Skip to content

Lixx007/Cyber-Security-Tools

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

Β 

History

2 Commits
BEST TOOLS
BEST TOOLS
Β 
Β 
README.md
README.md
Β 
Β 

Repository files navigation

πŸ›‘οΈ Ultimate Bug Bounty & Recon Toolkit

This repository is a curated collection of powerful tools used in Bug Bounty Hunting, Penetration Testing, and Red Teaming. It covers the complete engagement flow β€” from reconnaissance to exploitation and post-exploitation β€” with a focus on automation, vulnerability discovery, and real-world attack simulation.

πŸ” Reconnaissance (Information Gathering)

  1. Nmap – Scan for open ports and services. sudo apt install nmap

  2. Amass – Subdomain enumeration & passive recon. git clone https://github.com/owasp-amass/amass.git

  3. Shodan – Exposed device intelligence. pip install shodan Setup guide

  4. theHarvester – Emails, subdomains, hosts & more. git clone https://github.com/laramies/theHarvester.git

  5. Assetfinder – Subdomain finder. git clone https://github.com/tomnomnom/assetfinder.git

πŸ•΅οΈ Vulnerability Discovery

  1. Burp Suite – Intercept, test, manipulate HTTP/S. Download from (GUI tool)

  2. OWASP ZAP – Automated vulnerability scanner. git clone https://github.com/zaproxy/zaproxy.git

  3. Nikto – Web server scanner. git clone https://github.com/sullo/nikto.git

  4. SQLmap – SQL injection automation. git clone https://github.com/sqlmapproject/sqlmap.git

  5. Dirb / Dirbuster – Directory bruteforcers. sudo apt install dirb git clone https://github.com/OWASP/DirBuster.git

πŸ” Authentication & Session Testing

  1. JWT Toolkit – Test JWT vulnerabilities. git clone https://github.com/ticarpi/jwt_tool.git

  2. Hydra – Credential bruteforce across services. sudo apt install hydra

  3. NoSQLMap – NoSQL injection exploitation. git clone https://github.com/codingo/NoSQLMap.git

πŸ’₯ Exploitation

  1. XSStrike – Advanced XSS detection & exploitation. git clone https://github.com/s0md3v/XSStrike.git

  2. Commix – Command injection automation. git clone https://github.com/commixproject/commix.git

  3. XSSer – Automated XSS scanner. git clone https://github.com/epsylon/xsser.git

🧠 Post-Exploitation

  1. Metasploit Framework – Exploitation framework. sudo apt install metasploit-framework

  2. Cobalt Strike – Advanced red teaming (Paid Tool). Official site

βš™οΈ Fuzzing & Automation

  1. FFUF – Web fuzzer & dir discovery. git clone https://github.com/ffuf/ffuf.git

  2. Wfuzz – Fuzzing GET/POST params. git clone https://github.com/xmendez/wfuzz.git

πŸ“¦ Source Code & Dependency Analysis

  1. Retire.js – Find vulnerable JS libraries. git clone https://github.com/RetireJS/retire.js.git

  2. GitLeaks – Secrets detection in git repos. git clone https://github.com/gitleaks/gitleaks.git

  3. Semgrep – Lightweight static code analysis. git clone https://github.com/returntocorp/semgrep.git

βœ… Requirements

  • OS: Kali Linux / Parrot OS / Ubuntu
  • Language support: Python3 / Go / Java / Node.js
  • Skills: Basic Web App Security knowledge

About

Best tools for cyber security practices

Resources

Readme
Activity

Stars

6 stars

Watchers

1 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published