Home / Tools / webap

Tool count: 440

Name Version Description Category Website
0d1n 1:263.2d723ae Web security tool to make fuzzing at HTTP inputs, made in C with libCurl. webapp fuzzer scanner
abuse-ssl-bypass-waf 7.c28f98e Bypassing WAF by abusing SSL/TLS Ciphers. webapp fuzzer
adfind 1:v1.0.3.r0.g3a6a055 Admin Panel Finder. webapp recon
adminpagefinder 0.1 This python script looks for a large amount of possible administrative interfaces on a given site. webapp scanner
albatar 34.4e63f22 A SQLi exploitation framework in Python. webapp exploitation
allthevhosts 1.0 A vhost discovery tool that scrapes various web applications. scanner webapp
anti-xss 166.2725dc9 A XSS vulnerability scanner. webapp scanner
apachetomcatscanner 3.2 Apache Tomcat vulnerability scanner. scanner webapp
arachni A feature-full, modular, high-performance Ruby framework aimed towards helping penetration testers and administrators evaluate the security of web applications. webapp
archivebox 903.59da482 The open source self-hosted web archive. Takes browser history/bookmarks/Pocket/Pinboard/etc., saves HTML, JS, PDFs, media, and more. misc webapp
arjun 236.53afa55 HTTP parameter discovery suite. webapp scanner
asp-audit 2BETA An ASP fingerprinting tool and vulnerability scanner. fingerprint scanner webapp
astra 489.092804a Automated Security Testing For REST API's. webapp fuzzer
atlas 7.77bd6c8 Open source tool that can suggest sqlmap tampers to bypass WAF/IDS/IPS. webapp fuzzer
atscan 2455.5f774e9 Server, Site and Dork Scanner. scanner webapp fuzzer exploitation automation
aws-extender-cli 17.a351154 Script to test S3 buckets as well as Google Storage buckets and Azure Storage containers for common misconfiguration issues. scanner webapp
backcookie 51.6dabc38 Small backdoor using cookie. backdoor webapp
badministration 16.69e4ec2 A tool which interfaces with management or administration applications from an offensive standpoint. webapp scanner recon fingerprint
bbqsql 261.b9859d2 SQL injection exploit tool. webapp exploitation
bbscan 52.6731879 A tiny Batch weB vulnerability Scanner. webapp scanner fuzzer
belati 72.49577a1 The Traditional Swiss Army Knife for OSINT. scanner recon webapp
bfac 53.18fb0b5 An automated tool that checks for backup artifacts that may disclose the web-application's source code. recon webapp
bing-lfi-rfi 0.1 This is a python script for searching Bing for sites that may have local and remote file inclusion vulnerabilities. webapp scanner fuzzer
bitdump 34.6a5cbd8 A tool to extract database data from a blind SQL injection vulnerability. exploitation webapp
blindelephant 7 A web application fingerprinter. Attempts to discover the version of a (known) web application by comparing static files at known locations fingerprint webapp
blisqy 20.e9995fc Exploit Time-based blind-SQL injection in HTTP-Headers (MySQL/MariaDB). webapp exploitation
brute-force 52.78d1d8e Brute-Force attack tool for Gmail, Hotmail, Twitter, Facebook, Netflix. cracker social webapp
brutemap 65.da4b303 Penetration testing tool that automates testing accounts to the site's login page. webapp cracker
brutexss 54.ba753df Cross-Site Scripting Bruteforcer. webapp fuzzer
bsqlbf 2.7 Blind SQL Injection Brute Forcer. webapp
bsqlinjector 13.027184f Blind SQL injection exploitation tool written in ruby. webapp exploitation
burpsuite 1:2024.5.1 An integrated platform for attacking web applications (free edition). fuzzer proxy scanner webapp
cangibrina 123.6de0165 Dashboard Finder. scanner webapp
cansina 2:59.67c6301 A python-based Web Content Discovery Tool. webapp scanner
cariddi v1.3.4.r3.gf6f2675 Take a list of domains, crawl urls and scan for endpoints, secrets, api keys, file extensions, token. webap scanner
cent v1.3.3.r4.gada5069 Community edition nuclei templates. webapp scanner
chankro 21.7b6e844 Tool that generates a PHP capable of run a custom binary (like a meterpreter) or a bash script (p.e. reverse shell) bypassing disable_functions & open_basedir). webapp exploitation
cintruder 14.f8a3f12 An automatic pentesting tool to bypass captchas. cracker webapp
cjexploiter 6.72b08d8 Drag and Drop ClickJacking exploit development assistance tool. webapp
clairvoyance 2.5.2 Obtain GraphQL API Schema even if the introspection is not enabled. webapp recon scanner
cloudget 64.cba10b1 Python script to bypass cloudflare from command line. Built upon cfscrape module. webapp
cms-explorer 15.23b58cd Designed to reveal the specific modules, plugins, components and themes that various cms driven websites are running fingerprint webapp
cms-few 0.1 Joomla, Mambo, PHP-Nuke, and XOOPS CMS SQL injection vulnerability scanning tool written in Python. webapp scanner
cmseek 382.20f9780 CMS (Content Management Systems) Detection and Exploitation suite. webapp fingerprint exploitation
cmsfuzz 5.6be5a98 Fuzzer for wordpress, cold fusion, drupal, joomla, and phpnuke. webapp scanner fuzzer
cmsmap 1:8.59dd0e2 A python open source Content Management System scanner that automates the process of detecting security flaws of the most popular CMSs. scanner automation webapp exploitation
cmsscan 43.f060b4b CMS scanner to identify and find vulnerabilities for Wordpress, Drupal, Joomla, vBulletin. webapp scanner recon fingerprint
cmsscanner CMS Scanner Framework. webapp scanner recon fingerprint
comission 203.67b890e WhiteBox CMS analysis. webapp scanner
commentor 20.4582674 Extract all comments from the specified URL resource. webapp misc
commix 2141.a1a79239 Automated All-in-One OS Command Injection and Exploitation Tool. webapp automation exploitation
conscan 1.2 A blackbox vulnerability scanner for the Concre5 CMS. fuzzer scanner webapp
corscanner 99.593043f Fast CORS misconfiguration vulnerabilities scanner. webapp scanner
corstest 10.beffd0b A simple CORS misconfigurations checker. scanner webapp
corsy 69.2985ae2 CORS Misconfiguration Scanner. webapp scanner
cpfinder 0.1 This is a simple script that looks for administrative web interfaces. scanner webapp
