webapp


Home / Tools / webapp

Packages that operate on internet-facing applications.

Tool count: 386

Name Version Description Category Website
0d1n 1:226.61acb06 Web security tool to make fuzzing at HTTP inputs, made in C with libCurl. webapp fuzzer scanner
abuse-ssl-bypass-waf 6.36a80af Bypassing WAF by abusing SSL/TLS Ciphers. webapp fuzzer
adfind 29.179602f Admin Panel Finder. webapp recon
adminpagefinder 0.1 This python script looks for a large amount of possible administrative interfaces on a given site. webapp scanner
albatar 32.c1613fe A SQLi exploitation framework in Python. webapp exploitation
allthevhosts 1.0 A vhost discovery tool that scrapes various web applications. scanner webapp
anti-xss 166.2725dc9 A XSS vulnerability scanner. webapp scanner
arachni 1.5.1.2.gd869f0aa3 A feature-full, modular, high-performance Ruby framework aimed towards helping penetration testers and administrators evaluate the security of web applications. webapp
archivebox 903.59da482 The open source self-hosted web archive. Takes browser history/bookmarks/Pocket/Pinboard/etc., saves HTML, JS, PDFs, media, and more. misc webapp
arjun 81.6260fc6 HTTP parameter discovery suite. webapp scanner
asp-audit 2BETA An ASP fingerprinting tool and vulnerability scanner. fingerprint scanner webapp
astra 486.394d538 Automated Security Testing For REST API's. webapp fuzzer
atlas 7.77bd6c8 Open source tool that can suggest sqlmap tampers to bypass WAF/IDS/IPS. webapp fuzzer
atscan 2427.9a3cebc Server, Site and Dork Scanner. scanner webapp fuzzer exploitation automation
aws-extender-cli 17.a351154 Script to test S3 buckets as well as Google Storage buckets and Azure Storage containers for common misconfiguration issues. scanner webapp
backcookie 51.6dabc38 Small backdoor using cookie. backdoor webapp
badministration 16.69e4ec2 A tool which interfaces with management or administration applications from an offensive standpoint. webapp scanner recon fingerprint
bbqsql 261.b9859d2 SQL injection exploit tool. webapp exploitation
bbscan 44.4b82032 A tiny Batch weB vulnerability Scanner. webapp scanner fuzzer
belati 72.49577a1 The Traditional Swiss Army Knife for OSINT. scanner recon webapp
bfac 51.a482db2 An automated tool that checks for backup artifacts that may disclose the web-application's source code. recon webapp
bing-lfi-rfi 0.1 This is a python script for searching Bing for sites that may have local and remote file inclusion vulnerabilities. webapp scanner fuzzer
bitdump 34.6a5cbd8 A tool to extract database data from a blind SQL injection vulnerability. exploitation webapp
blindelephant 7 A web application fingerprinter. Attempts to discover the version of a (known) web application by comparing static files at known locations fingerprint webapp
blisqy 20.e9995fc Exploit Time-based blind-SQL injection in HTTP-Headers (MySQL/MariaDB). webapp exploitation
brute-force 52.78d1d8e Brute-Force attack tool for Gmail Hotmail Twitter Facebook Netflix. cracker social webapp
brutemap 65.da4b303 Penetration testing tool that automates testing accounts to the site's login page. webapp cracker
brutexss 54.ba753df Cross-Site Scripting Bruteforcer. webapp fuzzer
bsqlbf 2.7 Blind SQL Injection Brute Forcer. webapp
bsqlinjector 13.027184f Blind SQL injection exploitation tool written in ruby. webapp exploitation
burpsuite 1:2020.11.1 An integrated platform for attacking web applications (free edition). fuzzer proxy scanner webapp
cangibrina 123.6de0165 Dashboard Finder. scanner webapp
cansina 2:51.9d171bd A python-based Web Content Discovery Tool. webapp scanner
chankro 21.7b6e844 Tool that generates a PHP capable of run a custom binary (like a meterpreter) or a bash script (p.e. reverse shell) bypassing disable_functions & open_basedir). webapp exploitation
cintruder 14.f8a3f12 An automatic pentesting tool to bypass captchas. cracker webapp
cjexploiter 6.72b08d8 Drag and Drop ClickJacking exploit development assistance tool. webapp
cloudget 64.cba10b1 Python script to bypass cloudflare from command line. Built upon cfscrape module. webapp
cms-explorer 15.23b58cd Designed to reveal the specific modules, plugins, components and themes that various cms driven websites are running fingerprint webapp
cms-few 0.1 Joomla, Mambo, PHP-Nuke, and XOOPS CMS SQL injection vulnerability scanning tool written in Python. webapp scanner
cmseek 346.4632efb CMS (Content Management Systems) Detection and Exploitation suite. webapp fingerprint exploitation
cmsfuzz 5.6be5a98 Fuzzer for wordpress, cold fusion, drupal, joomla, and phpnuke. webapp scanner fuzzer
cmsmap 1:8.59dd0e2 A python open source Content Management System scanner that automates the process of detecting security flaws of the most popular CMSs. scanner automation webapp exploitation
cmsscan 41.45a0360 CMS scanner to identify and find vulnerabilities for Wordpress, Drupal, Joomla, vBulletin. webapp scanner recon fingerprint
cmsscanner 0.12.1.26.g6d32a65 CMS Scanner Framework. webapp scanner recon fingerprint
comission 203.67b890e WhiteBox CMS analysis. webapp scanner
commix 1508.87550408 Automated All-in-One OS Command Injection and Exploitation Tool. webapp automation exploitation
