Open in app

Sign in

Write

Sign in

Member-only story

Here’s 24 web-application hacking tools:

Sacony Chukwu
Jan 3, 2025

--

  1. Burp Suite — Framework.
  2. 2. ZAP Proxy — Framework.
  3. 3. Dirsearch — HTTP bruteforcing.
  4. 4. Nmap — Port scanning.
  5. 5. Sublist3r — Subdomain discovery.
  6. 6. Amass — Subdomain discovery.
  7. 7. SQLmap — SQLi exploitation.
  8. 8. Metasploit — Framework.
  9. 9. WPscan — WordPress exploitation.
  10. 10. Nikto — Webserver scanning.
  11. 11. HTTPX — HTTP probing.
  12. 12. Nuclei — YAML based template scanning.
  13. 13. FFUF — HTTP probing.
  14. 14. Subfinder — Subdomain discovery.
  15. 15. Masscan — Mass IP and port scanner.
  16. 16. Lazy Recon — Subdomain discovery.
  17. 17. XSS Hunter — Blind XSS discovery.
  18. 18. Aquatone — HTTP based recon.
  19. 19. LinkFinder — Endpoint discovery through JS files.
  20. 20. JS-Scan — Endpoint discovery through JS files.
  21. 21. GAU — Historical attack surface mapping.
  22. 22. Parameth — Bruteforce GET and POST parameters.
  23. 23. truffleHog — Find credentials in GitHub commits.

--

--

Sacony Chukwu
Sacony Chukwu

Written by Sacony Chukwu

14 Followers
6 Following

Certified Ethical Hacker & Penetration Tester | Cybersecurity Enthusiast | Future Author of cybersecurity books | Cyber Security Consultant & Scripting Expert

No responses yet

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams