diff --git a/README.md b/README.md index 3f18373..a5f9bc9 100644 --- a/README.md +++ b/README.md @@ -54,6 +54,7 @@ Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕). Plea * [Network device discovery tools](#network-device-discovery-tools) * [OSINT Online Resources](#osint-online-resources) * [Source code repository searching tools](#source-code-repository-searching-tools) + * [Web application and resource analysis tools](#web-application-and-resource-analysis-tools) * [Online Resources](#online-resources) * [Online Code Samples and Examples](#online-code-samples-and-examples) * [Online Exploit Development Resources](#online-exploit-development-resources) @@ -81,6 +82,8 @@ Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕). Plea * [Steganography Tools](#steganography-tools) * [Vulnerability Databases](#vulnerability-databases) * [Web Exploitation](#web-exploitation) + * [Web shells and C2 frameworks](#web-shells-and-c2-frameworks) + * [Web-accessible source code ripping tools](#web-accessible-source-code-ripping-tools) * [Web Exploitation Books](#web-exploitation-books) * [Windows Utilities](#windows-utilities) @@ -590,9 +593,21 @@ See also [awesome-osint](https://github.com/jivoi/awesome-osint). ### Source code repository searching tools +See also *[Web-accessible source code ripping tools](#web-accessible-source-code-ripping-tools)*. + * [vcsmap](https://github.com/melvinsh/vcsmap) - Plugin-based tool to scan public version control systems for sensitive information. * [Yar](https://github.com/Furduhlutur/yar) - Clone git repositories to search through the whole commit history in order of commit time for secrets, tokens, or passwords. +### Web application and resource analysis tools + +* [BlindElephant](http://blindelephant.sourceforge.net/) - Web application fingerprinter. +* [EyeWitness](https://github.com/ChrisTruncer/EyeWitness) - Tool to take screenshots of websites, provide some server header info, and identify default credentials if possible. +* [VHostScan](https://github.com/codingo/VHostScan) - Virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, aliases and dynamic default pages. +* [Wappalyzer](https://www.wappalyzer.com/) - Wappalyzer uncovers the technologies used on websites. +* [WhatWeb](https://github.com/urbanadventurer/WhatWeb) - Website fingerprinter. +* [wafw00f](https://github.com/EnableSecurity/wafw00f) - Identifies and fingerprints Web Application Firewall (WAF) products. +* [webscreenshot](https://github.com/maaaaz/webscreenshot) - Simple script to take screenshots of websites from a list of sites. + ## Operating System Distributions * [Android Tamer](https://androidtamer.com/) - Distribution built for Android security professionals that includes tools required for Android security testing. @@ -770,15 +785,10 @@ See also [awesome-social-engineering](https://github.com/v2-dev/awesome-social-e ## Web Exploitation -* [BlindElephant](http://blindelephant.sourceforge.net/) - Web application fingerprinter. -* [Browser Exploitation Framework (BeEF)](https://github.com/beefproject/beef) - Command and control server for delivering exploits to commandeered Web browsers. * [Burp Suite](https://portswigger.net/burp/) - Integrated platform for performing security testing of web applications. * [Commix](https://github.com/commixproject/commix) - Automated all-in-one operating system command injection and exploitation tool. -* [DVCS Ripper](https://github.com/kost/dvcs-ripper) - Rip web accessible (distributed) version control systems: SVN/GIT/HG/BZR. -* [EyeWitness](https://github.com/ChrisTruncer/EyeWitness) - Tool to take screenshots of websites, provide some server header info, and identify default credentials if possible. * [Fiddler](https://www.telerik.com/fiddler) - Free cross-platform web debugging proxy with user-friendly companion tools. * [FuzzDB](https://github.com/fuzzdb-project/fuzzdb) - Dictionary of attack patterns and primitives for black-box application fault injection and resource discovery. -* [GitTools](https://github.com/internetwache/GitTools) - Automatically find and download Web-accessible `.git` repositories. * [Kadimus](https://github.com/P0cL4bs/Kadimus) - LFI scan and exploit tool. * [LFISuite](https://github.com/D35m0nd142/LFISuite) - Automatic LFI scanner and exploiter. * [NoSQLmap](https://github.com/codingo/NoSQLMap) - Automatic NoSQL injection and database takeover tool. @@ -786,11 +796,8 @@ See also [awesome-social-engineering](https://github.com/v2-dev/awesome-social-e * [Offensive Web Testing Framework (OWTF)](https://www.owasp.org/index.php/OWASP_OWTF) - Python-based framework for pentesting Web applications based on the OWASP Testing Guide. * [Raccoon](https://github.com/evyatarmeged/Raccoon) - High performance offensive security tool for reconnaissance and vulnerability scanning. * [SQLmap](http://sqlmap.org/) - Automatic SQL injection and database takeover tool. -* [VHostScan](https://github.com/codingo/VHostScan) - Virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, aliases and dynamic default pages. * [WPSploit](https://github.com/espreto/wpsploit) - Exploit WordPress-powered websites with Metasploit. -* [Wappalyzer](https://www.wappalyzer.com/) - Wappalyzer uncovers the technologies used on websites. * [WhatWaf](https://github.com/Ekultek/WhatWaf) - Detect and bypass web application firewalls and protection systems. -* [WhatWeb](https://github.com/urbanadventurer/WhatWeb) - Website fingerprinter. * [autochrome](https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2017/march/autochrome/) - Easy to install a test browser with all the appropriate setting needed for web application testing with native Burp support, from NCCGroup. * [badtouch](https://github.com/kpcyrd/badtouch) - Scriptable network authentication cracker. * [fimap](https://github.com/kurobeats/fimap) - Find, prepare, audit, exploit and even Google automatically for LFI/RFI bugs. @@ -799,10 +806,20 @@ See also [awesome-social-engineering](https://github.com/v2-dev/awesome-social-e * [sslstrip2](https://github.com/LeonardoNve/sslstrip2) - SSLStrip version to defeat HSTS. * [sslstrip](https://www.thoughtcrime.org/software/sslstrip/) - Demonstration of the HTTPS stripping attacks. * [tplmap](https://github.com/epinna/tplmap) - Automatic server-side template injection and Web server takeover tool. -* [wafw00f](https://github.com/EnableSecurity/wafw00f) - Identifies and fingerprints Web Application Firewall (WAF) products. -* [webscreenshot](https://github.com/maaaaz/webscreenshot) - Simple script to take screenshots of websites from a list of sites. -* [weevely3](https://github.com/epinna/weevely3) - Weaponized PHP-based web shell. + +### Web shells and C2 frameworks + +* [Browser Exploitation Framework (BeEF)](https://github.com/beefproject/beef) - Command and control server for delivering exploits to commandeered Web browsers. +* [DAws](https://github.com/dotcppfile/DAws) - Advanced Web shell. +* [SharPyShell](https://github.com/antonioCoco/SharPyShell) - Tiny and obfuscated ASP.NET webshell for C# web applications. * [PhpSploit](https://github.com/nil0x42/phpsploit) - Full-featured C2 framework which silently persists on webserver via evil PHP oneliner. +* [weevely3](https://github.com/epinna/weevely3) - Weaponized PHP-based web shell. + +### Web-accessible source code ripping tools + +* [DVCS Ripper](https://github.com/kost/dvcs-ripper) - Rip web accessible (distributed) version control systems: SVN/GIT/HG/BZR. +* [GitTools](https://github.com/internetwache/GitTools) - Automatically find and download Web-accessible `.git` repositories. +* [git-dumper](https://github.com/arthaud/git-dumper) - Tool to dump a git repository from a website. ### Web Exploitation Books