Merge pull request #1 from hahwul/master

update
This commit is contained in:
gilfoyle97 2020-12-16 09:55:08 +01:00 committed by GitHub
commit de4acd9adb
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
10 changed files with 394 additions and 4 deletions

67
.github/workflows/codeql-analysis.yml vendored Normal file
View File

@ -0,0 +1,67 @@
# For most projects, this workflow file will not need changing; you simply need
# to commit it to your repository.
#
# You may wish to alter this file to override the set of languages analyzed,
# or to provide custom queries or build logic.
#
# ******** NOTE ********
# We have attempted to detect the languages in your repository. Please check
# the `language` matrix defined below to confirm you have the correct set of
# supported CodeQL languages.
#
name: "CodeQL"
on:
push:
branches: [ master ]
pull_request:
# The branches below must be a subset of the branches above
branches: [ master ]
schedule:
- cron: '29 14 * * 4'
jobs:
analyze:
name: Analyze
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
language: [ 'go' ]
# CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python' ]
# Learn more:
# https://docs.github.com/en/free-pro-team@latest/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning#changing-the-languages-that-are-analyzed
steps:
- name: Checkout repository
uses: actions/checkout@v2
# Initializes the CodeQL tools for scanning.
- name: Initialize CodeQL
uses: github/codeql-action/init@v1
with:
languages: ${{ matrix.language }}
# If you wish to specify custom queries, you can do so here or in a config file.
# By default, queries listed here will override any specified in a config file.
# Prefix the list here with "+" to use these queries and those in the config file.
# queries: ./path/to/local/query, your-org/your-repo/queries@main
# Autobuild attempts to build any compiled languages (C/C++, C#, or Java).
# If this step fails, then you should remove it and run the build manually (see below)
- name: Autobuild
uses: github/codeql-action/autobuild@v1
# Command-line programs to run using the OS shell.
# 📚 https://git.io/JvXDl
# ✏️ If the Autobuild fails above, remove it and uncomment the following three lines
# and modify them (or add more) to build your code if your project
# uses a compiled language
#- run: |
# make bootstrap
# make release
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v1

21
.github/workflows/contributors.yml vendored Normal file
View File

@ -0,0 +1,21 @@
name: Contributors
on:
schedule:
- cron: '0 4 * * 0'
push:
branches:
- master
workflow_dispatch:
inputs:
logLevel:
description: 'manual run'
required: false
default: ''
jobs:
contributors:
runs-on: ubuntu-latest
steps:
- uses: bubkoo/contributors-list@v1
with:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
round: true

33
.github/workflows/go.yml vendored Normal file
View File

@ -0,0 +1,33 @@
name: Build
on:
push:
branches: [ master ]
pull_request:
branches: [ master ]
jobs:
build:
name: Build
runs-on: ubuntu-latest
steps:
- name: Set up Go 1.x
uses: actions/setup-go@v2
with:
go-version: ^1.13
- name: Check out code into the Go module directory
uses: actions/checkout@v2
- name: Get dependencies
run: |
go get -v -t -d ./...
if [ -f Gopkg.toml ]; then
curl https://raw.githubusercontent.com/golang/dep/master/install.sh | sh
dep ensure
fi
- name: Build
run: make contribute

