|
|
|
@ -28,7 +28,7 @@ A collection of awesome tools used by Web hackers. Happy hacking , Happy bug-hun
|
|
|
|
|
| | Attributes |
|
|
|
|
|
|-------|---------------------------------------------------|
|
|
|
|
|
| Types | `Army-Knife` `Proxy` `Recon` `Fuzzer` `Scanner` `Exploit` `Env` `Utils` `Etc`|
|
|
|
|
|
| Tags | [`mitmproxy`](/categorize/tags/mitmproxy.md) [`live-audit`](/categorize/tags/live-audit.md) [`crawl`](/categorize/tags/crawl.md) [`infra`](/categorize/tags/infra.md) [`pentest`](/categorize/tags/pentest.md) [`js-analysis`](/categorize/tags/js-analysis.md) [`param`](/categorize/tags/param.md) [`subdomains`](/categorize/tags/subdomains.md) [`endpoint`](/categorize/tags/endpoint.md) [`url`](/categorize/tags/url.md) [`takeover`](/categorize/tags/takeover.md) [`dns`](/categorize/tags/dns.md) [`osint`](/categorize/tags/osint.md) [`online`](/categorize/tags/online.md) [`domain`](/categorize/tags/domain.md) [`graphql`](/categorize/tags/graphql.md) [`portscan`](/categorize/tags/portscan.md) [`port`](/categorize/tags/port.md) [`apk`](/categorize/tags/apk.md) [`cache-vuln`](/categorize/tags/cache-vuln.md) [`crlf`](/categorize/tags/crlf.md) [`jwt`](/categorize/tags/jwt.md) [`ssrf`](/categorize/tags/ssrf.md) [`path-traversal`](/categorize/tags/path-traversal.md) [`s3`](/categorize/tags/s3.md) [`sqli`](/categorize/tags/sqli.md) [`403`](/categorize/tags/403.md) [`xss`](/categorize/tags/xss.md) [`ssl`](/categorize/tags/ssl.md) [`cors`](/categorize/tags/cors.md) [`broken-link`](/categorize/tags/broken-link.md) [`csp`](/categorize/tags/csp.md) [`smuggle`](/categorize/tags/smuggle.md) [`oast`](/categorize/tags/oast.md) [`aaa`](/categorize/tags/aaa.md) [`dependency-confusion`](/categorize/tags/dependency-confusion.md) [`exploit`](/categorize/tags/exploit.md) [`xxe`](/categorize/tags/xxe.md) [`RMI`](/categorize/tags/RMI.md) [`lfi`](/categorize/tags/lfi.md) [`rop`](/categorize/tags/rop.md) [`cookie`](/categorize/tags/cookie.md) [`nuclei-templates`](/categorize/tags/nuclei-templates.md) [`blind-xss`](/categorize/tags/blind-xss.md) [`fuzz`](/categorize/tags/fuzz.md) [`http`](/categorize/tags/http.md) [`wordlist`](/categorize/tags/wordlist.md) [`documents`](/categorize/tags/documents.md) [`deserialize`](/categorize/tags/deserialize.md) [`zipbomb`](/categorize/tags/zipbomb.md) [`darkmode`](/categorize/tags/darkmode.md) [`notify`](/categorize/tags/notify.md) [`json`](/categorize/tags/json.md) [`payload`](/categorize/tags/payload.md) [`diff`](/categorize/tags/diff.md) [`encode`](/categorize/tags/encode.md) [`web3`](/categorize/tags/web3.md) [`clipboard`](/categorize/tags/clipboard.md) [`report`](/categorize/tags/report.md) |
|
|
|
|
|
| Tags | [`mitmproxy`](/categorize/tags/mitmproxy.md) [`live-audit`](/categorize/tags/live-audit.md) [`crawl`](/categorize/tags/crawl.md) [`infra`](/categorize/tags/infra.md) [`pentest`](/categorize/tags/pentest.md) [`js-analysis`](/categorize/tags/js-analysis.md) [`param`](/categorize/tags/param.md) [`subdomains`](/categorize/tags/subdomains.md) [`endpoint`](/categorize/tags/endpoint.md) [`url`](/categorize/tags/url.md) [`takeover`](/categorize/tags/takeover.md) [`dns`](/categorize/tags/dns.md) [`osint`](/categorize/tags/osint.md) [`online`](/categorize/tags/online.md) [`domain`](/categorize/tags/domain.md) [`graphql`](/categorize/tags/graphql.md) [`portscan`](/categorize/tags/portscan.md) [`port`](/categorize/tags/port.md) [`apk`](/categorize/tags/apk.md) [`cache