Every now and then you may ask yourself if the tools you are using are working as good as they can, most times you’d be disappointed to know there’s a shiny newer tool that does everything you wanted the old one to do and more. For that matter I’ve compiled a list of my favorite tools that I use pretty much daily.

I’ll break them down per category, for readiness purposes, feel free to view each and every tool independently by clicking their corresponding link. Shall we begin?

Reconnaissance

The type of tools you’d probably want to use in order to discover basic information about your target.

• Nmap - The Network Mapper.
• dig - DNS Lookup Utility.
• Wpscan - WordPress Security Scanner.

Discovery

Looking for more pages/files on a website? use the tool below and find them.

• Gobuster - Directory/File, DNS and VHost Busting Tool.

Fuzzing

Sometimes we have to fuzz in order to find an attack vector, in that case I’d use these:

• Wfuzz - Web Application Fuzzer.
• fuff - Fast Web Fuzzer.

Frameworks

A bunch of exploits and utilities packed into a big framework, Empire is Windows-only though.

• Metasploit - Metasploit Framework.
• Empire - PowerShell/Python Post Exploitation Framework.

SQL

SQL Injection tools for automatic exploitation, because going manual usually takes a lot of time.

• sqlmap - Automatic SQLi and Database Takeover Tool.
• NoSQLMap - Automated NoSQL Database Enumeration Tool.

Proxy/Tunnel

In need of a reverse/socks5 proxy or a tunnel? I’ve got your covered:

• chisel - A fast TCP tunnel over HTTP.
• Burpsuite - Proxy and Security Tools.

Reversing

If you are in need of tools to reverse a binary you’d probably want to check out the tools below.

• radare2 (cutter) - Reverse Engineering Framework.
• dnSpy - .NET Debugger and Assembly Editor.

Text Editors

Text editors for days. Sublime is not on the list because it’s a paid software.

• Atom - The Hackable Text Editor.
• nano - Enhanced Free Pico Clone.

Wordlists

Looking for quality wordlists to crack and/or find anything? These resources will save you a lot of time:

• Seclists - A Huge Collection of Wordlists.
• Crackstation - Huge Password Wordlist.
• CeWL - Custom Wordlist Generator.

Networking

Use these if you need to inspect/sniff packets.

• Wireshark - Network Traffic Analyzer.
• tcpdump - Network Dissector.

OSINT

The coolest tools if you’d ask me. You can find a great deal of information with OSINT these days.

• Twint - Twitter Scraping & OSINT Tool.
• recon-ng - Open Source Intelligence Gathering Tool.
• theharvester - E-mails, Subdomains and Names Harvester.
• Google - Google Dorking.

Cryptography

Need to crack a hash? Here you go. Try using Crackstation first though, if your hash is of a common type, of course.

• hashcat - Hash Cracking/Password Recovery Utility.
• john - Fast Password Cracker.
• Crackstation - Online Password Hash Cracker.

Exploit Databases

The biggest exploit database you will find.

• exploit-db - Exploit Database.

BOF (Mostly CTF)

A collection of tools for when you encounter a buffer overflow vulnerability.

• ropstar - Automatic Exploit Generator.
• pwntools - CTF Framework and Exploit Development Library.

Scripts

Privilege escalation checkers for both platforms, so you won’t miss anything. I personally never use the Linux ones but you might find them useful.

• lse - Linux Enumeration Tool.
• LinEum - Scripted Local Linux Enumeration & Privilege Escalation Checks.
• winPEAS - Local Windows Privilege Escalation Enumerator.
• PowerUp - Clearing House of Common Privilege Escalation Checks.

Active Directory

Windows helper for advanced privilege escalation paths through Active Directory.

• BloodHound - AD Privilege Escalation Visualizer.
• PowerView - AD/Windows Utilities.

Thanks for reading and happy hacking!