mirror of
https://github.com/hahwul/WebHackersWeapons.git
synced 2024-12-29 00:56:17 -05:00
33 KiB
33 KiB
Tools Made of Python
Type | Name | Description | Star | Tags | Badges |
---|---|---|---|---|---|
Proxy | mitmproxy | An interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers. | mitmproxy |
||
Recon | uro | declutters url lists for crawling/pentesting | url |
||
Recon | knock | Knock Subdomain Scan | subdomains |
||
Recon | altdns | Generates permutations, alterations and mutations of subdomains and then resolves them | dns |
||
Recon | cc.py | Extracting URLs of a specific target based on the results of "commoncrawl.org" | url |
||
Recon | pagodo | pagodo (Passive Google Dork) - Automate Google Hacking Database scraping and searching | |||
Recon | Silver | Mass scan IPs for vulnerable services | port |
||
Recon | dnsvalidator | Maintains a list of IPv4 DNS servers by verifying them against baseline servers, and ensuring accurate responses. | dns |
||
Recon | SecretFinder | SecretFinder - A python script for find sensitive data (apikeys, accesstoken,jwt,..) and search anything on javascript files | |||
Recon | BLUTO | DNS Analysis Tool | dns |
||
Recon | HydraRecon | All In One, Fast, Easy Recon Tool | |||
Recon | BurpJSLinkFinder | ||||
Recon | Arjun | HTTP parameter discovery suite. | param |
||
Recon | Lepus | Subdomain finder | subdomains |
||
Recon | FavFreak | Making Favicon.ico based Recon Great again ! | |||
Recon | Photon | Incredibly fast crawler designed for OSINT. | osint crawl |
||
Recon | parameth | This tool can be used to brute discover GET and POST parameters | |||
Recon | Dr. Watson | Dr. Watson is a simple Burp Suite extension that helps find assets, keys, subdomains, IP addresses, and other useful information | param subdomains |
||
Recon | Parth | Heuristic Vulnerable Parameter Scanner | param |
||
Recon | OneForAll | OneForAll是一款功能强大的子域收集工具 | |||
Recon | GitMiner | Tool for advanced mining for content on Github | |||
Recon | apkleaks | Scanning APK file for URIs, endpoints & secrets. | apk |
||
Recon | spiderfoot | SpiderFoot automates OSINT collection so that you can focus on analysis. | osint |
||
Recon | SubBrute | https://github.com/TheRook/subbrute | subdomains |
||
Recon | ParamSpider | Mining parameters from dark corners of Web Archives | param |
||
Recon | longtongue | Customized Password/Passphrase List inputting Target Info | |||
Recon | dirsearch | Web path scanner | |||
Recon | STEWS | A Security Tool for Enumerating WebSockets | |||
Recon | xnLinkFinder | A python tool used to discover endpoints (and potential parameters) for a given target | |||
Recon | graphw00f | GraphQL Server Engine Fingerprinting utility | graphql |
||
Recon | LinkFinder | A python script that finds endpoints in JavaScript files | |||
Recon | 3klCon | Automation Recon tool which works with Large & Medium scopes. It performs more than 20 tasks and gets back all the results in separated files. | |||
Recon | Sublist3r | Fast subdomains enumeration tool for penetration testers | subdomains |
||
Fuzzer | wfuzz | Web application fuzzer | |||
Fuzzer | CrackQL | CrackQL is a GraphQL password brute-force and fuzzing utility. | graphql |
||
Fuzzer | GraphQLmap | GraphQLmap is a scripting engine to interact with a graphql endpoint for pentesting purposes. | graphql |
||
Fuzzer | SSRFmap | Automatic SSRF fuzzer and exploitation tool | ssrf |
||
Fuzzer | BatchQL | GraphQL security auditing script with a focus on performing batch GraphQL queries and mutations | graphql |
||
Fuzzer | ParamPamPam | This tool for brute discover GET and POST parameters. | param cache-vuln |
||
Scanner | smuggler | Smuggler - An HTTP Request Smuggling / Desync testing tool written in Python 3 | smuggle |
||
Scanner | Oralyzer | Open Redirection Analyzer | |||
Scanner | deadlinks | Health checks for your documentation links. | broken-link |
||
Scanner | Autorize | aaa |
|||
Scanner | DSSS | Damn Small SQLi Scanner | sqli |
||
Scanner | OpenRedireX | A Fuzzer for OpenRedirect issues | |||
Scanner | http-request-smuggling | HTTP Request Smuggling Detection Tool | |||
Scanner | NoSQLMap | Automated NoSQL database enumeration and web application exploitation tool. | |||
