I have been pentesting for a while now and I have used a lot of tools. There are some tools that I use everyday and I thought I would share them with you.
1) Nuclei
This is a tool for vulnerability scanning that uses pre-defined templates for detecting vulnerabilities and misconfigurations in web applications and infrastructure. It can be used to find issues related to networking, containers, and cloud environments. Nuclei is used to send requests across targets based on a template, leading to zero false positives and providing fast scanning on a large number of hosts. Nuclei offers scanning for a variety of protocols, including TCP, DNS, HTTP, SSL, File, Whois, Websocket, Headless etc. With powerful and flexible templating, Nuclei can be used to model all kinds of security checks. Example usage:
nuclei -t cves/ -u https://example.com
Learn more about nuclei here: https://nuclei.projectdiscovery.io/
2) Subfinder
This is a tool for discovering subdomains of a given domain. It can be useful for finding subdomains that may not be publicly listed, which can sometimes be used to find vulnerabilities that are not exposed to the public internet. Example usage:
subfinder -d example.com
Learn more about subfinder here: https://github.com/projectdiscovery/subfinder
3) Amass
Amass is a tool for network mapping and asset discovery. It can be used to enumerate subdomains, IP addresses, and other assets associated with a given domain. It is particularly useful for finding hidden assets that are not listed in public records, as it uses a variety of techniques to discover assets that may not be easily found through other means.
Amass can be used in a variety of situations, including during security assessments to identify potential attack surfaces, and during incident response to quickly locate and secure potentially compromised assets. It is a command-line tool that is easy to use and can be integrated into custom scripts and workflows.
Example usage:
amass enum -d example.com
Learn more about amass here: https://github.com/OWASP/Amass
4) ffuf
This is a tool for bruteforcing web applications. It allows you to send HTTP requests with custom payloads and analyze the responses to find vulnerabilities.
Example usage:
ffuf -w /usr/share/wordlists/common.txt -u https://example.com/FUZZ
Learn more about ffuf here: https://github.com/ffuf/ffuf
5) Dirsearch
This is a tool for bruteforcing directories and files on web servers. It can be used to find hidden files and directories that may not be publicly listed, which can sometimes be used to find vulnerabilities that are not exposed to the public internet.
Example usage:
dirsearch -u https://example.com
Learn more about dirsearch here: https://github.com/maurosoria/dirsearch
6) SQLMap
This is a tool for detecting and exploiting SQL injection vulnerabilities. It can be used to find vulnerabilities that may not be publicly listed, which can sometimes be used to find vulnerabilities that are not exposed to the public internet.
Example usage:
sqlmap -u https://example.com
Learn more about sqlmap here: https://sqlmap.org/
7) WPScan
This is a tool for detecting and exploiting vulnerabilities in WordPress websites. It can be used to find vulnerabilities that may not be publicly listed, which can sometimes be used to find vulnerabilities that are not exposed to the public internet.
Example usage:
wpscan --url https://example.com
Learn more about wpscan here: https://wpscan.org/
8) gau (Get All URLs)
This is a tool for finding URLs on a given domain. It can be used to find hidden files and directories that may not be publicly listed, which can sometimes be used to find vulnerabilities that are not exposed to the public internet.
Example usage:
gau example.com
Learn more about gau here: https://github.com/lc/gau
9) Dalfox
This is a tool for detecting and exploiting XSS vulnerabilities. It can be used to find vulnerabilities that may not be publicly listed, which can sometimes be used to find vulnerabilities that are not exposed to the public internet.
Example usage:
dalfox url https://example.com
Learn more about dalfox here: https://github.com/hahwul/dalfox
10) John the Ripper
This is a tool for cracking passwords. It can be used to find passwords that may not be publicly listed, which can sometimes be used to find vulnerabilities that are not exposed to the public internet.
Example usage:
john --wordlist=/usr/share/wordlists/rockyou.txt hash.txt
Learn more about John the Ripper here: https://www.openwall.com/john/
11) Burp Suite
This is a suite of tools for web application security testing. It includes a proxy for intercepting and modifying HTTP requests, a spider for crawling web applications, and a variety of tools for testing and exploiting vulnerabilities.
Learn more about Burp Suite here: https://portswigger.net/burp
12) ZAP (Zed Attack Proxy)
This is an open-source tool for web application security testing. It can be used to find vulnerabilities such as SQL injection, XSS, and cross-site request forgery (CSRF), and provides a variety of features for manually testing web applications.
Learn more about ZAP here: https://www.zaproxy.org/
13) Nikto
This is a tool for detecting vulnerabilities in web applications. It can be used to find vulnerabilities that may not be publicly listed, which can sometimes be used to find vulnerabilities that are not exposed to the public internet.
Example usage:
nikto -h https://example.com
Learn more about Nikto here: https://cirt.net/Nikto2
14) Nmap
This is a tool for network mapping and asset discovery. It can be used to enumerate subdomains, IP addresses, and other assets associated with a given domain. It is particularly useful for finding hidden assets that are not listed in public records, as it uses a variety of techniques to discover assets that may not be easily found through other means.
Nmap can be used in a variety of situations, including during security assessments to identify potential attack surfaces, and during incident response to quickly locate and secure potentially compromised assets. It is a command-line tool that is easy to use and can be integrated into custom scripts and workflows.
Example usage:
nmap -sV -sC example.com
Learn more about nmap here: https://nmap.org/
15) Metasploit
This is a tool for detecting and exploiting vulnerabilities in web applications. It can be used to find vulnerabilities that may not be publicly listed, which can sometimes be used to find vulnerabilities that are not exposed to the public internet.
Learn more about Metasploit here: https://www.metasploit.com/
Other Tools and Resources
https://dnsdumpster.com/ - DNS Dumpster is a free tool for finding subdomains and other DNS records associated with a given domain.
https://www.shodan.io/ - Shodan is a search engine for internet-connected devices. It can be used to find devices that may not be publicly listed, which can sometimes be used to find vulnerabilities that are not exposed to the public internet.
https://www.censys.io/ - Censys is a search engine for internet-connected devices. It can be used to find devices that may not be publicly listed, which can sometimes be used to find vulnerabilities that are not exposed to the public internet.
https://www.virustotal.com/gui/ - VirusTotal is a free service for scanning files and URLs for viruses, malware, and other malicious content. It can be used to find malicious files that may not be publicly listed, which can sometimes be used to find vulnerabilities that are not exposed to the public internet.
https://www.hybrid-analysis.com/ - Hybrid Analysis is a free service for analyzing suspicious files and URLs. It can be used to find malicious files that may not be publicly listed, which can sometimes be used to find vulnerabilities that are not exposed to the public internet.