conscan 1.2 A blackbox vulnerability scanner for the Concre5 CMS. fuzzer scanner webapp
corscanner 71.ba44ea1 Fast CORS misconfiguration vulnerabilities scanner. webapp scanner
corstest 10.beffd0b A simple CORS misconfigurations checker. scanner webapp
corsy 32.fdf0dd5 CORS Misconfiguration Scanner. webapp scanner
cpfinder 0.1 This is a simple script that looks for administrative web interfaces. scanner webapp
crabstick 47.bb7827f Automatic remote/local file inclusion vulnerability analysis and exploit tool. webapp exploitation
crawlic 51.739fe2b Web recon tool (find temporary files, parse robots.txt, search folders, google dorks and search domains hosted on same server). webapp recon
crlf-injector 8.abaf494 A python script for testing CRLF injecting issues. fuzzer webapp
csrftester 1.0 The OWASP CSRFTester Project attempts to give developers the ability to test their applications for CSRF flaws. webapp
cybercrowl 111.f7cac52 A Python Web path scanner tool. webapp scanner
d-tect 13.9555c25 Pentesting the Modern Web. scanner recon webapp
dalfox 522.2fc0fdd Parameter Analysis and XSS Scanning tool. webapp fuzzer
darkbing 0.1 A tool written in python that leverages bing for mining data on systems that may be susceptible to SQL injection. scanner fuzzer webapp
darkd0rk3r 1.0 Python script that performs dork searching and searches for local file inclusion and SQL injection errors. exploitation webapp
darkjumper 5.8 This tool will try to find every website that host at the same server at your target. webapp
darkmysqli 1.6 Multi-Purpose MySQL Injection Tool exploitation webapp
darkscrape 63.4c225f3 OSINT Tool For Scraping Dark Websites. webapp scanner recon
davscan 30.701f967 Fingerprints servers, finds exploits, scans WebDAV. webapp scanner fingerprint recon
dawnscanner 1:v1.6.9.r6.gac3eba5 A static analysis security scanner for ruby written web applications. webapp scanner
dcrawl 7.3273c35 Simple, but smart, multi-threaded web crawler for randomly gathering huge lists of unique domain names. scanner webapp
detectem 269.e80471e Detect software and its version on websites. fingerprint webapp recon
dff-scanner 1.1 Tool for finding path of predictable resource locations. webapp
dirb 2.22 A web content scanner, brute forceing for hidden files. scanner webapp
dirble 1:1.4.2 Fast directory scanning and scraping tool. webapp scanner
dirbuster 1.0_RC1 An application designed to brute force directories and files names on web/application servers scanner webapp
dirbuster-ng 9.0c34920 C CLI implementation of the Java dirbuster tool. webapp scanner
directorytraversalscan 1.0.1.0 Detect directory traversal vulnerabilities in HTTP servers and web applications. windows webapp
dirhunt 253.edd9315 Find web directories without bruteforce. webapp scanner
dirscanner 0.1 This is a python script that scans webservers looking for administrative directories, php shells, and more. scanner webapp
dirscraper 16.e752450 OSINT Scanning tool which discovers and maps directories found in javascript files hosted on a website. webapp scanner
dirsearch 1271.b432847 HTTP(S) directory/file brute forcer. webapp scanner
dirstalk 1.3.2 Modern alternative to dirbuster/dirb. scanner webapp
docem 20.b0ddd87 Uility to embed XXE and XSS payloads in docx,odt,pptx,etc (OXML_XEE on steroids). webapp
domi-owned 41.583d0a5 A tool used for compromising IBM/Lotus Domino servers. webapp cracker fingerprint
doork 6.90c7260 Passive Vulnerability Auditor. webapp recon
dorknet 58.419d6a2 Selenium powered Python script to automate searching for vulnerable web apps. webapp automation
dpscan 0.1 Drupal Vulnerabilty Scanner. scanner webapp fuzzer
droopescan 1.44.0 A plugin-based scanner that aids security researchers in identifying issues with several CMSs, mainly Drupal & Silverstripe. scanner webapp
drupal-module-enum 11.525543c Enumerate on drupal modules. webapp scanner
drupalscan 0.5.2 Simple non-intrusive Drupal scanner. webapp scanner
drupwn 1:59.8186732 Drupal enumeration & exploitation tool. webapp exploitation scanner
dsfs 36.8e9f8e9 A fully functional File inclusion vulnerability scanner (supporting GET and POST parameters) written in under 100 lines of code. webapp scanner
dsjs 31.4d6d57d A fully functional JavaScript library vulnerability scanner written in under 100 lines of code. webapp scanner
dsss 123.84ddd33 A fully functional SQL injection vulnerability scanner (supporting GET and POST parameters) written in under 100 lines of code. webapp scanner
dsstore-crawler 4.9e003a3 A parser + crawler for .DS_Store files exposed publically. webapp recon
dsxs 128.d79cc26 A fully functional Cross-site scripting vulnerability scanner (supporting GET and POST parameters) written in under 100 lines of code. webapp scanner
dumb0 19.1493e74 A simple tool to dump users in popular forums and CMS. automation webapp
easyfuzzer 3.6 A flexible fuzzer, not only for web, has a CSV output for efficient output analysis (platform independant). fuzzer webapp
eazy 0.1 This is a small python tool that scans websites to look for PHP shells, backups, admin panels, and more. scanner webapp
epicwebhoneypot 2.0a Tool which aims to lure attackers using various types of web vulnerability scanners by tricking them into believing that they have found a vulnerability on a host. webapp defensive honeypot
