webapp


Home / Tools / webapp

Packages that operate on internet-facing applications.

Tool count: 349

Name Version Description Category Website
0d1n 1:211.5f62bf5 Web security tool to make fuzzing at HTTP inputs, made in C with libCurl. webapp fuzzer scanner
abuse-ssl-bypass-waf 5.3ffd16a Bypassing WAF by abusing SSL/TLS Ciphers. webapp fuzzer
adfind 29.179602f Admin Panel Finder. webapp recon
adminpagefinder 0.1 This python script looks for a large amount of possible administrative interfaces on a given site. webapp scanner
albatar 24.142f892 A SQLi exploitation framework in Python. webapp exploitation
allthevhosts 1.0 A vhost discovery tool that scrapes various web applications. scanner webapp
anti-xss 166.2725dc9 A XSS vulnerability scanner. webapp scanner
arachni 1.5.1 A feature-full, modular, high-performance Ruby framework aimed towards helping penetration testers and administrators evaluate the security of web applications. webapp
archivebox 903.59da482 The open source self-hosted web archive. Takes browser history/bookmarks/Pocket/Pinboard/etc., saves HTML, JS, PDFs, media, and more. misc webapp
arjun 75.9673860 HTTP parameter discovery suite. webapp scanner
asp-audit 2BETA An ASP fingerprinting tool and vulnerability scanner. fingerprint scanner webapp
astra 486.394d538 Automated Security Testing For REST API's. webapp fuzzer
atscan 2367.4c29b7c Server, Site and Dork Scanner. scanner webapp fuzzer exploitation automation
aws-extender-cli 10.e5df716 Script to test S3 buckets as well as Google Storage buckets and Azure Storage containers for common misconfiguration issues. scanner webapp
backcookie 51.6dabc38 Small backdoor using cookie. backdoor webapp
badministration 16.69e4ec2 A tool which interfaces with management or administration applications from an offensive standpoint. webapp scanner recon fingerprint
bbqsql 261.b9859d2 SQL injection exploit tool. webapp exploitation
bbscan 43.af852f3 A tiny Batch weB vulnerability Scanner. webapp scanner fuzzer
belati 72.49577a1 The Traditional Swiss Army Knife for OSINT. scanner recon webapp
bfac 50.2d0516c An automated tool that checks for backup artifacts that may disclose the web-application's source code. recon webapp
bing-lfi-rfi 0.1 This is a python script for searching Bing for sites that may have local and remote file inclusion vulnerabilities. webapp scanner fuzzer
bitdump 34.6a5cbd8 A tool to extract database data from a blind SQL injection vulnerability. exploitation webapp
blindelephant 7 A web application fingerprinter. Attempts to discover the version of a (known) web application by comparing static files at known locations fingerprint webapp
blisqy 20.e9995fc Exploit Time-based blind-SQL injection in HTTP-Headers (MySQL/MariaDB). webapp exploitation
brute-force 52.78d1d8e Brute-Force attack tool for Gmail Hotmail Twitter Facebook Netflix. cracker social webapp
brutemap 65.da4b303 Penetration testing tool that automates testing accounts to the site's login page. webapp cracker
brutexss 54.ba753df Cross-Site Scripting Bruteforcer. webapp fuzzer
bsqlbf 2.7 Blind SQL Injection Brute Forcer. webapp
bsqlinjector 13.027184f Blind SQL injection exploitation tool written in ruby. webapp exploitation
burpsuite 1:2.1.04 An integrated platform for attacking web applications (free edition). fuzzer proxy scanner webapp
cangibrina 123.6de0165 Dashboard Finder. scanner webapp
cansina 2:25.b5d8ddb A python-based Web Content Discovery Tool. webapp scanner
chankro 21.7b6e844 Tool that generates a PHP capable of run a custom binary (like a meterpreter) or a bash script (p.e. reverse shell) bypassing disable_functions & open_basedir). webapp exploitation
cintruder 10.021fba5 An automatic pentesting tool to bypass captchas. cracker webapp
cjexploiter 6.72b08d8 Drag and Drop ClickJacking exploit development assistance tool. webapp
cloudget 53.807d08e Python script to bypass cloudflare from command line. Built upon cfscrape module. webapp
cms-explorer 15.23b58cd Designed to reveal the specific modules, plugins, components and themes that various cms driven websites are running fingerprint webapp
cms-few 0.1 Joomla, Mambo, PHP-Nuke, and XOOPS CMS SQL injection vulnerability scanning tool written in Python. webapp scanner
cmseek 323.8cd086d CMS (Content Management Systems) Detection and Exploitation suite. webapp fingerprint exploitation
cmsfuzz 5.6be5a98 Fuzzer for wordpress, cold fusion, drupal, joomla, and phpnuke. webapp scanner fuzzer
cmsmap 1:8.59dd0e2 A python open source Content Management System scanner that automates the process of detecting security flaws of the most popular CMSs. scanner automation webapp exploitation
