Web Hacker's Weapons / A collection of cool tools used by Web hackers. Happy hacking , Happy bug-hunting
Go to file
2020-04-07 02:26:09 +09:00
.github Create FUNDING.yml 2020-04-05 00:08:50 +09:00
template Update foot.md 2020-04-07 02:26:09 +09:00
add-tool fix bug 2020-04-07 01:09:17 +09:00
add-tool.go fix bug 2020-04-07 01:09:17 +09:00
data.json Update data.json 2020-04-07 02:20:13 +09:00
distribute-readme update 2020-04-07 02:21:40 +09:00
distribute-readme.go Update distribute-readme.go 2020-04-07 02:20:38 +09:00
LICENSE Initial commit 2020-04-04 23:54:05 +09:00
README.md Update README.md 2020-04-07 02:19:43 +09:00
tool-template.md Update tool-template.md 2020-04-06 03:10:26 +09:00
type.lst Create type.lst 2020-04-06 03:18:18 +09:00



Web Hacker's Weapons

A collection of cool tools used by Web hackers. Happy hacking , Happy bug-hunting

Category

Weapons

Fetch path and host

Name Description Popularity Language Metadata
httprobe Take a list of domains and probe for working HTTP and HTTPS servers


meg Fetch many paths for many hosts - without killing the hosts


Web Discovery

Name Description Popularity Language Metadata
Arjun HTTP parameter discovery suite.


Photon Incredibly fast crawler designed for OSINT.


ReconDog Reconnaissance Swiss Army Knife


dnsprobe DNSProb (beta) is a tool built on top of retryabledns that allows you to perform multiple dns queries of your choice with a list of user supplied resolvers.


gospider Gospider - Fast web spider written in Go


shuffledns shuffleDNS is a wrapper around massdns written in go that allows you to enumerate valid subdomains using active bruteforce as well as resolve subdomains with wildcard handling and easy input-output support.


waybackurls Fetch all the URLs that the Wayback Machine knows about for a domain


XSS

Name Description Popularity Language Metadata
XSStrike Most advanced XSS scanner.


Xspear Powerfull XSS Scanning and Parameter analysis tool&gem


SQL Injection

Name Description Popularity Language Metadata
sqlmap Automatic SQL injection and database takeover tool


sqlninja SQL Injection Tool


NoSQL Injection

Name Description Popularity Language Metadata
NoSQLMap Automated NoSQL database enumeration and web application exploitation tool.


CORS Misconfiguration

Name Description Popularity Language Metadata
Corsy CORS Misconfiguration Scanner


Cloud Security

Name Description Popularity Language Metadata
s3reverse The format of various s3 buckets is convert in one format. for bugbounty and security testing.


Main Weapon

Name Description Popularity Language Metadata

Subdomain Enumeration

Name Description Popularity Language Metadata
Amass In-depth Attack Surface Mapping and Asset Discovery


assetfinder Find domains and subdomains related to a given domain


findomain The fastest and cross-platform subdomain enumerator, do not waste your time.


subfinder Subfinder is a subdomain discovery tool that discovers valid subdomains for websites. Designed as a passive framework to be useful for bug bounties and safe for penetration testing.


Port scanner

Name Description Popularity Language Metadata
masscan TCP port scanner, spews SYN packets asynchronously, scanning entire Internet in under 5 minutes.


naabu A fast port scanner written in go with focus on reliability and simplicity. Designed to be used in combination with other tools for attack surface discovery in bug bounties and pentests


nmap Nmap - the Network Mapper. Github mirror of official SVN repository.


Web Vulnerability Scanner

Name Description Popularity Language Metadata
Silver Mass scan IPs for vulnerable services


Striker Striker is an offensive information and vulnerability scanner.


a2sv Auto Scanning to SSL Vulnerability


CSRF

Name Description Popularity Language Metadata

WebSocket

Name Description Popularity Language Metadata
websocket-connection-smuggler websocket-connection-smuggler


Path traversal / Directory traversal / LFI

Name Description Popularity Language Metadata

Command Injection

Name Description Popularity Language Metadata

SSRF

Name Description Popularity Language Metadata

Utility for hackers

Name Description Popularity Language Metadata
ftc simple copy to file to clipboard


gf A wrapper around grep, to help you grep for things


gron Make JSON greppable!


Contribute and Contributor

Usage of weapon-md

./weapon-md
Usage of ./weapon-md:
  -isFirst
    	if you add new type, it use
  -url string
    	github / gitlab / bitbucket url

Three Procedures for the Contribute

  • First, generate markdown code using weapon-md
$ ./weapon-md -url https://github.com/hahwul/xspear
| [xspear](https://github.com/hahwul/xspear) | Powerfull XSS Scanning and Parameter analysis tool&gem | ![](https://img.shields.io/github/stars/hahwul/xspear) | ![](https://img.shields.io/github/languages/top/hahwul/xspear) | ![](https://img.shields.io/github/repo-size/hahwul/xspear)<br>![](https://img.shields.io/github/license/hahwul/xspear) <br> ![](https://img.shields.io/github/forks/hahwul/xspear) <br> ![](https://img.shields.io/github/watchers/hahwul/xspear) |
  • Second, Give me PR or Add issue with output code
  • Third, There's no third.