evine 38.1643204 Interactive CLI Web Crawler. webapp scanner
extended-ssrf-search 24.97b0516 Smart ssrf scanner using different methods like parameter brute forcing in post and get. webapp scanner
eyewitness 864.d98b547 Designed to take screenshots of websites, provide some server header info, and identify default credentials if possible. webapp recon misc
facebot 23.57f6025 A facebook profile and reconnaissance system. recon webapp
facebrute 7.ece355b This script tries to guess passwords for a given facebook account using a list of passwords (dictionary). cracker webapp
fbht 1:70.d75ae93 A Facebook Hacking Tool webapp
fdsploit 26.4522f53 A File Inclusion & Directory Traversal fuzzing, enumeration & exploitation tool. webapp fuzzer exploitation
ffuf 157.c6a6293 Fast web fuzzer written in Go. webapp fuzzer
fhttp 1.3 This is a framework for HTTP related attacks. It is written in Perl with a GTK interface, has a proxy for debugging and manipulation, proxy chaining, evasion rules, and more. webapp scanner fuzzer fingerprint dos
filebuster 73.2d1749f An extremely fast and flexible web fuzzer. webapp fuzzer
filegps 89.a098212 A tool that help you to guess how your shell was renamed after the server-side script of the file uploader saved it. webapp misc
fingerprinter 454.23f44f9 CMS/LMS/Library etc Versions Fingerprinter. fingerprint webapp
flashscanner 11.6815b02 Flash XSS Scanner. scanner webapp
flask-session-cookie-manager2 v1.2.1.1.r4.g7a87816 Decode and encode Flask session cookie. webapp
flask-session-cookie-manager3 v1.2.1.1.r4.g7a87816 Decode and encode Flask session cookie. webapp
flunym0us 2.0 A Vulnerability Scanner for Wordpress and Moodle. scanner webapp
fockcache 10.3e7efa9 Tool to make cache poisoning by trying X-Forwarded-Host and X-Forwarded-Scheme headers on web pages. webapp fuzzer
fuxploider 130.dd1a879 Tool that automates the process of detecting and exploiting file upload forms flaws. webapp exploitation
gau 55.4846cd1 Fetch known URLs from AlienVault's Open Threat Exchange, the Wayback Machine, and Common Crawl. webapp recon
ghost-py 2.0.0 Webkit based webclient (relies on PyQT). webapp misc
gittools 61.71ea557 A repository with 3 tools for pwn'ing websites with .git repositories available'. webapp scanner
gobuster 1:341.f278731 Directory/file & DNS busting tool written in Go. webapp scanner
golismero 73.7d605b9 Opensource web security testing framework. webapp
gopherus 31.9ca94b8 Tool generates gopher link for exploiting SSRF and gaining RCE in various servers. webapp exploitation
gospider 77.656e12f Fast web spider written in Go. webapp scanner
grabber 0.1 A web application scanner. Basically it detects some kind of vulnerabilities in your website. webapp
graphqlmap 44.87b5626 Scripting engine to interact with a graphql endpoint for pentesting purposes. webapp exploitation fuzzer
gwtenum 1:7.f27a5aa A command line tool that analyzes the obfuscated Javascript produced by Google Web Toolkit (GWT) applications in order to enumerate all services and method calls. recon webapp
h2buster 79.6c4dd1c A threaded, recursive, web directory brute-force scanner over HTTP/2. scanner webapp
h2csmuggler 7.7ea573a HTTP Request Smuggling over HTTP/2 Cleartext (h2c). webapp
h2t 36.9183a30 Scans a website and suggests security headers to apply. webapp scanner defensive
hakku 384.bbb434d Simple framework that has been made for penetration testing tools. scanner recon webapp exploitation fingerprint
hakrawler 132.e39a514 Simple, fast web crawler designed for easy, quick discovery of endpoints and assets within a web application. webapp scanner
halberd 0.2.4 Halberd discovers HTTP load balancers. It is useful for web application security auditing and for load balancer configuration testing. scanner webapp
hetty 64.98dacbe HTTP toolkit for security research. It aims to become an open source alternative to commercial software like Burp Suite Pro, with powerful features tailored to the needs of the infosec and bug bounty community. webapp proxy
host-extract 1:8.0134ad7 Ruby script tries to extract all IP/Host patterns in page response of a given URL and JavaScript/CSS files of that URL. scanner webapp
htcap 1:135.77d4d59 A web application analysis tool for detecting communications between javascript and the server. webapp scanner
httpforge 11.02.01 A set of shell tools that let you manipulate, send, receive, and analyze HTTP messages. These tools can be used to test, discover, and assert the security of Web servers, apps, and sites. An accompanying Python library is available for extensions. webapp scanner fuzzer recon
httpgrep 1.8 A python tool which scans for HTTP servers and finds given strings in URIs. webapp scanner
httppwnly 47.528a664 "Repeater" style XSS post-exploitation tool for mass browser control. webapp
httpx 268.fd07f1c A fast and multi-purpose HTTP toolkit allow to run multiple probers using retryablehttp library. webapp scanner
hyperfox 121.1a8c26f A security tool for proxying and recording HTTP and HTTPs traffic. networking proxy webapp
identywaf 199.343b9d0 Blind WAF identification tool. webapp fingerprint
