Navigation X
ALERT
Click here to register with a few steps and explore all our cool stuff we have to offer!



 2252

Collection of open source tools I am using in web hacking

by montgomery - 21 January, 2020 - 06:08 PM
This post is by a banned member (montgomery) - Unhide
6
Posts
2
Threads
5 Years of service
#1
Here are the tools I have used in hacking. These are open source tools that could be chained to work together in bash or any other script. It is good for automation. If you have any other cool tools to share, feel free to write below.

Breached credentials collections:
- 1.4 billion credentials - https://github.com/philipperemy/tensorfl...d-analysis
- Collection 1 - magnet:?xt=urn:btih:b39c603c7e18db8262067c5926e7d5ea5d20e12e&dn=Collection+1 (paste this in your torrent client)
- Collection 2 - 5 - magnet:?xt=urn:btih:d136b1adde531f38311fbf43fb96fc26df1a34cd&dn=Collection+%232-%235+%26+Antipublic (paste this in your torrent client)
- HaveIBeenPwned - https://haveibeenpwned.com/ - validate if email has been breached

Wordlists for enumerations:
- seclists - https://github.com/danielmiessler/SecLists - for most enumerations
- fuzzdb - https://github.com/fuzzdb-project/fuzzdb - for fuzzing directories
- wordlists - https://github.com/xajkep/wordlists

Recon and information gathering:
- theHarvester: https://github.com/laramies/theHarvester - for getting emails
- h8mail - https://github.com/khast3x/h8mail - checking if email appears in breaches
- amass - https://github.com/OWASP/Amass/ - for passive scanning subdomains of target
- subfinder - https://github.com/projectdiscovery/subfinder - another passive scanner for subdomain enumeration
- crt.sh - https://crt.sh/ - getting websited that uses certificates, good for enumerating domains

Port checking:
- masscan - https://github.com/robertdavidgraham/masscan - extremely fast port scanner (not very intrusive, I use this for checking opened ports only, for more detailed scan I use nmap)
- httprobe - https://github.com/tomnomnom/httprobe - checks if given domains have opened web ports (typically 80 or 443)

Brute forcing:
- ffuf - https://github.com/ffuf/ffuf - brute forcing directories
- brutespray - https://github.com/x90skysn3k/brutespray - brute forcing ssh, ftp and other types of protocols from given nmap output
- thc-hydra - https://github.com/vanhauser-thc/thc-hydra - general bruteforcing tool

SQL injections:
- sqliv - https://github.com/the-robot/sqliv - mass scanning web for sql vulnerabilities
- sqlmap - https://github.com/sqlmapproject/sqlmap - dumping databases for vulnerable websites

Other:
wpscan - https://github.com/wpscanteam/wpscan - scanning wordpress websites
mitm6 - https://github.com/fox-it/mitm6 - man in the middle attacks for windows hosts with ipv6
zaproxy - https://github.com/zaproxy/zaproxy - web proxy tool for enumerating web apps

More tools will be included soon! I may include bash scripts combining these tools later.
This post is by a banned member (Poellie) - Unhide
Poellie  
Registered
16
Posts
0
Threads
4 Years of service
#2
Ayyy thanks for sharing. Will use this for sure.

Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
or
Sign in
Already have an account? Sign in here.


Forum Jump:


Users browsing this thread: 1 Guest(s)