21
CONTRIBUTORS.svg Normal file

File diff suppressed because one or more lines are too long

After

Width:  |  Height:  |  Size: 966 KiB

View File

@ -4,7 +4,13 @@
<br>
Web Hacker's Weapons
<br>
<a href="https://twitter.com/intent/follow?screen_name=hahwul"><img src="https://img.shields.io/twitter/follow/hahwul?style=flat-square"></a> <img src="https://img.shields.io/github/languages/top/hahwul/WebHackersWeapons?style=flat-square"> <img src="https://img.shields.io/github/last-commit/hahwul/WebHackersWeapons?style=flat-square">
<img src="https://img.shields.io/github/languages/top/hahwul/WebHackersWeapons?style=flat">
<img src="https://img.shields.io/github/last-commit/hahwul/WebHackersWeapons?style=flat">
<img src="https://img.shields.io/badge/PRs-welcome-cyan">
<img src="https://github.com/hahwul/WebHackersWeapons/workflows/Build/badge.svg">
<img src="https://github.com/hahwul/WebHackersWeapons/workflows/CodeQL/badge.svg">
<a href="https://twitter.com/intent/follow?screen_name=hahwul"><img src="https://img.shields.io/twitter/follow/hahwul?style=flat&logo=twitter"></a>
<a href="https://github.com/hahwul"><img src="https://img.shields.io/github/stars/hahwul?style=flat&logo=github"></a>
</h1>
A collection of cool tools used by Web hackers. Happy hacking , Happy bug-hunting
@ -28,6 +34,7 @@ A collection of cool tools used by Web hackers. Happy hacking , Happy bug-huntin
| Army-Knife/SCAN | [jaeles](https://github.com/jaeles-project/jaeles) | The Swiss Army knife for automated Web Application Testing | ![](https://img.shields.io/github/stars/jaeles-project/jaeles) | ![](https://img.shields.io/github/languages/top/jaeles-project/jaeles) |
| Army-Knife/PROXY | [BurpSuite](https://portswigger.net/burp) | the BurpSuite Project|![](https://img.shields.io/static/v1?label=&message=it's%20not%20github&color=gray)|![](https://img.shields.io/static/v1?label=&message=it's%20not%20github&color=gray)
| Army-Knife/PROXY | [hetty](https://github.com/dstotijn/hetty) | Hetty is an HTTP toolkit for security research. It aims to become an open source alternative to commercial software like Burp Suite Pro, with powerful features tailored to the needs of the infosec and bug bounty community. | ![](https://img.shields.io/github/stars/dstotijn/hetty) | ![](https://img.shields.io/github/languages/top/dstotijn/hetty) |
| Army-Knife/PROXY | [proxify](https://github.com/projectdiscovery/proxify) | Swiss Army knife Proxy tool for HTTP/HTTPS traffic capture, manipulation and replay | ![](https://img.shields.io/github/stars/projectdiscovery/proxify) | ![](https://img.shields.io/github/languages/top/projectdiscovery/proxify) |
| Army-Knife/PROXY | [zaproxy](https://github.com/zaproxy/zaproxy) | The OWASP ZAP core project | ![](https://img.shields.io/github/stars/zaproxy/zaproxy) | ![](https://img.shields.io/github/languages/top/zaproxy/zaproxy) |
| Army-Knife/SCAN | [nuclei](https://github.com/projectdiscovery/nuclei) | Nuclei is a fast tool for configurable targeted scanning based on templates offering massive extensibility and ease of use. | ![](https://img.shields.io/github/stars/projectdiscovery/nuclei) | ![](https://img.shields.io/github/languages/top/projectdiscovery/nuclei) |
| Discovery/ALL | [OneForAll](https://github.com/shmilylty/OneForAll) | OneForAll是一款功能强大的子域收集工具 | ![](https://img.shields.io/github/stars/shmilylty/OneForAll) | ![](https://img.shields.io/github/languages/top/shmilylty/OneForAll) |
@ -36,6 +43,7 @@ A collection of cool tools used by Web hackers. Happy hacking , Happy bug-huntin
| Discovery/ALL | [lazyrecon](https://github.com/nahamsec/lazyrecon) | This script is intended to automate your reconnaissance process in an organized fashion | ![](https://img.shields.io/github/stars/nahamsec/lazyrecon) | ![](https://img.shields.io/github/languages/top/nahamsec/lazyrecon) |
| Discovery/ALL | [rengine](https://github.com/yogeshojha/rengine) | reNgine is an automated reconnaissance framework meant for gathering information during penetration testing of web applications. reNgine has customizable scan engines, which can be used to scan the websites, endpoints, and gather information. | ![](https://img.shields.io/github/stars/yogeshojha/rengine) | ![](https://img.shields.io/github/languages/top/yogeshojha/rengine) |
| Discovery/ALL | [scilla](https://github.com/edoardottt/scilla) | 🏴‍☠️ Information Gathering tool 🏴‍☠️ dns/subdomain/port enumeration | ![](https://img.shields.io/github/stars/edoardottt/scilla) | ![](https://img.shields.io/github/languages/top/edoardottt/scilla) |
| Discovery/ALL | [sn0int](https://github.com/kpcyrd/sn0int) | Semi-automatic OSINT framework and package manager | ![](https://img.shields.io/github/stars/kpcyrd/sn0int) | ![](https://img.shields.io/github/languages/top/kpcyrd/sn0int) |
| Discovery/APK | [apkleaks](https://github.com/dwisiswant0/apkleaks) | Scanning APK file for URIs, endpoints & secrets. | ![](https://img.shields.io/github/stars/dwisiswant0/apkleaks) | ![](https://img.shields.io/github/languages/top/dwisiswant0/apkleaks) |