imagejs 55.f926663 Small tool to package javascript into a valid image file. binary webapp
injectus 11.f63590c CRLF and open redirect fuzzer. webapp scanner fuzzer
inurlbr 33.30a3abc Advanced search in the search engines - Inurl scanner, dorker, exploiter. scanner webapp automation
isr-form 1.0 Simple html parsing tool that extracts all form related information and generates reports of the data. Allows for quick analyzing of data. recon webapp
jaeles 202.cbae89f The Swiss Army knife for automated Web Application Testing. webapp scanner
jaidam 18.15e0fec Penetration testing tool that would take as input a list of domain names, scan them, determine if wordpress or joomla platform was used and finally check them automatically, for web vulnerabilities using two well-known open source tools, WPScan and Joomscan. webapp automation exploitation
jast 17.361ecde Just Another Screenshot Tool. webapp recon misc
jboss-autopwn 1.3bc2d29 A JBoss script for obtaining remote shell access. exploitation webapp automation
jdeserialize 31.20635ba A library that interprets Java serialized objects. It also comes with a command-line tool that can generate compilable class declarations, extract block data, and print textual representations of instance values. webapp reversing
jexboss 86.338b531 Jboss verify and Exploitation Tool. webapp exploitation
jok3r 447.0761996 Network and Web Pentest Framework. webapp scanner fuzzer networking
jomplug 0.1 This php script fingerprints a given Joomla system and then uses Packet Storm's archive to check for bugs related to the installed components. webapp fingerprint
jooforce 11.43c21ad A Joomla password brute force tester. webapp cracker
joomlascan 1.2 Joomla scanner scans for known vulnerable remote file inclusion paths and files. webapp scanner
joomlavs 254.eea7500 A black box, Ruby powered, Joomla vulnerability scanner. webapp scanner fuzzer
joomscan 1:71.4192949 Detects file inclusion, sql injection, command execution vulnerabilities of a target Joomla! web site. webapp
jsearch 34.15a5285 Simple script that grep infos from javascript files. recon webapp
jshell 7.ee3c92d Get a JavaScript shell with XSS. webapp
jsonbee 24.1a518dd A ready to use JSONP endpoints/payloads to help bypass content security policy (CSP). webapp
jsparser 31.ccd3ab6 Parse javascript using Tornado and and JSBeautifier to discover interesting enpoints. webapp reversing
jsql-injection 0.82 A Java application for automatic SQL database injection. webapp exploitation fuzzer
jstillery 65.512e9af Advanced JavaScript Deobfuscation via Partial Evaluation. webapp
kadimus 113.b036a7f LFI Scan & Exploit Tool. webapp exploitation scanner
keye 29.d44a578 Recon tool detecting changes of websites based on content-length differences. recon webapp
kolkata 3.0 A web application fingerprinting engine written in Perl that combines cryptography with IDS evasion. webapp fingerprint
konan 21.78cc68f Advanced Web Application Dir Scanner. webapp scanner
kubolt 22.0be200d Utility for scanning public kubernetes clusters. webapp scanner
laf 12.7a456b3 Login Area Finder: scans host/s for login panels. scanner webapp
laudanum 1.0 A collection of injectable files, designed to be used in a pentest when SQL injection flaws are found and are in multiple languages for different environments. misc webapp
lbmap 147.2d15ace Proof of concept scripts for advanced web application fingerprinting, presented at OWASP AppSecAsia 2012. fingerprint webapp
letmefuckit-scanner 3.f3be22b Scanner and Exploit Magento. scanner webapp
leviathan 35.a1a1d8c A mass audit toolkit which has wide range service discovery, brute force, SQL injection detection and running custom exploit capabilities. scanner cracker webapp fuzzer exploitation
lfi-exploiter 1.1 This perl script leverages /proc/self/environ to attempt getting code execution out of a local file inclusion vulnerability. webapp exploitation
lfi-fuzzploit 1.1 A simple tool to help in the fuzzing for, finding, and exploiting of local file inclusion vulnerabilities in Linux-based PHP applications. webapp fuzzer exploitation
lfi-image-helper 0.8 A simple script to infect images with PHP Backdoors for local file inclusion attacks. webapp backdoor
lfi-scanner 4.0 This is a simple perl script that enumerates local file inclusion attempts when given a specific target. scanner fuzzer webapp
lfi-sploiter 1.0 This tool helps you exploit LFI (Local File Inclusion) vulnerabilities. Post discovery, simply pass the affected URL and vulnerable parameter to this tool. You can also use this tool to scan a URL for LFI vulnerabilities. webapp fuzzer exploitation
lfifreak 21.0c6adef A unique automated LFi Exploiter with Bind/Reverse Shells. webapp exploitation
lfimap 6.0edee6d This script is used to take the highest beneficts of the local file include vulnerability in a webserver. webapp fuzzer
lfisuite 85.470e01f Totally Automatic LFI Exploiter (+ Reverse Shell) and Scanner. scanner webapp exploitation
liffy 1:13.43a9298 A Local File Inclusion Exploitation tool. webapp exploitation fuzzer
lightbulb 83.fe117c2 Python framework for auditing web applications firewalls. webapp scanner
linkfinder 157.dae58bb Discovers endpoint and their parameters in JavaScript files. webapp recon
