Packages that operate on internet-facing applications.
Tool count: 439
| Name | Version | Description | Category | Website |
|---|---|---|---|---|
| 0d1n | 1:263.2d723ae | Web security tool to make fuzzing at HTTP inputs, made in C with libCurl. | webapp fuzzer scanner | |
| abuse-ssl-bypass-waf | 7.c28f98e | Bypassing WAF by abusing SSL/TLS Ciphers. | webapp fuzzer | |
| adfind | 1:v1.0.3.r0.g3a6a055 | Admin Panel Finder. | webapp recon | |
| adminpagefinder | 0.1 | This python script looks for a large amount of possible administrative interfaces on a given site. | webapp scanner | |
| albatar | 34.4e63f22 | A SQLi exploitation framework in Python. | webapp exploitation | |
| allthevhosts | 1.0 | A vhost discovery tool that scrapes various web applications. | scanner webapp | |
| anti-xss | 166.2725dc9 | A XSS vulnerability scanner. | webapp scanner | |
| apachetomcatscanner | 3.2 | Apache Tomcat vulnerability scanner. | scanner webapp | |
| arachni | 1.6.1.3.1.g8e5c5d0a9 | A feature-full, modular, high-performance Ruby framework aimed towards helping penetration testers and administrators evaluate the security of web applications. | webapp | |
| archivebox | 903.59da482 | The open source self-hosted web archive. Takes browser history/bookmarks/Pocket/Pinboard/etc., saves HTML, JS, PDFs, media, and more. | misc webapp | |
| arjun | 234.16ee735 | HTTP parameter discovery suite. | webapp scanner | |
| asp-audit | 2BETA | An ASP fingerprinting tool and vulnerability scanner. | fingerprint scanner webapp | |
| astra | 487.57c1e41 | Automated Security Testing For REST API's. | webapp fuzzer | |
| atlas | 7.77bd6c8 | Open source tool that can suggest sqlmap tampers to bypass WAF/IDS/IPS. | webapp fuzzer | |
| atscan | 2455.5f774e9 | Server, Site and Dork Scanner. | scanner webapp fuzzer exploitation automation | |
| aws-extender-cli | 17.a351154 | Script to test S3 buckets as well as Google Storage buckets and Azure Storage containers for common misconfiguration issues. | scanner webapp | |
| backcookie | 51.6dabc38 | Small backdoor using cookie. | backdoor webapp | |
| badministration | 16.69e4ec2 | A tool which interfaces with management or administration applications from an offensive standpoint. | webapp scanner recon fingerprint | |
| bbqsql | 261.b9859d2 | SQL injection exploit tool. | webapp exploitation | |
| bbscan | 48.43c1088 | A tiny Batch weB vulnerability Scanner. | webapp scanner fuzzer | |
| belati | 72.49577a1 | The Traditional Swiss Army Knife for OSINT. | scanner recon webapp | |
| bfac | 53.18fb0b5 | An automated tool that checks for backup artifacts that may disclose the web-application's source code. | recon webapp | |
| bing-lfi-rfi | 0.1 | This is a python script for searching Bing for sites that may have local and remote file inclusion vulnerabilities. | webapp scanner fuzzer | |
| bitdump | 34.6a5cbd8 | A tool to extract database data from a blind SQL injection vulnerability. | exploitation webapp | |
| blindelephant | 7 | A web application fingerprinter. Attempts to discover the version of a (known) web application by comparing static files at known locations | fingerprint webapp | |
| blisqy | 20.e9995fc | Exploit Time-based blind-SQL injection in HTTP-Headers (MySQL/MariaDB). | webapp exploitation | |
| brute-force | 52.78d1d8e | Brute-Force attack tool for Gmail, Hotmail, Twitter, Facebook, Netflix. | cracker social webapp | |
| brutemap | 65.da4b303 | Penetration testing tool that automates testing accounts to the site's login page. | webapp cracker | |
| brutexss | 54.ba753df | Cross-Site Scripting Bruteforcer. | webapp fuzzer | |
| bsqlbf | 2.7 | Blind SQL Injection Brute Forcer. | webapp | |
| bsqlinjector | 13.027184f | Blind SQL injection exploitation tool written in ruby. | webapp exploitation | |
| burpsuite | 1:2024.3.1.1 | An integrated platform for attacking web applications (free edition). | fuzzer proxy scanner webapp | |
| cangibrina | 123.6de0165 | Dashboard Finder. | scanner webapp | |
| cansina | 2:59.67c6301 | A python-based Web Content Discovery Tool. | webapp scanner | |
| cent | v1.3.3.r4.gada5069 | Community edition nuclei templates. | webapp scanner | |
| chankro | 21.7b6e844 | Tool that generates a PHP capable of run a custom binary (like a meterpreter) or a bash script (p.e. reverse shell) bypassing disable_functions & open_basedir). | webapp exploitation | |
| cintruder | 14.f8a3f12 | An automatic pentesting tool to bypass captchas. | cracker webapp | |
| cjexploiter | 6.72b08d8 | Drag and Drop ClickJacking exploit development assistance tool. | webapp | |
| clairvoyance | 2.5.2 | Obtain GraphQL API Schema even if the introspection is not enabled. | webapp recon scanner | |
| cloudget | 64.cba10b1 | Python script to bypass cloudflare from command line. Built upon cfscrape module. | webapp | |
| cms-explorer | 15.23b58cd | Designed to reveal the specific modules, plugins, components and themes that various cms driven websites are running | fingerprint webapp | |
| cms-few | 0.1 | Joomla, Mambo, PHP-Nuke, and XOOPS CMS SQL injection vulnerability scanning tool written in Python. | webapp scanner | |
| cmseek | 382.20f9780 | CMS (Content Management Systems) Detection and Exploitation suite. | webapp fingerprint exploitation | |
| cmsfuzz | 5.6be5a98 | Fuzzer for wordpress, cold fusion, drupal, joomla, and phpnuke. | webapp scanner fuzzer | |
| cmsmap | 1:8.59dd0e2 | A python open source Content Management System scanner that automates the process of detecting security flaws of the most popular CMSs. | scanner automation webapp exploitation | |
| cmsscan | 43.f060b4b | CMS scanner to identify and find vulnerabilities for Wordpress, Drupal, Joomla, vBulletin. | webapp scanner recon fingerprint | |
| cmsscanner | 0.13.8.35.gf7c1700 | CMS Scanner Framework. | webapp scanner recon fingerprint | |
| comission | 203.67b890e | WhiteBox CMS analysis. | webapp scanner | |
| commentor | 20.4582674 | Extract all comments from the specified URL resource. | webapp misc | |
| commix | 2100.2fca6df3 | Automated All-in-One OS Command Injection and Exploitation Tool. | webapp automation exploitation | |
| conscan | 1.2 | A blackbox vulnerability scanner for the Concre5 CMS. | fuzzer scanner webapp | |
| corscanner | 99.593043f | Fast CORS misconfiguration vulnerabilities scanner. | webapp scanner | |
| corstest | 10.beffd0b | A simple CORS misconfigurations checker. | scanner webapp | |
| corsy | 69.2985ae2 | CORS Misconfiguration Scanner. | webapp scanner | |
| cpfinder | 0.1 | This is a simple script that looks for administrative web interfaces. | scanner webapp | |
