Home / Tools / webapp

Packages that operate on internet-facing applications.

Tool count: 282

Name Version Description Category Website
0d1n 1:2.5 Web security tool to make fuzzing at HTTP inputs, made in C with libCurl. webapp fuzzer scanner
adfind 29.179602f Admin Panel Finder. webapp recon
adminpagefinder 0.1 This python script looks for a large amount of possible administrative interfaces on a given site. webapp scanner
albatar 24.142f892 A SQLi exploitation framework in Python. webapp exploitation
allthevhosts 1.0 A vhost discovery tool that scrapes various web applications. scanner webapp
anti-xss 166.2725dc9 A XSS vulnerability scanner. webapp scanner
arachni 1.5.1 A feature-full, modular, high-performance Ruby framework aimed towards helping penetration testers and administrators evaluate the security of web applications. webapp
asp-audit 2BETA An ASP fingerprinting tool and vulnerability scanner. fingerprint scanner webapp
astra 241.7d0f211 Automated Security Testing For REST API's. webapp fuzzer
atscan 1936.c31e263 Server, Site and Dork Scanner. scanner webapp fuzzer exploitation automation
backcookie 51.6dabc38 Small backdoor using cookie. backdoor webapp
bbqsql 259.4f7c086 SQL injection exploit tool. webapp exploitation
bbscan 39.57a2e33 A tiny Batch weB vulnerability Scanner. webapp scanner fuzzer
belati 68.9e8b523 The Traditional Swiss Army Knife for OSINT. scanner recon webapp
bfac 45.6400ed4 An automated tool that checks for backup artifacts that may disclose the web-application's source code. recon webapp
bing-lfi-rfi 0.1 This is a python script for searching Bing for sites that may have local and remote file inclusion vulnerabilities. webapp scanner fuzzer
bitdump 34.6a5cbd8 A tool to extract database data from a blind SQL injection vulnerability. exploitation webapp
blindelephant 7 A web application fingerprinter. Attempts to discover the version of a (known) web application by comparing static files at known locations fingerprint webapp
blisqy 15.0d73ed0 Exploit Time-based blind-SQL injection in HTTP-Headers (MySQL/MariaDB). webapp exploitation
brutexss 54.ba753df Cross-Site Scripting Bruteforcer. webapp fuzzer
bsqlbf 2.7 Blind SQL Injection Brute Forcer. webapp
bsqlinjector 13.027184f Blind SQL injection exploitation tool written in ruby. webapp exploitation
burpsuite 1:1.7.36 An integrated platform for attacking web applications (free edition). fuzzer proxy scanner webapp
cangibrina 123.6de0165 Dashboard Finder. scanner webapp
cansina 2:14.b42ff88 A python-based Web Content Discovery Tool. webapp scanner
chankro 14.b560921 Tool that generates a PHP capable of run a custom binary (like a meterpreter) or a bash script (p.e. reverse shell) bypassing disable_functions & open_basedir). webapp exploitation
cintruder 8.eacca65 An automatic pentesting tool to bypass captchas. cracker webapp
cjexploiter 6.72b08d8 Drag and Drop ClickJacking exploit development assistance tool. webapp
cloudget 53.807d08e Python script to bypass cloudflare from command line. Built upon cfscrape module. webapp
cms-explorer 1.0 Designed to reveal the specific modules, plugins, components and themes that various cms driven websites are running fingerprint webapp
cms-few 0.1 Joomla, Mambo, PHP-Nuke, and XOOPS CMS SQL injection vulnerability scanning tool written in Python. webapp scanner
cmseek 244.ee4999a CMS (Content Management Systems) Detection and Exploitation suite. webapp fingerprint exploitation
cmsfuzz 5.6be5a98 Fuzzer for wordpress, cold fusion, drupal, joomla, and phpnuke. webapp scanner fuzzer
cmsmap 1:8.59dd0e2 A python open source Content Management System scanner that automates the process of detecting security flaws of the most popular CMSs. scanner automation webapp exploitation
comission 32.0ed0ba1 WhiteBox CMS analysis. webapp scanner