cmsscanner 0.7.1.3.gcbd6011 CMS Scanner Framework. webapp scanner recon fingerprint
comission 189.1cbdcf7 WhiteBox CMS analysis. webapp scanner
commix 1406.1fc7f9bb Automated All-in-One OS Command Injection and Exploitation Tool. webapp automation exploitation
conscan 1.2 A blackbox vulnerability scanner for the Concre5 CMS. fuzzer scanner webapp
corscanner 57.01bfdba Fast CORS misconfiguration vulnerabilities scanner. webapp scanner
corstest 7.d8ddce2 A simple CORS misconfigurations checker. scanner webapp
corsy 20.d1da167 CORS Misconfiguration Scanner. webapp scanner
cpfinder 0.1 This is a simple script that looks for administrative web interfaces. scanner webapp
crawlic 51.739fe2b Web recon tool (find temporary files, parse robots.txt, search folders, google dorks and search domains hosted on same server). webapp recon
crlf-injector 8.abaf494 A python script for testing CRLF injecting issues. fuzzer webapp
csrftester 1.0 The OWASP CSRFTester Project attempts to give developers the ability to test their applications for CSRF flaws. webapp
cybercrowl 111.f7cac52 A Python Web path scanner tool. webapp scanner
d-tect 13.9555c25 Pentesting the Modern Web. scanner recon webapp
darkbing 0.1 A tool written in python that leverages bing for mining data on systems that may be susceptible to SQL injection. scanner fuzzer webapp
darkd0rk3r 1.0 Python script that performs dork searching and searches for local file inclusion and SQL injection errors. exploitation webapp
darkjumper 5.8 This tool will try to find every website that host at the same server at your target. webapp
darkmysqli 1.6 Multi-Purpose MySQL Injection Tool exploitation webapp
darkscrape 63.4c225f3 OSINT Tool For Scraping Dark Websites. webapp scanner recon
davscan 30.701f967 Fingerprints servers, finds exploits, scans WebDAV. webapp scanner fingerprint recon
dawnscanner 1:v1.6.9.r6.gac3eba5 A static analysis security scanner for ruby written web applications. webapp scanner
dcrawl 7.3273c35 Simple, but smart, multi-threaded web crawler for randomly gathering huge lists of unique domain names. scanner webapp
detectem 250.b1ecc35 Detect software and its version on websites. fingerprint webapp recon
dff-scanner 1.1 Tool for finding path of predictable resource locations. webapp
dirb 2.22 A web content scanner, brute forceing for hidden files. scanner webapp
dirble 1:1.4.2 Fast directory scanning and scraping tool. webapp scanner
dirbuster 1.0_RC1 An application designed to brute force directories and files names on web/application servers scanner webapp
dirbuster-ng 9.0c34920 C CLI implementation of the Java dirbuster tool. webapp scanner
directorytraversalscan 1.0.1.0 Detect directory traversal vulnerabilities in HTTP servers and web applications. windows webapp
dirhunt 214.c015930 Find web directories without bruteforce. webapp scanner
dirscanner 0.1 This is a python script that scans webservers looking for administrative directories, php shells, and more. scanner webapp
dirscraper 16.e752450 OSINT Scanning tool which discovers and maps directories found in javascript files hosted on a website. webapp scanner
dirsearch 318.a52e056 HTTP(S) directory/file brute forcer. webapp scanner
dirstalk 1.3.0 Modern alternative to dirbuster/dirb. scanner webapp
docem 18.f26dcaf Uility to embed XXE and XSS payloads in docx,odt,pptx,etc (OXML_XEE on steroids). webapp
domi-owned 41.583d0a5 A tool used for compromising IBM/Lotus Domino servers. webapp cracker fingerprint
doork 6.90c7260 Passive Vulnerability Auditor. webapp recon
dorknet 57.e4742cc Selenium powered Python script to automate searching for vulnerable web apps. webapp automation
dpscan 0.1 Drupal Vulnerabilty Scanner. scanner webapp fuzzer
droopescan 1.41.3 A plugin-based scanner that aids security researchers in identifying issues with several CMSs, mainly Drupal & Silverstripe. scanner webapp
drupal-module-enum 11.525543c Enumerate on drupal modules. webapp scanner
drupalscan 0.5.2 Simple non-intrusive Drupal scanner. webapp scanner
drupwn 1:55.fce465f Drupal enumeration & exploitation tool. webapp exploitation scanner
dsfs 36.8e9f8e9 A fully functional File inclusion vulnerability scanner (supporting GET and POST parameters) written in under 100 lines of code. webapp scanner
dsjs 28.ab4ffd6 A fully functional JavaScript library vulnerability scanner written in under 100 lines of code. webapp scanner
dsss 120.a51f39c A fully functional SQL injection vulnerability scanner (supporting GET and POST parameters) written in under 100 lines of code. webapp scanner
dsstore-crawler 4.9e003a3 A parser + crawler for .DS_Store files exposed publically. webapp recon