crabstick 47.bb7827f Automatic remote/local file inclusion vulnerability analysis and exploit tool. webapp exploitation
crackql 1.0.r53.gac26a44 GraphQL password brute-force and fuzzing utility webapp exploitation fuzzer
crawlic 51.739fe2b Web recon tool (find temporary files, parse robots.txt, search folders, google dorks and search domains hosted on same server). webapp recon
crlf-injector 9.bd6db06 A python script for testing CRLF injecting issues. fuzzer webapp
crlfuzz 62.7a442bb A fast tool to scan CRLF vulnerability written in Go. webapp scanner
csrftester 1.0 The OWASP CSRFTester Project attempts to give developers the ability to test their applications for CSRF flaws. webapp
cybercrowl 111.f7cac52 A Python Web path scanner tool. webapp scanner
d-tect 13.9555c25 Pentesting the Modern Web. scanner recon webapp
dalfox 1430.820012e Parameter Analysis and XSS Scanning tool. webapp fuzzer
darkbing 0.1 A tool written in python that leverages bing for mining data on systems that may be susceptible to SQL injection. scanner fuzzer webapp
darkd0rk3r 1.0 Python script that performs dork searching and searches for local file inclusion and SQL injection errors. exploitation webapp
darkdump 48.7cad8ca Search The Deep Web Straight From Your Terminal. webapp scanner
darkjumper 5.8 This tool will try to find every website that host at the same server at your target. webapp
darkmysqli 1.6 Multi-Purpose MySQL Injection Tool exploitation webapp
darkscrape 68.2ca0e37 OSINT Tool For Scraping Dark Websites. webapp scanner recon
davscan 30.701f967 Fingerprints servers, finds exploits, scans WebDAV. webapp scanner fingerprint recon
dawnscanner 1:v2.2.0.r15.g0d647fc A static analysis security scanner for ruby written web applications. webapp scanner
dcrawl 7.3273c35 Simple, but smart, multi-threaded web crawler for randomly gathering huge lists of unique domain names. scanner webapp
detectem 276.bc5f073 Detect software and its version on websites. fingerprint webapp recon
dff-scanner 1.1 Tool for finding path of predictable resource locations. webapp
dirb 2.22 A web content scanner, brute forceing for hidden files. scanner webapp
dirble 1:1.4.2 Fast directory scanning and scraping tool. webapp scanner
dirbuster 1.0_RC1 An application designed to brute force directories and files names on web/application servers scanner webapp
dirbuster-ng 9.0c34920 C CLI implementation of the Java dirbuster tool. webapp scanner
directorytraversalscan Detect directory traversal vulnerabilities in HTTP servers and web applications. windows webapp
dirhunt 329.a5ea20d Find web directories without bruteforce. webapp scanner
dirscanner 0.1 This is a python script that scans webservers looking for administrative directories, php shells, and more. scanner webapp
dirscraper 16.e752450 OSINT Scanning tool which discovers and maps directories found in javascript files hosted on a website. webapp scanner
dirsearch 2367.0ad2b8f HTTP(S) directory/file brute forcer. webapp scanner
dirstalk 1.3.3 Dirstalk is a multi threaded application designed to brute force paths on web servers. The tool contains functionalities similar to the ones offered by dirbuster and dirb. scanner webapp
docem 21.59db436 Uility to embed XXE and XSS payloads in docx,odt,pptx,etc (OXML_XEE on steroids). webapp
domi-owned 41.583d0a5 A tool used for compromising IBM/Lotus Domino servers. webapp cracker fingerprint
dontgo403 1.0.1.r4.g6ce8b25 Tool to bypass 40X response codes.. webapp exploitation scanner
doork 6.90c7260 Passive Vulnerability Auditor. webapp recon
dorknet 58.419d6a2 Selenium powered Python script to automate searching for vulnerable web apps. webapp automation
dpscan 0.1 Drupal Vulnerabilty Scanner. scanner webapp fuzzer
droopescan 1.45.1 A plugin-based scanner that aids security researchers in identifying issues with several CMSs, mainly Drupal & Silverstripe. scanner webapp
drupal-module-enum 11.525543c Enumerate on drupal modules. webapp scanner
drupalscan 0.5.2 Simple non-intrusive Drupal scanner. webapp scanner
drupwn 1:59.8186732 Drupal enumeration & exploitation tool. webapp exploitation scanner
dsfs 36.8e9f8e9 A fully functional File inclusion vulnerability scanner (supporting GET and POST parameters) written in under 100 lines of code. webapp scanner
dsjs 32.26287d0 A fully functional JavaScript library vulnerability scanner written in under 100 lines of code. webapp scanner
dsss 123.84ddd33 A fully functional SQL injection vulnerability scanner (supporting GET and POST parameters) written in under 100 lines of code. webapp scanner
dsstore-crawler 7.efa51f5 A parser + crawler for .DS_Store files exposed publically. webapp recon
dsxs 130.3e628b6 A fully functional Cross-site scripting vulnerability scanner (supporting GET and POST parameters) written in under 100 lines of code. webapp scanner
dumb0 19.1493e74 A simple tool to dump users in popular forums and CMS. automation webapp
easyfuzzer 3.6 A flexible fuzzer, not only for web, has a CSV output for efficient output analysis (platform independant). fuzzer webapp
eazy 0.1 This is a small python tool that scans websites to look for PHP shells, backups, admin panels, and more. scanner webapp
eos 14.0127319 Enemies Of Symfony - Debug mode Symfony looter. webapp scanner
epicwebhoneypot 2.0a Tool which aims to lure attackers using various types of web vulnerability scanners by tricking them into believing that they have found a vulnerability on a host. webapp defensive honeypot
evine 42.46051de Interactive CLI Web Crawler. webapp scanner
extended-ssrf-search 28.680f815 Smart ssrf scanner using different methods like parameter brute forcing in post and get. webapp scanner
eyewitness 1138.1f489e0 Designed to take screenshots of websites, provide some server header info, and identify default credentials if possible. webapp recon misc
facebot 23.57f6025 A facebook profile and reconnaissance system. recon webapp
facebrute 7.ece355b This script tries to guess passwords for a given facebook account using a list of passwords (dictionary). cracker webapp
