WebHackersWeapons/categorize/langs/Python.md

Tools Made of Python

Type	Name	Description	Star	Tags	Badges
Proxy	mitmproxy	An interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers.		mitmproxy
Recon	knock	Knock Subdomain Scan		subdomains
Recon	xnLinkFinder	A python tool used to discover endpoints (and potential parameters) for a given target		js-analysis
Recon	longtongue	Customized Password/Passphrase List inputting Target Info
Recon	spiderfoot	SpiderFoot automates OSINT collection so that you can focus on analysis.		osint
Recon	Arjun	HTTP parameter discovery suite.		param
Recon	bbot	OSINT automation for hackers		osint
Recon	apkleaks	Scanning APK file for URIs, endpoints & secrets.		apk url endpoint
Recon	GitMiner	Tool for advanced mining for content on Github
Recon	STEWS	A Security Tool for Enumerating WebSockets
Recon	pagodo	pagodo (Passive Google Dork) - Automate Google Hacking Database scraping and searching
Recon	altdns	Generates permutations, alterations and mutations of subdomains and then resolves them		dns subdomains
Recon	LinkFinder	A python script that finds endpoints in JavaScript files		js-analysis
Recon	Lepus	Subdomain finder		subdomains
Recon	Dr. Watson	Dr. Watson is a simple Burp Suite extension that helps find assets, keys, subdomains, IP addresses, and other useful information		param subdomains
Recon	SubBrute	https://github.com/TheRook/subbrute		subdomains
Recon	BurpJSLinkFinder			js-analysis
Recon	Sublist3r	Fast subdomains enumeration tool for penetration testers		subdomains
Recon	Photon	Incredibly fast crawler designed for OSINT.		osint crawl
Recon	Silver	Mass scan IPs for vulnerable services		port
Recon	parameth	This tool can be used to brute discover GET and POST parameters
Recon	3klCon	Automation Recon tool which works with Large & Medium scopes. It performs more than 20 tasks and gets back all the results in separated files.
Recon	FavFreak	Making Favicon.ico based Recon Great again !
Recon	ParamSpider	Mining parameters from dark corners of Web Archives		param
Recon	OneForAll	OneForAll是一款功能强大的子域收集工具
Recon	Parth	Heuristic Vulnerable Parameter Scanner		param
Recon	dnsvalidator	Maintains a list of IPv4 DNS servers by verifying them against baseline servers, and ensuring accurate responses.		dns
Recon	uro	declutters url lists for crawling/pentesting		url
Recon	BLUTO	DNS Analysis Tool		dns
Recon	dirsearch	Web path scanner
Recon	cc.py	Extracting URLs of a specific target based on the results of "commoncrawl.org"		url
Recon	HydraRecon	All In One, Fast, Easy Recon Tool
Recon	HostHunter	Recon tool for discovering hostnames using OSINT techniques.		osint
Recon	SecretFinder	SecretFinder - A python script for find sensitive data (apikeys, accesstoken,jwt,..) and search anything on javascript files
Recon	ParamWizard	ParamWizard is a powerful Python-based tool designed for extracting and identifying URLs with parameters from a specified website.		param
Recon	graphw00f	GraphQL Server Engine Fingerprinting utility		graphql
Fuzzer	SSTImap	Automatic SSTI detection tool with interactive interface		ssti
Fuzzer	SSRFmap	Automatic SSRF fuzzer and exploitation tool		ssrf
Fuzzer	BatchQL	GraphQL security auditing script with a focus on performing batch GraphQL queries and mutations		graphql
Fuzzer	CrackQL	CrackQL is a GraphQL password brute-force and fuzzing utility.		graphql
Fuzzer	Clairvoyance	Obtain GraphQL API schema even if the introspection is disabled		graphql
Fuzzer	wfuzz	Web application fuzzer
Fuzzer	ParamPamPam	This tool for brute discover GET and POST parameters.		param cache-vuln
Fuzzer	GAP	This is an evolution of the original getAllParams extension for Burp. Not only does it find more potential parameters for you to investigate, but it also finds potential links to try these parameters on.		param
Fuzzer	GraphQLmap	GraphQLmap is a scripting engine to interact with a graphql endpoint for pentesting purposes.		graphql
Scanner	OpenRedireX	A Fuzzer for OpenRedirect issues
Scanner	http-request-smuggling	HTTP Request Smuggling Detection Tool
Scanner	S3cret Scanner	Hunting For Secrets Uploaded To Public S3 Buckets		s3
Scanner	NoSQLMap	Automated NoSQL database enumeration and web application exploitation tool.		nosqli
Scanner	zap-cli	A simple tool for interacting with OWASP ZAP from the commandline.
Scanner	deadlinks	Health checks for your documentation links.		broken-link
Scanner	LFISuite	Totally Automatic LFI Exploiter (+ Reverse Shell) and Scanner
Scanner	AWSBucketDump	Security Tool to Look For Interesting Files in S3 Buckets		s3
Scanner	DSSS	Damn Small SQLi Scanner		sqli
Scanner	AuthMatrix			aaa
Scanner	corsair_scan	Corsair_scan is a security tool to test Cross-Origin Resource Sharing (CORS).		cors
Scanner	S3Scanner	Scan for open AWS S3 buckets and dump the contents		s3
Scanner	rapidscan	The Multi-Tool Web Vulnerability Scanner.
