scanner written in python. It is verry easy to use. XSStrike has an intelligent payload generator, powerful fuzzing engine and a incredibly fast crawler.

Hidden data

Goca

Goca is a tool written in Go. Its goal is to find hidden information and metadata. This can either be on web pages or on downloaded files

Exiftool

Exiftool is a simple tool designed for reading and writing metadata of files.

MITM Proxy

Burp Suite

This is the go-to tool for every hacker. Burp is like a Swiss army knife and has options for about every situation. While the free version is great, the upgrade to Burp suite professional is well worth the money. 

OWASP ZAP

For people who don’t want to use Burp Suite there is this tool. OWASP Zed Attack Proxy is a free and open source web security tool with a large array of options. Definetly worth looking into.

Password Crackers

Hydra

Hydra is a versatile password cracking tool with support for a lot of different protocols. It is available to use on every platform.

Medusa

This thread-based parallel login brute forcer works really fast and can be used against multiple host at the same time. But it can also test multiple users and passwords concurrently.

Follow us on twitter and don’t forget to subscribe to our weekly Bug Bytes, a newsletter curated by Pentester Land & powered by intigriti containing more write-ups and helpful resources.