fbht 1:70.d75ae93 A Facebook Hacking Tool webapp
fdsploit 26.4522f53 A File Inclusion & Directory Traversal fuzzing, enumeration & exploitation tool. webapp fuzzer exploitation
feroxbuster 2.7.1.r11.g53e3420 A fast, simple, recursive content discovery tool written in Rust. webapp scanner fuzzer
ffuf 1:v2.1.0.r3.gde9ac86 Fast web fuzzer written in Go. webapp fuzzer
fhttp 1.3 This is a framework for HTTP related attacks. It is written in Perl with a GTK interface, has a proxy for debugging and manipulation, proxy chaining, evasion rules, and more. webapp scanner fuzzer fingerprint dos
filebuster 95.f2b04c7 An extremely fast and flexible web fuzzer. webapp fuzzer
filegps 90.03cbc75 A tool that help you to guess how your shell was renamed after the server-side script of the file uploader saved it. webapp misc
fingerprinter 480.105ab04 CMS/LMS/Library etc Versions Fingerprinter. fingerprint webapp
flashscanner 11.6815b02 Flash XSS Scanner. scanner webapp
flask-session-cookie-manager2 v1.2.1.1.r11.g821b80c Decode and encode Flask session cookie. webapp
flask-session-cookie-manager3 v1.2.1.1.r11.g821b80c Decode and encode Flask session cookie. webapp
flask-unsign 1.2.0 Decode, encode and brute-force Flask session cookie. webapp
flunym0us 2.0 A Vulnerability Scanner for Wordpress and Moodle. scanner webapp
fockcache 10.3e7efa9 Tool to make cache poisoning by trying X-Forwarded-Host and X-Forwarded-Scheme headers on web pages. webapp fuzzer
fuxploider 140.ec8742b Tool that automates the process of detecting and exploiting file upload forms flaws. webapp exploitation
gau 161.046a59f Fetch known URLs from AlienVault's Open Threat Exchange, the Wayback Machine, and Common Crawl. webapp recon
ghauri 1.3.4.r0.g45eaf93 An advanced cross-platform tool that automates the process of detecting and exploiting SQL injection security flaws. webapp exploitation
ghost-py 2.0.0 Webkit based webclient (relies on PyQT). webapp misc
git-dumper 1:1.0.6.r14.g2d6fa4f A tool to dump a git repository from a website. scanner webapp
gitdump 1.682fa37 A pentesting tool that dumps the source code from .git even when the directory traversal is disabled. webapp automation
gittools 70.7cac63a A repository with 3 tools for pwn'ing websites with .git repositories available'. webapp scanner
gobuster 2:367.308cf9f Directory/file & DNS busting tool written in Go. webapp scanner
golismero 73.7d605b9 Opensource web security testing framework. webapp
goop-dump 71.3c15d60 Tool to dump a git repository from a website, focused on as-complete-as-possible dumps and handling weird edge-cases. webapp scanner
gopherus 33.90a2fd5 Tool generates gopher link for exploiting SSRF and gaining RCE in various servers. webapp exploitation
gospider 108.f6cc9a7 Fast web spider written in Go. webapp scanner
gowitness 299.6b10eae A golang, web screenshot utility using Chrome Headless. webapp recon
grabber 0.1 A web application scanner. Basically it detects some kind of vulnerabilities in your website. webapp
graphinder 1.11.6 GraphQL endpoints finder using subdomain enumeration, scripts analysis and bruteforce. recon scanner webapp
graphql-cop 1.12.r13.g597b614 GraphQL vulnerability scanner. scanner webapp
graphql-path-enum 21.29fa505 Tool that lists the different ways of reaching a given type in a GraphQL schema. webapp exploitation fuzzer
graphqlmap 63.59305d7 Scripting engine to interact with a graphql endpoint for pentesting purposes. webapp exploitation fuzzer
graphw00f 1.1.16.r0.gfef68a2 GraphQL endpoint detection and engine fingerprinting. webapp fingerprint
gwtenum 1:7.f27a5aa A command line tool that analyzes the obfuscated Javascript produced by Google Web Toolkit (GWT) applications in order to enumerate all services and method calls. recon webapp
h2buster 79.6c4dd1c A threaded, recursive, web directory brute-force scanner over HTTP/2. scanner webapp
h2csmuggler 7.7ea573a HTTP Request Smuggling over HTTP/2 Cleartext (h2c). webapp
h2t 36.9183a30 Scans a website and suggests security headers to apply. webapp scanner defensive
hakku 384.bbb434d Simple framework that has been made for penetration testing tools. scanner recon webapp exploitation fingerprint
hakrawler 234.14e240b Simple, fast web crawler designed for easy, quick discovery of endpoints and assets within a web application. webapp scanner
halberd 0.2.4 Halberd discovers HTTP load balancers. It is useful for web application security auditing and for load balancer configuration testing. scanner webapp
hetty 134.f60202e HTTP toolkit for security research. It aims to become an open source alternative to commercial software like Burp Suite Pro, with powerful features tailored to the needs of the infosec and bug bounty community. webapp proxy
hookshot 199.3258c3e Integrated web scraper and email account data breach comparison tool. webapp scanner recon social
host-extract 1:8.0134ad7 Ruby script tries to extract all IP/Host patterns in page response of a given URL and JavaScript/CSS files of that URL. scanner webapp
htcap 1:155.a59c592 A web application analysis tool for detecting communications between javascript and the server. webapp scanner
http2smugl 36.78abc09 Http2Smugl - Tool to detect and exploit HTTP request smuggling in cases it can be achieved via HTTP/2 -больше HTTP/1.1 conversion. webapp scanner exploitation
httpforge 11.02.01 A set of shell tools that let you manipulate, send, receive, and analyze HTTP messages. These tools can be used to test, discover, and assert the security of Web servers, apps, and sites. An accompanying Python library is available for extensions. webapp scanner fuzzer recon
httpgrep 2.4 A python tool which scans for HTTP servers and finds given strings in URIs. webapp scanner
httppwnly 47.528a664 "Repeater" style XSS post-exploitation tool for mass browser control. webapp
httpx 1994.2b0d9f4 A fast and multi-purpose HTTP toolkit allow to run multiple probers using retryablehttp library. webapp scanner