dsxs 128.d79cc26 A fully functional Cross-site scripting vulnerability scanner (supporting GET and POST parameters) written in under 100 lines of code. webapp scanner
dumb0 19.1493e74 A simple tool to dump users in popular forums and CMS. automation webapp
easyfuzzer 3.6 A flexible fuzzer, not only for web, has a CSV output for efficient output analysis (platform independant). fuzzer webapp
eazy 0.1 This is a small python tool that scans websites to look for PHP shells, backups, admin panels, and more. scanner webapp
epicwebhoneypot 2.0a Tool which aims to lure attackers using various types of web vulnerability scanners by tricking them into believing that they have found a vulnerability on a host. webapp defensive honeypot
eyewitness 808.680b7a3 Designed to take screenshots of websites, provide some server header info, and identify default credentials if possible. webapp recon misc
facebot 23.57f6025 A facebook profile and reconnaissance system. recon webapp
facebrute 7.ece355b This script tries to guess passwords for a given facebook account using a list of passwords (dictionary). cracker webapp
fbht 1:70.d75ae93 A Facebook Hacking Tool webapp
fdsploit 24.af95d1a A File Inclusion & Directory Traversal fuzzing, enumeration & exploitation tool. webapp fuzzer exploitation
ffuf 88.c33a431 Fast web fuzzer written in Go. webapp fuzzer
fhttp 1.3 This is a framework for HTTP related attacks. It is written in Perl with a GTK interface, has a proxy for debugging and manipulation, proxy chaining, evasion rules, and more. webapp scanner fuzzer fingerprint dos
filebuster 66.cd14ff9 An extremely fast and flexible web fuzzer. webapp fuzzer
filegps 79.a82124b A tool that help you to guess how your shell was renamed after the server-side script of the file uploader saved it. webapp misc
fingerprinter 427.5b9c08b CMS/LMS/Library etc Versions Fingerprinter. fingerprint webapp
flashscanner 11.6815b02 Flash XSS Scanner. scanner webapp
flunym0us 2.0 A Vulnerability Scanner for Wordpress and Moodle. scanner webapp
fuxploider 127.9d2f829 Tool that automates the process of detecting and exploiting file upload forms flaws. webapp exploitation
ghost-py 2.0.0 Webkit based webclient (relies on PyQT). webapp misc
gittools 50.8fcd119 A repository with 3 tools for pwn'ing websites with .git repositories available'. webapp scanner
gobuster 1:292.aa41e04 Directory/file & DNS busting tool written in Go. webapp scanner
golismero 71.a6f5a4a Opensource web security testing framework. webapp
gopherus 30.9da3106 Tool generates gopher link for exploiting SSRF and gaining RCE in various servers. webapp exploitation
grabber 0.1 A web application scanner. Basically it detects some kind of vulnerabilities in your website. webapp
gwtenum 1:7.f27a5aa A command line tool that analyzes the obfuscated Javascript produced by Google Web Toolkit (GWT) applications in order to enumerate all services and method calls. recon webapp
h2buster 78.40d9738 A threaded, recursive, web directory brute-force scanner over HTTP/2. scanner webapp
h2t 36.9183a30 Scans a website and suggests security headers to apply. webapp scanner defensive
hakku 384.bbb434d Simple framework that has been made for penetration testing tools. scanner recon webapp exploitation fingerprint
halberd 0.2.4 Halberd discovers HTTP load balancers. It is useful for web application security auditing and for load balancer configuration testing. scanner webapp
host-extract 1:8.0134ad7 Ruby script tries to extract all IP/Host patterns in page response of a given URL and JavaScript/CSS files of that URL. scanner webapp
htcap 1:130.a32da8b A web application analysis tool for detecting communications between javascript and the server. webapp scanner
httpforge 11.02.01 A set of shell tools that let you manipulate, send, receive, and analyze HTTP messages. These tools can be used to test, discover, and assert the security of Web servers, apps, and sites. An accompanying Python library is available for extensions. webapp scanner fuzzer recon
httppwnly 47.528a664 "Repeater" style XSS post-exploitation tool for mass browser control. webapp
hyperfox 66.3256937 A security tool for proxying and recording HTTP and HTTPs traffic. networking proxy webapp
identywaf 192.f8bd97e Blind WAF identification tool. webapp fingerprint
imagejs 54.1b0b3aa Small tool to package javascript into a valid image file. binary webapp
inurlbr 33.30a3abc Advanced search in the search engines - Inurl scanner, dorker, exploiter. scanner webapp automation
isr-form 1.0 Simple html parsing tool that extracts all form related information and generates reports of the data. Allows for quick analyzing of data. recon webapp
jaeles 29.e87e795 The Swiss Army knife for automated Web Application Testing. webapp scanner