| crabstick | 47.bb7827f | Automatic remote/local file inclusion vulnerability analysis and exploit tool. | webapp exploitation | |
| crackql | 1.0.r53.gac26a44 | GraphQL password brute-force and fuzzing utility | webapp exploitation fuzzer | |
| crawlic | 51.739fe2b | Web recon tool (find temporary files, parse robots.txt, search folders, google dorks and search domains hosted on same server). | webapp recon | |
| crlf-injector | 9.bd6db06 | A python script for testing CRLF injecting issues. | fuzzer webapp | |
| crlfuzz | 62.7a442bb | A fast tool to scan CRLF vulnerability written in Go. | webapp scanner | |
| csrftester | 1.0 | The OWASP CSRFTester Project attempts to give developers the ability to test their applications for CSRF flaws. | webapp | |
| cybercrowl | 111.f7cac52 | A Python Web path scanner tool. | webapp scanner | |
| d-tect | 13.9555c25 | Pentesting the Modern Web. | scanner recon webapp | |
| dalfox | 1414.2f6dd5c | Parameter Analysis and XSS Scanning tool. | webapp fuzzer | |
| darkbing | 0.1 | A tool written in python that leverages bing for mining data on systems that may be susceptible to SQL injection. | scanner fuzzer webapp | |
| darkd0rk3r | 1.0 | Python script that performs dork searching and searches for local file inclusion and SQL injection errors. | exploitation webapp | |
| darkdump | 48.7cad8ca | Search The Deep Web Straight From Your Terminal. | webapp scanner | |
| darkjumper | 5.8 | This tool will try to find every website that host at the same server at your target. | webapp | |
| darkmysqli | 1.6 | Multi-Purpose MySQL Injection Tool | exploitation webapp | |
| darkscrape | 68.2ca0e37 | OSINT Tool For Scraping Dark Websites. | webapp scanner recon | |
| davscan | 30.701f967 | Fingerprints servers, finds exploits, scans WebDAV. | webapp scanner fingerprint recon | |
| dawnscanner | 1:v2.2.0.r15.g0d647fc | A static analysis security scanner for ruby written web applications. | webapp scanner | |
| dcrawl | 7.3273c35 | Simple, but smart, multi-threaded web crawler for randomly gathering huge lists of unique domain names. | scanner webapp | |
| detectem | 276.bc5f073 | Detect software and its version on websites. | fingerprint webapp recon | |
| dff-scanner | 1.1 | Tool for finding path of predictable resource locations. | webapp | |
| dirb | 2.22 | A web content scanner, brute forceing for hidden files. | scanner webapp | |
| dirble | 1:1.4.2 | Fast directory scanning and scraping tool. | webapp scanner | |
| dirbuster | 1.0_RC1 | An application designed to brute force directories and files names on web/application servers | scanner webapp | |
| dirbuster-ng | 9.0c34920 | C CLI implementation of the Java dirbuster tool. | webapp scanner | |
| directorytraversalscan | 1.0.1.0 | Detect directory traversal vulnerabilities in HTTP servers and web applications. | windows webapp | |
| dirhunt | 310.3306018 | Find web directories without bruteforce. | webapp scanner | |
| dirscanner | 0.1 | This is a python script that scans webservers looking for administrative directories, php shells, and more. | scanner webapp | |
| dirscraper | 16.e752450 | OSINT Scanning tool which discovers and maps directories found in javascript files hosted on a website. | webapp scanner | |
| dirsearch | 2361.2d21d63 | HTTP(S) directory/file brute forcer. | webapp scanner | |
| dirstalk | 1.3.3 | Dirstalk is a multi threaded application designed to brute force paths on web servers. The tool contains functionalities similar to the ones offered by dirbuster and dirb. | scanner webapp | |
| docem | 21.59db436 | Uility to embed XXE and XSS payloads in docx,odt,pptx,etc (OXML_XEE on steroids). | webapp | |
| domi-owned | 41.583d0a5 | A tool used for compromising IBM/Lotus Domino servers. | webapp cracker fingerprint | |
| dontgo403 | 1.0.1.r0.g83d2bf0 | Tool to bypass 40X response codes.. | webapp exploitation scanner | |
| doork | 6.90c7260 | Passive Vulnerability Auditor. | webapp recon | |
| dorknet | 58.419d6a2 | Selenium powered Python script to automate searching for vulnerable web apps. | webapp automation | |
| dpscan | 0.1 | Drupal Vulnerabilty Scanner. | scanner webapp fuzzer | |
| droopescan | 1.45.1 | A plugin-based scanner that aids security researchers in identifying issues with several CMSs, mainly Drupal & Silverstripe. | scanner webapp | |
| drupal-module-enum | 11.525543c | Enumerate on drupal modules. | webapp scanner | |
| drupalscan | 0.5.2 | Simple non-intrusive Drupal scanner. | webapp scanner | |
| drupwn | 1:59.8186732 | Drupal enumeration & exploitation tool. | webapp exploitation scanner | |
| dsfs | 36.8e9f8e9 | A fully functional File inclusion vulnerability scanner (supporting GET and POST parameters) written in under 100 lines of code. | webapp scanner | |
| dsjs | 32.26287d0 | A fully functional JavaScript library vulnerability scanner written in under 100 lines of code. | webapp scanner | |
| dsss | 123.84ddd33 | A fully functional SQL injection vulnerability scanner (supporting GET and POST parameters) written in under 100 lines of code. | webapp scanner | |
| dsstore-crawler | 7.efa51f5 | A parser + crawler for .DS_Store files exposed publically. | webapp recon | |
| dsxs | 130.3e628b6 | A fully functional Cross-site scripting vulnerability scanner (supporting GET and POST parameters) written in under 100 lines of code. | webapp scanner | |
| dumb0 | 19.1493e74 | A simple tool to dump users in popular forums and CMS. | automation webapp | |
| easyfuzzer | 3.6 | A flexible fuzzer, not only for web, has a CSV output for efficient output analysis (platform independant). | fuzzer webapp | |
| eazy | 0.1 | This is a small python tool that scans websites to look for PHP shells, backups, admin panels, and more. | scanner webapp | |
| eos | 14.0127319 | Enemies Of Symfony - Debug mode Symfony looter. | webapp scanner | |
| epicwebhoneypot | 2.0a | Tool which aims to lure attackers using various types of web vulnerability scanners by tricking them into believing that they have found a vulnerability on a host. | webapp defensive honeypot | |
| evine | 42.46051de | Interactive CLI Web Crawler. | webapp scanner | |
| extended-ssrf-search | 28.680f815 | Smart ssrf scanner using different methods like parameter brute forcing in post and get. | webapp scanner | |
| eyewitness | 1084.ac0c7c0 | Designed to take screenshots of websites, provide some server header info, and identify default credentials if possible. | webapp recon misc | |
| facebot | 23.57f6025 | A facebook profile and reconnaissance system. | recon webapp | |
| facebrute | 7.ece355b | This script tries to guess passwords for a given facebook account using a list of passwords (dictionary). | cracker webapp | |