hyperfox 121.1a8c26f A security tool for proxying and recording HTTP and HTTPs traffic. networking proxy webapp
identywaf 206.aa670df Blind WAF identification tool. webapp fingerprint
imagejs 56.a442f94 Small tool to package javascript into a valid image file. binary webapp
injectus 12.3c01fa0 Simple python tool that goes through a list of URLs trying CRLF and open redirect payloads. webapp scanner fuzzer
interactsh-client v1.2.0.r1.ge6663b7 Open-Source Solution for Out of band Data Extraction. webapp
inurlbr 34.dbf9773 Advanced search in the search engines - Inurl scanner, dorker, exploiter. scanner webapp automation
ipsourcebypass 1.2.r15.g7befb82 This Python script can be used to bypass IP source restrictions using HTTP headers. webapp
isr-form 1.0 Simple html parsing tool that extracts all form related information and generates reports of the data. Allows for quick analyzing of data. recon webapp
jaeles 233.243e0b6 The Swiss Army knife for automated Web Application Testing. webapp scanner
jaidam 18.15e0fec Penetration testing tool that would take as input a list of domain names, scan them, determine if wordpress or joomla platform was used and finally check them automatically, for web vulnerabilities using two well-known open source tools, WPScan and Joomscan. webapp automation exploitation
jast 17.361ecde Just Another Screenshot Tool. webapp recon misc
jboss-autopwn 1.3bc2d29 A JBoss script for obtaining remote shell access. exploitation webapp automation
jdeserialize 31.20635ba A library that interprets Java serialized objects. It also comes with a command-line tool that can generate compilable class declarations, extract block data, and print textual representations of instance values. webapp reversing
jexboss 86.338b531 Jboss verify and Exploitation Tool. webapp exploitation
jira-scan 7.447d0ec A simple remote scanner for Atlassian Jira webapp scanner
jok3r 447.0761996 Network and Web Pentest Framework. webapp scanner fuzzer networking
jomplug 0.1 This php script fingerprints a given Joomla system and then uses Packet Storm's archive to check for bugs related to the installed components. webapp fingerprint
jooforce 11.43c21ad A Joomla password brute force tester. webapp cracker
joomlascan 1.2 Joomla scanner scans for known vulnerable remote file inclusion paths and files. webapp scanner
joomlavs 254.eea7500 A black box, Ruby powered, Joomla vulnerability scanner. webapp scanner fuzzer
joomscan 1:83.2ea8cc7 Detects file inclusion, sql injection, command execution vulnerabilities of a target Joomla! web site. webapp
jsearch 44.87cf9c1 Simple script that grep infos from javascript files. recon webapp
jshell 7.ee3c92d Get a JavaScript shell with XSS. webapp
jsonbee 30.c0c87fc A ready to use JSONP endpoints/payloads to help bypass content security policy (CSP). webapp
jsparser 31.ccd3ab6 A python 2.7 script using Tornado and JSBeautifier to parse relative URLs from JavaScript files. Useful for easily discovering AJAX requests. webapp reversing
jsql-injection 0.98 A Java application for automatic SQL database injection. webapp exploitation fuzzer
jstillery 65.512e9af Advanced JavaScript Deobfuscation via Partial Evaluation. webapp
juumla 106.130565e Python tool created to identify Joomla version, scan for vulnerabilities and search for config files. webapp scanner recon fingerprint
jwt-hack v1.2.0.r0.g32e486b A tool for hacking / security testing to JWT. webapp cracker
kadimus 183.ac5f438 LFI Scan & Exploit Tool. webapp exploitation scanner
katana-pd v1.1.0.r2.g9ba3bb8 Crawling and spidering framework. webapp scanner
keye 29.d44a578 Recon tool detecting changes of websites based on content-length differences. recon webapp
kiterunner 19.7d5824c Contextual Content Discovery Tool. webapp scanner recon
kolkata 3.0 A web application fingerprinting engine written in Perl that combines cryptography with IDS evasion. webapp fingerprint
konan 23.7b5ac80 Advanced Web Application Dir Scanner. webapp scanner
kubolt 28.0027239 Utility for scanning public kubernetes clusters. webapp scanner
laf 12.7a456b3 Login Area Finder: scans host/s for login panels. scanner webapp
laudanum 1.0 A collection of injectable files, designed to be used in a pentest when SQL injection flaws are found and are in multiple languages for different environments. misc webapp
lbmap 147.2d15ace Proof of concept scripts for advanced web application fingerprinting, presented at OWASP AppSecAsia 2012. fingerprint webapp
letmefuckit-scanner 3.f3be22b Scanner and Exploit Magento. scanner webapp
leviathan 35.a1a1d8c A mass audit toolkit which has wide range service discovery, brute force, SQL injection detection and running custom exploit capabilities. scanner cracker webapp fuzzer exploitation
lfi-exploiter 1.1 This perl script leverages /proc/self/environ to attempt getting code execution out of a local file inclusion vulnerability. webapp exploitation
lfi-fuzzploit 1.1 A simple tool to help in the fuzzing for, finding, and exploiting of local file inclusion vulnerabilities in Linux-based PHP applications. webapp fuzzer exploitation
lfi-image-helper 0.8 A simple script to infect images with PHP Backdoors for local file inclusion attacks. webapp backdoor
lfi-scanner 4.0 This is a simple perl script that enumerates local file inclusion attempts when given a specific target. scanner fuzzer webapp
lfi-sploiter 1.0 This tool helps you exploit LFI (Local File Inclusion) vulnerabilities. Post discovery, simply pass the affected URL and vulnerable parameter to this tool. You can also use this tool to scan a URL for LFI vulnerabilities. webapp fuzzer exploitation
lfifreak 21.0c6adef A unique automated LFi Exploiter with Bind/Reverse Shells. webapp exploitation
lfimap 1:162.245a448 This script is used to take the highest beneficts of the local file include vulnerability in a webserver. webapp fuzzer
lfisuite 85.470e01f Totally Automatic LFI Exploiter (+ Reverse Shell) and Scanner. scanner webapp exploitation
liffy 1:33.89dd4f8 A Local File Inclusion Exploitation tool. webapp exploitation fuzzer