| Discovery/CRAWL | [Photon](https://github.com/s0md3v/Photon) | Incredibly fast crawler designed for OSINT. | ![](https://img.shields.io/github/stars/s0md3v/Photon) | ![](https://img.shields.io/github/languages/top/s0md3v/Photon) |
| Discovery/CRAWL | [cc.py](https://github.com/si9int/cc.py) | Extracting URLs of a specific target based on the results of "commoncrawl.org" | ![](https://img.shields.io/github/stars/si9int/cc.py) | ![](https://img.shields.io/github/languages/top/si9int/cc.py) |
@ -46,8 +54,12 @@ A collection of cool tools used by Web hackers. Happy hacking , Happy bug-huntin
| Discovery/DNS | [DNSDumpster](https://dnsdumpster.com) | Online dns recon & research, find & lookup dns records|![](https://img.shields.io/static/v1?label=&message=it%27s%20not%20github&color=gray) | ![](https://img.shields.io/static/v1?label=&message=it%27s%20not%20github&color=gray)|
| Discovery/DNS | [SecurityTrails](https://securitytrails.com) | Online dns / subdomain / recon tool|![](https://img.shields.io/static/v1?label=&message=it%27s%20not%20github&color=gray) | ![](https://img.shields.io/static/v1?label=&message=it%27s%20not%20github&color=gray)|
| Discovery/DNS | [dnsprobe](https://github.com/projectdiscovery/dnsprobe) | DNSProb (beta) is a tool built on top of retryabledns that allows you to perform multiple dns queries of your choice with a list of user supplied resolvers. | ![](https://img.shields.io/github/stars/projectdiscovery/dnsprobe) | ![](https://img.shields.io/github/languages/top/projectdiscovery/dnsprobe) |
| Discovery/DNS | [dnsvalidator](https://github.com/vortexau/dnsvalidator) | Maintains a list of IPv4 DNS servers by verifying them against baseline servers, and ensuring accurate responses. | ![](https://img.shields.io/github/stars/vortexau/dnsvalidator) | ![](https://img.shields.io/github/languages/top/vortexau/dnsvalidator) |
| Discovery/DNS | [dnsx](https://github.com/projectdiscovery/dnsx) | dnsx is a fast and multi-purpose DNS toolkit allow to run multiple DNS queries of your choice with a list of user-supplied resolvers. | ![](https://img.shields.io/github/stars/projectdiscovery/dnsx) | ![](https://img.shields.io/github/languages/top/projectdiscovery/dnsx) |
| Discovery/DNS | [hakrevdns](https://github.com/hakluke/hakrevdns) | Small, fast tool for performing reverse DNS lookups en masse. | ![](https://img.shields.io/github/stars/hakluke/hakrevdns) | ![](https://img.shields.io/github/languages/top/hakluke/hakrevdns) |
| Discovery/DNS | [shuffledns](https://github.com/projectdiscovery/shuffledns) | shuffleDNS is a wrapper around massdns written in go that allows you to enumerate valid subdomains using active bruteforce as well as resolve subdomains with wildcard handling and easy input-output support. | ![](https://img.shields.io/github/stars/projectdiscovery/shuffledns) | ![](https://img.shields.io/github/languages/top/projectdiscovery/shuffledns) |
| Discovery/DNS | [subgen](https://github.com/pry0cc/subgen) | A really simple utility to concate wordlists to a domain name - to pipe into your favourite resolver! | ![](https://img.shields.io/github/stars/pry0cc/subgen) | ![](https://img.shields.io/github/languages/top/pry0cc/subgen) |
| Discovery/DNS | [zdns](https://github.com/zmap/zdns) | Fast CLI DNS Lookup Tool | ![](https://img.shields.io/github/stars/zmap/zdns) | ![](https://img.shields.io/github/languages/top/zmap/zdns) |
| Discovery/DOMAIN | [Amass](https://github.com/OWASP/Amass) | In-depth Attack Surface Mapping and Asset Discovery | ![](https://img.shields.io/github/stars/OWASP/Amass) | ![](https://img.shields.io/github/languages/top/OWASP/Amass) |
| Discovery/DOMAIN | [Chaos Web](https://chaos.projectdiscovery.io) | actively scan and maintain internet-wide assets' data. enhance research and analyse changes around DNS for better insights.|![](https://img.shields.io/static/v1?label=&message=it%27s%20not%20github&color=gray)|![](https://img.shields.io/static/v1?label=&message=it%27s%20not%20github&color=gray)
| Discovery/DOMAIN | [Sublist3r](https://github.com/aboul3la/Sublist3r) | Fast subdomains enumeration tool for penetration testers | ![](https://img.shields.io/github/stars/aboul3la/Sublist3r) | ![](https://img.shields.io/github/languages/top/aboul3la/Sublist3r) |
@ -81,6 +93,7 @@ A collection of cool tools used by Web hackers. Happy hacking , Happy bug-huntin
| Discovery/PORT | [masscan](https://github.com/robertdavidgraham/masscan) | TCP port scanner, spews SYN packets asynchronously, scanning entire Internet in under 5 minutes. | ![](https://img.shields.io/github/stars/robertdavidgraham/masscan) | ![](https://img.shields.io/github/languages/top/robertdavidgraham/masscan) |
| Discovery/PORT | [naabu](https://github.com/projectdiscovery/naabu) | A fast port scanner written in go with focus on reliability and simplicity. Designed to be used in combination with other tools for attack surface discovery in bug bounties and pentests | ![](https://img.shields.io/github/stars/projectdiscovery/naabu) | ![](https://img.shields.io/github/languages/top/projectdiscovery/naabu) |
