目录导航
中文翻译
Web Hacker’s Weapons / Web 黑客使用的一系列很酷的工具。快乐的黑客,快乐的 bug-hunting
工具属性
| 属性 | |
|---|---|
| 类型 | Army-Knife Proxy Recon Fuzzer Scanner Exploit Env Utils Etc军刀 代理 侦察 模糊 扫描仪 利用 环境 Utils 等 |
| 标签 | mitmproxy live-audit crawl infra pentest subdomains dns url online takeover portscan port graphql endpoint param osint domain apk crlf ssrf jwt path-traversal cache-vuln smuggle xss cors ssl broken-link aaa exploit s3 sqli 403 dependency-confusion oast csp lfi xxe rop RMI wordlist documents blind-xss cookie notify diff zipbomb report http deserialize darkmode payload web3 |
| 语言 | Java Go Shell Ruby Python Rust JavaScript C Kotlin Perl TypeScript BlitzBasic CSS C# PHP HTML C++ |
工具
| 类型 | 名称 | 描述 | 星星 | 标签 | 徽章 |
|---|---|---|---|---|---|
| 军刀 | ZAP | OWASP ZAP 核心项目 | mitmproxy live-audit crawl | ||
| 军刀 | jaeles | 自动化 Web 应用程序测试的瑞士军刀 | live-audit | ||
| 军刀 | axiom | 适用于红队和漏洞赏金猎人的动态基础设施工具包! | infra | ||
| 军刀 | Metasploit | 世界上使用最多的渗透测试框架 | pentest | ||
| 军刀 | BurpSuite | BurpSuite 项目 | mitmproxy live-audit crawl | ||
| 代理人 | hetty | Hetty 是一个用于安全研究的 HTTP 工具包。它的目标是成为像 Burp Suite Pro 这样的商业软件的开源替代品,具有为信息安全和漏洞赏金社区的需求量身定制的强大功能。 | mitmproxy | ||
| 代理人 | mitmproxy | 用于渗透测试人员和软件开发人员的交互式 TLS 拦截 HTTP 代理。 | mitmproxy | ||
| 代理人 | EvilProxy | 用于执行邪恶操作的 ruby http/https 代理。 | mitmproxy | ||
| 代理人 | Echo Mirage | 使用 DLL 注入来捕获和更改 TCP 流量的通用网络代理。 | mitmproxy | ||
| 代理人 | Caido | 一个轻量级的网络安全审计工具包 | mitmproxy | ||
| 代理人 | proxify | 用于 HTTP/HTTPS 流量捕获、操作和重放的瑞士军刀代理工具 | mitmproxy | ||
| 侦察 | cariddi | 获取域列表、抓取 URL 并扫描端点、机密、API 密钥、文件扩展名、令牌等 | crawl | ||
| 侦察 | hakrawler | 简单、快速的网络爬虫,旨在轻松、快速地发现网络应用程序中的端点和资产 | crawl | ||
| 侦察 | lazyrecon | 此脚本旨在以有组织的方式自动化您的侦察过程 | |||
| 侦察 | Amass | 深入的攻击面映射和资产发现 | subdomains | ||
| 侦察 | dnsprobe | DNSProb(测试版)是一个建立在 retryabledns 之上的工具,它允许您使用用户提供的解析器列表执行您选择的多个 dns 查询。 | dns | ||
| 侦察 | subfinder | Subfinder 是一种子域发现工具,可以发现网站的有效子域。设计为被动框架,可用于漏洞赏金和安全的渗透测试。 | subdomains | ||
| 侦察 | x8 | 隐藏参数发现套件 | |||
| 侦察 | rengine | reNgine 是一个自动侦察框架,用于在 Web 应用程序的渗透测试期间收集信息。reNgine 具有可定制的扫描引擎,可用于扫描网站、端点和收集信息。 | |||
| 侦察 | knock | 子域扫描 | subdomains | ||
| 侦察 | katana | 下一代爬行和蜘蛛框架。 | crawl | ||
| 侦察 | findomain | 最快的跨平台子域枚举器,不要浪费您的时间。 | subdomains | ||
| 侦察 | go-dork | 用 Go 编写的最快的 dork 扫描器。 | |||
| 侦察 | urlhunter | 允许搜索通过缩短服务公开的 URL 的侦察工具 | url | ||
| 侦察 | DNSDumpster | 在线 DNS 侦察和研究,查找和查找 DNS 记录 | dns online | ||
| 侦察 | Lepus | 子域名查找器 | subdomains | ||
| 侦察 | waybackurls | 获取 Wayback Machine 知道的域的所有 URL | url | ||
| 侦察 | SubOver | 一个强大的子域接管工具 | subdomains takeover | ||
| 侦察 | masscan | TCP 端口扫描器,异步发送 SYN 数据包,在 5 分钟内扫描整个互联网。 | portscan | ||
| 侦察 | goverview | goverview – 获取 URL 列表的概览 | url | ||
| 侦察 | scilla | 🏴☠️信息收集工具🏴☠️dns/子域/端口枚举 | |||
| 侦察 | uro | 整理用于爬网/渗透测试的 URL 列表 | url | ||
| 侦察 | FavFreak | 使基于 Favicon.ico 的 Recon 再次伟大! | |||
| 侦察 | gobuster | 用 Go 编写的目录/文件、DNS 和 VHost 破坏工具 | subdomains | ||
| 侦察 | SecretFinder | SecretFinder – 一个 python 脚本,用于查找敏感数据(apikeys、accesstoken、jwt,..)并在 javascript 文件上搜索任何内容 | |||
| 侦察 | Silver | 批量扫描易受攻击服务的 IP | port | ||
| 侦察 | httpx | httpx 是一个快速且多用途的 HTTP 工具包,允许使用 retryablehttp 库运行多个探测器,它旨在通过增加线程来保持结果的可靠性。 | url | ||
| 侦察 | uncover | 使用多个搜索引擎快速发现互联网上暴露的主机。 | |||
| 侦察 | graphw00f | GraphQL 服务器引擎指纹识别实用程序 | graphql | ||
| 侦察 | recon_profile | 用于 bugbounty 的 Recon 配置文件(bash 配置文件) | |||
| 侦察 | naabu | 用 go 编写的快速端口扫描器,专注于可靠性和简单性。旨在与其他工具结合使用,以发现漏洞赏金和渗透测试中的攻击面 | portscan | ||
| 侦察 | haktrails | 用于查询 SecurityTrails API 数据的 Golang 客户端 | |||
| 侦察 | gitrob | GitHub 组织的侦察工具 | |||
| 侦察 | subjack | 用 Go 编写的子域接管工具 | subdomains takeover | ||
| 侦察 | pagodo | pagodo (Passive Google Dork) – 自动化谷歌黑客数据库抓取和搜索 | |||
| 侦察 | OneForAll | OneForAll是一款功能强大的子域收集工具 | |||
| 侦察 | fhc | 快速 HTTP 检查器。 | |||
| 侦察 | 3klCon | 适用于大中型瞄准镜的自动化侦察工具。它执行 20 多项任务,并在单独的文件中返回所有结果。 | |||
| 侦察 | Arjun | HTTP 参数发现套件。 | param | ||
| 侦察 | SubBrute | 枚举 DNS 记录和子域的 DNS 元查询蜘蛛。 | subdomains | ||
| 侦察 | Smap | 由 shodan.io 提供支持的 Nmap 的直接替代品 | port | ||
| 侦察 | megplus | 自动侦察包装器 – TomNomNom 的 meg on steroids。[弃用] | |||
| 侦察 | Parth | 启发式漏洞参数扫描器 | param | ||
| 侦察 | Chaos Web | 主动扫描维护全网资产数据。加强研究并分析围绕 DNS 的变化以获得更好的见解。 | |||
| 侦察 | GitMiner | Github 内容高级挖掘工具 | |||
| 侦察 | htcat | 并行和流水线 HTTP GET 实用程序 | |||
| 侦察 | gospider | Gospider – 用 Go 编写的快速网络蜘蛛 | crawl | ||
| 侦察 | subjs | 从 URL 或子域列表中获取 javascript 文件。 | url subdomains | ||
| 侦察 | rusolver | 快速准确的 DNS 解析器。 | dns | ||
| 侦察 | Sublist3r | 用于渗透测试人员的快速子域枚举工具 | subdomains | ||
| 侦察 | Hunt3r | 使用 Web 应用程序侦察框架 Hunt3r 使您的漏洞赏金子域侦察更容易 | |||
| 侦察 | zdns | 快速 CLI DNS 查找工具 | dns | ||
| 侦察 | parameth | 该工具可用于暴力破解 GET 和 POST 参数 | |||
| 侦察 | shuffledns | shuffleDNS 是用 go 编写的 massdns 的包装器,它允许您使用主动暴力破解来枚举有效的子域,并使用通配符处理和简单的输入输出支持来解析子域。 | dns | ||
| 侦察 | getJS | 快速获取所有javascript源/文件的工具 | |||
| 侦察 | Shodan | 世界上第一个用于联网设备的搜索引擎 | osint | ||
| 侦察 | sn0int | 半自动 OSINT 框架和包管理器 | osint | ||
| 侦察 | github-endpoints | 在 GitHub 上查找端点。 | |||
| 侦察 | Sub404 | 检测子域接管漏洞的python工具 | subdomains takeover | ||
| 侦察 | spiderfoot | SpiderFoot 自动化 OSINT 收集,以便您可以专注于分析。 | osint | ||
| 侦察 | sub_all | 子域枚举词表。8956437 个独特的单词。更新。 | subdomains | ||
| 侦察 | gowitness | 🔍gowitness – 使用 Chrome Headless 的 golang 网页截图实用程序 | |||
| 侦察 | aquatone | Aquatone 是一种跨大量主机对网站进行可视化检查的工具,便于快速了解基于 HTTP 的攻击面概况。 | domain | ||
| 侦察 | dnsx | dnsx 是一个快速且多用途的 DNS 工具包,允许使用用户提供的解析器列表运行您选择的多个 DNS 查询。 | dns | ||
| 侦察 | SecurityTrails | 在线 DNS / 子域 / 侦察工具 | subdomains online | ||
| 侦察 | reconftw | reconFTW 是一种工具,旨在通过运行最佳工具集来执行扫描和查找漏洞,从而在目标域上执行自动侦察 | |||
| 侦察 | ParamSpider | 从网络档案的黑暗角落挖掘参数 | param | ||
| 侦察 | JSFScan.sh | 漏洞赏金中 javascript 侦察的自动化。 | |||
| 侦察 | dmut | 在 golang 中执行子域的排列、突变和更改的工具。 | subdomains | ||
| 侦察 | subzy | 子域接管漏洞检查器 | subdomains takeover | ||
| 侦察 | subgen | 一个非常简单的实用程序,用于将单词列表连接到域名 – 管道到您最喜欢的解析器! | subdomains | ||
| 侦察 | HydraRecon | 多合一、快速、简单的侦察工具 | |||
| 侦察 | LinkFinder | 在 JavaScript 文件中查找端点的 python 脚本 | |||
| 侦察 | xnLinkFinder | 用于发现给定目标的端点(和潜在参数)的 python 工具 | |||
| 侦察 | gauplus | 供个人使用的 gau 的修改版本。支持工人、代理人和一些额外的东西。 | url | ||
| 侦察 | dnsvalidator | 通过根据基线服务器验证 IPv4 DNS 服务器并确保准确响应来维护 IPv4 DNS 服务器列表。 | dns | ||
| 侦察 | Photon | 专为 OSINT 设计的令人难以置信的快速爬虫。 | osint crawl | ||
| 侦察 | crawlergo | 用于 Web 漏洞扫描器的强大浏览器爬虫 | crawl | ||
| 侦察 | gau | 从 AlienVault 的 Open Threat Exchange、Wayback Machine 和 Common Crawl 获取已知 URL。 | url | ||
| 侦察 | Osmedeus | 用于侦察和漏洞扫描的全自动攻击性安全框架 | |||
| 侦察 | apkleaks | 扫描 APK 文件以获取 URI、端点和机密。 | apk | ||
| 侦察 | assetfinder | 查找与给定域相关的域和子域 | subdomains | ||
| 侦察 | dirsearch | 网络路径扫描器 | |||
| 侦察 | github-subdomains | 在 GitHub 上查找子域 | |||
| 侦察 | hakrevdns | 用于整体执行反向 DNS 查找的小型快速工具。 | |||
| 侦察 | BLUTO | DNS 分析工具 | dns | ||
| 侦察 | CT_subdomains | 从证书透明度日志中收集的每小时更新的子域列表 | subdomains | ||
| 侦察 | chaos-client | Go 客户端与 Chaos DNS API 通信。 | |||
| 侦察 | RustScan | 使用 Rust 进行更快的 Nmap 扫描 | portscan | ||
| 侦察 | longtongue | 自定义密码/密码列表输入目标信息 | |||
| 侦察 | meg | 为多台主机获取多条路径 – 无需杀死主机 | |||
| 侦察 | altdns | 生成子域的排列、变更和突变,然后解析它们 | dns | ||
| 侦察 | puredns | Puredns 是一个快速的域解析器和子域暴力破解工具,可以准确地过滤掉通配符子域和 DNS 中毒条目。 | |||
| 侦察 | cc.py | 根据“commoncrawl.org”的结果提取特定目标的URL | url | ||
| 侦察 | intrigue-core | 发现你的攻击面 | |||
| 侦察 | STEWS | 用于枚举 WebSocket 的安全工具 | |||
| 模糊器 | BruteX | 自动暴力破解目标上运行的所有服务。 | |||
