Researcher Resources - Tools


#42

Hello,

These Tools Are Awesome for Penetration Testing against website as it includes All Tools in One Package Try it:-

Thanks,
ABDULWAHAB


#43

Many thanks for this tools list. I use some of them every day.


#44

Bit late here, but madusa and hydra are good, they come pre installed with Kali Linux. Cain and Abel for Windows,


#47

If you want to know more how to secure your website I recommend you take a look at this article


#48

SQLmap is one of my favorite tools. I’ve been using it with the CO2 Burp Plugin that is similar to SQLiPy Scan. One of my favorite hacks was using this. I got CLI access through a SQLi vulnerability. The target application database server had XP CMD Shell enabled and this was an external Internet facing app.


#49

I ran across a resource to setup a vulnerable AWS environment to practice AWS hacking. https://rhinosecuritylabs.com/aws/cloudgoat-vulnerable-design-aws-environment/


#50

Although they are not ‘tools’ as in software, here are some ‘websites’ I always use, which are very well for getting a basic grasp idea of a website:

  • crt.sh - see all subdomains that have TLS certificates
  • en.internet.nl - see IPv6 / DNSSEC / HSTS and mail configs
  • Mozilla Observatory - Includes lots of 3rd party sites for more dedicated searches like securityheaders.io.

#51

Great stuff you shared with us! I haven’t heard about some of above tools before. Thanks for sharing this list of tools.