| fbht | 1:70.d75ae93 | A Facebook Hacking Tool | webapp | |
| fdsploit | 26.4522f53 | A File Inclusion & Directory Traversal fuzzing, enumeration & exploitation tool. | webapp fuzzer exploitation | |
| feroxbuster | 2.7.1.r11.g53e3420 | A fast, simple, recursive content discovery tool written in Rust. | webapp scanner fuzzer | |
| ffuf | 1:v2.1.0.r3.gde9ac86 | Fast web fuzzer written in Go. | webapp fuzzer | |
| fhttp | 1.3 | This is a framework for HTTP related attacks. It is written in Perl with a GTK interface, has a proxy for debugging and manipulation, proxy chaining, evasion rules, and more. | webapp scanner fuzzer fingerprint dos | |
| filebuster | 95.f2b04c7 | An extremely fast and flexible web fuzzer. | webapp fuzzer | |
| filegps | 90.03cbc75 | A tool that help you to guess how your shell was renamed after the server-side script of the file uploader saved it. | webapp misc | |
| fingerprinter | 480.105ab04 | CMS/LMS/Library etc Versions Fingerprinter. | fingerprint webapp | |
| flashscanner | 11.6815b02 | Flash XSS Scanner. | scanner webapp | |
| flask-session-cookie-manager2 | v1.2.1.1.r11.g821b80c | Decode and encode Flask session cookie. | webapp | |
| flask-session-cookie-manager3 | v1.2.1.1.r11.g821b80c | Decode and encode Flask session cookie. | webapp | |
| flask-unsign | 1.2.0 | Decode, encode and brute-force Flask session cookie. | webapp | |
| flunym0us | 2.0 | A Vulnerability Scanner for Wordpress and Moodle. | scanner webapp | |
| fockcache | 10.3e7efa9 | Tool to make cache poisoning by trying X-Forwarded-Host and X-Forwarded-Scheme headers on web pages. | webapp fuzzer | |
| fuxploider | 140.ec8742b | Tool that automates the process of detecting and exploiting file upload forms flaws. | webapp exploitation | |
| gau | 153.d556483 | Fetch known URLs from AlienVault's Open Threat Exchange, the Wayback Machine, and Common Crawl. | webapp recon | |
| ghauri | 1.3.r1.gf341a8b | An advanced cross-platform tool that automates the process of detecting and exploiting SQL injection security flaws. | webapp exploitation | |
| ghost-py | 2.0.0 | Webkit based webclient (relies on PyQT). | webapp misc | |
| git-dumper | 1:1.0.6.r14.g2d6fa4f | A tool to dump a git repository from a website. | scanner webapp | |
| gitdump | 1.682fa37 | A pentesting tool that dumps the source code from .git even when the directory traversal is disabled. | webapp automation | |
| gittools | 70.7cac63a | A repository with 3 tools for pwn'ing websites with .git repositories available'. | webapp scanner | |
| gobuster | 2:367.308cf9f | Directory/file & DNS busting tool written in Go. | webapp scanner | |
| golismero | 73.7d605b9 | Opensource web security testing framework. | webapp | |
| goop-dump | 71.3c15d60 | Tool to dump a git repository from a website, focused on as-complete-as-possible dumps and handling weird edge-cases. | webapp scanner | |
| gopherus | 33.90a2fd5 | Tool generates gopher link for exploiting SSRF and gaining RCE in various servers. | webapp exploitation | |
| gospider | 108.f6cc9a7 | Fast web spider written in Go. | webapp scanner | |
| gowitness | 299.6b10eae | A golang, web screenshot utility using Chrome Headless. | webapp recon | |
| grabber | 0.1 | A web application scanner. Basically it detects some kind of vulnerabilities in your website. | webapp | |
| graphinder | 1.11.6 | GraphQL endpoints finder using subdomain enumeration, scripts analysis and bruteforce. | recon scanner webapp | |
| graphql-cop | 1.12.r13.g597b614 | GraphQL vulnerability scanner. | scanner webapp | |
| graphql-path-enum | 21.29fa505 | Tool that lists the different ways of reaching a given type in a GraphQL schema. | webapp exploitation fuzzer | |
| graphqlmap | 63.59305d7 | Scripting engine to interact with a graphql endpoint for pentesting purposes. | webapp exploitation fuzzer | |
| graphw00f | 1.1.15.r0.g5ceb004 | GraphQL endpoint detection and engine fingerprinting. | webapp fingerprint | |
| gwtenum | 1:7.f27a5aa | A command line tool that analyzes the obfuscated Javascript produced by Google Web Toolkit (GWT) applications in order to enumerate all services and method calls. | recon webapp | |
| h2buster | 79.6c4dd1c | A threaded, recursive, web directory brute-force scanner over HTTP/2. | scanner webapp | |
| h2csmuggler | 7.7ea573a | HTTP Request Smuggling over HTTP/2 Cleartext (h2c). | webapp | |
| h2t | 36.9183a30 | Scans a website and suggests security headers to apply. | webapp scanner defensive | |
| hakku | 384.bbb434d | Simple framework that has been made for penetration testing tools. | scanner recon webapp exploitation fingerprint | |
| hakrawler | 234.14e240b | Simple, fast web crawler designed for easy, quick discovery of endpoints and assets within a web application. | webapp scanner | |
| halberd | 0.2.4 | Halberd discovers HTTP load balancers. It is useful for web application security auditing and for load balancer configuration testing. | scanner webapp | |
| hetty | 134.f60202e | HTTP toolkit for security research. It aims to become an open source alternative to commercial software like Burp Suite Pro, with powerful features tailored to the needs of the infosec and bug bounty community. | webapp proxy | |
| hookshot | 199.3258c3e | Integrated web scraper and email account data breach comparison tool. | webapp scanner recon social | |
| host-extract | 1:8.0134ad7 | Ruby script tries to extract all IP/Host patterns in page response of a given URL and JavaScript/CSS files of that URL. | scanner webapp | |
| htcap | 1:155.a59c592 | A web application analysis tool for detecting communications between javascript and the server. | webapp scanner | |
| http2smugl | 36.78abc09 | Http2Smugl - Tool to detect and exploit HTTP request smuggling in cases it can be achieved via HTTP/2 -больше HTTP/1.1 conversion. | webapp scanner exploitation | |
| httpforge | 11.02.01 | A set of shell tools that let you manipulate, send, receive, and analyze HTTP messages. These tools can be used to test, discover, and assert the security of Web servers, apps, and sites. An accompanying Python library is available for extensions. | webapp scanner fuzzer recon | |
| httpgrep | 2.3 | A python tool which scans for HTTP servers and finds given strings in URIs. | webapp scanner | |
| httppwnly | 47.528a664 | "Repeater" style XSS post-exploitation tool for mass browser control. | webapp | |
| httpx | 1848.266d3a7 | A fast and multi-purpose HTTP toolkit allow to run multiple probers using retryablehttp library. | webapp scanner | |
| hyperfox | 121.1a8c26f | A security tool for proxying and recording HTTP and HTTPs traffic. | networking proxy webapp | |