lightbulb 88.9e8d6f3 Python framework for auditing web applications firewalls. webapp scanner
linkfinder 168.1debac5 Discovers endpoint and their parameters in JavaScript files. webapp recon
list-urls 0.1 Extracts links from webpage misc webapp
log4j-bypass 33.f5c92f9 Log4j web app tester that includes WAF bypasses. webapp fuzzer scanner
log4j-scan 88.07f7e32 A fully automated, accurate, and extensive scanner for finding log4j RCE CVE-2021-44228. webapp scanner fuzzer
lorsrf bbb.r0.g91c26ec Find the parameters that can be used to find SSRF or Out-of-band resource load. webapp scanner fuzzer
lulzbuster 1.3.2 A very fast and smart web-dir/file enumeration tool written in C. webapp scanner recon
magescan 1.12.9 Scan a Magento site for information. webapp scanner
mando.me 9.8b34f1a Web Command Injection Tool. webapp exploitation
mantra 1:v2.0.r1.ga0ae15e Hunt down API key leaks in JS files and pages. scanner webapp
maryam 2:819.99ae85a Tool to scan Web application and networks and easily and complete the information gathering process. scanner webapp recon
meg 87.9daab00 Fetch many paths for many hosts - without killing the hosts. webapp scanner
metoscan 05 Tool for scanning the HTTP methods supported by a webserver. It works by testing a URL and checking the responses for the different requests. webapp
monsoon 261.f4f9852 A fast HTTP enumerator that allows you to execute a large number of HTTP requests. webapp
mooscan 1:10.82963b0 A scanner for Moodle LMS. webapp scanner
morxtraversal 1.0 Path Traversal checking tool. webapp scanner
mosquito 39.fe54831 XSS exploitation tool - access victims through HTTP proxy. exploitation webapp
multiinjector 0.4 Automatic SQL injection utility using a lsit of URI addresses to test parameter manipulation. webapp
mwebfp 16.a800b98 Mass Web Fingerprinter. fingerprint webapp scanner
nikto 2.5.0 A web server scanner which performs comprehensive tests against web servers for multiple items scanner webapp fuzzer
nosqli 37.6fce3eb NoSQL scanner and injector. webapp scanner exploitation
nosqli-user-pass-enum 18.1b3713a Script to enumerate usernames and passwords from vulnerable web applications running MongoDB. exploitation webapp
nosqlmap 298.efe6f7a Automated Mongo database and NoSQL web application exploitation tool webapp exploitation
novahot 23.69857bb A webshell framework for penetration testers. webapp
nsia 1.0.6 A website scanner that monitors websites in realtime in order to detect defacements, compliance violations, exploits, sensitive information disclosure and other issues. scanner webapp defensive
nuclei 2:v3.0.0.r640.g04a630266 Nuclei is a fast tool for configurable targeted scanning based on templates offering massive extensibility and ease of use. webapp scanner
okadminfinder 83.aca7645 Tool to find admin panels / admin login pages. webapp scanner
onionsearch 44.fc9d62c Script that scrapes urls on different ".onion" search engines. webapp scanner
opendoor 422.d1ed311 OWASP Directory Access scanner. webapp scanner
otori 0.3 A python-based toolbox intended to allow useful exploitation of XML external entity ("XXE") vulnerabilities. exploitation webapp
owasp-bywaf 26.e730d1b A web application penetration testing framework (WAPTF). webapp scanner
owtf 2187.af993ecb The Offensive (Web) Testing Framework. webapp automation scanner fuzzer
pappy-proxy 77.e1bb049 An intercepting proxy for web application testing. webapp proxy scanner fuzzer recon
parameth 56.8da6f27 This tool can be used to brute discover GET and POST parameters. webapp scanner
parampampam 45.9171018 This tool for brute discover GET and POST parameters. webapp fuzzer
paranoic 1.7 A simple vulnerability scanner written in Perl. scanner scanner webapp
paros 3.2.13 Java-based HTTP/HTTPS proxy for assessing web app vulnerabilities. Supports editing/viewing HTTP messages on-the-fly, spiders, client certificates, proxy-chaining, intelligent scanning for XSS and SQLi, etc. webapp
payloadmask 17.58e0525 Web Payload list editor to use techniques to try bypass web application firewall. webapp
pblind 1.0 Little utility to help exploiting blind sql injection vulnerabilities. exploitation webapp
peepingtom 1:56.bc6f4d8 A tool to take screenshots of websites. Much like eyewitness. webapp recon
photon 326.d4af460 Incredibly fast crawler which extracts urls, emails, files, website accounts and much more. webapp recon
php-findsock-shell 2.b8a984f A Findsock Shell implementation in PHP + C. webapp backdoor
php-malware-finder 0.3.4.r82.g87b6d7f Detect potentially malicious PHP files. webapp malware scanner code-audit
php-vulnerability-hunter An whitebox fuzz testing tool capable of detected several classes of vulnerabilities in PHP web applications. windows webapp code-audit
phpggc 627.638a999 A library of PHP unserialize() payloads along with a tool to generate them, from command line or programmatically. webapp exploitation
phpsploit 1021.aea961d Stealth post-exploitation framework. webapp
pinkerton 1.6.r19.g3195a4a JavaScript file crawler and secret finder. webapp scanner
pixload 87.a8f58a7 Set of tools for creating/injecting payload into images (hiding backdoors). The following image types are currently supported: BMP, GIF, JPG, PNG, WebP. webapp backdoor
plecost 104.4895e34 Wordpress finger printer Tool. webapp fingerprint
plown 13.ccf998c A security scanner for Plone CMS. webapp
poly 52.4e6f189 A python script that generates polymorphic webshells. Use it to encode your favourite shell and make it practically undetectable. webapp backdoor
poracle 68.dcc00b0 A tool for demonstrating padding oracle attacks. crypto webapp
pown 332.0e32edf Security testing and exploitation toolkit built on top of Node.js and NPM. webapp recon scanner social proxy
ppfuzz 31.80982ec A fast tool to scan client-side prototype pollution vulnerability written in Rust. webapp scanner
ppmap v1.2.0.r15.g9426af6 A scanner/exploitation tool written in GO, which leverages client-side Prototype Pollution to XSS by exploiting known gadgets. webapp scanner exploitation