| Discovery/PORT | [nmap](https://github.com/nmap/nmap) | Nmap - the Network Mapper. Github mirror of official SVN repository. | ![](https://img.shields.io/github/stars/nmap/nmap) | ![](https://img.shields.io/github/languages/top/nmap/nmap) |
| Discovery/TKOV | [SubOver](https://github.com/Ice3man543/SubOver) | A Powerful Subdomain Takeover Tool | ![](https://img.shields.io/github/stars/Ice3man543/SubOver) | ![](https://img.shields.io/github/languages/top/Ice3man543/SubOver) |
| Discovery/TKOV | [can-i-take-over-xyz](https://github.com/EdOverflow/can-i-take-over-xyz) | "Can I take over XYZ?" — a list of services and how to claim (sub)domains with dangling DNS records. | ![](https://img.shields.io/github/stars/EdOverflow/can-i-take-over-xyz) | ![](https://img.shields.io/github/languages/top/EdOverflow/can-i-take-over-xyz) |
| Discovery/TKOV | [subjack](https://github.com/haccer/subjack) | Subdomain Takeover tool written in Go | ![](https://img.shields.io/github/stars/haccer/subjack) | ![](https://img.shields.io/github/languages/top/haccer/subjack) |
| Discovery/URL | [waybackurls](https://github.com/tomnomnom/waybackurls) | Fetch all the URLs that the Wayback Machine knows about for a domain | ![](https://img.shields.io/github/stars/tomnomnom/waybackurls) | ![](https://img.shields.io/github/languages/top/tomnomnom/waybackurls) |
@ -90,6 +103,7 @@ A collection of cool tools used by Web hackers. Happy hacking , Happy bug-huntin
| Fetch/HTTP | [httpx](https://github.com/projectdiscovery/httpx) | httpx is a fast and multi-purpose HTTP toolkit allow to run multiple probers using retryablehttp library, it is designed to maintain the result reliability with increased threads. | ![](https://img.shields.io/github/stars/projectdiscovery/httpx) | ![](https://img.shields.io/github/languages/top/projectdiscovery/httpx) |
| Fetch/HTTP | [meg](https://github.com/tomnomnom/meg) | Fetch many paths for many hosts - without killing the hosts | ![](https://img.shields.io/github/stars/tomnomnom/meg) | ![](https://img.shields.io/github/languages/top/tomnomnom/meg) |
| Fetch/HTTP | [wuzz](https://github.com/asciimoo/wuzz) | Interactive cli tool for HTTP inspection | ![](https://img.shields.io/github/stars/asciimoo/wuzz) | ![](https://img.shields.io/github/languages/top/asciimoo/wuzz) |
| Fetch/JS | [getJS](https://github.com/003random/getJS) | A tool to fastly get all javascript sources/files | ![](https://img.shields.io/github/stars/003random/getJS) | ![](https://img.shields.io/github/languages/top/003random/getJS) |
| Fetch/WSOCK | [websocket-connection-smuggler](https://github.com/hahwul/websocket-connection-smuggler) | websocket-connection-smuggler | ![](https://img.shields.io/github/stars/hahwul/websocket-connection-smuggler) | ![](https://img.shields.io/github/languages/top/hahwul/websocket-connection-smuggler) |
| Scanner/CORS | [CorsMe](https://github.com/Shivangx01b/CorsMe) | Cross Origin Resource Sharing MisConfiguration Scanner | ![](https://img.shields.io/github/stars/Shivangx01b/CorsMe) | ![](https://img.shields.io/github/languages/top/Shivangx01b/CorsMe) |
| Scanner/CORS | [Corsy](https://github.com/s0md3v/Corsy) | CORS Misconfiguration Scanner | ![](https://img.shields.io/github/stars/s0md3v/Corsy) | ![](https://img.shields.io/github/languages/top/s0md3v/Corsy) |
@ -112,6 +126,7 @@ A collection of cool tools used by Web hackers. Happy hacking , Happy bug-huntin
| Scanner/SMUGGLE | [h2csmuggler](https://github.com/BishopFox/h2csmuggler) | HTTP Request Smuggling over HTTP/2 Cleartext (h2c) | ![](https://img.shields.io/github/stars/BishopFox/h2csmuggler) | ![](https://img.shields.io/github/languages/top/BishopFox/h2csmuggler) |
| Scanner/SMUGGLE | [smuggler](https://github.com/defparam/smuggler) | Smuggler - An HTTP Request Smuggling / Desync testing tool written in Python 3 | ![](https://img.shields.io/github/stars/defparam/smuggler) | ![](https://img.shields.io/github/languages/top/defparam/smuggler) |
| Scanner/SQL | [SQLNinja](https://gitlab.com/kalilinux/packages/sqlninja) | SQL Injection scanner|![](https://img.shields.io/static/v1?label=&message=it%27s%20not%20github&color=gray) | ![](https://img.shields.io/static/v1?label=&message=it%27s%20not%20github&color=gray)|
| Scanner/SQL | [sqliv](https://github.com/the-robot/sqliv) | massive SQL injection vulnerability scanner | ![](https://img.shields.io/github/stars/the-robot/sqliv) | ![](https://img.shields.io/github/languages/top/the-robot/sqliv) |
| Scanner/SQL | [sqlmap](https://github.com/sqlmapproject/sqlmap) | Automatic SQL injection and database takeover tool | ![](https://img.shields.io/github/stars/sqlmapproject/sqlmap) | ![](https://img.shields.io/github/languages/top/sqlmapproject/sqlmap) |
| Scanner/SSL | [a2sv](https://github.com/hahwul/a2sv) | Auto Scanning to SSL Vulnerability | ![](https://img.shields.io/github/stars/hahwul/a2sv) | ![](https://img.shields.io/github/languages/top/hahwul/a2sv) |
| Scanner/SSL | [testssl.sh](https://github.com/drwetter/testssl.sh) | Testing TLS/SSL encryption anywhere on any port | ![](https://img.shields.io/github/stars/drwetter/testssl.sh) | ![](https://img.shields.io/github/languages/top/drwetter/testssl.sh) |