-vuln`](/categorize/tags/cache-vuln.md) [`ssti`](/categorize/tags/ssti.md) [`crlf`](/categorize/tags/crlf.md) [`jwt`](/categorize/tags/jwt.md) [`ssrf`](/categorize/tags/ssrf.md) [`path-traversal`](/categorize/tags/path-traversal.md) [`s3`](/categorize/tags/s3.md) [`sqli`](/categorize/tags/sqli.md) [`403`](/categorize/tags/403.md) [`xss`](/categorize/tags/xss.md) [`ssl`](/categorize/tags/ssl.md) [`cors`](/categorize/tags/cors.md) [`broken-link`](/categorize/tags/broken-link.md) [`csp`](/categorize/tags/csp.md) [`smuggle`](/categorize/tags/smuggle.md) [`oast`](/categorize/tags/oast.md) [`aaa`](/categorize/tags/aaa.md) [`dependency-confusion`](/categorize/tags/dependency-confusion.md) [`exploit`](/categorize/tags/exploit.md) [`xxe`](/categorize/tags/xxe.md) [`RMI`](/categorize/tags/RMI.md) [`lfi`](/categorize/tags/lfi.md) [`rop`](/categorize/tags/rop.md) [`cookie`](/categorize/tags/cookie.md) [`nuclei-templates`](/categorize/tags/nuclei-templates.md) [`blind-xss`](/categorize/tags/blind-xss.md) [`fuzz`](/categorize/tags/fuzz.md) [`http`](/categorize/tags/http.md) [`wordlist`](/categorize/tags/wordlist.md) [`documents`](/categorize/tags/documents.md) [`deserialize`](/categorize/tags/deserialize.md) [`zipbomb`](/categorize/tags/zipbomb.md) [`darkmode`](/categorize/tags/darkmode.md) [`notify`](/categorize/tags/notify.md) [`json`](/categorize/tags/json.md) [`payload`](/categorize/tags/payload.md) [`diff`](/categorize/tags/diff.md) [`encode`](/categorize/tags/encode.md) [`web3`](/categorize/tags/web3.md) [`clipboard`](/categorize/tags/clipboard.md) [`report`](/categorize/tags/report.md) |
|
|
|
|
|
| Langs | [`Java`](/categorize/langs/Java.md) [`Go`](/categorize/langs/Go.md) [`Shell`](/categorize/langs/Shell.md) [`Ruby`](/categorize/langs/Ruby.md) [`Python`](/categorize/langs/Python.md) [`Rust`](/categorize/langs/Rust.md) [`JavaScript`](/categorize/langs/JavaScript.md) [`Crystal`](/categorize/langs/Crystal.md) [`C`](/categorize/langs/C.md) [`Kotlin`](/categorize/langs/Kotlin.md) [`Perl`](/categorize/langs/Perl.md) [`TypeScript`](/categorize/langs/TypeScript.md) [`BlitzBasic`](/categorize/langs/BlitzBasic.md) [`Txt`](/categorize/langs/Txt.md) [`C#`](/categorize/langs/C%23.md) [`CSS`](/categorize/langs/CSS.md) [`PHP`](/categorize/langs/PHP.md) [`HTML`](/categorize/langs/HTML.md) [`C++`](/categorize/langs/C++.md) |
|
|
|
|
|
|
|
|
|
|
### Tools
|
|
|
|
@ -147,6 +147,7 @@ A collection of awesome tools used by Web hackers. Happy hacking , Happy bug-hun
|
|
|
|
|
|Recon|[gobuster](https://github.com/OJ/gobuster)|Directory/File, DNS and VHost busting tool written in Go |![](https://img.shields.io/github/stars/OJ/gobuster?label=%20)|[`subdomains`](/categorize/tags/subdomains.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|
|
|
|
|
|Fuzzer|[BruteX](https://github.com/1N3/BruteX)|Automatically brute force all services running on a target.|![](https://img.shields.io/github/stars/1N3/BruteX?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Shell](/images/shell.png)](/categorize/langs/Shell.md)|
|
|
|
|
|
|Fuzzer|[wfuzz](https://github.com/xmendez/wfuzz)|Web application fuzzer |![](https://img.shields.io/github/stars/xmendez/wfuzz?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|
|
|
|
|
|Fuzzer|[SSTImap](https://github.com/vladko312/SSTImap)|Automatic SSTI detection tool with interactive interface|![](https://img.shields.io/github/stars/vladko312/SSTImap?label=%20)|[`ssti`](/categorize/tags/ssti.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|
