I've been exploring various cybersecurity tools for a while now. Before starting my university, I attended a CISSP course in my gap year. Although university commitments limited my time, I still enjoy working in my home lab whenever I can. Here are some of the tools I’ve gained familiarity with along the way.
I proxy, fuzz, and tamper with requests to find auth bypasses, IDOR, SSRF, and injection bugs.
I usually have ZAP running in CI for quick DAST on every PR, helping catch common issues early.
BeEF introduced me to the world of client-side attacks like XSS and insecure headers. It lets me hook browsers and demonstrate risks in a hands-on way.
I use Nmap for network reconnaissance—scanning ports, services, and OS info to understand the attack surface.
A personal favorite for rapid exploit development, payload testing, and post-exploitation in my controlled lab environments.
I inspect packet captures to analyze suspicious traffic, extract credentials, and debug protocol behavior.