Some Useful Tools for Beginners in Hacking
By Ajay Gautam,
Are you a beginner to hacking? Are you having difficulty in choosing the right tools to get started to hacking? Not anymore. Based on my experience of nearly half a decade into hacking, I have filtered and come out with the best tools that can be very useful to begin a hacking career.
1) Lazyrecon
Lazyrecon is an automatic subdomain scanner developed by nahamsec that brute-forces directory of all subdomains and saves the report in the folder. The report consists of all valid as well as invalid directories, response header of the domain, screenshots of the domains, open ports and server versions. Lazyrecon helps you save your manual recon times.
Downloading Link: https://github.com/nahamsec/lazyrecon
2) Knock and Sublist3r
Knock and Sublist3r are subdomain scanners that gather all the subdomains of a domain within a few minutes. It’s a useful tool to have a look at domains that have a long list of subdomains. Knock bruteforces the subdomains with its wordlist whereas Sublist3r checks for the valid subdomains in DNSdumpster, Netcraft, Virustotal, Threactcrowd and ReverseDNS.
Downloading Link:
knock — https://github.com/guelfoweb/knock
Sublist3r — https://github.com/aboul3la/Sublist3r
3) Burpsuite
Burp Suite is one in all tools for testing web security developed by portswigger. It is one of the most popular tools used by security researchers and hackers all over the world. It is very easy to use, and it consists of features such as proxy server, scanner, intruder, spider, repeater, decoder, comparer, extender and sequencer. Burpsuite is easy for testing all types of vulnerabilities and its brute-forcing tool is really cool — you can check almost all kind of vulnerabilities that needs some brute force technique.
I suggest you try the professional version even as a beginner.
Downloading Link: https://portswigger.net/
4) Wappalyzer
Wappalzer is a tool to extract information about web servers, web frameworks, management systems, ecommerce platforms, programming language and others. It is mainly installed in chrome as an extension.
Link: https://www.wappalyzer.com/
5) MobSF
MobSF is a mobile application security framework where static analysis, dynamic analysis, malware analysis and web API testing of any mobile application is carried out.
Downloading Link: https://github.com/MobSF/Mobile-Security-Framework-MobSF
6) SQLMap
Sqlmap is an open-source penetration testing tool which helps in SQL injection vulnerability detection as well as exploitation. SQLMap is one of the most used tools in the world of hacking for SQL injection pentest as it can detect all kinds of SQL injection attacks
Downloading Link: https://github.com/sqlmapproject/sqlmap
7) XSStrike
XSStrike is a cross-site scripting detection tool that is really powerful. It generates confidence payloads that might work to become a valid XSS. Additionally, it is very useful for detecting the web application firewall, hidden parameters, fuzzing and crawling.
Downloading Link: https://github.com/s0md3v/XSStrike
If you have any questions regarding how to use these tools or if you have a problem installing them on your laptop, you can reach out to me on twitter @ evilboyajay or email at ajay@nassec.io.
Author — Ajay is the Head of Security at Nassec.io. As a security researcher, he has been inducted in Hall of Fame of Facebook, Microsoft, Sony Etsy and others.
Editor’s Note — We will be publishing write-ups related to cyber security every week. We are looking to grow our community. If you are interested in writing about cyber security, please email at blog@nassec.io.
