100 Hacking Resources and Tools Miscellaneous

100 Hacking Resources and Tools Miscellaneous
Content List

We'd like to continue the celebration now that we've crossed $100 million in bounties with this list of 100 hacking tools and resources! These vary in difficulty from novice to expert. The majority are free, but some are not. Check them out and add them to your hacking arsenal! We'll upload them to Hacker101/ resources/ on GitHub, so feel free to contribute even more tools and resources!


100 Hacking Resources and Tools Miscellaneous


Burp Suite is a suite for burping.

1- Burp Suite is the most well-known web app hacking tool. You may get a free 3-month subscription of Burp Suite Pro after you reach 500 reputation on HackerOne! Take a look at these fantastic Burp plugins:

2. ActiveScan++: ActiveScan++ enhances the active and passive scanning capabilities of Burp Suite. It's designed to contribute little network overhead while identifying application behavior that expert testers may be interested in.

3. BurpSentinel: With BurpSentinel, a penetration tester may rapidly and easily submit a large number of malicious queries to HTTP request parameters. Not only that, but it also displays a wealth of information from HTTP answers related to the attack requests. It's simple to uncover low-hanging fruit and hidden weaknesses like this, and it frees up the tester's time to concentrate on other vital tasks!

4. Burp Suite's Autorepeater Burp: Burp Suite's automated HTTP request repeating.

5. Autorize Burp: Autorize is a browser plugin that aids penetration testers in detecting authorisation flaws, which is one of the most time-consuming jobs in a web site penetration test.

6- Burp Beautifier is a Burpsuite addition for beautifying request/response bodies in JS, JSON, HTML, and XML formats, written in Jython 2.7.

7. Flow: For all Burp tools, this plugin gives a Proxy history-like display as well as search filtering features.

8. Headless Burp: Using the command-line, you may execute Burp Suite's Spider and Scanner tools in headless mode.

9. Logger++: Logger++ is a Burp Suite multi-threaded logging plugin. The extension enables complex filters to be configured to highlight relevant entries or filter logs to just those that fit the filter, in addition to recording requests and answers from all Burp Suite tools.

10. WSDL Wizard: This plugin looks for WSDL files on a target server. Right-click on the required target in the site map and choose "Scan for WSDL files" from the context menu after conducting regular mapping of an application's content. The extension will look for URLs with the.wsdl file extension in previously identified material and predict the locations of any subsequent WSDL files based on the file names already in use. The scanning findings are shown on the Burp Extender tool's output tab for the extension.

11. JSON Beautifier: This plugin adds a JSON tab with a prettier request/response representation.

Hacking on the Internet

12. JSParser: A Python 2.7 script that parses relative URLs from JavaScript files using Tornado and JSBeautifier. When undertaking security research or bug bounty hunting, this is extremely beneficial for detecting AJAX queries.

13. Knockpy: Knockpy is a python utility that uses a word list to enumerate subdomains on a given domain. If the wildcard DNS record is enabled, it is meant to search for a DNS zone transfer and immediately skip it. Knockpy now supports VirusTotal subdomain searches, and the API KEY may be changed in the config.json file.

14. Lazys3: A Ruby script that uses various variations to brute-force AWS s3 buckets.

15. Sublist3r: Sublist3r is a python utility that uses OSINT to enumerate website subdomains. It assists penetration testers and bug hunters in gathering and collecting subdomains for the site they are targeting. Sublist3r uses a variety of search engines to find subdomains, including Google, Yahoo, Bing, Baidu, and Ask. Sublist3r also uses Netcraft, Virustotal, ThreatCrowd, DNSdumpster, and ReverseDNS to find subdomains.

16- Teh s3 bucketeers: Teh s3 bucketeers is a security tool for discovering Amazon's AWS S3 buckets.

17. Virtual-host-discovery: This is a simple HTTP scanner that lists all virtual hosts associated with a particular IP address. This might assist extend the target during recon by finding outdated or obsolete code. It may also disclose secret hosts in the developer's /etc/hosts file that are statically mapped.

18. Wpscan: WPScan is a black box WordPress security scanner created for security experts and bloggers to assess the security of their sites. It is free (for non-commercial usage).

19. Webscreenshot: Based on the url-to-image PhantomJS script, this is a simple script for screenshotting a list of websites.

20. Asnlookup: The ASN Information tool shows information about an IP address's Autonomous System Number (ASN), including the IP address's owner, registration date, issuing registrar, and the AS's whole IP range.

21- Unfurl is a tool that analyzes big sets of URLs and assesses their entropies in order to filter out URLs that might be susceptible to assault.

