From 9a921bbf49c11e872a22532d9786228e85ecc1e6 Mon Sep 17 00:00:00 2001
From: fabacab <fabacab@riseup.net>
Date: Sun, 14 Mar 2021 14:20:47 -0400
Subject: [PATCH] Closes #373: Add dirsearch and git-scanner to appropriate Web
 category.

---
 README.md | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/README.md b/README.md
index 00307c4..f89b190 100644
--- a/README.md
+++ b/README.md
@@ -85,6 +85,7 @@ Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕). Plea
   * [Intercepting Web proxies](#intercepting-web-proxies)
   * [Web file inclusion tools](#web-file-inclusion-tools)
   * [Web injection tools](#web-injection-tools)
+  * [Web path discovery and bruteforcing tools](#web-path-discovery-and-bruteforcing-tools)
   * [Web shells and C2 frameworks](#web-shells-and-c2-frameworks)
   * [Web-accessible source code ripping tools](#web-accessible-source-code-ripping-tools)
   * [Web Exploitation Books](#web-exploitation-books)
@@ -609,6 +610,7 @@ See also *[Web-accessible source code ripping tools](#web-accessible-source-code
 * [EyeWitness](https://github.com/ChrisTruncer/EyeWitness) - Tool to take screenshots of websites, provide some server header info, and identify default credentials if possible.
 * [VHostScan](https://github.com/codingo/VHostScan) - Virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, aliases and dynamic default pages.
 * [Wappalyzer](https://www.wappalyzer.com/) - Wappalyzer uncovers the technologies used on websites.
+* [WhatWaf](https://github.com/Ekultek/WhatWaf) - Detect and bypass web application firewalls and protection systems.
 * [WhatWeb](https://github.com/urbanadventurer/WhatWeb) - Website fingerprinter.
 * [wafw00f](https://github.com/EnableSecurity/wafw00f) - Identifies and fingerprints Web Application Firewall (WAF) products.
 * [webscreenshot](https://github.com/maaaaz/webscreenshot) - Simple script to take screenshots of websites from a list of sites.
@@ -794,10 +796,8 @@ See also [awesome-social-engineering](https://github.com/v2-dev/awesome-social-e
 * [Offensive Web Testing Framework (OWTF)](https://www.owasp.org/index.php/OWASP_OWTF) - Python-based framework for pentesting Web applications based on the OWASP Testing Guide.
 * [Raccoon](https://github.com/evyatarmeged/Raccoon) - High performance offensive security tool for reconnaissance and vulnerability scanning.
 * [WPSploit](https://github.com/espreto/wpsploit) - Exploit WordPress-powered websites with Metasploit.
-* [WhatWaf](https://github.com/Ekultek/WhatWaf) - Detect and bypass web application firewalls and protection systems.
 * [autochrome](https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2017/march/autochrome/) - Chrome browser profile preconfigured with appropriate settings needed for web application testing.
 * [badtouch](https://github.com/kpcyrd/badtouch) - Scriptable network authentication cracker.
-* [recursebuster](https://github.com/c-sto/recursebuster) - Content discovery tool to perform directory and file bruteforcing.
 * [sslstrip2](https://github.com/LeonardoNve/sslstrip2) - SSLStrip version to defeat HSTS.
 * [sslstrip](https://www.thoughtcrime.org/software/sslstrip/) - Demonstration of the HTTPS stripping attacks.
 
@@ -824,6 +824,11 @@ See also *[Proxies and Machine-in-the-Middle (MITM) Tools](#proxies-and-machine-
 * [SQLmap](http://sqlmap.org/) - Automatic SQL injection and database takeover tool.
 * [tplmap](https://github.com/epinna/tplmap) - Automatic server-side template injection and Web server takeover tool.
 
+### Web path discovery and bruteforcing tools
+
+* [dirsearch](https://github.com/maurosoria/dirsearch) - Web path scanner.
+* [recursebuster](https://github.com/c-sto/recursebuster) - Content discovery tool to perform directory and file bruteforcing.
+
 ### Web shells and C2 frameworks
 
 * [Browser Exploitation Framework (BeEF)](https://github.com/beefproject/beef) - Command and control server for delivering exploits to commandeered Web browsers.
@@ -837,6 +842,7 @@ See also *[Proxies and Machine-in-the-Middle (MITM) Tools](#proxies-and-machine-
 * [DVCS Ripper](https://github.com/kost/dvcs-ripper) - Rip web accessible (distributed) version control systems: SVN/GIT/HG/BZR.
 * [GitTools](https://github.com/internetwache/GitTools) - Automatically find and download Web-accessible `.git` repositories.
 * [git-dumper](https://github.com/arthaud/git-dumper) - Tool to dump a git repository from a website.
+* [git-scanner](https://github.com/HightechSec/git-scanner) - Tool for bug hunting or pentesting websites that have open `.git` repositories available in public.
 
 ### Web Exploitation Books