BurpSuite
Burp Suite is a combination of tools used for penetration testing of web applications. It is developed by the company Portswigger, which is also the alias of its founder Dafydd Stuttard. BurpSuite points to be an all in one combination of tools and its capabilities can be enhanced by installing add-ons that are called BApps.
It is the most popular tool among all of the professional web app security researchers and bug bounty hunters. Its ease of use makes it a more worthy choice over free alternatives like OWASP ZAP. Burp Suite is available as a community edition as well as professional edition.
SUBLIST3R.
Sublister is a python based tool designed to enumerate subdomains of websites using OSINT. It helps penetration testers and bug hunters to collect and gather subdomains for the domain they are targeting. Sublister enumerates subdomains using many search engines such as Google, Bing,Yahoo ,Baidu and Ask. Sublister also enumerates subdomains using Virustotal,Netcraft, ThreatCrowd, DNSdumpster and ReverseDNS.
subbrute was integrated with Sublister to increase the possibility of finding more subdomains using bruteforce with an improved wordlist. The credit goes to the author of subbrute.
Nmap
Nmap stands for NETWORK-MAPPER.It is free and open source utility for network discovery and security auditing. Many systems and network administrators also find it very useful for tasks like network inventory, managing service upgrade schedules, and monitoring host or service up-time. Nmap uses raw IP packets in novel ways to determines what hosts are available on the network, what services like application name and version those hosts are offering, what operating systems and OS versions they are running, what type of packet filters or firewalls are in use, and dozens of other features. It was designed to scan large networks, but works well against single hosts. Nmap runs on all major operating systems, and official binary packages are available for Windows, Linux, and Mac OS X. In addition to classic command-line (CLI)Nmap executable, the Nmap suite includes an advanced GUI and results viewer Zenmap ,a flexible data-transfer, redirection, and debugging tool called Ncat, a utility for comparing scan results and a packet generation and response analysis tool .
Nmap is .....
Flexible: Nmap Supports plenty of advanced techniques for mapping out the networks filled with IP filters, firewalls, routers, and other obstacles. This includes many port scanning procedures for both TCP & UDP, OS detections, version detection, ping sweeps, and more.
Powerful: Nmap has been used to scan huge networks of hundreds and thousands of machines.
Portable: Most of the operating systems are supported, including Linux, FreeBSD, OpenBSD,Microsoft Windows, Solaris, NetBSD,IRIX, Mac OS X, HP-UX, Sun OS, Amiga, and more.
Easy: While Nmap offers a rich combination of advanced features for power users, you can start it out as simply as "nmap -v -A host". Both traditional command line(CLI) and graphical (GUI) versions are available to suit your preference. Binaries are available for those who do not like to compile Nmap from source.
Free: The main goals of the Nmap Project is to help make the Internet a little more secure and to provide administrators/hackers/auditors with an advanced tool to explore their networks. Nmap is available for free and also comes with full source code that you may modify and redistribute under the terms of the license.
Well Documented: notable effort has been put into comprehensive and up-to-date man pages, whitepapers, tutorials, and even a whole book! Find them in numerous languages here.
Supported: While Nmap comes with no assurance, it is well supported by a vibrant community of users and developers. Most of this interaction takes place on the Nmap mailing lists. Most of bug reports and questions should be sent to nmap-dev list, but only after you read guidelines.
Acclaimed: Nmap has won multiple awards, including the "Information Security Product of the Year" by Linux Journal, Info World and Codetalker Digest. It has been featured in hundreds of magazine articles, dozens of books,several movies, and one comic book series.
Popular: Thousands of people are downloading Nmap every day, and it is included with many operating systems like Redhat Linux, Debian Linux, FreeBSD,Gentoo, OpenBSD, etc. It is one of the top ten (out of 30,000) programs at the Freshmeat,Net repository. This is crucial because it lends Nmap its vibrant development and user support communities.
Sqlmap
Dirbuster
DirBuster is a multi threaded java application that was designed to brute force the directories and files names on the web/application servers. Frequently is the case now of what looks like a web server in state of default installation is actually not, and has pages and applications hidden withins it.
Wp scan
The WPScan WordPress is a security plugin is unique is that it uses its own manually curated WPScan WordPress Vulnerability Database. The vulnerability database has been through out since 2014 and is updated on a daily basis by allocated WordPress security specialists and the community at large. The database includes more than 20,000 of known security vulnerabilities. The plugin uses this database to scan for the WordPress vulnerabilities, plugin vulnerabilities and theme vulnerabilities, and has the options to schedule automated daily scans and to send the email notifications.
How ever there many other tools like OWASP ZAP,Gobuster,Wfuzz,Massdns,Dnsenum,KnockpyMasscan,Sn1per,XSStrike,Joomscan,CMSmap,Builtwith,Wappalyzer,wafw00f. but for now we are not going to talk about them ,You can find them and learn to use them.