Tools of the Trade
🛰️ 1. Nmap
- What it does: Scans networks to discover open ports and services.
- Skills to practice: Port scanning, service/version detection, OS fingerprinting.
- Learn:
Nmap Cheat Sheet (by SANS)
Nmap Book
🌐 2. Burp Suite (Community Edition)
📂 3. Dirbuster / Gobuster
- What it does: Brute-forces web directories and files on a web server.
- Skills to practice: Directory enumeration, hidden file discovery.
- Learn:
Gobuster GitHub
🔐 4. John the Ripper / Hashcat
🧪 5. Netcat (nc)
- What it does: Reads/writes data across networks — good for reverse shells and port listening.
- Skills to practice: Bind/reverse shells, banner grabbing.
- Learn:
Netcat Cheat Sheet
📡 6. Wireshark
- What it does: Captures and analyzes network traffic in real-time.
- Skills to practice: Packet inspection, protocol analysis, password sniffing.
- Learn:
Wireshark Tutorial (by Wireshark)
🛠️ 7. CyberChef
- What it does: Swiss army knife for encoding, decoding, hashing, and more — all in your browser.
- Skills to practice: Base64, hex, XOR, ROT13, hashing, decoding binary.
- Use it here: CyberChef
🧮 8. Ghidra (or Binary Ninja / IDA Free)
🧵 9. Strings & Binwalk
- What they do: Extract strings or embedded data from binaries/files/images.
- Skills to practice: Stego analysis, firmware inspection.
- Learn:
Binwalk Guide (DFIR.training)
🔧 10. Python & Bash Scripting