| 模糊器 | crlfuzz | Go编写的快速扫描CRLF漏洞的工具 | crlf | ||
| 模糊器 | SSRFire | 自动 SSRF 查找器。只需提供域名和您的服务器即可 | ssrf | ||
| 模糊器 | SSRFmap | 自动 SSRF 模糊器和开发工具 | ssrf | ||
| 模糊器 | wfuzz | Web 应用程序模糊器 | |||
| 模糊器 | ppfuzz | 一个用 Rust 编写的扫描客户端原型污染漏洞的快速工具。🦀 | |||
| 模糊器 | GraphQLmap | GraphQLmap 是一个脚本引擎,用于与 graphql 端点交互以进行渗透测试。 | graphql | ||
| 模糊器 | kiterunner | 上下文内容发现工具 | |||
| 模糊器 | jwt-hack | 🔩jwt-hack 是用于对 JWT 进行黑客攻击/安全测试的工具。支持 En/decoding JWT,为 JWT 攻击生成 payload 和非常快速的破解(dict/brutefoce) | jwt | ||
| 模糊器 | jwt-cracker | 简单的 HS256 JWT 令牌暴力破解器 | jwt | ||
| 模糊器 | hashcat | 世界上最快、最先进的密码恢复实用程序 | |||
| 模糊器 | fuzzparam | 一个基于快速 go 的参数挖掘器,用于模糊 URL 可能具有的参数。 | param | ||
| 模糊器 | thc-hydra | 九头蛇(暴破神器) | |||
| 模糊器 | dotdotpwn | DotDotPwn – 目录遍历模糊器 | path-traversal | ||
| 模糊器 | CrackQL | CrackQL 是一个 GraphQL 密码暴力破解和模糊测试工具。 | graphql | ||
| 模糊器 | ffuf | 用 Go 编写的快速网络模糊器 | |||
| 模糊器 | c-jwt-cracker | 用 C 编写的 JWT 暴力破解器 | jwt | ||
| 模糊器 | feroxbuster | 用 Rust 编写的快速、简单、递归的内容发现工具。 | |||
| 模糊器 | medusa | 最快的递归 HTTP 模糊器,就像法拉利一样快。 | |||
| 模糊器 | BatchQL | 专注于执行批处理 GraphQL 查询和变更的 GraphQL 安全审计脚本 | graphql | ||
| 扫描器 | Web-Cache-Vulnerability-Scanner | Web Cache Vulnerability Scanner 是一个基于 Go 的 CLI 工具,用于测试 Web 缓存中毒。它由 Hackmanit GmbH ( http://hackmanit.de/ ) 开发。 | cache-vuln | ||
| 扫描器 | h2csmuggler | HTTP 请求走私检测工具 | smuggle | ||
| 扫描 | DOMPurify | DOMPurify – 适用于 HTML、MathML 和 SVG 的仅限 DOM、超快、超级容忍的 XSS 清理程序。DOMPurify 使用安全默认值,但提供大量可配置性和挂钩。演示: | xss | ||
| 扫描器 | plution | 使用 headless chrome 的原型污染扫描仪 | |||
| 扫描器 | hinject | 主机标头注入检查器 | |||
| 扫描器 | corsair_scan | Corsair_scan 是一种用于测试跨源资源共享 (CORS) 的安全工具。 | cors | ||
| 扫描器 | domdig | 用于单页应用程序的 DOM XSS 扫描器 | xss | ||
| 扫描器 | a2sv | 自动扫描到 SSL 漏洞 | ssl | ||
| 扫描器 | DeadFinder | 查找死链接(断开的链接) | broken-link | ||
| 扫描器 | xsinator.com | XS-Leak 浏览器测试套件 | |||
| 扫描器 | sqlmap | 自动 SQL 注入和数据库接管工具 | |||
| 扫描器 | commix | 自动化一体化操作系统命令注入利用工具。 | exploit | ||
| 扫描器 | wprecon | 你好!欢迎。Wprecon(Wordpress Recon),是CMS WordPress中的一个漏洞识别工具,100%用Go开发。 | |||
| 扫描器 | deadlinks | 对您的文档链接进行健康检查。 | broken-link | ||
| 扫描器 | nikto | Nikto 网络服务器扫描仪 | |||
| 扫描器 | ssrf-sheriff | 用 Go 编写的简单 SSRF 测试警长 | ssrf | ||
| 扫描器 | NoSQLMap | 自动 NoSQL 数据库枚举和 Web 应用程序开发工具。 | |||
| 扫描器 | HRS | HTTP 请求走私演示 Perl 脚本,适用于我的 BlackHat US 2020 论文 HTTP Request Smuggling in 2020 中的变体 1、2 和 5。 | |||
| 扫描器 | DeepViolet | 用于自省 SSL\TLS 会话的工具 | ssl | ||
| 扫描器 | LFISuite | 全自动 LFI Exploiter(+ 反向 Shell)和扫描器 | |||
| 扫描器 | headi | 可定制和自动化的 HTTP 标头注入 | |||
| 扫描器 | testssl.sh | 在任何端口的任何位置测试 TLS/SSL 加密 | ssl | ||
| 扫描器 | nmap | Nmap – 网络映射器。官方 SVN 存储库的 Github 镜像。 | portscan | ||
| 扫描器 | nosqli | NoSql 注入 CLI 工具 | |||
| 扫描器 | PPScan | 客户端原型污染扫描仪 | |||
| 扫描器 | ws-smuggler | WebSocket 连接走私者 | smuggle | ||
| 扫描器 | S3Scanner | 扫描打开的 AWS S3 桶并转储内容 | s3 | ||
| 扫描器 | tplmap | 服务器端模板注入和代码注入检测和利用工具 | |||
| 扫描器 | Corsy | CORS 错误配置扫描器 | cors | ||
| 扫描器 | VHostScan | 一个执行反向查找的虚拟主机扫描器,可以与数据透视工具一起使用,检测包罗万象的场景,绕过通配符、别名和动态默认页面。 | |||
| 扫描器 | dalfox | 🌟🦊DalFox(Finder Of XSS) / 基于golang的参数分析和XSS扫描工具 | xss | ||
| 扫描器 | S3cret Scanner | 寻找上传到公共 S3 存储桶的秘密 | s3 | ||
| 扫描器 | sqliv | 海量 SQL 注入漏洞扫描器 | sqli | ||
| 扫描器 | xsser | Cross Site“Scripter”(又名 XSSer)是一个自动框架,用于检测、利用和报告基于 Web 的应用程序中的 XSS 漏洞。 | xss | ||
| 扫描器 | DirDar | DirDar 是一个搜索(403-Forbidden)目录以破坏它并在其上列出目录的工具 | 403 | ||
| 扫描器 | confused | 检查多个包管理系统中的依赖混淆漏洞的工具 | dependency-confusion | ||
| 扫描器 | wpscan | WPScan 是一款免费的、非商业用途的黑盒 WordPress 漏洞扫描程序,专为安全专业人员和博客维护人员编写,用于测试其 WordPress 网站的安全性。 | |||
| 扫描器 | findom-xss | 一个快速的基于 DOM 的 XSS 漏洞扫描器,简单。 | xss | ||
| 扫描器 | ppmap | 一种用 GO 编写的扫描器/开发工具,它通过利用已知的小工具利用客户端原型污染对 XSS 进行攻击。 | |||
| 扫描器 | web_cache_poison | 网络缓存投毒 – 2019 年排名第一的网络黑客技术 | cache-vuln | ||
| 扫描器 | XSStrike | 最先进的 XSS 扫描器。 | xss | ||
| 扫描器 | nuclei | Nuclei 是一种基于模板的可配置目标扫描的快速工具,提供巨大的可扩展性和易用性。 | |||
| 扫描器 | fockcache | FockCache – 最小化测试缓存中毒 | |||
| 扫描器 | zap-cli | 一个用于从命令行与 OWASP ZAP 交互的简单工具。 | |||
| 扫描器 | Taipan | Web 应用程序漏洞扫描程序 | |||
| 扫描器 | gitleaks | 使用正则表达式和熵扫描 git repos(或文件)的秘密🔑 | |||
| 扫描器 | gitGraber | gitGraber | |||
| 扫描器 | http2smugl | 该工具有助于检测和利用 HTTP 请求走私,前提是前端服务器可以通过 HTTP/2 -> HTTP/1.1 转换实现这种走私。 | |||
| 扫描器 | XSpear | 强大的XSS扫描和参数分析工具&gem | xss | ||
| 扫描器 | http-request-smuggling | HTTP 请求走私检测工具 | |||
| 扫描器 | autopoisoner | Web 缓存中毒漏洞扫描程序。 | cache-vuln | ||
| 扫描器 | jsprime | 一个javascript静态安全分析工具 | |||
| 扫描器 | github-search | 在 GitHub 上执行基本搜索的工具。 | |||
| 扫描器 | websocket-connection-smuggler | websocket 连接走私者 | smuggle | ||
| 扫描器 | rapidscan | 多工具 Web 漏洞扫描程序。 | |||
| 扫描器 | AWSBucketDump | 用于在 S3 存储桶中查找有趣文件的安全工具 | s3 | ||
| 扫描器 | OpenRedireX | OpenRedirect 问题的模糊器 | |||
| 扫描器 | 基于 Chromium 的 XSS 污染跟踪 | Cyclops 是一个具有 XSS 检测功能的 Web 浏览器,它是基于 chromium 的 xss 检测,用于发现从源到接收器的流量。 | xss | ||
| 扫描器 | arachni | Web 应用程序安全扫描器框架 | |||
| 扫描器 | DSSS | 小型 SQLi 扫描器 | sqli | ||
| 扫描器 | httprobe | 获取域列表并探测工作中的 HTTP 和 HTTPS 服务器 | |||
| 扫描器 | CorsMe | 跨源资源共享错误配置扫描器 | cors | ||
| 扫描器 | ditto | 用于 IDN 同形异义词攻击和检测的工具。 | |||
| 扫描器 | dontgo403 | 绕过 40X 响应代码的工具。 | 403 | ||
| 扫描器 | Oralyzer | 打开重定向分析器 | |||
| 扫描器 | Striker | Striker 是一种攻击性信息和漏洞扫描器。 | |||
| 扫描器 | smuggler | Smuggler – 用 Python 3 编写的 HTTP 请求走私/异步测试工具 | smuggle | ||
| 扫描器 | xsscrapy | XSS/SQLi 蜘蛛。给它一个 URL,它会测试它为 XSS 和一些 SQLi 找到的每个链接。 | xss | ||
| 开发 | singularity | 一个 DNS 重新绑定攻击框架。 | |||
| 开发 | ghauri | 一种高级跨平台工具,可自动检测和利用 SQL 注入安全漏洞的过程 | sqli | ||
| 开发 | beef | 浏览器开发框架项目 | xss | ||
| 开发 | Liffy | 本地文件包含利用工具 | lfi | ||
| 开发 | Gopherus | 该工具生成 gopher 链接,用于在各种服务器中利用 SSRF 并获得 RCE | ssrf | ||
| 开发 | xxeserv | 支持 XXE 负载的 FTP 迷你网络服务器 | |||
| 开发 | of-CORS | 识别和利用内部网络上的 CORS 配置错误 | cors | ||
| 开发 | XXEinjector | 使用直接和不同的带外方法自动利用 XXE 漏洞的工具。 | xxe | ||
| 开发 | XXExploiter | 帮助利用 XXE 漏洞的工具 | xxe | ||
| 开发 | XSRFProbe | Prime 跨站点请求伪造 (CSRF) 审计和开发工具包。 | |||
| 开发 | Sn1per | 攻击性安全专家的自动化渗透测试框架 | |||
| 开发 | ropr | 超快™ 多线程 ROP 小工具查找器。罗珀 | rop | ||
| 开发 | BaRMIe | Java RMI 枚举和攻击工具。 | RMI | ||
| 开发 | toxssin | XSS 利用命令行界面和有效负载生成器。 | xss | ||
| 开发 | SQLNinja | Sqlninja 是一个旨在利用 SQL 注入漏洞的工具。 | sqli | ||
| 工具 | can-i-take-over-xyz | “我可以接管XYZ吗?” — 服务列表以及如何使用悬空 DNS 记录声明(子)域。 | |||
| 工具 | Gf-Patterns | GF Paterns For (ssrf,RCE,Lfi,sqli,ssti,idor,url redirection,debug_logic) 参数 grep | |||
| 工具 | grc | 通用着色剂 | |||
| 工具 | boast | 用于 AppSec 测试的 BOAST 前哨 (v0.1.0) | oast | ||
| 工具 | 230-OOB | 用于通过 FTP 检索文件内容的带外 XXE 服务器。 | xxe | ||
| 工具 | dnsobserver | 用 Go 编写的方便的 DNS 服务,可帮助检测多种类型的盲漏洞。它监控渗透测试服务器的带外 DNS 交互,并通过 Slack 发送查找通知。 | oast dns | ||
| 工具 | CSP Evaluator | 来自 google 的在线 CSP 评估器 | csp | ||
| 工具 | Findsploit | 立即在本地和在线数据库中查找漏洞 | exploit | ||
| 工具 | SequenceDiagram | 用于创建 UML 序列图的在线工具 | online | ||
| 工具 | 渗透测试工具 | 自定义渗透测试工具 | |||
| 工具 | PayloadsAllTheThings | Web 应用程序安全和 Pentest/CTF 的有用负载和绕过列表 | |||
| 工具 | bat | 一只长着翅膀的 cat(1) 克隆体。 | |||
| 工具 | Assetnote Wordlists | Assetnote 提供的自动和手动词汇表 | wordlist documents | ||
| 工具 | gron | 让 JSON 变得可读! | |||
| 工具 | jfuck | 编写任意 6 个字符的 JavaScript | xss | ||
| 工具 | gitls | 从 URL/User/Org 列出 git 存储库 | |||
| 工具 | gxss | 盲 XSS 服务通过 slack 或电子邮件发出警报 | xss blind-xss | ||
| 工具 | cf检查 | 用 Go 编写的 Cloudflare Checker | |||
| 工具 | fff | 相当快速的获取器。相当快地请求 stdin 上提供的一堆 URL。 | url | ||
| 工具 | Blacklist3r | 项目-blacklist3r | |||
| 工具 | hacks | 一系列技巧和一次性脚本 | |||
