Tools & Notes
Manage your tool arsenal and integration settings.
Reconnaissance
Attack surface mapping and subdomain enumeration.
Quick Command:
amass enum -d target.comPassive subdomain enumeration using curated sources.
Quick Command:
subfinder -d target.comDomain asset discovery made simple.
Quick Command:
assetfinder --subs-only target.comProjectDiscovery's massive internet-wide asset database.
Quick Command:
chaos -d target.com -key $CHAOS_KEYHigh-speed port scanner.
Quick Command:
naabu -host target.comHTTP probe for checking live hosts.
Quick Command:
httpx -l hosts.txtScreenshot capture for recon.
Quick Command:
gowitness file -f urls.txtFetch archived URLs.
Quick Command:
waybackurls target.comNext-gen crawler from ProjectDiscovery.
Quick Command:
katana -u https://target.comGo-based fast web crawler.
Quick Command:
hakrawler -url https://target.comAdvanced parameter finder for endpoints.
Quick Command:
python3 paramspider.py --domain target.comFetch known URLs from AlienVault & Wayback.
Quick Command:
gau target.comGAU with filtering and performance improvements.
Quick Command:
gauplus target.comBlazing fast subdomain enumeration.
Quick Command:
findomain -t target.comScanning
Template-based vulnerability scanner.
Quick Command:
nuclei -u target.comClassic web server scanner.
Quick Command:
nikto -host https://target.comAttack-based web vulnerability scanner.
Quick Command:
wapiti -u https://target.comWebsite fingerprinting engine.
Quick Command:
whatweb target.comFramework for scanning & recon automation.
Quick Command:
golismero scan target.comFuzzing
Fast web fuzzer.
Quick Command:
ffuf -u https://target.com/FUZZ -w wordlist.txtRecursive directory brute-forcing.
Quick Command:
feroxbuster -u https://target.com -w wordlist.txtPath brute-forcer.
Quick Command:
dirsearch -u https://target.com -w paths.txtParameter discovery tool.
Quick Command:
arjun -u https://target.comParameter miner with smart mutation.
Quick Command:
x8 -u https://target.comExploitation
Industry-standard exploitation suite.
Quick Command:
msfconsoleSQL Injection automation.
Quick Command:
sqlmap -u 'https://target.com/?id=1'Advanced XSS scanner.
Quick Command:
xsstrike -u https://target.comWeb scanner & interceptor.
Quick Command:
./xray webscan --url https://target.com --html-output report.htmlPowerful XSS & bypass scanner.
Quick Command:
dalfox url https://target.comAutomatic command injection tool.
Quick Command:
commix --url https://target.comScan for CORS misconfigurations.
Quick Command:
python corsy.py -u https://target.comOSINT
Fast DNS resolver.
Quick Command:
dnsx -l subs.txtHigh performance DNS resolver.
Quick Command:
massdns -r resolvers.txt -t A subs.txtGoogle account OSINT framework.
Quick Command:
ghunt email target@gmail.comPassive OSINT footprinting.
Quick Command:
theHarvester -d target.com -b allFind usernames across social platforms.
Quick Command:
sherlock usernameCheck if email is linked to accounts.
Quick Command:
holehe email@gmail.comProxy
Industry-standard proxy, scanner, and professional suite for web security testing.
Quick Command:
java -jar burpsuite_pro.jarOpen-source web application scanner and intercepting proxy.
Quick Command:
./zap.sh -daemonInteractive HTTPS proxy for debugging and testing HTTP traffic.
Quick Command:
mitmproxyModern API debugging proxy supporting HTTP(S), WebSocket, gRPC.
Quick Command:
reqable