| identywaf | 206.aa670df | Blind WAF identification tool. | webapp fingerprint | |
| imagejs | 56.a442f94 | Small tool to package javascript into a valid image file. | binary webapp | |
| injectus | 12.3c01fa0 | Simple python tool that goes through a list of URLs trying CRLF and open redirect payloads. | webapp scanner fuzzer | |
| interactsh-client | v1.1.9.r1.gea0cc42 | Open-Source Solution for Out of band Data Extraction. | webapp | |
| inurlbr | 34.dbf9773 | Advanced search in the search engines - Inurl scanner, dorker, exploiter. | scanner webapp automation | |
| ipsourcebypass | 1.2.r14.g08054c6 | This Python script can be used to bypass IP source restrictions using HTTP headers. | webapp | |
| isr-form | 1.0 | Simple html parsing tool that extracts all form related information and generates reports of the data. Allows for quick analyzing of data. | recon webapp | |
| jaeles | 233.243e0b6 | The Swiss Army knife for automated Web Application Testing. | webapp scanner | |
| jaidam | 18.15e0fec | Penetration testing tool that would take as input a list of domain names, scan them, determine if wordpress or joomla platform was used and finally check them automatically, for web vulnerabilities using two well-known open source tools, WPScan and Joomscan. | webapp automation exploitation | |
| jast | 17.361ecde | Just Another Screenshot Tool. | webapp recon misc | |
| jboss-autopwn | 1.3bc2d29 | A JBoss script for obtaining remote shell access. | exploitation webapp automation | |
| jdeserialize | 31.20635ba | A library that interprets Java serialized objects. It also comes with a command-line tool that can generate compilable class declarations, extract block data, and print textual representations of instance values. | webapp reversing | |
| jexboss | 86.338b531 | Jboss verify and Exploitation Tool. | webapp exploitation | |
| jira-scan | 7.447d0ec | A simple remote scanner for Atlassian Jira | webapp scanner | |
| jok3r | 447.0761996 | Network and Web Pentest Framework. | webapp scanner fuzzer networking | |
| jomplug | 0.1 | This php script fingerprints a given Joomla system and then uses Packet Storm's archive to check for bugs related to the installed components. | webapp fingerprint | |
| jooforce | 11.43c21ad | A Joomla password brute force tester. | webapp cracker | |
| joomlascan | 1.2 | Joomla scanner scans for known vulnerable remote file inclusion paths and files. | webapp scanner | |
| joomlavs | 254.eea7500 | A black box, Ruby powered, Joomla vulnerability scanner. | webapp scanner fuzzer | |
| joomscan | 1:83.2ea8cc7 | Detects file inclusion, sql injection, command execution vulnerabilities of a target Joomla! web site. | webapp | |
| jsearch | 44.87cf9c1 | Simple script that grep infos from javascript files. | recon webapp | |
| jshell | 7.ee3c92d | Get a JavaScript shell with XSS. | webapp | |
| jsonbee | 30.c0c87fc | A ready to use JSONP endpoints/payloads to help bypass content security policy (CSP). | webapp | |
| jsparser | 31.ccd3ab6 | A python 2.7 script using Tornado and JSBeautifier to parse relative URLs from JavaScript files. Useful for easily discovering AJAX requests. | webapp reversing | |
| jsql-injection | 0.95 | A Java application for automatic SQL database injection. | webapp exploitation fuzzer | |
| jstillery | 65.512e9af | Advanced JavaScript Deobfuscation via Partial Evaluation. | webapp | |
| juumla | 102.074280d | Python tool created to identify Joomla version, scan for vulnerabilities and search for config files. | webapp scanner recon fingerprint | |
| jwt-hack | v1.1.2.r11.g6b6c920 | A tool for hacking / security testing to JWT. | webapp cracker | |
| kadimus | 183.ac5f438 | LFI Scan & Exploit Tool. | webapp exploitation scanner | |
| katana-pd | v1.1.0.r2.g9ba3bb8 | Crawling and spidering framework. | webapp scanner | |
| keye | 29.d44a578 | Recon tool detecting changes of websites based on content-length differences. | recon webapp | |
| kiterunner | 19.7d5824c | Contextual Content Discovery Tool. | webapp scanner recon | |
| kolkata | 3.0 | A web application fingerprinting engine written in Perl that combines cryptography with IDS evasion. | webapp fingerprint | |
| konan | 23.7b5ac80 | Advanced Web Application Dir Scanner. | webapp scanner | |
| kubolt | 28.0027239 | Utility for scanning public kubernetes clusters. | webapp scanner | |
| laf | 12.7a456b3 | Login Area Finder: scans host/s for login panels. | scanner webapp | |
| laudanum | 1.0 | A collection of injectable files, designed to be used in a pentest when SQL injection flaws are found and are in multiple languages for different environments. | misc webapp | |
| lbmap | 147.2d15ace | Proof of concept scripts for advanced web application fingerprinting, presented at OWASP AppSecAsia 2012. | fingerprint webapp | |
| letmefuckit-scanner | 3.f3be22b | Scanner and Exploit Magento. | scanner webapp | |
| leviathan | 35.a1a1d8c | A mass audit toolkit which has wide range service discovery, brute force, SQL injection detection and running custom exploit capabilities. | scanner cracker webapp fuzzer exploitation | |
| lfi-exploiter | 1.1 | This perl script leverages /proc/self/environ to attempt getting code execution out of a local file inclusion vulnerability. | webapp exploitation | |
| lfi-fuzzploit | 1.1 | A simple tool to help in the fuzzing for, finding, and exploiting of local file inclusion vulnerabilities in Linux-based PHP applications. | webapp fuzzer exploitation | |
| lfi-image-helper | 0.8 | A simple script to infect images with PHP Backdoors for local file inclusion attacks. | webapp backdoor | |
| lfi-scanner | 4.0 | This is a simple perl script that enumerates local file inclusion attempts when given a specific target. | scanner fuzzer webapp | |
| lfi-sploiter | 1.0 | This tool helps you exploit LFI (Local File Inclusion) vulnerabilities. Post discovery, simply pass the affected URL and vulnerable parameter to this tool. You can also use this tool to scan a URL for LFI vulnerabilities. | webapp fuzzer exploitation | |
| lfifreak | 21.0c6adef | A unique automated LFi Exploiter with Bind/Reverse Shells. | webapp exploitation | |
| lfimap | 1:162.245a448 | This script is used to take the highest beneficts of the local file include vulnerability in a webserver. | webapp fuzzer | |
| lfisuite | 85.470e01f | Totally Automatic LFI Exploiter (+ Reverse Shell) and Scanner. | scanner webapp exploitation | |
| liffy | 1:33.89dd4f8 | A Local File Inclusion Exploitation tool. | webapp exploitation fuzzer | |
| lightbulb | 88.9e8d6f3 | Python framework for auditing web applications firewalls. | webapp scanner | |
