← Back to Blog
January 24, 2026

24web-application hacking tools:

category: Bug Bounty & Vulnerability Research
24 web-application hacking tools: - Cover Image
24 web-application hacking tools: - Additional Image

1 Burp Suite — Framework.

2. ZAP Proxy — Framework.

3. Dirsearch — HTTP bruteforcing.

4. Nmap — Port scanning.

5. Sublist3r — Subdomain discovery.

6. Amass — Subdomain discovery.

7. SQLmap — SQLi exploitation.

8. Metasploit — Framework.

9. WPscan — WordPress exploitation.

10. Nikto — Webserver scanning.

11. HTTPX — HTTP probing.

12. Nuclei — YAML based template scanning.

13. FFUF — HTTP probing.

14. Subfinder — Subdomain discovery.

15. Masscan — Mass IP and port scanner.

16. Lazy Recon — Subdomain discovery.

17. XSS Hunter — Blind XSS discovery.

18. Aquatone — HTTP based recon.

19. LinkFinder — Endpoint discovery through JS files.

20. JS-Scan — Endpoint discovery through JS files.

21. GAU — Historical attack surface mapping.

22. Parameth — Bruteforce GET and POST parameters.

23. truffleHog — Find credentials in GitHub commits.

← All Posts
Published January 24, 2026