| 工具 | IntruderPayloads | urpsuite Intruder 有效载荷、BurpBounty 有效载荷、模糊列表、恶意文件上传和 Web 渗透测试方法和清单的集合。 | |||
| 工具 | dsieve | 按级别过滤和丰富子域列表 | subdomains | ||
| 工具 | grex | 用于从用户提供的测试用例生成正则表达式的命令行工具和库 | |||
| 工具 | hbxss | Blind XSS安全测试工具 | xss blind-xss | ||
| 工具 | urlprobe | 网址状态代码和内容长度检查器 | url | ||
| 工具 | quickjack | Quickjack 是一种点击式工具,可直观地产生高级点击劫持和帧切片攻击。 | |||
| 工具 | slackcat | 用于将文件和命令输出发布到 slack 的 CLI 实用程序 | notify | ||
| 工具 | gotestwaf | Golang 中的一个开源项目,用于测试不同的 Web 应用程序防火墙 (WAF) 的检测逻辑和绕过 | |||
| 工具 | gee | 🏵Gee 是每个文件和标准输出的标准输入工具。它类似于 tee 命令,但为了方便起见,还有更多功能。另外,写成go | |||
| 工具 | Phoenix | hahwul 的在线工具 | online | ||
| 工具 | blistener | 带有负载的盲 XSS 侦听器 | xss blind-xss | ||
| 工具 | interactsh | 一个 OOB 交互收集服务器和客户端库 | oast | ||
| 工具 | hakcheckurl | 获取 URL 列表并返回它们的 HTTP 响应代码 | |||
| 工具 | docem | 在 docx、odt、pptx 等中嵌入 XXE 和 XSS 有效负载的实用程序(类固醇上的 OXML_XEE) | xxe xss | ||
| 工具 | difftastic | 理解语法的结构差异 | diff | ||
| 工具 | zip-bomb | 为给定的未压缩大小(平面和嵌套模式)创建 ZIPBomb。 | zipbomb | ||
| 工具 | Atlas | 快速 SQLMap 篡改建议器 | |||
| 工具 | bountyplz | 来自markdown 模板的自动安全报告(HackerOne 和 Bugcrowd 目前是支持的平台) | report | ||
| 工具 | httpie | 就像/aitch-tee-tee-pie/一样简单🥧API 时代的现代、用户友好的命令行 HTTP 客户端。JSON 支持、颜色、会话、下载、插件等。https://twitter.com/httpie | http | ||
| 工具 | godeclutter | 以快速灵活的方式整理 URL,以改进网络黑客自动化(例如爬虫和漏洞扫描)的输入。 | url | ||
| 工具 | burl | 损坏的 URL 检查器 | url | ||
| 工具 | ysoserial.net | 用于各种 .NET 格式化程序的反序列化有效负载生成器 | deserialize | ||
| 工具 | gf | 一个 grep 的包装器,帮助你 grep 的东西 | |||
| 工具 | unfurl | 提取 stdin 上提供的 URL 位 | url | ||
| 工具 | SecLists | SecLists 是安全测试人员的伙伴。它是安全评估期间使用的多种类型列表的集合,收集在一个地方。列表类型包括用户名、密码、URL、敏感数据模式、模糊测试负载、Web shell 等等。 | wordlist documents | ||
| 工具 | graphql-voyager | 🛰️将任何 GraphQL API 表示为交互式图形 | graphql | ||
| 工具 | autochrome | 这个工具下载、安装和配置一个崭新的 Chromium 副本。 | |||
| 工具 | github-正则表达式 | 基本上是 GitHub 搜索的正则表达式。 | |||
| 工具 | pwncat | pwncat – 具有防火墙、IDS/IPS 规避、绑定和反向 shell、自注入 shell 和端口转发魔法的类固醇 netcat – 并且它完全可以用 Python (PSE) 编写脚本 | |||
| 工具 | httptoolkit | HTTP Toolkit 是一个漂亮的开源工具,用于在 Windows、Linux 和 Mac 上使用 HTTP(S) 进行调试、测试和构建 | |||
| 工具 | qsreplace | 接受 stdin 上的 URL,用用户提供的值替换所有查询字符串值 | |||
| 工具 | oxml_xxe | 将 XXE/XML 漏洞嵌入不同文件类型的工具 | |||
| 工具 | ob_hacky_slack | Hacky Slack – 一个向 Slack 发送漂亮消息的 bash 脚本 | notify | ||
| 工具 | Emissary | 在 Slack、Telegram、Discord 等不同渠道上发送通知。 | notify | ||
| 工具 | hurl | 投掷、运行和测试 HTTP 请求。 | |||
| 工具 | xss-备忘单-数据 | 这个存储库包含所有 XSS 备忘单数据,以允许来自社区的贡献。 | xss | ||
| 工具 | pet | 简单的命令行片段管理器,用 Go 编写。 | |||
| 工具 | Bug-Bounty-Toolz | BBT – 漏洞赏金工具 | |||
| 工具 | CyberChef ddosi.org/code | The Cyber Swiss Army Knife – 用于加密、编码、压缩和数据分析的网络应用程序 | |||
| 工具 | mubeng | 一个令人难以置信的快速代理检查器和 IP 旋转器,轻松自如。 | |||
| 工具 | PoC-in-GitHub | 📡PoC 自动从 GitHub 收集。小心恶意软件。 | |||
| 工具 | TukTuk | 用于捕获和记录不同类型请求的工具。 | oast | ||
| 工具 | xssor2 | XSS’OR – 用 JavaScript 破解。 | xss | ||
| 工具 | 武器化的 XSS 有效负载 | 旨在将 alert(1) 转换为 P1 的 XSS 有效载荷 | xss documents | ||
| 工具 | s3reverse | 各种 s3 bucket 的格式转换成一种格式。用于漏洞赏金和安全测试。 | s3 | ||
| 工具 | wuzz | 用于 HTTP 检查的交互式 cli 工具 | http | ||
| 工具 | 安全研究 POC | 作为 Google 安全团队进行的安全研究的一部分而创建的概念验证代码。 | |||
| 工具 | reverse-shell-generator | 具有大量功能的托管反向 Shell 生成器。–(非常适合 CTF) | payload | ||
| 工具 | XSS-Catcher | 找到盲 XSS,但为什么不收集数据呢? | xss blind-xss | ||
| 工具 | ysoserial | 用于生成利用不安全 Java 对象反序列化的有效负载的概念验证工具。 | deserialize | ||
| 工具 | gotator | Gotator 是一个通过排列生成 DNS 词表的工具。 | |||
| 工具 | template-generator | 一个简单的基于变量的模板编辑器,使用 handlebarjs+strapdownjs。这个想法是在基于降价的文件中使用变量来轻松地用内容替换变量。数据临时保存在本地存储中。PHP 只需要生成模板下拉列表中的文件列表。 | |||
| 工具 | ZipBomb | ZipBomb 在 Python 中的简单实现 | zipbomb | ||
| 工具 | anew | 用于向文件添加新行、跳过重复项的工具 | |||
| 工具 | SerializationDumper | 一种以更易于阅读的形式转储 Java 序列化流的工具。 | deserialize | ||
| 工具 | wssip | 用于从客户端向服务器捕获、修改和发送自定义 WebSocket 数据的应用程序,反之亦然。 | |||
| 工具 | tiscripts | Turbo 入侵者脚本 | |||
| 工具 | xless | 无服务器盲 XSS 应用程序 | xss blind-xss | ||
| 工具 | urlgrab | 一个 golang 实用程序,用于通过网站搜索其他链接。 | url | ||
| 工具 | fzf | 命令行模糊查找器 | |||
| 工具 | curl | 一个用URL语法传输数据的命令行工具和库,支持HTTP, HTTPS, FTP, FTPS, GOPHER, TFTP, SCP, SFTP, SMB, TELNET, DICT, LDAP, LDAPS, MQTT, FILE, IMAP, SMTP, POP3, RTSP 和 RTMP。libcurl 提供了无数强大的功能 | |||
| 工具 | ezXSS | ezXSS 是渗透测试人员和漏洞赏金猎人测试(盲)跨站点脚本的一种简单方法。 | xss blind-xss | ||
| 工具 | security-crawl-maze | Security Crawl Maze 是网络安全爬虫的综合测试平台。它包含代表多种方式的页面,人们可以通过这些方式从有效的 HTML 文档中链接资源。 | crawl | ||
| 工具 | Redcloud | 使用 Docker 自动部署红队基础设施 | infra | ||
| 环境 | Glue | 应用安全自动化 | |||
| 环境 | Crimson | Web 应用程序安全测试自动化。 | |||
| 环境 | pentest-env | 使用 vagrant 和 chef 的 Pentest 环境部署器(kali linux + targets)。 | pentest |
浏览器插件
| 类型 | 名称 | 描述 | 星星 | 标签 | 徽章 |
|---|---|---|---|---|---|
| 侦察 | DotGit | 检查 .git 是否在访问的网站中公开的扩展 | |||
| 侦察 | Wayback Machine | 网站历史 | |||
| 工具 | cookie-quick-manager | 用于在 Firefox 上管理(查看、搜索、创建、编辑、删除、备份、恢复)cookie 的插件。 | cookie | ||
| 工具 | PwnFox | Firefox/Burp 扩展,为您的安全审计提供有用的工具。 | |||
| 工具 | MM3 ProxySwitch | Firefox 和 Chrome 中的代理开关 | |||
| 工具 | firefox-container-proxy | 为 Firefox 容器分配代理 | |||
| 工具 | User-Agent Switcher | 在用户代理之间切换的快速简便的方法。 | |||
| 工具 | clear-cache | 单击或通过 F9 键清除浏览器缓存的附加组件。 | |||
| 工具 | Edit-This-Cookie | EditThisCookie 是著名的 Google Chrome/Chromium 扩展,用于编辑 cookie | cookie | ||
| 工具 | Dark Reader | 任何站点的暗模式 | darkmode | ||
| 工具 | postMessage-tracker | 一个 Chrome 扩展,用于跟踪 postMessage 使用情况(url、域和堆栈),既可以使用 CORS 进行日志记录,也可以可视化为扩展图标 | |||
| 工具 | eval_villain | 用于改进 DOM XSS 发现的 Firefox Web 扩展。 | xss | ||
| 工具 | Firefox Multi-Account Containers | Firefox Multi-Account Containers 让您可以将部分在线生活分成不同颜色的标签 | |||
| 工具 | Dark Reader for Safari | 任何站点的暗模式 | |||
| 工具 | jsonwebtoken.github.io | JWT 编码/解码和验证 | jwt | ||
| 工具 | Hack-Tools | Web Pentester 的一体化红队扩展🛠 |
Burpsuite 和 ZAP 插件
| 类型 | 名称 | 描述 | 星星 | 标签 | 徽章 |
|---|---|---|---|---|---|
| 侦察 | burp-retire-js | ||||
| 侦察 | BurpSuite-Secret_Finder(过期) | ||||
| 侦察 | attack-surface-detector-burp | Attack Surface Detector 使用静态代码分析通过解析路由和识别参数来识别 Web 应用端点 | endpoint | ||
| 侦察 | attack-surface-detector-zap | Attack Surface Detector 使用静态代码分析通过解析路由和识别参数来识别 Web 应用端点 | endpoint | ||
| 侦察 | Dr. Watson | Dr. Watson 是一个简单的 Burp Suite 扩展,可帮助查找资产、密钥、子域、IP 地址和其他有用信息 | param subdomains | ||
| 侦察 | reflected-parameters | param | |||
| 侦察 | HUNT | 识别易受某些漏洞类别影响的常见参数 | param | ||
| 侦察 | BurpJSLinkFinder | ||||
| 模糊器 | param-miner | param cache-vuln | |||
| 扫描器 | Autorize | aaa | |||
| 扫描器 | AuthMatrix | aaa | |||
| 扫描器 | http-request-smuggler | smuggle | |||
| 扫描器 | collaborator-everywhere | oast | |||
| 扫描器 | csp-auditor | csp | |||
| 扫描器 | BurpSuiteHTTPSmuggler | smuggle | |||
| 工具 | BurpBounty | ||||
| 工具 | burp-piper | ||||
| 工具 | taborator | oast | |||
| 工具 | Stepper | ||||
| 工具 | AWSSigner | 用于 AWS 签名的 Burp 扩展 | |||
| 工具 | inql | ||||
| 工具 | reflect | ||||
| 工具 | burp-send-to | ||||
| 工具 | AuthMatrix | 使用 Burp Suite 自动重复 HTTP 请求 | |||
| 工具 | safecopy | ||||
| 工具 | femida | ||||
| 工具 | turbo-intruder | ||||
| 效用 | owasp-zap-jwt-addon | jwt | |||
| 效用 | Neonmarker | ||||
| 工具 | BurpSuiteLoggerPlusPlus | ||||
| 工具 | Decoder-Improved | 改进了 Burp Suite 的解码器 | |||
| 工具 | http脚本生成器 | ||||
| 工具 | pcap-burp | Burp 的 Pcap 导入器 | |||
| 工具 | BurpCustomizer | 因为仅仅一个黑暗的主题是不够的! | |||
| 工具 | community-scripts | ||||
| 工具 | Berserko | 用于执行 Kerberos 身份验证的 Burp Suite 扩展 | |||
