Army-Knife |
BurpSuite |
the BurpSuite Project |
|
proxy |
![linux](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/linux.png) ![macos](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/apple.png) ![windows](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/windows.png) ![burp](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/burp.png) ![](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/java.png) |
Army-Knife |
axiom |
A dynamic infrastructure toolkit for red teamers and bug bounty hunters! |
![](https://camo.githubusercontent.com/b95d2553a3adc21bed0ea96ccf0bda81deb6c74f77e0757b29df930ec5fdf5d8/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f7072793063632f6178696f6d3f6c6162656c3d253230) |
infra |
![linux](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/linux.png) ![macos](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/apple.png) ![windows](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/windows.png) ![](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/shell.png) |
Army-Knife |
proxify |
Swiss Army knife Proxy tool for HTTP/HTTPS traffic capture, manipulation and replay |
![](https://camo.githubusercontent.com/a377e8fef18320b1d90118bc9a6111fb40735165391a49b4600604830ace10d8/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f70726f6a656374646973636f766572792f70726f786966793f6c6162656c3d253230) |
proxy |
![linux](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/linux.png) ![macos](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/apple.png) ![windows](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/windows.png) ![](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/go.png) |
Army-Knife |
ZAP |
The OWASP ZAP core project |
![](https://camo.githubusercontent.com/b5b4d964bcc9a2224cc515dbf4804dc2c71278195d1f53a23e0671e3c0100e1c/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f7a6170726f78792f7a6170726f78793f6c6162656c3d253230) |
proxy |
![linux](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/linux.png) ![macos](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/apple.png) ![windows](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/windows.png) ![zap](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/zap.png) ![](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/java.png) |
Army-Knife |
hetty |
Hetty is an HTTP toolkit for security research. It aims to become an open source alternative to commercial software like Burp Suite Pro, with powerful features tailored to the needs of the infosec and bug bounty community. |
![](https://camo.githubusercontent.com/1587176614360b0d242f90b474edb53d544a6c6d39d8c98a087730e6f9f22f75/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f6473746f74696a6e2f68657474793f6c6162656c3d253230) |
proxy |
![linux](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/linux.png) ![macos](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/apple.png) ![windows](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/windows.png) ![](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/go.png) |
Army-Knife |
wuzz |
Interactive cli tool for HTTP inspection |
![](https://camo.githubusercontent.com/c56a171d1404275b47db06dee45404b233dc459468c0ac1e5370a47bfd97a789/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f61736369696d6f6f2f77757a7a3f6c6162656c3d253230) |
proxy |
![linux](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/linux.png) ![macos](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/apple.png) ![windows](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/windows.png) ![](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/go.png) |
Army-Knife |
jaeles |
The Swiss Army knife for automated Web Application Testing |
![](https://camo.githubusercontent.com/77d87ac58ae7e065ca94b7081eec6055da2fd78dac3a8f144cb681ac08980a2e/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f6a61656c65732d70726f6a6563742f6a61656c65733f6c6162656c3d253230) |
live-audit |
![linux](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/linux.png) ![macos](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/apple.png) ![windows](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/windows.png) ![](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/go.png) |
Recon |
SecurityTrails |
Online dns / subdomain / recon tool |
|
|
![linux](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/linux.png) ![macos](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/apple.png) ![windows](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/windows.png) |
Recon |
x8 |
Hidden parameters discovery suite |
![](https://camo.githubusercontent.com/b4a11e61974600bc5cf6ce62a3a00582f2fc6c28380664eeb6c708c8a6f0e45b/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f536831596f2f78383f6c6162656c3d253230) |
|
![linux](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/linux.png) ![macos](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/apple.png) ![windows](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/windows.png) ![](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/rust.png) |
Recon |
masscan |
TCP port scanner, spews SYN packets asynchronously, scanning entire Internet in under 5 minutes. |
![](https://camo.githubusercontent.com/1147fe2f2474d13e5f10a7aaa1c7d792670627031cc91314f40304e8ff30e728/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f726f62657274646176696467726168616d2f6d61737363616e3f6c6162656c3d253230) |
|
![linux](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/linux.png) ![macos](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/apple.png) ![windows](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/windows.png) ![](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/c.png) |
Recon |
FavFreak |
Making Favicon.ico based Recon Great again ! |
![](https://camo.githubusercontent.com/1881acc37c4d194763352860881621738f58fa2d1bac559b4bb1ec6d8106d4b5/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f646576616e736862617468616d2f466176467265616b3f6c6162656c3d253230) |
|
![linux](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/linux.png) ![macos](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/apple.png) ![windows](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/windows.png) ![](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/python.png) |
Recon |
Arjun |
HTTP parameter discovery suite. |
![](https://camo.githubusercontent.com/b4b9c3e16a0346fd08e65dc3f96f448bdea470cac67e39a7d997aceff8e135ad/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f73306d6433762f41726a756e3f6c6162656c3d253230) |
param |
![linux](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/linux.png) ![macos](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/apple.png) ![windows](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/windows.png) ![](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/python.png) |
Recon |
SecretFinder |
SecretFinder - A python script for find sensitive data (apikeys, accesstoken,jwt,..) and search anything on javascript files |
![](https://camo.githubusercontent.com/66ba604da843233775ed8a73a36e89b75618bc685d4dcd101288fa334637d1c4/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f6d346c6c306b2f53656372657446696e6465723f6c6162656c3d253230) |
|
![linux](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/linux.png) ![macos](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/apple.png) ![windows](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/windows.png) ![](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/python.png) |
Recon |
getJS |
A tool to fastly get all javascript sources/files |
![](https://camo.githubusercontent.com/1c4c890b5106b2f424d79a79e50946f30720819a3e11ff17ced2e02d339c8f0b/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f30303372616e646f6d2f6765744a533f6c6162656c3d253230) |
|
![linux](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/linux.png) ![macos](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/apple.png) ![windows](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/windows.png) ![](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/go.png) |
Recon |
parameth |
This tool can be used to brute discover GET and POST parameters |
![](https://camo.githubusercontent.com/18c44b1e175c7dea0eb451eb80dd2de54c689f8241687ad438fab437562ab25c/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f6d614b2d2f706172616d6574683f6c6162656c3d253230) |
|
![linux](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/linux.png) ![macos](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/apple.png) ![windows](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/windows.png) ![](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/python.png) |
Recon |
Smap |
a drop-in replacement for Nmap powered by shodan.io |
![](https://camo.githubusercontent.com/01a80d1a924921cc1a81f9aaf4464a9ca367724e3a8ede6a3889dee509a85b10/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f73306d6433762f736d61702f3f6c6162656c3d253230) |
|
![linux](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/linux.png) ![macos](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/apple.png) ![windows](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/windows.png) ![](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/go.png) |
Recon |
gobuster |
Directory/File, DNS and VHost busting tool written in Go |
![](https://camo.githubusercontent.com/72c6f63f383da81a89eaf0522c1fb4e0941efb39ffc76e73940d4252cf94ee44/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f4f4a2f676f6275737465723f6c6162656c3d253230) |
|
![linux](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/linux.png) ![macos](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/apple.png) ![windows](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/windows.png) ![](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/go.png) |
Recon |
rengine |
reNgine is an automated reconnaissance framework meant for gathering information during penetration testing of web applications. reNgine has customizable scan engines, which can be used to scan the websites, endpoints, and gather information. |
![](https://camo.githubusercontent.com/df97711e43064c64df4c0c4fac0598cd6e57df260da2ee9586379a69fe9536bd/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f796f676573686f6a68612f72656e67696e653f6c6162656c3d253230) |
|
![linux](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/linux.png) ![macos](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/apple.png) ![windows](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/windows.png) ![](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/javascript.png) |
Recon |
naabu |
A fast port scanner written in go with focus on reliability and simplicity. Designed to be used in combination with other tools for attack surface discovery in bug bounties and pentests |
![](https://camo.githubusercontent.com/30d2ef5f3258e981105ae956759435457abb29ed0f078a52d92ddddf5659baad/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f70726f6a656374646973636f766572792f6e616162753f6c6162656c3d253230) |
|
![linux](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/linux.png) ![macos](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/apple.png) ![windows](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/windows.png) ![](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/go.png) |
Recon |
crawlergo |
A powerful browser crawler for web vulnerability scanners |
![](https://camo.githubusercontent.com/9b3096353c6dabe4db518807b1cab2b8ba110bf665715313ef3ee39f6987115e/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f5169616e6c6974702f637261776c6572676f3f6c6162656c3d253230) |
|
![linux](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/linux.png) ![macos](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/apple.png) ![windows](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/windows.png) ![](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/go.png) |
Recon |
dirsearch |
Web path scanner |
![](https://camo.githubusercontent.com/efbd3339c342a889c593a9e0a5b267ac6d14f42cb65766975079bad28ea48df4/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f6d6175726f736f7269612f6469727365617263683f6c6162656c3d253230) |
|
![linux](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/linux.png) ![macos](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/apple.png) ![windows](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/windows.png) ![](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/python.png) |
Recon |
puredns |
Puredns is a fast domain resolver and subdomain bruteforcing tool that can accurately filter out wildcard subdomains and DNS poisoned entries. |
![](https://camo.githubusercontent.com/0d2ee9dec4fe21f11f1f65589210616f95075e9ef8fc92fa25ef8451417883e3/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f64336d6f6e6465762f70757265646e733f6c6162656c3d253230) |
|
![linux](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/linux.png) ![macos](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/apple.png) ![windows](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/windows.png) ![](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/go.png) |
Recon |
subfinder |
Subfinder is a subdomain discovery tool that discovers valid subdomains for websites. Designed as a passive framework to be useful for bug bounties and safe for penetration testing. |
![](https://camo.githubusercontent.com/359bdc68d64b72247cb6c7fdffb45c6273dba7d9f29d2ddb3716ec35b1c15bbc/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f70726f6a656374646973636f766572792f73756266696e6465723f6c6162656c3d253230) |
subdomains |
![linux](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/linux.png) ![macos](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/apple.png) ![windows](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/windows.png) ![](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/go.png) |
Recon |
meg |
Fetch many paths for many hosts - without killing the hosts |
![](https://camo.githubusercontent.com/cbb4fc8b8bd4868d6dee7fe508481c57ae7507dd742b2a898aef28ccbb56abd5/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f746f6d6e6f6d6e6f6d2f6d65673f6c6162656c3d253230) |
|
![linux](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/linux.png) ![macos](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/apple.png) ![windows](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/windows.png) ![](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/go.png) |
Recon |
Photon |
Incredibly fast crawler designed for OSINT. |
![](https://camo.githubusercontent.com/12f7d5269da86bc20c3f58e29405b2739c64a77a839a52733364497bb2a44a89/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f73306d6433762f50686f746f6e3f6c6162656c3d253230) |
|
![linux](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/linux.png) ![macos](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/apple.png) ![windows](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/windows.png) ![](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/python.png) |
Recon |
shuffledns |
shuffleDNS is a wrapper around massdns written in go that allows you to enumerate valid subdomains using active bruteforce as well as resolve subdomains with wildcard handling and easy input-output support. |
![](https://camo.githubusercontent.com/b912f72940c8a7e9fafaef186be94a28a113b27bb0d3ba6677344cda0345359e/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f70726f6a656374646973636f766572792f73687566666c65646e733f6c6162656c3d253230) |
|
![linux](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/linux.png) ![macos](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/apple.png) ![windows](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/windows.png) ![](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/go.png) |
Recon |
dmut |
A tool to perform permutations, mutations and alteration of subdomains in golang. |
![](https://camo.githubusercontent.com/03672ec9cf5c7a7e7a9251b146decbee394c2e229bcf0ccad15ce14efbdaf9e6/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f6270306c722f646d75743f6c6162656c3d253230) |
subdomains |
![linux](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/linux.png) ![macos](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/apple.png) ![windows](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/windows.png) ![](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/go.png) |
Recon |
apkleaks |
Scanning APK file for URIs, endpoints & secrets. |
![](https://camo.githubusercontent.com/bc04b48942f16af04f289cadf1f2b4017493efddf19ee67f16136d6f552dc644/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f64776973697377616e74302f61706b6c65616b733f6c6162656c3d253230) |
apk |
![linux](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/linux.png) ![macos](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/apple.png) ![windows](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/windows.png) ![](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/python.png) |
Recon |
Silver |
Mass scan IPs for vulnerable services |
![](https://camo.githubusercontent.com/7c0772f19c1c2f825ab1018cc32d3c0332530344c1f66bb5053d51778565d833/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f73306d6433762f53696c7665723f6c6162656c3d253230) |
|
![linux](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/linux.png) ![macos](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/apple.png) ![windows](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/windows.png) ![](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/python.png) |
Recon |
Amass |
In-depth Attack Surface Mapping and Asset Discovery |
![](https://camo.githubusercontent.com/78aebd00fd4837e5bf1443fc8b8087d4e084ca353123aca891e37a3b59d10f07/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f4f574153502f416d6173733f6c6162656c3d253230) |
subdomains |
![linux](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/linux.png) ![macos](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/apple.png) ![windows](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/windows.png) ![](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/go.png) |
Recon |
pagodo |
pagodo (Passive Google Dork) - Automate Google Hacking Database scraping and searching |
![](https://camo.githubusercontent.com/61a52e344017a27029a4a015e21da3944206ca19fb1abcaf754d76bd5f17b3c8/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f6f70736469736b2f7061676f646f3f6c6162656c3d253230) |
|
![linux](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/linux.png) ![macos](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/apple.png) ![windows](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/windows.png) ![](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/python.png) |
Recon |
scilla |
🏴☠️ Information Gathering tool 🏴☠️ dns/subdomain/port enumeration |
![](https://camo.githubusercontent.com/a18073e206bcb3a6b0a9aef519ad39a6465bd5a4579628aa5daea013b672eee0/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f65646f6172646f7474742f7363696c6c613f6c6162656c3d253230) |
|
