mirror of
https://github.com/hahwul/WebHackersWeapons.git
synced 2024-12-23 22:39:21 -05:00
20 KiB
20 KiB
Web Hacker's Weapons
A collection of cool tools used by Web hackers. Happy hacking , Happy bug-hunting
Category
Weapons
Fetch path and host
Name | Description | Popularity | Language | Metadata |
---|---|---|---|---|
httprobe | Take a list of domains and probe for working HTTP and HTTPS servers | |||
meg | Fetch many paths for many hosts - without killing the hosts |
Web Discovery
Name | Description | Popularity | Language | Metadata |
---|---|---|---|---|
Arjun | HTTP parameter discovery suite. | |||
Photon | Incredibly fast crawler designed for OSINT. | |||
ReconDog | Reconnaissance Swiss Army Knife | |||
dnsprobe | DNSProb (beta) is a tool built on top of retryabledns that allows you to perform multiple dns queries of your choice with a list of user supplied resolvers. | |||
gospider | Gospider - Fast web spider written in Go | |||
shuffledns | shuffleDNS is a wrapper around massdns written in go that allows you to enumerate valid subdomains using active bruteforce as well as resolve subdomains with wildcard handling and easy input-output support. | |||
waybackurls | Fetch all the URLs that the Wayback Machine knows about for a domain |
XSS
Name | Description | Popularity | Language | Metadata |
---|---|---|---|---|
XSStrike | Most advanced XSS scanner. | |||
Xspear | Powerfull XSS Scanning and Parameter analysis tool&gem |
SQL Injection
Name | Description | Popularity | Language | Metadata |
---|---|---|---|---|
sqlmap | Automatic SQL injection and database takeover tool | |||
sqlninja | SQL Injection Tool |
NoSQL Injection
Name | Description | Popularity | Language | Metadata |
---|---|---|---|---|
NoSQLMap | Automated NoSQL database enumeration and web application exploitation tool. |
CORS Misconfiguration
Name | Description | Popularity | Language | Metadata |
---|---|---|---|---|
Corsy | CORS Misconfiguration Scanner |
Cloud Security
Name | Description | Popularity | Language | Metadata |
---|---|---|---|---|
s3reverse | The format of various s3 buckets is convert in one format. for bugbounty and security testing. |
Main Weapon
Name | Description | Popularity | Language | Metadata |
---|
Subdomain Enumeration
Name | Description | Popularity | Language | Metadata |
---|---|---|---|---|
Amass | In-depth Attack Surface Mapping and Asset Discovery | |||
assetfinder | Find domains and subdomains related to a given domain | |||
findomain | The fastest and cross-platform subdomain enumerator, do not waste your time. | |||
subfinder | Subfinder is a subdomain discovery tool that discovers valid subdomains for websites. Designed as a passive framework to be useful for bug bounties and safe for penetration testing. |
Port scanner
Name | Description | Popularity | Language | Metadata |
---|---|---|---|---|
masscan | TCP port scanner, spews SYN packets asynchronously, scanning entire Internet in under 5 minutes. | |||
naabu | A fast port scanner written in go with focus on reliability and simplicity. Designed to be used in combination with other tools for attack surface discovery in bug bounties and pentests | |||
nmap | Nmap - the Network Mapper. Github mirror of official SVN repository. |
Web Vulnerability Scanner
Name | Description | Popularity | Language | Metadata |
---|---|---|---|---|
Silver | Mass scan IPs for vulnerable services | |||
Striker | Striker is an offensive information and vulnerability scanner. | |||
a2sv | Auto Scanning to SSL Vulnerability |
CSRF
Name | Description | Popularity | Language | Metadata |
---|
WebSocket
Name | Description | Popularity | Language | Metadata |
---|---|---|---|---|
websocket-connection-smuggler | websocket-connection-smuggler |
Path traversal / Directory traversal / LFI
Name | Description | Popularity | Language | Metadata |
---|
Command Injection
Name | Description | Popularity | Language | Metadata |
---|
SSRF
Name | Description | Popularity | Language | Metadata |
---|
Utility for hackers
Name | Description | Popularity | Language | Metadata |
---|---|---|---|---|
ftc | simple copy to file to clipboard | |||
gf | A wrapper around grep, to help you grep for things | |||
gron | Make JSON greppable! |
Contribute and Contributor
Usage of weapon-md
./weapon-md
Usage of ./weapon-md:
-isFirst
if you add new type, it use
-url string
github / gitlab / bitbucket url
Three Procedures for the Contribute
- First, generate markdown code using
weapon-md
$ ./weapon-md -url https://github.com/hahwul/xspear
| [xspear](https://github.com/hahwul/xspear) | Powerfull XSS Scanning and Parameter analysis tool&gem | ![](https://img.shields.io/github/stars/hahwul/xspear) | ![](https://img.shields.io/github/languages/top/hahwul/xspear) | ![](https://img.shields.io/github/repo-size/hahwul/xspear)<br>![](https://img.shields.io/github/license/hahwul/xspear) <br> ![](https://img.shields.io/github/forks/hahwul/xspear) <br> ![](https://img.shields.io/github/watchers/hahwul/xspear) |
- Second, Give me PR or Add issue with output code
- Third, There's no third.