Scanner | AuthMatrix | aaa |
|||
Scanner | a2sv | Auto Scanning to SSL Vulnerability | ssl |
||
Scanner | sqlmap | Automatic SQL injection and database takeover tool | |||
Scanner | commix | Automated All-in-One OS Command Injection Exploitation Tool. | exploit |
||
Scanner | tplmap | Server-Side Template Injection and Code Injection Detection and Exploitation Tool | |||
Scanner | gitGraber | gitGraber | |||
Scanner | LFISuite | Totally Automatic LFI Exploiter (+ Reverse Shell) and Scanner | |||
Scanner | XSStrike | Most advanced XSS scanner. | xss |
||
Scanner | autopoisoner | Web cache poisoning vulnerability scanner. | cache-vuln |
||
Scanner | sqliv | massive SQL injection vulnerability scanner | sqli |
||
Scanner | xsser | Cross Site "Scripter" (aka XSSer) is an automatic -framework- to detect, exploit and report XSS vulnerabilities in web-based applications. | xss |
||
Scanner | S3Scanner | Scan for open AWS S3 buckets and dump the contents | s3 |
||
Scanner | S3cret Scanner | Hunting For Secrets Uploaded To Public S3 Buckets | s3 |
||
Scanner | VHostScan | A virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, work around wildcards, aliases and dynamic default pages. | |||
Scanner | xsscrapy | XSS/SQLi spider. Give it a URL and it'll test every link it finds for XSS and some SQLi. | xss |
||
Scanner | zap-cli | A simple tool for interacting with OWASP ZAP from the commandline. | |||
Scanner | Striker | Striker is an offensive information and vulnerability scanner. | |||
Scanner | rapidscan | The Multi-Tool Web Vulnerability Scanner. | |||
Scanner | corsair_scan | Corsair_scan is a security tool to test Cross-Origin Resource Sharing (CORS). | cors |
||
Scanner | Corsy | CORS Misconfiguration Scanner | cors |
||
Scanner | AWSBucketDump | Security Tool to Look For Interesting Files in S3 Buckets | s3 |
||
Exploit | Liffy | Local file inclusion exploitation tool | lfi |
||
Exploit | ghauri | An advanced cross-platform tool that automates the process of detecting and exploiting SQL injection security flaws | sqli |
||
Exploit | XSRFProbe | The Prime Cross Site Request Forgery (CSRF) Audit and Exploitation Toolkit. | |||
Exploit | toxssin | An XSS exploitation command-line interface and payload generator. | xss |
||
Exploit | of-CORS | Identifying and exploiting CORS misconfigurations on the internal networks | cors |
||
Exploit | Gopherus | This tool generates gopher link for exploiting SSRF and gaining RCE in various servers | ssrf |
||
Utils | femida | ||||
Utils | pentest-tools | Custom pentesting tools | |||
Utils | argumentinjectionhammer | A Burp Extension designed to identify argument injection vulnerabilities. | |||
Utils | zip-bomb | Create a ZIPBomb for a given uncompressed size (flat and nested modes). | zipbomb |
||
Utils | tiscripts | Turbo Intruder Scripts | |||
Utils | Redcloud | Automated Red Team Infrastructure deployement using Docker | infra |
||
Utils | blackboxprotobuf | Blackbox protobuf is a Burp Suite extension for decoding and modifying arbitrary protobuf messages without the protobuf type definition. | |||
Utils | ZipBomb | A simple implementation of ZipBomb in Python | zipbomb |
||
Utils | grc | generic colouriser | |||
Utils | REcollapse | REcollapse is a helper tool for black-box regex fuzzing to bypass validations and discover normalizations in web applications | fuzz |
||
Utils | docem | Uility to embed XXE and XSS payloads in docx,odt,pptx,etc (OXML_XEE on steroids) | xxe xss |
||
Utils | 230-OOB | An Out-of-Band XXE server for retrieving file contents over FTP. | xxe |
||
Utils | burp-exporter | ||||
Utils | Bug-Bounty-Toolz | BBT - Bug Bounty Tools | |||
Utils | inql | ||||
Utils | httpie | As easy as /aitch-tee-tee-pie/ 🥧 Modern, user-friendly command-line HTTP client for the API era. JSON support, colors, sessions, downloads, plugins & more. https://twitter.com/httpie | http |
||
Utils | Atlas | Quick SQLMap Tamper Suggester | |||
Utils | XSS-Catcher | Find blind XSS but why not gather data while you're at it. | xss blind-xss |
||
Utils | PayloadsAllTheThings | A list of useful payloads and bypass for Web Application Security and Pentest/CTF | |||
Env | Crimson | Web Application Security Testing automation. |