list-urls 0.1 Extracts links from webpage misc webapp
lulzbuster 1.3.2 A very fast and smart web-dir/file enumeration tool written in C. webapp scanner recon
magescan 1.12.9 Scan a Magento site for information. webapp scanner
mando.me 9.8b34f1a Web Command Injection Tool. webapp exploitation
maryam 2:462.473f218 Tool to scan Web application and networks and easily and complete the information gathering process. scanner webapp recon
meg 87.9daab00 Fetch many paths for many hosts - without killing the hosts. webapp scanner
metoscan 05 Tool for scanning the HTTP methods supported by a webserver. It works by testing a URL and checking the responses for the different requests. webapp
mooscan 1:10.82963b0 A scanner for Moodle LMS. webapp scanner
morxtraversal 1.0 Path Traversal checking tool. webapp scanner
mosquito 39.fe54831 XSS exploitation tool - access victims through HTTP proxy. exploitation webapp
multiinjector 0.4 Automatic SQL injection utility using a lsit of URI addresses to test parameter manipulation. webapp
mwebfp 16.a800b98 Mass Web Fingerprinter. fingerprint webapp scanner
nikto 2.1.6 A web server scanner which performs comprehensive tests against web servers for multiple items scanner webapp fuzzer
nosqli-user-pass-enum 18.1b3713a Script to enumerate usernames and passwords from vulnerable web applications running MongoDB. exploitation webapp
nosqlmap 238.ae0b461 Automated Mongo database and NoSQL web application exploitation tool webapp exploitation
novahot 23.69857bb A webshell framework for penetration testers. webapp
nsia 1.0.6 A website scanner that monitors websites in realtime in order to detect defacements, compliance violations, exploits, sensitive information disclosure and other issues. scanner webapp defensive
nuclei 679.a824c3f Nuclei is a fast tool for configurable targeted scanning based on templates offering massive extensibility and ease of use. webapp scanner
okadminfinder 76.775f4fa Tool to find admin panels / admin login pages. webapp scanner
opendoor 393.c5e271f OWASP Directory Access scanner. webapp scanner
otori 0.3 A python-based toolbox intended to allow useful exploitation of XML external entity ("XXE") vulnerabilities. exploitation webapp
owasp-bywaf 26.e730d1b A web application penetration testing framework (WAPTF). webapp scanner
owtf 2132.3a543b4e The Offensive (Web) Testing Framework. webapp automation scanner fuzzer
pappy-proxy 77.e1bb049 An intercepting proxy for web application testing. webapp proxy scanner fuzzer recon
parameth 56.8da6f27 This tool can be used to brute discover GET and POST parameters. webapp scanner
parampampam 32.9a10782 This tool for brute discover GET and POST parameters. webapp fuzzer
paranoic 1.7 A simple vulnerability scanner written in Perl. scanner scanner webapp
paros 3.2.13 Java-based HTTP/HTTPS proxy for assessing web app vulnerabilities. Supports editing/viewing HTTP messages on-the-fly, spiders, client certificates, proxy-chaining, intelligent scanning for XSS and SQLi, etc. webapp
payloadmask 16.ff38964 Web Payload list editor to use techniques to try bypass web application firewall. webapp
pblind 1.0 Little utility to help exploiting blind sql injection vulnerabilities. exploitation webapp
peepingtom 1:56.bc6f4d8 A tool to take screenshots of websites. Much like eyewitness. webapp recon
photon 324.198deac Incredibly fast crawler which extracts urls, emails, files, website accounts and much more. webapp recon
php-findsock-shell 2.b8a984f A Findsock Shell implementation in PHP + C. webapp backdoor
php-vulnerability-hunter 1.4.0.20 An whitebox fuzz testing tool capable of detected several classes of vulnerabilities in PHP web applications. windows webapp code-audit
phpsploit 967.351223d Stealth post-exploitation framework. webapp
pixload 27.3035bab Image Payload Creating/Injecting tools. webapp backdoor
plecost 98.1a4a11b Wordpress finger printer Tool. webapp fingerprint
plown 13.ccf998c A security scanner for Plone CMS. webapp
poly 52.4e6f189 Polymorphic webshells. webapp backdoor
poracle 68.dcc00b0 A tool for demonstrating padding oracle attacks. crypto webapp
pown 117.7ecca0b Security testing and exploitation toolkit built on top of Node.js and NPM. webapp recon scanner social proxy
proxenet 712.67fc6b5 THE REAL hacker friendly proxy for web application pentests. webapp proxy sniffer
pureblood 37.2c5ce07 A Penetration Testing Framework created for Hackers / Pentester / Bug Hunter. automation webapp scanner fuzzer
pwndrop 18.385ba70 Self-deployable file hosting service for red teamers, allowing to easily upload and share payloads over HTTP and WebDAV. webapp exploitation automation
pyfiscan 2500.611a93e Free web-application vulnerability and version scanner. webapp scanner
pythem 454.e4fcb8a Python penetration testing framework. scanner sniffer recon cracker webapp
python-arsenic 19.1 Async WebDriver implementation for asyncio and asyncio-compatible frameworks. automation webapp
python-jsbeautifier 1.13.0 JavaScript unobfuscator and beautifier reversing webapp
python-witnessme 1:1.5.0 Web Inventory tool, takes screenshots of webpages using Pyppeteer. webapp recon
python2-jsbeautifier 1.13.0 JavaScript unobfuscator and beautifier reversing webapp