commix 1230.1d37ea4 Automated All-in-One OS Command Injection and Exploitation Tool. webapp automation exploitation
conscan 1.2 A blackbox vulnerability scanner for the Concre5 CMS. fuzzer scanner webapp
corstest 5.b203683 A simple CORS misconfigurations checker. scanner webapp
cpfinder 0.1 This is a simple script that looks for administrative web interfaces. scanner webapp
crawlic 51.739fe2b Web recon tool (find temporary files, parse robots.txt, search folders, google dorks and search domains hosted on same server). webapp recon
crlf-injector 8.abaf494 A python script for testing CRLF injecting issues. fuzzer webapp
csrftester 1.0 The OWASP CSRFTester Project attempts to give developers the ability to test their applications for CSRF flaws. webapp
cybercrowl 108.39d9f0b A Python Web path scanner tool. webapp scanner
d-tect 13.9555c25 Pentesting the Modern Web. scanner recon webapp
darkbing 0.1 A tool written in python that leverages bing for mining data on systems that may be susceptible to SQL injection. scanner fuzzer webapp
darkd0rk3r 1.0 Python script that performs dork searching and searches for local file inclusion and SQL injection errors. exploitation webapp
darkjumper 5.8 This tool will try to find every website that host at the same server at your target. webapp
darkmysqli 1.6 Multi-Purpose MySQL Injection Tool exploitation webapp
davscan 28.13ae481 Fingerprints servers, finds exploits, scans WebDAV. webapp scanner fingerprint recon
dawnscanner 1.6.9 A static analysis security scanner for ruby written web applications. webapp scanner
dcrawl 7.3273c35 Simple, but smart, multi-threaded web crawler for randomly gathering huge lists of unique domain names. scanner webapp
detectem 228.c40e39a Detect software and its version on websites. fingerprint webapp recon
dff-scanner 1.1 Tool for finding path of predictable resource locations. webapp
dirb 2.22 A web content scanner, brute forceing for hidden files. scanner webapp
dirbuster 1.0_RC1 An application designed to brute force directories and files names on web/application servers scanner webapp
dirbuster-ng 9.0c34920 C CLI implementation of the Java dirbuster tool. webapp scanner
directorytraversalscan Detect directory traversal vulnerabilities in HTTP servers and web applications. windows webapp
dirhunt 190.2eb3cab Find web directories without bruteforce. webapp scanner
dirscanner 0.1 This is a python script that scans webservers looking for administrative directories, php shells, and more. scanner webapp
dirsearch 263.37c54d1 HTTP(S) directory/file brute forcer. webapp scanner
domi-owned 41.583d0a5 A tool used for compromising IBM/Lotus Domino servers. webapp cracker fingerprint
doork 6.90c7260 Passive Vulnerability Auditor. webapp recon
dorknet 54.1444359 Selenium powered Python script to automate searching for vulnerable web apps. webapp automation
dpscan 0.1 Drupal Vulnerabilty Scanner. scanner webapp fuzzer
droopescan 1.41.1 A plugin-based scanner that aids security researchers in identifying issues with several CMSs, mainly Drupal & Silverstripe. scanner webapp
drupal-module-enum 7.58a8e69 Enumerate on drupal modules. webapp scanner
drupalscan 0.5.2 Simple non-intrusive Drupal scanner. webapp scanner
drupwn 42.9acf030 Drupal enumeration & exploitation tool. webapp exploitation scanner
dsfs 32.e27d6cb A fully functional File inclusion vulnerability scanner (supporting GET and POST parameters) written in under 100 lines of code. webapp scanner
dsjs 23.450a7f4 A fully functional JavaScript library vulnerability scanner written in under 100 lines of code. webapp scanner
dsss 116.6d14edb A fully functional SQL injection vulnerability scanner (supporting GET and POST parameters) written in under 100 lines of code. webapp scanner
dsxs 121.4015e2d A fully functional Cross-site scripting vulnerability scanner (supporting GET and POST parameters) written in under 100 lines of code. webapp scanner