proxenet 712.67fc6b5 THE REAL hacker friendly proxy for web application pentests. webapp proxy sniffer
pureblood 37.2c5ce07 A Penetration Testing Framework created for Hackers / Pentester / Bug Hunter. automation webapp scanner fuzzer
pwndrop 18.385ba70 Self-deployable file hosting service for red teamers, allowing to easily upload and share payloads over HTTP and WebDAV. webapp exploitation automation
pyfiscan 2996.57c7428 Free web-application vulnerability and version scanner. webapp scanner
pythem 454.e4fcb8a Python penetration testing framework. scanner sniffer recon cracker webapp
python-arsenic 21.8 Async WebDriver implementation for asyncio and asyncio-compatible frameworks. automation webapp
python-jsbeautifier 1.15.1 JavaScript unobfuscator and beautifier reversing webapp
python-witnessme 1:1.5.0 Web Inventory tool, takes screenshots of webpages using Pyppeteer. webapp recon
python2-jsbeautifier 1.13.4 JavaScript unobfuscator and beautifier reversing webapp
python2-webtech 1.2.12 Identify technologies used on websites. webapp recon scanner fingerprint
rabid 1:v0.1.0.r115.gd799147 A CLI tool and library allowing to simply decode all kind of BigIP cookies. webapp misc
rapidscan 221.296a20b The Multi-Tool Web Vulnerability Scanner. webapp scanner recon fingerprint fuzzer exploitation
ratproxy 1.58 A passive web application security assessment tool fuzzer proxy scanner webapp
rawr 74.544dd75 Rapid Assessment of Web Resources. A web enumerator. scanner webapp
recsech 123.1fc298a Tool for doing Footprinting and Reconnaissance on the target web. recon scanner webapp fingerprinting
red-hawk 36.fa54e23 All in one tool for Information Gathering, Vulnerability Scanning and Crawling. recon scanner webapp
remot3d 38.a707ef7 An Simple Exploit for PHP Language. webapp backdoor exploitation
restler-fuzzer 8:403.694cc9e First stateful REST API fuzzing tool for automatically testing cloud services through their REST APIs and finding security and reliability bugs in these services. webapp fuzzer
richsploit 3.6b15e0f Exploitation toolkit for RichFaces. exploitation webapp
riwifshell 38.40075d5 Web backdoor - infector - explorer. webapp backdoor
ruler 301.1e5ee2d A tool to abuse Exchange services. webapp exploitation
rustbuster 302.4a243d4 DirBuster for Rust. webapp scanner
rww-attack 0.9.2 The Remote Web Workplace Attack tool will perform a dictionary attack against a live Microsoft Windows Small Business Server's 'Remote Web Workplace' portal. It currently supports both SBS 2003 and SBS 2008 and includes features to avoid account lock out. webapp
sawef 32.e5ce862 Send Attack Web Forms. webapp recon
scanqli 26.40a028d SQLi scanner to detect SQL vulns. webapp scanner
scrapy 2.11.1 A fast high-level scraping and web crawling framework. webapp recon scanner
scrying 234.caa233c Collect RDP, web, and VNC screenshots smartly. webapp recon
second-order v3.2.r0.g242569b Second-order subdomain takeover scanner. webapp scanner
secretfinder 1:15.d06119d A python script to find sensitive data (apikeys, accesstoken, jwt,..) in javascript files. webapp recon
secscan 1.5 Web Apps Scanner and Much more utilities. webapp scanner
see-surf v2.0.r41.g826f05a A Python based scanner to find potential SSRF parameters in a web application. webapp scanner
serializationdumper 31.69ea9ba A tool to dump Java serialization streams in a more human readable form. webapp reversing
shellinabox 428.98e6eeb Implements a web server that can export arbitrary command line tools to a web based terminal emulator. backdoor webapp
shortfuzzy 0.1 A web fuzzing script written in perl. webapp fuzzer scanner
sitadel 123.e4d9ed4 Web Application Security Scanner. webapp scanner
sitediff 3.1383935 Fingerprint a web app using local files as the fingerprint sources. webapp fingerprint
sjet 103.dd2a4e6 Siberas JMX exploitation toolkit. exploitation webapp
skipfish 2.10b A fully automated, active web application security reconnaissance tool fuzzer scanner webapp
smplshllctrlr 9.2baf390 PHP Command Injection exploitation tool. webapp exploitation
smuggler 23.2be871e Python tool used to test for HTTP Desync/Request Smuggling attacks. webapp scanner
smuggler-py 1.0 Python tool used to test for HTTP Desync/Request Smuggling attacks. webapp scanner
snallygaster 240.ff6a097 Tool to scan for secret files on HTTP servers. webapp scanner
snare 187.08c69b7 Super Next generation Advanced Reactive honEypot. SNARE is a web application honeypot sensor attracting all sort of maliciousness from the Internet. honeypot webapp
snuck 6.76196b6 Automatic XSS filter bypass. webapp
sourcemapper 37.467916e Extract JavaScript source trees from Sourcemap files. webapp
spaf 11.671a976 Static Php Analysis and Fuzzer. webapp fuzzer code-audit
spaghetti 4:9.df39a11 Web Application Security Scanner. webapp scanner
sparty 0.1 An open source tool written in python to audit web applications using sharepoint and frontpage architecture. webapp
spiga 2:648.617a342 Configurable web resource scanner. webapp scanner
spike-proxy 148 A Proxy for detecting vulnerabilities in web applications webapp
spipscan 1:69.4ad3235 SPIP (CMS) scanner for penetration testing purpose written in Python. webapp scanner
sprayingtoolkit 60.82e2ec8 Scripts to make password spraying attacks against Lync/S4B & OWA a lot quicker, less painful and more efficient. webapp scanner
sqid 0.3 A SQL injection digger. webapp
sqlbrute 1.0 Brute forces data out of databases using blind SQL injection. fuzzer webapp
sqldict 2.1 A dictionary attack tool for SQL Server. windows webapp
sqlivulscan 249.cc8e657 This will give you the SQLi Vulnerable Website Just by Adding the Dork. scanner webapp
sqlmap 1.8.6 Automatic SQL injection and database takeover tool webapp exploitation fuzzer
sqlninja 0.2.999 A tool targeted to exploit SQL Injection vulnerabilities on a web application that uses Microsoft SQL Server as its back-end. exploitation fuzzer webapp
