[billg1124]

Welcome!

About the Game:
100 Hacking Tools and Resources. As we recently surpassed $100 million dollars in bounties, we want to continue the celebration with this list of 100 tools and resources for hackers! These range from beginner to expert.

Click Here for Poker world mega billions Hack

Most are free but some cost money. Check them out to add to your own hacking toolkit! We’ll add these to our GitHub on Hacker101/_resources/ so feel free to continue adding even more tools and resources! Burp Suite. 1. Burp Suite: The quintessential web app hacking tool. Once you hit 500 reputation on HackerOne, you are eligible for a free 3-month license of Burp Suite Pro! Check out these awesome Burp plugins: 2. ActiveScan++: ActiveScan++ extends Burp Suite’s active and passive scanning capabilities. Designed to add minimal network overhead, it identifies application behavior that may be of interest to advanced testers. 3. BurpSentinel: With BurpSentinel it is possible for the penetration tester to quickly and easily send a lot of malicious requests to parameters of a HTTP request. Not only that, but it also shows a lot of information of the HTTP responses, corresponding to the attack requests. It’s easy to find low-hanging fruit and hidden vulnerabilities like this, and it also allows the tester to focus on more important stuff! 4. Autorepeater Burp: Automated HTTP request repeating with Burp Suite. 5. Autorize Burp: Autorize is an extension aimed at helping the penetration tester to detect authorization vulnerabilities—one of the more time-consuming tasks in a web application penetration test. 6. Burp Beautifier: BurpBeautifier is a Burpsuite extension for beautifying request/response body, supporting JS, JSON, HTML, XML format, writing in Jython 2.7. 7. Flow: This extension provides a Proxy history-like view along with search filter capabilities for all Burp tools. 8. Headless Burp: This extension allows you to run Burp Suite’s Spider and Scanner tools in headless mode via the command-line. 9. Logger++: Logger++ is a multi-threaded logging extension for Burp Suite. In addition to logging requests and responses from all Burp Suite tools, the extension allows advanced filters to be defined to highlight interesting entries or filter logs to only those which match the filter. 10. WSDL Wizard: This extension scans a target server for WSDL files. After performing normal mapping of an application’s content, right click on the relevant target in the site map, and choose Scan for WSDL files” from the context menu. The extension will search the already discovered contents for URLs with the .wsdl file extension, and guess the locations of any additional WSDL files based on the file names known to be in use. The results of the scanning appear within the extension’s output tab in the Burp Extender tool. 11. JSON_Beautifier: This plugin provides a JSON tab with beautified representation of the request/response. Web Hacking. 12. JSParser: A python 2.7 script using Tornado and JSBeautifier to parse relative URLs from JavaScript files. This is especially useful for discovering AJAX requests when performing security research or bug bounty hunting. 13. Knockpy: Knockpy is a python tool designed to enumerate subdomains on a target domain through a word list. It is designed to scan for a DNS zone transfer and bypass the wildcard DNS record automatically, if it is enabled. Knockpy now supports queries to VirusTotal subdomains, you can set the API_KEY within the config.json file. 14. Lazys3: A Ruby script to brute-force for AWS s3 buckets using different permutations. 15. Sublist3r: Sublist3r is a python tool designed to enumerate subdomains of websites using OSINT. It helps penetration testers and bug hunters collect and gather subdomains for the domain they are targeting. Sublist3r enumerates subdomains using many search engines such as Google, Yahoo, Bing, Baidu and Ask. Sublist3r also enumerates subdomains using Netcraft, Virustotal, ThreatCrowd, DNSdumpster and ReverseDNS. 16. Teh_s3_bucketeers: Teh_s3_bucketeers is a security tool to discover S3 buckets on Amazon’s AWS platform. 17. Virtual-host-discovery: This is a basic HTTP scanner that enumerates virtual hosts on a given IP address. During recon, this might help expand the target by detecting old or deprecated code. It may also reveal hidden hosts that are statically mapped in the developer’s /etc/hosts file. 18. Wpscan: WPScan is a free (for non-commercial use) black box WordPress security scanner written for security professionals and bloggers to test the security of their sites. 19. Webscreenshot: A simple script to screenshot a list of websites, based on the url-to-image PhantomJS script. 20. Asnlookup: The ASN Information tool displays information about an IP address’s Autonomous System Number (ASN), such as: IP owner, registration date, issuing registrar and the max range of the AS with total IPs. 21. Unfurl: Unfurl is a tool that analyzes large collections of URLs and estimates their entropies to sift out URLs that might be vulnerable to attack. 22. Waybackurls: Accept line-delimited domains on stdin, fetch known URLs from the Wayback Machine for *.domain and output them on stdout. 23. Httprobe: Takes a list of domains and probes for working http and https servers. 24. Meg: Meg is a tool for fetching lots of URLs without taking a toll on the servers. It can be used to fetch many paths for many hosts, or fetching a single path for all hosts before moving on to the next path and repeating. 25. Gau: Getallurls (gau) fetches known URLs from AlienVault’s Open Threat Exchange, the Wayback Machine, and Common Crawl for any given domain. Inspired by Tomnomnom’s waybackurls. 26. Ffuf: A fast web fuzzer written in Go. 27. Dirsearch: A simple command line tool designed to brute force directories and files in websites. 28. OWASP Zed: OWASP Zed Attack Proxy (ZAP) is an open source tool which is offered by OWASP (Open Web Application Security Project), for penetration testing of your website/web application. It helps you find the security vulnerabilities in your application. 29. Subfinder: Subfinder is a subdomain discovery tool that discovers valid subdomains for websites by using passive online sources. It has a simple modular architecture and is optimized for speed. Subfinder is built for doing one thing only – passive subdomain enumeration, and it does that very well. 30. EyeWitnees: EyeWitness is designed to take screenshots of websites, provide some server header info, and identify any default credentials. EyeWitness is designed to run on Kali Linux. It will auto detect the file you give it with the -f flag as either being a text file with URLs on each new line, nmap xml output, or nessus xml output. The –timeout flag is completely optional, and lets you provide the max time to wait when trying to render and screenshot a web page. 31. Nuclei: Nuclei is a fast tool for configurable targeted scanning based on templates offering massive extensibility and ease of use. 32. Naabu: Naabu is a port scanning tool written in Go that allows you to enumerate valid ports for hosts in a fast and reliable manner. It is a really simple tool that does fast SYN scans on the host/list of hosts and lists all ports that return a reply. 33. Shuffledns: ShuffleDNS is a wrapper around massdns written in go that allows you to enumerate valid subdomains using active bruteforce, as well as resolve subdomains with wildcard handling and easy input-output support. 34. Dnsprobe: DNSProbe is a tool built on top of retryabledns that allows you to perform multiple dns queries of your choice with a list of user supplied resolvers. 35. Chaos: Chaos actively scans and maintains internet-wide assets’ data. This project is meant to enhance research and analyze changes around DNS for better insights. 36. Subjack: Subjack is a Subdomain Takeover tool written in Go designed to scan a list of subdomains concurrently and identify ones that are able to be hijacked. With Go’s speed and efficiency, this tool really stands out when it comes to mass-testing. Always double check the results manually to rule out false positives. 37.

[Autor]

Entradas