| linkfinder | 168.1debac5 | Discovers endpoint and their parameters in JavaScript files. | webapp recon | |
| list-urls | 0.1 | Extracts links from webpage | misc webapp | |
| log4j-bypass | 33.f5c92f9 | Log4j web app tester that includes WAF bypasses. | webapp fuzzer scanner | |
| log4j-scan | 88.07f7e32 | A fully automated, accurate, and extensive scanner for finding log4j RCE CVE-2021-44228. | webapp scanner fuzzer | |
| lorsrf | bbb.r0.g91c26ec | Find the parameters that can be used to find SSRF or Out-of-band resource load. | webapp scanner fuzzer | |
| lulzbuster | 1.3.2 | A very fast and smart web-dir/file enumeration tool written in C. | webapp scanner recon | |
| magescan | 1.12.9 | Scan a Magento site for information. | webapp scanner | |
| mando.me | 9.8b34f1a | Web Command Injection Tool. | webapp exploitation | |
| mantra | 1:v2.0.r0.g8100308 | Hunt down API key leaks in JS files and pages. | scanner webapp | |
| maryam | 2:819.99ae85a | Tool to scan Web application and networks and easily and complete the information gathering process. | scanner webapp recon | |
| meg | 87.9daab00 | Fetch many paths for many hosts - without killing the hosts. | webapp scanner | |
| metoscan | 05 | Tool for scanning the HTTP methods supported by a webserver. It works by testing a URL and checking the responses for the different requests. | webapp | |
| monsoon | 261.f4f9852 | A fast HTTP enumerator that allows you to execute a large number of HTTP requests. | webapp | |
| mooscan | 1:10.82963b0 | A scanner for Moodle LMS. | webapp scanner | |
| morxtraversal | 1.0 | Path Traversal checking tool. | webapp scanner | |
| mosquito | 39.fe54831 | XSS exploitation tool - access victims through HTTP proxy. | exploitation webapp | |
| multiinjector | 0.4 | Automatic SQL injection utility using a lsit of URI addresses to test parameter manipulation. | webapp | |
| mwebfp | 16.a800b98 | Mass Web Fingerprinter. | fingerprint webapp scanner | |
| nikto | 2.5.0 | A web server scanner which performs comprehensive tests against web servers for multiple items | scanner webapp fuzzer | |
| nosqli | 37.6fce3eb | NoSQL scanner and injector. | webapp scanner exploitation | |
| nosqli-user-pass-enum | 18.1b3713a | Script to enumerate usernames and passwords from vulnerable web applications running MongoDB. | exploitation webapp | |
| nosqlmap | 298.efe6f7a | Automated Mongo database and NoSQL web application exploitation tool | webapp exploitation | |
| novahot | 23.69857bb | A webshell framework for penetration testers. | webapp | |
| nsia | 1.0.6 | A website scanner that monitors websites in realtime in order to detect defacements, compliance violations, exploits, sensitive information disclosure and other issues. | scanner webapp defensive | |
| nuclei | 2:v3.0.0.r523.g0d5e26d7b | Nuclei is a fast tool for configurable targeted scanning based on templates offering massive extensibility and ease of use. | webapp scanner | |
| okadminfinder | 83.aca7645 | Tool to find admin panels / admin login pages. | webapp scanner | |
| onionsearch | 44.fc9d62c | Script that scrapes urls on different ".onion" search engines. | webapp scanner | |
| opendoor | 422.d1ed311 | OWASP Directory Access scanner. | webapp scanner | |
| otori | 0.3 | A python-based toolbox intended to allow useful exploitation of XML external entity ("XXE") vulnerabilities. | exploitation webapp | |
| owasp-bywaf | 26.e730d1b | A web application penetration testing framework (WAPTF). | webapp scanner | |
| owtf | 2187.af993ecb | The Offensive (Web) Testing Framework. | webapp automation scanner fuzzer | |
| pappy-proxy | 77.e1bb049 | An intercepting proxy for web application testing. | webapp proxy scanner fuzzer recon | |
| parameth | 56.8da6f27 | This tool can be used to brute discover GET and POST parameters. | webapp scanner | |
| parampampam | 45.9171018 | This tool for brute discover GET and POST parameters. | webapp fuzzer | |
| paranoic | 1.7 | A simple vulnerability scanner written in Perl. | scanner scanner webapp | |
| paros | 3.2.13 | Java-based HTTP/HTTPS proxy for assessing web app vulnerabilities. Supports editing/viewing HTTP messages on-the-fly, spiders, client certificates, proxy-chaining, intelligent scanning for XSS and SQLi, etc. | webapp | |
| payloadmask | 17.58e0525 | Web Payload list editor to use techniques to try bypass web application firewall. | webapp | |
| pblind | 1.0 | Little utility to help exploiting blind sql injection vulnerabilities. | exploitation webapp | |
| peepingtom | 1:56.bc6f4d8 | A tool to take screenshots of websites. Much like eyewitness. | webapp recon | |
| photon | 326.d4af460 | Incredibly fast crawler which extracts urls, emails, files, website accounts and much more. | webapp recon | |
| php-findsock-shell | 2.b8a984f | A Findsock Shell implementation in PHP + C. | webapp backdoor | |
| php-malware-finder | 0.3.4.r82.g87b6d7f | Detect potentially malicious PHP files. | webapp malware scanner code-audit | |
| php-vulnerability-hunter | 1.4.0.20 | An whitebox fuzz testing tool capable of detected several classes of vulnerabilities in PHP web applications. | windows webapp code-audit | |
| phpggc | 620.39af9de | A library of PHP unserialize() payloads along with a tool to generate them, from command line or programmatically. | webapp exploitation | |
| phpsploit | 1021.aea961d | Stealth post-exploitation framework. | webapp | |
| pinkerton | 1.6.r19.g3195a4a | JavaScript file crawler and secret finder. | webapp scanner | |
| pixload | 87.a8f58a7 | Set of tools for creating/injecting payload into images (hiding backdoors). The following image types are currently supported: BMP, GIF, JPG, PNG, WebP. | webapp backdoor | |
| plecost | 104.4895e34 | Wordpress finger printer Tool. | webapp fingerprint | |
| plown | 13.ccf998c | A security scanner for Plone CMS. | webapp | |
| poly | 52.4e6f189 | A python script that generates polymorphic webshells. Use it to encode your favourite shell and make it practically undetectable. | webapp backdoor | |
| poracle | 68.dcc00b0 | A tool for demonstrating padding oracle attacks. | crypto webapp | |
| pown | 332.0e32edf | Security testing and exploitation toolkit built on top of Node.js and NPM. | webapp recon scanner social proxy | |
| ppfuzz | 31.80982ec | A fast tool to scan client-side prototype pollution vulnerability written in Rust. | webapp scanner | |
| ppmap | v1.2.0.r15.g9426af6 | A scanner/exploitation tool written in GO, which leverages client-side Prototype Pollution to XSS by exploiting known gadgets. | webapp scanner exploitation | |
| proxenet | 712.67fc6b5 | THE REAL hacker friendly proxy for web application pentests. | webapp proxy sniffer | |