| 工具 | HTTP签名 | 一个 Burp Suite 扩展,实现了签名 HTTP 消息 draft-ietf-httpbis-message-signatures-01 草案。 | |||
| 工具 | argumentinjectionhammer | 旨在识别参数注入漏洞的 Burp 扩展。 | |||
| 工具 | zap-hud | ||||
| 工具 | burp-exporter | ||||
| 工具 | blackboxprotobuf | Blackbox protobuf 是一个 Burp Suite 扩展,用于解码和修改没有 protobuf 类型定义的任意 protobuf 消息。 | |||
| 工具 | knife | 一个向上下文菜单添加一些有用功能的 burp 扩展 添加一些右键菜单让 burp 使用起来更顺畅 | |||
| 工具 | Web3 解码器 | Web3 的 Burp 扩展 | web3 |
英文原版
Weapons
Attributes
| Attributes | |
|---|---|
| Types | Army-Knife Proxy Recon Fuzzer Scanner Exploit Env Utils Etc |
| Tags | mitmproxy live-audit crawl infra pentest subdomains dns url online takeover portscan port graphql endpoint param osint domain apk crlf ssrf jwt path-traversal cache-vuln smuggle xss cors ssl broken-link aaa exploit s3 sqli 403 dependency-confusion oast csp lfi xxe rop RMI wordlist documents blind-xss cookie notify diff zipbomb report http deserialize darkmode payload web3 |
| Langs | Java Go Shell Ruby Python Rust JavaScript C Kotlin Perl TypeScript BlitzBasic CSS C# PHP HTML C++ |
Tools
| Type | Name | Description | Star | Tags | Badges |
|---|---|---|---|---|---|
| Army-Knife | ZAP | The OWASP ZAP core project | mitmproxy live-audit crawl | ||
| Army-Knife | jaeles | The Swiss Army knife for automated Web Application Testing | live-audit | ||
| Army-Knife | axiom | A dynamic infrastructure toolkit for red teamers and bug bounty hunters! | infra | ||
| Army-Knife | Metasploit | The world’s most used penetration testing framework | pentest | ||
| Army-Knife | BurpSuite | The BurpSuite Project | mitmproxy live-audit crawl | ||
| Proxy | hetty | Hetty is an HTTP toolkit for security research. It aims to become an open source alternative to commercial software like Burp Suite Pro, with powerful features tailored to the needs of the infosec and bug bounty community. | mitmproxy | ||
| Proxy | mitmproxy | An interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers. | mitmproxy | ||
| Proxy | EvilProxy | A ruby http/https proxy to do EVIL things. | mitmproxy | ||
| Proxy | Echo Mirage | A generic network proxy that uses DLL injection to capture and alter TCP traffic. | mitmproxy | ||
| Proxy | Caido | A lightweight web security auditing toolkit | mitmproxy | ||
| Proxy | proxify | Swiss Army knife Proxy tool for HTTP/HTTPS traffic capture, manipulation and replay | mitmproxy | ||
| Recon | cariddi | Take a list of domains, crawl urls and scan for endpoints, secrets, api keys, file extensions, tokens and more | crawl | ||
| Recon | hakrawler | Simple, fast web crawler designed for easy, quick discovery of endpoints and assets within a web application | crawl | ||
| Recon | lazyrecon | This script is intended to automate your reconnaissance process in an organized fashion | |||
| Recon | Amass | In-depth Attack Surface Mapping and Asset Discovery | subdomains | ||
| Recon | dnsprobe | DNSProb (beta) is a tool built on top of retryabledns that allows you to perform multiple dns queries of your choice with a list of user supplied resolvers. | dns | ||
| Recon | subfinder | Subfinder is a subdomain discovery tool that discovers valid subdomains for websites. Designed as a passive framework to be useful for bug bounties and safe for penetration testing. | subdomains | ||
| Recon | x8 | Hidden parameters discovery suite | |||
| Recon | rengine | reNgine is an automated reconnaissance framework meant for gathering information during penetration testing of web applications. reNgine has customizable scan engines, which can be used to scan the websites, endpoints, and gather information. | |||
| Recon | knock | Knock Subdomain Scan | subdomains | ||
| Recon | katana | A next-generation crawling and spidering framework. | crawl | ||
| Recon | findomain | The fastest and cross-platform subdomain enumerator, do not waste your time. | subdomains | ||
| Recon | go-dork | The fastest dork scanner written in Go. | |||
| Recon | urlhunter | a recon tool that allows searching on URLs that are exposed via shortener services | url | ||
| Recon | DNSDumpster | Online dns recon & research, find & lookup dns records | dns online | ||
| Recon | Lepus | Subdomain finder | subdomains | ||
| Recon | waybackurls | Fetch all the URLs that the Wayback Machine knows about for a domain | url | ||
| Recon | SubOver | A Powerful Subdomain Takeover Tool | subdomains takeover | ||
| Recon | masscan | TCP port scanner, spews SYN packets asynchronously, scanning entire Internet in under 5 minutes. | portscan | ||
| Recon | goverview | goverview – Get an overview of the list of URLs | url | ||
| Recon | scilla | 🏴☠️ Information Gathering tool 🏴☠️ dns/subdomain/port enumeration | |||
| Recon | uro | declutters url lists for crawling/pentesting | url | ||
| Recon | FavFreak | Making Favicon.ico based Recon Great again ! | |||
| Recon | gobuster | Directory/File, DNS and VHost busting tool written in Go | subdomains | ||
| Recon | SecretFinder | SecretFinder – A python script for find sensitive data (apikeys, accesstoken,jwt,..) and search anything on javascript files | |||
| Recon | Silver | Mass scan IPs for vulnerable services | port | ||
| Recon | httpx | httpx is a fast and multi-purpose HTTP toolkit allow to run multiple probers using retryablehttp library, it is designed to maintain the result reliability with increased threads. | url | ||
| Recon | uncover | Quickly discover exposed hosts on the internet using multiple search engine. | |||
| Recon | graphw00f | GraphQL Server Engine Fingerprinting utility | graphql | ||
| Recon | recon_profile | Recon profile (bash profile) for bugbounty | |||
| Recon | naabu | A fast port scanner written in go with focus on reliability and simplicity. Designed to be used in combination with other tools for attack surface discovery in bug bounties and pentests | portscan | ||
| Recon | haktrails | Golang client for querying SecurityTrails API data | |||
| Recon | gitrob | Reconnaissance tool for GitHub organizations | |||
| Recon | subjack | Subdomain Takeover tool written in Go | subdomains takeover | ||
| Recon | pagodo | pagodo (Passive Google Dork) – Automate Google Hacking Database scraping and searching | |||
| Recon | OneForAll | OneForAll是一款功能强大的子域收集工具 | |||
| Recon | fhc | Fast HTTP Checker. | |||
| Recon | 3klCon | Automation Recon tool which works with Large & Medium scopes. It performs more than 20 tasks and gets back all the results in separated files. | |||
| Recon | Arjun | HTTP parameter discovery suite. | param | ||
| Recon | SubBrute | https://github.com/TheRook/subbrute | subdomains | ||
| Recon | Smap | a drop-in replacement for Nmap powered by shodan.io | port | ||
| Recon | megplus | Automated reconnaissance wrapper — TomNomNom’s meg on steroids. [DEPRECATED] | |||
| Recon | Parth | Heuristic Vulnerable Parameter Scanner | param | ||
| Recon | Chaos Web | actively scan and maintain internet-wide assets’ data. enhance research and analyse changes around DNS for better insights. | |||
| Recon | GitMiner | Tool for advanced mining for content on Github | |||
| Recon | htcat | Parallel and Pipelined HTTP GET Utility | |||
