# 二十一、工具 + [Burp Suite](https://portswigger.net/burp) + [Knockpy](https://github.com/guelfoweb/knock) + [HostileSubBruteforcer](https://github.com/nahamsec/HostileSubBruteforcer) + [sqlmap](http://sqlmap.org) + [Nmap](https://nmap.org) + [Eyewitness](https://github.com/ChrisTruncer/EyeWitness) + [Shodan](https://www.shodan.io) + [What CMS](http://www.whatcms.org) + [Nikto](https://cirt.net/nikto2) + [Recon-ng](https://bitbucket.org/LaNMaSteR53/recon-ng) + [idb](http://www.idbtool.com) + [Wireshark](https://www.wireshark.com) + [Bucket Finder](https://digi.ninja/files/bucket_finder_1.1.tar.bz2) + [Google Dorks](https://www.exploit-db.com/google-hacking-database) + [IPV4info.com](http://ipv4info.com) + [JD GUI](https://github.com/java-decompiler/jd-gui) + [Mobile Security Framework](https://github.com/ajinabraham/Mobile-Security-Framework-MobSF) + [Firefox Plugins](https://addons.mozilla.org/en-US/firefox/) + [FoxyProxy](https://addons.mozilla.org/en-US/firefox/addon/foxyproxy-standard/) + [UserAgentSwitcher](https://addons.mozilla.org/en-US/firefox/addon/user-agent-switcher/) + [Firebug](https://addons.mozilla.org/en-US/firefox/addon/firebug/) + [Hackbar](https://addons.mozilla.org/en-US/firefox/addon/hackbar/) + [Websecurify](https://addons.mozilla.org/en-US/firefox/addon/websecurify/) + [CookieManager+](https://addons.mozilla.org/en-US/firefox/addon/cookies-manager-plus/) + [XSS Me](https://addons.mozilla.org/en-US/firefox/addon/xss-me/) + [Offsec Exploit-db Search](https://addons.mozilla.org/en-US/firefox/addon/offsec-exploit-db-search/) + [Wappalyzer](https://addons.mozilla.org/en-US/firefox/addon/wappalyzer/)