sqlping 4 SQL Server scanning tool that also checks for weak passwords using wordlists. windows webapp exploitation
sqlpowerinjector 1.2 Application created in .Net 1.1 that helps the penetration tester to find and exploit SQL injections on a web page. windows webapp
sqlsus 0.7.2 An open source MySQL injection and takeover tool, written in perl exploitation webapp
ssrf-sheriff 2.f95d691 A simple SSRF-testing sheriff written in Go. webapp proxy
ssrfmap 106.3eacb5d Automatic SSRF fuzzer and exploitation tool. webapp scanner fuzzer exploitation
stews 1.0.0.r7.gc7bba5a A Security Tool for Enumerating WebSockets. webapp scanner fingerprint fuzzer
striker 85.87c184d An offensive information and vulnerability scanner. scanner recon webapp
subjs 45.76ce9ec Fetches javascript file from a list of URLS or subdomains. webapp recon
swarm 1:41.1713c1e A distributed penetration testing tool. scanner recon cracker exploitation webapp
swftools 0.9.2 A collection of SWF manipulation and creation utilities binary reversing webapp
taipan 1:2.9.498.18 Web application security scanner. scanner webapp
themole 0.3 Automatic SQL injection exploitation tool. webapp
tidos-framework v2.0.beta2.r22.g4098187 Offensive Web Application Penetration Testing Framework. webapp
tinfoleak 3.6469eb3 Get detailed information about a Twitter user activity. recon social webapp
tinfoleak2 41.c45c33e Get detailed information about a Twitter user activity. recon social webapp
tomcatwardeployer 98.4535e64 Apache Tomcat auto WAR deployment & pwning penetration testing tool. exploitation automation webapp
torcrawl 99.c83fd53 Crawl and extract (regular or onion) webpages through TOR network. webapp scanner
tplmap 719.616b0e5 Automatic Server-Side Template Injection Detection and Exploitation Tool. webapp exploitation
typo-enumerator 1:14.295f103 Enumerate Typo3 version and extensions. webapp scanner
typo3scan v1.1.4.r3.g95fe6f6 Enumerate Typo3 version and extensions. webapp scanner
uatester 1.06 User Agent String Tester misc webapp
ufonet 83.e5d4014 A tool designed to launch DDoS attacks against a target, using 'Open Redirect' vectors on third party web applications, like botnet. dos webapp
uncaptcha2 7.473f33d Defeating the latest version of ReCaptcha with 91% accuracy. webapp
uniscan 6.3 A simple Remote File Include, Local File Include and Remote Command Execution vulnerability scanner. fuzzer scanner webapp
uppwn 9.f69dec4 A script that automates detection of security flaws on websites' file upload systems'. webapp fuzzer
urlcrazy 0.5 Generate and test domain typos and variations to detect and perform typo squatting, URL hijacking, phishing, and corporate espionage. webapp
urldigger 02c A python tool to extract URL addresses from different HOT sources and/or detect SPAM and malicious code webapp scanner
urlextractor 19.739864d Information gathering & website reconnaissance. webapp recon
vane 1899.48f9ab5 A vulnerability scanner which checks the security of WordPress installations using a black box approach. scanner webapp fuzzer
vanguard 0.1 A comprehensive web penetration testing tool written in Perl that identifies vulnerabilities in web applications. webapp scanner
vbscan 1:39.2b1ce48 A black box vBulletin vulnerability scanner written in perl. webapp fuzzer scanner
vega 1.0 An open source platform to test the security of web applications. webapp
visql 49.3082e30 Scan SQL vulnerability on target site and sites of on server. scanner webapp
vsvbp 6.241a7ab Black box tool for Vulnerability detection in web applications. webapp scanner
vulnerabilities-spider 1.426e70f A tool to scan for web vulnerabilities. webapp scanner
vulnx 321.bcf451d Cms and vulnerabilites detector & An intelligent bot auto shell injector. webapp scanner fingerprint recon
w13scan 430.432b835 Passive Security Scanner. webapp scanner fuzzer
w3af 1.6.49 Web Application Attack and Audit Framework. fuzzer scanner webapp
waffit 202.d28dc3d Identify and fingerprint Web Application Firewall (WAF) products protecting a website. scanner webapp
wafninja 25.379cd98 A tool which contains two functions to attack Web Application Firewalls. webapp fuzzer
wafp 0.01_26c3 An easy to use Web Application Finger Printing tool written in ruby using sqlite3 databases for storing the fingerprints. webapp fingerprint
wafpass 50.4211785 Analysing parameters with all payloads' bypass methods, aiming at benchmarking security solutions like WAF. webapp fuzzer
wafw00f 845.ae6a67f Identify and fingerprint Web Application Firewall (WAF) products protecting a website. scanner webapp
wapiti 3.1.8.r91.g91c1a071 A vulnerability scanner for web applications. It currently search vulnerabilities like XSS, SQL and XPath injections, file inclusions, command execution, LDAP injections, CRLF injections... fuzzer scanner webapp
wascan 1:37.6926338 Web Application Scanner. webapp scanner
waybackpack 113.3616aee Download the entire Wayback Machine archive for a given URL. webapp recon
wcvs 1.2.1.r0.g08865ff Web Cache Vulnerability Scanner is a Go-based CLI tool for testing for web cache poisoning. webapp scanner
web-soul 2 A plugin based scanner for attacking and data mining web sites written in Perl. webapp
webacoo 0.2.3 Web Backdoor Cookie Script-Kit. backdoor webapp
webanalyze 121.707f3a4 Port of Wappalyzer (uncovers technologies used on websites) in go to automate scanning. webapp recon scanner fingerprint
webborer 173.b323cf4 A directory-enumeration tool written in Go. webapp scanner
webenum 21.24b43b4 Tool to enumerate http responses using dynamically generated queries and more. Useful for penetration tests against web servers. scanner webapp
webexploitationtool 155.85bcf0e A cross platform web exploitation toolkit. exploitation webapp
webhandler 348.1bd971e A handler for PHP system functions & also an alternative 'netcat' handler. webapp
webhunter 12.918b606 Tool for scanning web applications and networks and easily completing the process of collecting knowledge. scanner webapp
webkiller 42.d680598 Tool Information Gathering Write By Python. webapp fingerprint recon