dumb0 19.1493e74 A simple tool to dump users in popular forums and CMS. automation webapp
easyfuzzer 3.6 A flexible fuzzer, not only for web, has a CSV output for efficient output analysis (platform independant). fuzzer webapp
eazy 0.1 This is a small python tool that scans websites to look for PHP shells, backups, admin panels, and more. scanner webapp
epicwebhoneypot 2.0a Tool which aims to lure attackers using various types of web vulnerability scanners by tricking them into believing that they have found a vulnerability on a host. webapp defensive honeypot
eyewitness 736.489e4b4 Designed to take screenshots of websites, provide some server header info, and identify default credentials if possible. webapp recon misc
facebot 23.57f6025 A facebook profile and reconnaissance system. recon webapp
facebrute 7.ece355b This script tries to guess passwords for a given facebook account using a list of passwords (dictionary). cracker webapp
fbht 1:70.d75ae93 A Facebook Hacking Tool webapp
fhttp 1.3 This is a framework for HTTP related attacks. It is written in Perl with a GTK interface, has a proxy for debugging and manipulation, proxy chaining, evasion rules, and more. webapp scanner fuzzer fingerprint dos
filebuster 55.e0aba68 An extremely fast and flexible web fuzzer. webapp fuzzer
flashscanner 11.6815b02 Flash XSS Scanner. scanner webapp
flunym0us 2.0 A Vulnerability Scanner for Wordpress and Moodle. scanner webapp
fuxploider 122.06bb2a8 Tool that automates the process of detecting and exploiting file upload forms flaws. webapp exploitation
ghost-py 2.0.0 Webkit based webclient (relies on PyQT). webapp misc
gittools 42.4eb2512 A repository with 3 tools for pwn'ing websites with .git repositories available'. webapp scanner
gobuster 1:191.0e209e5 Directory/file & DNS busting tool written in Go. webapp scanner
golismero 68.6154507 Opensource web security testing framework. webapp
grabber 0.1 A web application scanner. Basically it detects some kind of vulnerabilities in your website. webapp
gwtenum 1:7.f27a5aa A command line tool that analyzes the obfuscated Javascript produced by Google Web Toolkit (GWT) applications in order to enumerate all services and method calls. recon webapp
hakku 384.bbb434d Simple framework that has been made for penetration testing tools. scanner recon webapp exploitation fingerprint
halberd 0.2.4 Halberd discovers HTTP load balancers. It is useful for web application security auditing and for load balancer configuration testing. scanner webapp
host-extract 1:8.0134ad7 Ruby script tries to extract all IP/Host patterns in page response of a given URL and JavaScript/CSS files of that URL. scanner webapp
htcap 1:59.dbc9f51 A web application analysis tool for detecting communications between javascript and the server. webapp scanner
httpforge 11.02.01 A set of shell tools that let you manipulate, send, receive, and analyze HTTP messages. These tools can be used to test, discover, and assert the security of Web servers, apps, and sites. An accompanying Python library is available for extensions. webapp scanner fuzzer recon
httppwnly 47.528a664 "Repeater" style XSS post-exploitation tool for mass browser control. webapp
hyperfox 66.3256937 A security tool for proxying and recording HTTP and HTTPs traffic. networking proxy webapp
imagejs 54.1b0b3aa Small tool to package javascript into a valid image file. binary webapp
inurlbr 33.30a3abc Advanced search in the search engines - Inurl scanner, dorker, exploiter. scanner webapp automation
isr-form 1.0 Simple html parsing tool that extracts all form related information and generates reports of the data. Allows for quick analyzing of data. recon webapp
