Tool Category Tool Name Description Credits Cost

Information Gathering
Google Hacking Allows you to find juicy information indexed by Google about a target website (ex. directory listing, sensitive files, error messages, login pages, etc). Free
Find Subdomains Enables you to discover subdomains of a target domain and to determine the attack surface of a target organization. 20
Find Virtual Hosts Attempts to discover virtual hosts that are configured on a given IP address. This is helpful to find multiple websites hosted on the same server. 20
Website Recon Allows you to discover the technologies used by a target web application - server-side and client-side. 20
Metadata Extractor Extracts metadata from public documents hosted on the target website, such as: pdf, doc, xls, ppt, docx, pptx, xlsx. 20
Subdomain Takeover Allows you to discover subdomains of a target organization which point to external services that are no loger claimed. This makes them vulnerable to takeover. 50

Web Application Testing
URL Fuzzer Finds hidden files and directories from a target website. You can search for multiple extensions such as: txt, conf, bak, bkp, zip, xls, etc. 20
Web Server Scanner Allows you to discover common web application vulnerabilities and web server configuration issues (directory listing, backup files, known vulnerable scripts, etc). 10
Wordpress Scanner Finds security weaknesses in the target WordPress website using the well known WPScan tool. 50
SharePoint Security Scanner Finds various security weaknesses in web applications built with SharePoint and FrontPage technology. 50
Drupal Vulnerability Scanner Finds Drupal version, modules, theme and their vulnerabilities. Checks for common Drupal misconfigurations and weak server settings. 50
Joomla Vulnerability Scanner Finds Joomla version, components, modules, templates and shows their vulnerabilities. 50

Infrastructure Testing
Ping Sweep Enables you to see which IPs are 'live' within a given network range. Behind a 'live' IP there is a running server or workstation. 10
TCP Port Scanner Allows you to discover which TCP ports are open on your target host and also to detect service information, operating system version and to do traceroute. 10
UDP Port Scanner Allows you to discover which UDP ports are open on your target host and also to detect service information, operating system version and to do traceroute. 10
DNS Zone Transfer Tries to perform a DNS Zone Transfer operation against the target nameservers and reports if the servers are vulnerable to this issue. 10
OpenSSL Heartbleed Scanner Attempts to identify servers vulnerable to the OpenSSL Heartbleed vulnerability (CVE-2014-0160). 20
OpenSLL POODLE Scanner Attempts to find SSL servers vulnerable to CVE-2014-3566, also known as POODLE (Padding Oracle On Downgraded Legacy) vulnerability. 20
OpenSLL DROWN Scanner Tests a range of IP addresses (or just a single host) for the DROWN vulnerability in OpenSSL (CVE-2016-0800, CVE-2015-3197 and CVE-2016-0703). 20
Bash ShellShock Scanner Attempts to discover remotely which web servers are vulnerable to CVE-2014-6271 and CVE-2014-7169, also known as ShellShock vulnerability. 20
GHOST Vulnerability Scanner Attempts to find servers vulnerable to CVE-2015-0235, also known as the GHOST vulnerability in Glibc <= 2.18. 20
TSL Robot Attack Scanner Allows you to discover vulnerable TLS servers (Web, Email, FTP) which are affected by the ROBOT vulnerability in TLS. 20

Exploit Helpers
HTTP Request Logger This is a useful pentest utility which logs all HTTP/S requests received on a certain URL (source IP, User Agent, timestamp, etc). This allows you to easily create Proof of Concepts in order to demonstrate vulnerabilities such ass XSS, data exfiltration or to do social engineering. 50

ICMP Ping Shows if a target host is reachable over the internet via the ICMP protocol. Free
Whois Lookup Allows you to perform Whois lookups online. Free