![linux](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/linux.png) ![macos](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/apple.png) ![windows](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/windows.png) ![](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/go.png) |
Recon |
DNSDumpster |
Online dns recon & research, find & lookup dns records |
|
|
![linux](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/linux.png) ![macos](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/apple.png) ![windows](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/windows.png) |
Recon |
github-endpoints |
Find endpoints on GitHub. |
![](https://camo.githubusercontent.com/6bbbb09fa395dd75f85550b1d2a7ccd77f81401282cc7c1e19e28e09928165eb/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f6777656e3030312f6769746875622d656e64706f696e74733f6c6162656c3d253230) |
|
![linux](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/linux.png) ![macos](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/apple.png) ![windows](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/windows.png) ![](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/go.png) |
Recon |
HydraRecon |
All In One, Fast, Easy Recon Tool |
![](https://camo.githubusercontent.com/ddd1a5b6ee0a7c6ad62e70555d9fdc47887baf2b5b8b993b60bdb3d5fd4b09fc/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f6175667a617965642f48796472615265636f6e3f6c6162656c3d253230) |
|
![linux](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/linux.png) ![macos](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/apple.png) ![windows](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/windows.png) ![](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/python.png) |
Recon |
dnsvalidator |
Maintains a list of IPv4 DNS servers by verifying them against baseline servers, and ensuring accurate responses. |
![](https://camo.githubusercontent.com/9754615d9cd5e4005e3518ba1fb2eb31ed98432f52a82d7bc4c4a695759fc9d6/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f766f7274657861752f646e7376616c696461746f723f6c6162656c3d253230) |
dns |
![linux](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/linux.png) ![macos](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/apple.png) ![windows](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/windows.png) ![](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/python.png) |
Recon |
subgen |
A really simple utility to concate wordlists to a domain name - to pipe into your favourite resolver! |
![](https://camo.githubusercontent.com/d52a7dca996a1261d207ee29dca3f98a79423fcc147b7d2d2258ce8d2becddf0/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f7072793063632f73756267656e3f6c6162656c3d253230) |
subdomains |
![linux](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/linux.png) ![macos](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/apple.png) ![windows](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/windows.png) ![](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/go.png) |
Recon |
ParamSpider |
Mining parameters from dark corners of Web Archives |
![](https://camo.githubusercontent.com/a8f772144e28740ccf0b9d5f1c71dcdec3e7a35230309d377008acc6c53dd213/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f646576616e736862617468616d2f506172616d5370696465723f6c6162656c3d253230) |
param |
![linux](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/linux.png) ![macos](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/apple.png) ![windows](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/windows.png) ![](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/python.png) |
Recon |
rusolver |
Fast and accurate DNS resolver. |
![](https://camo.githubusercontent.com/3a16d315e42079f42b79e3ef9c34aabe46f1e965c3f813314b59356add5ce16d/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f45647534726453484c2f7275736f6c7665723f6c6162656c3d253230) |
dns |
![linux](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/linux.png) ![macos](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/apple.png) ![windows](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/windows.png) ![](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/rust.png) |
Recon |
Shodan |
World's first search engine for Internet-connected devices |
|
|
![linux](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/linux.png) ![macos](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/apple.png) ![windows](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/windows.png) |
Recon |
xnLinkFinder |
A python tool used to discover endpoints (and potential parameters) for a given target |
![](https://camo.githubusercontent.com/9ed75348cd635861eefa504f23af3991b3e62201463c7a2652eae8db33ea3eba/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f786e6c2d6834636b33722f786e4c696e6b46696e6465723f6c6162656c3d253230) |
|
![linux](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/linux.png) ![macos](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/apple.png) ![windows](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/windows.png) ![](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/python.png) |
Recon |
knock |
Knock Subdomain Scan |
![](https://camo.githubusercontent.com/5bd5915c2be5639c3e07c08a291a455e3d849402c3f3b02d1c1708fb2c4a5929/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f6775656c666f7765622f6b6e6f636b3f6c6162656c3d253230) |
subdomains |
![linux](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/linux.png) ![macos](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/apple.png) ![windows](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/windows.png) ![](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/python.png) |
Recon |
github-subdomains |
Find subdomains on GitHub |
![](https://camo.githubusercontent.com/95cab395c6a41ceb9854a079f921e761e9283a5236670003251de238ea5c86db/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f6777656e3030312f6769746875622d737562646f6d61696e733f6c6162656c3d253230) |
|
![linux](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/linux.png) ![macos](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/apple.png) ![windows](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/windows.png) ![](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/go.png) |
Recon |
OneForAll |
OneForAll是一款功能强大的子域收集工具 |
![](https://camo.githubusercontent.com/0d2e092253f606585308492bf09dd6811ffbd17c82c8b5b5a6ecff6cb85d7d0e/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f73686d696c796c74792f4f6e65466f72416c6c3f6c6162656c3d253230) |
|
![linux](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/linux.png) ![macos](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/apple.png) ![windows](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/windows.png) ![](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/python.png) |
Recon |
JSFScan.sh |
Automation for javascript recon in bug bounty. |
![](https://camo.githubusercontent.com/da1486c1dcb590e133fb126c2b3c41864ed0e75a7756a2a6c9ca671fa5ecdbe4/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f4b617468616e5031392f4a53465363616e2e73683f6c6162656c3d253230) |
|
![linux](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/linux.png) ![macos](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/apple.png) ![windows](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/windows.png) ![](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/shell.png) |
Recon |
hakrevdns |
Small, fast tool for performing reverse DNS lookups en masse. |
![](https://camo.githubusercontent.com/10d56095b5baa02f61f5f5271f8f24893a739a33e08de37ab5eebb29e3dea2c6/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f68616b6c756b652f68616b726576646e733f6c6162656c3d253230) |
|
![linux](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/linux.png) ![macos](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/apple.png) ![windows](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/windows.png) ![](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/go.png) |
Recon |
httpx |
httpx is a fast and multi-purpose HTTP toolkit allow to run multiple probers using retryablehttp library, it is designed to maintain the result reliability with increased threads. |
![](https://camo.githubusercontent.com/3635b112a9d7b971a3e70d5c0efa8206d837ed8e1fe54d5850ba86c76f144650/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f70726f6a656374646973636f766572792f68747470783f6c6162656c3d253230) |
|
![linux](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/linux.png) ![macos](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/apple.png) ![windows](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/windows.png) ![](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/go.png) |
Recon |
uncover |
Quickly discover exposed hosts on the internet using multiple search engine. |
![](https://camo.githubusercontent.com/526fe7d7dbe24f8939b4394dce09b2fb11391f038ebc9e5cf14ef1b7129fb2c4/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f70726f6a656374646973636f766572792f756e636f7665723f6c6162656c3d253230) |
|
![linux](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/linux.png) ![macos](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/apple.png) ![windows](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/windows.png) ![](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/go.png) |
Recon |
subzy |
Subdomain takeover vulnerability checker |
![](https://camo.githubusercontent.com/c79f0c5a0d190f644f93044539dee82866043bdb1a4e92988515056396921063/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f4c756b6153696b69632f7375627a793f6c6162656c3d253230) |
subdomains |
![linux](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/linux.png) ![macos](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/apple.png) ![windows](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/windows.png) ![](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/go.png) |
Recon |
GitMiner |
Tool for advanced mining for content on Github |
![](https://camo.githubusercontent.com/29e8847bd1c0d672f8307a0434951668ec31d24c91baf0e0b302582bd5808ad1/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f556e6b4c34622f4769744d696e65723f6c6162656c3d253230) |
|
![linux](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/linux.png) ![macos](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/apple.png) ![windows](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/windows.png) ![](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/python.png) |
Recon |
spiderfoot |
SpiderFoot automates OSINT collection so that you can focus on analysis. |
![](https://camo.githubusercontent.com/b28d35c8c20b59ffd9d2d3f3d1c86fa13eb1a727377a7b387cfed72f5ada9754/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f736d6963616c6c65662f737069646572666f6f743f6c6162656c3d253230) |
|
![linux](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/linux.png) ![macos](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/apple.png) ![windows](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/windows.png) ![](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/python.png) |
Recon |
subjs |
Fetches javascript file from a list of URLS or subdomains. |
![](https://camo.githubusercontent.com/cf0115869e75ac0bd5c1b8a910863a0fced70978e8f7e9f414d5222d2b83f5e0/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f6c632f7375626a733f6c6162656c3d253230) |
|
![linux](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/linux.png) ![macos](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/apple.png) ![windows](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/windows.png) ![](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/go.png) |
Recon |
aquatone |
A Tool for Domain Flyovers |
![](https://camo.githubusercontent.com/1ecd843898b24480fd4c3d6eaa6e9f1e3fabecc08aeef2f3ad2b6886e434dcd0/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f6d696368656e72696b73656e2f61717561746f6e653f6c6162656c3d253230) |
domain |
![linux](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/linux.png) ![macos](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/apple.png) ![windows](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/windows.png) ![](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/go.png) |
Recon |
lazyrecon |
This script is intended to automate your reconnaissance process in an organized fashion |
![](https://camo.githubusercontent.com/e2782e47cf7f587d5b95723809258c98fe5baf884904d7b8181db9073416c4c7/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f6e6168616d7365632f6c617a797265636f6e3f6c6162656c3d253230) |
|
![linux](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/linux.png) ![macos](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/apple.png) ![windows](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/windows.png) ![](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/shell.png) |
Recon |
gitrob |
Reconnaissance tool for GitHub organizations |
![](https://camo.githubusercontent.com/94655ae32dea704176b7ab76fc8f45add3e95bb2a610566c2fb3b6d701c4874f/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f6d696368656e72696b73656e2f676974726f623f6c6162656c3d253230) |
|
![linux](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/linux.png) ![macos](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/apple.png) ![windows](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/windows.png) ![](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/go.png) |
Recon |
intrigue-core |
Discover Your Attack Surface |
![](https://camo.githubusercontent.com/ab5695a0a3ce826b9ec575cbbaf5bdefc0e371ea2281a15b96a8d93349e6e33a/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f696e747269677565696f2f696e7472696775652d636f72653f6c6162656c3d253230) |
|
![linux](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/linux.png) ![macos](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/apple.png) ![windows](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/windows.png) ![](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/ruby.png) |
Recon |
gospider |
Gospider - Fast web spider written in Go |
![](https://camo.githubusercontent.com/d363a04a5ee1a25966fc0fd1da8d41522d94c211f85fc126d450aa5ddc6bdd90/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f6a61656c65732d70726f6a6563742f676f7370696465723f6c6162656c3d253230) |
|
![linux](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/linux.png) ![macos](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/apple.png) ![windows](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/windows.png) ![](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/go.png) |
Recon |
Parth |
Heuristic Vulnerable Parameter Scanner |
![](https://camo.githubusercontent.com/6b4b4668072231ba5c78135458a9da633bb566d9bbab4abfab71cd8c4abacc45/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f73306d6433762f50617274683f6c6162656c3d253230) |
param |
![linux](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/linux.png) ![macos](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/apple.png) ![windows](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/windows.png) ![](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/python.png) |
Recon |
3klCon |
Automation Recon tool which works with Large & Medium scopes. It performs more than 20 tasks and gets back all the results in separated files. |
![](https://camo.githubusercontent.com/875403b776b0089c82ad11c5cf10f2709e4d74df585338fc0a3818e5c9ba6c63/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f65736c616d336b6c2f336b6c436f6e3f6c6162656c3d253230) |
|
![linux](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/linux.png) ![macos](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/apple.png) ![windows](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/windows.png) ![](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/python.png) |
Recon |
hakrawler |
Simple, fast web crawler designed for easy, quick discovery of endpoints and assets within a web application |
![](https://camo.githubusercontent.com/a9e7103dcb7b93e2080c4dc156a0137aa16d93d61846c3efadd2a472627e1dae/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f68616b6c756b652f68616b7261776c65723f6c6162656c3d253230) |
|
![linux](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/linux.png) ![macos](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/apple.png) ![windows](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/windows.png) ![](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/go.png) |
Recon |
LinkFinder |
A python script that finds endpoints in JavaScript files |
![](https://camo.githubusercontent.com/3e2945ef6008d77882dd6da2a0235ab337e3d6a897724175fd98e88fe2a07fc2/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f47657262656e4a617661646f2f4c696e6b46696e6465723f6c6162656c3d253230) |
|
![linux](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/linux.png) ![macos](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/apple.png) ![windows](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/windows.png) ![](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/python.png) |
Recon |
gau |
Fetch known URLs from AlienVault's Open Threat Exchange, the Wayback Machine, and Common Crawl. |
![](https://camo.githubusercontent.com/2dc978b877be6d9d5bd7b8b12017b15ca7d1dfdbd86c749bb7c24449ebd647d0/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f6c632f6761753f6c6162656c3d253230) |
|
![linux](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/linux.png) ![macos](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/apple.png) ![windows](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/windows.png) ![](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/go.png) |
Recon |
subjack |
Subdomain Takeover tool written in Go |
![](https://camo.githubusercontent.com/2277e1d7e5b17a633eeccbe9570cfd13525b6f2a82a85c99abb986b7bfceb516/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f6861636365722f7375626a61636b3f6c6162656c3d253230) |
subdomains |
![linux](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/linux.png) ![macos](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/apple.png) ![windows](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/windows.png) ![](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/go.png) |
Recon |
longtongue |
Customized Password/Passphrase List inputting Target Info |
![](https://camo.githubusercontent.com/657093200e7d8ec2d92b9f87633816cb90b98deea292978a090abfaca8499266/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f65646f6172646f7474742f6c6f6e67746f6e6775653f6c6162656c3d253230) |
|
![linux](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/linux.png) ![macos](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/apple.png) ![windows](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/windows.png) ![](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/python.png) |
Recon |
cariddi |
Take a list of domains, crawl urls and scan for endpoints, secrets, api keys, file extensions, tokens and more |