| Recon | gospider | Gospider – Fast web spider written in Go | crawl | ||
| Recon | subjs | Fetches javascript file from a list of URLS or subdomains. | url subdomains | ||
| Recon | rusolver | Fast and accurate DNS resolver. | dns | ||
| Recon | Sublist3r | Fast subdomains enumeration tool for penetration testers | subdomains | ||
| Recon | Hunt3r | Made your bugbounty subdomains reconnaissance easier with Hunt3r the web application reconnaissance framework | |||
| Recon | zdns | Fast CLI DNS Lookup Tool | dns | ||
| Recon | parameth | This tool can be used to brute discover GET and POST parameters | |||
| Recon | shuffledns | shuffleDNS is a wrapper around massdns written in go that allows you to enumerate valid subdomains using active bruteforce as well as resolve subdomains with wildcard handling and easy input-output support. | dns | ||
| Recon | getJS | A tool to fastly get all javascript sources/files | |||
| Recon | Shodan | World’s first search engine for Internet-connected devices | osint | ||
| Recon | sn0int | Semi-automatic OSINT framework and package manager | osint | ||
| Recon | github-endpoints | Find endpoints on GitHub. | |||
| Recon | Sub404 | A python tool to check subdomain takeover vulnerability | subdomains takeover | ||
| Recon | spiderfoot | SpiderFoot automates OSINT collection so that you can focus on analysis. | osint | ||
| Recon | subs_all | Subdomain Enumeration Wordlist. 8956437 unique words. Updated. | subdomains | ||
| Recon | gowitness | 🔍 gowitness – a golang, web screenshot utility using Chrome Headless | |||
| Recon | aquatone | A Tool for Domain Flyovers | domain | ||
| Recon | dnsx | dnsx is a fast and multi-purpose DNS toolkit allow to run multiple DNS queries of your choice with a list of user-supplied resolvers. | dns | ||
| Recon | SecurityTrails | Online dns / subdomain / recon tool | subdomains online | ||
| Recon | reconftw | reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities | |||
| Recon | ParamSpider | Mining parameters from dark corners of Web Archives | param | ||
| Recon | JSFScan.sh | Automation for javascript recon in bug bounty. | |||
| Recon | dmut | A tool to perform permutations, mutations and alteration of subdomains in golang. | subdomains | ||
| Recon | subzy | Subdomain takeover vulnerability checker | subdomains takeover | ||
| Recon | subgen | A really simple utility to concate wordlists to a domain name – to pipe into your favourite resolver! | subdomains | ||
| Recon | HydraRecon | All In One, Fast, Easy Recon Tool | |||
| Recon | LinkFinder | A python script that finds endpoints in JavaScript files | |||
| Recon | xnLinkFinder | A python tool used to discover endpoints (and potential parameters) for a given target | |||
| Recon | gauplus | A modified version of gau for personal usage. Support workers, proxies and some extra things. | url | ||
| Recon | dnsvalidator | Maintains a list of IPv4 DNS servers by verifying them against baseline servers, and ensuring accurate responses. | dns | ||
| Recon | Photon | Incredibly fast crawler designed for OSINT. | osint crawl | ||
| Recon | crawlergo | A powerful browser crawler for web vulnerability scanners | crawl | ||
| Recon | gau | Fetch known URLs from AlienVault’s Open Threat Exchange, the Wayback Machine, and Common Crawl. | url | ||
| Recon | Osmedeus | Fully automated offensive security framework for reconnaissance and vulnerability scanning | |||
| Recon | apkleaks | Scanning APK file for URIs, endpoints & secrets. | apk | ||
| Recon | assetfinder | Find domains and subdomains related to a given domain | subdomains | ||
| Recon | dirsearch | Web path scanner | |||
| Recon | github-subdomains | Find subdomains on GitHub | |||
| Recon | hakrevdns | Small, fast tool for performing reverse DNS lookups en masse. | |||
| Recon | BLUTO | DNS Analysis Tool | dns | ||
| Recon | CT_subdomains | An hourly updated list of subdomains gathered from certificate transparency logs | subdomains | ||
| Recon | chaos-client | Go client to communicate with Chaos DNS API. | |||
| Recon | RustScan | Faster Nmap Scanning with Rust | portscan | ||
| Recon | longtongue | Customized Password/Passphrase List inputting Target Info | |||
| Recon | meg | Fetch many paths for many hosts – without killing the hosts | |||
| Recon | altdns | Generates permutations, alterations and mutations of subdomains and then resolves them | dns | ||
| Recon | puredns | Puredns is a fast domain resolver and subdomain bruteforcing tool that can accurately filter out wildcard subdomains and DNS poisoned entries. | |||
| Recon | cc.py | Extracting URLs of a specific target based on the results of “commoncrawl.org” | url | ||
| Recon | intrigue-core | Discover Your Attack Surface | |||
| Recon | STEWS | A Security Tool for Enumerating WebSockets | |||
| Fuzzer | BruteX | Automatically brute force all services running on a target. | |||
| Fuzzer | crlfuzz | A fast tool to scan CRLF vulnerability written in Go | crlf | ||
| Fuzzer | SSRFire | An automated SSRF finder. Just give the domain name and your server and chill | ssrf | ||
| Fuzzer | SSRFmap | Automatic SSRF fuzzer and exploitation tool | ssrf | ||
| Fuzzer | wfuzz | Web application fuzzer | |||
| Fuzzer | ppfuzz | A fast tool to scan client-side prototype pollution vulnerability written in Rust. 🦀 | |||
| Fuzzer | GraphQLmap | GraphQLmap is a scripting engine to interact with a graphql endpoint for pentesting purposes. | graphql | ||
| Fuzzer | kiterunner | Contextual Content Discovery Tool | |||
| Fuzzer | jwt-hack | 🔩 jwt-hack is tool for hacking / security testing to JWT. Supported for En/decoding JWT, Generate payload for JWT attack and very fast cracking(dict/brutefoce) | jwt | ||
| Fuzzer | jwt-cracker | Simple HS256 JWT token brute force cracker | jwt | ||
| Fuzzer | hashcat | World’s fastest and most advanced password recovery utility | |||
| Fuzzer | fuzzparam | A fast go based param miner to fuzz possible parameters a URL can have. | param | ||
| Fuzzer | thc-hydra | hydra | |||
| Fuzzer | dotdotpwn | DotDotPwn – The Directory Traversal Fuzzer | path-traversal | ||
| Fuzzer | CrackQL | CrackQL is a GraphQL password brute-force and fuzzing utility. | graphql | ||
| Fuzzer | ffuf | Fast web fuzzer written in Go | |||
| Fuzzer | c-jwt-cracker | JWT brute force cracker written in C | jwt | ||
| Fuzzer | feroxbuster | A fast, simple, recursive content discovery tool written in Rust. | |||
| Fuzzer | medusa | Fastest recursive HTTP fuzzer, like a Ferrari. | |||
| Fuzzer | BatchQL | GraphQL security auditing script with a focus on performing batch GraphQL queries and mutations | graphql | ||
| Scanner | Web-Cache-Vulnerability-Scanner | Web Cache Vulnerability Scanner is a Go-based CLI tool for testing for web cache poisoning. It is developed by Hackmanit GmbH (http://hackmanit.de/). | cache-vuln | ||
| Scanner | h2csmuggler | HTTP Request Smuggling Detection Tool | smuggle | ||
| Scanner | DOMPurify | DOMPurify – a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMPurify works with a secure default, but offers a lot of configurability and hooks. Demo: | xss | ||