@ -146,6 +161,8 @@ A collection of cool tools used by Web hackers. Happy hacking , Happy bug-huntin
| Utility/FIND | [fzf](https://github.com/junegunn/fzf) | A command-line fuzzy finder | ![](https://img.shields.io/github/stars/junegunn/fzf) | ![](https://img.shields.io/github/languages/top/junegunn/fzf) |
| Utility/FLOW | [SequenceDiagram](https://sequencediagram.org) | Online tool for creating UML sequence diagrams|![](https://img.shields.io/static/v1?label=&message=it%27s%20not%20github&color=gray) | ![](https://img.shields.io/static/v1?label=&message=it%27s%20not%20github&color=gray)|
| Utility/GREP | [gf](https://github.com/tomnomnom/gf) | A wrapper around grep, to help you grep for things | ![](https://img.shields.io/github/stars/tomnomnom/gf) | ![](https://img.shields.io/github/languages/top/tomnomnom/gf) |
| Utility/HTTP | [curl](https://github.com/curl/curl) | A command line tool and library for transferring data with URL syntax, supporting HTTP, HTTPS, FTP, FTPS, GOPHER, TFTP, SCP, SFTP, SMB, TELNET, DICT, LDAP, LDAPS, MQTT, FILE, IMAP, SMTP, POP3, RTSP and RTMP. libcurl offers a myriad of powerful features | ![](https://img.shields.io/github/stars/curl/curl) | ![](https://img.shields.io/github/languages/top/curl/curl) |
| Utility/HTTP | [httpie](https://github.com/httpie/httpie) | As easy as /aitch-tee-tee-pie/ 🥧 Modern, user-friendly command-line HTTP client for the API era. JSON support, colors, sessions, downloads, plugins & more. https://twitter.com/httpie | ![](https://img.shields.io/github/stars/httpie/httpie) | ![](https://img.shields.io/github/languages/top/httpie/httpie) |
| Utility/JSON | [gron](https://github.com/tomnomnom/gron) | Make JSON greppable! | ![](https://img.shields.io/github/stars/tomnomnom/gron) | ![](https://img.shields.io/github/languages/top/tomnomnom/gron) |
| Utility/JWT | [c-jwt-cracker](https://github.com/brendan-rius/c-jwt-cracker) | JWT brute force cracker written in C | ![](https://img.shields.io/github/stars/brendan-rius/c-jwt-cracker) | ![](https://img.shields.io/github/languages/top/brendan-rius/c-jwt-cracker) |
| Utility/JWT | [jwt-cracker](https://github.com/lmammino/jwt-cracker) | Simple HS256 JWT token brute force cracker | ![](https://img.shields.io/github/stars/lmammino/jwt-cracker) | ![](https://img.shields.io/github/languages/top/lmammino/jwt-cracker) |
@ -157,6 +174,7 @@ A collection of cool tools used by Web hackers. Happy hacking , Happy bug-huntin
| Utility/PAYLOAD | [PayloadsAllTheThings](https://github.com/swisskyrepo/PayloadsAllTheThings) | A list of useful payloads and bypass for Web Application Security and Pentest/CTF | ![](https://img.shields.io/github/stars/swisskyrepo/PayloadsAllTheThings) | ![](https://img.shields.io/github/languages/top/swisskyrepo/PayloadsAllTheThings) |
| Utility/PAYLOAD | [hinject](https://github.com/dwisiswant0/hinject) | Host Header Injection Checker | ![](https://img.shields.io/github/stars/dwisiswant0/hinject) | ![](https://img.shields.io/github/languages/top/dwisiswant0/hinject) |
| Utility/PAYLOAD | [oxml_xxe](https://github.com/BuffaloWill/oxml_xxe) | A tool for embedding XXE/XML exploits into different filetypes | ![](https://img.shields.io/github/stars/BuffaloWill/oxml_xxe) | ![](https://img.shields.io/github/languages/top/BuffaloWill/oxml_xxe) |
| Utility/PAYLOAD | [weaponised-XSS-payloads](https://github.com/hakluke/weaponised-XSS-payloads) | XSS payloads designed to turn alert(1) into P1 | ![](https://img.shields.io/github/stars/hakluke/weaponised-XSS-payloads) | ![](https://img.shields.io/github/languages/top/hakluke/weaponised-XSS-payloads) |
| Utility/PAYLOAD | [xss-cheatsheet-data](https://github.com/PortSwigger/xss-cheatsheet-data) | This repository contains all the XSS cheatsheet data to allow contributions from the community. | ![](https://img.shields.io/github/stars/PortSwigger/xss-cheatsheet-data) | ![](https://img.shields.io/github/languages/top/PortSwigger/xss-cheatsheet-data) |
| Utility/PAYLOAD | [ysoserial](https://github.com/frohoff/ysoserial) | A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization. | ![](https://img.shields.io/github/stars/frohoff/ysoserial) | ![](https://img.shields.io/github/languages/top/frohoff/ysoserial) |
| Utility/PAYLOAD | [ysoserial.net](https://github.com/pwntester/ysoserial.net) | Deserialization payload generator for a variety of .NET formatters | ![](https://img.shields.io/github/stars/pwntester/ysoserial.net) | ![](https://img.shields.io/github/languages/top/pwntester/ysoserial.net) |
@ -182,3 +200,6 @@ A collection of cool tools used by Web hackers. Happy hacking , Happy bug-huntin
## Thanks to (Contributor)
I would like to thank everyone who helped with this project 👍😎 <br>
[six2dez](https://github.com/six2dez) , [si9int](https://github.com/si9int) , [dwisiswant0](https://twitter.com/dwisiswant0) , [riza](https://github.com/riza) , [jcran](https://github.com/jcran) , [rykkard](https://github.com/rykkard)
## Contributors
![](/CONTRIBUTORS.svg)

