mirror of
https://github.com/hahwul/WebHackersWeapons.git
synced 2024-10-01 01:25:58 -04:00
Web Hacker's Weapons / A collection of cool tools used by Web hackers. Happy hacking , Happy bug-hunting
| .github | ||
| Burp and ZAP Extensions | ||
| template | ||
| add-tool | ||
| add-tool.go | ||
| data.json | ||
| distribute-readme | ||
| distribute-readme.go | ||
| LICENSE | ||
| README.md | ||
| tool-template.md | ||
| type.lst | ||
Web Hacker's Weapons
A collection of cool tools used by Web hackers. Happy hacking , Happy bug-hunting
Table of Contents
Weapons
| Type | Name | Description | Popularity | Language |
|---|---|---|---|---|
| Army-Knife/BURP | BurpSuite | It's Awesome | it's not | github🐶 |
| Army-Knife/ZAP | zaproxy | The OWASP ZAP core project |  |
 |
| Discovery/CRAWL | Photon | Incredibly fast crawler designed for OSINT. |  |
 |
| Discovery/CRAWL | gospider | Gospider - Fast web spider written in Go |  |
 |
| Discovery/DNS | DNSDumpster | Online dns recon & research, find & lookup dns records | it's not | github🐶 |
| Discovery/DNS | SecurityTrails | Online dns / subdomain / recon tool | it's not | github🐶 |
| Discovery/DNS | dnsprobe | DNSProb (beta) is a tool built on top of retryabledns that allows you to perform multiple dns queries of your choice with a list of user supplied resolvers. |  |
 |
| Discovery/DNS | shuffledns | shuffleDNS is a wrapper around massdns written in go that allows you to enumerate valid subdomains using active bruteforce as well as resolve subdomains with wildcard handling and easy input-output support. |  |
 |
| Discovery/DOMAIN | Amass | In-depth Attack Surface Mapping and Asset Discovery |  |
 |
| Discovery/DOMAIN | Sublist3r | Fast subdomains enumeration tool for penetration testers |  |
 |
| Discovery/DOMAIN | assetfinder | Find domains and subdomains related to a given domain |  |
 |
| Discovery/DOMAIN | findomain | The fastest and cross-platform subdomain enumerator, do not waste your time. |  |
 |
| Discovery/DOMAIN | knock | Knock Subdomain Scan |  |
 |
| Discovery/DOMAIN | subfinder | Subfinder is a subdomain discovery tool that discovers valid subdomains for websites. Designed as a passive framework to be useful for bug bounties and safe for penetration testing. |  |
 |
| Discovery/FUZZ | dirsearch | Web path scanner |  |
 |
| Discovery/FUZZ | gobuster | Directory/File, DNS and VHost busting tool written in Go |  |
 |
| Discovery/GIT | GitMiner | Tool for advanced mining for content on Github |  |
 |
| Discovery/GIT | gitGraber | gitGraber |  |
 |
| Discovery/GIT | gitrob | Reconnaissance tool for GitHub organizations |  |
 |
| Discovery/HTTP | Arjun | HTTP parameter discovery suite. |  |
 |
| Discovery/PORT | Shodan | World's first search engine for Internet-connected devices | it's not | github🐶 |
| Discovery/PORT | masscan | TCP port scanner, spews SYN packets asynchronously, scanning entire Internet in under 5 minutes. |  |
 |
| Discovery/PORT | naabu | A fast port scanner written in go with focus on reliability and simplicity. Designed to be used in combination with other tools for attack surface discovery in bug bounties and pentests |  |
 |
| Discovery/PORT | nmap | Nmap - the Network Mapper. Github mirror of official SVN repository. |  |
 |
| Discovery/TKOV | subjack | Subdomain Takeover tool written in Go |  |
 |
| Discovery/URL | waybackurls | Fetch all the URLs that the Wayback Machine knows about for a domain |  |
 |
| Discovery/VULN | Silver | Mass scan IPs for vulnerable services |  |
 |
| Fetch/TOM | httprobe | Take a list of domains and probe for working HTTP and HTTPS servers |  |
