RatSec Blog

A list of 50 tools every hacker should know

- Posted in Uncategorized by

A list of 50 tools every hacker should know:

  1. Wireshark: Network protocol analyzer.
  2. Nmap: Network discovery and security auditing tool.
  3. Metasploit: Penetration testing framework.
  4. Burp Suite: Web application security testing tool.
  5. Pentest-Tools: cloud-based toolkit for offensive security testing.
  6. ZAP (Zed Attack Proxy): Security testing tool for web applications.
  7. THC-Hydra: Password cracking tool.
  8. John the Ripper: Password cracking software.
  9. Aircrack-ng: Suite of tools for wireless security.
  10. Maltego: Open-source intelligence and forensics application.
  11. BeEF: Penetration testing tool that focuses on the web browser.
  12. SQLMap: Automatic SQL injection and database takeover tool.
  13. Ghidra: Open-source software reverse engineering framework.
  14. Tcpdump: Packet analyzer.
  15. Hashcat: Password recovery tool.
  16. Nikto: Web server scanner.
  17. Netcat: Networking utility for reading/writing data across network connections.
  18. Acunetix: Web vulnerability scanner.
  19. Dirbuster: Multi threaded java application to brute force directories and files names.
  20. reconftw: complete suite of tools to assess WiFi network security.
  21. nmapAutomator: Nmap automater tool.
  22. Dal Fox: XSS scanner.
  23. Hping: Network testing tool.
  24. GPG (GNU Privacy Guard): Encryption and decryption tool.
  25. Shodan: Search engine for Internet-connected devices.
  26. XSStrike: Advanced XSS Detection Suite.
  27. Wafw00f: Identifies and fingerprints Web Application Firewall (WAF) products.
  28. Volatility: Memory forensics framework.
  29. Ffuf: A fast web fuzzer written in Go.
  30. WhatWeb: Website fingerprinter.
  31. Ettercap: Network security tool.
  32. OpenVAS: Open-source vulnerability scanner.
  33. Wfuzz: Web application password cracker.
  34. Sublist3r: Subdomain enumeration tool.
  35. YARA: Pattern matching swiss knife for malware researchers.
  36. Reaver: Brute force attack against Wi-Fi Protected Setup (WPS).
  37. Sn1per: Attack Surface Management Platform protocols.
  38. JWT Cracker: Simple HS256 JWT token brute force cracker.
  39. Github-dorks: CLI tool to scan Github repos for potentially sensitive information leak.
  40. Nessus: Vulnerability, configuration, and compliance scanner.
  41. Nexpose: Vulnerability management tool.
  42. NoSQLmap: Automatic NoSQL injection and database takeover tool.
  43. Social-Engineer Toolkit (SET): Social engineering attack framework.
  44. CeWL: Custom Word List generator.
  45. hakrawler: Fast golang web crawler for gathering URLs and JavaScript file locations.
  46. Autopsy: Digital forensics platform.
  47. HashDeep: Hash verification tool.
  48. SpiderFoot: Open-source intelligence automation tool.
  49. Mimikatz: Post-exploitation tool.
  50. WiFite: Automated wireless auditor.