webpwn3r 38.3d75e76 A python based Web Applications Security Scanner. scanner webapp
webrute 3.3 Web server directory brute forcer. scanner webapp
webscarab 20120422.001828 Framework for analysing applications that communicate using the HTTP and HTTPS protocols fuzzer proxy scanner webapp
webshag 1.10 A multi-threaded, multi-platform web server audit tool. fuzzer scanner webapp
webshells 46.e8e1a37 Web Backdoors. backdoor webapp
webslayer 5 A tool designed for brute forcing Web Applications. webapp
webspa 0.8 A web knocking tool, sending a single HTTP/S to run O/S commands. backdoor webapp
webtech 1.3.3 Identify technologies used on websites. webapp recon scanner fingerprint
webxploiter 56.c03fe6b An OWASP Top 10 Security scanner. webapp exploitation fuzzer scanner
weevely 898.3fe896a Weaponized web shell. backdoor webapp
weirdaal 331.c14e36d AWS Attack Library. webapp scanner fuzzer
wfuzz 1155.1b695ee Utility to bruteforce web applications to find their not linked resources. fuzzer webapp
whatsmyname 2326.35fd448 Tool to perform user and username enumeration on various websites. webapp recon
whatwaf 392.b14e866 Detect and bypass web application firewalls and protection systems. webapp scanner
whatweb 4910.efee4d80 Next generation web scanner that identifies what websites are running. recon webapp
whichcdn 22.5fc6ddd Tool to detect if a given website is protected by a Content Delivery Network. webapp recon
wig 574.d5ddd91 WebApp Information Gatherer. webapp scanner recon
witchxtool 1.1 A perl script that consists of a port scanner, LFI scanner, MD5 bruteforcer, dork SQL injection scanner, fresh proxy scanner, and a dork LFI scanner. webapp scanner exploitation fuzzer
wmat 3:0.1 Automatic tool for testing webmail accounts. cracker webapp
wordbrutepress 30.5165648 Python script that performs brute forcing against WordPress installs using a wordlist. cracker webapp
wordpress-exploit-framework 907.e55ded4 A Ruby framework for developing and using modules which aid in the penetration testing of WordPress powered websites and systems. webapp exploitation
wordpresscan 76.f810c1c WPScan rewritten in Python + some WPSeku ideas. scanner webapp
wpbf 7.11b6ac1 Multithreaded WordPress brute forcer. cracker webapp
wpbrute-rpc 3.e7d8145 Tool for amplified bruteforce attacks on wordpress based website via xmlrcp API. cracker webapp
wpbullet 34.6185112 A static code analysis for WordPress (and PHP). code-audit webapp
wpforce 88.b72ec64 Wordpress Attack Suite. webapp cracker exploitation
wpintel 6.741c0c9 Chrome extension designed for WordPress Vulnerability Scanning and information gathering. webapp scanner fingerprint
wpscan 1:3.8.25 Black box WordPress vulnerability scanner webapp fuzzer scanner
wpseku 2:39.862fb2c Simple Wordpress Security Scanner. webapp scanner
ws-attacker 1.7 A modular framework for web services penetration testing. webapp
wsfuzzer 1.9.5 A Python tool written to automate SOAP pentesting of web services. fuzzer webapp
wssip 75.56d0d2c Application for capturing, modifying and sending custom WebSocket data from client to server and vice versa. webapp proxy
wuzz 229.66176b6 Interactive cli tool for HTTP inspection. webapp misc
x8 1:v4.1.0.r2.g6ee4532 Hidden parameters discovery suite. webapp scanner
xattacker 122.72f9f8e Website Vulnerability Scanner & Auto Exploiter. webapp scanner blackarck-exploitation
xmlrpc-bruteforcer 35.6023237 An XMLRPC brute forcer targeting Wordpress written in Python 3. webapp
xspear 1:144.57bb7b4 Powerfull XSS Scanning and Parameter analysis tool&gem. webapp fuzzer
xsrfprobe 523.ce04111 The Prime Cross Site Request Forgery Audit and Exploitation Toolkit. webapp scanner
xss-freak 17.e361766 An XSS scanner fully written in Python3 from scratch. webapp scanner fuzzer
xsscon 45.ce91fd6 Simple XSS Scanner tool. webapp scanner
xsscrapy 153.4966255 XSS spider - 66/66 wavsep XSS detected. webapp
xsser 2:1.8 A penetration testing tool for detecting and exploiting XSS vulnerabilites. webapp fuzzer exploitation
xssless 45.8e7ebe1 An automated XSS payload generator written in python. webapp
xsspy 60.b10d336 Web Application XSS Scanner. webapp scanner
xsss 0.40b A brute force cross site scripting scanner. webapp fuzzer scanner
xssscan 1:17.7f1ea90 Command line tool for detection of XSS attacks in URLs. Based on ModSecurity rules from OWASP CRS. webapp scanner fuzzer
xsssniper 79.02b59af An automatic XSS discovery tool webapp fuzzer
xsstrike 467.f292787 An advanced XSS detection and exploitation suite. webapp scanner
xssya 1:13.cd62817 A Cross Site Scripting Scanner & Vulnerability Confirmation. webapp scanner
xwaf 162.c6f6bb7 Automatic WAF bypass tool. webapp scanner
xxeinjector 55.604c39a Tool for automatic exploitation of XXE vulnerability using direct and different out of band methods. exploitation webapp
xxexploiter 103.c1f0f41 It generates the XML payloads, and automatically starts a server to serve the needed DTD's or to do data exfiltration. exploitation webapp
xxxpwn 10.27a2d27 A tool Designed for blind optimized XPath 1 injection attacks. webapp
xxxpwn-smart 6.b11b95b A fork of xxxpwn adding further optimizations and tweaks. webapp
yaaf 7.4d6273a Yet Another Admin Finder. webapp scanner
yasuo 121.994dcb1 A ruby script that scans for vulnerable & exploitable 3rd-party web applications on a network. webapp scanner
yawast 1:0.11.0 The YAWAST Antecedent Web Application Security Toolkit. webapp scanner fuzzer
ycrawler 0.1 A web crawler that is useful for grabbing all user supplied input related to a given website and will save the output. It has proxy and log file support. webapp scanner proxy
yinjector 0.1 A MySQL injection penetration tool. It has multiple features, proxy support, and multiple exploitation methods. exploitation webapp automation
ysoserial 0.0.6 A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization. webapp exploitation
zaproxy 2.15.0 Integrated penetration testing tool for finding vulnerabilities in web applications webapp fuzzer proxy