 |
| Fetch/TOM | meg | Fetch many paths for many hosts - without killing the hosts |  |
 |
| Fetch/WSOCK | websocket-connection-smuggler | websocket-connection-smuggler |  |
 |
| Scanner/CORS | Corsy | CORS Misconfiguration Scanner |  |
 |
| Scanner/FUZZ | Medusa | Automatic Video Library Manager for TV Shows. It watches for new episodes of your favorite shows, and when they are posted it does its magic. |  |
 |
| Scanner/FUZZ | ffuf | Fast web fuzzer written in Go |  |
 |
| Scanner/FUZZ | thc-hydra | hydra |  |
 |
| Scanner/FUZZ | wfuzz | Web application fuzzer |  |
 |
| Scanner/LFI | LFISuite | Totally Automatic LFI Exploiter (+ Reverse Shell) and Scanner |  |
 |
| Scanner/LFI | dotdotpwn | DotDotPwn - The Directory Traversal Fuzzer |  |
 |
| Scanner/NOSQL | NoSQLMap | Automated NoSQL database enumeration and web application exploitation tool. |  |
 |
| Scanner/S3 | S3Scanner | Scan for open AWS S3 buckets and dump the contents |  |
 |
| Scanner/SQL | SQLNinja | SQL Injection scanner | it's not | github🐶 |
| Scanner/SQL | sqlmap | Automatic SQL injection and database takeover tool |  |
 |
| Scanner/SSL | a2sv | Auto Scanning to SSL Vulnerability |  |
 |
| Scanner/SSL | testssl.sh | Testing TLS/SSL encryption anywhere on any port |  |
 |
| Scanner/WP | wpscan | WPScan is a free, for non-commercial use, black box WordPress Vulnerability Scanner written for security professionals and blog maintainers to test the security of their WordPress websites. |  |
 |
| Scanner/WVS | Striker | Striker is an offensive information and vulnerability scanner. |  |
 |
| Scanner/WVS | arachni | Web Application Security Scanner Framework |  |
 |
| Scanner/WVS | nikto | Nikto web server scanner |  |
 |
| Scanner/WVS | zap-cli | A simple tool for interacting with OWASP ZAP from the commandline. |  |
 |
| Scanner/XSS | XSStrike | Most advanced XSS scanner. |  |
 |
| Scanner/XSS | XSpear | Powerfull XSS Scanning and Parameter analysis tool&gem |  |
 |
| Utility/CLIP | ftc | simple copy to file to clipboard |  |
 |
| Utility/CSP | CSP Evaluator | Online CSP Evaluator from google | it's not | github🐶 |
| Utility/ETC | Phoenix | hahwul's online tools | it's not | github🐶 |
| Utility/FIND | fzf | A command-line fuzzy finder |  |
 |
| Utility/FLOW | SequenceDiagram | Online tool for creating UML sequence diagrams | it's not | github🐶 |
| Utility/GREP | gf | A wrapper around grep, to help you grep for things |  |
 |
| Utility/JSON | gron | Make JSON greppable! |  |
 |
| Utility/S3 | s3reverse | The format of various s3 buckets is convert in one format. for bugbounty and security testing. |  |
 |
| Utility/VULN | oxml_xxe | A tool for embedding XXE/XML exploits into different filetypes |  |
 |
| Utility/VULN | ysoserial | A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization. |  |
 |
| Utility/WORD | SecLists | SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more. |  |
 |
Contribute and Contributor
Usage of add-tool
./add-tool
Usage of ./add-tool:
-isFirst
if you add new type, it use
-url string
any url
Three Procedures for the Contribute
- First, your tool append
data.jsonusing `add-tool
$ ./add-tool -url https://github.com/sqlmapproject/sqlmap
Successfully Opened type.lst
[0] Army-Knife
[1] Discovery
[2] Fetch
[3] Scanner
[4] Utility
[+] What is type?
3
Scanner
[+] What is method(e.g XSS, WVS, SSL, ETC..)?
SQL
Successfully Opened data.json
- Second, Give me PR or Add issue with data.json
- Third, There's no third.
Distribute
$ ./distribute-readme
=> show new README file