Web Hacker's Weapons / A collection of cool tools used by Web hackers. Happy hacking , Happy bug-hunting
Web Hacker's Weapons
A collection of cool tools used by Web hackers. Happy hacking , Happy bug-hunting
Category
Weapons
Subdomain Enumeration
Name |
Description |
Popularity |
Language |
Metadata |
findomain |
The fastest and cross-platform subdomain enumerator, do not waste your time. |
![](https://img.shields.io/github/stars/Edu4rdSHL/findomain) |
![](https://img.shields.io/github/languages/top/Edu4rdSHL/findomain) |
![](https://img.shields.io/github/repo-size/Edu4rdSHL/findomain)
![](https://img.shields.io/github/watchers/Edu4rdSHL/findomain) |
subfinder |
Subfinder is a subdomain discovery tool that discovers valid subdomains for websites. Designed as a passive framework to be useful for bug bounties and safe for penetration testing. |
![](https://img.shields.io/github/stars/projectdiscovery/subfinder) |
![](https://img.shields.io/github/languages/top/projectdiscovery/subfinder) |
![](https://img.shields.io/github/repo-size/projectdiscovery/subfinder)
![](https://img.shields.io/github/watchers/projectdiscovery/subfinder) |
Amass |
In-depth Attack Surface Mapping and Asset Discovery |
![](https://img.shields.io/github/stars/OWASP/Amass) |
![](https://img.shields.io/github/languages/top/OWASP/Amass) |
![](https://img.shields.io/github/repo-size/OWASP/Amass)
![](https://img.shields.io/github/watchers/OWASP/Amass) |
Sublist3r |
Fast subdomains enumeration tool for penetration testers |
![](https://img.shields.io/github/stars/aboul3la/Sublist3r) |
![](https://img.shields.io/github/languages/top/aboul3la/Sublist3r) |
![](https://img.shields.io/github/repo-size/aboul3la/Sublist3r)
![](https://img.shields.io/github/watchers/aboul3la/Sublist3r) |
assetfinder |
Find domains and subdomains related to a given domain |
![](https://img.shields.io/github/stars/tomnomnom/assetfinder) |
![](https://img.shields.io/github/languages/top/tomnomnom/assetfinder) |
![](https://img.shields.io/github/repo-size/tomnomnom/assetfinder)
![](https://img.shields.io/github/watchers/tomnomnom/assetfinder) |
Fetch path and host
Name |
Description |
Popularity |
Language |
Metadata |
meg |
Fetch many paths for many hosts - without killing the hosts |
![](https://img.shields.io/github/stars/tomnomnom/meg) |
![](https://img.shields.io/github/languages/top/tomnomnom/meg) |
![](https://img.shields.io/github/repo-size/tomnomnom/meg)
![](https://img.shields.io/github/watchers/tomnomnom/meg) |
httprobe |
Take a list of domains and probe for working HTTP and HTTPS servers |
![](https://img.shields.io/github/stars/tomnomnom/httprobe) |
![](https://img.shields.io/github/languages/top/tomnomnom/httprobe) |
![](https://img.shields.io/github/repo-size/tomnomnom/httprobe)
![](https://img.shields.io/github/watchers/tomnomnom/httprobe) |
Port scanner
Name |
Description |
Popularity |
Language |
Metadata |
nmap |
Nmap - the Network Mapper. Github mirror of official SVN repository. |
![](https://img.shields.io/github/stars/nmap/nmap) |
![](https://img.shields.io/github/languages/top/nmap/nmap) |
![](https://img.shields.io/github/repo-size/nmap/nmap)
![](https://img.shields.io/github/watchers/nmap/nmap) |
naabu |
A fast port scanner written in go with focus on reliability and simplicity. Designed to be used in combination with other tools for attack surface discovery in bug bounties and pentests |
![](https://img.shields.io/github/stars/projectdiscovery/naabu) |
![](https://img.shields.io/github/languages/top/projectdiscovery/naabu) |
![](https://img.shields.io/github/repo-size/projectdiscovery/naabu)
![](https://img.shields.io/github/watchers/projectdiscovery/naabu) |
masscan |
TCP port scanner, spews SYN packets asynchronously, scanning entire Internet in under 5 minutes. |
![](https://img.shields.io/github/stars/robertdavidgraham/masscan) |
![](https://img.shields.io/github/languages/top/robertdavidgraham/masscan) |
![](https://img.shields.io/github/repo-size/robertdavidgraham/masscan)
![](https://img.shields.io/github/watchers/robertdavidgraham/masscan) |
Web Discovery
Name |
Description |
Popularity |
Language |
Metadata |
gospider |
Gospider - Fast web spider written in Go |
![](https://img.shields.io/github/stars/jaeles-project/gospider) |
![](https://img.shields.io/github/languages/top/jaeles-project/gospider) |
![](https://img.shields.io/github/repo-size/jaeles-project/gospider)
![](https://img.shields.io/github/watchers/jaeles-project/gospider) |
gobuster |
Directory/File, DNS and VHost busting tool written in Go |
![](https://img.shields.io/github/stars/OJ/gobuster) |
![](https://img.shields.io/github/languages/top/OJ/gobuster) |
![](https://img.shields.io/github/repo-size/OJ/gobuster)
