# App Pentest Toolkit

### Web Proxy and Scanner Tools

* [Burp Suite](https://portswigger.net/burp): Industry-standard web proxy for manual and automated web application security testing.
* [OWASP ZAP](https://www.zaproxy.org/): Open-source alternative to Burp Suite for web security scanning.
* [Caido](https://caido.io/): Modern, lightweight, open-source web security auditing platform for HTTP/S traffic inspection, request modification, endpoint mapping, and collaboration.

### Automated Vulnerability Scanners

* [w3af](https://w3af.org/): Open-source web application attack and audit framework.
* [Nikto](https://github.com/sullo/nikto): Web server scanner for finding vulnerabilities and misconfigurations.
* [Skipfish](https://github.com/spinkham/skipfish): Automated web application security scanner.

### Exploitation and Fuzzing

* [SQLMap](https://sqlmap.org/): Automated tool for detecting and exploiting SQL injection vulnerabilities.
* [WFuzz](https://github.com/xmendez/wfuzz): Flexible web application brute-forcer for fuzzing parameters.
* [Hydra](https://github.com/vanhauser-thc/thc-hydra): Fast and flexible network login cracker with web support.
* [Metasploit](https://github.com/rapid7/metasploit-framework): Comprehensive exploitation and payload framework.
* [Ratproxy](https://github.com/google/ratproxy): Passive web application security assessment tool.

### Reconnaissance and Surface Mapping

* [Nmap](https://nmap.org/): Powerful network scanner to map attack surfaces and discover open services.
* [Amass](https://github.com/owasp-amass/amass): Advanced external asset discovery and mapping for recon.

### Password and Hash Cracking

* [John the Ripper](https://www.openwall.com/john/): Widely used password cracker with broad hash support.
* [Hashcat](https://hashcat.net/hashcat/): GPU-accelerated password recovery utility.

### Network Traffic Analysis

* [Wireshark](https://www.wireshark.org/): Deep packet analyzer for inspecting and debugging network traffic.

### Wordlists and Payloads

* [SecLists](https://github.com/danielmiessler/SecLists): Extensive collection of wordlists for fuzzing and discovery.
* [PayloadAllTheThings](https://github.com/swisskyrepo/PayloadsAllTheThings): Curated catalog of attack payloads and exploitation cheat sheets.

### Operating Systems

* [Kali Linux](https://www.kali.org/): Popular Linux distro pre-installed with most major pentest tools.
* [Athena OS](https://athenaos.org/): Linux-based cybersecurity operating system, tailored for penetration testers, red teams, and researchers with a pre-packed pentesting toolkit.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://martian1337.gitbook.io/notes/notes/app-pentest-toolkit.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.