mirror of
https://github.com/hahwul/WebHackersWeapons.git
synced 2025-02-11 04:48:49 -05:00
30 KiB
30 KiB
Tools Made of Python
| Type | Name | Description | Star | Tags | Badges |
|---|---|---|---|---|---|
| Proxy | mitmproxy | An interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers. |  |
mitmproxy |
    |
| Recon | longtongue | Customized Password/Passphrase List inputting Target Info |  |
|
|
| Recon | knock | Knock Subdomain Scan |  |
subdomains |
|
| Recon | cc.py | Extracting URLs of a specific target based on the results of "commoncrawl.org" |  |
url |
|
| Recon | LinkFinder | A python script that finds endpoints in JavaScript files |  |
|
|
| Recon | 3klCon | Automation Recon tool which works with Large & Medium scopes. It performs more than 20 tasks and gets back all the results in separated files. |  |
|
|
| Recon | Silver | Mass scan IPs for vulnerable services |  |
port |
|
| Recon | Parth | Heuristic Vulnerable Parameter Scanner |  |
param |
|
| Recon | SecretFinder | SecretFinder - A python script for find sensitive data (apikeys, accesstoken,jwt,..) and search anything on javascript files |  |
|
|
| Recon | Lepus | Subdomain finder |  |
subdomains |
|
| Recon | BurpJSLinkFinder |  |
 |
||
| Recon | OneForAll | OneForAll是一款功能强大的子域收集工具 |  |
|
|
| Recon | graphw00f | GraphQL Server Engine Fingerprinting utility |  |
graphql |
|
| Recon | STEWS | A Security Tool for Enumerating WebSockets |  |
|
|
| Recon | dirsearch | Web path scanner |  |
|
|
| Recon | BLUTO | DNS Analysis Tool |  |
dns |
|
| Recon | dnsvalidator | Maintains a list of IPv4 DNS servers by verifying them against baseline servers, and ensuring accurate responses. |  |
dns |
|
| Recon | xnLinkFinder | A python tool used to discover endpoints (and potential parameters) for a given target |  |
|
|
| Recon | parameth | This tool can be used to brute discover GET and POST parameters |  |
|
|
| Recon | Photon | Incredibly fast crawler designed for OSINT. |  |
osint crawl |
|
| Recon | HydraRecon | All In One, Fast, Easy Recon Tool |  |
|
|
| Recon | pagodo | pagodo (Passive Google Dork) - Automate Google Hacking Database scraping and searching |  |
|
|
| Recon | uro | declutters url lists for crawling/pentesting |  |
url |
|
| Recon | SubBrute | https://github.com/TheRook/subbrute |  |
subdomains |
|
| Recon | FavFreak | Making Favicon.ico based Recon Great again ! |  |
|
|
| Recon | apkleaks | Scanning APK file for URIs, endpoints & secrets. |  |
apk |
|
| Recon | GitMiner | Tool for advanced mining for content on Github |  |
|
|
| Recon | Arjun | HTTP parameter discovery suite. |  |
param |
|
| Recon | altdns | Generates permutations, alterations and mutations of subdomains and then resolves them |  |
dns |
|
| Recon | ParamSpider | Mining parameters from dark corners of Web Archives |  |
param |
|
| Recon | Sublist3r | Fast subdomains enumeration tool for penetration testers | |
subdomains |
|
| Recon | spiderfoot | SpiderFoot automates OSINT collection so that you can focus on analysis. |  |
osint |
|
| Fuzzer | GraphQLmap | GraphQLmap is a scripting engine to interact with a graphql endpoint for pentesting purposes. |  |
graphql |
|
| Fuzzer | CrackQL | CrackQL is a GraphQL password brute-force and fuzzing utility. |  |
graphql |
|
| Fuzzer | wfuzz | Web application fuzzer |  |
|
|
| Fuzzer | BatchQL | GraphQL security auditing script with a focus on performing batch GraphQL queries and mutations |  |
graphql |
|
| Fuzzer | SSRFmap | Automatic SSRF fuzzer and exploitation tool |  |
ssrf |
|
| Scanner | xsser | Cross Site "Scripter" (aka XSSer) is an automatic -framework- to detect, exploit and report XSS vulnerabilities in web-based applications. |  |
xss |
|
| Scanner | smuggler | Smuggler - An HTTP Request Smuggling / Desync testing tool written in Python 3 |  |
smuggle |
|
| Scanner | commix | Automated All-in-One OS Command Injection Exploitation Tool. |  |
exploit |
|