| pureblood | 37.2c5ce07 | A Penetration Testing Framework created for Hackers / Pentester / Bug Hunter. | automation webapp scanner fuzzer | |
| pwndrop | 18.385ba70 | Self-deployable file hosting service for red teamers, allowing to easily upload and share payloads over HTTP and WebDAV. | webapp exploitation automation | |
| pyfiscan | 2995.9b97dc5 | Free web-application vulnerability and version scanner. | webapp scanner | |
| pythem | 454.e4fcb8a | Python penetration testing framework. | scanner sniffer recon cracker webapp | |
| python-arsenic | 21.8 | Async WebDriver implementation for asyncio and asyncio-compatible frameworks. | automation webapp | |
| python-jsbeautifier | 1.15.1 | JavaScript unobfuscator and beautifier | reversing webapp | |
| python-witnessme | 1:1.5.0 | Web Inventory tool, takes screenshots of webpages using Pyppeteer. | webapp recon | |
| python2-jsbeautifier | 1.13.4 | JavaScript unobfuscator and beautifier | reversing webapp | |
| python2-webtech | 1.2.12 | Identify technologies used on websites. | webapp recon scanner fingerprint | |
| rabid | 1:v0.1.0.r107.gc667845 | A CLI tool and library allowing to simply decode all kind of BigIP cookies. | webapp misc | |
| rapidscan | 221.296a20b | The Multi-Tool Web Vulnerability Scanner. | webapp scanner recon fingerprint fuzzer exploitation | |
| ratproxy | 1.58 | A passive web application security assessment tool | fuzzer proxy scanner webapp | |
| rawr | 74.544dd75 | Rapid Assessment of Web Resources. A web enumerator. | scanner webapp | |
| recsech | 123.1fc298a | Tool for doing Footprinting and Reconnaissance on the target web. | recon scanner webapp fingerprinting | |
| red-hawk | 36.fa54e23 | All in one tool for Information Gathering, Vulnerability Scanning and Crawling. | recon scanner webapp | |
| remot3d | 38.a707ef7 | An Simple Exploit for PHP Language. | webapp backdoor exploitation | |
| restler-fuzzer | 8:397.0277c5b | First stateful REST API fuzzing tool for automatically testing cloud services through their REST APIs and finding security and reliability bugs in these services. | webapp fuzzer | |
| richsploit | 3.6b15e0f | Exploitation toolkit for RichFaces. | exploitation webapp | |
| riwifshell | 38.40075d5 | Web backdoor - infector - explorer. | webapp backdoor | |
| ruler | 301.1e5ee2d | A tool to abuse Exchange services. | webapp exploitation | |
| rustbuster | 302.4a243d4 | DirBuster for Rust. | webapp scanner | |
| rww-attack | 0.9.2 | The Remote Web Workplace Attack tool will perform a dictionary attack against a live Microsoft Windows Small Business Server's 'Remote Web Workplace' portal. It currently supports both SBS 2003 and SBS 2008 and includes features to avoid account lock out. | webapp | |
| sawef | 32.e5ce862 | Send Attack Web Forms. | webapp recon | |
| scanqli | 26.40a028d | SQLi scanner to detect SQL vulns. | webapp scanner | |
| scrapy | 2.9.0 | A fast high-level scraping and web crawling framework. | webapp recon scanner | |
| scrying | 234.caa233c | Collect RDP, web, and VNC screenshots smartly. | webapp recon | |
| second-order | v3.2.r0.g242569b | Second-order subdomain takeover scanner. | webapp scanner | |
| secretfinder | 1:14.a0283cb | A python script to find sensitive data (apikeys, accesstoken, jwt,..) in javascript files. | webapp recon | |
| secscan | 1.5 | Web Apps Scanner and Much more utilities. | webapp scanner | |
| see-surf | v2.0.r41.g826f05a | A Python based scanner to find potential SSRF parameters in a web application. | webapp scanner | |
| serializationdumper | 31.69ea9ba | A tool to dump Java serialization streams in a more human readable form. | webapp reversing | |
| shellinabox | 428.98e6eeb | Implements a web server that can export arbitrary command line tools to a web based terminal emulator. | backdoor webapp | |
| shortfuzzy | 0.1 | A web fuzzing script written in perl. | webapp fuzzer scanner | |
| sitadel | 123.e4d9ed4 | Web Application Security Scanner. | webapp scanner | |
| sitediff | 3.1383935 | Fingerprint a web app using local files as the fingerprint sources. | webapp fingerprint | |
| sjet | 103.dd2a4e6 | Siberas JMX exploitation toolkit. | exploitation webapp | |
| skipfish | 2.10b | A fully automated, active web application security reconnaissance tool | fuzzer scanner webapp | |
| smplshllctrlr | 9.2baf390 | PHP Command Injection exploitation tool. | webapp exploitation | |
| smuggler | 23.2be871e | Python tool used to test for HTTP Desync/Request Smuggling attacks. | webapp scanner | |
| smuggler-py | 1.0 | Python tool used to test for HTTP Desync/Request Smuggling attacks. | webapp scanner | |
| snallygaster | 236.492da7a | Tool to scan for secret files on HTTP servers. | webapp scanner | |
| snare | 187.08c69b7 | Super Next generation Advanced Reactive honEypot. SNARE is a web application honeypot sensor attracting all sort of maliciousness from the Internet. | honeypot webapp | |
| snuck | 6.76196b6 | Automatic XSS filter bypass. | webapp | |
| sourcemapper | 37.467916e | Extract JavaScript source trees from Sourcemap files. | webapp | |
| spaf | 11.671a976 | Static Php Analysis and Fuzzer. | webapp fuzzer code-audit | |
| spaghetti | 4:9.df39a11 | Web Application Security Scanner. | webapp scanner | |
| sparty | 0.1 | An open source tool written in python to audit web applications using sharepoint and frontpage architecture. | webapp | |
| spiga | 2:648.617a342 | Configurable web resource scanner. | webapp scanner | |
| spike-proxy | 148 | A Proxy for detecting vulnerabilities in web applications | webapp | |
| spipscan | 1:69.4ad3235 | SPIP (CMS) scanner for penetration testing purpose written in Python. | webapp scanner | |
| sprayingtoolkit | 60.82e2ec8 | Scripts to make password spraying attacks against Lync/S4B & OWA a lot quicker, less painful and more efficient. | webapp scanner | |
| sqid | 0.3 | A SQL injection digger. | webapp | |
| sqlbrute | 1.0 | Brute forces data out of databases using blind SQL injection. | fuzzer webapp | |
| sqldict | 2.1 | A dictionary attack tool for SQL Server. | windows webapp | |
| sqlivulscan | 249.cc8e657 | This will give you the SQLi Vulnerable Website Just by Adding the Dork. | scanner webapp | |
| sqlmap | 1.8 | Automatic SQL injection and database takeover tool | webapp exploitation fuzzer | |
| sqlninja | 0.2.999 | A tool targeted to exploit SQL Injection vulnerabilities on a web application that uses Microsoft SQL Server as its back-end. | exploitation fuzzer webapp | |
| sqlping | 4 | SQL Server scanning tool that also checks for weak passwords using wordlists. | windows webapp exploitation | |
