Web Hacker's Weapons / A collection of cool tools used by Web hackers. Happy hacking , Happy bug-hunting
Go to file
2020-04-06 03:17:57 +09:00
.github Create FUNDING.yml 2020-04-05 00:08:50 +09:00
data.json Create data.json 2020-04-06 01:06:39 +09:00
LICENSE Initial commit 2020-04-04 23:54:05 +09:00
README.md Update README.md 2020-04-06 03:17:57 +09:00
tool-template.md Update tool-template.md 2020-04-06 03:10:26 +09:00
weapon-md add generating tool 2020-04-05 14:17:44 +09:00
weapon-md.go add generating tool 2020-04-05 14:17:44 +09:00



Web Hacker's Weapons

A collection of cool tools used by Web hackers. Happy hacking , Happy bug-hunting

Category

Weapons

Main Weapon

asdf

Subdomain Enumeration

Name Description Popularity Language Metadata
findomain The fastest and cross-platform subdomain enumerator, do not waste your time.


subfinder Subfinder is a subdomain discovery tool that discovers valid subdomains for websites. Designed as a passive framework to be useful for bug bounties and safe for penetration testing.


Amass In-depth Attack Surface Mapping and Asset Discovery


Sublist3r Fast subdomains enumeration tool for penetration testers


assetfinder Find domains and subdomains related to a given domain


Fetch path and host

Name Description Popularity Language Metadata
meg Fetch many paths for many hosts - without killing the hosts


httprobe Take a list of domains and probe for working HTTP and HTTPS servers


Port scanner

Name Description Popularity Language Metadata
nmap Nmap - the Network Mapper. Github mirror of official SVN repository.


naabu A fast port scanner written in go with focus on reliability and simplicity. Designed to be used in combination with other tools for attack surface discovery in bug bounties and pentests


masscan TCP port scanner, spews SYN packets asynchronously, scanning entire Internet in under 5 minutes.


Web Discovery

Name Description Popularity Language Metadata
gospider Gospider - Fast web spider written in Go


gobuster Directory/File, DNS and VHost busting tool written in Go


LinkFinder A python script that finds endpoints in JavaScript files


wfuzz Web application fuzzer


Web Vulnerability Scanner

Name Description Popularity Language Metadata
jaeles The Swiss Army knife for automated Web Application Testing


wpscan WPScan is a free, for non-commercial use, black box WordPress Vulnerability Scanner written for security professionals and blog maintainers to test the security of their WordPress websites.


Wordpresscan WPScan rewritten in Python + some WPSeku ideas


arachni Web Application Security Scanner Framework


testssl.sh Testing TLS/SSL encryption anywhere on any port


a2sv Auto Scanning to SSL Vulnerability


XSS

Name Description Popularity Language Metadata
XSStrike Most advanced XSS scanner.


XSpear Powerfull XSS Scanning and Parameter analysis tool&gem


XSSCon XSSCon


CSRF

Path traversal / Directory traversal / LFI

Command Injection

SQL Injection

NoSQL Injection

SSRF

CORS Misconfiguration

WebSocket

Cloud Security

Utility for hackers

Online tools

Contribute and Contributor

Usage of weapon-md

./weapon-md
Usage of ./weapon-md:
  -isFirst
    	if you add new type, it use
  -url string
    	github / gitlab / bitbucket url

Three Procedures for the Contribute

  • First, generate markdown code using weapon-md
$ ./weapon-md -url https://github.com/hahwul/xspear
| [xspear](https://github.com/hahwul/xspear) | Powerfull XSS Scanning and Parameter analysis tool&gem | ![](https://img.shields.io/github/stars/hahwul/xspear) | ![](https://img.shields.io/github/languages/top/hahwul/xspear) | ![](https://img.shields.io/github/repo-size/hahwul/xspear)<br>![](https://img.shields.io/github/license/hahwul/xspear) <br> ![](https://img.shields.io/github/forks/hahwul/xspear) <br> ![](https://img.shields.io/github/watchers/hahwul/xspear) |
  • Second, Give me PR or Add issue with output code
  • Third, There's no third.