21
SECURITY.md Normal file
View File

@ -0,0 +1,21 @@
# Security Policy
## Supported Versions
Use this section to tell people about which versions of your project are
currently being supported with security updates.
| Version | Supported |
| ------- | ------------------ |
| 5.1.x | :white_check_mark: |
| 5.0.x | :x: |
| 4.0.x | :white_check_mark: |
| < 4.0 | :x: |
## Reporting a Vulnerability
Use this section to tell people how to report a vulnerability.
Tell them where to go, how often they can expect to get an update on a
reported vulnerability, what to expect if the vulnerability is accepted or
declined, etc.

196
data.json
View File

@ -751,6 +751,22 @@
"Windows": "cd Striker; git pull -v ; pip3 install -r requirements.txt"
}
},
"SubOver": {
"Data": "| Discovery/TKOV | [SubOver](https://github.com/Ice3man543/SubOver) | A Powerful Subdomain Takeover Tool | ![](https://img.shields.io/github/stars/Ice3man543/SubOver) | ![](https://img.shields.io/github/languages/top/Ice3man543/SubOver) |",
"Description": "A Powerful Subdomain Takeover Tool",
"Install": {
"Linux": "",
"MacOS": "",
"Windows": ""
},
"Method": "TKOV",
"Type": "Discovery",
"Update": {
"Linux": "",
"MacOS": "",
"Windows": ""
}
},
"Sublist3r": {
"Data": "| Discovery/DOMAIN | [Sublist3r](https://github.com/aboul3la/Sublist3r) | Fast subdomains enumeration tool for penetration testers | ![](https://img.shields.io/github/stars/aboul3la/Sublist3r) | ![](https://img.shields.io/github/languages/top/aboul3la/Sublist3r) |",
"Description": "Fast subdomains enumeration tool for penetration testers ",
@ -1087,6 +1103,22 @@
"Windows": "go get -v github.com/dwisiswant0/crlfuzz/cmd/crlfuzz"
}
},
"curl": {
"Data": "| Utility/HTTP | [curl](https://github.com/curl/curl) | A command line tool and library for transferring data with URL syntax, supporting HTTP, HTTPS, FTP, FTPS, GOPHER, TFTP, SCP, SFTP, SMB, TELNET, DICT, LDAP, LDAPS, MQTT, FILE, IMAP, SMTP, POP3, RTSP and RTMP. libcurl offers a myriad of powerful features | ![](https://img.shields.io/github/stars/curl/curl) | ![](https://img.shields.io/github/languages/top/curl/curl) |",
"Description": "A command line tool and library for transferring data with URL syntax, supporting HTTP, HTTPS, FTP, FTPS, GOPHER, TFTP, SCP, SFTP, SMB, TELNET, DICT, LDAP, LDAPS, MQTT, FILE, IMAP, SMTP, POP3, RTSP and RTMP. libcurl offers a myriad of powerful features",
"Install": {
"Linux": "",
"MacOS": "",
"Windows": ""
},
"Method": "HTTP",
"Type": "Utility",
"Update": {
"Linux": "",
"MacOS": "",
"Windows": ""
}
},
"dalfox": {
"Data": "| Scanner/XSS | [dalfox](https://github.com/hahwul/dalfox) | 🌘🦊 DalFox(Finder Of XSS) / Parameter Analysis and XSS Scanning tool based on golang | ![](https://img.shields.io/github/stars/hahwul/dalfox) | ![](https://img.shields.io/github/languages/top/hahwul/dalfox) |",
"Description": "🌘🦊 DalFox(Finder Of XSS) / Parameter Analysis and XSS Scanning tool based on golang ",
@ -1151,6 +1183,38 @@
"Windows": "go get -u -v github.com/projectdiscovery/dnsprobe"
}
},
"dnsvalidator": {
"Data": "| Discovery/DNS | [dnsvalidator](https://github.com/vortexau/dnsvalidator) | Maintains a list of IPv4 DNS servers by verifying them against baseline servers, and ensuring accurate responses. | ![](https://img.shields.io/github/stars/vortexau/dnsvalidator) | ![](https://img.shields.io/github/languages/top/vortexau/dnsvalidator) |",
"Description": "Maintains a list of IPv4 DNS servers by verifying them against baseline servers, and ensuring accurate responses.",
"Install": {
"Linux": "",
"MacOS": "",
"Windows": ""
},
"Method": "DNS",
"Type": "Discovery",
"Update": {
"Linux": "",
"MacOS": "",
"Windows": ""
}
},
"dnsx": {
"Data": "| Discovery/DNS | [dnsx](https://github.com/projectdiscovery/dnsx) | dnsx is a fast and multi-purpose DNS toolkit allow to run multiple DNS queries of your choice with a list of user-supplied resolvers. | ![](https://img.shields.io/github/stars/projectdiscovery/dnsx) | ![](https://img.shields.io/github/languages/top/projectdiscovery/dnsx) |",
"Description": "dnsx is a fast and multi-purpose DNS toolkit allow to run multiple DNS queries of your choice with a list of user-supplied resolvers.",
"Install": {
"Linux": "",
"MacOS": "",
"Windows": ""
},
"Method": "DNS",
"Type": "Discovery",
"Update": {
"Linux": "",
"MacOS": "",
"Windows": ""
}
},
"domdig": {
"Data": "| Scanner/XSS | [domdig](https://github.com/fcavallarin/domdig) | DOM XSS scanner for Single Page Applications | ![](https://img.shields.io/github/stars/fcavallarin/domdig) | ![](https://img.shields.io/github/languages/top/fcavallarin/domdig) |",
"Description": "DOM XSS scanner for Single Page Applications ",
@ -1295,6 +1359,22 @@
"Windows": "go get -u -v github.com/lc/gau"
}
},
"getJS": {
"Data": "| Fetch/JS | [getJS](https://github.com/003random/getJS) | A tool to fastly get all javascript sources/files | ![](https://img.shields.io/github/stars/003random/getJS) | ![](https://img.shields.io/github/languages/top/003random/getJS) |",
"Description": "A tool to fastly get all javascript sources/files",
"Install": {
"Linux": "",
"MacOS": "",
"Windows": ""
},
"Method": "JS",
"Type": "Fetch",
"Update": {
"Linux": "",
"MacOS": "",
"Windows": ""
}
},
"gf": {
"Data": "| Utility/GREP | [gf](https://github.com/tomnomnom/gf) | A wrapper around grep, to help you grep for things | ![](https://img.shields.io/github/stars/tomnomnom/gf) | ![](https://img.shields.io/github/languages/top/tomnomnom/gf) |",
"Description": "A wrapper around grep, to help you grep for things ",
@ -1599,6 +1679,22 @@
"Windows": "go get github.com/htcat/htcat/cmd/htcat"
}
},
"httpie": {
"Data": "| Utility/HTTP | [httpie](https://github.com/httpie/httpie) | As easy as /aitch-tee-tee-pie/ 🥧 Modern, user-friendly command-line HTTP client for the API era. JSON support, colors, sessions, downloads, plugins \u0026 more. https://twitter.com/httpie | ![](https://img.shields.io/github/stars/httpie/httpie) | ![](https://img.shields.io/github/languages/top/httpie/httpie) |",
"Description": "As easy as /aitch-tee-tee-pie/ 🥧 Modern, user-friendly command-line HTTP client for the API era. JSON support, colors, sessions, downloads, plugins \u0026 more. https://twitter.com/httpie",
"Install": {
"Linux": "",
"MacOS": "",
"Windows": ""
},
"Method": "HTTP",
"Type": "Utility",
"Update": {
