Specialized Tools
1. BurpSuite π
A comprehensive tool for web application security testing, offering features like automated scanning, manual testing, and advanced vulnerability detection.Download Size: 300 MB (Community Edition)
Trusted β
– – – – – – – – – Download π – – – – – – – – – Tutorial π – – – – – – – – – Free&Paid π΅
2. Nucleiβ
Nuclei is a fast, open-source vulnerability scanner that uses templates to identify security issues in web applications and networks. It is highly customizable and supports both automated scanning and manual testing.Download Size: 74 MB
Trusted β
– – – – – – – – – Download π – – – – – – – – – Tutorial π – – – – – – – – – Free π΅
3. Httpxβ
Httpx is a fast, multi-purpose HTTP toolkit designed for probing, discovering, and testing web services and endpoints. It supports features like HTTP request chaining, response inspection, and integration with other security tools, making it ideal for reconnaissance and vulnerability testing.Download Size: 11 MB
Trusted β
– – – – – – – – – Download π – – – – – – – – – Tutorial π – – – – – – – – – Free π΅
4. Nikto
Nikto is an open-source web server scanner that identifies vulnerabilities such as outdated software, misconfigurations, and security issues in web servers.Download Size: 4 MB
Trusted β
– – – – – – – – – Download π – – – – – – – – – Tutorial π – – – – – – – – – Free π΅
5. Dirbβ
A content discovery tool that brute-forces directories and files on web servers, helping identify hidden paths and files.
Download Size: 2 MB
Trusted β
– – – – – – – – – Download π – – – – – – – – – Tutorial π – – – – – – – – – Free π΅
6. Ffuf
ffuf (Fuzz Faster U Fool) Β is a fast and flexible tool for web fuzzing, designed to discover hidden directories, files, and parameters. It supports multiple protocols and is commonly used for efficient content discovery during web penetration testing.visible.Download Size: Approximately 9 MB
Trusted β
– – – – – – – – – Download π – – – – – – – – – Tutorial π – – – – – – – – – Free π΅
Web Vulnerability Scanners
1. Nucleiβ
Nuclei is a fast, open-source vulnerability scanner that uses templates to identify security issues in web applications and networks. It is highly customizable and supports both automated scanning and manual testing.Download Size: 74 MB
Trusted β
– – – – – – – – – Download π – – – – – – – – – Tutorial π – – – – – – – – – Free π΅
2. Nikto
Nikto is an open-source web server scanner that identifies vulnerabilities such as outdated software, misconfigurations, and security issues in web servers.Download Size: 4 MB
Trusted β
– – – – – – – – – Download π – – – – – – – – – Tutorial π – – – – – – – – – Free π΅
3. Wapiti
Wapiti is an open-source web vulnerability scanner that detects security flaws like SQL injection, XSS, and file inclusion by crawling web applications. Download Size: 6 MB
Trusted β
– – – – – – – – – Download π – – – – – – – – – Tutorial π – – – – – – – – – Free π΅
4. Arachni
Arachni is an open-source, modular web application security scanner that identifies vulnerabilities such as SQL injection, XSS, and CSRF in web applications. It’s designed for flexibility and efficiency in penetration testing.
Download Size: 50 MB
Trusted β
– – – – – – – – – Download π – – – – – – – – – Tutorial π – – – – – – – – – Free π΅
5. OpenVAS
OpenVAS (Open Vulnerability Assessment System) is an open-source vulnerability scanner that detects security issues in networks and systems. It offers comprehensive scanning capabilities for network security assessments and compliance checksDownload Size: Approx 2 GB
Trusted β
– – – – – – – – – Download π – – – – – – – – – Tutorial π – – – – – – – – – Free π΅
6. Metasploit
Metasploit is a powerful penetration testing framework that includes tools for scanning websites to find vulnerabilities.Download Size: Approx 200 MB
Trusted β
– – – – – – – – – Download π – – – – – – – – – Tutorial π – – – – – – – – – Free π΅
Domain & Subdomain Enumeration
1. Amass
Amass is a powerful open-source tool designed for in-depth DNS enumeration, particularly for mapping an organizationβs attack surface. It collects information like subdomains, IP addresses, and DNS records through OSINT techniques, making it a popular choice in security assessments and CTF challenges.
