WebHackersWeapons/categorize/langs/Python.md

Tools Made of Python

Type	Name	Description	Star	Tags	Badges
Proxy	mitmproxy	An interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers.		mitmproxy
Recon	Dr. Watson	Dr. Watson is a simple Burp Suite extension that helps find assets, keys, subdomains, IP addresses, and other useful information		param subdomains
Recon	uro	declutters url lists for crawling/pentesting		url
Recon	SecretFinder	SecretFinder - A python script for find sensitive data (apikeys, accesstoken,jwt,..) and search anything on javascript files
Recon	ParamSpider	Mining parameters from dark corners of Web Archives		param
Recon	cc.py	Extracting URLs of a specific target based on the results of "commoncrawl.org"		url
Recon	BLUTO	DNS Analysis Tool		dns
Recon	parameth	This tool can be used to brute discover GET and POST parameters
Recon	3klCon	Automation Recon tool which works with Large & Medium scopes. It performs more than 20 tasks and gets back all the results in separated files.
Recon	xnLinkFinder	A python tool used to discover endpoints (and potential parameters) for a given target
Recon	graphw00f	GraphQL Server Engine Fingerprinting utility		graphql
Recon	SubBrute	https://github.com/TheRook/subbrute		subdomains
Recon	dirsearch	Web path scanner
Recon	Silver	Mass scan IPs for vulnerable services		port
Recon	FavFreak	Making Favicon.ico based Recon Great again !
Recon	altdns	Generates permutations, alterations and mutations of subdomains and then resolves them		dns
Recon	GitMiner	Tool for advanced mining for content on Github
Recon	knock	Knock Subdomain Scan		subdomains
Recon	HydraRecon	All In One, Fast, Easy Recon Tool
Recon	apkleaks	Scanning APK file for URIs, endpoints & secrets.		apk
Recon	BurpJSLinkFinder
Recon	Arjun	HTTP parameter discovery suite.		param
Recon	OneForAll	OneForAll是一款功能强大的子域收集工具
Recon	Photon	Incredibly fast crawler designed for OSINT.		osint crawl
Recon	pagodo	pagodo (Passive Google Dork) - Automate Google Hacking Database scraping and searching
Recon	dnsvalidator	Maintains a list of IPv4 DNS servers by verifying them against baseline servers, and ensuring accurate responses.		dns
Recon	spiderfoot	SpiderFoot automates OSINT collection so that you can focus on analysis.		osint
Recon	STEWS	A Security Tool for Enumerating WebSockets
Recon	longtongue	Customized Password/Passphrase List inputting Target Info
Recon	LinkFinder	A python script that finds endpoints in JavaScript files
Recon	Sublist3r	Fast subdomains enumeration tool for penetration testers		subdomains
Recon	Lepus	Subdomain finder		subdomains
Recon	Parth	Heuristic Vulnerable Parameter Scanner		param
Fuzzer	ParamPamPam	This tool for brute discover GET and POST parameters.		param cache-vuln
Fuzzer	GraphQLmap	GraphQLmap is a scripting engine to interact with a graphql endpoint for pentesting purposes.		graphql
Fuzzer	BatchQL	GraphQL security auditing script with a focus on performing batch GraphQL queries and mutations		graphql
Fuzzer	SSRFmap	Automatic SSRF fuzzer and exploitation tool		ssrf
Fuzzer	CrackQL	CrackQL is a GraphQL password brute-force and fuzzing utility.		graphql
Fuzzer	wfuzz	Web application fuzzer
Scanner	VHostScan	A virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, work around wildcards, aliases and dynamic default pages.
Scanner	S3cret Scanner	Hunting For Secrets Uploaded To Public S3 Buckets		s3
Scanner	autopoisoner	Web cache poisoning vulnerability scanner.		cache-vuln
Scanner	OpenRedireX	A Fuzzer for OpenRedirect issues
Scanner	NoSQLMap	Automated NoSQL database enumeration and web application exploitation tool.
Scanner	AWSBucketDump	Security Tool to Look For Interesting Files in S3 Buckets		s3
Scanner	http-request-smuggling	HTTP Request Smuggling Detection Tool
Scanner	rapidscan	The Multi-Tool Web Vulnerability Scanner.
