Subdomains enumeration:
Amass
Assetfinder
Crobat
Findomain
Github-subdomains
Subfinder
Sudomy
subdomainizer
sublister
findomain
Subdomain Takeover:
Subover
Autosubtakeover
Tko-subs
Subjack
Cloud Workflow: AWS_Recon
festin
lazys3
s3brute
flumberboozle
slurp
DNS resolver
dnsx
MassDNS
PureDNS
ShuffleDNS
DNSvalidator
Visual Inspection - Screenshots
Aquatone
Gowitness
httpscreenshot
HTTP probe
httprobe
httpx
Web crawler / Content Discovery
Gospider
Hakrawler
ParamSpider
gau
waybackurls
paramspider
GF
GF_Pattern
Photon
Network scanner
Rustscan
Masscan
Naabu
Nmap
Brutespray
HTTP Parameter
Arjun
x8 *
Fuzzing tools
Ffuf
Gobuster
Wfuzz
Gobuster
Dirsearch
Dirb
LFI/RFI tools
LFISuite
Fimap
XPR1M3 / sqli-lfi-xss-rce-dorker-and-auto-exploiter-Python
https://github.com/XPR1M3/sqli-lfi-xss-rce-dorker-and-auto-exploiter-Python-.git
Spring4Shell:
redhuntlabs / Hunt4Spring | https://github.com/redhuntlabs/Hunt4Spring.git
Log4j:
log4jscan for Linux | https://github.com/intezer/log4jscan.git
SSRF tools
SSRFmap
Gopherus
Interactsh
SSTI tools
tplmap *
API hacking tools
Kiterunner + API routes
Wordlists
SecLists
Vulns - XSS
Dalfox
Bxss
XSpear
kxss
XSStrike
Gxss
FinDOM-XSS
X5S
Xenotix XSS Exploit Framework
Vulns - SQL Injection
SQLbit
BSQL hacker
SQLMap
SQLninja
Safe3 SQL injector
SQLSus
Mole
NoSQLMap
SQLmate
ATLAS (WAF Bypass Suggester for SQLmap)
SQLiScanner
AutoSQLi
Bypass-WAF-SQLMAP
KhetaguriDimitri/SQL-Injection
Agressiv1njector/psqli-pro
AngelSecurityTeam/SQLiDumper-AngelSecurityTeam
JohnTroony/Blisqy
quadcoreside/QuadCore-Web-SQLi-Injecter-DB-Dumper
enjoiz/BSQLinjector
lanmaster53/sqli-exploiter
Sqliv
Havij
BBQSQL
Leviathan
WhiteWidow
jSQL Injection
CMS Scanner
WPscan
droopescan
AEM-Hacker
Drupwn
Wig
Vulns - Scanner
Jaeles
Nikto **
Nuclei
JavaScript hunting
LinkFinder
SecretFinder
subjs
GetJS
Find_Web_Technologies
Wappalyzer CLI
Git Hunting / GIT Enum Tools:
GitDorker *
gitGraber *
GitHacker *
GitTools *
Githound
Trufflehog
Gitscanner
Sensitive Stuff Finding
DumpsterDiver *
EarlyBird *
Ripgrep
Useful tools
anew
anti-burl
getallurls
gron
Interlace
jq *
qsreplace
Tmux
unfurl
Uro *
Web Exploitation Frameworks:
Sn1per
Vajra
Jok3r v3 beta
osmedeus
cobra
Arachni
TIDoS Framework
sudomy
Grabber
Vega
Zed Attack Proxy
Wapiti
W3af
WebScarab
Skipfish
Ratproxy
Wfuzz
Grendel-Scan
Watcher
JS Enumeration Tools:
jsscanner
jsparser
linkfinder
Fingerprint & CVE Tools:
nuclei
webtech
waf