Logo

Armand.nz

Home / About / Linkedin / Github

Web Application Pentesting Tools

#websec #tools #pentesting |
  1. Burp Suite - Framework.
  2. ZAP Proxy - Framework.
  3. Metasploit - Framework.
  4. FFUF - HTTP probing.
  5. WFUZZ - HTTP probing.
  6. autossrf - HTTP probing.
  7. HTTPX - HTTP probing.
  8. httpie - HTTP probing.
  9. jless - JSON viewer.
  10. Dirsearch - HTTP bruteforcing.
  11. Nmap - Port scanning.
  12. Sublist3r - Subdomain discovery.
  13. Amass - Subdomain discovery.
  14. Lazy Recon - Subdomain discovery.
  15. SQLmap - SQLi exploitation.
  16. WPscan - WordPress exploitation.
  17. Nikto - Webserver scanning.
  18. Nuclei - YAML based template scanning.
  19. Subfinder - Subdomain discovery.
  20. Masscan - Mass IP and port scanner.
  21. XSS Hunter - Blind XSS discovery.
  22. Aquatone - HTTP based recon.
  23. LinkFinder - Endpoint discovery through JS files.
  24. JS-Scan - Endpoint discovery through JS files.
  25. GAU - Historical attack surface mapping.
  26. Parameth - Bruteforce GET and POST parameters.
  27. truffleHog - Find credentials in GitHub commits.
  28. git-secrets - Find credentials in GitHub commits.
comments powered byDisqus

Copyright © Armand