| Scanner | plution | Prototype pollution scanner using headless chrome | |||
| Scanner | hinject | Host Header Injection Checker | |||
| Scanner | corsair_scan | Corsair_scan is a security tool to test Cross-Origin Resource Sharing (CORS). | cors | ||
| Scanner | domdig | DOM XSS scanner for Single Page Applications | xss | ||
| Scanner | a2sv | Auto Scanning to SSL Vulnerability | ssl | ||
| Scanner | DeadFinder | Find dead-links (broken links) | broken-link | ||
| Scanner | xsinator.com | XS-Leak Browser Test Suite | |||
| Scanner | sqlmap | Automatic SQL injection and database takeover tool | |||
| Scanner | commix | Automated All-in-One OS Command Injection Exploitation Tool. | exploit | ||
| Scanner | wprecon | Hello! Welcome. Wprecon (WordPress Recon), is a vulnerability recognition tool in CMS WordPress, 100% developed in Go. | |||
| Scanner | deadlinks | Health checks for your documentation links. | broken-link | ||
| Scanner | nikto | Nikto web server scanner | |||
| Scanner | ssrf-sheriff | A simple SSRF-testing sheriff written in Go | ssrf | ||
| Scanner | NoSQLMap | Automated NoSQL database enumeration and web application exploitation tool. | |||
| Scanner | HRS | HTTP Request Smuggling demonstration Perl script, for variants 1, 2 and 5 in my BlackHat US 2020 paper HTTP Request Smuggling in 2020. | |||
| Scanner | DeepViolet | Tool for introspection of SSL\TLS sessions | ssl | ||
| Scanner | LFISuite | Totally Automatic LFI Exploiter (+ Reverse Shell) and Scanner | |||
| Scanner | headi | Customisable and automated HTTP header injection | |||
| Scanner | testssl.sh | Testing TLS/SSL encryption anywhere on any port | ssl | ||
| Scanner | nmap | Nmap – the Network Mapper. Github mirror of official SVN repository. | portscan | ||
| Scanner | nosqli | NoSql Injection CLI tool | |||
| Scanner | PPScan | Client Side Prototype Pollution Scanner | |||
| Scanner | ws-smuggler | WebSocket Connection Smuggler | smuggle | ||
| Scanner | S3Scanner | Scan for open AWS S3 buckets and dump the contents | s3 | ||
| Scanner | tplmap | Server-Side Template Injection and Code Injection Detection and Exploitation Tool | |||
| Scanner | Corsy | CORS Misconfiguration Scanner | cors | ||
| Scanner | VHostScan | A virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, work around wildcards, aliases and dynamic default pages. | |||
| Scanner | dalfox | 🌘🦊 DalFox(Finder Of XSS) / Parameter Analysis and XSS Scanning tool based on golang | xss | ||
| Scanner | S3cret Scanner | Hunting For Secrets Uploaded To Public S3 Buckets | s3 | ||
| Scanner | sqliv | massive SQL injection vulnerability scanner | sqli | ||
| Scanner | xsser | Cross Site “Scripter” (aka XSSer) is an automatic -framework- to detect, exploit and report XSS vulnerabilities in web-based applications. | xss | ||
| Scanner | DirDar | DirDar is a tool that searches for (403-Forbidden) directories to break it and get dir listing on it | 403 | ||
| Scanner | confused | Tool to check for dependency confusion vulnerabilities in multiple package management systems | dependency-confusion | ||
| Scanner | wpscan | WPScan is a free, for non-commercial use, black box WordPress Vulnerability Scanner written for security professionals and blog maintainers to test the security of their WordPress websites. | |||
| Scanner | findom-xss | A fast DOM based XSS vulnerability scanner with simplicity. | xss | ||
| Scanner | ppmap | A scanner/exploitation tool written in GO, which leverages client-side Prototype Pollution to XSS by exploiting known gadgets. | |||
| Scanner | web_cache_poison | web cache poison – Top 1 web hacking technique of 2019 | cache-vuln | ||
| Scanner | XSStrike | Most advanced XSS scanner. | xss | ||
| Scanner | nuclei | Nuclei is a fast tool for configurable targeted scanning based on templates offering massive extensibility and ease of use. | |||
| Scanner | fockcache | FockCache – Minimalized Test Cache Poisoning | |||
| Scanner | zap-cli | A simple tool for interacting with OWASP ZAP from the commandline. | |||
| Scanner | Taipan | Web application vulnerability scanner | |||
| Scanner | gitleaks | Scan git repos (or files) for secrets using regex and entropy 🔑 | |||
| Scanner | gitGraber | gitGraber | |||
| Scanner | http2smugl | This tool helps to detect and exploit HTTP request smuggling in cases it can be achieved via HTTP/2 -> HTTP/1.1 conversion by the frontend server. | |||
| Scanner | XSpear | Powerfull XSS Scanning and Parameter analysis tool&gem | xss | ||
| Scanner | http-request-smuggling | HTTP Request Smuggling Detection Tool | |||
| Scanner | autopoisoner | Web cache poisoning vulnerability scanner. | cache-vuln | ||
| Scanner | jsprime | a javascript static security analysis tool | |||
| Scanner | github-search | Tools to perform basic search on GitHub. | |||
| Scanner | websocket-connection-smuggler | websocket-connection-smuggler | smuggle | ||
| Scanner | rapidscan | The Multi-Tool Web Vulnerability Scanner. | |||
| Scanner | AWSBucketDump | Security Tool to Look For Interesting Files in S3 Buckets | s3 | ||
| Scanner | OpenRedireX | A Fuzzer for OpenRedirect issues | |||
| Scanner | Chromium-based-XSS-Taint-Tracking | Cyclops is a web browser with XSS detection feature, it is chromium-based xss detection that used to find the flows from a source to a sink. | xss | ||
| Scanner | arachni | Web Application Security Scanner Framework | |||
| Scanner | DSSS | Damn Small SQLi Scanner | sqli | ||
| Scanner | httprobe | Take a list of domains and probe for working HTTP and HTTPS servers | |||
| Scanner | CorsMe | Cross Origin Resource Sharing MisConfiguration Scanner | cors | ||
| Scanner | ditto | A tool for IDN homograph attacks and detection. | |||
| Scanner | dontgo403 | Tool to bypass 40X response codes. | 403 | ||
| Scanner | Oralyzer | Open Redirection Analyzer | |||
| Scanner | Striker | Striker is an offensive information and vulnerability scanner. | |||
| Scanner | smuggler | Smuggler – An HTTP Request Smuggling / Desync testing tool written in Python 3 | smuggle | ||
| Scanner | xsscrapy | XSS/SQLi spider. Give it a URL and it’ll test every link it finds for XSS and some SQLi. | xss | ||
| Exploit | singularity | A DNS rebinding attack framework. | |||
| Exploit | ghauri | An advanced cross-platform tool that automates the process of detecting and exploiting SQL injection security flaws | sqli | ||
| Exploit | beef | The Browser Exploitation Framework Project | xss | ||
| Exploit | Liffy | Local file inclusion exploitation tool | lfi | ||
| Exploit | Gopherus | This tool generates gopher link for exploiting SSRF and gaining RCE in various servers | ssrf | ||
| Exploit | xxeserv | A mini webserver with FTP support for XXE payloads | |||
| Exploit | of-CORS | Identifying and exploiting CORS misconfigurations on the internal networks | cors | ||
| Exploit | XXEinjector | Tool for automatic exploitation of XXE vulnerability using direct and different out of band methods. | xxe | ||
