Hacking Tools

OWASP ZAP

OWASP ZAP is an open-source web application security scanner. It is intended to be

used by both those new to application security as well as professional penetration
testers.

Burp Suite

Burp Suite is an integrated platform/graphical tool for performing security testing

of web applications. Its tools work together to support the entire testing process,
from initial mapping and analysis of an application's attack surface, to finding
and exploiting security vulnerabilities.

Postman

Postman is an API platform for developers to design, build, test and iterate their
APIs.

EthicalCheck

EthicalCheck performs automated, instantaneous API security scans covering the

OWASP API Top 10.

FoxyProxy

FoxyProxy is an advanced proxy management tool that completely replaces Firefox's

limited proxying capabilities.

mitmproxy

mitmproxy is a free and open source interactive HTTPS proxy.

mitmproxy2swagger

Converts mitmproxy captures to OpenAPI 3.0 specifications. Automatically reverse-

engineer REST APIs by just running the apps and capturing the traffic.

Kiterunner

Kiterunner is a tool that performs traditional content discovery, and also

bruteforces routes/endpoints in modern applications.

Arjun

Arjun helps find query parameters for URL endpoints.

TruffleHog

TruffleHog helps discover exposed secrets.

Nikto

Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests
against web servers for multiple items, including over 6700 potentially dangerous
files/programs, checks for outdated versions.

nmap
Nmap is a powerful tool for scanning ports, searching for vulnerabilities,
enumerating services, and discovering live hosts. For API discovery, you should run
two Nmap scans in particular: general detection and all port.

OWASP Amass

The OWASP Amass Project performs network mapping of attack surfaces and external
asset discovery using open source information gathering and active reconnaissance
techniques.

DNSdumpster

DNSdumpster is a free domain research tool that can discover hosts related to a
domain. Finding visible hosts from the attackers perspective is an important part
of the security assessment process.

Google Hacking Database

The Google Hacking Database (GHDB) is a compiled list of common mistakes web/server
admins make, which can be easily searched by using Google.

Gobuster

Gobuster is a tool used to brute-force URIs (directories and files) in web sites,
DNS subdomains, Virtual Host names on target web servers, Open Amazon S3 buckets.

Burp Suite Intruder

Burp Intruder is a tool for automating customized attacks against web applications.
It can be used to perform a huge range of tasks, from simple brute-force guessing
of web directories through to active exploitation of complex blind SQL injection
vulnerabilities.

Wfuzz

Wfuzz is a tool designed for bruteforcing Web Applications. It can be used to find
resources not linked directories, servlets, scripts, etc., bruteforce GET and POST
parameters for checking different kind of injections (SQL, XSS, LDAP,etc),
bruteforce Forms parameters (User/Password), Fuzzing, etc.

JWT_Tool

JWT_Tool is a toolkit for testing, tweaking and cracking JSON Web Tokens.

sqlmap

sqlmap is an open source penetration testing tool that automates the process of
detecting and exploiting SQL injection flaws and taking over of database servers.
API Research Sites

Google

Google: try advanced searches to discover API information, for example:

inurl:"/wp-json/wp/v2/users" - Finds all publicly available WordPress API user

directories.
intitle:"index.of" intext:"api.txt" - Finds publicly available API key files.
inurl:"/api/v1" intext:"index of /" - Finds potentially interesting API
directories.
ext:php inurl:"api.php?action=" - Finds all sites with a XenAPI SQL injection
vulnerability.
intitle:"index of" api_key OR "api key" OR apiKey -pool - This lists
potentially exposed API keys.

Github

Try using parameters such as:

filename:swagger.json
extension:.json

Shodan

Shodan is a search engine that lets users search for various types of servers
connected to the internet using a variety of filters. You can use Shodan to
discover external-facing APIs and get information about your target’s open ports.

Wayback Machine

The Wayback Machine is a digital archive of the World Wide Web. This site allows
you to check out historical changes to your target and potentially previously
published APIs/endpoints.

Postman Explore

Browse the largest network of APIs, workspaces, and collections by developers

across the planet.

ProgrammableWeb

ProgrammableWeb is the go-to source for API-related information. To learn about

APIs, you can use its API University.

APIs Guru

Our goal is to create a machine-readable Wikipedia for Web APIs in the OpenAPI
Specification format.

Public APIs Github Project

A collective list of free APIs.

RapidAPI Hub

Browse the best premium and free APIs on the world's largest API Hub.
Password Lists

Mentalist

Mentalist is a graphical tool for custom wordlist generation. It utilizes common

human paradigms for constructing passwords and can output the full wordlist as well
as rules compatible with Hashcat and John the Ripper.

Common User Password Profiler

The aim of the CUPP is to generate common passwords based on the input that you
will give for your target.
Rockyou.txt

Rockyou.txt is a common password list that is included in Kali Linux. This file is
located here: /usr/share/wordlists/rockyou.txt.gz
Training Labs

TryHackMe

Bookstore: https://tryhackme.com/room/bookstoreoc
IDOR: https://tryhackme.com/why-subscribe
GraphQL: https://tryhackme.com/room/carpediem1

HackTheBox

Craft
Postman
JSON
Node
Help