Build Your Operator Toolkit
These community-loved tools are field tested by red teams and bug bounty hunters. Pair them with the lab data to document high-impact findings and give defenders actionable fixes.
Recon & Discovery
-
Aquatone
Visual subdomain discovery with smart screenshot diffing.
-
httpx
Fast web probing to fingerprint services and capture metadata.
-
MassDNS
Blazing-fast DNS brute forcing with wildcard filtering.
Exploitation
-
Burp Community Extensions
Open-source add-ons for request smuggling, desync, and prototype pollution.
-
Nuclei
Template-based scanner for modern web vulns, easily tuned for new findings.
Reporting
-
Obsidian + Threat Drag-and-Drop
Create living lab notes with graph view for attack paths.
-
Dradis CE
Collaborate on disclosure write-ups with reusable evidence blocks.