| sqlpowerinjector | 1.2 | Application created in .Net 1.1 that helps the penetration tester to find and exploit SQL injections on a web page. | windows webapp | |
| sqlsus | 0.7.2 | An open source MySQL injection and takeover tool, written in perl | exploitation webapp | |
| ssrf-sheriff | 2.f95d691 | A simple SSRF-testing sheriff written in Go. | webapp proxy | |
| ssrfmap | 104.f688ec9 | Automatic SSRF fuzzer and exploitation tool. | webapp scanner fuzzer exploitation | |
| stews | 1.0.0.r7.gc7bba5a | A Security Tool for Enumerating WebSockets. | webapp scanner fingerprint fuzzer | |
| striker | 85.87c184d | An offensive information and vulnerability scanner. | scanner recon webapp | |
| subjs | 45.76ce9ec | Fetches javascript file from a list of URLS or subdomains. | webapp recon | |
| swarm | 1:41.1713c1e | A distributed penetration testing tool. | scanner recon cracker exploitation webapp | |
| swftools | 0.9.2 | A collection of SWF manipulation and creation utilities | binary reversing webapp | |
| taipan | 1:2.9.498.18 | Web application security scanner. | scanner webapp | |
| themole | 0.3 | Automatic SQL injection exploitation tool. | webapp | |
| tidos-framework | v2.0.beta2.r22.g4098187 | Offensive Web Application Penetration Testing Framework. | webapp | |
| tinfoleak | 3.6469eb3 | Get detailed information about a Twitter user activity. | recon social webapp | |
| tinfoleak2 | 41.c45c33e | Get detailed information about a Twitter user activity. | recon social webapp | |
| tomcatwardeployer | 98.4535e64 | Apache Tomcat auto WAR deployment & pwning penetration testing tool. | exploitation automation webapp | |
| torcrawl | 99.c83fd53 | Crawl and extract (regular or onion) webpages through TOR network. | webapp scanner | |
| tplmap | 719.616b0e5 | Automatic Server-Side Template Injection Detection and Exploitation Tool. | webapp exploitation | |
| typo-enumerator | 1:14.295f103 | Enumerate Typo3 version and extensions. | webapp scanner | |
| typo3scan | v1.1.4.r0.ga72638a | Enumerate Typo3 version and extensions. | webapp scanner | |
| uatester | 1.06 | User Agent String Tester | misc webapp | |
| ufonet | 83.e5d4014 | A tool designed to launch DDoS attacks against a target, using 'Open Redirect' vectors on third party web applications, like botnet. | dos webapp | |
| uncaptcha2 | 7.473f33d | Defeating the latest version of ReCaptcha with 91% accuracy. | webapp | |
| uniscan | 6.3 | A simple Remote File Include, Local File Include and Remote Command Execution vulnerability scanner. | fuzzer scanner webapp | |
| uppwn | 9.f69dec4 | A script that automates detection of security flaws on websites' file upload systems'. | webapp fuzzer | |
| urlcrazy | 0.5 | Generate and test domain typos and variations to detect and perform typo squatting, URL hijacking, phishing, and corporate espionage. | webapp | |
| urldigger | 02c | A python tool to extract URL addresses from different HOT sources and/or detect SPAM and malicious code | webapp scanner | |
| urlextractor | 19.739864d | Information gathering & website reconnaissance. | webapp recon | |
| vane | 1899.48f9ab5 | A vulnerability scanner which checks the security of WordPress installations using a black box approach. | scanner webapp fuzzer | |
| vanguard | 0.1 | A comprehensive web penetration testing tool written in Perl that identifies vulnerabilities in web applications. | webapp scanner | |
| vbscan | 1:39.2b1ce48 | A black box vBulletin vulnerability scanner written in perl. | webapp fuzzer scanner | |
| vega | 1.0 | An open source platform to test the security of web applications. | webapp | |
| visql | 49.3082e30 | Scan SQL vulnerability on target site and sites of on server. | scanner webapp | |
| vsvbp | 6.241a7ab | Black box tool for Vulnerability detection in web applications. | webapp scanner | |
| vulnerabilities-spider | 1.426e70f | A tool to scan for web vulnerabilities. | webapp scanner | |
| vulnx | 321.bcf451d | Cms and vulnerabilites detector & An intelligent bot auto shell injector. | webapp scanner fingerprint recon | |
| w13scan | 430.432b835 | Passive Security Scanner. | webapp scanner fuzzer | |
| w3af | 1.6.49 | Web Application Attack and Audit Framework. | fuzzer scanner webapp | |
| waffit | 202.d28dc3d | Identify and fingerprint Web Application Firewall (WAF) products protecting a website. | scanner webapp | |
| wafninja | 25.379cd98 | A tool which contains two functions to attack Web Application Firewalls. | webapp fuzzer | |
| wafp | 0.01_26c3 | An easy to use Web Application Finger Printing tool written in ruby using sqlite3 databases for storing the fingerprints. | webapp fingerprint | |
| wafpass | 50.4211785 | Analysing parameters with all payloads' bypass methods, aiming at benchmarking security solutions like WAF. | webapp fuzzer | |
| wafw00f | 845.ae6a67f | Identify and fingerprint Web Application Firewall (WAF) products protecting a website. | scanner webapp | |
| wapiti | 3.1.8.r72.gf9029514 | A vulnerability scanner for web applications. It currently search vulnerabilities like XSS, SQL and XPath injections, file inclusions, command execution, LDAP injections, CRLF injections... | fuzzer scanner webapp | |
| wascan | 1:37.6926338 | Web Application Scanner. | webapp scanner | |
| waybackpack | 109.c2476fd | Download the entire Wayback Machine archive for a given URL. | webapp recon | |
| wcvs | 1.2.1.r0.g08865ff | Web Cache Vulnerability Scanner is a Go-based CLI tool for testing for web cache poisoning. | webapp scanner | |
| web-soul | 2 | A plugin based scanner for attacking and data mining web sites written in Perl. | webapp | |
| webacoo | 0.2.3 | Web Backdoor Cookie Script-Kit. | backdoor webapp | |
| webanalyze | 121.707f3a4 | Port of Wappalyzer (uncovers technologies used on websites) in go to automate scanning. | webapp recon scanner fingerprint | |
| webborer | 173.b323cf4 | A directory-enumeration tool written in Go. | webapp scanner | |
| webenum | 21.24b43b4 | Tool to enumerate http responses using dynamically generated queries and more. Useful for penetration tests against web servers. | scanner webapp | |
| webexploitationtool | 155.85bcf0e | A cross platform web exploitation toolkit. | exploitation webapp | |
| webhandler | 348.1bd971e | A handler for PHP system functions & also an alternative 'netcat' handler. | webapp | |
| webhunter | 12.918b606 | Tool for scanning web applications and networks and easily completing the process of collecting knowledge. | scanner webapp | |
| webkiller | 42.d680598 | Tool Information Gathering Write By Python. | webapp fingerprint recon | |
| webpwn3r | 38.3d75e76 | A python based Web Applications Security Scanner. | scanner webapp | |
