most important web-application hacking tools:
- Burp Suite - Framework.A
- ZAP Proxy - Framework.
- Dirsearch - HTTP bruteforcing.
- Nmap - Port scanning.
- Sublist3r - Subdomain discovery.
- Amass - Subdomain discovery.
- SQLmap - SQLi exploitation.
- Metasploit - Framework.
- WPscan - WordPress exploitation.
- Nikto - Webserver scanning.
- HTTPX - HTTP probing.
- Nuclei - YAML based template scanning.
- FFUF - HTTP probing.
- Subfinder - Subdomain discovery.
- Masscan - Mass IP and port scanner.
- Lazy Recon - Subdomain discovery.
- XSS Hunter - Blind XSS discovery.
- Aquatone - HTTP based recon.