jaidam 18.15e0fec Penetration testing tool that would take as input a list of domain names, scan them, determine if wordpress or joomla platform was used and finally check them automatically, for web vulnerabilities using two well-known open source tools, WPScan and Joomscan. webapp automation exploitation
jast 17.361ecde Just Another Screenshot Tool. webapp recon misc
jboss-autopwn 1.3bc2d29 A JBoss script for obtaining remote shell access. exploitation webapp automation
jdeserialize 31.20635ba A library that interprets Java serialized objects. It also comes with a command-line tool that can generate compilable class declarations, extract block data, and print textual representations of instance values. webapp reversing
jexboss 86.338b531 Jboss verify and Exploitation Tool. webapp exploitation
jok3r 447.0761996 Network and Web Pentest Framework. webapp scanner fuzzer networking
jomplug 0.1 This php script fingerprints a given Joomla system and then uses Packet Storm's archive to check for bugs related to the installed components. webapp fingerprint
jooforce 11.43c21ad A Joomla password brute force tester. webapp cracker
joomlascan 1.2 Joomla scanner scans for known vulnerable remote file inclusion paths and files. webapp scanner
joomlavs 254.eea7500 A black box, Ruby powered, Joomla vulnerability scanner. webapp scanner fuzzer
joomscan 1:71.4192949 Detects file inclusion, sql injection, command execution vulnerabilities of a target Joomla! web site. webapp
jshell 7.ee3c92d Get a JavaScript shell with XSS. webapp
jsparser 31.ccd3ab6 Parse javascript using Tornado and and JSBeautifier to discover interesting enpoints. webapp reversing
jsql-injection 0.81 A Java application for automatic SQL database injection. webapp exploitation fuzzer
jstillery 65.512e9af Advanced JavaScript Deobfuscation via Partial Evaluation. webapp
kadimus 113.b036a7f LFI Scan & Exploit Tool. webapp exploitation scanner
keye 29.d44a578 Recon tool detecting changes of websites based on content-length differences. recon webapp
kolkata 3.0 A web application fingerprinting engine written in Perl that combines cryptography with IDS evasion. webapp fingerprint
konan 12.88ed173 Advanced Web Application Dir Scanner. webapp scanner
kubolt 22.0be200d Utility for scanning public kubernetes clusters. webapp scanner
laf 12.7a456b3 Login Area Finder: scans host/s for login panels. scanner webapp
laudanum 1.0 A collection of injectable files, designed to be used in a pentest when SQL injection flaws are found and are in multiple languages for different environments. misc webapp
lbmap 147.2d15ace Proof of concept scripts for advanced web application fingerprinting, presented at OWASP AppSecAsia 2012. fingerprint webapp
letmefuckit-scanner 3.f3be22b Scanner and Exploit Magento. scanner webapp
leviathan 35.a1a1d8c A mass audit toolkit which has wide range service discovery, brute force, SQL injection detection and running custom exploit capabilities. scanner cracker webapp fuzzer exploitation
lfi-exploiter 1.1 This perl script leverages /proc/self/environ to attempt getting code execution out of a local file inclusion vulnerability. webapp exploitation
lfi-fuzzploit 1.1 A simple tool to help in the fuzzing for, finding, and exploiting of local file inclusion vulnerabilities in Linux-based PHP applications. webapp fuzzer exploitation
lfi-image-helper 0.8 A simple script to infect images with PHP Backdoors for local file inclusion attacks. webapp backdoor
lfi-scanner 4.0 This is a simple perl script that enumerates local file inclusion attempts when given a specific target. scanner fuzzer webapp
lfi-sploiter 1.0 This tool helps you exploit LFI (Local File Inclusion) vulnerabilities. Post discovery, simply pass the affected URL and vulnerable parameter to this tool. You can also use this tool to scan a URL for LFI vulnerabilities. webapp fuzzer exploitation
lfifreak 21.0c6adef A unique automated LFi Exploiter with Bind/Reverse Shells. webapp exploitation
lfimap 6.0edee6d This script is used to take the highest beneficts of the local file include vulnerability in a webserver. webapp fuzzer
lfisuite 85.470e01f Totally Automatic LFI Exploiter (+ Reverse Shell) and Scanner. scanner webapp exploitation
liffy 1:13.43a9298 A Local File Inclusion Exploitation tool. webapp exploitation fuzzer
lightbulb 67.e0ddf00 Python framework for auditing web applications firewalls. webapp scanner
linkfinder 153.7495676 Discovers endpoint and their parameters in JavaScript files. webapp recon
list-urls 0.1 Extracts links from webpage misc webapp
magescan 1.12.9 Scan a Magento site for information. webapp scanner
mando.me 9.8b34f1a Web Command Injection Tool. webapp exploitation