| Exploit | XXExploiter | Tool to help exploit XXE vulnerabilities | xxe | ||
| Exploit | XSRFProbe | The Prime Cross Site Request Forgery (CSRF) Audit and Exploitation Toolkit. | |||
| Exploit | Sn1per | Automated pentest framework for offensive security experts | |||
| Exploit | ropr | A blazing fast™ multithreaded ROP Gadget finder. ropper | rop | ||
| Exploit | BaRMIe | Java RMI enumeration and attack tool. | RMI | ||
| Exploit | toxssin | An XSS exploitation command-line interface and payload generator. | xss | ||
| Exploit | SQLNinja | Sqlninja is a tool targeted to exploit SQL Injection vulnerabilities. | sqli | ||
| Utils | can-i-take-over-xyz | “Can I take over XYZ?” — a list of services and how to claim (sub)domains with dangling DNS records. | |||
| Utils | Gf-Patterns | GF Paterns For (ssrf,RCE,Lfi,sqli,ssti,idor,url redirection,debug_logic) parameters grep | |||
| Utils | grc | generic colouriser | |||
| Utils | boast | The BOAST Outpost for AppSec Testing (v0.1.0) | oast | ||
| Utils | 230-OOB | An Out-of-Band XXE server for retrieving file contents over FTP. | xxe | ||
| Utils | dnsobserver | A handy DNS service written in Go to aid in the detection of several types of blind vulnerabilities. It monitors a pentester’s server for out-of-band DNS interactions and sends lookup notifications via Slack. | oast dns | ||
| Utils | CSP Evaluator | Online CSP Evaluator from google | csp | ||
| Utils | Findsploit | Find exploits in local and online databases instantly | exploit | ||
| Utils | SequenceDiagram | Online tool for creating UML sequence diagrams | online | ||
| Utils | pentest-tools | Custom pentesting tools | |||
| Utils | PayloadsAllTheThings | A list of useful payloads and bypass for Web Application Security and Pentest/CTF | |||
| Utils | bat | A cat(1) clone with wings. | |||
| Utils | Assetnote Wordlists | Automated & Manual Wordlists provided by Assetnote | wordlist documents | ||
| Utils | gron | Make JSON greppable! | |||
| Utils | jsfuck | Write any JavaScript with 6 Characters | xss | ||
| Utils | gitls | Listing git repository from URL/User/Org | |||
| Utils | gxss | Blind XSS service alerting over slack or email | xss blind-xss | ||
| Utils | cf-check | Cloudflare Checker written in Go | |||
| Utils | fff | The Fairly Fast Fetcher. Requests a bunch of URLs provided on stdin fairly quickly. | url | ||
| Utils | Blacklist3r | project-blacklist3r | |||
| Utils | hacks | A collection of hacks and one-off scripts | |||
| Utils | IntruderPayloads | ||||
| Utils | dsieve | Filter and enrich a list of subdomains by level | subdomains | ||
| Utils | grex | A command-line tool and library for generating regular expressions from user-provided test cases | |||
| Utils | hbxss | Security test tool for Blind XSS | xss blind-xss | ||
| Utils | urlprobe | Urls status code & content length checker | url | ||
| Utils | quickjack | Quickjack is a point-and-click tool for intuitively producing advanced clickjacking and frame slicing attacks. | |||
| Utils | slackcat | CLI utility to post files and command output to slack | notify | ||
| Utils | gotestwaf | An open-source project in Golang to test different web application firewalls (WAF) for detection logic and bypasses | |||
| Utils | gee | 🏵 Gee is tool of stdin to each files and stdout. It is similar to the tee command, but there are more functions for convenience. In addition, it was written as go | |||
| Utils | Phoenix | hahwul’s online tools | online | ||
| Utils | blistener | Blind-XSS listener with payloads | xss blind-xss | ||
| Utils | interactsh | An OOB interaction gathering server and client library | oast | ||
| Utils | hakcheckurl | Takes a list of URLs and returns their HTTP response codes | |||
| Utils | docem | Uility to embed XXE and XSS payloads in docx,odt,pptx,etc (OXML_XEE on steroids) | xxe xss | ||
| Utils | difftastic | a structural diff that understands syntax | diff | ||
| Utils | zip-bomb | Create a ZIPBomb for a given uncompressed size (flat and nested modes). | zipbomb | ||
| Utils | Atlas | Quick SQLMap Tamper Suggester | |||
| Utils | bountyplz | Automated security reporting from markdown templates (HackerOne and Bugcrowd are currently the platforms supported) | report | ||
| Utils | httpie | As easy as /aitch-tee-tee-pie/ 🥧 Modern, user-friendly command-line HTTP client for the API era. JSON support, colors, sessions, downloads, plugins & more. https://twitter.com/httpie | http | ||
| Utils | godeclutter | Declutters URLs in a fast and flexible way, for improving input for web hacking automations such as crawlers and vulnerability scans. | url | ||
| Utils | burl | A Broken-URL Checker | url | ||
| Utils | ysoserial.net | Deserialization payload generator for a variety of .NET formatters | deserialize | ||
| Utils | gf | A wrapper around grep, to help you grep for things | |||
| Utils | unfurl | Pull out bits of URLs provided on stdin | url | ||
| Utils | SecLists | SecLists is the security tester’s companion. It’s a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more. | wordlist documents | ||
| Utils | graphql-voyager | 🛰️ Represent any GraphQL API as an interactive graph | graphql | ||
| Utils | autochrome | This tool downloads, installs, and configures a shiny new copy of Chromium. | |||
| Utils | github-regexp | Basically a regexp over a GitHub search. | |||
| Utils | pwncat | pwncat – netcat on steroids with Firewall, IDS/IPS evasion, bind and reverse shell, self-injecting shell and port forwarding magic – and its fully scriptable with Python (PSE) | |||
| Utils | httptoolkit | HTTP Toolkit is a beautiful & open-source tool for debugging, testing and building with HTTP(S) on Windows, Linux & Mac | |||
| Utils | qsreplace | Accept URLs on stdin, replace all query string values with a user-supplied value | |||
| Utils | oxml_xxe | A tool for embedding XXE/XML exploits into different filetypes | |||
| Utils | ob_hacky_slack | Hacky Slack – a bash script that sends beautiful messages to Slack | notify | ||
| Utils | Emissary | Send notifications on different channels such as Slack, Telegram, Discord etc. | notify | ||
| Utils | hurl | Hurl, run and test HTTP requests. | |||
| Utils | xss-cheatsheet-data | This repository contains all the XSS cheatsheet data to allow contributions from the community. | xss | ||
| Utils | pet | Simple command-line snippet manager, written in Go. | |||
| Utils | Bug-Bounty-Toolz | BBT – Bug Bounty Tools | |||
| Utils | CyberChef | The Cyber Swiss Army Knife – a web app for encryption, encoding, compression and data analysis | |||
| Utils | mubeng | An incredibly fast proxy checker & IP rotator with ease. | |||
| Utils | PoC-in-GitHub | 📡 PoC auto collect from GitHub. Be careful malware. | |||
| Utils | TukTuk | Tool for catching and logging different types of requests. | oast | ||
| Utils | xssor2 | XSS’OR – Hack with JavaScript. | xss | ||
| Utils | weaponised-XSS-payloads | XSS payloads designed to turn alert(1) into P1 | xss documents | ||
| Utils | s3reverse | The format of various s3 buckets is convert in one format. for bugbounty and security testing. | s3 | ||
