No.1308
Burpsuite, metasploit, vim.
No.1309
I have Kali Linux but no clue how to use any of it.
No.1310
GNU/Linux
Python/Ruby/Bash
Curl
Vim
TCP/IP
No.1313
exploitdb for exploit and recon-ng for recon
>>1309there are a lot of books on the topic just pick up a intro book
No.1362
WTF guys, maybe offer some real info?
Ok, for Web App Pentesting, I use:
Sublist3r
BurpSuite
Gobuster
Whatever scripts I need to write in Ruby
NetSec:
MITMF
BeEF
Aircrack-ng suite
Reaver
Again, scripting in Ruby
I don't really do AppSec, so I can't offer advice there. Hope this helps :D
No.1368
Python and C++ : write your own tools, kid
Also, msf is good sometimes.
nmap is fucking amazing to know what you're dealing with
Wireshark or tcpdump are good tools to do almost anything
Postman, to make any HTTP request, because sometimes I just forget cURL's flags
I know people that use nikto to detect misconfigured server and sqldump to dump the db, but I don't really use those, tho I could if I had to I guess.
No.1370
gdb
ropper
ida, hopper
No.1508
>>1368What tools have you written?
No.1509
>>1508I would bet you money he hasn't written soykaf. Most peopl like this are just trying to virtue signal. If you are pulling of a real hack that is complex, against a serious target yes, obviously you will have to come up with your own custom tools for the job, but for little bullsoykaf just use off the shelf tools. There is literally no reason to reinvent the wheel.
No.1511
>>1509That's why I asked, it's almost always virtue signalling. There is no reason to reinvent the wheel.
No.1512
>>1509>>1511Finally someone who gets it!
No.1523
Semi Organized list of tools I commonly use:
Of course nothing beats manual methods/quick scripts for certain tasks but like others are saying its a waste of time to recreate the wheel/try to build every tool. Do you see construction workers building all their tools from scratch? No they would never get their job done, its all about using the best tools available for the job at hand and knowing where to use what. YOU as the hacker + computer are the most deadly combo there is, learn to properly find weak points and how best to exploit said weak points.
The task at hand is hacking, an application, a target, a person, etc not the task of construction/software dev(necessary skill for the job but you aren't getting much hacking done if you are spending your day writing tools)
Dank tools that let me pwn soykaf:
Tor
Whonix + Kali configured to go through Whonix Gateway (if you cant figure this out nix harder/read the docs on Whonix site)
Proxychains
google + dorks
shodan
punkspider
recon-ng
fierce
scanless
shodan
masscan
nmap
netcat
grabthemall
eyewitness
wpscan
arachni
wafpass
nikto
wappalyzer
ZAP Proxy
dirb
sqlmap
xsstrike
tplmap
commix
responder
net-creds
tcpdump
ettercap
subterfuge
aircrack-ng
Metasploit framework
ocl-hashcat
Nishang
liffy
phpsploit
weevley
veil