maryam 2:462.473f218 Tool to scan Web application and networks and easily and complete the information gathering process. scanner webapp recon
meg 87.9daab00 Fetch many paths for many hosts - without killing the hosts. webapp scanner
metoscan 05 Tool for scanning the HTTP methods supported by a webserver. It works by testing a URL and checking the responses for the different requests. webapp
mooscan 1:10.82963b0 A scanner for Moodle LMS. webapp scanner
morxtraversal 1.0 Path Traversal checking tool. webapp scanner
mosquito 39.fe54831 XSS exploitation tool - access victims through HTTP proxy. exploitation webapp
multiinjector 0.4 Automatic SQL injection utility using a lsit of URI addresses to test parameter manipulation. webapp
mwebfp 16.a800b98 Mass Web Fingerprinter. fingerprint webapp scanner
nikto 2.1.6 A web server scanner which performs comprehensive tests against web servers for multiple items scanner webapp fuzzer
nosqlmap 238.ae0b461 Automated Mongo database and NoSQL web application exploitation tool webapp exploitation
novahot 23.69857bb A webshell framework for penetration testers. webapp
nsia 1.0.6 A website scanner that monitors websites in realtime in order to detect defacements, compliance violations, exploits, sensitive information disclosure and other issues. scanner webapp defensive
okadminfinder 71.8c1869c Tool to find admin panels / admin login pages. webapp scanner
opendoor 393.c5e271f OWASP Directory Access scanner. webapp scanner
otori 0.3 A python-based toolbox intended to allow useful exploitation of XML external entity ("XXE") vulnerabilities. exploitation webapp
owasp-bywaf 26.e730d1b A web application penetration testing framework (WAPTF). webapp scanner
owtf 2100.cd2e91ad The Offensive (Web) Testing Framework. webapp automation scanner fuzzer
pappy-proxy 77.e1bb049 An intercepting proxy for web application testing. webapp proxy scanner fuzzer recon
parameth 56.8da6f27 This tool can be used to brute discover GET and POST parameters. webapp scanner
parampampam 32.9a10782 This tool for brute discover GET and POST parameters. webapp fuzzer
paranoic 1.7 A simple vulnerability scanner written in Perl. scanner scanner webapp
paros 3.2.13 Java-based HTTP/HTTPS proxy for assessing web app vulnerabilities. Supports editing/viewing HTTP messages on-the-fly, spiders, client certificates, proxy-chaining, intelligent scanning for XSS and SQLi, etc. webapp
payloadmask 16.ff38964 Web Payload list editor to use techniques to try bypass web application firewall. webapp
pblind 1.0 Little utility to help exploiting blind sql injection vulnerabilities. exploitation webapp
peepingtom 1:56.bc6f4d8 A tool to take screenshots of websites. Much like eyewitness. webapp recon
photon 324.198deac Incredibly fast crawler which extracts urls, emails, files, website accounts and much more. webapp recon
php-findsock-shell 2.b8a984f A Findsock Shell implementation in PHP + C. webapp backdoor
php-vulnerability-hunter 1.4.0.20 An whitebox fuzz testing tool capable of detected several classes of vulnerabilities in PHP web applications. windows webapp code-audit
phpsploit 911.1532676 Stealth post-exploitation framework. webapp
pixload 25.ebf19ab Image Payload Creating/Injecting tools. webapp backdoor
plecost 98.1a4a11b Wordpress finger printer Tool. webapp fingerprint
plown 13.ccf998c A security scanner for Plone CMS. webapp
poly 52.4e6f189 Polymorphic webshells. webapp backdoor
poracle 68.dcc00b0 A tool for demonstrating padding oracle attacks. crypto webapp
pown 93.59e9626 Security testing and exploitation toolkit built on top of Node.js and NPM. webapp recon scanner social proxy
proxenet 712.67fc6b5 THE REAL hacker friendly proxy for web application pentests. webapp proxy sniffer
pureblood 37.2c5ce07 A Penetration Testing Framework created for Hackers / Pentester / Bug Hunter. automation webapp scanner fuzzer
pyfiscan 2372.25a0a2e Free web-application vulnerability and version scanner. webapp scanner
pythem 454.e4fcb8a Python penetration testing framework. scanner sniffer recon cracker webapp
python-arsenic 19.1 Async WebDriver implementation for asyncio and asyncio-compatible frameworks. automation webapp
python-jsbeautifier 1.10.2 JavaScript unobfuscator and beautifier reversing webapp
python2-jsbeautifier 1.10.1 JavaScript unobfuscator and beautifier reversing webapp
python2-webtech 1.2.7 Identify technologies used on websites. webapp recon scanner fingerprint
rabid 1:v0.0.4.r16.g7623959 A CLI tool and library allowing to simply decode all kind of BigIP cookies. webapp misc
rabid-git v0.0.4.r14.gd5398d2 A CLI tool and library allowing to simply decode all kind of BigIP cookies webapp misc
