Open Source Intel (OSInt)
recon-ng - An open source web reconnaissance framework. This is very similar to Metaploit, but geared towards Open Source Intelligence instead. Several modules are available to obtain information from different sources.
Sublist3r - An open source tool which utilitizes different sources to enumerate subdomains.
datasploit - An open source framework, which perform different recon techniques on entities such as companies, people, phone numbers, email addresses.
Shodan - An Internet search engine which allows one to search different types of computers and services which are publicly visible on the Internet.
Censys - Another Internet search engine, very similar to Shodan.
Qualys SSL Labs - Testing utility which allows one to test the TLS configuration of a service. A final score is given to give a rating on the implementation.
ImmuniWeb - Much like Qualys SSL Labs, except that this also performs a benchmark against compliance standards such as PCI-DSS.
testssl.sh - An open souce tool with allows one to scan their TLS configuration.
sslscan - Another open source tool to allow one to scan their TLS configuration.
sslyze - Yet another open source tool to allow one to scan their TLS configuration.
OWASP Zed Attack Proxy (ZAP) - Being an OWASP Project, this is entrirely free. It also has ability to scan for common vulnerabilities.
Burp Suite Proxy- One of the most common tools used by those penetration testing web applications. Comes in 2 versions:
- Community Edition
- Professional Edition - The biggest differences to the community edition include the ability to perform scans for common security issues, the ability to save projects and some plugins will only work on the Professional Edition.
Dynamic Application Scanning
Netsparker - Think of this as more of an automated penteration test. This tool will scan a configured web site for common security issues.
Burp Suite Enterprise - Another tool which will scan a configured web site for common security issues.
Mobile-Security-Framework(MobSF) - An open source tool which one can use to scan their mobile application. This tool performs static scans which looks for common security issues in the application binary. The tool also allows for dynamic testing which will test the application further for common security issues.
ImmuniWeb - Online service which will scan a mobile application binary for security issues based off the OWASP Mobile Top 10, as well as other common security issues.
OWASP Security Knowledge Framework - An OWASP Flagship project which provides a web application which helps provide a guide for build and testing software from a security perspective.
OWASP Application Security Verification Standard - An OWASP Flagship project which provides a set of standards for testing web applications, this includes a list which developers (or others) can use to test their application.
rockyou.txt - password list - The Rockyou password list.
CrackStation - password list - A collection of known passwords.
SecList - assorted list - An assorted list of word lists, including known passwords, known usernames and known web server directories.