| webrute | 3.3 | Web server directory brute forcer. | scanner webapp | |
| webscarab | 20120422.001828 | Framework for analysing applications that communicate using the HTTP and HTTPS protocols | fuzzer proxy scanner webapp | |
| webshag | 1.10 | A multi-threaded, multi-platform web server audit tool. | fuzzer scanner webapp | |
| webshells | 46.e8e1a37 | Web Backdoors. | backdoor webapp | |
| webslayer | 5 | A tool designed for brute forcing Web Applications. | webapp | |
| webspa | 0.8 | A web knocking tool, sending a single HTTP/S to run O/S commands. | backdoor webapp | |
| webtech | 1.3.3 | Identify technologies used on websites. | webapp recon scanner fingerprint | |
| webxploiter | 56.c03fe6b | An OWASP Top 10 Security scanner. | webapp exploitation fuzzer scanner | |
| weevely | 894.445bd88 | Weaponized web shell. | backdoor webapp | |
| weirdaal | 331.c14e36d | AWS Attack Library. | webapp scanner fuzzer | |
| wfuzz | 1155.1b695ee | Utility to bruteforce web applications to find their not linked resources. | fuzzer webapp | |
| whatsmyname | 2286.ec09ba5 | Tool to perform user and username enumeration on various websites. | webapp recon | |
| whatwaf | 392.b14e866 | Detect and bypass web application firewalls and protection systems. | webapp scanner | |
| whatweb | 4910.efee4d80 | Next generation web scanner that identifies what websites are running. | recon webapp | |
| whichcdn | 22.5fc6ddd | Tool to detect if a given website is protected by a Content Delivery Network. | webapp recon | |
| wig | 574.d5ddd91 | WebApp Information Gatherer. | webapp scanner recon | |
| witchxtool | 1.1 | A perl script that consists of a port scanner, LFI scanner, MD5 bruteforcer, dork SQL injection scanner, fresh proxy scanner, and a dork LFI scanner. | webapp scanner exploitation fuzzer | |
| wmat | 3:0.1 | Automatic tool for testing webmail accounts. | cracker webapp | |
| wordbrutepress | 30.5165648 | Python script that performs brute forcing against WordPress installs using a wordlist. | cracker webapp | |
| wordpress-exploit-framework | 907.e55ded4 | A Ruby framework for developing and using modules which aid in the penetration testing of WordPress powered websites and systems. | webapp exploitation | |
| wordpresscan | 76.f810c1c | WPScan rewritten in Python + some WPSeku ideas. | scanner webapp | |
| wpbf | 7.11b6ac1 | Multithreaded WordPress brute forcer. | cracker webapp | |
| wpbrute-rpc | 3.e7d8145 | Tool for amplified bruteforce attacks on wordpress based website via xmlrcp API. | cracker webapp | |
| wpbullet | 34.6185112 | A static code analysis for WordPress (and PHP). | code-audit webapp | |
| wpforce | 88.b72ec64 | Wordpress Attack Suite. | webapp cracker exploitation | |
| wpintel | 6.741c0c9 | Chrome extension designed for WordPress Vulnerability Scanning and information gathering. | webapp scanner fingerprint | |
| wpscan | 1:3.8.25 | Black box WordPress vulnerability scanner | webapp fuzzer scanner | |
| wpseku | 2:39.862fb2c | Simple Wordpress Security Scanner. | webapp scanner | |
| ws-attacker | 1.7 | A modular framework for web services penetration testing. | webapp | |
| wsfuzzer | 1.9.5 | A Python tool written to automate SOAP pentesting of web services. | fuzzer webapp | |
| wssip | 75.56d0d2c | Application for capturing, modifying and sending custom WebSocket data from client to server and vice versa. | webapp proxy | |
| wuzz | 229.66176b6 | Interactive cli tool for HTTP inspection. | webapp misc | |
| x8 | 1:v4.1.0.r2.g6ee4532 | Hidden parameters discovery suite. | webapp scanner | |
| xattacker | 122.72f9f8e | Website Vulnerability Scanner & Auto Exploiter. | webapp scanner blackarck-exploitation | |
| xmlrpc-bruteforcer | 35.6023237 | An XMLRPC brute forcer targeting Wordpress written in Python 3. | webapp | |
| xspear | 1:144.57bb7b4 | Powerfull XSS Scanning and Parameter analysis tool&gem. | webapp fuzzer | |
| xsrfprobe | 523.ce04111 | The Prime Cross Site Request Forgery Audit and Exploitation Toolkit. | webapp scanner | |
| xss-freak | 17.e361766 | An XSS scanner fully written in Python3 from scratch. | webapp scanner fuzzer | |
| xsscon | 45.ce91fd6 | Simple XSS Scanner tool. | webapp scanner | |
| xsscrapy | 153.4966255 | XSS spider - 66/66 wavsep XSS detected. | webapp | |
| xsser | 2:1.8 | A penetration testing tool for detecting and exploiting XSS vulnerabilites. | webapp fuzzer exploitation | |
| xssless | 45.8e7ebe1 | An automated XSS payload generator written in python. | webapp | |
| xsspy | 60.b10d336 | Web Application XSS Scanner. | webapp scanner | |
| xsss | 0.40b | A brute force cross site scripting scanner. | webapp fuzzer scanner | |
| xssscan | 1:17.7f1ea90 | Command line tool for detection of XSS attacks in URLs. Based on ModSecurity rules from OWASP CRS. | webapp scanner fuzzer | |
| xsssniper | 79.02b59af | An automatic XSS discovery tool | webapp fuzzer | |
| xsstrike | 467.f292787 | An advanced XSS detection and exploitation suite. | webapp scanner | |
| xssya | 1:13.cd62817 | A Cross Site Scripting Scanner & Vulnerability Confirmation. | webapp scanner | |
| xwaf | 162.c6f6bb7 | Automatic WAF bypass tool. | webapp scanner | |
| xxeinjector | 55.604c39a | Tool for automatic exploitation of XXE vulnerability using direct and different out of band methods. | exploitation webapp | |
| xxexploiter | 103.c1f0f41 | It generates the XML payloads, and automatically starts a server to serve the needed DTD's or to do data exfiltration. | exploitation webapp | |
| xxxpwn | 10.27a2d27 | A tool Designed for blind optimized XPath 1 injection attacks. | webapp | |
| xxxpwn-smart | 6.b11b95b | A fork of xxxpwn adding further optimizations and tweaks. | webapp | |
| yaaf | 7.4d6273a | Yet Another Admin Finder. | webapp scanner | |
| yasuo | 121.994dcb1 | A ruby script that scans for vulnerable & exploitable 3rd-party web applications on a network. | webapp scanner | |
| yawast | 1:0.11.0 | The YAWAST Antecedent Web Application Security Toolkit. | webapp scanner fuzzer | |
| ycrawler | 0.1 | A web crawler that is useful for grabbing all user supplied input related to a given website and will save the output. It has proxy and log file support. | webapp scanner proxy | |
| yinjector | 0.1 | A MySQL injection penetration tool. It has multiple features, proxy support, and multiple exploitation methods. | exploitation webapp automation | |
| ysoserial | 0.0.6 | A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization. | webapp exploitation | |
| zaproxy | 2.14.0 | Integrated penetration testing tool for finding vulnerabilities in web applications | webapp fuzzer proxy |