Hi, how are you guys! I bring you a list of tools for hacking web applications
- Burp Suite - Framework.
- ZAP Proxy - Framework.
- Dirsearch - HTTP bruteforcing.
- Nmap - Port scanning.
- Sublist3r - Subdomain discovery.
- Amass - Subdomain discovery.
- SQLmap - SQLi exploitation.
- Metasploit - Framework.
- WPscan - WordPress exploitation.
- Nikto - Web server scanning.
- HTTPX - HTTP scanning.
- Nuclei - YAML-based template scanning.
- FFUF - HTTP scanning.
- Subfinder - Subdomain discovery.
- Masscan - Mass IP and port scanning.
- Lazy Recon - Subdomain discovery.
- XSS Hunter - Blind XSS discovery.
- Aquatone - HTTP based reconnaissance.
- LinkFinder - Endpoint discovery via JS files.
- JS-Scan - Endpoint discovery via JS files.
- GAU - Historical mapping of attack surfaces.
- Parameth - Bruteforce GET and POST parameters.
- truffleHog - Find credentials in GitHub commits.
- Burp Suite - Framework.
- ZAP Proxy - Framework.
- Dirsearch - HTTP bruteforcing.
- Nmap - Port scanning.
- Sublist3r - Subdomain discovery.
- Amass - Subdomain discovery.
- SQLmap - SQLi exploitation.
- Metasploit - Framework.
- WPscan - WordPress exploitation.
- Nikto - Web server scanning.
- HTTPX - HTTP scanning.
- Nuclei - YAML-based template scanning.
- FFUF - HTTP scanning.
- Subfinder - Subdomain discovery.
- Masscan - Mass IP and port scanning.
- Lazy Recon - Subdomain discovery.
- XSS Hunter - Blind XSS discovery.
- Aquatone - HTTP based reconnaissance.
- LinkFinder - Endpoint discovery via JS files.
- JS-Scan - Endpoint discovery via JS files.
- GAU - Historical mapping of attack surfaces.
- Parameth - Bruteforce GET and POST parameters.
- truffleHog - Find credentials in GitHub commits.