![](https://camo.githubusercontent.com/543aa34a969a6197ea366615debe76ff50e8e0d5fde4b547d4da179402230be8/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f65646f6172646f7474742f636172696464693f6c6162656c3d253230) |
|
![linux](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/linux.png) ![macos](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/apple.png) ![windows](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/windows.png) ![](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/go.png) |
Recon |
sn0int |
Semi-automatic OSINT framework and package manager |
![](https://camo.githubusercontent.com/f8a5cc04dda96433bb17990f18b312d2999d2a24fb81a20ebddee8d0213871db/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f6b70637972642f736e30696e743f6c6162656c3d253230) |
|
![linux](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/linux.png) ![macos](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/apple.png) ![windows](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/windows.png) ![](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/rust.png) |
Recon |
go-dork |
The fastest dork scanner written in Go. |
![](https://camo.githubusercontent.com/66d58f86662903ac2e67a36fcd4b2a3c687f39f855a4b37b2f108a39722f3496/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f64776973697377616e74302f676f2d646f726b3f6c6162656c3d253230) |
|
![linux](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/linux.png) ![macos](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/apple.png) ![windows](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/windows.png) ![](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/go.png) |
Recon |
assetfinder |
Find domains and subdomains related to a given domain |
![](https://camo.githubusercontent.com/cf1c87cda43ee40629da3f1c32a853d1e72362b77f378f2e1346bc978282fe06/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f746f6d6e6f6d6e6f6d2f617373657466696e6465723f6c6162656c3d253230) |
subdomains |
![linux](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/linux.png) ![macos](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/apple.png) ![windows](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/windows.png) ![](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/go.png) |
Recon |
haktrails |
Golang client for querying SecurityTrails API data |
![](https://camo.githubusercontent.com/12aade94d5e2663feb92bf6678ae1ad9ac9e3d5b3f54a04557beb912f3bbda0c/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f68616b6c756b652f68616b747261696c733f6c6162656c3d253230) |
|
![linux](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/linux.png) ![macos](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/apple.png) ![windows](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/windows.png) ![](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/go.png) |
Recon |
dnsx |
dnsx is a fast and multi-purpose DNS toolkit allow to run multiple DNS queries of your choice with a list of user-supplied resolvers. |
![](https://camo.githubusercontent.com/2945fcb2c7987e53abf57087830e865c48e06f3c14d446a2a332c6808e93e13d/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f70726f6a656374646973636f766572792f646e73783f6c6162656c3d253230) |
dns |
![linux](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/linux.png) ![macos](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/apple.png) ![windows](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/windows.png) ![](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/go.png) |
Recon |
RustScan |
Faster Nmap Scanning with Rust |
![](https://camo.githubusercontent.com/6dd0fb9904c9a2c0d36d5e566b24ae36e724f4573b535d66abf250db6ee98061/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f6272616e646f6e736b6572726974742f527573745363616e3f6c6162656c3d253230) |
|
![linux](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/linux.png) ![macos](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/apple.png) ![windows](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/windows.png) ![](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/rust.png) |
Recon |
cc.py |
Extracting URLs of a specific target based on the results of "commoncrawl.org" |
![](https://camo.githubusercontent.com/df8cb0a3fcf742a4305ccbc4c3a3c6573b2dc5466b0d28597ec22ac5f504e7fd/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f736939696e742f63632e70793f6c6162656c3d253230) |
|
![linux](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/linux.png) ![macos](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/apple.png) ![windows](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/windows.png) ![](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/python.png) |
Recon |
altdns |
Generates permutations, alterations and mutations of subdomains and then resolves them |
![](https://camo.githubusercontent.com/a111f6cd23872aa099bb464bd7fc840c47c02a6826d4e2ced950622ee2ae9882/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f696e666f7365632d61752f616c74646e733f6c6162656c3d253230) |
dns |
![linux](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/linux.png) ![macos](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/apple.png) ![windows](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/windows.png) ![](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/python.png) |
Recon |
recon_profile |
Recon profile (bash profile) for bugbounty |
![](https://camo.githubusercontent.com/a831342363a8a822a75cf9986c6548706371b6d83bb1cb1218bccc140855bc6b/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f6e6168616d7365632f7265636f6e5f70726f66696c653f6c6162656c3d253230) |
|
![linux](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/linux.png) ![macos](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/apple.png) ![windows](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/windows.png) ![](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/shell.png) |
Recon |
gowitness |
🔍 gowitness - a golang, web screenshot utility using Chrome Headless |
![](https://camo.githubusercontent.com/23e6e89960a59bf16bf419796cebc3f50fabd98a0902e3f9a847378f3226de51/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f73656e7365706f73742f676f7769746e6573733f6c6162656c3d253230) |
|
![linux](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/linux.png) ![macos](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/apple.png) ![windows](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/windows.png) ![](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/go.png) |
Recon |
STEWS |
A Security Tool for Enumerating WebSockets |
![](https://camo.githubusercontent.com/c865e5b308e3726daa0e725427e2a542b6775cb8d0ac9e61b95c617e876731d6/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f50616c696e64726f6d654c6162732f53544557533f6c6162656c3d253230) |
|
![linux](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/linux.png) ![macos](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/apple.png) ![windows](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/windows.png) ![](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/python.png) |
Recon |
Hunt3r |
Made your bugbounty subdomains reconnaissance easier with Hunt3r the web application reconnaissance framework |
![](https://camo.githubusercontent.com/6801bc3c03973850a477c266d56efd2b93a35b60f9f8ae8bc20adf7660f01228/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f456173795265636f6e2f48756e7433723f6c6162656c3d253230) |
|
![linux](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/linux.png) ![macos](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/apple.png) ![windows](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/windows.png) ![](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/ruby.png) |
Recon |
subs_all |
Subdomain Enumeration Wordlist. 8956437 unique words. Updated. |
![](https://camo.githubusercontent.com/11a58749e744ac47684a382879b19af583d99808218269bb9dd9daf899dfec90/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f656d61647368616e61622f737562735f616c6c3f6c6162656c3d253230) |
subdomains |
![linux](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/linux.png) ![macos](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/apple.png) ![windows](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/windows.png) |
Recon |
gauplus |
A modified version of gau for personal usage. Support workers, proxies and some extra things. |
![](https://camo.githubusercontent.com/22e524fe1ed138262c9734de536ed391c1b5311bafc41f32fbdd2f17067b346a/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f6270306c722f676175706c75733f6c6162656c3d253230) |
|
![linux](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/linux.png) ![macos](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/apple.png) ![windows](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/windows.png) ![](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/go.png) |
Recon |
findomain |
The fastest and cross-platform subdomain enumerator, do not waste your time. |
![](https://camo.githubusercontent.com/e516ee95ae6946d58685538bb43f95ad3117773197d7c42c8eaee717c473ef19/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f45647534726453484c2f66696e646f6d61696e3f6c6162656c3d253230) |
subdomains |
![linux](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/linux.png) ![macos](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/apple.png) ![windows](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/windows.png) ![](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/rust.png) |
Recon |
dnsprobe |
DNSProb (beta) is a tool built on top of retryabledns that allows you to perform multiple dns queries of your choice with a list of user supplied resolvers. |
![](https://camo.githubusercontent.com/2635c9de88c96a73e9376eb7214a1442e04bbee3f194addd22c2fe191d98da1d/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f70726f6a656374646973636f766572792f646e7370726f62653f6c6162656c3d253230) |
dns |
![linux](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/linux.png) ![macos](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/apple.png) ![windows](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/windows.png) ![](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/go.png) |
Recon |
Chaos Web |
actively scan and maintain internet-wide assets' data. enhance research and analyse changes around DNS for better insights. |
|
|
![linux](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/linux.png) ![macos](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/apple.png) ![windows](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/windows.png) |
Recon |
Osmedeus |
Fully automated offensive security framework for reconnaissance and vulnerability scanning |
![](https://camo.githubusercontent.com/29d5eba3163545ca0c6d2f017f8730d5e55dce3d25161ffbfde3d6a146c8a424/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f6a33737369652f4f736d65646575733f6c6162656c3d253230) |
|
![linux](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/linux.png) ![macos](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/apple.png) ![windows](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/windows.png) ![](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/go.png) |
Recon |
SubOver |
A Powerful Subdomain Takeover Tool |
![](https://camo.githubusercontent.com/7076be218de053d2425ca8e1371faa2553ff16a313ca6b44b1f8eaae965dea73/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f496365336d616e3534332f5375624f7665723f6c6162656c3d253230) |
subdomains |
![linux](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/linux.png) ![macos](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/apple.png) ![windows](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/windows.png) ![](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/go.png) |
Recon |
uro |
declutters url lists for crawling/pentesting |
![](https://camo.githubusercontent.com/679513e58fd7f64ea4e843c5d7f74e886737fbf49406b58a0d8486e4fa264543/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f73306d6433762f75726f3f6c6162656c3d253230) |
|
![linux](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/linux.png) ![macos](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/apple.png) ![windows](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/windows.png) ![](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/python.png) |
Recon |
CT_subdomains |
An hourly updated list of subdomains gathered from certificate transparency logs |
![](https://camo.githubusercontent.com/1073ab77ae6eeeaa73361b78fbcadba5f2b52b5189e1ce342b95692941d5e46a/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f696e7465726e657477616368652f43545f737562646f6d61696e733f6c6162656c3d253230) |
|
![linux](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/linux.png) ![macos](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/apple.png) ![windows](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/windows.png) |
Recon |
reconftw |
reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities |
![](https://camo.githubusercontent.com/2928d66f20bd9522c3b4f11ba744c51041ef3c98486f0c4c728c471b6f51128a/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f7369783264657a2f7265636f6e6674773f6c6162656c3d253230) |
|
![linux](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/linux.png) ![macos](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/apple.png) ![windows](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/windows.png) ![](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/shell.png) |
Recon |
fhc |
Fast HTTP Checker. |
![](https://camo.githubusercontent.com/453b96f63cab3c06fcc4d25a4854f51d872712f711a49258b08d51c3817a1c37/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f45647534726453484c2f6668633f6c6162656c3d253230) |
|
![linux](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/linux.png) ![macos](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/apple.png) ![windows](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/windows.png) ![](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/rust.png) |
Recon |
waybackurls |
Fetch all the URLs that the Wayback Machine knows about for a domain |
![](https://camo.githubusercontent.com/937a76121b8abd543c4fddd09a501118627a4bf0c26b8bc6b3174d740dc7d0aa/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f746f6d6e6f6d6e6f6d2f7761796261636b75726c733f6c6162656c3d253230) |
|
![linux](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/linux.png) ![macos](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/apple.png) ![windows](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/windows.png) ![](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/go.png) |
Recon |
zdns |
Fast CLI DNS Lookup Tool |
![](https://camo.githubusercontent.com/51338cbdb4794fcdf3cee3cd71b663c370f587cec8dd9c11d9b2eb58150d2667/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f7a6d61702f7a646e733f6c6162656c3d253230) |
dns |
![linux](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/linux.png) ![macos](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/apple.png) ![windows](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/windows.png) ![](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/go.png) |
Recon |
htcat |
Parallel and Pipelined HTTP GET Utility |
![](https://camo.githubusercontent.com/39c310a7063dc9c7b12269e5340280d88dbccb1a25ec7caa565a755cc925affa/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f68746361742f68746361743f6c6162656c3d253230) |
|
![linux](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/linux.png) ![macos](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/apple.png) ![windows](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/windows.png) ![](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/go.png) |
Recon |
chaos-client |
Go client to communicate with Chaos DNS API. |
![](https://camo.githubusercontent.com/82865b6a27b07ee93edb493ae2d4b756a8139954a21206428c7cfd3b87e87f92/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f70726f6a656374646973636f766572792f6368616f732d636c69656e743f6c6162656c3d253230) |
|
![linux](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/linux.png) ![macos](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/apple.png) ![windows](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/windows.png) ![](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/go.png) |
Recon |
Sublist3r |
Fast subdomains enumeration tool for penetration testers |
![](https://camo.githubusercontent.com/bc2b2e8f9a9aa6b93a30b982f9eb381dea09e0faca57bbabe034e4ef85540b38/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f61626f756c336c612f5375626c69737433723f6c6162656c3d253230) |
subdomains |
![linux](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/linux.png) ![macos](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/apple.png) ![windows](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/windows.png) ![](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/python.png) |
Recon |
urlhunter |
a recon tool that allows searching on URLs that are exposed via shortener services |
![](https://camo.githubusercontent.com/565145f8c31a08590553416b8498732e0d84497e31b93411b172154da995a596/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f75746b7573656e2f75726c68756e7465723f6c6162656c3d253230) |
|
![linux](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/linux.png) ![macos](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/apple.png) ![windows](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/windows.png) ![](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/go.png) |
Recon |
megplus |
Automated reconnaissance wrapper — TomNomNom's meg on steroids. [DEPRECATED] |
![](https://camo.githubusercontent.com/2ffff56190396f38afb2bd783d10639fc24cb085c54a306a6117c7b81c1e57dc/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f45644f766572666c6f772f6d6567706c75733f6c6162656c3d253230) |
|
![linux](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/linux.png) ![macos](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/apple.png) ![windows](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/windows.png) ![](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/shell.png) |
Fuzzer |
hashcat |
World's fastest and most advanced password recovery utility |
![](https://camo.githubusercontent.com/943a1ac82629eec226c97a7b9f271fc52fb6ac4ae6460539849d02cfa92aeace/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f686173686361742f686173686361742f3f6c6162656c3d253230) |
|
![linux](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/linux.png) ![macos](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/apple.png) ![windows](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/windows.png) ![](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/c.png) |
Fuzzer |
medusa |
Fastest recursive HTTP fuzzer, like a Ferrari. |
![](https://camo.githubusercontent.com/b253024078eb6161ef4373e14028d6ed2051e83b6843ae0fba28a46ad57fb79e/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f72697a612f6d65647573613f6c6162656c3d253230) |
|