"Linux": "",
"MacOS": "",
"Windows": ""
}
},
"httprobe": {
"Data": "| Fetch/HTTP | [httprobe](https://github.com/tomnomnom/httprobe) | Take a list of domains and probe for working HTTP and HTTPS servers | ![](https://img.shields.io/github/stars/tomnomnom/httprobe) | ![](https://img.shields.io/github/languages/top/tomnomnom/httprobe) |",
"Description": "Take a list of domains and probe for working HTTP and HTTPS servers ",
@ -1951,6 +2047,22 @@
"Windows": "cd postMessage-tracker ; git pull -v"
}
},
"proxify": {
"Type": "Army-Knife",
"Data": "| Army-Knife/PROXY | [proxify](https://github.com/projectdiscovery/proxify) | Swiss Army knife Proxy tool for HTTP/HTTPS traffic capture, manipulation and replay | ![](https://img.shields.io/github/stars/projectdiscovery/proxify) | ![](https://img.shields.io/github/languages/top/projectdiscovery/proxify) |",
"Method": "PROXY",
"Description": "Swiss Army knife Proxy tool for HTTP/HTTPS traffic capture, manipulation and replay",
"Install": {
"Linux": "",
"MacOS": "",
"Windows": ""
},
"Update": {
"Linux": "",
"MacOS": "",
"Windows": ""
}
},
"pwncat": {
"Data": "| Utility/PENTEST | [pwncat](https://github.com/cytopia/pwncat) | pwncat - netcat on steroids with Firewall, IDS/IPS evasion, bind and reverse shell, self-injecting shell and port forwarding magic - and its fully scriptable with Python (PSE) | ![](https://img.shields.io/github/stars/cytopia/pwncat) | ![](https://img.shields.io/github/languages/top/cytopia/pwncat) |",
"Description": "pwncat - netcat on steroids with Firewall, IDS/IPS evasion, bind and reverse shell, self-injecting shell and port forwarding magic - and its fully scriptable with Python (PSE) ",
@ -2048,15 +2160,15 @@
}
},
"scilla": {
"Type": "Discovery",
"Data": "| Discovery/ALL | [scilla](https://github.com/edoardottt/scilla) | 🏴‍☠️ Information Gathering tool 🏴‍☠️ dns/subdomain/port enumeration | ![](https://img.shields.io/github/stars/edoardottt/scilla) | ![](https://img.shields.io/github/languages/top/edoardottt/scilla) |",
"Method": "ALL",
"Description": "🏴‍☠️ Information Gathering tool 🏴‍☠️ dns/subdomain/port enumeration",
"Install": {
"Linux": "go get-u github.com/edoardottt/scilla",
"MacOS": "go get-u github.com/edoardottt/scilla",
"Windows": "go get-u github.com/edoardottt/scilla"
},
"Method": "ALL",
"Type": "Discovery",
"Update": {
"Linux": "go get-u github.com/edoardottt/scilla",
"MacOS": "go get-u github.com/edoardottt/scilla",
@ -2095,6 +2207,38 @@
"Windows": "cd smuggler ; git pull -v"
}
},
"sn0int": {
"Data": "| Discovery/ALL | [sn0int](https://github.com/kpcyrd/sn0int) | Semi-automatic OSINT framework and package manager | ![](https://img.shields.io/github/stars/kpcyrd/sn0int) | ![](https://img.shields.io/github/languages/top/kpcyrd/sn0int) |",
"Description": "Semi-automatic OSINT framework and package manager",
"Install": {
"Linux": "",
"MacOS": "",
"Windows": ""
},
"Method": "ALL",
"Type": "Discovery",
"Update": {
"Linux": "",
"MacOS": "",
"Windows": ""
}
},
"sqliv": {
"Data": "| Scanner/SQL | [sqliv](https://github.com/the-robot/sqliv) | massive SQL injection vulnerability scanner | ![](https://img.shields.io/github/stars/the-robot/sqliv) | ![](https://img.shields.io/github/languages/top/the-robot/sqliv) |",
"Description": "massive SQL injection vulnerability scanner",
"Install": {
"Linux": "",
"MacOS": "",
"Windows": ""
},
"Method": "SQL",
"Type": "Scanner",
"Update": {
"Linux": "",
"MacOS": "",
"Windows": ""
}
},
"sqlmap": {
"Data": "| Scanner/SQL | [sqlmap](https://github.com/sqlmapproject/sqlmap) | Automatic SQL injection and database takeover tool | ![](https://img.shields.io/github/stars/sqlmapproject/sqlmap) | ![](https://img.shields.io/github/languages/top/sqlmapproject/sqlmap) |",
"Description": "Automatic SQL injection and database takeover tool ",
@ -2143,6 +2287,22 @@
"Windows": "go get -u -v github.com/projectdiscovery/subfinder/v2/cmd/subfinder"
}
},
"subgen": {
"Data": "| Discovery/DNS | [subgen](https://github.com/pry0cc/subgen) | A really simple utility to concate wordlists to a domain name - to pipe into your favourite resolver! | ![](https://img.shields.io/github/stars/pry0cc/subgen) | ![](https://img.shields.io/github/languages/top/pry0cc/subgen) |",
"Description": "A really simple utility to concate wordlists to a domain name - to pipe into your favourite resolver!",
"Install": {
"Linux": "",
"MacOS": "",
"Windows": ""
},
"Method": "DNS",
"Type": "Discovery",
"Update": {
"Linux": "",
"MacOS": "",
"Windows": ""
}
},
"subjack": {
"Data": "| Discovery/TKOV | [subjack](https://github.com/haccer/subjack) | Subdomain Takeover tool written in Go | ![](https://img.shields.io/github/stars/haccer/subjack) | ![](https://img.shields.io/github/languages/top/haccer/subjack) |",
"Description": "Subdomain Takeover tool written in Go ",
@ -2287,6 +2447,22 @@
"Windows": "go get github.com/tomnomnom/waybackurls"
}
},
"weaponised-XSS-payloads": {
"Data": "| Utility/PAYLOAD | [weaponised-XSS-payloads](https://github.com/hakluke/weaponised-XSS-payloads) | XSS payloads designed to turn alert(1) into P1 | ![](https://img.shields.io/github/stars/hakluke/weaponised-XSS-payloads) | ![](https://img.shields.io/github/languages/top/hakluke/weaponised-XSS-payloads) |",
"Description": "XSS payloads designed to turn alert(1) into P1",
"Install": {
"Linux": "",
"MacOS": "",
"Windows": ""
},
"Method": "PAYLOAD",
"Type": "Utility",
"Update": {
"Linux": "",
"MacOS": "",
"Windows": ""
}
},
"websocket-connection-smuggler": {
"Data": "| Fetch/WSOCK | [websocket-connection-smuggler](https://github.com/hahwul/websocket-connection-smuggler) | websocket-connection-smuggler | ![](https://img.shields.io/github/stars/hahwul/websocket-connection-smuggler) | ![](https://img.shields.io/github/languages/top/hahwul/websocket-connection-smuggler) |",
"Description": "websocket-connection-smuggler ",
@ -2446,5 +2622,21 @@
"MacOS": "",
"Windows": ""
}
},
"zdns": {
"Data": "| Discovery/DNS | [zdns](https://github.com/zmap/zdns) | Fast CLI DNS Lookup Tool | ![](https://img.shields.io/github/stars/zmap/zdns) | ![](https://img.shields.io/github/languages/top/zmap/zdns) |",
"Description": "Fast CLI DNS Lookup Tool",
"Install": {
"Linux": "",
"MacOS": "",
"Windows": ""
},
"Method": "DNS",
"Type": "Discovery",
"Update": {
"Linux": "",
"MacOS": "",
"Windows": ""
}
}
}

