Security Tools Arsenal

Everything you need for reconnaissance and vulnerability assessment

Quick Setup Guide

Step 1: Clone & Navigate

Clone the VulnScout repository and navigate to the directory

cd c:\Users\spector\Documents\Tools\VulnScout

Step 2: Run Setup Script

Execute the setup script to install all tools automatically

bash setup.sh

Step 3: Update Path (Linux/macOS)

Load the Go environment in your shell profile

source ~/.bashrc

Step 4: Verify Installation

Check if tools are installed successfully

which subfinder httpx katana

Go-Based Reconnaissance Tools

12 Tools
Subfinder
Go Tool
Passive subdomain enumeration tool that discovers subdomains using multiple sources (DNS records, certificates, etc.).
Install
Command: go install -v github.com/projectdiscovery/subfinder/v2/cmd/subfinder@latest
Setup
Configure: mkdir -p ~/.config/subfinder && cp provider-config.yaml ~/.config/subfinder/
Usage
Basic: subfinder -d example.com -all
Advanced: subfinder -d example.com -all -recursive -o subs.txt
GitHub Docs
HTTPx
Go Tool
Fast and multi-purpose HTTP toolkit designed for probing consistency across thousands of hosts. Checks HTTP response, headers, title, status codes.
Install
Command: go install -v github.com/projectdiscovery/httpx/cmd/httpx@latest
Usage
Basic: httpx -l subdomains.txt -status-code
Full Info: httpx -l subdomains.txt -title -status-code -tech-detect
GitHub Docs
Katana
Go Tool
A next generation crawling and spidering framework designed for security research. Crawls URLs and identifies endpoints, parameters, and technologies.
Install
Command: go install -v github.com/projectdiscovery/katana/cmd/katana@latest
Usage
Basic: katana -u https://example.com
Deep Crawl: katana -u https://example.com -d 5 -ps exhaust
GitHub
Nuclei
Go Tool
Fast and customizable vulnerability scanner. Uses YAML-based templates to perform security checks and exploit detection against targets.
Install
Command: go install -v github.com/projectdiscovery/nuclei/v3/cmd/nuclei@latest
Usage
Scan: nuclei -l hosts.txt -t ~/nuclei-templates/
Specific Template: nuclei -u https://example.com -t cves/
GitHub Docs
Naabu
Go Tool
A fast port scanner written in Go. Designed to be used for target enumeration and network discovery during security assessments.
Install
Command: go install -v github.com/projectdiscovery/naabu/v2/cmd/naabu@latest
Usage
Scan Host: naabu -host example.com
Custom Ports: naabu -host example.com -ports 80,443,8080-8090
GitHub
DNSx
Go Tool
Fast and multi-purpose DNS toolkit designed for probes to validate, query and resolve DNS records. Supports multiple DNS record types.
Install
Command: go install -v github.com/projectdiscovery/dnsx/cmd/dnsx@latest
Usage
Query DNS: dnsx -l subdomains.txt -a
Specific Record: dnsx -domain example.com -a -mx -ns
GitHub
Assetfinder
Go Tool
Find domains and subdomains related to a given domain. Uses multiple sources like crt.sh, certdb, hackertarget, SecurityTrails.
Install
Command: go install -v github.com/tomnomnom/assetfinder@latest
Usage
Find Assets: assetfinder example.com
With Subs: assetfinder --subs-only example.com
GitHub
Waybackurls
Go Tool
Fetch all the URLs that the Wayback Machine knows about for a domain. Useful for discovering endpoints and historical pages.
Install
Command: go install -v github.com/tomnomnom/waybackurls@latest
Usage
Fetch URLs: echo example.com | waybackurls
Save Output: echo example.com | waybackurls > urls.txt
GitHub
GF (Grepfield)
Go Tool
A wrapper around grep to avoid typing long and complex patterns. Useful for extracting specific information from URLs and content.
Install
Command: go install -v github.com/tomnomnom/gf@latest
Setup
Copy Patterns: cp -r $GOPATH/src/github.com/tomnomnom/gf/examples ~/.gf
Usage
Extract URLs: cat output.txt | gf urls
GitHub
HTTProbe
Go Tool
Takes a list of domains and probes for working HTTP and HTTPS servers. Simple tool to quickly discover live web servers.
Install
Command: go install -v github.com/tomnomnom/httprobe@latest
Usage
Probe Domains: cat subdomains.txt | httprobe
Custom Ports: cat subdomains.txt | httprobe -p 8080,8443
GitHub
Notify
Go Tool
Sends notification of your findings to multiple platforms. Supports Slack, Discord, Telegram, and many other notification channels.
Install
Command: go install -v github.com/projectdiscovery/notify/cmd/notify@latest
Setup
Configure: mkdir -p ~/.config/notify && notify -config ~/.config/notify/config.yaml
GitHub
OWASP Amass
Go Tool
Comprehensive subdomain enumeration tool with network mapping and asset discovery. Performs active and passive reconnaissance.
Install
Command: go install -v github.com/OWASP/Amass/v3/...@latest
Usage
Passive Scan: amass enum -passive -d example.com
Active Scan: amass enum -d example.com
GitHub Docs