jaidam 18.15e0fec Penetration testing tool that would take as input a list of domain names, scan them, determine if wordpress or joomla platform was used and finally check them automatically, for web vulnerabilities using two well-known open source tools, WPScan and Joomscan. webapp automation exploitation
jboss-autopwn 1.3bc2d29 A JBoss script for obtaining remote shell access. exploitation webapp automation
jexboss 86.338b531 Jboss verify and Exploitation Tool. webapp exploitation
jomplug 0.1 This php script fingerprints a given Joomla system and then uses Packet Storm's archive to check for bugs related to the installed components. webapp fingerprint
jooforce 11.43c21ad A Joomla password brute force tester. webapp cracker
joomlascan 1.2 Joomla scanner scans for known vulnerable remote file inclusion paths and files. webapp scanner
joomlavs 254.eea7500 A black box, Ruby powered, Joomla vulnerability scanner. webapp scanner fuzzer
joomscan 1:53.60f7446 Detects file inclusion, sql injection, command execution vulnerabilities of a target Joomla! web site. webapp
jshell 6.558906f Get a JavaScript shell with XSS. webapp
jsql-injection 0.81 A Java application for automatic SQL database injection. webapp exploitation fuzzer
jstillery 63.c6d8b87 Advanced JavaScript Deobfuscation via Partial Evaluation. webapp
kadimus 57.1d86f89 LFI Scan & Exploit Tool. webapp exploitation scanner
kolkata 3.0 A web application fingerprinting engine written in Perl that combines cryptography with IDS evasion. webapp fingerprint
laf 12.7a456b3 Login Area Finder: scans host/s for login panels. scanner webapp
laudanum 1.0 A collection of injectable files, designed to be used in a pentest when SQL injection flaws are found and are in multiple languages for different environments. misc webapp
lbmap 147.2d15ace Proof of concept scripts for advanced web application fingerprinting, presented at OWASP AppSecAsia 2012. fingerprint webapp
letmefuckit-scanner 3.f3be22b Scanner and Exploit Magento. scanner webapp
leviathan 35.a1a1d8c A mass audit toolkit which has wide range service discovery, brute force, SQL injection detection and running custom exploit capabilities. scanner cracker webapp fuzzer exploitation
lfi-exploiter 1.1 This perl script leverages /proc/self/environ to attempt getting code execution out of a local file inclusion vulnerability. webapp exploitation
lfi-fuzzploit 1.1 A simple tool to help in the fuzzing for, finding, and exploiting of local file inclusion vulnerabilities in Linux-based PHP applications. webapp fuzzer exploitation
lfi-image-helper 0.8 A simple script to infect images with PHP Backdoors for local file inclusion attacks. webapp backdoor
lfi-scanner 4.0 This is a simple perl script that enumerates local file inclusion attempts when given a specific target. scanner fuzzer webapp
lfi-sploiter 1.0 This tool helps you exploit LFI (Local File Inclusion) vulnerabilities. Post discovery, simply pass the affected URL and vulnerable parameter to this tool. You can also use this tool to scan a URL for LFI vulnerabilities. webapp fuzzer exploitation
lfifreak 21.0c6adef A unique automated LFi Exploiter with Bind/Reverse Shells. webapp exploitation
lfimap 6.0edee6d This script is used to take the highest beneficts of the local file include vulnerability in a webserver. webapp fuzzer
lfisuite 85.470e01f Totally Automatic LFI Exploiter (+ Reverse Shell) and Scanner. scanner webapp exploitation
liffy 65.8011cdd A Local File Inclusion Exploitation tool. webapp exploitation fuzzer
lightbulb 67.e0ddf00 Python framework for auditing web applications firewalls. webapp scanner
list-urls 0.1 Extracts links from webpage misc webapp
magescan 1.12.7 Scan a Magento site for information. webapp scanner
mando.me 9.8b34f1a Web Command Injection Tool. webapp exploitation
maryam 1:10.26af6d2 Tool to scan Web application and networks and easily and complete the information gathering process. scanner webapp recon