5
renovate.json Normal file
View File

@ -0,0 +1,5 @@
{
"extends": [
"config:base"
]
}

View File

@ -2,3 +2,6 @@
## Thanks to (Contributor)
I would like to thank everyone who helped with this project 👍😎 <br>
[six2dez](https://github.com/six2dez) , [si9int](https://github.com/si9int) , [dwisiswant0](https://twitter.com/dwisiswant0) , [riza](https://github.com/riza) , [jcran](https://github.com/jcran) , [rykkard](https://github.com/rykkard)
## Contributors
![](/CONTRIBUTORS.svg)

View File

@ -4,7 +4,13 @@
<br>
Web Hacker's Weapons
<br>
<a href="https://twitter.com/intent/follow?screen_name=hahwul"><img src="https://img.shields.io/twitter/follow/hahwul?style=flat-square"></a> <img src="https://img.shields.io/github/languages/top/hahwul/WebHackersWeapons?style=flat-square"> <img src="https://img.shields.io/github/last-commit/hahwul/WebHackersWeapons?style=flat-square">
<img src="https://img.shields.io/github/languages/top/hahwul/WebHackersWeapons?style=flat">
<img src="https://img.shields.io/github/last-commit/hahwul/WebHackersWeapons?style=flat">
<img src="https://img.shields.io/badge/PRs-welcome-cyan">
<img src="https://github.com/hahwul/WebHackersWeapons/workflows/Build/badge.svg">
<img src="https://github.com/hahwul/WebHackersWeapons/workflows/CodeQL/badge.svg">
<a href="https://twitter.com/intent/follow?screen_name=hahwul"><img src="https://img.shields.io/twitter/follow/hahwul?style=flat&logo=twitter"></a>
<a href="https://github.com/hahwul"><img src="https://img.shields.io/github/stars/hahwul?style=flat&logo=github"></a>
</h1>
A collection of cool tools used by Web hackers. Happy hacking , Happy bug-hunting