WebHackersWeapons/README.md

98 lines
10 KiB
Markdown
Raw Normal View History

2020-04-04 11:35:27 -04:00
<h1 align="center">
<br>
2020-04-05 10:40:01 -04:00
<a href=""><img src="https://user-images.githubusercontent.com/13212227/78501395-98c3f400-7796-11ea-8971-5c5a1a3244f5.png" alt="" width="300px;"></a>
2020-04-04 11:35:27 -04:00
<br>
Web Hacker's Weapons
<br>
</h1>
2020-04-04 11:28:54 -04:00
A collection of cool tools used by Web hackers. Happy hacking , Happy bug-hunting
2020-04-04 11:26:48 -04:00
## Category
2020-04-04 23:54:04 -04:00
- [Weapons](#weapons)
- [Subdomain Enumeration](#subdomain-enumeration)
- [Fetch path and host](#fetch-path-and-host)
- [Port scanner](#port-scanner)
2020-04-05 11:57:55 -04:00
- [Web Discovery](#web-discovery)
2020-04-04 23:54:04 -04:00
- [Web Vulnerability Scanner](#web-vulnerability-scanner)
- [XSS](#xss)
- [CSRF](#csrf)
- [Path traversal / Directory traversal / LFI](#path-traversal--directory-traversal--lfi)
- [Command Injection](#command-injection)
- [SQL Injection](#sql-injection)
- [NoSQL Injection](#nosql-injection)
- [SSRF](#ssrf)
- [CORS Misconfiguration](#cors-misconfiguration)
- [WebSocket](#websocket)
2020-04-04 23:57:59 -04:00
- [Cloud Security](#cloud-security)
2020-04-04 23:54:04 -04:00
- [Utility for hackers](#utility-for-hackers)
2020-04-05 01:00:51 -04:00
- [Online tools](#online-tools)
2020-04-04 23:57:59 -04:00
- [Contribute](#contribute-and-contributor)
2020-04-04 23:49:11 -04:00
## Weapons
### Subdomain Enumeration
2020-04-05 11:57:55 -04:00
| Name | Description | Popularity | Language | Metadata |
| ---------- | :---------- | :----------: | :----------: | :----------: |
| [findomain](https://github.com/Edu4rdSHL/findomain) | The fastest and cross-platform subdomain enumerator, do not waste your time. | ![](https://img.shields.io/github/stars/Edu4rdSHL/findomain) | ![](https://img.shields.io/github/languages/top/Edu4rdSHL/findomain) | ![](https://img.shields.io/github/repo-size/Edu4rdSHL/findomain)<br>![](https://img.shields.io/github/license/Edu4rdSHL/findomain) <br> ![](https://img.shields.io/github/forks/Edu4rdSHL/findomain) <br> ![](https://img.shields.io/github/watchers/Edu4rdSHL/findomain) |
| [subfinder](https://github.com/projectdiscovery/subfinder) | Subfinder is a subdomain discovery tool that discovers valid subdomains for websites. Designed as a passive framework to be useful for bug bounties and safe for penetration testing. | ![](https://img.shields.io/github/stars/projectdiscovery/subfinder) | ![](https://img.shields.io/github/languages/top/projectdiscovery/subfinder) | ![](https://img.shields.io/github/repo-size/projectdiscovery/subfinder)<br>![](https://img.shields.io/github/license/projectdiscovery/subfinder) <br> ![](https://img.shields.io/github/forks/projectdiscovery/subfinder) <br> ![](https://img.shields.io/github/watchers/projectdiscovery/subfinder) |
| [Amass](https://github.com/OWASP/Amass) | In-depth Attack Surface Mapping and Asset Discovery | ![](https://img.shields.io/github/stars/OWASP/Amass) | ![](https://img.shields.io/github/languages/top/OWASP/Amass) | ![](https://img.shields.io/github/repo-size/OWASP/Amass)<br>![](https://img.shields.io/github/license/OWASP/Amass) <br> ![](https://img.shields.io/github/forks/OWASP/Amass) <br> ![](https://img.shields.io/github/watchers/OWASP/Amass) |
| [Sublist3r](https://github.com/aboul3la/Sublist3r) | Fast subdomains enumeration tool for penetration testers | ![](https://img.shields.io/github/stars/aboul3la/Sublist3r) | ![](https://img.shields.io/github/languages/top/aboul3la/Sublist3r) | ![](https://img.shields.io/github/repo-size/aboul3la/Sublist3r)<br>![](https://img.shields.io/github/license/aboul3la/Sublist3r) <br> ![](https://img.shields.io/github/forks/aboul3la/Sublist3r) <br> ![](https://img.shields.io/github/watchers/aboul3la/Sublist3r) |
