Tools and hackers go hand in hand, tools make the job of a hacker that much easier. There are thousands of tools out there and it can be a difficult job to find and test them all. So we did that for you. We made a list of some tools we found and think are worth looking into.
- Vulnerability Assessment
Amass is an in-depth attack surface mapping tool designed by OWASP. It is great for asset discovery! Amass also has some build in functionality for graphic visualisation.
This tool is perfect for finding working HTTP and HTTPS servers. It just needs a list of domains and it’s ready to go.
Subfinder is a tool optimized for a single task, subdomain enumeration. It is lightweight and very fast, perfect for people who want a great tool specific for a single action.
If you ever have to scan a big amount of domain names then you might consider Massdns. It is capable of resolving a massive amount of names per second.
Gospider is a realy fast web spider written in go. This tool is perfect for quickly finding assets.
A very light weight python tool for subdomain enumeration. Perfect for adding to your own enumeration scripts.
Dirsearch is a web path scanner tool. It brute forces URL’s to find as much directories and files as possible in a website.
Like Dirsearch dirhunt is designed to find directories and files. However Dirhunt takes a different approach and does not brute force. Instead it crawls the web in search for content.
Ffuf is a very fast webfuzzer written in go. It is perfect for quickly finding subdirectories. Ffuf has some other great functionalities. It can also be used to fuzz GET or POST parameters.
Aquatone is a tool for visual inspection of websites on a large amount of hosts. This tool takes screenshots so the attacker can quickly gain an overview of the HTTP-based attack surface.
Like aquatone, this tool also takes screenshots of websites but it has some other cool functionalities. If the tool finds a login form, it will try to identify the default login credentials if known.
A subdomain takeover tool designed to scan a list of subdomains and identify ones that are able to be hijacked.
Gitgraber is a tool that monitors Github for a period of time. It searches for sensitive data (access tokens, API keys, …). When something interesting appears it will be send to you Slack workspace.
This tool doesn’t need much of an introduction. It has been the default port scanning, ping-sweeping tool for years and for good reason.
Like nmap this tool is designed for port scanning and ping sweeping. The reason Masscan is in this list is because Masscan is able to scan a large amount of targets way faster than nmap.
This is a tool designed for those who like to sit back and let the tool do all the work. This tool automates a lot of the tools we have covered up until this point. It is one of the most complete recon tools we have come across but be cautious when using this as it can be quite heavy on the server side.
Another great automated recon tool written in Go. Like LazyRecon, be cautious when using for it can be heavy.
You need to test on specific vulnerability or misconfigurations on any number of hosts? Inception can help you with that. All given domains are scanned and checked against a list of items
CORScanner is a python tool designed for finding CORS misconfigurations vulnerabilities of websites.
Is there a mobile application in your targets scope? Then you can use this tool. Apktool is a reverse engineering tool for reading apk files.
XSShunter is an automated tool that makes your life easier in finding XSS. It can either be used as an online service or downloaded and run as a standalone server.
XSStrike is an advanced XSS scanner written in python. It is verry easy to use. XSStrike has an intelligent payload generator, powerful fuzzing engine and a incredibly fast crawler.
Goca is a tool written in Go. Its goal is to find hidden information and metadata. This can either be on web pages or on downloaded files
Exiftool is a simple tool designed for reading and writing metadata of files.
This is the go-to tool for every hacker. Burp is like a Swiss army knife and has options for about every situation. While the free version is great, the upgrade to Burp suite professional is well worth the money.
For people who don’t want to use Burp Suite there is this tool. OWASP Zed Attack Proxy is a free and open source web security tool with a large array of options. Definetly worth looking into.
Hydra is a versatile password cracking tool with support for a lot of different protocols. It is available to use on every platform.
This thread-based parallel login brute forcer works really fast and can be used against multiple host at the same time. But it can also test multiple users and passwords concurrently.