noraj
commented
1 year ago Most of them are already in BA, and having a mega issue like this is not helping.
Closed CyberGhazi786 closed 1 year ago
noraj
commented
1 year ago Most of them are already in BA, and having a mega issue like this is not helping.
Please add these tools.
Subdomains enumeration:
Amass Assetfinder Crobat Findomain Github-subdomains Subfinder Sudomy subdomainizer sublister findomain
Subdomain Takeover:
Subover Autosubtakeover Tko-subs Subjack
Cloud Workflow: AWS_Recon festin lazys3 s3brute flumberboozle slurp
DNS resolver
dnsx MassDNS PureDNS ShuffleDNS DNSvalidator
Visual Inspection - Screenshots
Aquatone Gowitness httpscreenshot
HTTP probe
httprobe httpx
Web crawler / Content Discovery
Gospider Hakrawler ParamSpider gau gauplus waybackurls paramspider GF GF_Pattern Photon
Network scanner
Rustscan Masscan Naabu Nmap Brutespray
HTTP Parameter
Arjun x8 *
Fuzzing tools
Ffuf Gobuster Wfuzz Gobuster Dirsearch Dirb
LFI/RFI tools
LFISuite Fimap
XPR1M3 / sqli-lfi-xss-rce-dorker-and-auto-exploiter-Python https://github.com/XPR1M3/sqli-lfi-xss-rce-dorker-and-auto-exploiter-Python-.git
Spring4Shell: redhuntlabs / Hunt4Spring | https://github.com/redhuntlabs/Hunt4Spring.git
Log4j: log4jscan for Linux | https://github.com/intezer/log4jscan.git
SSRF tools
SSRFmap Gopherus Interactsh
SSTI tools
tplmap *
API hacking tools
Kiterunner + API routes
Wordlists
SecLists
Vulns - XSS
Dalfox Bxss XSpear kxss XSStrike Gxss FinDOM-XSS X5S Xenotix XSS Exploit Framework
Vulns - SQL Injection
SQLbit BSQL hacker SQLMap SQLninja Safe3 SQL injector SQLSus Mole NoSQLMap SQLmate ATLAS (WAF Bypass Suggester for SQLmap) SQLiScanner AutoSQLi Bypass-WAF-SQLMAP KhetaguriDimitri/SQL-Injection Agressiv1njector/psqli-pro AngelSecurityTeam/SQLiDumper-AngelSecurityTeam JohnTroony/Blisqy quadcoreside/QuadCore-Web-SQLi-Injecter-DB-Dumper enjoiz/BSQLinjector lanmaster53/sqli-exploiter Sqliv Havij BBQSQL Leviathan WhiteWidow jSQL Injection
CMS Scanner
WPscan droopescan AEM-Hacker Drupwn Wig
Vulns - Scanner
Jaeles Nikto ** Nuclei
JavaScript hunting
LinkFinder SecretFinder subjs GetJS
Find_Web_Technologies
Wappalyzer CLI
Git Hunting / GIT Enum Tools:
GitDorker gitGraber GitHacker GitTools Githound Trufflehog Gitscanner
Sensitive Stuff Finding
DumpsterDiver EarlyBird Ripgrep
Useful tools
anew anti-burl getallurls gron Interlace jq qsreplace Tmux unfurl Uro
Web Exploitation Frameworks:
Sn1per Vajra Jok3r v3 beta osmedeus cobra Arachni TIDoS Framework sudomy Grabber Vega Zed Attack Proxy Wapiti W3af WebScarab Skipfish Ratproxy Wfuzz Grendel-Scan Watcher
JS Enumeration Tools:
jsscanner jsparser linkfinder
Fingerprint & CVE Tools:
nuclei webtech waf