![linux](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/linux.png) ![macos](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/apple.png) ![windows](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/windows.png) ![](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/go.png) |
Fuzzer |
dotdotpwn |
DotDotPwn - The Directory Traversal Fuzzer |
![](https://camo.githubusercontent.com/401a00a96d5bb385cca32948cce23078b5190faeeb0038882907da16d2411d1b/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f7769726567686f756c2f646f74646f7470776e3f6c6162656c3d253230) |
|
![linux](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/linux.png) ![macos](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/apple.png) ![windows](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/windows.png) ![](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/perl.png) |
Fuzzer |
crlfuzz |
A fast tool to scan CRLF vulnerability written in Go |
![](https://camo.githubusercontent.com/ac34e5a20764510eba64562f3c85d27c0c495180f143fe4e424c0ef05f2a2f11/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f64776973697377616e74302f63726c66757a7a3f6c6162656c3d253230) |
|
![linux](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/linux.png) ![macos](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/apple.png) ![windows](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/windows.png) ![](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/shell.png) |
Fuzzer |
wfuzz |
Web application fuzzer |
![](https://camo.githubusercontent.com/095d4fe199c2bdb7574774477fa72ac9bcfd43e7e9f6413a057013b7e5b5dd97/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f786d656e64657a2f7766757a7a3f6c6162656c3d253230) |
|
![linux](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/linux.png) ![macos](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/apple.png) ![windows](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/windows.png) ![](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/python.png) |
Fuzzer |
jwt-hack |
🔩 jwt-hack is tool for hacking / security testing to JWT. Supported for En/decoding JWT, Generate payload for JWT attack and very fast cracking(dict/brutefoce) |
![](https://camo.githubusercontent.com/9d591bb1d1fbdbdb3ecc111429c867859f6273f66811ba90de4527197da5f64b/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f68616877756c2f6a77742d6861636b3f6c6162656c3d253230) |
jwt |
![linux](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/linux.png) ![macos](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/apple.png) ![windows](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/windows.png) ![](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/go.png) |
Fuzzer |
GraphQLmap |
GraphQLmap is a scripting engine to interact with a graphql endpoint for pentesting purposes. |
![](https://camo.githubusercontent.com/e1d31209bb91445153b12cc39f660fd0635dc621839ef2438a6d9a0ad7de3dc3/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f73776973736b797265706f2f4772617068514c6d61703f6c6162656c3d253230) |
|
![linux](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/linux.png) ![macos](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/apple.png) ![windows](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/windows.png) ![](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/python.png) |
Fuzzer |
kiterunner |
Contextual Content Discovery Tool |
![](https://camo.githubusercontent.com/2bbb7f7e71d37423deb78415d8bdcefc798e9453343810b2d4bf357134a1b7cc/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f61737365746e6f74652f6b69746572756e6e65723f6c6162656c3d253230) |
|
![linux](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/linux.png) ![macos](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/apple.png) ![windows](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/windows.png) ![](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/go.png) |
Fuzzer |
ppfuzz |
A fast tool to scan client-side prototype pollution vulnerability written in Rust. 🦀 |
![](https://camo.githubusercontent.com/634f1c4f5b3eafdb082bf0c35f8cdc870a17574185c4579d8ca91e65a818f15e/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f64776973697377616e74302f707066757a7a3f6c6162656c3d253230) |
|
![linux](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/linux.png) ![macos](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/apple.png) ![windows](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/windows.png) ![](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/rust.png) |
Fuzzer |
feroxbuster |
A fast, simple, recursive content discovery tool written in Rust. |
![](https://camo.githubusercontent.com/451da68a849f7d54ebbbdc70c125175484ef131a04875b8fd9a7e49e8fd5b37a/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f6570693035322f6665726f786275737465723f6c6162656c3d253230) |
|
![linux](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/linux.png) ![macos](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/apple.png) ![windows](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/windows.png) ![](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/rust.png) |
Fuzzer |
thc-hydra |
hydra |
![](https://camo.githubusercontent.com/bf5d4dfc76b37dd0543ab390d1aa13966e02e0e04f0757e1564c8751290d853f/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f76616e6861757365722d7468632f7468632d68796472613f6c6162656c3d253230) |
|
![linux](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/linux.png) ![macos](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/apple.png) ![windows](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/windows.png) ![](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/c.png) |
Fuzzer |
BruteX |
Automatically brute force all services running on a target. |
![](https://camo.githubusercontent.com/3752d5b3d0e0fa6a984b800f12af83c169ecc787f31f5429df27387a0bc20d6e/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f314e332f4272757465583f6c6162656c3d253230) |
|
![linux](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/linux.png) ![macos](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/apple.png) ![windows](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/windows.png) ![](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/shell.png) |
Fuzzer |
c-jwt-cracker |
JWT brute force cracker written in C |
![](https://camo.githubusercontent.com/62efa78c2258db018d0ae87fdc52da389b6a93ca3a0b4267751720a911b613d6/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f6272656e64616e2d726975732f632d6a77742d637261636b65723f6c6162656c3d253230) |
jwt |
![linux](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/linux.png) ![macos](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/apple.png) ![windows](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/windows.png) ![](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/c.png) |
Fuzzer |
SSRFmap |
Automatic SSRF fuzzer and exploitation tool |
![](https://camo.githubusercontent.com/7b138c7dff25747c2f62b0ae5ab39d06072cab6b3c8bf6e50bf4a3b96f5d4351/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f73776973736b797265706f2f535352466d61703f6c6162656c3d253230) |
ssrf |
![linux](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/linux.png) ![macos](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/apple.png) ![windows](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/windows.png) ![](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/python.png) |
Fuzzer |
ffuf |
Fast web fuzzer written in Go |
![](https://camo.githubusercontent.com/61477cbafabe5a4def450ec90cff236018e5a6ca088082a49d39ba2eee7650f1/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f666675662f666675663f6c6162656c3d253230) |
|
![linux](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/linux.png) ![macos](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/apple.png) ![windows](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/windows.png) ![](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/go.png) |
Fuzzer |
jwt-cracker |
Simple HS256 JWT token brute force cracker |
![](https://camo.githubusercontent.com/d227d4a408a44f7718ab52a9813032ba931f1567f0fc84f1dcad10208fc7419b/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f6c6d616d6d696e6f2f6a77742d637261636b65723f6c6162656c3d253230) |
jwt |
![linux](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/linux.png) ![macos](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/apple.png) ![windows](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/windows.png) ![](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/javascript.png) |
Fuzzer |
fuzzparam |
A fast go based param miner to fuzz possible parameters a URL can have. |
![](https://camo.githubusercontent.com/9b0c54d9e5debc765b432273e5552cf538b5e16b9e6927932265e8e184dd2c53/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f307873617072612f66757a7a706172616d3f6c6162656c3d253230) |
|
![linux](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/linux.png) ![macos](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/apple.png) ![windows](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/windows.png) ![](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/go.png) |
Scanner |
Corsy |
CORS Misconfiguration Scanner |
![](https://camo.githubusercontent.com/aceb635301e5a411f8df26eadea70022c2c33bffc0419514f4dd3d3e5b586a2c/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f73306d6433762f436f7273793f6c6162656c3d253230) |
|
![linux](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/linux.png) ![macos](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/apple.png) ![windows](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/windows.png) ![](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/python.png) |
Scanner |
Striker |
Striker is an offensive information and vulnerability scanner. |
![](https://camo.githubusercontent.com/319ae67ad2db4f851fc1a44be36b9096275c77f433bef8a98c823c310c36797a/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f73306d6433762f537472696b65723f6c6162656c3d253230) |
|
![linux](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/linux.png) ![macos](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/apple.png) ![windows](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/windows.png) ![](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/python.png) |
Scanner |
XSStrike |
Most advanced XSS scanner. |
![](https://camo.githubusercontent.com/7041f5d7e5245c01e5a7e89466f92bd6d37ab329d8647cb786e78088e3fe75e4/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f73306d6433762f5853537472696b653f6c6162656c3d253230) |
xss |
![linux](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/linux.png) ![macos](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/apple.png) ![windows](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/windows.png) ![](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/python.png) |
Scanner |
github-search |
Tools to perform basic search on GitHub. |
![](https://camo.githubusercontent.com/ab3b67bef0bb9fc525068270c7de420d6400e534d29528052bbd2e37d0b9b2d3/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f6777656e3030312f6769746875622d7365617263683f6c6162656c3d253230) |
|
![linux](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/linux.png) ![macos](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/apple.png) ![windows](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/windows.png) ![](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/javascript.png) |
Scanner |
findom-xss |
A fast DOM based XSS vulnerability scanner with simplicity. |
![](https://camo.githubusercontent.com/5d45bcb8c844067d3543b15fa609e6338e4e62ffc1c11a9f614781a72bae4d50/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f64776973697377616e74302f66696e646f6d2d7873733f6c6162656c3d253230) |
xss |
![linux](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/linux.png) ![macos](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/apple.png) ![windows](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/windows.png) ![](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/shell.png) |
Scanner |
sqlmap |
Automatic SQL injection and database takeover tool |
![](https://camo.githubusercontent.com/384d7430f79e8d77e2c7a1e225d88ae3c0d83aceeb5bcfb607f52294f12e2d3e/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f73716c6d617070726f6a6563742f73716c6d61703f6c6162656c3d253230) |
|
![linux](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/linux.png) ![macos](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/apple.png) ![windows](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/windows.png) ![](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/python.png) |
Scanner |
ditto |
A tool for IDN homograph attacks and detection. |
![](https://camo.githubusercontent.com/47be8a4eee46093d1cbeb26f8183fb37dd3e4a397fd989fc11fba6d02c73ae8c/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f6576696c736f636b65742f646974746f3f6c6162656c3d253230) |
|
![linux](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/linux.png) ![macos](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/apple.png) ![windows](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/windows.png) ![](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/go.png) |
Scanner |
smuggler |
Smuggler - An HTTP Request Smuggling / Desync testing tool written in Python 3 |
![](https://camo.githubusercontent.com/3da39c3894bb740a7a744d67d20b517c16c3f99e94fa2352665cc9525a86baf5/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f646566706172616d2f736d7567676c65723f6c6162656c3d253230) |
smuggle |
![linux](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/linux.png) ![macos](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/apple.png) ![windows](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/windows.png) ![](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/python.png) |
Scanner |
dalfox |
🌘🦊 DalFox(Finder Of XSS) / Parameter Analysis and XSS Scanning tool based on golang |
![](https://camo.githubusercontent.com/8f7794e190c707f6c0126ae38f4019195651a13448882e5785a5ae84b4850fdd/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f68616877756c2f64616c666f783f6c6162656c3d253230) |
xss |
![linux](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/linux.png) ![macos](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/apple.png) ![windows](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/windows.png) ![](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/go.png) |
Scanner |
rapidscan |
The Multi-Tool Web Vulnerability Scanner. |
![](https://camo.githubusercontent.com/7735f6081e18d64ff3dc6177998057cae03faafe4bda3f0862acb70450320bef/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f736b61766e67722f72617069647363616e3f6c6162656c3d253230) |
|
![linux](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/linux.png) ![macos](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/apple.png) ![windows](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/windows.png) ![](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/python.png) |
Scanner |
gitleaks |
Scan git repos (or files) for secrets using regex and entropy 🔑 |
![](https://camo.githubusercontent.com/893095fd6b298e5148a19002d09163d5e189d8ea5f8b2d10e779d52eb6eb05d1/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f7a726963657468657a61762f6769746c65616b733f6c6162656c3d253230) |
|
![linux](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/linux.png) ![macos](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/apple.png) ![windows](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/windows.png) ![](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/go.png) |
Scanner |
LFISuite |
Totally Automatic LFI Exploiter (+ Reverse Shell) and Scanner |
![](https://camo.githubusercontent.com/05c0a1540ab4190416e12890638a69fd15f80af13fba9c53ff71ca112032171f/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f4433356d306e643134322f4c464953756974653f6c6162656c3d253230) |
|
![linux](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/linux.png) ![macos](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/apple.png) ![windows](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/windows.png) ![](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/python.png) |
Scanner |
nikto |
Nikto web server scanner |
![](https://camo.githubusercontent.com/413cfbe718a82dedcf99b50c0a62dd884f9391fab37770ff1f7a08c4fd161012/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f73756c6c6f2f6e696b746f3f6c6162656c3d253230) |
|
![linux](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/linux.png) ![macos](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/apple.png) ![windows](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/windows.png) ![](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/perl.png) |
Scanner |
ppmap |
A scanner/exploitation tool written in GO, which leverages client-side Prototype Pollution to XSS by exploiting known gadgets. |
![](https://camo.githubusercontent.com/d287a1d568c10fb4498a715ff97e5bdf717c9d404d68f02350f4fb5b02805a4d/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f6b6c6569746f6e307830302f70706d61703f6c6162656c3d253230) |
|
![linux](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/linux.png) ![macos](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/apple.png) ![windows](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/windows.png) ![](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/go.png) |
Scanner |
arachni |
Web Application Security Scanner Framework |
![](https://camo.githubusercontent.com/546aa3564ac7268a5638c257be746d0cfd1df3ca991ada884f46a8d3d0cc0b9a/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f41726163686e692f61726163686e693f6c6162656c3d253230) |
|
![linux](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/linux.png) ![macos](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/apple.png) ![windows](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/windows.png) ![](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/ruby.png) |
Scanner |
nosqli |
NoSql Injection CLI tool |
![](https://camo.githubusercontent.com/026b878c5035e970b0a249341cc74bd94a025eae7f9f159923f859a6fd593a46/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f436861726c69652d62656c6d65722f6e6f73716c693f6c6162656c3d253230) |
|
![linux](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/linux.png) ![macos](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/apple.png) ![windows](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/windows.png) ![](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/go.png) |
Scanner |
tplmap |
Server-Side Template Injection and Code Injection Detection and Exploitation Tool |
![](https://camo.githubusercontent.com/7f294eefb4662ee7e65ba92c6fd925434dbb91c7328606dd3ccd0200e07e0770/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f6570696e6e612f74706c6d61703f6c6162656c3d253230) |
|
![linux](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/linux.png) ![macos](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/apple.png) ![windows](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/windows.png) ![](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/python.png) |
Scanner |