python2-webtech 1.2.8 Identify technologies used on websites. webapp recon scanner fingerprint
rabid 1:v0.0.6.r2.g3350eb8 A CLI tool and library allowing to simply decode all kind of BigIP cookies. webapp misc
rabid-git v0.0.4.r14.gd5398d2 A CLI tool and library allowing to simply decode all kind of BigIP cookies webapp misc
rapidscan 169.bd9ea15 The Multi-Tool Web Vulnerability Scanner. webapp scanner recon fingerprint fuzzer exploitation
ratproxy 1.58 A passive web application security assessment tool fuzzer proxy scanner webapp
rawr 74.544dd75 Rapid Assessment of Web Resources. A web enumerator. scanner webapp
recsech 123.1fc298a Tool for doing Footprinting and Reconnaissance on the target web. recon scanner webapp fingerprinting
red-hawk 36.fa54e23 All in one tool for Information Gathering, Vulnerability Scanning and Crawling. recon scanner webapp
remot3d 38.a707ef7 An Simple Exploit for PHP Language. webapp backdoor exploitation
richsploit 2.583f553 Exploitation toolkit for RichFaces. exploitation webapp
riwifshell 38.40075d5 Web backdoor - infector - explorer. webapp backdoor
ruler 299.3cd1079 A tool to abuse Exchange services. webapp exploitation
rustbuster 295.18cd96e DirBuster for Rust. webapp scanner
rww-attack 0.9.2 The Remote Web Workplace Attack tool will perform a dictionary attack against a live Microsoft Windows Small Business Server's 'Remote Web Workplace' portal. It currently supports both SBS 2003 and SBS 2008 and includes features to avoid account lock out. webapp
sawef 29.8580d55 Send Attack Web Forms. webapp recon
scanqli 26.40a028d SQLi scanner to detect SQL vulns. webapp scanner
scrapy 2.3.0 A fast high-level scraping and web crawling framework. webapp recon scanner
secretfinder 39.ca5e1a1 A python script to find sensitive data (apikeys, accesstoken, jwt,..) in javascript files. webapp recon
secscan 1.5 Web Apps Scanner and Much more utilities. webapp scanner
serializationdumper 26.49dbece A tool to dump Java serialization streams in a more human readable form. webapp reversing
shellinabox 428.98e6eeb Implements a web server that can export arbitrary command line tools to a web based terminal emulator. backdoor webapp
shortfuzzy 0.1 A web fuzzing script written in perl. webapp fuzzer scanner
sitadel 121.0a0e475 Web Application Security Scanner. webapp scanner
sitediff 3.1383935 Fingerprint a web app using local files as the fingerprint sources. webapp fingerprint
sjet 27.2d52f0c Siberas JMX exploitation toolkit. exploitation webapp
skipfish 2.10b A fully automated, active web application security reconnaissance tool fuzzer scanner webapp
smplshllctrlr 9.2baf390 PHP Command Injection exploitation tool. webapp exploitation
smuggler 21.7084d63 Python tool used to test for HTTP Desync/Request Smuggling attacks. webapp scanner
smuggler-py 1.0 Python tool used to test for HTTP Desync/Request Smuggling attacks. webapp scanner
snallygaster 164.bfe8914 Tool to scan for secret files on HTTP servers. webapp scanner
snare 172.7762b76 Super Next generation Advanced Reactive honEypot honeypot webapp
snuck 6.76196b6 Automatic XSS filter bypass. webapp
spaf 11.671a976 Static Php Analysis and Fuzzer. webapp fuzzer code-audit
spaghetti 4:9.df39a11 Web Application Security Scanner. webapp scanner
sparty 0.1 An open source tool written in python to audit web applications using sharepoint and frontpage architecture. webapp
spiga 2:623.8bc1ddc Configurable web resource scanner. webapp scanner
spike-proxy 148 A Proxy for detecting vulnerabilities in web applications webapp
spipscan 1:69.4ad3235 SPIP (CMS) scanner for penetration testing purpose written in Python. webapp scanner
sprayingtoolkit 58.68f295d Scripts to make password spraying attacks against Lync/S4B & OWA a lot quicker, less painful and more efficient. webapp scanner
sqid 0.3 A SQL injection digger. webapp
sqlbrute 1.0 Brute forces data out of databases using blind SQL injection. fuzzer webapp
sqldict 2.1 A dictionary attack tool for SQL Server. windows webapp
sqlivulscan 249.cc8e657 This will give you the SQLi Vulnerable Website Just by Adding the Dork. scanner webapp
sqlmap 1.4.9 Automatic SQL injection and database takeover tool webapp exploitation fuzzer
sqlninja 0.2.999 A tool targeted to exploit SQL Injection vulnerabilities on a web application that uses Microsoft SQL Server as its back-end. exploitation fuzzer webapp
sqlping 4 SQL Server scanning tool that also checks for weak passwords using wordlists. windows webapp exploitation
sqlpowerinjector 1.2 Application created in .Net 1.1 that helps the penetration tester to find and exploit SQL injections on a web page. windows webapp
sqlsus 0.7.2 An open source MySQL injection and takeover tool, written in perl exploitation webapp
ssrf-sheriff 2.f95d691 A simple SSRF-testing sheriff written in Go. webapp proxy
striker 85.87c184d An offensive information and vulnerability scanner. scanner recon webapp
swarm 1:41.1713c1e A distributed penetration testing tool. scanner recon cracker exploitation webapp
swftools 0.9.2 A collection of SWF manipulation and creation utilities binary reversing webapp
taipan 1:2.7 Web application security scanner. scanner webapp
themole 0.3 Automatic SQL injection exploitation tool. webapp