Download Size: 50 MB
Trusted β
– – – – – – – – – Download π – – – – – – – – – Tutorial π – – – – – – – – – Free π΅
2. Sublist3r
Sublist3r is an open-source Python tool used for subdomain enumeration. It gathers subdomains using multiple search engines and other OSINT services.Download Size: 10 MB
Trusted β
– – – – – – – – – Download π – – – – – – – – – Tutorial π – – – – – – – – – Free π΅
3. Subfinder
Subfinder is a fast, passive subdomain enumeration tool designed to gather subdomains using a variety of online sources, APIs, and services. It focuses on speed and efficiency, making it a popular choice for reconnaissance in penetration testing and CTF challenges.Download Size: 10 MB
Trusted β
– – – – – – – – – Download π – – – – – – – – – Tutorial π – – – – – – – – – Free π΅
4. DNSRecon
A powerful DNS enumeration tool capable of performing various DNS queries (e.g., SOA, SRV, TXT) and brute-forcing subdomains, while also checking for common DNS misconfigurations.Download Size: 5 MB
Trusted β
– – – – – – – – – Download π – – – – – – – – – Tutorial π – – – – – – – – – Free π΅
5. Nmap with NSE Scripts
Nmap includes scripts for querying DNS records, conducting zone transfers, and brute-forcing domains to find additional DNS information.
Nmap is versatile and scriptable, making it a good choice for complex domain recon.Download Size: 30 MB
6. Recon-ng
A full-featured reconnaissance framework that includes modules for domain information gathering, such as WHOIS lookups, DNS record retrieval, and more.
Download Size: 30 MB
Trusted β
– – – – – – – – – Download π – – – – – – – – – Tutorial π – – – – – – – – – Free π΅
7. Maltego
Provides an advanced platform for information gathering, including domain analysis, and visualizes the data to identify relationships and patterns.Download Size: 200 MB
Trusted β
– – – – – – – – – Download π – – – – – – – – – Tutorial π – – – – – – – – – Free&Paid π΅
Content Discovery
1. WayBackUrls
Waybackurls is a tool that retrieves URLs of a target domain from the Wayback Machine archive. It helps in discovering historical endpoints and directories that may still be accessible but not currently visible.Download Size: 2 MB
Trusted β
– – – – – – – – – Download π – – – – – – – – – Tutorial π – – – – – – – – – Free π΅
2. GetAllUrls (GAU)
GetAllUrls (GAU) is a tool that fetches URLs from different online sources like Wayback Machine, Common Crawl, and AlienVaultβs OTX. It is primarily used to gather URLs related to a target domain, which can then be analyzed for hidden or forgotten endpoints that may reveal vulnerabilities.
Trusted β
– – – – – – – – – Download π – – – – – – – – – Tutorial π – – – – – – – – – Free π΅
3. Wfuzz
Wfuzz is a web application brute-forcer that allows for flexible fuzzing of URLs, parameters, headers, and more. It’s commonly used for discovering hidden directories, files, and vulnerabilities within web applications.Download Size: Approximately 10 MB
Trusted β
– – – – – – – – – Download π – – – – – – – – – Tutorial π – – – – – – – – – Free π΅
4. Gobuster
Gobuster is a fast command-line tool for brute-forcing directories, files, DNS subdomains, and virtual hosts on web servers. It’s widely used in penetration testing and CTF challenges for discovering hidden content efficiently.Download Size: Approximately 5 MB
Trusted β
– – – – – – – – – Download π – – – – – – – – – Tutorial π – – – – – – – – – Free π΅
5. Dirbuster
DirBuster is a Java-based tool designed for brute-forcing directories and files on web servers using a customizable wordlist. It helps uncover hidden content and directories that may not be easily visible.Download Size: Approximately 9 MB
Trusted β
– – – – – – – – – Download π – – – – – – – – – Tutorial π – – – – – – – – – Free π΅
6. Ffuf
ffuf (Fuzz Faster U Fool) Β is a fast and flexible tool for web fuzzing, designed to discover hidden directories, files, and parameters. It supports multiple protocols and is commonly used for efficient content discovery during web penetration testing.visible.Download Size: Approximately 9 MB
Trusted β
– – – – – – – – – Download π – – – – – – – – – Tutorial π – – – – – – – – – Free π΅
7. Hydra
While mainly a password brute-forcing tool, it can also be configured to find hidden content by brute-forcing authentication-based directories.Download Size: Approximately 10 MB
Trusted β
– – – – – – – – – Download π – – – – – – – – – Tutorial π – – – – – – – – – Free π΅
Other Tools
Dirb: A classic tool for brute-forcing directories and files on web servers.
