0d1n|189.61913dc|Web security tool to make fuzzing at HTTP inputs, made in C with libCurl.|https://github.com/CoolerVoid/0d1n adfind|11.b38db67|Admin Panel Finder.|https://github.com/sahakkhotsanyan/adfind adminpagefinder|0.1|This python script looks for a large amount of possible administrative interfaces on a given site.|http://packetstormsecurity.com/files/112855/Admin-Page-Finder-Script.html albatar|18.5a65ce4|A SQLi exploitation framework in Python.|https://github.com/lanjelot/albatar arachni|1.4.4.gcd7b47b|A feature-full, modular, high-performance Ruby framework aimed towards helping penetration testers and administrators evaluate the security of web applications.|https://www.arachni-scanner.com bbqsql|259.4f7c086|SQL injection exploit tool.|https://github.com/neohapsis/bbqsql bbscan|11.be218a8|A tiny Batch weB vulnerability Scanner.|https://github.com/lijiejie/bbscan bing-lfi-rfi|0.1|This is a python script for searching Bing for sites that may have local and remote file inclusion vulnerabilities.|http://packetstormsecurity.com/files/121590/Bing-LFI-RFI-Scanner.html bsqlbf|2.7|Blind SQL Injection Brute Forcer.|http://code.google.com/p/bsqlbf-v2/ bsqlinjector|8.5dc3f27|Blind SQL injection exploitation tool written in ruby.|https://github.com/enjoiz/BSQLinjector cansina|139.47f6ac8|A python-based Web Content Discovery Tool.|https://github.com/deibit/cansina cjexploiter|4.fe2b191|Drag and Drop ClickJacking exploit development assistance tool.|https://github.com/enddo/CJExploiter cloudget|53.807d08e|Python script to bypass cloudflare from command line. Built upon cfscrape module.|https://github.com/eudemonics/cloudget cms-few|0.1|Joomla, Mambo, PHP-Nuke, and XOOPS CMS SQL injection vulnerability scanning tool written in Python.|http://packetstormsecurity.com/files/64722/cms_few.py.txt.html cmsfuzz|5.6be5a98|Fuzzer for wordpress, cold fusion, drupal, joomla, and phpnuke.|https://github.com/nahamsec/CMSFuzz commix|584.4d00701|Automated All-in-One OS Command Injection and Exploitation Tool.|https://github.com/stasinopoulos/commix crawlic|45.38944f0|Web recon tool (find temporary files, parse robots.txt, search folders, google dorks and search domains hosted on same server).|https://github.com/Ganapati/Crawlic csrftester|1.0|The OWASP CSRFTester Project attempts to give developers the ability to test their applications for CSRF flaws.|http://www.owasp.org/index.php/Category:OWASP_CSRFTester_Project darkjumper|5.8|This tool will try to find every website that host at the same server at your target|http://sourceforge.net/projects/darkjumper/ dff-scanner|1.1|Tool for finding path of predictable resource locations.|http://netsec.rs/70/tools.html dirbuster-ng|9.0c34920|C CLI implementation of the Java dirbuster tool.|https://github.com/digination/dirbuster-ng dirs3arch|151.e2ff186|HTTP(S) directory/file brute forcer.|https://github.com/maurosoria/dirs3arch domi-owned|24.e87c358|A tool used for compromising IBM/Lotus Domino servers.|https://github.com/coldfusion39/domi-owned doork|4.3e2d70a|Passive Vulnerability Auditor.|https://github.com/AeonDave/doork drupalscan|0.5.2|Simple non-intrusive Drupal scanner.|https://rubygems.org/gems/DrupalScan/ dsfs|32.e27d6cb|A fully functional File inclusion vulnerability scanner (supporting GET and POST parameters) written in under 100 lines of code.|https://github.com/stamparm/DSFS dsjs|21.79cb2c4|A fully functional JavaScript library vulnerability scanner written in under 100 lines of code.|https://github.com/stamparm/DSJS dsss|116.6d14edb|A fully functional SQL injection vulnerability scanner (supporting GET and POST parameters) written in under 100 lines of code.|https://github.com/stamparm/DSSS dsxs|116.21427d6|A fully functional Cross-site scripting vulnerability scanner (supporting GET and POST parameters) written in under 100 lines of code.