tinfoleak 3.6469eb3 Get detailed information about a Twitter user activity. recon social webapp
tinfoleak2 41.c45c33e Get detailed information about a Twitter user activity. recon social webapp
tomcatwardeployer 91.a1a4453 Apache Tomcat auto WAR deployment & pwning penetration testing tool. exploitation automation webapp
torcrawl 65.6944a0a Crawl and extract (regular or onion) webpages through TOR network. webapp scanner
tplmap 713.9444e66 Automatic Server-Side Template Injection Detection and Exploitation Tool. webapp exploitation
typo-enumerator 97.bf2be9a Enumerate Typo3 version and extensions. webapp scanner
uatester 1.06 User Agent String Tester misc webapp
ufonet 68.a45f9fa A tool designed to launch DDoS attacks against a target, using 'Open Redirect' vectors on third party web applications, like botnet. dos webapp
uncaptcha2 7.473f33d Defeating the latest version of ReCaptcha with 91% accuracy. webapp
uniscan 6.3 A simple Remote File Include, Local File Include and Remote Command Execution vulnerability scanner. fuzzer scanner webapp
uppwn 9.f69dec4 A script that automates detection of security flaws on websites' file upload systems'. webapp fuzzer
urlcrazy 0.5 Generate and test domain typos and variations to detect and perform typo squatting, URL hijacking, phishing, and corporate espionage. webapp
urldigger 02c A python tool to extract URL addresses from different HOT sources and/or detect SPAM and malicious code webapp scanner
urlextractor 19.739864d Information gathering & website reconnaissance. webapp recon
vane 1899.48f9ab5 A vulnerability scanner which checks the security of WordPress installations using a black box approach. scanner webapp fuzzer
vanguard 0.1 A comprehensive web penetration testing tool written in Perl that identifies vulnerabilities in web applications. webapp scanner
vbscan 1:39.2b1ce48 A black box vBulletin vulnerability scanner written in perl. webapp fuzzer scanner
vega 1.0 An open source platform to test the security of web applications. webapp
visql 49.3082e30 Scan SQL vulnerability on target site and sites of on server. scanner webapp
vsvbp 6.241a7ab Black box tool for Vulnerability detection in web applications. webapp scanner
vulnerabilities-spider 1.426e70f A tool to scan for web vulnerabilities. webapp scanner
vulnx 312.91fb370 Cms and vulnerabilites detector & An intelligent bot auto shell injector. webapp scanner fingerprint recon
w13scan 388.3b32609 Passive Security Scanner. webapp scanner fuzzer
w3af 1.6.49 Web Application Attack and Audit Framework. fuzzer scanner webapp
waffit 202.d28dc3d Identify and fingerprint Web Application Firewall (WAF) products protecting a website. scanner webapp
wafninja 25.379cd98 A tool which contains two functions to attack Web Application Firewalls. webapp fuzzer
wafp 0.01_26c3 An easy to use Web Application Finger Printing tool written in ruby using sqlite3 databases for storing the fingerprints. webapp fingerprint
wafpass 48.c3ea1b9 Analysing parameters with all payloads' bypass methods, aiming at benchmarking security solutions like WAF. webapp fuzzer
wafw00f 812.7fb9d5c Identify and fingerprint Web Application Firewall (WAF) products protecting a website. scanner webapp
wapiti 3.0.3 A vulnerability scanner for web applications. It currently search vulnerabilities like XSS, SQL and XPath injections, file inclusions, command execution, LDAP injections, CRLF injections... fuzzer scanner webapp
wascan 1:37.6926338 Web Application Scanner. webapp scanner
waybackpack 56.b6e8ec7 Download the entire Wayback Machine archive for a given URL. webapp recon
web-soul 2 A plugin based scanner for attacking and data mining web sites written in Perl. webapp
webacoo 0.2.3 Web Backdoor Cookie Script-Kit. backdoor webapp
webanalyze 77.6b5bcaa Port of Wappalyzer (uncovers technologies used on websites) in go to automate scanning. webapp recon scanner fingerprint
webborer 170.c20d51c A directory-enumeration tool written in Go. webapp scanner
webenum 21.24b43b4 Tool to enumerate http responses using dynamically generated queries and more. Useful for penetration tests against web servers. scanner webapp
webexploitationtool 155.85bcf0e A cross platform web exploitation toolkit. exploitation webapp
webhandler 344.a7490cf A handler for PHP system functions & also an alternative 'netcat' handler. webapp
webhunter 12.918b606 Tool for scanning web applications and networks and easily completing the process of collecting knowledge. scanner webapp
webkiller 36.7ad72d3 Tool Information Gathering Write By Python. webapp fingerprint recon
webpwn3r 35.3fb27bb A python based Web Applications Security Scanner. scanner webapp
webrute 3.3 Web server directory brute forcer. scanner webapp
webscarab 20120422.001828 Framework for analysing applications that communicate using the HTTP and HTTPS protocols fuzzer proxy scanner webapp
webshag 1.10 A multi-threaded, multi-platform web server audit tool. fuzzer scanner webapp
webshells 35.ac8c2f6 Web Backdoors. backdoor webapp
webslayer 5 A tool designed for brute forcing Web Applications. webapp
webspa 0.8 A web knocking tool, sending a single HTTP/S to run O/S commands. backdoor webapp