| Scanner | deadlinks | Health checks for your documentation links. |  |
broken-link |
|
| Scanner | a2sv | Auto Scanning to SSL Vulnerability |  |
ssl |
|
| Scanner | gitGraber | gitGraber |  |
|
|
| Scanner | corsair_scan | Corsair_scan is a security tool to test Cross-Origin Resource Sharing (CORS). |  |
cors |
|
| Scanner | DSSS | Damn Small SQLi Scanner |  |
sqli |
|
| Scanner | Autorize |  |
aaa |
|
|
| Scanner | VHostScan | A virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, work around wildcards, aliases and dynamic default pages. |  |
|
|
| Scanner | Corsy | CORS Misconfiguration Scanner |  |
cors |
|
| Scanner | tplmap | Server-Side Template Injection and Code Injection Detection and Exploitation Tool |  |
|
|
| Scanner | S3cret Scanner | Hunting For Secrets Uploaded To Public S3 Buckets |  |
s3 |
|
| Scanner | autopoisoner | Web cache poisoning vulnerability scanner. |  |
cache-vuln |
|
| Scanner | rapidscan | The Multi-Tool Web Vulnerability Scanner. |  |
|
|
| Scanner | Striker | Striker is an offensive information and vulnerability scanner. |  |
|
|
| Scanner | http-request-smuggling | HTTP Request Smuggling Detection Tool |  |
|
|
| Scanner | LFISuite | Totally Automatic LFI Exploiter (+ Reverse Shell) and Scanner |  |
|
|
| Scanner | XSStrike | Most advanced XSS scanner. |  |
xss |
|
| Scanner | sqlmap | Automatic SQL injection and database takeover tool |  |
|
|
| Scanner | OpenRedireX | A Fuzzer for OpenRedirect issues |  |
|
|
| Scanner | S3Scanner | Scan for open AWS S3 buckets and dump the contents |  |
s3 |
|
| Scanner | sqliv | massive SQL injection vulnerability scanner |  |
sqli |
|
| Scanner | AuthMatrix |  |
aaa |
|
|
| Scanner | xsscrapy | XSS/SQLi spider. Give it a URL and it'll test every link it finds for XSS and some SQLi. |  |
xss |
|
| Scanner | AWSBucketDump | Security Tool to Look For Interesting Files in S3 Buckets |  |
s3 |
|
| Scanner | NoSQLMap | Automated NoSQL database enumeration and web application exploitation tool. |  |
|
|
| Scanner | zap-cli | A simple tool for interacting with OWASP ZAP from the commandline. |  |
 |
|
| Exploit | XSRFProbe | The Prime Cross Site Request Forgery (CSRF) Audit and Exploitation Toolkit. |  |
|
|
| Exploit | Liffy | Local file inclusion exploitation tool |  |
lfi |
|
| Exploit | toxssin | An XSS exploitation command-line interface and payload generator. |  |
xss |
|
| Exploit | Gopherus | This tool generates gopher link for exploiting SSRF and gaining RCE in various servers |  |
ssrf |
|
| Utils | pentest-tools | Custom pentesting tools |  |
|
|
| Utils | femida |  |
|
||
| Utils | blackboxprotobuf | Blackbox protobuf is a Burp Suite extension for decoding and modifying arbitrary protobuf messages without the protobuf type definition. |  |
|
|
| Utils | 230-OOB | An Out-of-Band XXE server for retrieving file contents over FTP. |  |
xxe |
|
| Utils | inql |  |
|
||
| Utils | argumentinjectionhammer | A Burp Extension designed to identify argument injection vulnerabilities. |  |
|
|
| Utils | XSS-Catcher | Find blind XSS but why not gather data while you're at it. |  |
xss blind-xss |
|
| Utils | burp-exporter |  |
|
||
| Utils | Bug-Bounty-Toolz | BBT - Bug Bounty Tools |  |
|
|
| Utils | grc | generic colouriser |  |
|
|
| Utils | Redcloud | Automated Red Team Infrastructure deployement using Docker |  |
infra |
|
| Utils | Atlas | Quick SQLMap Tamper Suggester |  |
|
|
| Utils | httpie | As easy as /aitch-tee-tee-pie/ 🥧 Modern, user-friendly command-line HTTP client for the API era. JSON support, colors, sessions, downloads, plugins & more. https://twitter.com/httpie |  |
http |
|
| Utils | docem | Uility to embed XXE and XSS payloads in docx,odt,pptx,etc (OXML_XEE on steroids) |  |
xxe xss |
|
| Utils | PayloadsAllTheThings | A list of useful payloads and bypass for Web Application Security and Pentest/CTF |  |
|
|
| Utils | tiscripts | Turbo Intruder Scripts |  |
|
|
| Env | Crimson | Web Application Security Testing automation. |  |
|