Python-Based Security Tools

10 Tools
LinkFinder
Python Tool
A Python script to parse and extract endpoints from JavaScript files. Helps discover hidden endpoints and API paths.
Install
Command: pip3 install LinkFinder
Usage
Parse JS: linkfinder -i script.js -o cli
From URL: linkfinder -i https://example.com/script.js -o cli
GitHub
Commix
Python Tool
Automated command injection and OS command execution testing tool. Detects and exploits command injection vulnerabilities.
Install
Command: pip3 install commix
Usage
Scan URL: commix -u "http://example.com?id=1"
POST Data: commix -u "http://example.com" --data="id=1"
GitHub
DotDotPwn
Python Tool
Directory traversal vulnerability scanner. Tests for path traversal vulnerabilities and accesses sensitive files.
Install
Command: pip3 install dotdotpwn
Usage
Scan URL: dotdotpwn -m http -h example.com -x 5
GitHub
Wafw00f
Python Tool
Identifies and fingerprints Web Application Firewall (WAF) products. Helps determine which WAF is protecting a website.
Install
Command: pip3 install wafw00f
Usage
Detect WAF: wafw00f http://example.com
Aggressive: wafw00f -a http://example.com
GitHub
ParamSpider
Python Tool
Finds parameters from dark corners of web apps. Crawls the web and discovers hidden parameters in URLs and forms.
Install
Command: pip3 install paramspider
Usage
Crawl Domain: paramspider -d example.com
Save Results: paramspider -d example.com -o params.txt
GitHub
Ghauri
Python Tool
An advanced SQL injection detection and exploitation tool. Automatically detects and exploits SQL injection vulnerabilities.
Install
Command: pip3 install ghauri
Usage
Test URL: ghauri -u "http://example.com?id=1"
Extract Data: ghauri -u "http://example.com?id=1" --dbs
GitHub
JWT-Tool
Python Tool
A toolkit for testing, tweaking and cracking JWTs. Decode, forge, and exploit JWT vulnerabilities.
Install
Command: pip3 install jwt-tool
Usage
Decode JWT: jwt_tool
GitHub
Arjun
Python Tool
HTTP parameter discovery suite. Discovers hidden parameters in HTTP requests using various techniques and wordlists.
Install
Command: pip3 install arjun
Usage
Discover Params: arjun -u http://example.com
Custom Wordlist: arjun -u http://example.com -w /path/to/wordlist.txt
GitHub
SubDomainizer
Python Tool
Finds subdomains and subdomains of subdomains by analyzing JavaScript files. Great for discovering hidden assets.
Install
Command: pip3 install SubDomainizer
Usage
Analyze JS: subdomainizer -u http://example.com
GitHub
Anew
Python Tool
A tool for adding new lines to files, without duplicates. Perfect for managing unique results across multiple scans.
Install
Command: pip3 install anew
Usage
Add Unique: cat new_findings.txt | anew findings.txt
GitHub

GitHub-Based Tools

6 Tools
LFISuite
GitHub Tool
A collection of tools for testing Local File Inclusion (LFI) vulnerabilities. Contains payloads and exploitation techniques.
Install
Clone: git clone https://github.com/D35m0nd142/LFISuite ~/security-tools/LFISuite
Navigate: cd ~/security-tools/LFISuite && python3 lfisuite.py
Usage
Interactive: cd ~/security-tools/LFISuite && python3 lfisuite.py
GitHub
SSTImap
GitHub Tool
Automatic SSTI (Server-Side Template Injection) detection and exploitation tool. Tests and exploits template injection vulnerabilities.
Install
Clone: git clone https://github.com/vladko312/SSTImap ~/security-tools/SSTImap
Install Deps: cd ~/security-tools/SSTImap && pip3 install -r requirements.txt
Usage
Scan URL: cd ~/security-tools/SSTImap && python3 sstimap.py -u "http://example.com"
GitHub
S3Scanner
GitHub Tool
Scans for open AWS S3 buckets and lists their contents. Identifies misconfigured S3 buckets with public access.
Install
Clone: git clone https://github.com/sa7mon/S3Scanner ~/security-tools/S3Scanner
Install Deps: cd ~/security-tools/S3Scanner && pip3 install -r requirements.txt
Usage
Scan Bucket: cd ~/security-tools/S3Scanner && python3 s3scanner.py -b bucket-name
GitHub
SSRFmap
GitHub Tool
A tool to find and exploit SSRF (Server-Side Request Forgery) vulnerabilities. Tests for SSRF with various payload types.
Install
Clone: git clone https://github.com/swisskyrepo/SSRFmap ~/security-tools/SSRFmap
Install Deps: cd ~/security-tools/SSRFmap && pip3 install -r requirements.txt
Usage
Test URL: cd ~/security-tools/SSRFmap && python3 ssrfmap.py -u "http://example.com?url="
GitHub
x8
GitHub Tool
A hidden parameter discovery tool. Finds hidden parameters in HTTP requests using multiple techniques and sources.
Install
Clone: git clone https://github.com/Sh1Yo/x8 ~/security-tools/x8
Install Deps: cd ~/security-tools/x8 && pip3 install -r requirements.txt
Usage
Discover Params: cd ~/security-tools/x8 && python3 x8.py -u "http://example.com"
GitHub
DotDotPwn (Advanced)
GitHub Tool
Advanced directory traversal testing framework. Clone the repository for the latest version with more features and payloads.
Install
Clone: git clone https://github.com/wireghoul/dotdotpwn ~/security-tools/dotdotpwn
Navigate: cd ~/security-tools/dotdotpwn && chmod +x dotdotpwn.pl
Usage
Test Host: cd ~/security-tools/dotdotpwn && perl dotdotpwn.pl -m http -h example.com
GitHub

API Keys & Configuration

Many tools require API keys for enhanced functionality. Configure them for better results:

Subfinder Providers

Configure API keys for Shodan, SecurityTrails, and other providers in:

~/.config/subfinder/provider-config.yaml

Tool Configuration

Store credentials and API keys in environment variables:

export SHODAN_API_KEY="your_key_here"

AWS Credentials

Configure AWS credentials for S3Scanner:

~/.aws/credentials

Update Tools

Keep all tools updated with the update script:

bash update-all-tools.sh