Unfurl: A tool that takes URLs and splits them into their component parts to uncover endpoints and parameters that may not be immediately visible.
Feroxbuster: A fast, simple, and recursive content discovery tool written in Rust, designed to find directories, files, and endpoints on web servers.
Burp Suite Intruder: Part of the Burp Suite suite, this tool can fuzz and brute-force parameters, directories, and other parts of web applications to find hidden content.
AquaTone: Primarily used for subdomain enumeration, but also useful for discovering hidden services and URLs through screenshots and response analysis.
SSL/TLS Enumeration
1. SSLScan
SSLScan is a tool used to scan and enumerate SSL/TLS configurations on web servers, checking for supported ciphers, protocols, and vulnerabilities. Itβs useful for assessing the security of HTTPS implementations.
Download Size: 5 MB
Trusted β
– – – – – – – – – Download π – – – – – – – – – Tutorial π – – – – – – – – – Free π΅
2. Testssl.sh
Testssl.sh is a script-based tool for testing SSL/TLS configurations on web servers. It checks for vulnerabilities, supported ciphers, protocols, and overall SSL/TLS security posture.
Note: Scroll down to see the usage if you click on Tutorial
Download Size: 6 MB
Trusted β
– – – – – – – – – Download π – – – – – – – – – Tutorial π – – – – – – – – – Free π΅
3. SSLyze
SSLyze is a Python-based tool for analyzing the SSL/TLS configuration of servers. It performs security assessments by scanning for vulnerabilities, weak ciphers, and protocol support.
Download Size: 10 MB
Trusted β
– – – – – – – – – Download π – – – – – – – – – Tutorial π – – – – – – – – – Free π΅
CMS (Content Management System) Identification
1. Wappalyzer
Wappalyzer is a tool that identifies technologies used on websites, such as CMS, frameworks, programming languages, and analytics tools.
Download Size: 15 MB
Trusted β
– – – – – – – – – Download π – – – – – – – – – Tutorial π – – – – – – – – – Free π΅
2. WhatWeb
An advanced web scanner that identifies the technologies running on a website (CMS, server software, frameworks, etc.).
Download Size: 4 MB
Trusted β
– – – – – – – – – Download π – – – – – – – – – Tutorial π – – – – – – – – – Free π΅
Web Application Firewall (WAF) Detection
1. Wafw00f
Wafw00f is a tool designed to detect and identify web application firewalls (WAFs) on web servers.
Trusted β
– – – – – – – – – Download π – – – – – – – – – Tutorial π – – – – – – – – – Free π΅
2. Nmap with HTTP-waf-detect Script
Helps identify whether a WAF is present and what type it is.
Trusted β
– – – – – – – – – Download π – – – – – – – – – Tutorial π – – – – – – – – – Free π΅
HTTP Headers & FingerPrinting
1. Httpx
httpx is a fast, multi-purpose HTTP toolkit designed for probing, discovering, and testing web services and endpoints. It supports features like HTTP request chaining, response inspection, and integration with other security tools, making it ideal for reconnaissance and vulnerability testing.
Download Size: Approximately 6 MB.
Trusted β
– – – – – – – – – Download π – – – – – – – – – Tutorial π – – – – – – – – – Free π΅
2. Httprobe
httprobe is a simple tool used to take a list of domains or subdomains and check for live HTTP and HTTPS servers. It’s commonly used in reconnaissance to identify active web services quickly.
Download Size: Approximately 1 MB.
Trusted β
– – – – – – – – – Download π – – – – – – – – – Tutorial π – – – – – – – – – Free π΅
Crawling & Spidering
1. Burpsuite Spider
Burp Suite Spider is a web crawling tool integrated into Burp Suite, designed to automatically map and enumerate web application content, including URLs, forms, and parameters. Itβs used for discovering attack surfaces during security testing.
Trusted β
– – – – – – – – – Download π – – – – – – – – – Free π΅
2. Hakrawler
Hakrawler is a simple, fast web crawler designed for gathering endpoints, URLs, and assets from web applications. Itβs used for reconnaissance and finding hidden paths during penetration testing.
Trusted β
– – – – – – – – – Download π – – – – – – – – – Tutorial π – – – – – – – – – Free π΅