Application Security Development Testing

These tools are meant for training and education. They should never be used against any system other than your own.

Working notes and resources.

Burp

Nikto

The Bug Bounty Methodology

Fcrackzip

Web hacking 101

Arachne

Recon

Web App Hackers Handbook

Jason Stok

Follow hackers on platforms

Bug Crown OWASP Amass

Whoxy.com reverse whois

OWASP ZAP

Ghidra

Free Float FTP server

Hexchars.py

Hacker One

Ghidra-sre.org

IDA Pro

OWASP Dependency Checker

CIS Top 20

ZAP

Kali Linux

Nine great devsecops tools

#1 Chaos Monkey https://netflix.github.io/chaosmonkey/

#2 SonarQube. https://www.sonarqube.org/

#3 Acunetix. https://www.acunetix.com/

#4 Logz.io https://logz.io/

#5 GitLab. https://gitlab.com/gitlab-com

#6 Contrast Security. https://www.contrastsecurity.com/

#7 Aqua Security. https://www.aquasec.com/

#8 XebiaLabs. https://github.com/xebialabs

#9 WhiteSource. https://www.whitesourcesoftware.com/

Netzapper Cracking https://github.com/NetZapper/NetZapper

Acunetix Web Vulnerability Scanner https://www.acunetix.com/web-vulnerability-scanner/?creative=263672172919&keyword=%2Bacunetix%20%2Bscanner&matchtype=b&network=g&device=c&utm_term=%2Bacunetix%20%2Bscanner&utm_campaign=1077471739&utm_content=55423370089&utm_source=Adwords&utm_medium=cpc&gclid=EAIaIQobChMI2_ur5_mK7QIVhLLICh1NAAhSEAAYASAAEgIMAPD_BwE

Burp https://portswigger.net/burp

XAMPP Server https://www.apachefriends.org/index.html

Mutillidae (Buggy Web App) https://github.com/webpwnized/mutillidae

WebShell Hunter NEOPI http://antishell.com/

Host Mutillidae in XAMPP Server/LAMPP https://github.com/webpwnized/mutillidae

OWASP Testing

https://vyos.io Quagga

ISC DHCPD https://www.isc.org/dhcp/

Open VPN https://openvpn.net/

Strongs/WAN vyos/vyos https://www.strongswan.org/

F5 https://www.f5.com/

Imperva https://www.imperva.com/

Cloudflare https://www.cloudflare.com/

citrix https://www.citrix.com/

Fortinet https://www.fortinet.com/

Barracuda https://www.barracuda.com/

F5 App Security Self Learning and signatures

Sniper auto pentester sn1https://github.com/1N3/Sn1per per

bounty along with Yuki https://github.com/Yukinoshita47/Yuki-Chan-The-Auto-Pentest

IP Tables Firewall

NIRTO

Netzapper password cracker https://github.com/NetZapper/NetZapper

Cuckoo Sandbox https://cuckoosandbox.org/

OWASP ZAP Zed Attack Program

Dmitry (Deepmagic Information Gathering Tool)Maltego https://www.maltego.com/blog/network-footprinting-with-machines-in-maltego/

Whois.com

Burp (Proxy, Spider, Scanner) https://portswigger.net/burp/documentation/scanner

Nessus https://www.tenable.com/products/nessus

Nikto https://github.com/sullo/nikto

Open VAS https://www.openvas.org/

Nexpose https://www.rapid7.com/products/nexpose/

Zenmap NMAP https://nmap.org/zenmap/

Sublist3r https://github.com/aboul3la/Sublist3r

Maltego Netdiscover Meterpreter Metasploit https://www.offensive-security.com/metasploit-unleashed/meterpreter-basics/

Vuln OS V2 Virtual Box Image Kali OVF DVW

Open VAS Nessus

Burp Suite Web Goat

How to get webgoat running in Kali

vulnweb.com Zirikatu https://github.com/pasahitz/zirikatu

dependency mono-mcs https://installlion.com/kali/kali/main/m/mono-mcs/install/index.html

download TOR browser & .onion sites (facebook/hidden wiki)

ZAP Dmitry dig man digWeb Vul Scanner

Metagoofil https://tools.kali.org/information-gathering/metagoofil#:~:text=Metagoofil%20is%20an%20information%20gathering,belonging%20to%20a%20target%20company.

HT Track Tool Ethereal Burp Webgoat

DVWA.iso https://www.vulnhub.com/entry/damn-vulnerable-web-application-dvwa-107,43/

https://github.com/digininja/DVWA

Google Dorks