| [assetfinder](https://github.com/tomnomnom/assetfinder) | Find domains and subdomains related to a given domain | ![](https://img.shields.io/github/stars/tomnomnom/assetfinder) | ![](https://img.shields.io/github/languages/top/tomnomnom/assetfinder) | ![](https://img.shields.io/github/repo-size/tomnomnom/assetfinder)<br>![](https://img.shields.io/github/license/tomnomnom/assetfinder) <br> ![](https://img.shields.io/github/forks/tomnomnom/assetfinder) <br> ![](https://img.shields.io/github/watchers/tomnomnom/assetfinder) |
2020-04-04 23:49:11 -04:00
### Fetch path and host
2020-04-05 11:57:55 -04:00
| Name | Description | Popularity | Language | Metadata |
| ---------- | :---------- | :----------: | :----------: | :----------: |
| [meg](https://github.com/tomnomnom/meg) | Fetch many paths for many hosts - without killing the hosts | ![](https://img.shields.io/github/stars/tomnomnom/meg) | ![](https://img.shields.io/github/languages/top/tomnomnom/meg) | ![](https://img.shields.io/github/repo-size/tomnomnom/meg)<br>![](https://img.shields.io/github/license/tomnomnom/meg) <br> ![](https://img.shields.io/github/forks/tomnomnom/meg) <br> ![](https://img.shields.io/github/watchers/tomnomnom/meg) |
| [httprobe](https://github.com/tomnomnom/httprobe) | Take a list of domains and probe for working HTTP and HTTPS servers | ![](https://img.shields.io/github/stars/tomnomnom/httprobe) | ![](https://img.shields.io/github/languages/top/tomnomnom/httprobe) | ![](https://img.shields.io/github/repo-size/tomnomnom/httprobe)<br>![](https://img.shields.io/github/license/tomnomnom/httprobe) <br> ![](https://img.shields.io/github/forks/tomnomnom/httprobe) <br> ![](https://img.shields.io/github/watchers/tomnomnom/httprobe) |
2020-04-04 23:49:11 -04:00
### Port scanner
2020-04-05 11:57:55 -04:00
| Name | Description | Popularity | Language | Metadata |
| ---------- | :---------- | :----------: | :----------: | :----------: |
| [nmap](https://github.com/nmap/nmap) | Nmap - the Network Mapper. Github mirror of official SVN repository. | ![](https://img.shields.io/github/stars/nmap/nmap) | ![](https://img.shields.io/github/languages/top/nmap/nmap) | ![](https://img.shields.io/github/repo-size/nmap/nmap)<br>![](https://img.shields.io/github/license/nmap/nmap) <br> ![](https://img.shields.io/github/forks/nmap/nmap) <br> ![](https://img.shields.io/github/watchers/nmap/nmap) |
| [naabu](https://github.com/projectdiscovery/naabu) | A fast port scanner written in go with focus on reliability and simplicity. Designed to be used in combination with other tools for attack surface discovery in bug bounties and pentests | ![](https://img.shields.io/github/stars/projectdiscovery/naabu) | ![](https://img.shields.io/github/languages/top/projectdiscovery/naabu) | ![](https://img.shields.io/github/repo-size/projectdiscovery/naabu)<br>![](https://img.shields.io/github/license/projectdiscovery/naabu) <br> ![](https://img.shields.io/github/forks/projectdiscovery/naabu) <br> ![](https://img.shields.io/github/watchers/projectdiscovery/naabu) |
| [masscan](https://github.com/robertdavidgraham/masscan) | TCP port scanner, spews SYN packets asynchronously, scanning entire Internet in under 5 minutes. | ![](https://img.shields.io/github/stars/robertdavidgraham/masscan) | ![](https://img.shields.io/github/languages/top/robertdavidgraham/masscan) | ![](https://img.shields.io/github/repo-size/robertdavidgraham/masscan)<br>![](https://img.shields.io/github/license/robertdavidgraham/masscan) <br> ![](https://img.shields.io/github/forks/robertdavidgraham/masscan) <br> ![](https://img.shields.io/github/watchers/robertdavidgraham/masscan) |