rapidscan 158.ea3aa67 The Multi-Tool Web Vulnerability Scanner. webapp scanner recon fingerprint fuzzer exploitation
ratproxy 1.58 A passive web application security assessment tool fuzzer proxy scanner webapp
rawr 74.544dd75 Rapid Assessment of Web Resources. A web enumerator. scanner webapp
recsech 116.888dd64 Tool for doing Footprinting and Reconnaissance on the target web. recon scanner webapp fingerprinting
red-hawk 29.12b5dfa All in one tool for Information Gathering, Vulnerability Scanning and Crawling. recon scanner webapp
remot3d 36.6d6f902 An Simple Exploit for PHP Language. webapp backdoor exploitation
riwifshell 38.40075d5 Web backdoor - infector - explorer. webapp backdoor
ruler 274.0201fe8 A tool to abuse Exchange services. webapp exploitation
rustbuster 295.18cd96e DirBuster for Rust. webapp scanner
rww-attack 0.9.2 The Remote Web Workplace Attack tool will perform a dictionary attack against a live Microsoft Windows Small Business Server's 'Remote Web Workplace' portal. It currently supports both SBS 2003 and SBS 2008 and includes features to avoid account lock out. webapp
sawef 28.e65dc9f Send Attack Web Forms. webapp recon
scanqli 26.40a028d SQLi scanner to detect SQL vulns. webapp scanner
scrapy 1.7.4 A fast high-level scraping and web crawling framework. webapp recon scanner
secscan 1.5 Web Apps Scanner and Much more utilities. webapp scanner
serializationdumper 11.602c75f A tool to dump Java serialization streams in a more human readable form. webapp reversing
shellinabox 428.98e6eeb Implements a web server that can export arbitrary command line tools to a web based terminal emulator. backdoor webapp
shortfuzzy 0.1 A web fuzzing script written in perl. webapp fuzzer scanner
sitadel 119.0f67870 Web Application Security Scanner. webapp scanner
sitediff 3.1383935 Fingerprint a web app using local files as the fingerprint sources. webapp fingerprint
sjet 27.2d52f0c Siberas JMX exploitation toolkit. exploitation webapp
skipfish 2.10b A fully automated, active web application security reconnaissance tool fuzzer scanner webapp
smplshllctrlr 9.2baf390 PHP Command Injection exploitation tool. webapp exploitation
snallygaster 65.eb1ab88 Tool to scan for secret files on HTTP servers. webapp scanner
snare 149.3b04ebd Super Next generation Advanced Reactive honEypot honeypot webapp
snuck 6.76196b6 Automatic XSS filter bypass. webapp
spaf 11.671a976 Static Php Analysis and Fuzzer. webapp fuzzer code-audit
spaghetti 4:9.df39a11 Web Application Security Scanner. webapp scanner
sparty 0.1 An open source tool written in python to audit web applications using sharepoint and frontpage architecture. webapp
spiga 2:623.8bc1ddc Configurable web resource scanner. webapp scanner
spike-proxy 148 A Proxy for detecting vulnerabilities in web applications webapp
spipscan 1:69.4ad3235 SPIP (CMS) scanner for penetration testing purpose written in Python. webapp scanner
sqid 0.3 A SQL injection digger. webapp
sqlbrute 1.0 Brute forces data out of databases using blind SQL injection. fuzzer webapp
sqldict 2.1 A dictionary attack tool for SQL Server. windows webapp
sqlivulscan 249.cc8e657 This will give you the SQLi Vulnerable Website Just by Adding the Dork. scanner webapp
sqlmap 1.3.11 Automatic SQL injection and database takeover tool webapp exploitation fuzzer
sqlninja 0.2.999 A tool targeted to exploit SQL Injection vulnerabilities on a web application that uses Microsoft SQL Server as its back-end. exploitation fuzzer webapp
sqlping 4 SQL Server scanning tool that also checks for weak passwords using wordlists. windows webapp exploitation
sqlpowerinjector 1.2 Application created in .Net 1.1 that helps the penetration tester to find and exploit SQL injections on a web page. windows webapp
sqlsus 0.7.2 An open source MySQL injection and takeover tool, written in perl exploitation webapp
striker 85.87c184d An offensive information and vulnerability scanner. scanner recon webapp
swarm 1:41.1713c1e A distributed penetration testing tool. scanner recon cracker exploitation webapp
swftools 0.9.2 A collection of SWF manipulation and creation utilities binary reversing webapp
taipan 2.7 Web application security scanner. scanner webapp
themole 0.3 Automatic SQL injection exploitation tool. webapp
tinfoleak 3.6469eb3 Get detailed information about a Twitter user activity. recon social webapp
tinfoleak2 41.c45c33e Get detailed information about a Twitter user activity. recon social webapp
tomcatwardeployer 91.a1a4453 Apache Tomcat auto WAR deployment & pwning penetration testing tool. exploitation automation webapp
torcrawl 56.0b51037 Crawl and extract (regular or onion) webpages through TOR network. webapp scanner