headi |
Customisable and automated HTTP header injection |
![](https://camo.githubusercontent.com/751bd19ad906d632870f0733a146bd7564064518dbd4b649b0da0fad947af65c/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f6d6c637365632f68656164693f6c6162656c3d253230) |
|
![linux](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/linux.png) ![macos](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/apple.png) ![windows](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/windows.png) ![](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/go.png) |
Scanner |
NoSQLMap |
Automated NoSQL database enumeration and web application exploitation tool. |
![](https://camo.githubusercontent.com/a3e24761ef4b460ace6966d34447b968a20eefdcbba8797e0d5a03dba8e71c1c/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f636f64696e676f2f4e6f53514c4d61703f6c6162656c3d253230) |
|
![linux](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/linux.png) ![macos](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/apple.png) ![windows](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/windows.png) ![](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/python.png) |
Scanner |
Taipan |
Web application vulnerability scanner |
![](https://camo.githubusercontent.com/c241541e1e8f3eda2d25f209392680775e13b4cc1cf5212a8e73db623f92866e/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f656e6b6f6d696f2f54616970616e3f6c6162656c3d253230) |
|
![linux](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/linux.png) ![macos](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/apple.png) ![windows](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/windows.png) |
Scanner |
confused |
Tool to check for dependency confusion vulnerabilities in multiple package management systems |
![](https://camo.githubusercontent.com/00049c4e3669aaf691f8ad7bd1081835fdc3e404102847ecaa1a6fd70a3bd1d2/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f7669736d612d70726f647365632f636f6e66757365643f6c6162656c3d253230) |
|
![linux](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/linux.png) ![macos](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/apple.png) ![windows](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/windows.png) ![](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/go.png) |
Scanner |
xsscrapy |
XSS/SQLi spider. Give it a URL and it'll test every link it finds for XSS and some SQLi. |
![](https://camo.githubusercontent.com/ffd309cc1f43d9df4a63d03b8da9f3d9ece6a4ed4307bb663a4c2e781d888fd6/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f44616e4d63496e65726e65792f78737363726170793f6c6162656c3d253230) |
xss |
![linux](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/linux.png) ![macos](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/apple.png) ![windows](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/windows.png) ![](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/python.png) |
Scanner |
fockcache |
FockCache - Minimalized Test Cache Poisoning |
![](https://camo.githubusercontent.com/a4b76356bce3ae76a480bbc756c080b9abbecf20425ede0a0b420da098916392/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f7469736d6179696c2f666f636b63616368653f6c6162656c3d253230) |
|
![linux](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/linux.png) ![macos](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/apple.png) ![windows](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/windows.png) ![](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/go.png) |
Scanner |
httprobe |
Take a list of domains and probe for working HTTP and HTTPS servers |
![](https://camo.githubusercontent.com/9ba9355e5dd7f5b11dbac39bc47d456538b530386dc9dfbdd37fa785a66e7491/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f746f6d6e6f6d6e6f6d2f68747470726f62653f6c6162656c3d253230) |
|
![linux](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/linux.png) ![macos](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/apple.png) ![windows](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/windows.png) ![](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/go.png) |
Scanner |
S3Scanner |
Scan for open AWS S3 buckets and dump the contents |
![](https://camo.githubusercontent.com/c437281096f85c718f0c67260a204eb618cfa29670fadd3f47a2f8cced678d0e/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f7361376d6f6e2f53335363616e6e65723f6c6162656c3d253230) |
s3 |
![linux](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/linux.png) ![macos](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/apple.png) ![windows](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/windows.png) ![](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/python.png) |
Scanner |
plution |
Prototype pollution scanner using headless chrome |
![](https://camo.githubusercontent.com/d5a7d3ecfd43e4d140acca4f81c5244c9ea62a5732cad39f56f0398130e547ac/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f726176657272722f706c7574696f6e3f6c6162656c3d253230) |
|
![linux](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/linux.png) ![macos](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/apple.png) ![windows](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/windows.png) ![](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/go.png) |
Scanner |
domdig |
DOM XSS scanner for Single Page Applications |
![](https://camo.githubusercontent.com/21f49dbcb3207aec613a8bcf41b9849a29fa038d22d7391ab95144a34674ac04/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f66636176616c6c6172696e2f646f6d6469673f6c6162656c3d253230) |
xss |
![linux](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/linux.png) ![macos](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/apple.png) ![windows](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/windows.png) ![](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/javascript.png) |
Scanner |
hinject |
Host Header Injection Checker |
![](https://camo.githubusercontent.com/40bbbd8091ff678839ddd0d42079bd67b34175e3d8d6cccee77dc23be9c2ded5/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f64776973697377616e74302f68696e6a6563743f6c6162656c3d253230) |
|
![linux](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/linux.png) ![macos](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/apple.png) ![windows](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/windows.png) ![](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/go.png) |
Scanner |
sqliv |
massive SQL injection vulnerability scanner |
![](https://camo.githubusercontent.com/a406102dbde4430fffe18afe4704835f1ca046cffc23f08bb3fdd8834748f6d9/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f7468652d726f626f742f73716c69763f6c6162656c3d253230) |
sqli |
![linux](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/linux.png) ![macos](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/apple.png) ![windows](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/windows.png) ![](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/python.png) |
Scanner |
zap-cli |
A simple tool for interacting with OWASP ZAP from the commandline. |
![](https://camo.githubusercontent.com/8dc360065044882684bc76da2e469760ace409ea60e1f6b8262429e05df585e4/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f4772756e6e792f7a61702d636c693f6c6162656c3d253230) |
|
![linux](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/linux.png) ![macos](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/apple.png) ![windows](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/windows.png) ![zap](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/zap.png) ![](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/python.png) |
Scanner |
http2smugl |
This tool helps to detect and exploit HTTP request smuggling in cases it can be achieved via HTTP/2 -> HTTP/1.1 conversion by the frontend server. |
![](https://camo.githubusercontent.com/caf487c9d43087a53e46e4010fb3dda960c453cf9097fad273061bf3196c427e/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f6e6565782f6874747032736d75676c3f6c6162656c3d253230) |
|
![linux](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/linux.png) ![macos](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/apple.png) ![windows](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/windows.png) ![](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/go.png) |
Scanner |
DirDar |
DirDar is a tool that searches for (403-Forbidden) directories to break it and get dir listing on it |
![](https://camo.githubusercontent.com/5b8cde04b189b5c72962ed92793ac2ef6e26cceae26489c6172df9501b688e02/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f4d34444d30652f4469724461723f6c6162656c3d253230) |
403 |
![linux](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/linux.png) ![macos](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/apple.png) ![windows](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/windows.png) ![](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/go.png) |
Scanner |
DOMPurify |
DOMPurify - a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMPurify works with a secure default, but offers a lot of configurability and hooks. Demo: |
![](https://camo.githubusercontent.com/b443644a1ed9f2c078ad8156aced1e0fea42c54e9be619059933294827d715b7/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f6375726535332f444f4d5075726966793f6c6162656c3d253230) |
xss |
![linux](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/linux.png) ![macos](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/apple.png) ![windows](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/windows.png) ![](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/javascript.png) |
Scanner |
OpenRedireX |
A Fuzzer for OpenRedirect issues |
![](https://camo.githubusercontent.com/652c7a37a314bd807fffe1f6a25e496f617d92628f8c4731e9d1e1d5d891d6e2/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f646576616e736862617468616d2f4f70656e526564697265583f6c6162656c3d253230) |
|
![linux](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/linux.png) ![macos](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/apple.png) ![windows](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/windows.png) ![](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/python.png) |
Scanner |
CorsMe |
Cross Origin Resource Sharing MisConfiguration Scanner |
![](https://camo.githubusercontent.com/8390bad75fff284e63dcaf7e362bbe01829fcc99b53a0e5b6c54b1909b8acd84/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f53686976616e67783031622f436f72734d653f6c6162656c3d253230) |
|
![linux](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/linux.png) ![macos](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/apple.png) ![windows](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/windows.png) ![](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/go.png) |
Scanner |
Chromium-based-XSS-Taint-Tracking |
Cyclops is a web browser with XSS detection feature, it is chromium-based xss detection that used to find the flows from a source to a sink. |
![](https://camo.githubusercontent.com/2b1dc1075d607cd69dbd9f816263fab598266e1ad852c73d9268ec3717a8df2c/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f7638626c696e6b2f4368726f6d69756d2d62617365642d5853532d5461696e742d547261636b696e673f6c6162656c3d253230) |
|
![linux](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/linux.png) ![macos](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/apple.png) ![windows](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/windows.png) |
Scanner |
websocket-connection-smuggler |
websocket-connection-smuggler |
![](https://camo.githubusercontent.com/189c2ed6bf288aaab104f9de44e5765dccd0f1b1892a6820deb0a584e0fdea0f/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f68616877756c2f776562736f636b65742d636f6e6e656374696f6e2d736d7567676c65723f6c6162656c3d253230) |
smuggle |
![linux](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/linux.png) ![macos](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/apple.png) ![windows](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/windows.png) ![](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/go.png) |
Scanner |
nmap |
Nmap - the Network Mapper. Github mirror of official SVN repository. |
![](https://camo.githubusercontent.com/b2198d850b742138a55d71964c807fb2991983ff3da851187b06bda6c4e21c26/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f6e6d61702f6e6d61703f6c6162656c3d253230) |
|
![linux](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/linux.png) ![macos](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/apple.png) ![windows](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/windows.png) ![](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/c.png) |
Scanner |
http-request-smuggling |
HTTP Request Smuggling Detection Tool |
![](https://camo.githubusercontent.com/56a1a86f9e02b8ee05ce8bc3b930e3a923b52f8435d16c626d95a48014f80c50/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f616e7368756d616e706174746e61696b2f687474702d726571756573742d736d7567676c696e673f6c6162656c3d253230) |
|
![linux](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/linux.png) ![macos](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/apple.png) ![windows](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/windows.png) ![](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/python.png) |
Scanner |
a2sv |
Auto Scanning to SSL Vulnerability |
![](https://camo.githubusercontent.com/8c98d47d0f42f8ca5065fb09357a643873a2194614999452bafca3ded8e95297/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f68616877756c2f613273763f6c6162656c3d253230) |
ssl |
![linux](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/linux.png) ![macos](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/apple.png) ![windows](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/windows.png) ![](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/python.png) |
Scanner |
DSSS |
Damn Small SQLi Scanner |
![](https://camo.githubusercontent.com/32d95b0f98a51332902ec63620a66c73b2f4801b8fe333caafd27a2520edf3ee/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f7374616d7061726d2f445353533f6c6162656c3d253230) |
|
![linux](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/linux.png) ![macos](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/apple.png) ![windows](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/windows.png) ![](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/python.png) |
Scanner |
commix |
Automated All-in-One OS Command Injection Exploitation Tool. |
![](https://camo.githubusercontent.com/89ff1e2931e6c5d964c517446fbb1ead2ac61747c939266be6f6b0ef81efa506/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f636f6d6d697870726f6a6563742f636f6d6d69783f6c6162656c3d253230) |
|
![linux](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/linux.png) ![macos](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/apple.png) ![windows](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/windows.png) ![](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/python.png) |
Scanner |
ssrf-sheriff |
A simple SSRF-testing sheriff written in Go |
![](https://camo.githubusercontent.com/8a2a306ec9ba6f1c033b5883cacee06bd21ecb531d130d7b1b6bbfc50d551732/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f74656b6e6f6765656b2f737372662d736865726966663f6c6162656c3d253230) |
|
![linux](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/linux.png) ![macos](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/apple.png) ![windows](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/windows.png) ![](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/go.png) |
Scanner |
dontgo403 |
Tool to bypass 40X response codes. |
![](https://camo.githubusercontent.com/d6b2ac5cc8336f15e28c3b8597d82300fa83d6f60777a3da227ac5293ccf9c8a/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f646576706c6f69742f646f6e74676f3430333f6c6162656c3d253230) |
403 |
![linux](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/linux.png) ![macos](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/apple.png) ![windows](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/windows.png) ![](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/go.png) |
Scanner |
jsprime |
a javascript static security analysis tool |
![](https://camo.githubusercontent.com/9d00dad8dabfb20c25380ba6bb456acd7788dd093a21b5645492eaeafba604af/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f64706e697368616e742f6a737072696d653f6c6162656c3d253230) |
|
![linux](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/linux.png) ![macos](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/apple.png) ![windows](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/windows.png) ![](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/javascript.png) |
Scanner |
h2csmuggler |
HTTP Request Smuggling Detection Tool |
![](https://camo.githubusercontent.com/e3d105be6f538842db05db70fd5a46633acbb3f6fe085fff880c8975e74d13af/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f61737365746e6f74652f683263736d7567676c65723f6c6162656c3d253230) |
smuggle |
![linux](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/linux.png) ![macos](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/apple.png) ![windows](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/windows.png) ![](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/go.png) |
Scanner |
PPScan |
Client Side Prototype Pollution Scanner |
![](https://camo.githubusercontent.com/76025ff0f53cc1d68552071a858b300c6e521b42896a9c2df256aebe3ec39c62/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f6d73726b702f50505363616e3f6c6162656c3d253230) |
|
![linux](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/linux.png) ![macos](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/apple.png) ![windows](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/windows.png) ![](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/javascript.png) |
Scanner |
xsinator.com |
XS-Leak Browser Test Suite |
![](https://camo.githubusercontent.com/1dc2980ef9ce977ca4324a257f5de23712a839359a6688e68996e0da9e5c2f33/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f5255422d4e44532f7873696e61746f722e636f6d3f6c6162656c3d253230) |
|
![linux](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/linux.png) ![macos](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/apple.png) ![windows](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/windows.png) ![](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/javascript.png) |
Scanner |
wpscan |
WPScan is a free, for non-commercial use, black box WordPress Vulnerability Scanner written for security professionals and blog maintainers to test the security of their WordPress websites. |
![](https://camo.githubusercontent.com/6cec90551d2217b66304c1c83e3e079e30c51576443a063e6fb61e958044c629/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f77707363616e7465616d2f77707363616e3f6c6162656c3d253230) |
|
