Powered by GitBook

Web

Everything on common web protocols

Name	Website	Source	Description	Programming language	Price	Online
Burp Suite	[Website]		Intercepting proxy to replay, inject, scan and fuzz HTTP requests (a limited free version exists)	Java	Paid	False
commix	[Website]	[Source]	Web-based command injection tester	Python	Free	False
CSWSH	[Website]		Cross-Site WebSocket Hijacking Tester		Free	False
DotDotPwn	[Website]	[Source]	Directory Traversal fuzzer	Perl	Free	False
dvcs-ripper		[Source]	Dump web accessible (distributed) version control systems (DVCS/VCS): SVN, GIT, Mercurial/hg, Bazaar/bzr, …	Perl	Free	False
git-dump		[Source]	Dump the contents of a remote git repository without directory listing enabled	JavaScript	Free	False
GitTools		[Source]	3 tools: Finder (find websites with .git repository exposed), Dumper (dump exposed .git), Extractor (extract commits and their content from a broken repository)	Shell	Free	False
Hookbin	[Website]	[Source]	HTTP request collector and inspector	Java	Free	True
LFI Freak		[Source]	LFI scan and exploit tool	Python	Free	False
Malzilla	[Website]	[Source]	Web oriented deobfuscating tool		Free	False
Mockbin	[Website]	[Source]	HTTP request collector and inspector	JavaScript	Free	True
OWASP ZAP	[Website]	[Source]	OWASP Zed Attack Proxy, intercepting proxy to replay, inject, scan and fuzz HTTP requests	Java	Free	False
Panoptic	[Website]	[Source]	Automatic LFI and Path Traversal exploitation tool	Python	Free	False
RequestBin	[Website]	[Source]	HTTP request collector and inspector		Free	True
Simple Local File Inclusion Exploiter	[Website]	[Source]	LFI exploit tool	Python	Free	False
sqlmap	[Website]	[Source]	Automatic SQL injection tool	Python	Free	False
SQLiv		[Source]	SQL injection scanner, find vulnerable entry points	Python	Free	False

Name	Website	Source	Description	Programming language	Price	Online
Hydra	[Website]	[Source]	Network login cracker	C	Free	False
Medusa	[Website]		Network login cracker		Free	False
Medusa-GUI		[Source]	GUI for Medusa	Java	Free	False
Ncrack	[Website]	[Source]	Network login cracker	C++	Free	False
Patator		[Source]	Multi-protocol brute-forcer tool	Python	Free	False

Scanner

Name	Website	Source	Description	Programming language	Price	Online
Acunetix	[Website]		Web application security scanner		Paid	True
Arachni	[Website]	[Source]	Web application security scanner framework	Ruby	Free	False
dirb	[Website]	[Source]	Web content scanner (dictionary based)		Free	False
IronWASP	[Website]	[Source]	Web security/vulnerability scanner (native for Windows only)	C	Free	False
Kadimus		[Source]	LFI, RFI, RCE scanner	C	Free	False
Netsparker	[Website]		Web application security scanner		Paid	True
nikto	[Website]	[Source]	Web security scanner	Perl	Free	False
Nosql-Exploitation-Framework		[Source]	NoSQL scanning and exploitation framework	Python	Free	False
Spaghetti		[Source]	Web application security scanner	Python	Free	False
w3af	[Website]	[Source]	Web application attack and audit framework, web-oriented security scanner	Python	Free	False
wapiti	[Website]	[Source]	Web-oriented vulnerability scanner, can generates reports		Free	False

XSS

Name	Website	Source	Description	Programming language	Price	Online
Xenotix	[Website]	[Source]	XSS detection and exploit framework (Windows only)	Python	Free	False
XSSer	[Website]	[Source]	XSS automatic scanner and exploiter	Python	Free	False
XSSor		[Source]	XSS scanner plugin for Burp Suite	Python	Free	False
XSS'OR	[Website]	[Source]	Multi-purpose tool for XSS or JavaScript analysis	JavaScript	Free	True
XSS'OR 2	[Website]	[Source]	Multi-purpose tool for XSS or JavaScript analysis	JavaScript	Free	True

Training

Name	Website	Source	Description	Programming language	Price	Online
DVWA	[Website]	[Source]	Damn Vulnerable Web Application, insecure webapp for security trainings	PHP	Free	False
OWASP Juice Shop CTF	[Website]	[Source]	Insecure webapp for security trainings	JavaScript	Free	False

results matching ""

No results matching ""