|
|
|
|
|Fuzzer|[hashcat](https://github.com/hashcat/hashcat/)|World's fastest and most advanced password recovery utility |![](https://img.shields.io/github/stars/hashcat/hashcat/?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![C](/images/c.png)](/categorize/langs/C.md)|
|
|
|
|
|
|Fuzzer|[fuzzparam](https://github.com/0xsapra/fuzzparam)|A fast go based param miner to fuzz possible parameters a URL can have.|![](https://img.shields.io/github/stars/0xsapra/fuzzparam?label=%20)|[`param`](/categorize/tags/param.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|
|
|
|
|
|Fuzzer|[ParamPamPam](https://github.com/Bo0oM/ParamPamPam)|This tool for brute discover GET and POST parameters.|![](https://img.shields.io/github/stars/Bo0oM/ParamPamPam?label=%20)|[`param`](/categorize/tags/param.md) [`cache-vuln`](/categorize/tags/cache-vuln.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|
|
|
|
@ -405,6 +406,7 @@ A collection of awesome tools used by Web hackers. Happy hacking , Happy bug-hun
|
|
|
|
|
|Utils|[Decoder-Improved](https://github.com/nccgroup/Decoder-Improved)|Improved decoder for Burp Suite|![](https://img.shields.io/github/stars/nccgroup/Decoder-Improved?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![burp](/images/burp.png)[![Java](/images/java.png)](/categorize/langs/Java.md)|
|
|
|
|
|
|Utils|[Berserko](https://github.com/nccgroup/Berserko)|Burp Suite extension to perform Kerberos authentication|![](https://img.shields.io/github/stars/nccgroup/Berserko?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![burp](/images/burp.png)[![Java](/images/java.png)](/categorize/langs/Java.md)|
|
|
|
|
|
|Utils|[burp-send-to](https://github.com/bytebutcher/burp-send-to)||![](https://img.shields.io/github/stars/bytebutcher/burp-send-to?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![burp](/images/burp.png)[![Java](/images/java.png)](/categorize/langs/Java.md)|
|
|
|
|
|
|Utils|[Map Local](https://github.com/Keindel/owasp-zap-maplocal-addon)|ZAP add-on which allows mapping of responses to content of a chosen local file.|![](https://img.shields.io/github/stars/Keindel/owasp-zap-maplocal-addon?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![zap](/images/zap.png)[![Java](/images/java.png)](/categorize/langs/Java.md)|
|
|
|
|
|
|Utils|[taborator](https://github.com/hackvertor/taborator)||![](https://img.shields.io/github/stars/hackvertor/taborator?label=%20)|[`oast`](/categorize/tags/oast.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![burp](/images/burp.png)[![Java](/images/java.png)](/categorize/langs/Java.md)|
|
|
|
|
|
|Utils|[argumentinjectionhammer](https://github.com/nccgroup/argumentinjectionhammer)|A Burp Extension designed to identify argument injection vulnerabilities.|![](https://img.shields.io/github/stars/nccgroup/argumentinjectionhammer?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![burp](/images/burp.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|
|
|
|
|
|Utils|[blackboxprotobuf](https://github.com/nccgroup/blackboxprotobuf)|Blackbox protobuf is a Burp Suite extension for decoding and modifying arbitrary protobuf messages without the protobuf type definition.|![](https://img.shields.io/github/stars/nccgroup/blackboxprotobuf?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![burp](/images/burp.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|
|
|
|
|