|https://github.com/stamparm/DSXS epicwebhoneypot|2.0a|Tool which aims to lure attackers using various types of web vulnerability scanners by tricking them into believing that they have found a vulnerability on a host.|http://sourceforge.net/projects/epicwebhoneypot/ eyewitness|518.b84b21e|Designed to take screenshots of websites, provide some server header info, and identify default credentials if possible.|https://github.com/ChrisTruncer/EyeWitness fbht|68.1ffc236|A Facebook Hacking Tool|https://github.com/chinoogawa/fbht-linux fhttp|1.3|This is a framework for HTTP related attacks. It is written in Perl with a GTK interface, has a proxy for debugging and manipulation, proxy chaining, evasion rules, and more.|http://packetstormsecurity.com/files/104315/FHTTP-Attack-Tool.3.html ghost-py|0.2.3|Webkit based webclient (relies on PyQT).|http://jeanphix.github.com/Ghost.py/ golismero|40.ece1eba|Opensource web security testing framework.|https://github.com/golismero/golismero grabber|0.1|A web application scanner. Basically it detects some kind of vulnerabilities in your website.|http://rgaucher.info/beta/grabber/ htcap|12.952aa27|A web application analysis tool for detecting communications between javascript and the server.|https://github.com/segment-srl/htcap httpforge|11.02.01|A set of shell tools that let you manipulate, send, receive, and analyze HTTP messages. These tools can be used to test, discover, and assert the security of Web servers, apps, and sites. An accompanying Python library is available for extensions.|http://packetstormsecurity.com/files/98109/HTTPForge.02.01.html httppwnly|28.8c105f4|"Repeater" style XSS post-exploitation tool for mass browser control.|https://github.com/Danladi/HttpPwnly isr-form|1.0|Simple html parsing tool that extracts all form related information and generates reports of the data. Allows for quick analyzing of data.|http://www.infobyte.com.ar/ jaidam|10.a7d7c4a|Penetration testing tool that would take as input a list of domain names, scan them, determine if wordpress or joomla platform was used and finally check them automatically, for web vulnerabilities using two well-known open source tools, WPScan and Joomscan.|https://github.com/stasinopoulos/jaidam jomplug|0.1|This php script fingerprints a given Joomla system and then uses Packet Storm's archive to check for bugs related to the installed components.|http://packetstormsecurity.com/files/121390/Janissaries-Joomla-Fingerprint-Tool.html jooforce|11.43c21ad|A Joomla password brute force tester.|https://github.com/rastating/jooforce joomlascan|1.2|Joomla scanner scans for known vulnerable remote file inclusion paths and files.|http://packetstormsecurity.com/files/62126/joomlascan.2.py.txt.html joomlavs|209.2a7f03e|A black box, Ruby powered, Joomla vulnerability scanner.|https://github.com/rastating/joomlavs joomscan|2012.03.10|Detects file inclusion, sql injection, command execution vulnerabilities of a target Joomla! web site.|http://joomscan.sourceforge.net/ kadimus|50.5897871|LFI Scan & Exploit Tool.|https://github.com/P0cL4bs/Kadimus kolkata|3.0|A web application fingerprinting engine written in Perl that combines cryptography with IDS evasion.|http://www.blackhatlibrary.net/Kolkata lfi-exploiter|1.1|This perl script leverages /proc/self/environ to attempt getting code execution out of a local file inclusion vulnerability..|http://packetstormsecurity.com/files/124332/LFI-Exploiter.1.html lfi-fuzzploit|1.1|A simple tool to help in the fuzzing for, finding, and exploiting of local file inclusion vulnerabilities in Linux-based PHP applications.|http://packetstormsecurity.com/files/106912/LFI-Fuzzploit-Tool.1.html lfi-image-helper|0.8|A simple script to infect images with PHP Backdoors for local file inclusion attacks.