Vulnerability scanners
Nuclei
Nuclei is a template-based vulnerability scanner with hundreds of templates that are continually updated. Because of the ease of use, new templates are updated on a regular basis. It is also possible to create your own private personal templates.
Web discovery
Arjun
Arjun is an excellent tool for discovering content based on endpoint fuzzing. The program allows you to scan several parameters by submitting several in the same request. Finding hidden parameters may reveal additional functionality and, in turn, increase the attack surface.
Gobuster
Gobuster is a bruteforce tool built in Go, as the name implies. This program is useful for quickly enumerating Uris, subdomains, Vhosts, and open Amazon S3 buckets. Allowing for the speedy discovery of (hidden) information.