$ ls /opt/security-tools

tools_directory.sh

$ ls -la /opt/security-tools/

drwxr-xr-x burpsuite/

drwxr-xr-x nmap/

drwxr-xr-x sqlmap/

drwxr-xr-x nikto/

drwxr-xr-x owasp-zap/

drwxr-xr-x dirb/

Burp Suite Professional

Web Application Security Testing

$ burpsuite --proxy --intercept

[+] Proxy configured on 127.0.0.1:8080

[+] Intercepting HTTP/HTTPS traffic

[READY] Waiting for requests...

Skills Demonstrated

  • > Request/Response interception
  • > Parameter manipulation
  • > Repeater for API testing
  • > Intruder for fuzzing

Use Cases

  • > Session token analysis
  • > API security testing
  • > Authentication bypass
  • > Input validation testing

Nmap

Network Discovery & Security Auditing

$ nmap -sV -sC -A target.local

Starting Nmap scan...

PORT STATE SERVICE VERSION

22/tcp open ssh OpenSSH 8.2

80/tcp open http Apache 2.4.41

443/tcp open https nginx 1.18.0

3306/tcp open mysql MySQL 8.0.21

Port Scanning Service Detection OS Fingerprinting Script Scanning

SQLMap

Automated SQL Injection Testing

$ sqlmap -u "http://lab.local/page?id=1" --dbs

[*] Testing connection to target...

[+] Parameter 'id' is vulnerable

[+] Type: boolean-based blind

[+] Available databases: juice_shop, mysql

SQL Injection Database Enum Data Extraction WAF Bypass

OWASP ZAP

Web Application Security Scanner

Active Scanning Passive Analysis Spider/Crawler Report Generation

Ethical Usage Statement

All tool demonstrations are performed on personal lab environments, OWASP intentionally vulnerable applications, and authorized CTF platforms. These tools should only be used with explicit written authorization from system owners. I am committed to ethical security practices and responsible disclosure.