Researcher Resources - Tools


Updated, thanks @Nahamsec. Sorry for the delay in getting that added :smile:


This is pretty useful (sqlmap is awesome and this plugin saves time imo):


I have a plethora of tools i can link and talk about, maybe a tools subforum would be appropriate instead of s thread?


Yeah, that may be something that we do eventually as the forum grows and this thread grows along with it. In these early stages of the forum’s launch I’d like to keep things relatively consolidated and then spread out as the need arises.

For now, please feel free to start new threads discussing particular tools and sets of tools. You can use the “Security Research” category for those threads. Then from those threads we can start consolidating lists and pull them into this master thread :smile:


I highly recommend people use the latest data to find additional hosts that may be in scope for those * targets!


This + grep is your friend.


Thanks @jstnkndy! Just added :slight_smile:


I’ll toss in R & (when your data gets HUGE) Spark as some “out of the box” thinking when it comes to “tools”. Don’t get me wrong, I :heart: a great deal of the infosec-specific ones listed, but we also need more statistical analysis & better visuals coming out of our space. There are many, many packages in R that can help in the infosec domain. We post alot on and talk abt them quite a bit on the twitterz.

Also, don’t forget PhantomJS (unless I missed seeing it in the lists above) [can’t post a third link, too n00b here].


Great, thanks @hrbrmstr! I just added those to the list. I also bumped up your user privs :smile:


As demonstrated at Shmoocon this year, httpscreenshot is a fantastic tool to quickly and visually identify targets.


Great add! httpscreenshot is awesome :slight_smile: Thanks @jstnkndy


99% built by @breenmachine, just sayin’


Hi All,

I am not an expert for web app security but trying to improve my skills on web security. These days i am focusing on burpsuite.I am a beginner for burpsuite and i know its a very good tool but requires lot of tuning.It will be highly appreciable if someone can guide me for burpsuite. plz reach me at



At the office this morning we had a micro-ctf, two challenges required de-obsfucating javascript. Many used and =)


iOS App Security Assessment Tool : idb
Comprehensive security and attack framework for Android : drozer


hello everyone
I have a question …
what configuration do you have on Brup ? something to enable/disable or default setting ?
what it is the best config of Brup so go smoothly?

and what kind version do u use !!
I use 1.6.0387 pro version and it seems to go slow …and crash and now i use something like 1.6.027

thank you


It’s great and awesome knowledgeable content…


Thanks for all that amazing tools! and special thanks to the bug crowd team

Here… My open redirect scanner… works like a charm…




You should add pen test box. (


Thank u for the post. It’ll be useful for newbies like me.