metoscan 05 Tool for scanning the HTTP methods supported by a webserver. It works by testing a URL and checking the responses for the different requests. webapp
mooscan 81.a0eff5f A scanner for Moodle LMS. webapp scanner
morxtraversal 1.0 Path Traversal checking tool. webapp scanner
mosquito 39.fe54831 XSS exploitation tool - access victims through HTTP proxy. exploitation webapp
multiinjector 0.4 Automatic SQL injection utility using a lsit of URI addresses to test parameter manipulation. webapp
mwebfp 16.a800b98 Mass Web Fingerprinter. fingerprint webapp scanner
nikto 2.1.6 A web server scanner which performs comprehensive tests against web servers for multiple items scanner webapp fuzzer
nosqlmap 238.ae0b461 Automated Mongo database and NoSQL web application exploitation tool webapp exploitation
novahot 1.1.0 A webshell framework for penetration testers. webapp
nsia 1.0.6 A website scanner that monitors websites in realtime in order to detect defacements, compliance violations, exploits, sensitive information disclosure and other issues. scanner webapp defensive
opendoor 384.a728d2f OWASP Directory Access scanner. webapp scanner
otori 0.3 A python-based toolbox intended to allow useful exploitation of XML external entity ("XXE") vulnerabilities. exploitation webapp
owasp-bywaf 26.e730d1b A web application penetration testing framework (WAPTF). webapp scanner
owtf 1017.0bbeea1 The Offensive (Web) Testing Framework. webapp automation scanner fuzzer
pappy-proxy 77.e1bb049 An intercepting proxy for web application testing. webapp proxy scanner fuzzer recon
parameth 54.691fd46 This tool can be used to brute discover GET and POST parameters. webapp scanner
paranoic 1.7 A simple vulnerability scanner written in Perl. scanner scanner webapp
paros 3.2.13 Java-based HTTP/HTTPS proxy for assessing web app vulnerabilities. Supports editing/viewing HTTP messages on-the-fly, spiders, client certificates, proxy-chaining, intelligent scanning for XSS and SQLi, etc. webapp
payloadmask 16.ff38964 Web Payload list editor to use techniques to try bypass web application firewall. webapp
pblind 1.0 Little utility to help exploiting blind sql injection vulnerabilities. exploitation webapp
peepingtom 1:56.bc6f4d8 A tool to take screenshots of websites. Much like eyewitness. webapp recon
photon 227.509c593 Incredibly fast crawler which extracts urls, emails, files, website accounts and much more. webapp recon
php-findsock-shell 2.b8a984f A Findsock Shell implementation in PHP + C. webapp backdoor
php-vulnerability-hunter An whitebox fuzz testing tool capable of detected several classes of vulnerabilities in PHP web applications. windows webapp code-audit
phpsploit 758.24cad6d Stealth post-exploitation framework. webapp
plecost 98.1a4a11b Wordpress finger printer Tool. webapp fingerprint
plown 13.ccf998c A security scanner for Plone CMS. webapp
poracle 65.a5cfad7 A tool for demonstrating padding oracle attacks. crypto webapp
proxenet 712.67fc6b5 THE REAL hacker friendly proxy for web application pentests. webapp proxy sniffer
pyfiscan 2178.6d39660 Free web-application vulnerability and version scanner. webapp scanner
pythem 454.e4fcb8a Python penetration testing framework. scanner sniffer recon cracker webapp
python-jsbeautifier 1.8.9 JavaScript unobfuscator and beautifier reversing webapp
python2-jsbeautifier 1.8.9 JavaScript unobfuscator and beautifier reversing webapp
ratproxy 1.58 A passive web application security assessment tool fuzzer proxy scanner webapp
rawr 73.0924126 Rapid Assessment of Web Resources. A web enumerator. scanner webapp
red-hawk 25.d1bdac7 All in one tool for Information Gathering, Vulnerability Scanning and Crawling. recon scanner webapp
riwifshell 38.40075d5 Web backdoor - infector - explorer. webapp backdoor
