Web-Application Pentesting Tools

Web-Application Pentesting Tools


1. Burp Suite - Framework.

2. ZAP Proxy - Framework.

3. Dirsearch - HTTP bruteforcing.

4. Nmap - Port scanning.

5. Sublist3r - Subdomain discovery.

6. Amass - Subdomain discovery.

7. SQLmap - SQLi exploitation.

8. Metasploit - Framework.

9. WPscan - WordPress exploitation.

10. Nikto - Webserver scanning.

11. HTTPX - HTTP probing.

12. Nuclei - YAML based template scanning.

13. FFUF - HTTP probing.

14. Subfinder - Subdomain discovery.

15. Masscan - Mass IP and port scanner.

16. Lazy Recon - Subdomain discovery.

18. XSS Hunter - Blind XSS discovery.

19. Aquatone - HTTP based recon.

20. LinkFinder - Endpoint discovery through JS files.

21. JS-Scan - Endpoint discovery through JS files.

22. GAU - Historical attack surface mapping.

23. Parameth - Bruteforce GET and POST parameters.

24. truffleHog - Find credentials in GitHub commits.



Comments

  1. SHIMANTA DASNovember 14, 2022 at 6:59 AM

    I think you should need to discuss how to use that tools...

    ReplyDelete
  2. AnonymousDecember 3, 2022 at 1:15 AM

    do you youtube channel???? Please create

    ReplyDelete

Post a Comment

Popular posts from this blog

Two Factor Authentication ! [2FA]

Image
 Two Factor Authentication ! What is 2FA 🤔 ? Let's get started , 2FA stands for 2-factor authentication. It is used as an additional layer of security for user accounts. This simply means there will be two factors for you to authenticate into your account. One is simply your credentials, and if due to some case they are compromised the additional layer(second authentication) can protect your account from getting takeover. This can be of many forms like ;    1:) Sending verification code to email. 2:) Sending OTP to email or mobile number. 3:) Third-party app-generated codes. 4:) Verification through QR codes. 5:)     SMS verification. This provides an extra layer of security for user accounts. Even if your credentials got exposed, your account can still be safe if you have your 2FA turned on. But what if this 2FA is also vulnerable. Then your account is not safe even if you have your 2FA turned on. So this vulnerability is a serious one and can be used to take over other accounts
Read more