Scanner	autopoisoner	Web cache poisoning vulnerability scanner.		cache-vuln
Scanner	commix	Automated All-in-One OS Command Injection Exploitation Tool.		exploit
Scanner	smuggler	Smuggler - An HTTP Request Smuggling / Desync testing tool written in Python 3		smuggle
Scanner	SQLiDetector	Simple python script supported with BurpBouty profile that helps you to detect SQL injection "Error based" by sending multiple requests with 14 payloads and checking for 152 regex patterns for different databases.		sqli
Scanner	a2sv	Auto Scanning to SSL Vulnerability		ssl
Scanner	depenfusion	A powerful pentesting tool for detecting and exploiting dependency confusion vulnerabilities in Node.js projects		dependency-confusion
Scanner	Corsy	CORS Misconfiguration Scanner		cors
Scanner	dependency-confusion-scanner	This small repo is meant to scan Github's repositories for potential Dependency confusion vulnerabilities.		dependency-confusion
Scanner	V3n0M-Scanner	Popular Pentesting scanner in Python3.6 for SQLi/XSS/LFI/RFI and other Vulns		sqli xss lfi rfi
Scanner	xsscrapy	XSS/SQLi spider. Give it a URL and it'll test every link it finds for XSS and some SQLi.		xss
Scanner	tplmap	Server-Side Template Injection and Code Injection Detection and Exploitation Tool
Scanner	sqlmap	Automatic SQL injection and database takeover tool		sqli
Scanner	Striker	Striker is an offensive information and vulnerability scanner.
Scanner	gitGraber	gitGraber
Scanner	xsser	Cross Site "Scripter" (aka XSSer) is an automatic -framework- to detect, exploit and report XSS vulnerabilities in web-based applications.		xss
Scanner	XSStrike	Most advanced XSS scanner.		xss
Scanner	sqliv	massive SQL injection vulnerability scanner		sqli
Scanner	Autorize			aaa
Scanner	Oralyzer	Open Redirection Analyzer
Scanner	VHostScan	A virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, work around wildcards, aliases and dynamic default pages.
Exploit	XSRFProbe	The Prime Cross Site Request Forgery (CSRF) Audit and Exploitation Toolkit.
Exploit	Liffy	Local file inclusion exploitation tool		lfi
Exploit	Gopherus	This tool generates gopher link for exploiting SSRF and gaining RCE in various servers		ssrf
Exploit	of-CORS	Identifying and exploiting CORS misconfigurations on the internal networks		cors
Exploit	ghauri	An advanced cross-platform tool that automates the process of detecting and exploiting SQL injection security flaws		sqli
Exploit	toxssin	An XSS exploitation command-line interface and payload generator.		xss
Utils	PayloadsAllTheThings	A list of useful payloads and bypass for Web Application Security and Pentest/CTF
Utils	Atlas	Quick SQLMap Tamper Suggester		sqli
Utils	pentest-tools	Custom pentesting tools
Utils	argumentinjectionhammer	A Burp Extension designed to identify argument injection vulnerabilities.
Utils	httpie	modern, user-friendly command-line HTTP client for the API era		http
Utils	tiscripts	Turbo Intruder Scripts
Utils	inql
Utils	230-OOB	An Out-of-Band XXE server for retrieving file contents over FTP.		xxe
Utils	docem	Uility to embed XXE and XSS payloads in docx,odt,pptx,etc (OXML_XEE on steroids)		xxe xss
Utils	XSS-Catcher	Find blind XSS but why not gather data while you're at it.		xss blind-xss
Utils	Redcloud	Automated Red Team Infrastructure deployement using Docker		infra
Utils	REcollapse	REcollapse is a helper tool for black-box regex fuzzing to bypass validations and discover normalizations in web applications		fuzz
Utils	Bug-Bounty-Toolz	BBT - Bug Bounty Tools
Utils	ZipBomb	A simple implementation of ZipBomb in Python		zipbomb
Utils	zip-bomb	Create a ZIPBomb for a given uncompressed size (flat and nested modes).		zipbomb
Utils	blackboxprotobuf	Blackbox protobuf is a Burp Suite extension for decoding and modifying arbitrary protobuf messages without the protobuf type definition.
Utils	burp-exporter
Utils	gRPC-Web Pentest Suite	gRPC-Pentest-Suite is set of tools for pentesting / hacking gRPC Web (gRPC-Web) applications.		gRPC-Web
Utils	femida
Utils	GQLSpection	parses GraphQL introspection schema and generates possible queries		graphql
Utils	nuclei-wordfence-cve	Every single day new templates are added to this repo based on updates on Wordfence.com		nuclei-templates
Utils	grc	generic colouriser
Env	Crimson	Web Application Security Testing automation.