Tools I use on a daily basis:
-
dnsmap - DNS record enumeration using dictionary brute forcing. I have a host list. Find all kinds of infrastructure with this tool. Opensource.
-
Spiderfoot - Full intelligence gathering suite. Open source. Nice UI.
-
Arachni - Web application scanner. Has a nice web interface and can run distributely.
-
WPScan - WordPress specific attack tool
-
SQLNinja - SQL Injection attack tool
-
Social Engineer Toolkit - Tool for SMS Spoofing, Spear phishing, and more.
-
w3af - Web app attack framework.
-
routerpwn.com - Website for in-browser attacks on routers
-
Pcapteller - Customizing and Replaying Network Traffic
-
Ncrack - Super fast brute forcing tool that supports multiple protocols
-
Halberd - Tool for determining if a target is load balanced
-
Proxychains - Proxy DNS and TCP through SOCKS5 (TOR) proxy.