| Category | Tools |
|---|---|
| Web Application Pentesting | Burp Suite Pro π, Acunetix π, HCL-AppScan π, Invicti Netsparker π, Fortify WebInspect π, WPScan π, Nikto π, Nuclei π, SQLMap π, OWASP ZAP π, Nmap π, Dirb π, FFUF π, WhatWeb π |
Android Security |  MobSF π±, Frida π±, APKTool π±, JADX-gui π±, Android Studio/Genymotion π±, Drozer π±, Magisk Root π±, APKX π±, mitmproxy π±, Objection π±, adb π±, AndroBugs π±, Quark Engine π±, AppMon π±, ApkScan π± |
| iOS Security | MobSF π², Frida π², Objection π², Cycript π², iOS Hook π², Needle π², Class-dump π², SSL Kill Switch 2 π², iMazing π², Passionfruit π², ios-decrypt π² |
| API Pentesting | Postman π‘, Burp Suite Pro π‘, Swagger UI π‘, Kite Runner π‘, Insomnia π‘, GraphQL Voyager π‘, GraphQL Raider π‘ |
| Secure Code Review | SonarQube π, Snyk π, Semgrep π, Fortify-Workbench Audit π, Checkmarx π, Veracode π, CodeQL π, Bandit π, FindSecBugs π, Gitleaks π |
| Thick Client Pentesting | Fiddler π», Sysinternals Suite π», dnSpy π», de4dot π», IDA Pro π», Process Explorer π», CFF Explorer π», OllyDbg π», x64dbg π», Ghidra π», Burp Suite Pro π», Wireshark π» |
| Network Pentesting | Nmap π, Wireshark π, Metasploit Framework π, Nessus π, OpenVAS π, Responder π, CrackMapExec π, Netcat π, Bettercap π |
| Active Directory Pentesting | BloodHound π’, Mimikatz π, CrackMapExec π’, Impacket π, Kerbrute π, Rubeus π, LDAPDomainDump π, SharpHound π΅️, PowerView π, ADRecon π |
| Cloud Security | Prowler ☁️, ScoutSuite ☁️, CloudSploit ☁️, Pacu ☁️, Steampipe ☁️, CloudMapper ☁️, NCC Group Scout ☁️, kube-bench ☁️ |
| Container Security | Trivy π³, Aqua Microscanner π³, Clair π³, Anchore π³, Docker Bench π³, kube-hunter π³, Falco π³, Sysdig π³, Snyk π³ |
| Firewall Pentesting | hping3 π₯, NPing π₯, Scapy π₯, Zmap π₯, firewalk π₯, FTester π₯, Nmap (Firewall Bypass) π₯, Packet Sender π₯, T50 π₯, ETTERCAP π₯, TCPReplay π₯ |
| WiFi Pentesting | Aircrack-ng πΆ, Kismet πΆ, Bettercap πΆ, Reaver πΆ, Fluxion πΆ, Wireshark πΆ, hcxtools πΆ, Fern WiFi Cracker πΆ, Evil Twin Attack Tools πΆ, Wifiphisher πΆ, Hashcat (WPA2 Cracking) πΆ |
| DevSecOps | GitHub Advanced Security π§, Trivy π§, Snyk π§, Anchore π§, OWASP Dependency-Check π§, jenkinsπ§,Bandit π§, Checkmarx π§, Veracode π§, SonarQube π§, Dagda π§, Sysdig Secure π§, Cloud Custodian π§ |
| OSINT (Open-Source Intelligence) | theHarvester π΅️, Maltego π΅️, SpiderFoot π΅️, Recon-ng π΅️, Shodan π΅️, FOCA π΅️, Google Dorking π΅️, OSINT Framework π΅️, Metagoofil π΅️, Amass π΅️, GHunt π΅️, Sherlock π΅️, Social-Engineer Toolkit (SET) π΅️, Sublist3r π΅️, PhoneInfoga π΅️, Creepy π΅️ |