22. Waybackurls: Accept line-delimited domains on stdin, then get known URLs for *.domain from the Wayback Machine and print them to stdout.

23. Httprobe: Takes a list of domains and searches for http and https servers that are up and running.

24. Meg: Meg is a program that allows you to retrieve a large number of URLs without putting a strain on the servers. It may be used to retrieve several pathways for many hosts, or it can be used to fetch a single path for all hosts before going on to the next path and repeating the process.

25. Gau: Getallurls (gau) retrieves known URLs for any given domain from AlienVault's Open Threat Exchange, the Wayback Machine, and Common Crawl. Tomnomnom's waybackurls served as inspiration.

26. Ffuf: A Go-based fast web fuzzer.

27. Dirsearch: A basic command-line application for brute-forcing websites' folders and files.

28. OWASP Zed: OWASP Zed Attack Proxy (ZAP) is an open source penetration testing tool provided by OWASP (Open Web Application Security Project). It assists you in identifying security flaws in your application.

29. Subfinder: Subfinder is a subdomain discovery tool that uses passive Web sources to locate suitable subdomains for websites. It features a straightforward modular design that is intended for speed. Subfinder was designed to accomplish one thing and one thing well: passive subdomain enumeration.

30. EyeWitness: EyeWitness is a tool that takes screenshots of webpages, displays server header information, and detects any default credentials. EyeWitness was created with Kali Linux in mind. It will automatically recognize the file you provide with the -f option as a text file with URLs on each new line, nmap xml output, or nessus xml output. The —timeout parameter is fully optional, and it allows you to choose the maximum amount of time to wait while rendering and screenshotting a web page.

31. Nuclei: Nuclei is a quick tool for configuring focused scanning based on templates, with a lot of flexibility and simplicity.

32. Naabu: Naabu is a Go-based port scanning tool that enables you to quickly and reliably enumerate valid ports for hosts. It's a very basic program that does quick SYN scans on a host/list of hosts and displays all ports that respond.

33. Shuffledns: ShuffleDNS is a go wrapper for massdns that enables you to use active bruteforce to enumerate valid subdomains, as well as resolve subdomains with wildcard handling and simple input-output support.

34. DNSProbe: DNSProbe is a utility based on retryabledns that enables you to do numerous DNS requests using a list of user-supplied resolvers.

35. Chaos: Chaos is in charge of scanning and maintaining the data of all assets on the internet. This project aims to improve DNS research and analysis in order to get better insights.

36. Subjack: Subjack is a Go-based Subdomain Takeover tool that can simultaneously scan a list of subdomains and identify those that may be hijacked. When it comes to mass-testing, Go stands out because of its speed and efficiency. To rule out false positives, always double-check the findings manually.

37. gitGraber: gitGraber is a Python3 utility that monitors GitHub in order to look for and identify sensitive data in real time for various web businesses.

38. Shhgit: Shhgit listens to the GitHub Events API to detect secrets and sensitive files throughout GitHub code and Gists committed in near real-time.

39- Commit-stream collects commit logs from the Github event API in real time, providing the author data (name and email address) connected with Github repositories.

40. Masscan: This is a large-scale port scanner for the Internet. It can search the whole Internet in less than 6 minutes while transferring 10 million packets per second from a single workstation.

41. MassDNS: MassDNS is a simple high-performance DNS stub resolver aimed for those who need to resolve a large number of domain names, such as millions or billions. MassDNS can resolve over 350,000 names per second using publically accessible resolvers without any extra setup.

42- Findomain: Findomain is a dedicated monitoring service hosted on Amazon (only the local version is free), which enables you to monitor your target domains and send alerts to Discord and Slack webhooks or Telegram chats when new subdomains are discovered.

43. Amass: The OWASP Amass Project uses open source information gathering and active reconnaissance methodologies to accomplish network mapping of attack surfaces and external asset identification.

44. Dnsgen: This utility uses the specified information to produce a list of domain names. Wordlists are used to construct combinations. Per execution, custom words are extracted.

45. Dngrep: A tool for finding presorted DNS names rapidly. It's based on the Rapid7 rdns and fdns dataset.

46. Wfuzz: Wfuzz was intended to make the chore of evaluating web applications easier. It works on the basic principle of replacing every reference to the FUZZ keyword with the value of a provided payload.

47. Aquatone: Aquatone is a tool that allows you to visually scan websites across a large number of servers, giving you a quick overview of the HTTP-based attack surface.

48. WhatWeb: Content management systems (CMS), blogging platforms, statistic/analytics packages, JavaScript libraries, web servers, and embedded devices are all recognized by WhatWeb. WhatWeb contains over 1800 plugins, each of which recognizes a distinct object. Version numbers, email addresses, account IDs, web framework modules, SQL problems, and more are all identified by WhatWeb.

