Advance Penetration Testing Tools

Welcome to the Advance Penetration Testing Tools repository. This comprehensive collection of tools is designed to enhance both automated and manual penetration testing. These tools cover a wide range of tasks, from subdomain enumeration and vulnerability scanning to web crawling and visual reconnaissance.

Tools

General Tools

dirsearch - Directory and file scanner.
JSParser - JavaScript parser for finding sensitive data.
knockpy - Subdomain scanner.
lazys3 - S3 bucket enumeration tool.
recon_profile - Reconnaissance profile manager.
sqlmap-dev - SQL injection tool.
Sublist3r - Subdomain enumeration tool.
teh_s3_bucketeers - S3 bucket enumeration tool.
virtual-host-discovery - Virtual host discovery tool.
wpscan - WordPress vulnerability scanner.
webscreenshot - Automated screenshot tool for websites.
Massdns - DNS resolver.
Asnlookup - ASN lookup tool.
Unfurl - Extracts and unfurls URLs.
Waybackurls - Retrieve URLs from the Wayback Machine.
Httprobe - HTTP probe tool.
Seclists collection - Collection of security lists.

VPS-Bug-Bounty-Tools

For a comprehensive installation script and toolset, visit the VPS-Bug-Bounty-Tools GitHub page.

Installation Instructions

cd /tmp && git clone https://github.com/drak3hft7/VPS-Bug-Bounty-Tools
cd VPS-Bug-Bounty-Tools
sudo ./Tools-BugBounty-installer.sh

Example Installation

Tool Categories

Network Scanners:
- Nmap - Network scanner.
- Masscan - High-speed port scanner.
- Naabu - Port scanning tool.
Subdomain Enumeration and DNS Resolver:
- Massdns - DNS resolver.
- Subfinder - Subdomain discovery tool.
- Knock - Subdomain scanner.
- Lazyrecon - Reconnaissance tool.
- Github-subdomains - Subdomain enumeration.
- Sublist3r - Subdomain enumeration tool.
- Crtndstry - Certificate transparency subdomain enumeration.
- Assetfinder - Domain and subdomain finder.
- Dnsx - DNS toolkit.
- Dnsgen - DNS record generator.
Subdomain Takeovers:
- SubOver - Subdomain takeover tool.
Web Fuzzers:
- Dirsearch - Directory and file scanner.
- Ffuf - Fuzzing tool.
Wordlists:
- SecLists - Collection of wordlists.
CMS Scanners:
- Wpscan - WordPress vulnerability scanner.
- Droopescan - Drupal and Joomla scanner.
SQL Vulnerability Tools:
- SQLmap - SQL injection tool.
- NoSQLmap - NoSQL injection tool.
- Jeeves - SQL injection tool.
JavaScript Enumeration:
- LinkFinder - JavaScript link finder.
- SecretFinder - Secret data finder in JavaScript.
- JSParser - JavaScript parser.
Visual Recon:
- Aquatone - Visual reconnaissance tool.
Web Crawlers:
- GoSpider - Web spider.
- Hakrawler - Web crawler.
- Katana - Web crawler.
XSS Vulnerability Tools:
- XSStrike - XSS vulnerability scanner.
- XSS-Loader - XSS payload loader.
- Freq - Frequency analysis tool for XSS.
- Gxss - XSS vulnerability scanner.
- Dalfox - XSS scanning tool.
SSRF Vulnerability Tools:
- SSRFmap - SSRF mapping tool.
- Gopherus - SSRF testing tool.
Vulnerability Scanners:
- Nuclei - Vulnerability scanner.
Virtual Host Discovery:
- Virtual host scanner - Virtual host discovery tool.
Additional Useful Tools:
- Anew - Append unique lines to files.
- Unew - Unique newline processing.
- Gf - GitHub fuzzing tool.
- Httprobe - HTTP probe tool.
- Httpx - HTTP probing tool.
- Waybackurls - Retrieve URLs from the Wayback Machine.
- Arjun - HTTP parameter discovery tool.
- Gau - Get all URLs.
- GauPlus - Enhanced version of Gau.
- Uro - URL-related operations tool.
- Qsreplace - URL parameter replacement.
- SocialHunter - Social media reconnaissance tool.

Additional Resources

Available Tools List

Note

I am merely a script kiddie and all credits go to the respective tool creators. Special thanks to The Cyberboy for their comprehensive overview on YouTube: Watch Here.

ShingareOm/PentestingTools