Web Hacker's Weapons / A collection of cool tools used by Web hackers. Happy hacking , Happy bug-hunting
Go to file
2020-04-08 00:59:41 +09:00
.github Create FUNDING.yml 2020-04-05 00:08:50 +09:00
template Update foot.md 2020-04-08 00:48:59 +09:00
add-tool fix bug 2020-04-07 01:09:17 +09:00
add-tool.go Update add-tool.go 2020-04-08 00:29:23 +09:00
data.json Update data.json 2020-04-08 00:55:32 +09:00
distribute-readme update 2020-04-07 02:21:40 +09:00
distribute-readme.go Update distribute-readme.go 2020-04-08 00:37:29 +09:00
LICENSE Initial commit 2020-04-04 23:54:05 +09:00
README.md Update README.md 2020-04-08 00:59:41 +09:00
tool-template.md Update tool-template.md 2020-04-07 23:59:25 +09:00
type.lst Update type.lst 2020-04-08 00:02:51 +09:00



Web Hacker's Weapons

A collection of cool tools used by Web hackers. Happy hacking , Happy bug-hunting

Weapons

Type Name Description Popularity Language
Army-Knife/BURP BurpSuite It's Awesome it's not github🐶
Army-Knife/ZAP zaproxy The OWASP ZAP core project
Discovery/CRAWL Photon Incredibly fast crawler designed for OSINT.
Discovery/CRAWL gospider Gospider - Fast web spider written in Go
Discovery/DNS dnsprobe DNSProb (beta) is a tool built on top of retryabledns that allows you to perform multiple dns queries of your choice with a list of user supplied resolvers.
Discovery/DNS shuffledns shuffleDNS is a wrapper around massdns written in go that allows you to enumerate valid subdomains using active bruteforce as well as resolve subdomains with wildcard handling and easy input-output support.
Discovery/DOMAIN Amass In-depth Attack Surface Mapping and Asset Discovery
Discovery/DOMAIN assetfinder Find domains and subdomains related to a given domain
Discovery/DOMAIN findomain The fastest and cross-platform subdomain enumerator, do not waste your time.
Discovery/DOMAIN subfinder Subfinder is a subdomain discovery tool that discovers valid subdomains for websites. Designed as a passive framework to be useful for bug bounties and safe for penetration testing.
Discovery/HTTP Arjun HTTP parameter discovery suite.
Discovery/PORT masscan TCP port scanner, spews SYN packets asynchronously, scanning entire Internet in under 5 minutes.
Discovery/PORT naabu A fast port scanner written in go with focus on reliability and simplicity. Designed to be used in combination with other tools for attack surface discovery in bug bounties and pentests
Discovery/PORT nmap Nmap - the Network Mapper. Github mirror of official SVN repository.
Discovery/URL waybackurls Fetch all the URLs that the Wayback Machine knows about for a domain
Discovery/VULN Silver Mass scan IPs for vulnerable services
Fetch/TOM httprobe Take a list of domains and probe for working HTTP and HTTPS servers
Fetch/TOM meg Fetch many paths for many hosts - without killing the hosts
Fetch/WSOCK websocket-connection-smuggler websocket-connection-smuggler
Scanner/CORS Corsy CORS Misconfiguration Scanner
Scanner/NOSQL NoSQLMap Automated NoSQL database enumeration and web application exploitation tool.
Scanner/SQL sqlmap Automatic SQL injection and database takeover tool
Scanner/SQL sqlninja SQL Injection Tool
Scanner/SSL a2sv Auto Scanning to SSL Vulnerability
Scanner/WVS Striker Striker is an offensive information and vulnerability scanner.
Scanner/XSS XSStrike Most advanced XSS scanner.
Scanner/XSS xspear Powerfull XSS Scanning and Parameter analysis tool&gem
Utility/CLIP ftc simple copy to file to clipboard
Utility/GREP gf A wrapper around grep, to help you grep for things
Utility/JSON gron Make JSON greppable!
Utility/S3 s3reverse The format of various s3 buckets is convert in one format. for bugbounty and security testing.

Contribute and Contributor

Usage of add-tool

./add-tool
Usage of ./add-tool:
  -isFirst
    	if you add new type, it use
  -url string
    	any url

Three Procedures for the Contribute

  • First, your tool append data.json using `add-tool
$ ./add-tool -url https://github.com/sqlmapproject/sqlmap
Successfully Opened type.lst
[0] Army-Knife
[1] Discovery
[2] Fetch
[3] Scanner
[4] Utility
[+] What is type?
3
Scanner
[+] What is method(e.g XSS, WVS, SSL, ETC..)?
SQL
Successfully Opened data.json

  • Second, Give me PR or Add issue with data.json
  • Third, There's no third.

Distribute

$ ./distribute-readme
=> show new README file