![linux](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/linux.png) ![macos](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/apple.png) ![windows](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/windows.png) ![](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/ruby.png) |
Scanner |
xsser |
Cross Site "Scripter" (aka XSSer) is an automatic -framework- to detect, exploit and report XSS vulnerabilities in web-based applications. |
![](https://camo.githubusercontent.com/97617d7866a436fa5fb711d07d420876bf48a2f1fa268d100483587c710310e5/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f657073796c6f6e2f78737365723f6c6162656c3d253230) |
xss |
![linux](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/linux.png) ![macos](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/apple.png) ![windows](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/windows.png) ![](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/python.png) |
Scanner |
testssl.sh |
Testing TLS/SSL encryption anywhere on any port |
![](https://camo.githubusercontent.com/a0f29ef0f77123ef1636e89d9fee41a6493696a05329b3da58faa38ae15203ba/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f64727765747465722f7465737473736c2e73683f6c6162656c3d253230) |
|
![linux](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/linux.png) ![macos](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/apple.png) ![windows](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/windows.png) ![](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/shell.png) |
Scanner |
Web-Cache-Vulnerability-Scanner |
Web Cache Vulnerability Scanner is a Go-based CLI tool for testing for web cache poisoning. It is developed by Hackmanit GmbH (http://hackmanit.de/). |
![](https://camo.githubusercontent.com/6f38ef3f083b280c9e82bb99d1e06cf1d3f76aacd128f41b5f2e452722445905/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f4861636b6d616e69742f5765622d43616368652d56756c6e65726162696c6974792d5363616e6e65723f6c6162656c3d253230) |
|
![linux](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/linux.png) ![macos](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/apple.png) ![windows](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/windows.png) ![](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/go.png) |
Scanner |
wprecon |
Hello! Welcome. Wprecon (Wordpress Recon), is a vulnerability recognition tool in CMS Wordpress, 100% developed in Go. |
![](https://camo.githubusercontent.com/393a15917f8af811c919efacb44f15a7f4fb9853bdafcc919c2aa8cb79f212a8/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f626c61636b6372772f77707265636f6e3f6c6162656c3d253230) |
|
![linux](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/linux.png) ![macos](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/apple.png) ![windows](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/windows.png) ![](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/go.png) |
Scanner |
AWSBucketDump |
Security Tool to Look For Interesting Files in S3 Buckets |
![](https://camo.githubusercontent.com/ffc9b2229cb02ecff978b8a49308e67838b4593de5ad0317fe08375dfd889ac2/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f6a6f7264616e706f7474692f4157534275636b657444756d703f6c6162656c3d253230) |
s3 |
![linux](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/linux.png) ![macos](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/apple.png) ![windows](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/windows.png) ![](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/python.png) |
Scanner |
corsair_scan |
Corsair_scan is a security tool to test Cross-Origin Resource Sharing (CORS). |
![](https://camo.githubusercontent.com/5f38f67da27797b874c1ae4ff8a0ea36ee2b02502fabcb7173bad809d0c75021/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f53616e74616e646572736563757269747972657365617263682f636f72736169725f7363616e3f6c6162656c3d253230) |
|
![linux](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/linux.png) ![macos](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/apple.png) ![windows](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/windows.png) ![](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/python.png) |
Scanner |
web_cache_poison |
web cache poison - Top 1 web hacking technique of 2019 |
![](https://camo.githubusercontent.com/6b6a7bb03ee4e7a36bc3c50ece3f864df53d95f8fe147540d295ecb67384b481/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f666e676f6f2f7765625f63616368655f706f69736f6e3f6c6162656c3d253230) |
|
![linux](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/linux.png) ![macos](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/apple.png) ![windows](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/windows.png) ![](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/shell.png) |
Scanner |
DeepViolet |
Tool for introspection of SSL\TLS sessions |
![](https://camo.githubusercontent.com/d1b2ceb41d2b2a3dcc06fd746cb280b51cfb0b421b51458ad4b4361f753012cc/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f73706f6f667a752f4465657056696f6c65743f6c6162656c3d253230) |
ssl |
![linux](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/linux.png) ![macos](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/apple.png) ![windows](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/windows.png) ![](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/java.png) |
Scanner |
HRS |
HTTP Request Smuggling demonstration Perl script, for variants 1, 2 and 5 in my BlackHat US 2020 paper HTTP Request Smuggling in 2020. |
![](https://camo.githubusercontent.com/b377df64e598613e74b5f3da8de8a943f796bb72693da36f7cb3c9fe3e67834b/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f536166654272656163682d4c6162732f4852533f6c6162656c3d253230) |
|
![linux](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/linux.png) ![macos](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/apple.png) ![windows](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/windows.png) ![](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/perl.png) |
Scanner |
VHostScan |
A virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, work around wildcards, aliases and dynamic default pages. |
![](https://camo.githubusercontent.com/2752dd1b4a389264e7e73b77577838df68461a025357322e371fd88af0d96e6d/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f636f64696e676f2f56486f73745363616e3f6c6162656c3d253230) |
|
![linux](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/linux.png) ![macos](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/apple.png) ![windows](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/windows.png) ![](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/python.png) |
Scanner |
gitGraber |
gitGraber |
![](https://camo.githubusercontent.com/1082037506878d5f2d867ab9a67bd8a5c12c0082a6e6d12d66c2f99d764f973a/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f686973786f2f6769744772616265723f6c6162656c3d253230) |
|
![linux](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/linux.png) ![macos](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/apple.png) ![windows](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/windows.png) ![](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/python.png) |
Scanner |
XSpear |
Powerfull XSS Scanning and Parameter analysis tool&gem |
![](https://camo.githubusercontent.com/895061ef9005c7069317840a1cc0761c43a9c382a4f49f73bc1547c5c06e3cc7/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f68616877756c2f5853706561723f6c6162656c3d253230) |
xss |
![linux](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/linux.png) ![macos](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/apple.png) ![windows](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/windows.png) ![](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/ruby.png) |
Scanner |
nuclei |
Nuclei is a fast tool for configurable targeted scanning based on templates offering massive extensibility and ease of use. |
![](https://camo.githubusercontent.com/746a98d90005bc000f63c2a1cf763ba035d83014403275afa4d90655185c30db/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f70726f6a656374646973636f766572792f6e75636c65693f6c6162656c3d253230) |
|
![linux](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/linux.png) ![macos](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/apple.png) ![windows](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/windows.png) ![](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/go.png) |
Scanner |
ws-smuggler |
WebSocket Connection Smuggler |
![](https://camo.githubusercontent.com/031f6b58291c55a7e84205a65a6f629658e16e63b37d998e5b09b3497b4a1066/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f68616877756c2f77732d736d7567676c65723f6c6162656c3d253230) |
smuggle |
![linux](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/linux.png) ![macos](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/apple.png) ![windows](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/windows.png) ![](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/go.png) |
Exploit |
Gopherus |
This tool generates gopher link for exploiting SSRF and gaining RCE in various servers |
![](https://camo.githubusercontent.com/d1c816765b5d47e3b72ecc58981bc427fd0c4a0a62c50b280253effb6e9dac2d/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f746172756e6b616e742f476f7068657275733f6c6162656c3d253230) |
|
![linux](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/linux.png) ![macos](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/apple.png) ![windows](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/windows.png) ![](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/python.png) |
Exploit |
SQL Ninja |
SQL Injection scanner |
|
|
![linux](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/linux.png) ![macos](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/apple.png) ![windows](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/windows.png) |
Exploit |
xxeserv |
A mini webserver with FTP support for XXE payloads |
![](https://camo.githubusercontent.com/5f6b725b2c8ead5d4d37e561956b3b92685f8fa05f5d6449073ee383bbd12a3e/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f737461616c64726161642f787865736572763f6c6162656c3d253230) |
|
![linux](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/linux.png) ![macos](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/apple.png) ![windows](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/windows.png) ![](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/go.png) |
Exploit |
ropr |
A blazing fast™ multithreaded ROP Gadget finder. ropper |
![](https://camo.githubusercontent.com/1b3965ddcda25f0b40fd9bd27b87598146a77f4e96a3835f51be4f20924ff821/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f42656e2d4c696368746d616e2f726f70723f6c6162656c3d253230) |
rop |
![linux](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/linux.png) ![macos](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/apple.png) ![windows](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/windows.png) ![](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/rust.png) |
Exploit |
XXEinjector |
Tool for automatic exploitation of XXE vulnerability using direct and different out of band methods. |
![](https://camo.githubusercontent.com/fc87e7ffd26b1edc41da215e8e95d1b771e22103deb00ff745e443619dba3a7a/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f656e6a6f697a2f585845696e6a6563746f723f6c6162656c3d253230) |
xxe |
![linux](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/linux.png) ![macos](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/apple.png) ![windows](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/windows.png) ![](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/ruby.png) |
Exploit |
toxssin |
An XSS exploitation command-line interface and payload generator. |
![](https://camo.githubusercontent.com/0f890f83f64c236515e82b94b4527a11837fd68803532be495dd2ab9781dbe32/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f74336c336d61636875732f746f787373696e3f6c6162656c3d253230) |
xss |
![linux](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/linux.png) ![macos](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/apple.png) ![windows](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/windows.png) ![](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/python.png) |
Exploit |
SQLNinja |
SQL Injection scanner |
|
|
![linux](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/linux.png) ![macos](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/apple.png) ![windows](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/windows.png) |
Exploit |
singularity |
A DNS rebinding attack framework. |
![](https://camo.githubusercontent.com/bca75ca776b3add0478da7ffc5d6bd6d5c293104e79e5261f15406ed6ad6cfa2/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f6e636367726f75702f73696e67756c61726974793f6c6162656c3d253230) |
|
![linux](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/linux.png) ![macos](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/apple.png) ![windows](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/windows.png) ![](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/javascript.png) |
Exploit |
XSRFProbe |
The Prime Cross Site Request Forgery (CSRF) Audit and Exploitation Toolkit. |
![](https://camo.githubusercontent.com/b31dcde90bd63e537420fc130095e8a381ae504a8a4708a5840963f72938b454/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f3078496e66656374696f6e2f5853524650726f62653f6c6162656c3d253230) |
|
![linux](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/linux.png) ![macos](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/apple.png) ![windows](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/windows.png) ![](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/python.png) |
Exploit |
beef |
The Browser Exploitation Framework Project |
![](https://camo.githubusercontent.com/f630dbad0ef3c86d4dbc9c96fd34257aebdcef48f8c4e6384711c8e36f427c8b/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f6265656670726f6a6563742f626565663f6c6162656c3d253230) |
xss |
![linux](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/linux.png) ![macos](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/apple.png) ![windows](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/windows.png) ![](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/ruby.png) |
Exploit |
Sn1per |
Automated pentest framework for offensive security experts |
![](https://camo.githubusercontent.com/7ea30f37ba1677e0ea8a0b303c0e99581fe53ba4a0594951380b1ae3bbf508e9/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f314e332f536e317065723f6c6162656c3d253230) |
|
![linux](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/linux.png) ![macos](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/apple.png) ![windows](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/windows.png) ![](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/shell.png) |
Utils |
burl |
A Broken-URL Checker |
![](https://camo.githubusercontent.com/ab2e551b8b408dcb9e9ba478ba2e426bf4dbd2507d3ab9a34f7bda90427b3ff8/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f746f6d6e6f6d6e6f6d2f6275726c3f6c6162656c3d253230) |
url |
![linux](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/linux.png) ![macos](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/apple.png) ![windows](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/windows.png) ![](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/go.png) |
Utils |
gotestwaf |
An open-source project in Golang to test different web application firewalls (WAF) for detection logic and bypasses |
![](https://camo.githubusercontent.com/5047725c3fe7731433e2b52c33848e6e9ea4b5e812cde827c86402c8b1b4f5fc/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f77616c6c61726d2f676f746573747761663f6c6162656c3d253230) |
|
![linux](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/linux.png) ![macos](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/apple.png) ![windows](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/windows.png) ![](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/go.png) |
Utils |
Bug-Bounty-Toolz |
BBT - Bug Bounty Tools |
![](https://camo.githubusercontent.com/7818b60fcff166d3f4bd1d8801e4ef4d4824119fc2d6eec1adee2662fe1887d4/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f6d346c6c306b2f4275672d426f756e74792d546f6f6c7a3f6c6162656c3d253230) |
|
![linux](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/linux.png) ![macos](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/apple.png) ![windows](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/windows.png) ![](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/python.png) |
Utils |
pet |
Simple command-line snippet manager, written in Go. |
![](https://camo.githubusercontent.com/07c16e7bdc92ba37c55dfcd5d483123859bc70f1fabb3a7231e3a784e4e49b57/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f6b6e7179663236332f7065743f6c6162656c3d253230) |
|
![linux](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/linux.png) ![macos](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/apple.png) ![windows](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/windows.png) ![](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/go.png) |
Utils |
Gf-Patterns |
GF Paterns For (ssrf,RCE,Lfi,sqli,ssti,idor,url redirection,debug_logic) parameters grep |
![](https://camo.githubusercontent.com/6abf3aa7ab30072385866aba030e75220bc1c7941a7c5c62919338fb2f12b078/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f316e6469616e6c3333742f47662d5061747465726e733f6c6162656c3d253230) |
|
![linux](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/linux.png) ![macos](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/apple.png) ![windows](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/windows.png) |
Utils |
oxml_xxe |
A tool for embedding XXE/XML exploits into different filetypes |
![](https://camo.githubusercontent.com/3685b564dfcfc0974177593c8844cdb37e91408e8de85431cb771a973b59d09a/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f42756666616c6f57696c6c2f6f786d6c5f7878653f6c6162656c3d253230) |
|
![linux](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/linux.png) ![macos](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/apple.png) ![windows](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/windows.png) ![](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/ruby.png) |
Utils |
pwncat |
pwncat - netcat on steroids with Firewall, IDS/IPS evasion, bind and reverse shell, self-injecting shell and port forwarding magic - and its fully scriptable with Python (PSE) |
![](https://camo.githubusercontent.com/ff4e71123156103e841f07bdbbd3a98ad9ed7d4faca88aaae85f04a5f9a2326b/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f6379746f7069612f70776e6361743f6c6162656c3d253230) |
|
![linux](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/linux.png) ![macos](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/apple.png) ![windows](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/windows.png) ![](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/shell.png) |