ruler 271.882cc5f A tool to abuse Exchange services. webapp exploitation
rww-attack 0.9.2 The Remote Web Workplace Attack tool will perform a dictionary attack against a live Microsoft Windows Small Business Server's 'Remote Web Workplace' portal. It currently supports both SBS 2003 and SBS 2008 and includes features to avoid account lock out. webapp
sawef 28.e65dc9f Send Attack Web Forms. webapp recon
scrapy 1.5.1 A fast high-level scraping and web crawling framework. webapp recon scanner
secscan 1.5 Web Apps Scanner and Much more utilities. webapp scanner
shellinabox 428.98e6eeb Implements a web server that can export arbitrary command line tools to a web based terminal emulator. backdoor webapp
shortfuzzy 0.1 A web fuzzing script written in perl. webapp fuzzer scanner
sitediff 3.1383935 Fingerprint a web app using local files as the fingerprint sources. webapp fingerprint
skipfish 2.10b A fully automated, active web application security reconnaissance tool fuzzer scanner webapp
smplshllctrlr 9.2baf390 PHP Command Injection exploitation tool. webapp exploitation
snallygaster 48.ebb53ba Tool to scan for secret files on HTTP servers. webapp scanner
snuck 6.76196b6 Automatic XSS filter bypass. webapp
spaf 11.671a976 Static Php Analysis and Fuzzer. webapp fuzzer code-audit
spaghetti 4:9.df39a11 Web Application Security Scanner. webapp scanner
sparty 0.1 An open source tool written in python to audit web applications using sharepoint and frontpage architecture. webapp
spiga 2:604.651df8d Configurable web resource scanner. webapp scanner
spike-proxy 148 A Proxy for detecting vulnerabilities in web applications webapp
spipscan 1:69.4ad3235 SPIP (CMS) scanner for penetration testing purpose written in Python. webapp scanner
sqid 0.3 A SQL injection digger. webapp
sqlbrute 1.0 Brute forces data out of databases using blind SQL injection. fuzzer webapp
sqldict 2.1 A dictionary attack tool for SQL Server. windows webapp
sqlivulscan 249.cc8e657 This will give you the SQLi Vulnerable Website Just by Adding the Dork. scanner webapp
sqlmap 1.2.12 Automatic SQL injection and database takeover tool webapp exploitation fuzzer
sqlninja 0.2.999 A tool targeted to exploit SQL Injection vulnerabilities on a web application that uses Microsoft SQL Server as its back-end. exploitation fuzzer webapp
sqlping 4 SQL Server scanning tool that also checks for weak passwords using wordlists. windows webapp exploitation
sqlpowerinjector 1.2 Application created in .Net 1.1 that helps the penetration tester to find and exploit SQL injections on a web page. windows webapp
sqlsus 0.7.2 An open source MySQL injection and takeover tool, written in perl exploitation webapp
striker 57.763ff3f An offensive information and vulnerability scanner. scanner recon webapp
swarm 1:41.1713c1e A distributed penetration testing tool. scanner recon cracker exploitation webapp
swftools 0.9.2 A collection of SWF manipulation and creation utilities binary reversing webapp
taipan 1.7 Web application security scanner. scanner webapp
themole 0.3 Automatic SQL injection exploitation tool. webapp
tinfoleak 3.6469eb3 Get detailed information about a Twitter user activity. recon social webapp
tinfoleak2 41.c45c33e Get detailed information about a Twitter user activity. recon social webapp
tomcatwardeployer 78.1a53196 Apache Tomcat auto WAR deployment & pwning penetration testing tool. exploitation automation webapp
tplmap 708.39c7c5b Automatic Server-Side Template Injection Detection and Exploitation Tool. webapp exploitation
typo-enumerator 81.b01084b Enumerate Typo3 version and extensions. webapp scanner
uatester 1.06 User Agent String Tester misc webapp
ufonet 44.9c5e267 A tool designed to launch DDoS attacks against a target, using 'Open Redirect' vectors on third party web applications, like botnet. dos webapp