| Utils | wuzz | Interactive cli tool for HTTP inspection | http | ||
| Utils | security-research-pocs | Proof-of-concept codes created as part of security research done by Google Security Team. | |||
| Utils | reverse-shell-generator | Hosted Reverse Shell generator with a ton of functionality. — (Great for CTFs) | payload | ||
| Utils | XSS-Catcher | Find blind XSS but why not gather data while you’re at it. | xss blind-xss | ||
| Utils | ysoserial | A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization. | deserialize | ||
| Utils | gotator | Gotator is a tool to generate DNS wordlists through permutations. | |||
| Utils | template-generator | A simple variable based template editor using handlebarjs+strapdownjs. The idea is to use variables in markdown based files to easily replace the variables with content. Data is saved temporarily in local storage. PHP is only needed to generate the list of files in the dropdown of templates. | |||
| Utils | ZipBomb | A simple implementation of ZipBomb in Python | zipbomb | ||
| Utils | anew | A tool for adding new lines to files, skipping duplicates | |||
| Utils | SerializationDumper | A tool to dump Java serialization streams in a more human readable form. | deserialize | ||
| Utils | wssip | Application for capturing, modifying and sending custom WebSocket data from client to server and vice versa. | |||
| Utils | tiscripts | Turbo Intruder Scripts | |||
| Utils | xless | The Serverless Blind XSS App | xss blind-xss | ||
| Utils | urlgrab | A golang utility to spider through a website searching for additional links. | url | ||
| Utils | fzf | A command-line fuzzy finder | |||
| Utils | curl | A command line tool and library for transferring data with URL syntax, supporting HTTP, HTTPS, FTP, FTPS, GOPHER, TFTP, SCP, SFTP, SMB, TELNET, DICT, LDAP, LDAPS, MQTT, FILE, IMAP, SMTP, POP3, RTSP and RTMP. libcurl offers a myriad of powerful features | |||
| Utils | ezXSS | ezXSS is an easy way for penetration testers and bug bounty hunters to test (blind) Cross Site Scripting. | xss blind-xss | ||
| Utils | security-crawl-maze | Security Crawl Maze is a comprehensive testbed for web security crawlers. It contains pages representing many ways in which one can link resources from a valid HTML document. | crawl | ||
| Utils | Redcloud | Automated Red Team Infrastructure deployement using Docker | infra | ||
| Env | Glue | Application Security Automation | |||
| Env | Crimson | Web Application Security Testing automation. | |||
| Env | pentest-env | Pentest environment deployer (kali linux + targets) using vagrant and chef. | pentest |
Browser Addons
| Type | Name | Description | Star | Tags | Badges |
|---|---|---|---|---|---|
| Recon | DotGit | An extension for checking if .git is exposed in visited websites | |||
| Recon | Wayback Machine | History of website | |||
| Utils | cookie-quick-manager | An addon to manage (view, search, create, edit, remove, backup, restore) cookies on Firefox. | cookie | ||
| Utils | PwnFox | Firefox/Burp extension that provide usefull tools for your security audit. | |||
| Utils | MM3 ProxySwitch | Proxy Switch in Firefox and Chrome | |||
| Utils | firefox-container-proxy | Assign a proxy to a Firefox container | |||
| Utils | User-Agent Switcher | quick and easy way to switch between user-agents. | |||
| Utils | clear-cache | Add-on to clear browser cache with a single click or via the F9 key. | |||
| Utils | Edit-This-Cookie | EditThisCookie is the famous Google Chrome/Chromium extension for editing cookies | cookie | ||
| Utils | Dark Reader | Dark mode to any site | darkmode | ||
| Utils | postMessage-tracker | A Chrome Extension to track postMessage usage (url, domain and stack) both by logging using CORS and also visually as an extension-icon | |||
| Utils | eval_villain | A Firefox Web Extension to improve the discovery of DOM XSS. | xss | ||
| Utils | Firefox Multi-Account Containers | Firefox Multi-Account Containers lets you keep parts of your online life separated into color-coded tabs | |||
| Utils | Dark Reader for Safari | Dark mode to any site | |||
| Utils | jsonwebtoken.github.io | JWT En/Decode and Verify | jwt | ||
| Utils | Hack-Tools | The all-in-one Red Team extension for Web Pentester 🛠 |
Burpsuite and ZAP Addons
| Type | Name | Description | Star | Tags | Badges |
|---|---|---|---|---|---|
| Recon | burp-retire-js | ||||
| Recon | BurpSuite-Secret_Finder | ||||
| Recon | attack-surface-detector-burp | The Attack Surface Detector uses static code analyses to identify web app endpoints by parsing routes and identifying parameters | endpoint | ||
| Recon | attack-surface-detector-zap | The Attack Surface Detector uses static code analyses to identify web app endpoints by parsing routes and identifying parameters | endpoint | ||
| Recon | Dr. Watson | Dr. Watson is a simple Burp Suite extension that helps find assets, keys, subdomains, IP addresses, and other useful information | param subdomains | ||
| Recon | reflected-parameters | param | |||
| Recon | HUNT | Identifies common parameters vulnerable to certain vulnerability classes | param | ||
| Recon | BurpJSLinkFinder | ||||
| Fuzzer | param-miner | param cache-vuln | |||
| Scanner | Autorize | aaa | |||
| Scanner | AuthMatrix | aaa | |||
| Scanner | http-request-smuggler | smuggle | |||
| Scanner | collaborator-everywhere | oast | |||
| Scanner | csp-auditor | csp | |||
| Scanner | BurpSuiteHTTPSmuggler | smuggle | |||
| Utils | BurpBounty | ||||
| Utils | burp-piper | ||||
| Utils | taborator | oast | |||
| Utils | Stepper | ||||
| Utils | AWSSigner | Burp Extension for AWS Signing | |||
| Utils | inql | ||||
| Utils | reflect | ||||
| Utils | burp-send-to | ||||
| Utils | AuthMatrix | Automated HTTP Request Repeating With Burp Suite | |||
| Utils | safecopy | ||||
| Utils | femida | ||||
| Utils | turbo-intruder | ||||
| utils | owasp-zap-jwt-addon | jwt | |||
| utils | Neonmarker | ||||
| Utils | BurpSuiteLoggerPlusPlus | ||||
| Utils | Decoder-Improved | Improved decoder for Burp Suite | |||
| Utils | http-script-generator | ||||
| Utils | pcap-burp | Pcap importer for Burp | |||
| Utils | BurpCustomizer | Because just a dark theme wasn’t enough! | |||
| Utils | community-scripts | ||||
| Utils | Berserko | Burp Suite extension to perform Kerberos authentication | |||
| Utils | HTTPSignatures | A Burp Suite extension implementing the Signing HTTP Messages draft-ietf-httpbis-message-signatures-01 draft. | |||
| Utils | argumentinjectionhammer | A Burp Extension designed to identify argument injection vulnerabilities. | |||
| Utils | zap-hud | ||||
| Utils | burp-exporter | ||||
| Utils | blackboxprotobuf | Blackbox protobuf is a Burp Suite extension for decoding and modifying arbitrary protobuf messages without the protobuf type definition. | |||
| Utils | knife | A burp extension that add some useful function to Context Menu 添加一些右键菜单让burp用起来更顺畅 | |||
| Utils | Web3 Decoder | Burp Extension for Web3 | web3 |
项目地址:
GitHub:
https://github.com/hahwul/WebHackersWeapons
转载请注明出处及链接