Tools

Every engineer has a tool-kit – spanners, screwdrivers, voltmeters… while we don’t carry a bag of tools, just a USB stick with the right softwares on it is all you need. Some of us use Kali Linux which is quite a concise and complete tool-kit, and others like to roll their own – here’s some of the best available tools out there.

Google Hacking

Midnight Research Labs – SEAT
Google Hacking Diggity
dorkScan.py

Passwords

Ncrack
Medusa
hashcat
Ophcrack

Netcat

NetCat tutorial
Favorite Ncat/nc/Netcat trick
ads.pdf
Netcat_for_the_Masses.pdf
netcat_cheat_sheet_v1.pdf
socat
Netcat tricks
Nmap Development
Terminally Incoherent
Skoudis_pentestsecrets.pdf
Ncat for Netcat Users

Burp [Trust me, pay for the full version!]

credentials-discovery
Constricting the Web
Browse Belch
Burp Suite Tutorial
w3af in burp
Attack and Defense Labs
burp suite tutorial
SensePost – reDuh
OWASP WebScarab NG Project
Mallory
Fiddler Web Debugger
Watcher: Web security testing tool
X5S
koto/squid-imposter – GitHub

Web-based

BeEF
BlindElephant
XSSer
RIPS
divineinvasion.net
Attack and Defense Labs
Browser Exploitation for Fun&Profit
sqid (SQL Injection Digger)
pinata-CSRF-tool
Clickjacker
unicode-fun.txt – Packet Storm
WebService-Attacker

Shells

SourceForge.net: Yokoso!
AJAX/PHP Command Shell

Scanners #dontwaitenumerate

w3af
skipfish
sqlmap: automatic SQL injection tool
SQID – SQL Injection digger
XSSscan – Packetstormsecurity
WindowsAttack – fimap
fm-fsf
Websecurify
Arachni
rfiscan – Packet Storm
lfi-rfi2 – Packet Storm
inspathx – Path Disclosure
DotDotPwn – Packet Storm

Fuzzing

Gobuster [I’m in love with this tool]