tplmap 711.7498076 Automatic Server-Side Template Injection Detection and Exploitation Tool. webapp exploitation
typo-enumerator 81.b01084b Enumerate Typo3 version and extensions. webapp scanner
uatester 1.06 User Agent String Tester misc webapp
ufonet 49.37d112d A tool designed to launch DDoS attacks against a target, using 'Open Redirect' vectors on third party web applications, like botnet. dos webapp
uncaptcha2 7.473f33d Defeating the latest version of ReCaptcha with 91% accuracy. webapp
uniscan 6.3 A simple Remote File Include, Local File Include and Remote Command Execution vulnerability scanner. fuzzer scanner webapp
uppwn 9.f69dec4 A script that automates detection of security flaws on websites' file upload systems'. webapp fuzzer
urlcrazy 0.5 Generate and test domain typos and variations to detect and perform typo squatting, URL hijacking, phishing, and corporate espionage. webapp
urldigger 02c A python tool to extract URL addresses from different HOT sources and/or detect SPAM and malicious code webapp scanner
vane 1899.48f9ab5 A vulnerability scanner which checks the security of WordPress installations using a black box approach. scanner webapp fuzzer
vanguard 0.1 A comprehensive web penetration testing tool written in Perl that identifies vulnerabilities in web applications. webapp scanner
vbscan 1:39.2b1ce48 A black box vBulletin vulnerability scanner written in perl. webapp fuzzer scanner
vega 1.0 An open source platform to test the security of web applications. webapp
visql 49.3082e30 Scan SQL vulnerability on target site and sites of on server. scanner webapp
vsvbp 6.241a7ab Black box tool for Vulnerability detection in web applications. webapp scanner
vulnerabilities-spider 1.426e70f A tool to scan for web vulnerabilities. webapp scanner
vulnx 297.d5b6fba Cms and vulnerabilites detector & An intelligent bot auto shell injector. webapp scanner fingerprint recon
w13scan 295.eff6afe Passive Security Scanner. webapp scanner fuzzer
w3af 1.6.49 Web Application Attack and Audit Framework. fuzzer scanner webapp
waffit 202.d28dc3d Identify and fingerprint Web Application Firewall (WAF) products protecting a website. scanner webapp
wafninja 25.379cd98 A tool which contains two functions to attack Web Application Firewalls. webapp fuzzer
wafp 0.01_26c3 An easy to use Web Application Finger Printing tool written in ruby using sqlite3 databases for storing the fingerprints. webapp fingerprint
wafpass 48.c3ea1b9 Analysing parameters with all payloads' bypass methods, aiming at benchmarking security solutions like WAF. webapp fuzzer
wafw00f 445.a95a942 Identify and fingerprint Web Application Firewall (WAF) products protecting a website. scanner webapp
wapiti 3.0.2 A vulnerability scanner for web applications. It currently search vulnerabilities like XSS, SQL and XPath injections, file inclusions, command execution, LDAP injections, CRLF injections... fuzzer scanner webapp
wascan 1:27.bd25246 Web Application Scanner. webapp scanner
waybackpack 49.36db906 Download the entire Wayback Machine archive for a given URL. webapp recon
web-soul 2 A plugin based scanner for attacking and data mining web sites written in Perl. webapp
webacoo 0.2.3 Web Backdoor Cookie Script-Kit. backdoor webapp
webanalyze 61.7f465eb Port of Wappalyzer (uncovers technologies used on websites) in go to automate scanning. webapp recon scanner fingerprint
webborer 165.184c862 A directory-enumeration tool written in Go. webapp scanner
webenum 21.24b43b4 Tool to enumerate http responses using dynamically generated queries and more. Useful for penetration tests against web servers. scanner webapp
webexploitationtool 155.85bcf0e A cross platform web exploitation toolkit. exploitation webapp
webhandler 344.a7490cf A handler for PHP system functions & also an alternative 'netcat' handler. webapp
webhunter 12.918b606 Tool for scanning web applications and networks and easily completing the process of collecting knowledge. scanner webapp
webpwn3r 35.3fb27bb A python based Web Applications Security Scanner. scanner webapp
webrute 3.3 Web server directory brute forcer. scanner webapp
webscarab 20120422.001828 Framework for analysing applications that communicate using the HTTP and HTTPS protocols fuzzer proxy scanner webapp
webshag 1.10 A multi-threaded, multi-platform web server audit tool. fuzzer scanner webapp
webshells 34.0701fcb Web Backdoors. backdoor webapp
webslayer 5 A tool designed for brute forcing Web Applications. webapp
webspa 0.8 A web knocking tool, sending a single HTTP/S to run O/S commands. backdoor webapp
webtech 1.2.7 Identify technologies used on websites. webapp recon scanner fingerprint
