Throughout our past, present, and future posts, we will be discussing, analyzing, and explaining tools to use in our daily ethical hacking.
This is a list that we will continue to expand over time…
INFORMATION GATHERING, ON LINE AND LOCAL TOOLS
- ON LINE TOOLS
- DOMAIN INFORMATION
- WHOIS
- DNS
- VIEW DNS INFO: Link: https://viewdns.info/
- RECON & RESEARCH: Link https://dnsdumpster.com/
- DOMAIN & TECHNOLOGY
- NETCRAFT. Provides historical hosting info, IP addresses, technologies used. Link: https://sitereport.netcraft.com/
- SSL CHECK. Link: https://www.ssllabs.com
- SEARCH ENGINES
- SHODAN. Search devices exposed to the internet.
Link: https://www.shodan.io/ - CENSYS. Focuses on certificates, hosts, and vulnerabilities. Link: https://search.censys.io
- ZOOMEYE. Chinese alternative to Shodan, with different indexing logic. Link: https://www.zoomeye.org/
- SHODAN. Search devices exposed to the internet.
- OSINT
- OSINT FRAMEWORK. A categorized directory of OSINT tools and resources for recon.: Link: https://osintframework.com/
- OSINT NAVIGATOR: Interactive mind map of OSINT tools by category. Link: https://ekky19.github.io/osint/
- WEB CHECK: Online domain scanner showing DNS, subdomains, headers, and tech stack. Link: https://web-check.xyz/
- INTELX. Search leaks, emails, usernames, social profiles, pastebins. Link: https://intelx.io/
- DOMAIN INFORMATION
- LOCAL TOOLS
- THE HARVESTER. Collects emails, subdomains, IPs using search engines and public sources. Repository: https://github.com/laramies/theHarvester
- RECON-NG. Modular web reconnaissance framework. Repository: https://github.com/lanmaster53/recon-ng
- MALTEGO. Graph-based recon tool for visualizing links between identities, domains, leaks, etc. Link: https://www.maltego.com/
- NMAP. Network mapping and service detection. Link: https://nmap.org/
- WAPPALYZER BROWSER EXTENSION. Detect web stack, with Chrome/Firefox plugins and API. Link: https://www.wappalyzer.com/
- FOCA. Windows-based tool that extracts metadata from documents (.pdf, .docx, .pptx). Repository: https://github.com/ElevenPaths/FOCA
- WHATWEB. CLI tool to fingerprint web technologies. Repository: https://github.com/urbanadventurer/WhatWeb
- SHERLOCK. Finds usernames across hundreds of social media platforms. Repository: https://github.com/sherlock-project/sherlock
- EXIFTOOL. Extracts metadata from images, PDFs, Office files. Link: https://exiftool.org/
- METAGOOFIL. Scrapes files from websites and extracts metadata. Repository: https://github.com/laramies/metagoofil
ANTIVIRUS, MALWARE, SOCIAL MEDIA & CREDENTIAL LEAKS
- VIRUS TOTAL. Scans files, URLs, and IPs with multiple antivirus engines and threat intel. Link: https://www.virustotal.com
- HAVE I BEEN PWNED. Check if an email address was part of a known data breach. Link: https://haveibeenpwned.com/
- WHATSMYNAME. Discover a username’s presence across multiple platforms. Link: https://whatsmyname.app/
- BLACKLIST CHECKER. Checks if a domain or IP is blacklisted in spam or threat databases. Link: https://blacklistchecker.com/
OTHER INTERESTING TOOLS
- WAYBACK MACHINE. Shows historical snapshots of websites, great for finding deleted content. Link: https://web.archive.org/
- GOOGLE HACKING DB. Curated dorks for finding exposed files, panels, cameras, etc. Link: https://www.exploit-db.com/google-hacking-database
- GHDB SEARCH TOOL. Automates Google dork execution via CLI. Repository: https://github.com/opsdisk/google-hacking-database
VULNERABILITY ASSESSMENT
- NESSUS. Commercial scanner with broad plugin coverage. Link: https://www.tenable.com/products/nessus
- OPENVAS. Open-source vulnerability scanner. Link: https://www.greenbone.net/en/
- NUCLEI. High-speed vulnerability scanner using YAML templates. Repository: https://github.com/projectdiscovery/nuclei
- WAPITI. Web application vulnerability scanner. Repository: https://github.com/wapiti-scanner/wapiti
- NIKTO. Web server scanner for outdated software and issues. Repository: https://github.com/sullo/nikto
