- Web - Exploiting web pages to find the flag
- BurpSuite — A graphical tool to testing website security.
- Postman — Add on for chrome for debugging network requests
- Raccoon — A high-performance offensive security tool for reconnaissance and vulnerability scanning
- SQLMap — Automatic SQL injection and database takeover tooli
- W3af — Web Application Attack and Audit Framework.