uniscan 6.3 A simple Remote File Include, Local File Include and Remote Command Execution vulnerability scanner. fuzzer scanner webapp
uppwn 9.f69dec4 A script that automates detection of security flaws on websites' file upload systems'. webapp fuzzer
urlcrazy 0.5 Generate and test domain typos and variations to detect and perform typo squatting, URL hijacking, phishing, and corporate espionage. webapp
urldigger 02c A python tool to extract URL addresses from different HOT sources and/or detect SPAM and malicious code webapp scanner
vane 1898.872a1c2 A vulnerability scanner which checks the security of WordPress installations using a black box approach. scanner webapp fuzzer
vanguard 0.1 A comprehensive web penetration testing tool written in Perl that identifies vulnerabilities in web applications. webapp scanner
vbscan 1:31.9383a39 A black box vBulletin vulnerability scanner written in perl. webapp fuzzer scanner
vega 1.0 An open source platform to test the security of web applications. webapp
visql 49.3082e30 Scan SQL vulnerability on target site and sites of on server. scanner webapp
vsvbp 6.241a7ab Black box tool for Vulnerability detection in web applications. webapp scanner
vulnerabilities-spider 1.426e70f A tool to scan for web vulnerabilities. webapp scanner
w3af 1.6.49 Web Application Attack and Audit Framework. fuzzer scanner webapp
waffit 202.d28dc3d Identify and fingerprint Web Application Firewall (WAF) products protecting a website. scanner webapp
wafninja 25.379cd98 A tool which contains two functions to attack Web Application Firewalls. webapp fuzzer
wafp 0.01_26c3 An easy to use Web Application Finger Printing tool written in ruby using sqlite3 databases for storing the fingerprints. webapp fingerprint
wafpass 44.624ac65 Analysing parameters with all payloads' bypass methods, aiming at benchmarking security solutions like WAF. webapp fuzzer
wafw00f 0.9.5 Identify and fingerprint Web Application Firewall (WAF) products protecting a website. scanner webapp
wapiti 3.0.1 A vulnerability scanner for web applications. It currently search vulnerabilities like XSS, SQL and XPath injections, file inclusions, command execution, LDAP injections, CRLF injections... fuzzer scanner webapp
wascan 1:0.2.1 Web Application Scanner. webapp scanner
waybackpack 49.36db906 Download the entire Wayback Machine archive for a given URL. webapp recon
web-soul 2 A plugin based scanner for attacking and data mining web sites written in Perl. webapp
webacoo 0.2.3 Web Backdoor Cookie Script-Kit. backdoor webapp
webborer 162.be01969 A directory-enumeration tool written in Go. webapp scanner
webenum 0.1 Tool to enumerate http responses using dynamically generated queries and more. Useful for penetration tests against web servers. scanner webapp
webexploitationtool 155.85bcf0e A cross platform web exploitation toolkit. exploitation webapp
webhandler 344.a7490cf A handler for PHP system functions & also an alternative 'netcat' handler. webapp
webhunter 12.918b606 Tool for scanning web applications and networks and easily completing the process of collecting knowledge. scanner webapp
webpwn3r 35.3fb27bb A python based Web Applications Security Scanner. scanner webapp
webrute 3.3 Web server directory brute forcer. scanner webapp
webscarab 20120422.001828 Framework for analysing applications that communicate using the HTTP and HTTPS protocols fuzzer proxy scanner webapp
webshag 1.10 A multi-threaded, multi-platform web server audit tool. fuzzer scanner webapp
webshells 23.f081f1e Web Backdoors. backdoor webapp
webslayer 5 A tool designed for brute forcing Web Applications. webapp
webspa 0.8 A web knocking tool, sending a single HTTP/S to run O/S commands. backdoor webapp
webxploiter 56.c03fe6b An OWASP Top 10 Security scanner. webapp exploitation fuzzer scanner
