Pentesting Tools I Use Everyday

• ZAP

  61 11,965 9.2 Java

  The ZAP core project

  

Learn more about ZAP here: https://www.zaproxy.org/

• ffuf

  17 11,382 6.1 Go

  Fast web fuzzer written in Go

  

Learn more about ffuf here: https://github.com/ffuf/ffuf

• WorkOS

  workos.com sponsored

  The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.

  

• john

  77 9,231 9.3 C

  John the Ripper jumbo - advanced offline password cracker, which supports hundreds of hash and cipher types, and runs on many operating systems, CPUs, GPUs, and even some FPGAs

  

Learn more about John the Ripper here: https://www.openwall.com/john/

• dirsearch

  12 11,179 7.9 Python

  Web path scanner

Learn more about dirsearch here: https://github.com/maurosoria/dirsearch

• Metasploit

  117 32,746 10.0 Ruby

  Metasploit Framework

  

Learn more about Metasploit here: https://www.metasploit.com/

• gau

  6 3,504 6.8 Go

  Fetch known URLs from AlienVault's Open Threat Exchange, the Wayback Machine, and Common Crawl.

Learn more about gau here: https://github.com/lc/gau

• SQLMap

  40 30,495 8.7 Python

  Automatic SQL injection and database takeover tool

  

Learn more about sqlmap here: https://sqlmap.org/

• InfluxDB

  www.influxdata.com sponsored

  Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.

  

• nuclei

  17 17,148 9.8 Go

  Fast and customizable vulnerability scanner based on simple YAML based DSL.

  

Learn more about nuclei here: https://nuclei.projectdiscovery.io/

Suggest a related project