49- DIRB is an online content scanner: says 49. It attacks a web server with a dictionary attack and examines the response.

50. Dnscan: Dnscan is a python-based DNS subdomain scanner that uses a wordlist.

51. Sublert: Sublert is a security and reconnaissance tool developed in Python that uses certificate transparency to monitor new subdomains distributed by specified businesses using a TLS/SSL certificate that has been issued. The tool is designed to operate on a regular basis at predetermined times, dates, or intervals (Ideally each day). A notification push will be delivered to the Slack workplace when new subdomains are discovered. In addition, the program uses DNS resolution to find functional subdomains.

52. Recon-ng: Recon-ng is a full-featured reconnaissance framework that aims to provide a robust environment for doing open-source, web-based reconnaissance swiftly and completely.

53. Jok3r: Jok3r is a framework for penetration testers to use while assessing network infrastructure and online security. Its purpose is to automate as much as possible in order to find and attack "low-hanging fruit" and "fast wins" vulnerabilities in the most prevalent TCP/UDP services and web technologies (servers, CMS, languages...).

54. DirBuster: DirBuster is a multi-threaded java program that does brute force searches on web and application server directories and file names. DirBuster searches an online application for hidden directories and pages, giving users an extra attack channel.

55. Altdns: Altdns is a DNS recon tool that enables you to find subdomains that follow certain patterns. Words that may be found in subdomains under a domain (such as test, dev, and staging), as well as a list of known subdomains, are sent into Altdns.

56. Recon profile: This program aids in the creation of simple aliases that may be launched from an SSH/terminal.

57. BBHT: Bug Bounty Hunting Tools is a script that installs the most common tools used in bug bounty programs to find vulnerabilities.

Hacking on mobile devices

58- Mobile Security Framework (MobSF) is an automated, all-in-one mobile application pen-testing, malware analysis, and security assessment framework capable of static and dynamic analysis (Android/iOS/Windows).

59. Jadx: Jadx is a decompiler for dex to Java. The tools for generating Java source code from Android Dex and Apk files, including command line and GUI.

60. Dex2Jar: Dex2Jar is a free utility for working with ". dex" and ". class" files in Android and Java.

61. Radare2: A free/libre toolchain for doing forensics, software reverse engineering, exploitation, debugging, and other low-level activities. It's made up of a slew of libraries (many of which may be enhanced with plugins) and programs that can be automated using practically any programming language.

62. Genymotion: An Android emulator for developers and QA engineers that runs on several platforms. To create the highest quality applications, develop and automate your testing.

63- Frida "Universal" SSL Unpinner: Frida "Universal" SSL Unpinner is a universal unpinner.

64. Frida: A dynamic instrumentation toolset for programmers, reverse engineers, and security analysts.

Exploitation

65. SQLNinja: Sqlninja is a tool for exploiting SQL Injection vulnerabilities in online applications that utilize Microsoft SQL Server as their backend.

66. XSS Hunter: XSS Hunter detects all types of cross-site scripting vulnerabilities, including the often overlooked blind XSS. The XSS Hunter service operates by hosting specific XSS probes that scan the page and provide information about the susceptible page to the XSS Hunter service when they are fired.

67. NoSQLMap: NoSQLMap is an open source Python tool for auditing, automating, and exploiting default configuration vulnerabilities in NoSQL databases and web applications that use NoSQL to reveal or clone data from the database.

68. Ysoserial: A proof-of-concept tool for creating payloads that take advantage of Java object deserialization that is unsafe.

69- Sqlmap is an open-source penetration testing application that automates the process of finding and exploiting SQL injection problems and gaining control of database servers. It includes a sophisticated detection engine, a wide variety of switches, and database fingerprinting, including data fetching from the database, accessing the underlying file system, and executing commands on the operating system through out-of-band connections for the ultimate penetration tester.

70- SSRFTest is an SSRF testing tool.

71. Retire.JS: Scanning for insecure js libraries on a website.

72. Spiderfoot: SpiderFoot is a tool for automating open source intelligence (OSINT). It interfaces with almost any data source and automates OSINT collecting so you can concentrate on data analysis.

Scanners/Frameworks

73. OpenVAS: OpenVAS is a vulnerability scanner with a lot of features. Unauthenticated testing, authenticated testing, multiple high-level and low-level Internet and industrial protocols, performance tweaking for large-scale scanning, and a strong internal programming language to construct any sort of vulnerability test are all included in its capabilities.