![](https://img.shields.io/github/watchers/OJ/gobuster) |
LinkFinder |
A python script that finds endpoints in JavaScript files |
![](https://img.shields.io/github/stars/GerbenJavado/LinkFinder) |
![](https://img.shields.io/github/languages/top/GerbenJavado/LinkFinder) |
![](https://img.shields.io/github/repo-size/GerbenJavado/LinkFinder)
![](https://img.shields.io/github/watchers/GerbenJavado/LinkFinder) |
wfuzz |
Web application fuzzer |
![](https://img.shields.io/github/stars/xmendez/wfuzz) |
![](https://img.shields.io/github/languages/top/xmendez/wfuzz) |
![](https://img.shields.io/github/repo-size/xmendez/wfuzz)
![](https://img.shields.io/github/watchers/xmendez/wfuzz) |
Web Vulnerability Scanner
Name |
Description |
Popularity |
Language |
Metadata |
jaeles |
The Swiss Army knife for automated Web Application Testing |
![](https://img.shields.io/github/stars/jaeles-project/jaeles) |
![](https://img.shields.io/github/languages/top/jaeles-project/jaeles) |
![](https://img.shields.io/github/repo-size/jaeles-project/jaeles)
![](https://img.shields.io/github/watchers/jaeles-project/jaeles) |
wpscan |
WPScan is a free, for non-commercial use, black box WordPress Vulnerability Scanner written for security professionals and blog maintainers to test the security of their WordPress websites. |
![](https://img.shields.io/github/stars/wpscanteam/wpscan) |
![](https://img.shields.io/github/languages/top/wpscanteam/wpscan) |
![](https://img.shields.io/github/repo-size/wpscanteam/wpscan)
![](https://img.shields.io/github/watchers/wpscanteam/wpscan) |
Wordpresscan |
WPScan rewritten in Python + some WPSeku ideas |
![](https://img.shields.io/github/stars/swisskyrepo/Wordpresscan) |
![](https://img.shields.io/github/languages/top/swisskyrepo/Wordpresscan) |
![](https://img.shields.io/github/repo-size/swisskyrepo/Wordpresscan)
![](https://img.shields.io/github/watchers/swisskyrepo/Wordpresscan) |
arachni |
Web Application Security Scanner Framework |
![](https://img.shields.io/github/stars/Arachni/arachni) |
![](https://img.shields.io/github/languages/top/Arachni/arachni) |
![](https://img.shields.io/github/repo-size/Arachni/arachni)
![](https://img.shields.io/github/watchers/Arachni/arachni) |
testssl.sh |
Testing TLS/SSL encryption anywhere on any port |
![](https://img.shields.io/github/stars/drwetter/testssl.sh) |
![](https://img.shields.io/github/languages/top/drwetter/testssl.sh) |
![](https://img.shields.io/github/repo-size/drwetter/testssl.sh)
![](https://img.shields.io/github/watchers/drwetter/testssl.sh) |
a2sv |
Auto Scanning to SSL Vulnerability |
![](https://img.shields.io/github/stars/hahwul/a2sv) |
![](https://img.shields.io/github/languages/top/hahwul/a2sv) |
![](https://img.shields.io/github/repo-size/hahwul/a2sv)
![](https://img.shields.io/github/watchers/hahwul/a2sv) |
XSS
Name |
Description |
Popularity |
Language |
Metadata |
XSStrike |
Most advanced XSS scanner. |
![](https://img.shields.io/github/stars/s0md3v/XSStrike) |
![](https://img.shields.io/github/languages/top/s0md3v/XSStrike) |
![](https://img.shields.io/github/repo-size/s0md3v/XSStrike)
![](https://img.shields.io/github/watchers/s0md3v/XSStrike) |
XSpear |
Powerfull XSS Scanning and Parameter analysis tool&gem |
![](https://img.shields.io/github/stars/hahwul/XSpear) |
![](https://img.shields.io/github/languages/top/hahwul/XSpear) |
![](https://img.shields.io/github/repo-size/hahwul/XSpear)
![](https://img.shields.io/github/watchers/hahwul/XSpear) |
XSSCon |
XSSCon |
![](https://img.shields.io/github/stars/menkrep1337/XSSCon) |
![](https://img.shields.io/github/languages/top/menkrep1337/XSSCon) |
![](https://img.shields.io/github/repo-size/menkrep1337/XSSCon)
![](https://img.shields.io/github/watchers/menkrep1337/XSSCon) |
CSRF
Path traversal / Directory traversal / LFI
Command Injection
SQL Injection
NoSQL Injection
SSRF
CORS Misconfiguration
WebSocket
Cloud Security
Utility for hackers
Online tools
Contribute and Contributor
Usage of weapon-md
./weapon-md
Usage of ./weapon-md:
-isFirst
if you add new type, it use
-url string
github / gitlab / bitbucket url
Three Procedures for the Contribute
- First, generate markdown code using
weapon-md
$ ./weapon-md -url https://github.com/hahwul/xspear
| [xspear](https://github.com/hahwul/xspear) | Powerfull XSS Scanning and Parameter analysis tool&gem | ![](https://img.shields.io/github/stars/hahwul/xspear) | ![](https://img.shields.io/github/languages/top/hahwul/xspear) | ![](https://img.shields.io/github/repo-size/hahwul/xspear)<br>![](https://img.shields.io/github/license/hahwul/xspear) <br> ![](https://img.shields.io/github/forks/hahwul/xspear) <br> ![](https://img.shields.io/github/watchers/hahwul/xspear) |
- Second, Give me PR or Add issue with output code
- Third, There's no third.