weevely 828.0b93e71 Weaponized web shell. backdoor webapp
wfuzz 631.dacdb37 Utility to bruteforce web applications to find their not linked resources. fuzzer webapp
whatsmyname 246.284db12 Tool to perform user and username enumeration on various websites. webapp recon
whatweb 4260.e142cc61 Next generation web scanner that identifies what websites are running. recon webapp
whichcdn 22.5fc6ddd Tool to detect if a given website is protected by a Content Delivery Network. webapp recon
wig 574.d5ddd91 WebApp Information Gatherer. webapp scanner recon
witchxtool 1.1 A perl script that consists of a port scanner, LFI scanner, MD5 bruteforcer, dork SQL injection scanner, fresh proxy scanner, and a dork LFI scanner. webapp scanner exploitation fuzzer
wmat 3:0.1 Automatic tool for testing webmail accounts. cracker webapp
wordbrutepress 30.5165648 Python script that performs brute forcing against WordPress installs using a wordlist. cracker webapp
wordpress-exploit-framework 902.4462106 A Ruby framework for developing and using modules which aid in the penetration testing of WordPress powered websites and systems. webapp exploitation
wordpresscan 62.dd794cf WPScan rewritten in Python + some WPSeku ideas. scanner webapp
wpbf 7.11b6ac1 Multithreaded WordPress brute forcer. cracker webapp
wpbrute-rpc 3.e7d8145 Tool for amplified bruteforce attacks on wordpress based website via xmlrcp API. cracker webapp
wpforce 87.31024e0 Wordpress Attack Suite. webapp cracker exploitation
wpscan 1:3.4.0 Black box WordPress vulnerability scanner webapp fuzzer scanner
wpseku 2:34.bd45994 Simple Wordpress Security Scanner. webapp scanner
ws-attacker 1.7 A modular framework for web services penetration testing. webapp
wsfuzzer 1.9.5 A Python tool written to automate SOAP pentesting of web services. fuzzer webapp
wssip 75.56d0d2c Application for capturing, modifying and sending custom WebSocket data from client to server and vice versa. webapp proxy
wuzz 209.4c6d320 Interactive cli tool for HTTP inspection. webapp misc
xsscrapy 139.06ad0aa XSS spider - 66/66 wavsep XSS detected. webapp
xsser 2:1.7 A penetration testing tool for detecting and exploiting XSS vulnerabilites. webapp fuzzer exploitation
xssless 45.8e7ebe1 An automated XSS payload generator written in python. webapp
xsspy 56.d317b27 Web Application XSS Scanner. webapp scanner
xsss 0.40b A brute force cross site scripting scanner. webapp fuzzer scanner
xssscan 1:17.7f1ea90 Command line tool for detection of XSS attacks in URLs. Based on ModSecurity rules from OWASP CRS. webapp scanner fuzzer
xsssniper 0.9 An automatic XSS discovery tool webapp fuzzer
xsstrike 349.58d8fea An advanced XSS detection and exploitation suite. webapp scanner
xssya 1:13.cd62817 A Cross Site Scripting Scanner & Vulnerability Confirmation. webapp scanner
xwaf 151.8c462ae Automatic WAF bypass tool. webapp scanner
xxeinjector 53.8c5c70e Tool for automatic exploitation of XXE vulnerability using direct and different out of band methods. exploitation webapp
yaaf 7.4d6273a Yet Another Admin Finder. webapp scanner
yasuo 121.994dcb1 A ruby script that scans for vulnerable & exploitable 3rd-party web applications on a network. webapp scanner
yawast 548.9eec969 The YAWAST Antecedent Web Application Security Toolkit. webapp scanner fuzzer
ycrawler 0.1 A web crawler that is useful for grabbing all user supplied input related to a given website and will save the output. It has proxy and log file support. webapp scanner proxy
yinjector 0.1 A MySQL injection penetration tool. It has multiple features, proxy support, and multiple exploitation methods. exploitation webapp automation
ysoserial 0.0.5 A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization. webapp exploitation
zaproxy 2.7.0 Integrated penetration testing tool for finding vulnerabilities in web applications webapp fuzzer proxy