|http://packetstormsecurity.com/files/129871/LFI-Image-Helper.8.html lfi-sploiter|1.0|This tool helps you exploit LFI (Local File Inclusion) vulnerabilities. Post discovery, simply pass the affected URL and vulnerable parameter to this tool. You can also use this tool to scan a URL for LFI vulnerabilities.|http://packetstormsecurity.com/files/96056/Simple-Local-File-Inclusion-Exploiter.0.html lfifreak|21.0c6adef|A unique automated LFi Exploiter with Bind/Reverse Shells.|https://github.com/OsandaMalith/LFiFreak/ lfimap|1.4.8|This script is used to take the highest beneficts of the local file include vulnerability in a webserver.|https://code.google.com/p/lfimap/ liffy|65.8011cdd|A Local File Inclusion Exploitation tool.|https://github.com/rotlogix/liffy metoscan|05|Tool for scanning the HTTP methods supported by a webserver. It works by testing a URL and checking the responses for the different requests.|http://www.open-labs.org/ morxtraversal|1.0|Path Traversal checking tool.|http://www.morxploit.com/tools/ multiinjector|0.3|Automatic SQL injection utility using a lsit of URI addresses to test parameter manipulation.|http://chaptersinwebsecurity.blogspot.de/2008/11/multiinjector-v03-released.html nosqlmap|182.0ff71dc|Automated Mongo database and NoSQL web application exploitation tool|https://github.com/tcstool/NoSQLMap.git owasp-bywaf|26.e730d1b|A web application penetration testing framework (WAPTF).|https://github.com/depasonico/OWASP-ByWaf owtf|1017.0bbeea1|The Offensive (Web) Testing Framework.|https://www.owasp.org/index.php/OWASP_OWTF pappy-proxy|59.f28ab4f|An intercepting proxy for web application testing.|https://github.com/roglew/pappy-proxy paros|3.2.13|Java-based HTTP/HTTPS proxy for assessing web app vulnerabilities. Supports editing/viewing HTTP messages on-the-fly, spiders, client certificates, proxy-chaining, intelligent scanning for XSS and SQLi, etc.|http://www.parosproxy.org pblind|1.0|Little utility to help exploiting blind sql injection vulnerabilities.|http://www.edge-security.com/pblind.php peepingtom|56.bc6f4d8|A tool to take screenshots of websites. Much like eyewitness.|https://bitbucket.org/LaNMaSteR53/peepingtom phpsploit|686.d61fca7|Stealth post-exploitation framework.|https://github.com/nil0x42/phpsploit plecost|88.149fd34|Wordpress finger printer Tool.|https://github.com/iniqua/plecost plown|13.ccf998c|A security scanner for Plone CMS.|https://github.com/unweb/plown proxenet|589.3e07775|THE REAL hacker friendly proxy for web application pentests.|https://github.com/hugsy/proxenet pyfiscan|1545.a50e4ea|Free web-application vulnerability and version scanner.|https://github.com/fgeek/pyfiscan rww-attack|0.9.2|The Remote Web Workplace Attack tool will perform a dictionary attack against a live Microsoft Windows Small Business Server's 'Remote Web Workplace' portal. It currently supports both SBS 2003 and SBS 2008 and includes features to avoid account lock out.|http://packetstormsecurity.com/files/79021/Remote-Web-Workplace-Attack-Tool.html sawef|28.e65dc9f|Send Attack Web Forms.|https://github.com/danilovazb/sawef scrapy|1.0.5|A fast high-level scraping and web crawling framework.|http://scrapy.org secscan|1.5|Web Apps Scanner and Much more utilities.|http://code.google.com/p/secscan-py/ shortfuzzy|0.1|A web fuzzing script written in perl.|http://packetstormsecurity.com/files/104872/Short-Fuzzy-Rat-Scanner.html spaf|11.671a976|Static Php Analysis and Fuzzer.|https://github.com/Ganapati/spaf sparty|0.1|An open source tool written in python to audit web applications using sharepoint and frontpage architecture.|http://sparty.secniche.org/ spiga|410.07b9055|Configurable web resource scanner.|https://github.com/getdual/scripts-n-tools/blob/master/spiga.py spike-proxy|148|A Proxy for detecting vulnerabilities in web applications|http://www.immunitysec.com/resources-freesoftware.shtml spipscan|69.4ad3235|SPIP (CMS) scanner for penetration testing purpose written in Python.