### Web Discovery
| Name | Description | Popularity | Language | Metadata |
| ---------- | :---------- | :----------: | :----------: | :----------: |
| [gospider](https://github.com/jaeles-project/gospider) | Gospider - Fast web spider written in Go | ![](https://img.shields.io/github/stars/jaeles-project/gospider) | ![](https://img.shields.io/github/languages/top/jaeles-project/gospider) | ![](https://img.shields.io/github/repo-size/jaeles-project/gospider)<br>![](https://img.shields.io/github/license/jaeles-project/gospider) <br> ![](https://img.shields.io/github/forks/jaeles-project/gospider) <br> ![](https://img.shields.io/github/watchers/jaeles-project/gospider) |
| [gobuster](https://github.com/OJ/gobuster) | Directory/File, DNS and VHost busting tool written in Go | ![](https://img.shields.io/github/stars/OJ/gobuster) | ![](https://img.shields.io/github/languages/top/OJ/gobuster) | ![](https://img.shields.io/github/repo-size/OJ/gobuster)<br>![](https://img.shields.io/github/license/OJ/gobuster) <br> ![](https://img.shields.io/github/forks/OJ/gobuster) <br> ![](https://img.shields.io/github/watchers/OJ/gobuster) |
| [LinkFinder](https://github.com/GerbenJavado/LinkFinder) | A python script that finds endpoints in JavaScript files | ![](https://img.shields.io/github/stars/GerbenJavado/LinkFinder) | ![](https://img.shields.io/github/languages/top/GerbenJavado/LinkFinder) | ![](https://img.shields.io/github/repo-size/GerbenJavado/LinkFinder)<br>![](https://img.shields.io/github/license/GerbenJavado/LinkFinder) <br> ![](https://img.shields.io/github/forks/GerbenJavado/LinkFinder) <br> ![](https://img.shields.io/github/watchers/GerbenJavado/LinkFinder) |
| [wfuzz](https://github.com/xmendez/wfuzz) | Web application fuzzer | ![](https://img.shields.io/github/stars/xmendez/wfuzz) | ![](https://img.shields.io/github/languages/top/xmendez/wfuzz) | ![](https://img.shields.io/github/repo-size/xmendez/wfuzz)<br>![](https://img.shields.io/github/license/xmendez/wfuzz) <br> ![](https://img.shields.io/github/forks/xmendez/wfuzz) <br> ![](https://img.shields.io/github/watchers/xmendez/wfuzz) |
2020-04-04 23:49:11 -04:00
### Web Vulnerability Scanner
### XSS
### CSRF
### Path traversal / Directory traversal / LFI
### Command Injection
### SQL Injection
### NoSQL Injection
### SSRF
### CORS Misconfiguration
### WebSocket
2020-04-04 23:57:23 -04:00
### Cloud Security
2020-04-04 23:49:11 -04:00
### Utility for hackers
2020-04-05 01:00:27 -04:00
### Online tools
2020-04-04 23:57:04 -04:00
## Contribute and Contributor
2020-04-05 01:23:01 -04:00
### Usage of weapon-md
2020-04-04 11:26:48 -04:00
```
2020-04-05 01:23:01 -04:00
./weapon-md
Usage of ./weapon-md:
-isFirst
if you add new type, it use
-url string
github / gitlab / bitbucket url
2020-04-04 11:26:48 -04:00
```
2020-04-05 01:23:01 -04:00
### Three Procedures for the Contribute
2020-04-05 01:23:38 -04:00
- First, generate markdown code using `weapon-md`
2020-04-05 01:23:01 -04:00
```
$ ./weapon-md -url https://github.com/hahwul/xspear
| [xspear](https://github.com/hahwul/xspear) | Powerfull XSS Scanning and Parameter analysis tool&gem | ![](https://img.shields.io/github/stars/hahwul/xspear) | ![](https://img.shields.io/github/languages/top/hahwul/xspear) | ![](https://img.shields.io/github/repo-size/hahwul/xspear)<br>![](https://img.shields.io/github/license/hahwul/xspear) <br> ![](https://img.shields.io/github/forks/hahwul/xspear) <br> ![](https://img.shields.io/github/watchers/hahwul/xspear) |
```
2020-04-05 01:23:38 -04:00
- Second, Give me PR or Add issue with output code<br>
- Third, There's no third.