DEV Community

Cover image for Pentesting Tools I Use Everyday
Adem Kouki
Adem Kouki

Posted on

Pentesting Tools I Use Everyday

I have been pentesting for a while now and I have used a lot of tools. There are some tools that I use everyday and I thought I would share them with you.

1) Nuclei

This is a tool for vulnerability scanning that uses pre-defined templates for detecting vulnerabilities and misconfigurations in web applications and infrastructure. It can be used to find issues related to networking, containers, and cloud environments.
Nuclei is used to send requests across targets based on a template, leading to zero false positives and providing fast scanning on a large number of hosts. Nuclei offers scanning for a variety of protocols, including TCP, DNS, HTTP, SSL, File, Whois, Websocket, Headless etc. With powerful and flexible templating, Nuclei can be used to model all kinds of security checks.
Example usage:

nuclei -t cves/ -u https://example.com
Enter fullscreen mode Exit fullscreen mode

Learn more about nuclei here: https://nuclei.projectdiscovery.io/

2) Subfinder

This is a tool for discovering subdomains of a given domain. It can be useful for finding subdomains that may not be publicly listed, which can sometimes be used to find vulnerabilities that are not exposed to the public internet.
Example usage:

subfinder -d example.com
Enter fullscreen mode Exit fullscreen mode

Learn more about subfinder here: https://github.com/projectdiscovery/subfinder

3) Amass

Amass is a tool for network mapping and asset discovery. It can be used to enumerate subdomains, IP addresses, and other assets associated with a given domain. It is particularly useful for finding hidden assets that are not listed in public records, as it uses a variety of techniques to discover assets that may not be easily found through other means.

Amass can be used in a variety of situations, including during security assessments to identify potential attack surfaces, and during incident response to quickly locate and secure potentially compromised assets. It is a command-line tool that is easy to use and can be integrated into custom scripts and workflows.

Example usage:

amass enum -d example.com
Enter fullscreen mode Exit fullscreen mode

Learn more about amass here: https://github.com/OWASP/Amass

4) ffuf

This is a tool for bruteforcing web applications. It allows you to send HTTP requests with custom payloads and analyze the responses to find vulnerabilities.

Example usage:

ffuf -w /usr/share/wordlists/common.txt -u https://example.com/FUZZ
Enter fullscreen mode Exit fullscreen mode

Learn more about ffuf here: https://github.com/ffuf/ffuf

5) Dirsearch

This is a tool for bruteforcing directories and files on web servers. It can be used to find hidden files and directories that may not be publicly listed, which can sometimes be used to find vulnerabilities that are not exposed to the public internet.

Example usage:

dirsearch -u https://example.com
Enter fullscreen mode Exit fullscreen mode

Learn more about dirsearch here: https://github.com/maurosoria/dirsearch

6) SQLMap

This is a tool for detecting and exploiting SQL injection vulnerabilities. It can be used to find vulnerabilities that may not be publicly listed, which can sometimes be used to find vulnerabilities that are not exposed to the public internet.

Example usage:

sqlmap -u https://example.com
Enter fullscreen mode Exit fullscreen mode

Learn more about sqlmap here: https://sqlmap.org/

7) WPScan

This is a tool for detecting and exploiting vulnerabilities in WordPress websites. It can be used to find vulnerabilities that may not be publicly listed, which can sometimes be used to find vulnerabilities that are not exposed to the public internet.

Example usage:

wpscan --url https://example.com
Enter fullscreen mode Exit fullscreen mode

Learn more about wpscan here: https://wpscan.org/

8) gau (Get All URLs)

This is a tool for finding URLs on a given domain. It can be used to find hidden files and directories that may not be publicly listed, which can sometimes be used to find vulnerabilities that are not exposed to the public internet.

Example usage:

gau example.com
Enter fullscreen mode Exit fullscreen mode

Learn more about gau here: https://github.com/lc/gau

9) Dalfox

This is a tool for detecting and exploiting XSS vulnerabilities. It can be used to find vulnerabilities that may not be publicly listed, which can sometimes be used to find vulnerabilities that are not exposed to the public internet.

Example usage:

dalfox url https://example.com
Enter fullscreen mode Exit fullscreen mode

Learn more about dalfox here: https://github.com/hahwul/dalfox

10) John the Ripper

This is a tool for cracking passwords. It can be used to find passwords that may not be publicly listed, which can sometimes be used to find vulnerabilities that are not exposed to the public internet.

Example usage:

john --wordlist=/usr/share/wordlists/rockyou.txt hash.txt
Enter fullscreen mode Exit fullscreen mode

Learn more about John the Ripper here: https://www.openwall.com/john/

11) Burp Suite

This is a suite of tools for web application security testing. It includes a proxy for intercepting and modifying HTTP requests, a spider for crawling web applications, and a variety of tools for testing and exploiting vulnerabilities.

Learn more about Burp Suite here: https://portswigger.net/burp

12) ZAP (Zed Attack Proxy)

This is an open-source tool for web application security testing. It can be used to find vulnerabilities such as SQL injection, XSS, and cross-site request forgery (CSRF), and provides a variety of features for manually testing web applications.

Learn more about ZAP here: https://www.zaproxy.org/

13) Nikto

This is a tool for detecting vulnerabilities in web applications. It can be used to find vulnerabilities that may not be publicly listed, which can sometimes be used to find vulnerabilities that are not exposed to the public internet.

Example usage:

nikto -h https://example.com
Enter fullscreen mode Exit fullscreen mode

Learn more about Nikto here: https://cirt.net/Nikto2

14) Nmap

This is a tool for network mapping and asset discovery. It can be used to enumerate subdomains, IP addresses, and other assets associated with a given domain. It is particularly useful for finding hidden assets that are not listed in public records, as it uses a variety of techniques to discover assets that may not be easily found through other means.

Nmap can be used in a variety of situations, including during security assessments to identify potential attack surfaces, and during incident response to quickly locate and secure potentially compromised assets. It is a command-line tool that is easy to use and can be integrated into custom scripts and workflows.

Example usage:

nmap -sV -sC example.com
Enter fullscreen mode Exit fullscreen mode

Learn more about nmap here: https://nmap.org/

15) Metasploit

This is a tool for detecting and exploiting vulnerabilities in web applications. It can be used to find vulnerabilities that may not be publicly listed, which can sometimes be used to find vulnerabilities that are not exposed to the public internet.

Learn more about Metasploit here: https://www.metasploit.com/

Other Tools and Resources

https://dnsdumpster.com/ - DNS Dumpster is a free tool for finding subdomains and other DNS records associated with a given domain.

https://www.shodan.io/ - Shodan is a search engine for internet-connected devices. It can be used to find devices that may not be publicly listed, which can sometimes be used to find vulnerabilities that are not exposed to the public internet.

https://www.censys.io/ - Censys is a search engine for internet-connected devices. It can be used to find devices that may not be publicly listed, which can sometimes be used to find vulnerabilities that are not exposed to the public internet.

https://www.virustotal.com/gui/ - VirusTotal is a free service for scanning files and URLs for viruses, malware, and other malicious content. It can be used to find malicious files that may not be publicly listed, which can sometimes be used to find vulnerabilities that are not exposed to the public internet.

https://www.hybrid-analysis.com/ - Hybrid Analysis is a free service for analyzing suspicious files and URLs. It can be used to find malicious files that may not be publicly listed, which can sometimes be used to find vulnerabilities that are not exposed to the public internet.

Latest comments (0)