webxploiter 56.c03fe6b An OWASP Top 10 Security scanner. webapp exploitation fuzzer scanner
weevely 834.67481c7 Weaponized web shell. backdoor webapp
wfuzz 816.619ea18 Utility to bruteforce web applications to find their not linked resources. fuzzer webapp
whatsmyname 388.5ead5e1 Tool to perform user and username enumeration on various websites. webapp recon
whatwaf 366.b4ddbaf Detect and bypass web application firewalls and protection systems. webapp scanner
whatweb 4681.2b531f41 Next generation web scanner that identifies what websites are running. recon webapp
whichcdn 22.5fc6ddd Tool to detect if a given website is protected by a Content Delivery Network. webapp recon
wig 574.d5ddd91 WebApp Information Gatherer. webapp scanner recon
witchxtool 1.1 A perl script that consists of a port scanner, LFI scanner, MD5 bruteforcer, dork SQL injection scanner, fresh proxy scanner, and a dork LFI scanner. webapp scanner exploitation fuzzer
wmat 3:0.1 Automatic tool for testing webmail accounts. cracker webapp
wordbrutepress 30.5165648 Python script that performs brute forcing against WordPress installs using a wordlist. cracker webapp
wordpress-exploit-framework 907.e55ded4 A Ruby framework for developing and using modules which aid in the penetration testing of WordPress powered websites and systems. webapp exploitation
wordpresscan 67.7485ef1 WPScan rewritten in Python + some WPSeku ideas. scanner webapp
wpbf 7.11b6ac1 Multithreaded WordPress brute forcer. cracker webapp
wpbrute-rpc 3.e7d8145 Tool for amplified bruteforce attacks on wordpress based website via xmlrcp API. cracker webapp
wpbullet 34.6185112 A static code analysis for WordPress (and PHP). code-audit webapp
wpforce 87.31024e0 Wordpress Attack Suite. webapp cracker exploitation
wpintel 6.741c0c9 Chrome extension designed for WordPress Vulnerability Scanning and information gathering. webapp scanner fingerprint
wpscan 1:3.7.5 Black box WordPress vulnerability scanner webapp fuzzer scanner
wpseku 2:35.69a71ed Simple Wordpress Security Scanner. webapp scanner
ws-attacker 1.7 A modular framework for web services penetration testing. webapp
wsfuzzer 1.9.5 A Python tool written to automate SOAP pentesting of web services. fuzzer webapp
wssip 75.56d0d2c Application for capturing, modifying and sending custom WebSocket data from client to server and vice versa. webapp proxy
wuzz 209.4c6d320 Interactive cli tool for HTTP inspection. webapp misc
xattacker 89.fb2f38f Website Vulnerability Scanner & Auto Exploiter. webapp scanner blackarck-exploitation
xmlrpc-bruteforcer 33.3645cd0 An XMLRPC brute forcer targeting Wordpress written in Python 3. webapp
xspear 1:90.40cb979 Powerfull XSS Scanning and Parameter analysis tool&gem. webapp fuzzer
xsrfprobe 442.d2e0f54 The Prime Cross Site Request Forgery Audit and Exploitation Toolkit. webapp scanner
xsscon 31.a285547 Simple XSS Scanner tool. webapp scanner
xsscrapy 139.06ad0aa XSS spider - 66/66 wavsep XSS detected. webapp
xsser 2:1.8 A penetration testing tool for detecting and exploiting XSS vulnerabilites. webapp fuzzer exploitation
xssless 45.8e7ebe1 An automated XSS payload generator written in python. webapp
xsspy 58.b941d10 Web Application XSS Scanner. webapp scanner
xsss 0.40b A brute force cross site scripting scanner. webapp fuzzer scanner
xssscan 1:17.7f1ea90 Command line tool for detection of XSS attacks in URLs. Based on ModSecurity rules from OWASP CRS. webapp scanner fuzzer
xsssniper 79.02b59af An automatic XSS discovery tool webapp fuzzer
xsstrike 444.45e2d47 An advanced XSS detection and exploitation suite. webapp scanner
xssya 1:13.cd62817 A Cross Site Scripting Scanner & Vulnerability Confirmation. webapp scanner
xwaf 154.31c5944 Automatic WAF bypass tool. webapp scanner
xxeinjector 53.8c5c70e Tool for automatic exploitation of XXE vulnerability using direct and different out of band methods. exploitation webapp
yaaf 7.4d6273a Yet Another Admin Finder. webapp scanner
yasuo 121.994dcb1 A ruby script that scans for vulnerable & exploitable 3rd-party web applications on a network. webapp scanner
yawast 980.cfe3eb2 The YAWAST Antecedent Web Application Security Toolkit. webapp scanner fuzzer
ycrawler 0.1 A web crawler that is useful for grabbing all user supplied input related to a given website and will save the output. It has proxy and log file support. webapp scanner proxy
yinjector 0.1 A MySQL injection penetration tool. It has multiple features, proxy support, and multiple exploitation methods. exploitation webapp automation
ysoserial 0.0.5 A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization. webapp exploitation
zaproxy 2.8.1 Integrated penetration testing tool for finding vulnerabilities in web applications webapp fuzzer proxy