π οΈ Security Tools Reference
A curated list of tools for penetration testing, red teaming, OSINT, defense, mobile testing, and more.
π Web Application Security Testing
- Burp Suite β Comprehensive platform for web vulnerability scanning and penetration testing, includes proxy, repeater, intruder, and more.
- Acunetix β Automated scanner for web apps to detect over 7,000 vulnerabilities including SQLi, XSS.
- EyeWitness β Tool for capturing screenshots of websites, collecting server header info and technologies.
- Mantra β Browser-based security testing framework with pre-loaded extensions for testing.
- OWASP ZAP β Open-source web application security scanner, suitable for both beginners and pros.
- Wafw00f β Detects and identifies Web Application Firewalls (WAFs) in front of web apps.
π Network Scanning and Discovery
- Nmap β Industry standard for port scanning, service fingerprinting, and OS detection.
- Chaos Project Discovery β Large-scale internet scanning and reconnaissance datasets for OSINT.
- Amass β Performs DNS enumeration, network mapping, and attack surface discovery.
- httpx β Fast HTTP probing with support for GET, POST, and TLS detection.
- Masscan β Ultra-fast port scanner, capable of scanning entire internet in minutes.
- Rustscan β Blazingly fast port scanner with modern UI and Nmap integration.
- Angry IP Scanner β Simple and fast IP address and port scanner for all OSes.
- Naabu β Lightweight and fast port scanner focusing on security testing.
- Dnsx β Lightweight and fast port scanner focusing on security testing.
- Wireshark β Network protocol analyzer for deep packet inspection and live traffic analysis.
π·οΈ Subdomain Discovery
- Subfinder β Fast passive subdomain enumeration using multiple sources.
- Shuffledns β High-performance DNS brute-forcing tool using massdns.
- Subzy β Checks for subdomain takeover vulnerabilities.
- Subzack β Lightweight subdomain discovery tool using shuffledns and APIs.
- Subjs β Collects JavaScript files from subdomains for further analysis.
- Assetfinder β Searches for subdomains and assets related to a given domain.
π GitHub Recon
- GitDocker β Dumps .git directories from exposed repositories.
- GitGrabber β Monitors GitHub for sensitive info such as keys, tokens.
- TruffleHog β Scans repos for secrets and sensitive keys using entropy and regex checks.
βοΈ Get Leaked Buckets
- Lazys3 β Bruteforces S3 buckets using permutations of domain names.
- S3scanner β Scans for open Amazon S3 buckets and lists their contents.
π§ͺ Vulnerability Testing
- SQLMap β Automated tool for detecting and exploiting SQL injection flaws.
- Nuclei β Customizable vulnerability scanner using templated YAML format.
- Searchsploit β Command-line tool for accessing Exploit-DB offline.
- XSSHunter β Automates detection and exploitation of out-of-band XSS vulnerabilities.
- Metasploit β Powerful exploitation framework for developing and executing payloads.
π Password Cracking
- Hashcat β Advanced password recovery tool supporting GPU acceleration.
- John the Ripper β Classic password cracking tool supporting a wide variety of hash types.
π Information Gathering
- Paramspider β Crawls for URL parameters useful for testing.
- crt.sh β Search engine for certificate transparency logs to find subdomains.
- OpenRedireX β Finds open redirect vulnerabilities.
- ARIN WHOIS β Provides registration details of IPs and ASNs.
- BGP He β BGP routing data lookup by ASN, domain, or IP.
- ViewDNS.info β Aggregates DNS and IP lookup tools.
- WhoXY β WHOIS API with historical data and contact info.
- MXToolbox β DNS, MX, blacklist, and email tools in one.
- Who.is β Simple WHOIS lookup with registrar info.
- Lopseg β WHOIS, ASN, IP and DNS tools.
- IP Address Guide β CIDR calculator and subnetting helper.
π₯ Fuzzing
- ffuf β Fast web fuzzer written in Go, ideal for directory and parameter brute-forcing.
𧬠Sensitive Data Discovery
- Secret Finder β Detects sensitive tokens in JavaScript files during recon.
π€ Automation and Recon
- Katana β Next-gen crawling and spidering tool supporting JS parsing.
- ReconFTW β Automated, all-in-one recon suite using multiple tools and APIs.
π°οΈ ASN and CIDR Mapping
- Asnmap β Maps ASN to IP ranges for better asset enumeration.
- Mapcidr β Processes CIDR ranges for inclusion/exclusion in scanning.
π‘οΈ Defensive Security Tools
- OSSEC β Open-source HIDS for log analysis and threat detection.
- Suricata β High-performance NIDS/NIPS with advanced traffic analysis.
- Snort β Popular real-time packet sniffer and intrusion detection engine.
- Wazuh β Full-featured security monitoring and threat detection platform.
- Security Onion β Linux distro for blue teaming with full packet capture and IDS integration.
πΎ Forensics & Memory Analysis
- Volatility β Framework for analyzing memory dumps.
- Autopsy β GUI-based digital forensic tool supporting many file systems.
- Binwalk β Firmware reverse engineering tool for extracting embedded files.
- Redline β Host investigation tool to collect and analyze memory.
- ExifTool β Reads, writes, and edits metadata in image and document files.
π Payload Generation & Obfuscation
- MSFvenom β Payload generation utility from Metasploit.
- Veil β Obfuscates payloads to bypass AV detection.
- TheFatRat β Automated backdoor generator and AV evasion toolkit.
- Shellter β Dynamic shellcode injector for PE files.
π΅οΈ OSINT Tools
- theHarvester β Collects emails, domains, names from search engines and PGP.
- Maltego β Graph-based OSINT tool for mapping relationships between people, groups, and infrastructure.
- Spiderfoot β OSINT automation with hundreds of modules and integration options.
- Recon-ng β Modular web reconnaissance framework with CLI.
- Sherlock β Hunts down usernames across many social platforms.
π± Mobile Security Testing
- MobSF β Static and dynamic analysis for Android/iOS apps.
- Frida β Dynamic instrumentation toolkit for tracing and tampering with mobile apps.
- Objection β Runtime mobile exploration, based on Frida, useful for bypassing jailbreak/root detection.
π§ Wordlists & Dictionaries
- SecLists β Collection of multiple wordlists for usernames, passwords, fuzzing, etc.
- FuzzDB β Attack payloads, predictable resource names, and regexes for testing.
- RockYou.txt β Classic and widely-used password wordlist.
π§° Useful Utilities
- CyberChef β "The Cyber Swiss Army Knife" β for encoding, decoding, encryption, etc.
- Base64 Decode β Simple web-based Base64 encode/decode utility.
- DnsDumpster β Visual DNS recon tool for mapping a domainβs network.
- HaveIBeenPwned β Check if your email or credentials have been compromised in breaches.