Utils |
SecLists |
SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more. |
![](https://camo.githubusercontent.com/043f05bbf1c78cb0617c1e9940177a4d925f5a53c5769417120d501551984781/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f64616e69656c6d696573736c65722f5365634c697374733f6c6162656c3d253230) |
|
![linux](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/linux.png) ![macos](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/apple.png) ![windows](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/windows.png) ![](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/php.png) |
Utils |
quickjack |
Quickjack is a point-and-click tool for intuitively producing advanced clickjacking and frame slicing attacks. |
![](https://camo.githubusercontent.com/3139de8bb4dd40ba202129606583aa161de5ca1233c365acdfcc43698dda17bf/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f73616d796b2f717569636b6a61636b3f6c6162656c3d253230) |
|
![linux](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/linux.png) ![macos](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/apple.png) ![windows](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/windows.png) ![](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/javascript.png) |
Utils |
tiscripts |
Turbo Intruder Scripts |
![](https://camo.githubusercontent.com/ac78f6258498154ca0e28c59a3aa8adaf7eb917d420f982ff08c034b0c759bc4/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f646566706172616d2f7469736372697074733f6c6162656c3d253230) |
|
![linux](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/linux.png) ![macos](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/apple.png) ![windows](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/windows.png) ![](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/python.png) |
Utils |
ysoserial |
A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization. |
![](https://camo.githubusercontent.com/4e4b4e7cbbf528f9e34d131d66d0748ff1d2da353dd6264b1731267393a66c09/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f66726f686f66662f79736f73657269616c3f6c6162656c3d253230) |
|
![linux](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/linux.png) ![macos](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/apple.png) ![windows](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/windows.png) ![](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/java.png) |
Utils |
ob_hacky_slack |
Hacky Slack - a bash script that sends beautiful messages to Slack |
![](https://camo.githubusercontent.com/e145d17d8c4c5f6d985a60fe31547e0c89917735c2cf0a1c667839427ef085ba/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f6f70656e6272696467652f6f625f6861636b795f736c61636b3f6c6162656c3d253230) |
|
![linux](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/linux.png) ![macos](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/apple.png) ![windows](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/windows.png) ![](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/shell.png) |
Utils |
urlgrab |
A golang utility to spider through a website searching for additional links. |
![](https://camo.githubusercontent.com/d58fa7a574193d802da81a50f34cdccc96c0d923583f15e8dbf6114ad932491d/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f49416d53746f78652f75726c677261623f6c6162656c3d253230) |
|
![linux](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/linux.png) ![macos](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/apple.png) ![windows](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/windows.png) ![](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/go.png) |
Utils |
unfurl |
Pull out bits of URLs provided on stdin |
![](https://camo.githubusercontent.com/59cb0377a4209ea49f9a9762172be5f13edcda650bbb5278bdaed185c3ea4d25/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f746f6d6e6f6d6e6f6d2f756e6675726c3f6c6162656c3d253230) |
|
![linux](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/linux.png) ![macos](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/apple.png) ![windows](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/windows.png) ![](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/go.png) |
Utils |
pentest-tools |
Custom pentesting tools |
![](https://camo.githubusercontent.com/3e33bde6432e2f9741b6bd4b7d30b1b89f04633b652e5d605112fdc22ed0c554/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f6777656e3030312f70656e746573742d746f6f6c733f6c6162656c3d253230) |
|
![linux](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/linux.png) ![macos](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/apple.png) ![windows](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/windows.png) ![](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/python.png) |
Utils |
godeclutter |
Declutters URLs in a fast and flexible way, for improving input for web hacking automations such as crawlers and vulnerability scans. |
![](https://camo.githubusercontent.com/54d9747cda8aa214c770d724a006318c35fcf3bab2ddf9c661154310529897fd/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f63336c337369346e2f676f6465636c75747465723f6c6162656c3d253230) |
url |
![linux](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/linux.png) ![macos](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/apple.png) ![windows](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/windows.png) ![](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/go.png) |
Utils |
gotator |
Gotator is a tool to generate DNS wordlists through permutations. |
![](https://camo.githubusercontent.com/c063d6ea0105cfc482a6e686d903faed7a1c23366b9fda2c323f5a0ce90f9d26/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f4a6f73756538372f676f7461746f723f6c6162656c3d253230) |
|
![linux](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/linux.png) ![macos](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/apple.png) ![windows](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/windows.png) ![](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/go.png) |
Utils |
Phoenix |
hahwul's online tools |
|
|
![linux](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/linux.png) ![macos](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/apple.png) ![windows](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/windows.png) |
Utils |
Emissary |
Send notifications on different channels such as Slack, Telegram, Discord etc. |
![](https://camo.githubusercontent.com/e928af0e55fbd48670e2f1857f4cfd7e68566dc0ba948e99102cf466b73bce32/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f426f756e7479537472696b652f456d6973736172793f6c6162656c3d253230) |
|
![linux](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/linux.png) ![macos](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/apple.png) ![windows](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/windows.png) ![](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/go.png) |
Utils |
hacks |
A collection of hacks and one-off scripts |
![](https://camo.githubusercontent.com/2d015e55adbf31ea9e2e501932b1cfa4f367ad123759a8f55eb9f5a92843d16f/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f746f6d6e6f6d6e6f6d2f6861636b733f6c6162656c3d253230) |
|
![linux](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/linux.png) ![macos](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/apple.png) ![windows](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/windows.png) ![](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/go.png) |
Utils |
boast |
The BOAST Outpost for AppSec Testing (v0.1.0) |
![](https://camo.githubusercontent.com/2b9eec0c0e88cf6a15a0c38e5784895852bbf1edc170e01807eaca639f18c72f/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f6d6172636f61676e65722f626f6173743f6c6162656c3d253230) |
oast |
![linux](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/linux.png) ![macos](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/apple.png) ![windows](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/windows.png) ![](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/go.png) |
Utils |
CSP Evaluator |
Online CSP Evaluator from google |
|
|
![linux](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/linux.png) ![macos](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/apple.png) ![windows](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/windows.png) |
Utils |
can-i-take-over-xyz |
"Can I take over XYZ?" — a list of services and how to claim (sub)domains with dangling DNS records. |
![](https://camo.githubusercontent.com/c06a91fb321915791b2bc9ed1ef840d7b9a00cb812a6dd147ce50eafe8966fe5/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f45644f766572666c6f772f63616e2d692d74616b652d6f7665722d78797a3f6c6162656c3d253230) |
|
![linux](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/linux.png) ![macos](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/apple.png) ![windows](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/windows.png) |
Utils |
Atlas |
Quick SQLMap Tamper Suggester |
![](https://camo.githubusercontent.com/40e91fd2dc5f347c2743b85f57bce314fb93f786374f574b91ca73a62ec3ab7e/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f6d346c6c306b2f41746c61733f6c6162656c3d253230) |
|
![linux](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/linux.png) ![macos](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/apple.png) ![windows](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/windows.png) ![](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/python.png) |
Utils |
jsfuck |
Write any JavaScript with 6 Characters |
![](https://camo.githubusercontent.com/14d65c3aea072895fdb164680eb762767e87436a55dcd553e896f1d441f56e23/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f61656d6b65692f6a736675636b3f6c6162656c3d253230) |
xss |
![linux](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/linux.png) ![macos](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/apple.png) ![windows](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/windows.png) ![](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/javascript.png) |
Utils |
httpie |
As easy as /aitch-tee-tee-pie/ 🥧 Modern, user-friendly command-line HTTP client for the API era. JSON support, colors, sessions, downloads, plugins & more. https://twitter.com/httpie |
![](https://camo.githubusercontent.com/7b078b3bf559672374590d2e5aecf810366cee12b9d653d236d8adce8cfa52f3/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f6874747069652f6874747069653f6c6162656c3d253230) |
|
![linux](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/linux.png) ![macos](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/apple.png) ![windows](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/windows.png) ![](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/python.png) |
Utils |
bountyplz |
Automated security reporting from markdown templates (HackerOne and Bugcrowd are currently the platforms supported) |
![](https://camo.githubusercontent.com/03d69bfb648ce8f56e392dc149faf1f401fd1021385c750fba6a6544dd668599/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f6672616e73722f626f756e7479706c7a3f6c6162656c3d253230) |
report |
![linux](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/linux.png) ![macos](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/apple.png) ![windows](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/windows.png) ![](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/shell.png) |
Utils |
ysoserial.net |
Deserialization payload generator for a variety of .NET formatters |
![](https://camo.githubusercontent.com/fe420b60cdcb1bd7fa0e69625179e0f9960a86d439d46ccf8e5ada164fa44838/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f70776e7465737465722f79736f73657269616c2e6e65743f6c6162656c3d253230) |
|
![linux](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/linux.png) ![macos](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/apple.png) ![windows](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/windows.png) ![](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/c#.png) |
Utils |
fzf |
A command-line fuzzy finder |
![](https://camo.githubusercontent.com/7a08fd765cb09cee7b812eea5feac1acfc63118cfd463b602c1983b721f40c36/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f6a756e6567756e6e2f667a663f6c6162656c3d253230) |
|
![linux](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/linux.png) ![macos](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/apple.png) ![windows](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/windows.png) ![](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/go.png) |
Utils |
Redcloud |
Automated Red Team Infrastructure deployement using Docker |
![](https://camo.githubusercontent.com/f5441f16fbcb6b53605575749c18f84409a25449688a9ab780812842364fbf2f/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f6b6861737433782f526564636c6f75643f6c6162656c3d253230) |
infra |
![linux](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/linux.png) ![macos](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/apple.png) ![windows](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/windows.png) ![](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/python.png) |
Utils |
wssip |
Application for capturing, modifying and sending custom WebSocket data from client to server and vice versa. |
![](https://camo.githubusercontent.com/31e193d1493a23b6223092ade9d605d1d2a5cf84169b1a0056425c0782b2d914/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f6e636367726f75702f77737369703f6c6162656c3d253230) |
|
![linux](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/linux.png) ![macos](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/apple.png) ![windows](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/windows.png) ![](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/javascript.png) |
Utils |
anew |
A tool for adding new lines to files, skipping duplicates |
![](https://camo.githubusercontent.com/dd1fa6e8b0385792a19e8a9fb00e719f869b3f939ca92a7f77c586f99e11c5d3/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f746f6d6e6f6d6e6f6d2f616e65773f6c6162656c3d253230) |
|
![linux](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/linux.png) ![macos](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/apple.png) ![windows](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/windows.png) ![](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/go.png) |
Utils |
github-regexp |
Basically a regexp over a GitHub search. |
![](https://camo.githubusercontent.com/9f07e2a24e3707651f147766a48e3dd942e492de5db60d96e61fab5f9c4bf9fe/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f6777656e3030312f6769746875622d7265676578703f6c6162656c3d253230) |
|
![linux](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/linux.png) ![macos](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/apple.png) ![windows](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/windows.png) ![](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/go.png) |
Utils |
Findsploit |
Find exploits in local and online databases instantly |
![](https://camo.githubusercontent.com/ea8adacba5ada282818c945f616965beaf90dc86386adf6e6e70c12d393d7ecf/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f314e332f46696e6473706c6f69743f6c6162656c3d253230) |
|
![linux](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/linux.png) ![macos](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/apple.png) ![windows](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/windows.png) ![](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/shell.png) |
Utils |
230-OOB |
An Out-of-Band XXE server for retrieving file contents over FTP. |
![](https://camo.githubusercontent.com/69c2dd6e63b7e4431fc38475e78065ca3abf15ba88303fc9f6e0975e87aacd76/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f6c632f3233302d4f4f423f6c6162656c3d253230) |
xxe |
![linux](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/linux.png) ![macos](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/apple.png) ![windows](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/windows.png) ![](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/python.png) |
Utils |
gf |
A wrapper around grep, to help you grep for things |
![](https://camo.githubusercontent.com/ecf279dccf7702b23f10c7aaada8dc58989d784633723280206e7e34c9b782dd/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f746f6d6e6f6d6e6f6d2f67663f6c6162656c3d253230) |
|
![linux](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/linux.png) ![macos](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/apple.png) ![windows](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/windows.png) ![](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/go.png) |
Utils |
hurl |
Hurl, run and test HTTP requests. |
![](https://camo.githubusercontent.com/253aebc676f494be2706cff9966b0accf3d591e45d871c5c11ccbaa64e536d78/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f4f72616e67652d4f70656e536f757263652f6875726c3f6c6162656c3d253230) |
|
![linux](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/linux.png) ![macos](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/apple.png) ![windows](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/windows.png) ![](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/rust.png) |
Utils |
interactsh |
An OOB interaction gathering server and client library |
![](https://camo.githubusercontent.com/257d219f23a6d39f789154dd726d2383ea6100d4ed8b3eb7288c5d6db39a8973/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f70726f6a656374646973636f766572792f696e74657261637473683f6c6162656c3d253230) |
oast |
![linux](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/linux.png) ![macos](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/apple.png) ![windows](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/windows.png) ![](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/go.png) |
Utils |
graphql-voyager |
🛰️ Represent any GraphQL API as an interactive graph |
![](https://camo.githubusercontent.com/8eda78336720180ac4a15886c98f96949ba05318ae516fe93efe2f8af67ff78d/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f415049732d677572752f6772617068716c2d766f79616765723f6c6162656c3d253230) |
|
![linux](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/linux.png) ![macos](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/apple.png) ![windows](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/windows.png) ![](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/typescript.png) |
Utils |
hakcheckurl |
Takes a list of URLs and returns their HTTP response codes |
![](https://camo.githubusercontent.com/bd9ba8a85d57ca001836f8361e0545fcd703ffdc49712ad7d42d345502b3c20d/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f68616b6c756b652f68616b636865636b75726c3f6c6162656c3d253230) |
|
![linux](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/linux.png) ![macos](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/apple.png) ![windows](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/windows.png) ![](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/go.png) |
