Cybersecurity Tools
Top Tier (Enterprise / Most Powerful)
- ⭐Burp Suite
- ⭐Nessus
- QualysGuard
- Rapid7 Nexpose
- Tenable.io
- Acunetix
- Netsparker
- Detectify
- Intruder
- Veracode
- Checkmarx
- HCL AppScan
- Fortify WebInspect
Strong Open Source / Widely Used
- ⭐Nmap
- ⭐Nuclei
- OpenVAS
- OWASP ZAP
- Nikto
- WPScan
- Dirsearch
- Gobuster
- httpx
- ffuf
- Feroxbuster
- sqlmap
- W3af
- Arachni
- Wapiti
- Skipfish
- IronWASP
- Paros Proxy
Recon / Internet-wide Intelligence
- ⭐Shodan
- Censys
- BinaryEdge
- Findomain
- Sublist3r
- Amass
- Assetfinder
- Dnsx
- Puredns
- Dnsvalidator
- Naabu
- Masscan
- Gowitness
- Waybackurls
- Subfinder
- gau (GetAllURLs)
- Waymore
- Gospider
- Whatweb
- Gotator
- Altdns
DevSecOps / SAST / Dependency Scanning
Web App / API Scanners
Exploitation / Offensive Tools
Proxy / Traffic / Fuzzing Tools
WAF / Protection Platforms
Misc / Niche / Lower Impact
- Vega
- WebCruiser
- Sitadel
- CMSmap
- Plecost
- Retire.js
- Grabber
- XSSer
- Seccubus
- Patrowl
- VulnWhisperer
- Vulmap
- Reconmap
- ZeroNorth
- Wallarm
- Shadow Daemon
- SiteGuarding
- WebARX
- SecureLayer7
- HTTPCS Security
- Sqreen
- DeepScan
- Mobsfscan
- Tsunami Security Scanner
- GasMask
- Screaming Frog SEO Spider
- Aquatone
- LinkFinder
Tools Without Reliable Official Links (Kept Separate)
- Lazy Recon - Subdomain discovery
- XSS Hunter - Blind XSS discovery
- JS-Scan - Endpoint discovery through JS files
- Parameth - Bruteforce GET and POST parameters