Every now and then I like to get my hands dirty and lend a helping hand. Today I’m going to list the tools I continiously rely on as my daily driver. I’ve previosuly posted on various tools, but this post is meant to list a more inclusive list of tools used as my daily driver. This by no means is a comprehensive toolset, and isn’t meant to say one tool is better then another. The list below simply is a collection I have had success with in meeting my objectives.
**All utilities are installed as outlined in their readme file with required dependencies.
|Recon / Data Collection||recon-ng||A full-featured Web Reconnaissance framework written in Python.|
|Recon / Data Collection||theHarvester||A program to gather emails, subdomains, hosts, employee names, open ports and banners from different public sources like search engines, PGP key servers and SHODAN computer database.|
|Recon / Data Collection||Wig-WebApp||Web application information gathering tool, which can identify numerous Content Management Systems and other administrative applications.|
|Recon / Data Collection||ShodanCLI||A command-line utility to interact with Shodan.io website.|
|Recon / Data Collection||machinae||A tool for collecting intelligence from public sites/feeds about various security-related pieces of data including IP addresses, domain names, URLs, email addresses, file hashes and SSL fingerprints.|
|Recon / Data Collection||dnstwist||A tool allowing you to detect phishing, typo squatters, and attack domains that are based on an inputted domain.|
|Recon / Data Collection||domain_analyzer||A security analysis tool which automatically discovers and reports information about the given domain. Its main purpose is to analyze domains in an unattended way.|
|Recon / Data Collection||just-metadata||A tool that gathers and analyzes metadata about IP addresses. It attempts to find relationships between systems within a large dataset.|
|Recon / Data Collection||blcheck||A script to determine if a given ip is blacklisted.|
|Reco / Data Collection||muffet||A fast website link checker|
|User Awareness||credmap||A tool for testing supplied user credentials on several known websites to test if the password has been reused on any of these.|
|User Awareness||pwned||A command-line tool for querying the ‘Have I been pwned?’ service.|
|Penetration Testing||apt2||An automated penetration toolkit.|
|Penetration Testing||metasploit||A penetration testing framework.|
|Penetration Testing||getsploit||A script to query various websites to determine if exploit code is available.|
|Utilities||Microsoft Powershell||Microsoft powershell interface in linux.|
|Utilities||ioc Parser||A script that parses artifacts from various structured data.|
|Utilities||Keybase||Keybase.io encryption utilities.|
As new tools are added and/or replaced, the list above will be updated.