Utils |
s3reverse |
The format of various s3 buckets is convert in one format. for bugbounty and security testing. |
![](https://camo.githubusercontent.com/9c02003a92392453068d127ca2d8402ce8731b9ae5e7913634dee0c6b6b8af11/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f68616877756c2f7333726576657273653f6c6162656c3d253230) |
s3 |
![linux](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/linux.png) ![macos](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/apple.png) ![windows](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/windows.png) ![](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/go.png) |
Utils |
qsreplace |
Accept URLs on stdin, replace all query string values with a user-supplied value |
![](https://camo.githubusercontent.com/a0cc2717e19ce9b5635b313a958196b9a50d047f1c6c628872596462262ce852/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f746f6d6e6f6d6e6f6d2f71737265706c6163653f6c6162656c3d253230) |
|
![linux](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/linux.png) ![macos](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/apple.png) ![windows](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/windows.png) ![](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/go.png) |
Utils |
Blacklist3r |
project-blacklist3r |
![](https://camo.githubusercontent.com/fa7a8e5c4d1c8d7285e5619108ce70995579568c100416fb9f75f7802b85abbc/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f4e6f74536f5365637572652f426c61636b6c69737433723f6c6162656c3d253230) |
|
![linux](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/linux.png) ![macos](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/apple.png) ![windows](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/windows.png) ![](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/c#.png) |
Utils |
IntruderPayloads |
|
![](https://camo.githubusercontent.com/f3df253d2a054bb6381e31a001278cf5eb6213ce84b5b9b4bc511f156723549f/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f314e332f496e7472756465725061796c6f6164733f6c6162656c3d253230) |
|
![linux](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/linux.png) ![macos](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/apple.png) ![windows](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/windows.png) ![burp](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/burp.png) ![](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/blitzbasic.png) |
Utils |
autochrome |
This tool downloads, installs, and configures a shiny new copy of Chromium. |
![](https://camo.githubusercontent.com/b69c732f527c1d4c1fdb099f1fefc9526ee82c7be30797b26df004eafa98c08d/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f6e636367726f75702f6175746f6368726f6d653f6c6162656c3d253230) |
|
![linux](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/linux.png) ![macos](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/apple.png) ![windows](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/windows.png) ![](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/html.png) |
Utils |
urlprobe |
Urls status code & content length checker |
![](https://camo.githubusercontent.com/78d0bee5742ff33ec80c1f6aaea41f8a78ecc92efc3fea0376042c72364e6af0/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f316e6469616e6c3333742f75726c70726f62653f6c6162656c3d253230) |
|
![linux](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/linux.png) ![macos](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/apple.png) ![windows](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/windows.png) ![](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/go.png) |
Utils |
PoC-in-GitHub |
📡 PoC auto collect from GitHub. Be careful malware. |
![](https://camo.githubusercontent.com/c4b02dca56325edae15bc23475214b67e98cdd25bc8f88d99c13ceab8ab8f04f/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f6e6f6d692d7365632f506f432d696e2d4769744875623f6c6162656c3d253230) |
|
![linux](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/linux.png) ![macos](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/apple.png) ![windows](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/windows.png) |
Utils |
xss-cheatsheet-data |
This repository contains all the XSS cheatsheet data to allow contributions from the community. |
![](https://camo.githubusercontent.com/6d2d159dbfa15d9d57c8d048d59614354713190b1f100095aa7a1ca8fa40ff6c/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f506f7274537769676765722f7873732d636865617473686565742d646174613f6c6162656c3d253230) |
xss |
![linux](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/linux.png) ![macos](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/apple.png) ![windows](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/windows.png) |
Utils |
security-research-pocs |
Proof-of-concept codes created as part of security research done by Google Security Team. |
![](https://camo.githubusercontent.com/e0556438a08231bcb93e8425d9cce840118e4714dbb12f4d24d71156698319c8/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f676f6f676c652f73656375726974792d72657365617263682d706f63733f6c6162656c3d253230) |
|
![linux](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/linux.png) ![macos](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/apple.png) ![windows](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/windows.png) ![](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/c++.png) |
Utils |
dnsobserver |
A handy DNS service written in Go to aid in the detection of several types of blind vulnerabilities. It monitors a pentester's server for out-of-band DNS interactions and sends lookup notifications via Slack. |
![](https://camo.githubusercontent.com/60aced73b513f217d1caf3269ae72be682303a2bc899410c63a27c4eb9f40fc9/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f616c6c796f6d616c6c65792f646e736f627365727665723f6c6162656c3d253230) |
oast dns |
![linux](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/linux.png) ![macos](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/apple.png) ![windows](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/windows.png) ![](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/go.png) |
Utils |
bat |
A cat(1) clone with wings. |
![](https://camo.githubusercontent.com/89132f54b9b46f324dae123af0274c896ae3a2c91d0921cd231e2605f0858594/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f736861726b64702f6261743f6c6162656c3d253230) |
|
![linux](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/linux.png) ![macos](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/apple.png) ![windows](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/windows.png) ![](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/rust.png) |
Utils |
ezXSS |
ezXSS is an easy way for penetration testers and bug bounty hunters to test (blind) Cross Site Scripting. |
![](https://camo.githubusercontent.com/abcbaa08ff0e2a128ff14f7e79c15c63c86001ed391d20982aed974c592a6c76/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f73736c2f657a5853533f6c6162656c3d253230) |
xss |
![linux](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/linux.png) ![macos](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/apple.png) ![windows](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/windows.png) ![](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/php.png) |
Utils |
grc |
generic colouriser |
![](https://camo.githubusercontent.com/ffbf795b2d9d89b512ae9df49b8a7669e0f48ed1c864c95f73fe5f55d91dc2a0/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f6761726162696b2f6772633f6c6162656c3d253230) |
|
![linux](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/linux.png) ![macos](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/apple.png) ![windows](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/windows.png) ![](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/python.png) |
Utils |
httptoolkit |
HTTP Toolkit is a beautiful & open-source tool for debugging, testing and building with HTTP(S) on Windows, Linux & Mac |
![](https://camo.githubusercontent.com/79c4a143842af342ed1e42176d005933965dd01f90aac1e595c9cd431f817167/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f68747470746f6f6c6b69742f68747470746f6f6c6b69743f6c6162656c3d253230) |
|
![linux](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/linux.png) ![macos](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/apple.png) ![windows](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/windows.png) |
Utils |
weaponised-XSS-payloads |
XSS payloads designed to turn alert(1) into P1 |
![](https://camo.githubusercontent.com/a5b098b6d34dc10cf8014ded15a52ce26555c212fcfcde4b2c3080527581403e/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f68616b6c756b652f776561706f6e697365642d5853532d7061796c6f6164733f6c6162656c3d253230) |
|
![linux](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/linux.png) ![macos](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/apple.png) ![windows](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/windows.png) ![](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/javascript.png) |
Utils |
TukTuk |
Tool for catching and logging different types of requests. |
![](https://camo.githubusercontent.com/6abba15404c1dfb39dc619933ebe3a35bfb2468a7e8d610d63f2799018a17091/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f41727475725353372f54756b54756b3f6c6162656c3d253230) |
oast |
![linux](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/linux.png) ![macos](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/apple.png) ![windows](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/windows.png) ![](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/go.png) |
Utils |
CyberChef |
The Cyber Swiss Army Knife - a web app for encryption, encoding, compression and data analysis |
![](https://camo.githubusercontent.com/c40500d149fa3a46277e279647773fa6ff4c274bb592ca3e14fc991ad81d01b8/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f676368712f4379626572436865663f6c6162656c3d253230) |
|
![linux](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/linux.png) ![macos](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/apple.png) ![windows](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/windows.png) ![](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/javascript.png) |
Utils |
curl |
A command line tool and library for transferring data with URL syntax, supporting HTTP, HTTPS, FTP, FTPS, GOPHER, TFTP, SCP, SFTP, SMB, TELNET, DICT, LDAP, LDAPS, MQTT, FILE, IMAP, SMTP, POP3, RTSP and RTMP. libcurl offers a myriad of powerful features |
![](https://camo.githubusercontent.com/7dd2508a4661dae4c97486478ae676d4c684fd8a7594f430d8379f1d7eb1f56f/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f6375726c2f6375726c3f6c6162656c3d253230) |
|
![linux](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/linux.png) ![macos](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/apple.png) ![windows](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/windows.png) ![](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/c.png) |
Utils |
cf-check |
Cloudflare Checker written in Go |
![](https://camo.githubusercontent.com/0e3387b6d6f82485af2662fbf0dd23f57cceda3f3c496c4d79d4d8348efa4c64/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f64776973697377616e74302f63662d636865636b3f6c6162656c3d253230) |
|
![linux](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/linux.png) ![macos](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/apple.png) ![windows](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/windows.png) ![](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/go.png) |
Utils |
grex |
A command-line tool and library for generating regular expressions from user-provided test cases |
![](https://camo.githubusercontent.com/a149c20815527a5a8edc4b59d0367ba51fe47a82039cbc6e9957f646ccc360cb/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f70656d69737461686c2f677265783f6c6162656c3d253230) |
|
![linux](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/linux.png) ![macos](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/apple.png) ![windows](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/windows.png) ![](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/rust.png) |
Utils |
gron |
Make JSON greppable! |
![](https://camo.githubusercontent.com/817deedb6d14d14f13795b706bf23550231e20b06cd4ccfda1eac2d22df719d0/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f746f6d6e6f6d6e6f6d2f67726f6e3f6c6162656c3d253230) |
|
![linux](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/linux.png) ![macos](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/apple.png) ![windows](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/windows.png) ![](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/go.png) |
Utils |
slackcat |
CLI utility to post files and command output to slack |
![](https://camo.githubusercontent.com/d7f02bdce8334f71216cda0b4135c5697a1131a319b8365191c269ede6cc6430/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f62636963656e2f736c61636b6361743f6c6162656c3d253230) |
|
![linux](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/linux.png) ![macos](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/apple.png) ![windows](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/windows.png) ![](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/go.png) |
Utils |
template-generator |
A simple variable based template editor using handlebarjs+strapdownjs. The idea is to use variables in markdown based files to easily replace the variables with content. Data is saved temporarily in local storage. PHP is only needed to generate the list of files in the dropdown of templates. |
![](https://camo.githubusercontent.com/a35c0fe68445cb8b441dda7baa5b10e1c7c2653cd97e032f3957f6c1150a622e/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f6672616e73722f74656d706c6174652d67656e657261746f723f6c6162656c3d253230) |
|
![linux](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/linux.png) ![macos](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/apple.png) ![windows](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/windows.png) ![](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/javascript.png) |
Utils |
Assetnote Wordlists |
Automated & Manual Wordlists provided by Assetnote |
![](https://camo.githubusercontent.com/43aa5f7010e0f77097e5121ebdf1e6b186d18a09c5981aa329c38f16d9ea1965/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f61737365746e6f74652f776f72646c697374733f6c6162656c3d253230) |
wordlist |
![linux](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/linux.png) ![macos](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/apple.png) ![windows](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/windows.png) ![](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/css.png) |
Utils |
docem |
Uility to embed XXE and XSS payloads in docx,odt,pptx,etc (OXML_XEE on steroids) |
![](https://camo.githubusercontent.com/b09f7437c3f4aa7ae650e236cf50f5ededb636c7101d5fa727a6f8d48c0e9b97/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f77686974656c3173742f646f63656d3f6c6162656c3d253230) |
xxe xss |
![linux](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/linux.png) ![macos](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/apple.png) ![windows](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/windows.png) ![](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/python.png) |
Utils |
gitls |
Listing git repository from URL/User/Org |
![](https://camo.githubusercontent.com/fd677d59f42c3b51ca2ef2feac3f608d6d798c828639b25de301387d7bae250e/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f68616877756c2f6769746c733f6c6162656c3d253230) |
|
![linux](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/linux.png) ![macos](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/apple.png) ![windows](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/windows.png) ![](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/go.png) |
Utils |
gee |
🏵 Gee is tool of stdin to each files and stdout. It is similar to the tee command, but there are more functions for convenience. In addition, it was written as go |
![](https://camo.githubusercontent.com/5d49f0bc001b96a91ac2af1403576e67194d6ce81d00c4106b1be6cda09da12f/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f68616877756c2f6765653f6c6162656c3d253230) |
|
![linux](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/linux.png) ![macos](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/apple.png) ![windows](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/windows.png) ![](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/go.png) |
Utils |
SequenceDiagram |
Online tool for creating UML sequence diagrams |
|
|
![linux](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/linux.png) ![macos](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/apple.png) ![windows](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/windows.png) |
Utils |
security-crawl-maze |
Security Crawl Maze is a comprehensive testbed for web security crawlers. It contains pages representing many ways in which one can link resources from a valid HTML document. |
![](https://camo.githubusercontent.com/78a68d83547f5d41981c863ae8c5c94f8f9d2a2d6e020dd3612f0780e9414eb7/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f676f6f676c652f73656375726974792d637261776c2d6d617a653f6c6162656c3d253230) |
|
![linux](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/linux.png) ![macos](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/apple.png) ![windows](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/windows.png) ![](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/html.png) |
Utils |
xssor2 |
XSS'OR - Hack with JavaScript. |
![](https://camo.githubusercontent.com/3d036bd522562b1a6edf108fdfc6eddada417d48642bc40b7cdffb3aab24f3f1/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f6576696c636f732f7873736f72323f6c6162656c3d253230) |
xss |
![linux](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/linux.png) ![macos](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/apple.png) ![windows](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/windows.png) ![](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/javascript.png) |
Utils |
PayloadsAllTheThings |
A list of useful payloads and bypass for Web Application Security and Pentest/CTF |
![](https://camo.githubusercontent.com/897186f165d1e999729a640622d0654eb7c3631f526a55fdea9e5d688d514a8d/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f73776973736b797265706f2f5061796c6f616473416c6c5468655468696e67733f6c6162656c3d253230) |
|
![linux](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/linux.png) ![macos](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/apple.png) ![windows](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/windows.png) ![](https://raw.githubusercontent.com/Dyrandy/WebHackersWeapons/main/./images/python.png) |