|https://github.com/PaulSec/SPIPScan sqid|0.3|A SQL injection digger.|http://sqid.rubyforge.org/ sqlmap|1.0.6|Automatic SQL injection and database takeover tool|http://sqlmap.org themole|0.3|Automatic SQL injection exploitation tool.|http://sourceforge.net/projects/themole/ urlcrazy|0.5|Generate and test domain typos and variations to detect and perform typo squatting, URL hijacking, phishing, and corporate espionage.|http://www.morningstarsecurity.com/research/urlcrazy urldigger|02c|A python tool to extract URL addresses from different HOT sources and/or detect SPAM and malicious code|https://code.google.com/p/urldigger/ vanguard|0.1|A comprehensive web penetration testing tool written in Perl thatidentifies vulnerabilities in web applications.|http://packetstormsecurity.com/files/110603/Vanguard-Pentesting-Scanner.html vbscan|10.1afac1b|A black box vBulletin vulnerability scanner written in perl.|https://github.com/rezasp/vbscan vega|1.0|An open source platform to test the security of web applications.|https://github.com/subgraph/Vega/wiki vsvbp|6.241a7ab|Black box tool for Vulnerability detection in web applications.|https://github.com/varunjammula/VSVBP wafp|0.01_26c3|An easy to use Web Application Finger Printing tool written in ruby using sqlite3 databases for storing the fingerprints.|http://packetstormsecurity.com/files/84468/Web-Application-Finger-Printer.01-26c3.html web-soul|2|A plugin based scanner for attacking and data mining web sites written in Perl.|http://packetstormsecurity.com/files/122064/Web-Soul-Scanner.html webhandler|324.047dddf|A handler for PHP system functions & also an alternative 'netcat' handler.|https://github.com/lnxg33k/webhandler webslayer|5|A tool designed for brute forcing Web Applications.|https://code.google.com/p/webslayer/ webxploiter|20.41a11d1|An OWASP Top 10 Security scanner.|https://github.com/xionsec/WebXploiter wig|561.e4e5482|WebApp Information Gatherer.|https://github.com/jekyc/wig witchxtool|1.1|A perl script that consists of a port scanner, LFI scanner, MD5 bruteforcer, dork SQL injection scanner, fresh proxy scanner, and a dork LFI scanner.|http://packetstormsecurity.com/files/97465/Witchxtool-Port-LFI-SQL-Scanner-And-MD5-Bruteforcing-Tool.1.html ws-attacker|1.7|A modular framework for web services penetration testing.|http://ws-attacker.sourceforge.net/ xsser|1.7|A penetration testing tool for detecting and exploiting XSS vulnerabilites.|http://xsser.sourceforge.net/ xssless|45.8e7ebe1|An automated XSS payload generator written in python.|https://github.com/mandatoryprogrammer/xssless xsspy|25.7b1a833|Web Application XSS Scanner.|https://github.com/faizann24/XssPy xsss|0.40b|A brute force cross site scripting scanner.|http://www.sven.de/xsss/ xssscan|17.7f1ea90|Command line tool for detection of XSS attacks in URLs. Based on ModSecurity rules from OWASP CRS.|https://github.com/gwroblew/detectXSSlib xsssniper|0.9|An automatic XSS discovery tool|https://github.com/gbrindisi/xsssniper xssya|12.abe1aec|A Cross Site Scripting Scanner & Vulnerability Confirmation.|https://github.com/yehia-mamdouh/XSSYA yaaf|7.4d6273a|Yet Another Admin Finder.|https://github.com/Plasticoo/YAAF yasuo|107.a917a6e|A ruby script that scans for vulnerable & exploitable 3rd-party web applications on a network.|https://github.com/0xsauby/yasuo ycrawler|0.1|A web crawler that is useful for grabbing all user supplied input related to a given website and will save the output. It has proxy and log file support.|http://packetstormsecurity.com/files/98546/yCrawler-Web-Crawling-Utility.html ysoserial|0.0.2|A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.|https://github.com/frohoff/ysoserial zaproxy|2.5.0|Integrated penetration testing tool for finding vulnerabilities in web applications|https://www.owasp.org/index.php/ZAP