All Tools Summary

Information Gathering

Find Subdomains

Allows you to discover subdomains of a target domain and to determine the attack surface of a target organization. Find systems which are less protected and more vulnerable to attacks.

Find Virtual Hosts

Attempts to discover virtual hosts that are configured on a given IP address. This is helpful to find multiple websites hosted on the same server.

Website Recon

This tool allows you to discover the technologies used by a target web application - server-side and client-side. It can also scan multiple virtual hosts on the same IP.

Subdomain Takeover

Allows you to discover subdomains of a target organization which point to external services (ex. Amazon S3, Heroku, Github, etc) and are not claimed - leaving them vulnerable to hostile takeover.

Google Hacking

Allows you to find juicy information indexed by Google about a target website (ex. directory listing, sensitive files, error messages, login pages, etc).

Web Application Testing

SQLi Scan

Find SQL Injection flaws in web applications by crawling and deep inspection of web pages and parameters. Powered by OWASP ZAP.

XSS Scan

Powered by OWASP ZAP, this scanner helps you test if the target web application is affected by Cross-Site Scripting vulnerabilities.

URL Fuzzer

Discover hidden files and directories (which are not linked in the HTML pages): .conf, .bak, .bkp, .zip, .xls, etc. Get easy access to hidden content hosted on your target web server.

Web Server Scan

Finds common vulnerabilities which affect web applications: SQL injection, XSS, OS Comand Injection, Directory Traversal and others. The scanner also identifies specific web server configuration issues.

WordPress Scan

This tool helps you to discover security issues and vulnerabilities in the target WordPress website using the most advanced WordPress scanner: WPScan.

Drupal Scan

Finds Drupal version, modules, theme and their vulnerabilities. Checks for common Drupal misconfigurations and weak server settings.

Joomla Scan

Perform a Joomla security assessment by finding vulnerabilities in Joomla core, components, modules and templates.

SharePoint Scan

Discover various security weaknesses and vulnerabilities in web applications built on top of Microsoft SharePoint and FrontPage.

Infrastructure Testing

Network Scan OpenVAS

This is a comprehensive scanner which allows you to detect a wide range of vulnerabilities mosty related to network services and operating systems but also includes web server configuration tests.

TCP Port Scan

Allows you to discover which TCP ports are open on your target host and also to detect service information, operating system version and to do traceroute.

UDP Port Scan

Allows you to discover which UDP ports are open on your target host, identify the service versions and detect the operating system.

Ping Sweep

Enables you to see which IPs are 'live' within a given network range. Behind a 'live' IP there is a running server or workstation.

DNS Zone Transfer

Check if the name servers of the target domain are vulnerable to DNS Zone Transfer and attempt to retrieve the full DNS Zone file.

SSL Heartbleed Scan

This tool attempts to identify servers vulnerable to the OpenSSL Heartbleed vulnerability (CVE-2014-0160). When such a server is discovered, the tool also provides a memory dump from the affected server.


The SSLv3 POODLE vulnerability scanner attempts to find SSL servers vulnerable to CVE-2014-3566, also known as POODLE (Padding Oracle On Downgraded Legacy) vulnerability.


The DROWN vulnerability scanner tests a range of IP addresses (or just a single host) for the DROWN vulnerability in OpenSSL.

ROBOT Attack Scan

Allows you to discover vulnerable TLS servers (Web, Email, FTP) which are affected by the ROBOT vulnerability.

Exploit Helpers

HTTP Request Logger

This is a useful pentest utility which logs all the HTTP/S requests received on a certain handler URL: source IP, User Agent, URL parameters, timestamp, etc. This allows you to easily create Proof of Concepts in order to demonstrate vulnerabilities such as XSS, data exfiltration or to do social engineering.



Check if a server is live and responds to ICMP Echo requests. This tool can also be used to find the IP address of a hostname.

Whois Lookup

This tool allows you to perform Whois lookups online and extract information about domain names and IP addresses.