Pentesting Tools I Use Everyday

This page summarizes the projects mentioned and recommended in the original post on

Our great sponsors
  • WorkOS - The modern API for authentication & user identity.
  • InfluxDB - Power Real-Time Data Analytics at Scale
  • - Learn 300+ open source libraries for free using AI.
  • ZAP

    The ZAP core project

    Learn more about ZAP here:

  • ffuf

    Fast web fuzzer written in Go

    Learn more about ffuf here:

  • WorkOS

    The modern API for authentication & user identity. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.

  • john

    John the Ripper jumbo - advanced offline password cracker, which supports hundreds of hash and cipher types, and runs on many operating systems, CPUs, GPUs, and even some FPGAs

    Learn more about John the Ripper here:

  • dirsearch

    Web path scanner

    Learn more about dirsearch here:

  • Metasploit

    Metasploit Framework

    Learn more about Metasploit here:

  • gau

    Fetch known URLs from AlienVault's Open Threat Exchange, the Wayback Machine, and Common Crawl.

    Learn more about gau here:

  • SQLMap

    Automatic SQL injection and database takeover tool

    Learn more about sqlmap here:

  • InfluxDB

    Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.

  • nuclei

    Fast and customizable vulnerability scanner based on simple YAML based DSL.

    Learn more about nuclei here:

NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a more popular project.

Suggest a related project

Related posts