Scanner	Autorize			aaa
Scanner	xsscrapy	XSS/SQLi spider. Give it a URL and it'll test every link it finds for XSS and some SQLi.		xss
Scanner	Corsy	CORS Misconfiguration Scanner		cors
Scanner	xsser	Cross Site "Scripter" (aka XSSer) is an automatic -framework- to detect, exploit and report XSS vulnerabilities in web-based applications.		xss
Scanner	Oralyzer	Open Redirection Analyzer
Scanner	corsair_scan	Corsair_scan is a security tool to test Cross-Origin Resource Sharing (CORS).		cors
Scanner	sqliv	massive SQL injection vulnerability scanner		sqli
Scanner	deadlinks	Health checks for your documentation links.		broken-link
Scanner	S3Scanner	Scan for open AWS S3 buckets and dump the contents		s3
Scanner	gitGraber	gitGraber
Scanner	commix	Automated All-in-One OS Command Injection Exploitation Tool.		exploit
Scanner	XSStrike	Most advanced XSS scanner.		xss
Scanner	tplmap	Server-Side Template Injection and Code Injection Detection and Exploitation Tool
Scanner	Striker	Striker is an offensive information and vulnerability scanner.
Scanner	sqlmap	Automatic SQL injection and database takeover tool
Scanner	zap-cli	A simple tool for interacting with OWASP ZAP from the commandline.
Scanner	AuthMatrix			aaa
Scanner	DSSS	Damn Small SQLi Scanner		sqli
Scanner	a2sv	Auto Scanning to SSL Vulnerability		ssl
Scanner	smuggler	Smuggler - An HTTP Request Smuggling / Desync testing tool written in Python 3		smuggle
Scanner	LFISuite	Totally Automatic LFI Exploiter (+ Reverse Shell) and Scanner
Exploit	of-CORS	Identifying and exploiting CORS misconfigurations on the internal networks		cors
Exploit	Gopherus	This tool generates gopher link for exploiting SSRF and gaining RCE in various servers		ssrf
Exploit	Liffy	Local file inclusion exploitation tool		lfi
Exploit	ghauri	An advanced cross-platform tool that automates the process of detecting and exploiting SQL injection security flaws		sqli
Exploit	XSRFProbe	The Prime Cross Site Request Forgery (CSRF) Audit and Exploitation Toolkit.
Exploit	toxssin	An XSS exploitation command-line interface and payload generator.		xss
Utils	PayloadsAllTheThings	A list of useful payloads and bypass for Web Application Security and Pentest/CTF
Utils	REcollapse	REcollapse is a helper tool for black-box regex fuzzing to bypass validations and discover normalizations in web applications		fuzz
Utils	Atlas	Quick SQLMap Tamper Suggester
Utils	Bug-Bounty-Toolz	BBT - Bug Bounty Tools
Utils	Redcloud	Automated Red Team Infrastructure deployement using Docker		infra
Utils	inql
Utils	grc	generic colouriser
Utils	femida
Utils	pentest-tools	Custom pentesting tools
Utils	argumentinjectionhammer	A Burp Extension designed to identify argument injection vulnerabilities.
Utils	XSS-Catcher	Find blind XSS but why not gather data while you're at it.		xss blind-xss
Utils	zip-bomb	Create a ZIPBomb for a given uncompressed size (flat and nested modes).		zipbomb
Utils	docem	Uility to embed XXE and XSS payloads in docx,odt,pptx,etc (OXML_XEE on steroids)		xxe xss
Utils	burp-exporter
Utils	httpie	As easy as /aitch-tee-tee-pie/ 🥧 Modern, user-friendly command-line HTTP client for the API era. JSON support, colors, sessions, downloads, plugins & more. https://twitter.com/httpie		http
Utils	230-OOB	An Out-of-Band XXE server for retrieving file contents over FTP.		xxe
Utils	blackboxprotobuf	Blackbox protobuf is a Burp Suite extension for decoding and modifying arbitrary protobuf messages without the protobuf type definition.
Utils	ZipBomb	A simple implementation of ZipBomb in Python		zipbomb
Utils	tiscripts	Turbo Intruder Scripts
Env	Crimson	Web Application Security Testing automation.