webtech 1.2.8 Identify technologies used on websites. webapp recon scanner fingerprint
webxploiter 56.c03fe6b An OWASP Top 10 Security scanner. webapp exploitation fuzzer scanner
weevely 880.6332b46 Weaponized web shell. backdoor webapp
weirdaal 331.c14e36d AWS Attack Library. webapp scanner fuzzer
wfuzz 1153.02a809d Utility to bruteforce web applications to find their not linked resources. fuzzer webapp
whatsmyname 582.3b6f68a Tool to perform user and username enumeration on various websites. webapp recon
whatwaf 392.b14e866 Detect and bypass web application firewalls and protection systems. webapp scanner
whatweb 4817.54fcbaf7 Next generation web scanner that identifies what websites are running. recon webapp
whichcdn 22.5fc6ddd Tool to detect if a given website is protected by a Content Delivery Network. webapp recon
wig 574.d5ddd91 WebApp Information Gatherer. webapp scanner recon
witchxtool 1.1 A perl script that consists of a port scanner, LFI scanner, MD5 bruteforcer, dork SQL injection scanner, fresh proxy scanner, and a dork LFI scanner. webapp scanner exploitation fuzzer
witnessme 32.4a87653 Web Inventory tool, takes screenshots of webpages using Pyppeteer. webapp recon
wmat 3:0.1 Automatic tool for testing webmail accounts. cracker webapp
wordbrutepress 30.5165648 Python script that performs brute forcing against WordPress installs using a wordlist. cracker webapp
wordpress-exploit-framework 907.e55ded4 A Ruby framework for developing and using modules which aid in the penetration testing of WordPress powered websites and systems. webapp exploitation
wordpresscan 67.7485ef1 WPScan rewritten in Python + some WPSeku ideas. scanner webapp
wpbf 7.11b6ac1 Multithreaded WordPress brute forcer. cracker webapp
wpbrute-rpc 3.e7d8145 Tool for amplified bruteforce attacks on wordpress based website via xmlrcp API. cracker webapp
wpbullet 34.6185112 A static code analysis for WordPress (and PHP). code-audit webapp
wpforce 87.31024e0 Wordpress Attack Suite. webapp cracker exploitation
wpintel 6.741c0c9 Chrome extension designed for WordPress Vulnerability Scanning and information gathering. webapp scanner fingerprint
wpscan 1:3.8.10 Black box WordPress vulnerability scanner webapp fuzzer scanner
wpseku 2:39.862fb2c Simple Wordpress Security Scanner. webapp scanner
ws-attacker 1.7 A modular framework for web services penetration testing. webapp
wsfuzzer 1.9.5 A Python tool written to automate SOAP pentesting of web services. fuzzer webapp
wssip 75.56d0d2c Application for capturing, modifying and sending custom WebSocket data from client to server and vice versa. webapp proxy
wuzz 225.b654366 Interactive cli tool for HTTP inspection. webapp misc
xattacker 116.5c8b08c Website Vulnerability Scanner & Auto Exploiter. webapp scanner blackarck-exploitation
xmlrpc-bruteforcer 35.6023237 An XMLRPC brute forcer targeting Wordpress written in Python 3. webapp
xspear 1:140.ca5eb9d Powerfull XSS Scanning and Parameter analysis tool&gem. webapp fuzzer
xsrfprobe 523.ce04111 The Prime Cross Site Request Forgery Audit and Exploitation Toolkit. webapp scanner
xss-freak 17.e361766 An XSS scanner fully written in Python3 from scratch. webapp scanner fuzzer
xsscon 45.ce91fd6 Simple XSS Scanner tool. webapp scanner
xsscrapy 143.f6e65c0 XSS spider - 66/66 wavsep XSS detected. webapp
xsser 2:1.8 A penetration testing tool for detecting and exploiting XSS vulnerabilites. webapp fuzzer exploitation
xssless 45.8e7ebe1 An automated XSS payload generator written in python. webapp
xsspy 60.b10d336 Web Application XSS Scanner. webapp scanner
xsss 0.40b A brute force cross site scripting scanner. webapp fuzzer scanner
xssscan 1:17.7f1ea90 Command line tool for detection of XSS attacks in URLs. Based on ModSecurity rules from OWASP CRS. webapp scanner fuzzer
xsssniper 79.02b59af An automatic XSS discovery tool webapp fuzzer
xsstrike 448.0ecedc1 An advanced XSS detection and exploitation suite. webapp scanner
xssya 1:13.cd62817 A Cross Site Scripting Scanner & Vulnerability Confirmation. webapp scanner
xwaf 159.cfde8e0 Automatic WAF bypass tool. webapp scanner
xxeinjector 55.604c39a Tool for automatic exploitation of XXE vulnerability using direct and different out of band methods. exploitation webapp
xxexploiter 81.4a2eb91 It generates the XML payloads, and automatically starts a server to serve the needed DTD's or to do data exfiltration. exploitation webapp
yaaf 7.4d6273a Yet Another Admin Finder. webapp scanner
yasuo 121.994dcb1 A ruby script that scans for vulnerable & exploitable 3rd-party web applications on a network. webapp scanner
yawast 1072.5e9e7a3 The YAWAST Antecedent Web Application Security Toolkit. webapp scanner fuzzer
ycrawler 0.1 A web crawler that is useful for grabbing all user supplied input related to a given website and will save the output. It has proxy and log file support. webapp scanner proxy
yinjector 0.1 A MySQL injection penetration tool. It has multiple features, proxy support, and multiple exploitation methods. exploitation webapp automation
ysoserial 0.0.5 A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization. webapp exploitation
zaproxy 2.9.0 Integrated penetration testing tool for finding vulnerabilities in web applications webapp fuzzer proxy