Web Hacker's Weapons / A collection of cool tools used by Web hackers. Happy hacking , Happy bug-hunting
Web Hacker's Weapons
A collection of cool tools used by Web hackers. Happy hacking , Happy bug-hunting
Category
Weapons
Subdomain Enumeration
| Name |
Description |
Popularity |
Language |
Metadata |
| findomain |
The fastest and cross-platform subdomain enumerator, do not waste your time. |
 |
 |
 |
| subfinder |
Subfinder is a subdomain discovery tool that discovers valid subdomains for websites. Designed as a passive framework to be useful for bug bounties and safe for penetration testing. |
 |
 |
 |
| Amass |
In-depth Attack Surface Mapping and Asset Discovery |
 |
 |
 |
| Sublist3r |
Fast subdomains enumeration tool for penetration testers |
 |
 |
 |
| assetfinder |
Find domains and subdomains related to a given domain |
 |
 |
 |
Fetch path and host
| Name |
Description |
Popularity |
Language |
Metadata |
| meg |
Fetch many paths for many hosts - without killing the hosts |
 |
 |
 |
| httprobe |
Take a list of domains and probe for working HTTP and HTTPS servers |
 |
 |
 |
Port scanner
| Name |
Description |
Popularity |
Language |
Metadata |
| nmap |
Nmap - the Network Mapper. Github mirror of official SVN repository. |
 |
 |
 |
| naabu |
A fast port scanner written in go with focus on reliability and simplicity. Designed to be used in combination with other tools for attack surface discovery in bug bounties and pentests |
 |
 |
 |
| masscan |
TCP port scanner, spews SYN packets asynchronously, scanning entire Internet in under 5 minutes. |
 |
 |
 |
Web Discovery
| Name |
Description |
Popularity |
Language |
Metadata |
| gospider |
Gospider - Fast web spider written in Go |
 |
 |
 |
| gobuster |
Directory/File, DNS and VHost busting tool written in Go |
 |
 |
 |
| LinkFinder |
A python script that finds endpoints in JavaScript files |
 |
 |
 |
| wfuzz |
Web application fuzzer |
 |
 |
 |
Web Vulnerability Scanner
| Name |
Description |
Popularity |
Language |
Metadata |
| jaeles |
The Swiss Army knife for automated Web Application Testing |
 |
 |
 |
| wpscan |
WPScan is a free, for non-commercial use, black box WordPress Vulnerability Scanner written for security professionals and blog maintainers to test the security of their WordPress websites. |
 |
 |
 |
| Wordpresscan |
WPScan rewritten in Python + some WPSeku ideas |
 |
 |
 |
| arachni |
Web Application Security Scanner Framework |
 |
 |
 |
| testssl.sh |
Testing TLS/SSL encryption anywhere on any port |
 |
 |
 |
| a2sv |
Auto Scanning to SSL Vulnerability |
 |
 |
 |
XSS
| Name |
Description |
Popularity |
Language |
Metadata |
| XSStrike |
Most advanced XSS scanner. |
 |
 |
 |
| XSpear |
Powerfull XSS Scanning and Parameter analysis tool&gem |
 |
 |
 |
| XSSCon |
XSSCon |
 |
 |
 |
CSRF
Path traversal / Directory traversal / LFI
Command Injection
SQL Injection
NoSQL Injection
SSRF
CORS Misconfiguration
WebSocket
Cloud Security
Utility for hackers
Online tools
Contribute and Contributor
Usage of weapon-md
./weapon-md
Usage of ./weapon-md:
-isFirst
if you add new type, it use
-url string
github / gitlab / bitbucket url
Three Procedures for the Contribute
- First, generate markdown code using
weapon-md
$ ./weapon-md -url https://github.com/hahwul/xspear
| [xspear](https://github.com/hahwul/xspear) | Powerfull XSS Scanning and Parameter analysis tool&gem |  |  | <br> <br>  <br>  |
- Second, Give me PR or Add issue with output code
- Third, There's no third.