74. Nikto: Nikto is an Open Source (GPL) web server scanner that scans web servers for a variety of things, including over 6700 potentially harmful files/programs, outdated versions on over 1250 servers, and version-specific issues on over 270 servers.

75. Wapiti: Wapiti is a security auditing tool for websites and online applications. It crawls the web pages of the deployed webapp, seeking for scripts and forms where it may inject data, and runs "black-box" scans (it doesn't look at the source code).

76. Metasploit: Metasploit is a penetration testing framework that is open-source.

77. Maltego: Maltego is a graphical link analysis and open source intelligence (OSINT) application for acquiring and linking information for investigative activities.

78. Canvas: CANVAS provides penetration testers and security experts throughout the globe with hundreds of exploits, an automated exploitation system, and a full, dependable exploit creation framework.

79. Sn1per: Sn1per Community Edition is an automated scanner that can be used to enumerate and scan for vulnerabilities during a penetration test. Sn1per Professional is Xero Security's premium reporting addon for managing big environments and pentest scopes for Professional Penetration Testers, Bug Bounty Researchers, and Corporate Security teams.

80. Lazyrecon: LazyRecon is a Bash script designed to automate the time-consuming operations of reconnaissance and data collection. The data is arranged in an html report at the end to assist you in determining future moves.

81. Osmedeus: Osmedeus enables you to execute a collection of outstanding reconnaissance and vulnerability scanning tools against a target automatically.

82. Reconness: ReconNess allows you to run and retain all of your #recon in one location, letting you to concentrate just on potentially susceptible targets without being distracted, and without having a lot of bash or programming knowledge.

83. IronWASP (Iron Web Application Advanced Security Testing Platform): IronWASP (Iron Web Application Advanced Security Testing Platform) is an open-source tool for web application vulnerability testing. It is created in such a manner that anyone with the necessary skills may use it as a foundation to build their own scanners. IronWASP is written on Python and Ruby, and users that are familiar with these languages will be able to fully use the platform. IronWASP, on the other hand, has a number of easy-to-understand features.

84. Nmap: Nmap ("Network Mapper") is a network discovery and security auditing tool that is free and open-source (license).

Freemium Services / Datasets

85. Shodan: Shodan has a public API that other programs may use to access all of Shodan's data. Nmap, Metasploit, Maltego, FOCA, Chrome, Firefox, and many more programs have integrations.

86. Censys: Censys scans the most ports and has the world's largest certificate database, giving you the most up-to-date, comprehensive picture of your known and undiscovered assets.

87. Rapid7 Forward DNS (FDNS): The replies to DNS queries for all forward DNS domains identified by Rapid7's Project Sonar are included in this collection.

88. C99.nl: C99.nl is a domain scanner that searches for as many subdomains as feasible.

89. SecLists: SecLists is a tool for security testers. It's a centralized repository for several sorts of lists used during security assessments. Usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more are examples of list types. The aim is for a security tester to be able to download this repository to a fresh testing machine and have access to any sort of list that could be required.

90. Web Application Security Payloads and Bypasses: A collection of helpful payloads and bypasses. Feel free to experiment with different payloads and strategies to see what works best.

Hacking Tools of Various Kinds

91- Ettercap is a complete suite that includes live connection sniffing, content filtering, and support for active and passive protocol dissection, as well as many capabilities for network and host analysis.

92. Transformations: Transformations make it simpler to spot typical data opacities, which might reveal security flaws or provide insight into how to get around protections.

93. John the Ripper: John the Ripper is a free and Open Source program that is largely provided as source code.

94. Wireshark: Wireshark® is a network protocol analyzer that allows you to record and explore data on a computer network in real time.

95. Foxyproxy: FoxyProxy is a powerful proxy management application that totally replaces Firefox's restricted proxying functionality. Please use FoxyProxy Basic if you want a simpler tool with fewer setup options.

96- Wappalyzer is a browser addon that reveals the technologies that are utilized on websites. Content management systems, eCommerce platforms, web servers, JavaScript frameworks, analytics tools, and more are all detected.

97. BuiltWith: BuiltWith's objective is to assist developers, researchers, and designers in determining what technologies web sites use, which may aid them in deciding which technologies to integrate.

98. Altair: The Altair GraphQL Client automates the debugging of GraphQL queries and implementations, allowing you to concentrate on the important tasks at hand.

99. THC Hydra: This tool is a proof-of-concept code that allows researchers and security consultants to demonstrate how simple it is to acquire unauthorized remote access to a system.

100. Swiftness X: A BB and pentesting note-taking tool.

Ethical Hacker

Ethical hackers, pentesters, and security researchers. We explain everything you need to know about them and how they can help your organization.