Skip to content

Latest commit

 

History

History
89 lines (87 loc) · 7.73 KB

tools.md

File metadata and controls

89 lines (87 loc) · 7.73 KB

Not The Hidden Wiki

Learn Web Application Hacking

  1. Burp Suite - link
  2. WAF Bypass - link
  3. Burp Alternatinve: Caido - link
  4. Nessus - link
  5. runZero - link
  6. nikto - link
  7. nuclei - link
  8. XSSCon - link
  9. Bug Bounty Hunting Search Engine - link
  10. Shrewdeye APp - link
  11. IIS Short Name Scanner - link
  12. DorkGPT - link
  13. Generate Custom Dorks - link
  14. reNgine: Automated reconnaissance - link
  15. API Hidden Endpoints - link
  16. ffuf - link
  17. katana - link
  18. feroxbuster - link
  19. Wordpress Plugin Scraper - link
  20. Oracle Database Attacking Tool - link
  21. SSRF Scanner - link
  22. Webhook site - link
  23. Beef - link
  24. Excessy - link
  25. DOM Invader - link
  26. Secret Finder - link
  27. Web App Security Testing Tools - link
  28. OWASP Nettacker - link
  29. Web Cache Vulnerability Scanner - link
  30. CSP Evaluator - link
  31. Web Check - link
  32. DNS Rebinder - link
  33. arjun: HTTP parameter discovery suite. - link
  34. arsenal: Powerful weapons for penetration testing. - link
  35. assetfinder: Tool to find subdomains and IP addresses associated with a domain. - link
  36. byp4xx: A Swiss Army knife for bypassing web application firewalls and filters. - link
  37. corscanner: a Python script for finding CORS misconfigurations. - link
  38. dirb: Web Content Scanner - link
  39. dirsearch: Tool for searching files and directories on a web site. - link
  40. divideandscan: Advanced subdomain scanner - link
  41. droopescan: Scan Drupal websites for vulnerabilities. - link
  42. drupwn: Drupal security scanner. - link
  43. ssrfmap: a tool for testing SSRF vulnerabilities. - link
  44. sslscan: a tool for testing SSL/TLS encryption on servers - link
  45. finalrecon: A web reconnaissance tool that gathers information about web pages - link
  46. fuxploider: a Python tool for finding and exploiting file upload forms/directories. - link
  47. xsser: XSS scanner. - link
  48. wpscan: A tool to enumerate WordPress-based websites - link
  49. h2csmuggler: HTTP Request Smuggling tool using H2C upgrade - link
  50. PHP filter chain generator - link
  51. git-dumper: Small script to dump a Git repository from a website - link
  52. gittools: A collection of Git tools including a powerful Dumper - link
  53. gobuster: Tool to discover hidden files and directories. - link
  54. gopherus: Gopherus is a simple command line tool for exploiting vulnerable Gopher servers. - link
  55. goshs: Goshs is a replacement for Python’s SimpleHTTPServer - link
  56. hakrawler: a fast web crawler for gathering URLs and other information from websites - link
  57. hakrevdns: Reverse DNS lookup - link
  58. httpmethods: Tool for exploiting HTTP methods- link
  59. httpx: A tool for identifying web technologies and vulnerabilities - link
  60. joomscan: A tool to enumerate Joomla-based websites - link
  61. kadimus: a tool for detecting and exploiting file upload vulnerabilities - link
  62. ldeep: ldeep is a tool to discover hidden paths on Web servers - link
  63. masscan: Masscan is an Internet-scale port scanner - link
  64. moodlescan: Scan Moodle sites for information and vulnerabilities. - link
  65. nosqlmap: a Python tool for testing NoSQL databases for security vulnerabilities. - link
  66. oneforall: a powerful subdomain collection tool. - link
  67. rustscan: The Modern Port Scanner - link
  68. sqlmap - link
  69. sublist3r: a Python tool designed to enumerate subdomains of websites. - link
  70. symfony-exploits: Collection of Symfony exploits and PoCs. - link
  71. tls-map: tls-map is a library for mapping TLS cipher algorithm names. - link
  72. tls-scanner: a simple script to check the security of a remote TLS/SSL web server - link
  73. webclientservicescanner: Scans for web service endpoints - link
  74. XSpear: a powerful XSS scanning and exploitation tool. - link
  75. xsrfprobe: a tool for detecting and exploiting Cross-Site Request Forgery (CSRF) vulnerabilities - link
  76. xsstrike: a Python tool for detecting and exploiting XSS vulnerabilities. - link
  77. ysoserial: generating payloads that exploit unsafe Java object deserialization. - link
  78. pp-finder: Prototype pollution finder tool for javascript - link
  79. subfinder: Tool to find subdomains - link
  80. Smuggler - An HTTP Request Smuggling / Desync testing tool written in Python 3 - link
  81. Burp Suite alternative - link
  82. SubDomainRadar.io: Find subdomains with unparalleled accuracy and speed. - link
  83. Merklemap: Subdomain Search Engine - link
  84. Beyond XSS: Explore the Web Front-end Security Universe - link