mirror of
https://github.com/byReqz/blackmate.git
synced 2024-11-23 19:54:55 +00:00
110 lines
15 KiB
Plaintext
110 lines
15 KiB
Plaintext
0d1n|189.61913dc|Web security tool to make fuzzing at HTTP inputs, made in C with libCurl.|https://github.com/CoolerVoid/0d1n
|
|
adfind|11.b38db67|Admin Panel Finder.|https://github.com/sahakkhotsanyan/adfind
|
|
adminpagefinder|0.1|This python script looks for a large amount of possible administrative interfaces on a given site.|http://packetstormsecurity.com/files/112855/Admin-Page-Finder-Script.html
|
|
albatar|18.5a65ce4|A SQLi exploitation framework in Python.|https://github.com/lanjelot/albatar
|
|
arachni|1.4.4.gcd7b47b|A feature-full, modular, high-performance Ruby framework aimed towards helping penetration testers and administrators evaluate the security of web applications.|https://www.arachni-scanner.com
|
|
bbqsql|259.4f7c086|SQL injection exploit tool.|https://github.com/neohapsis/bbqsql
|
|
bbscan|11.be218a8|A tiny Batch weB vulnerability Scanner.|https://github.com/lijiejie/bbscan
|
|
bing-lfi-rfi|0.1|This is a python script for searching Bing for sites that may have local and remote file inclusion vulnerabilities.|http://packetstormsecurity.com/files/121590/Bing-LFI-RFI-Scanner.html
|
|
bsqlbf|2.7|Blind SQL Injection Brute Forcer.|http://code.google.com/p/bsqlbf-v2/
|
|
bsqlinjector|8.5dc3f27|Blind SQL injection exploitation tool written in ruby.|https://github.com/enjoiz/BSQLinjector
|
|
cansina|139.47f6ac8|A python-based Web Content Discovery Tool.|https://github.com/deibit/cansina
|
|
cjexploiter|4.fe2b191|Drag and Drop ClickJacking exploit development assistance tool.|https://github.com/enddo/CJExploiter
|
|
cloudget|53.807d08e|Python script to bypass cloudflare from command line. Built upon cfscrape module.|https://github.com/eudemonics/cloudget
|
|
cms-few|0.1|Joomla, Mambo, PHP-Nuke, and XOOPS CMS SQL injection vulnerability scanning tool written in Python.|http://packetstormsecurity.com/files/64722/cms_few.py.txt.html
|
|
cmsfuzz|5.6be5a98|Fuzzer for wordpress, cold fusion, drupal, joomla, and phpnuke.|https://github.com/nahamsec/CMSFuzz
|
|
commix|594.9de7c65|Automated All-in-One OS Command Injection and Exploitation Tool.|https://github.com/stasinopoulos/commix
|
|
crawlic|46.50208c7|Web recon tool (find temporary files, parse robots.txt, search folders, google dorks and search domains hosted on same server).|https://github.com/Ganapati/Crawlic
|
|
csrftester|1.0|The OWASP CSRFTester Project attempts to give developers the ability to test their applications for CSRF flaws.|http://www.owasp.org/index.php/Category:OWASP_CSRFTester_Project
|
|
darkjumper|5.8|This tool will try to find every website that host at the same server at your target|http://sourceforge.net/projects/darkjumper/
|
|
dff-scanner|1.1|Tool for finding path of predictable resource locations.|http://netsec.rs/70/tools.html
|
|
dirbuster-ng|9.0c34920|C CLI implementation of the Java dirbuster tool.|https://github.com/digination/dirbuster-ng
|
|
dirs3arch|153.ebcebc3|HTTP(S) directory/file brute forcer.|https://github.com/maurosoria/dirs3arch
|
|
domi-owned|24.e87c358|A tool used for compromising IBM/Lotus Domino servers.|https://github.com/coldfusion39/domi-owned
|
|
doork|4.3e2d70a|Passive Vulnerability Auditor.|https://github.com/AeonDave/doork
|
|
drupalscan|0.5.2|Simple non-intrusive Drupal scanner.|https://rubygems.org/gems/DrupalScan/
|
|
dsfs|32.e27d6cb|A fully functional File inclusion vulnerability scanner (supporting GET and POST parameters) written in under 100 lines of code.|https://github.com/stamparm/DSFS
|
|
dsjs|21.79cb2c4|A fully functional JavaScript library vulnerability scanner written in under 100 lines of code.|https://github.com/stamparm/DSJS
|
|
dsss|116.6d14edb|A fully functional SQL injection vulnerability scanner (supporting GET and POST parameters) written in under 100 lines of code.|https://github.com/stamparm/DSSS
|
|
dsxs|116.21427d6|A fully functional Cross-site scripting vulnerability scanner (supporting GET and POST parameters) written in under 100 lines of code.|https://github.com/stamparm/DSXS
|
|
epicwebhoneypot|2.0a|Tool which aims to lure attackers using various types of web vulnerability scanners by tricking them into believing that they have found a vulnerability on a host.|http://sourceforge.net/projects/epicwebhoneypot/
|
|
eyewitness|518.b84b21e|Designed to take screenshots of websites, provide some server header info, and identify default credentials if possible.|https://github.com/ChrisTruncer/EyeWitness
|
|
fbht|69.95c8bd5|A Facebook Hacking Tool|https://github.com/chinoogawa/fbht-linux
|
|
fhttp|1.3|This is a framework for HTTP related attacks. It is written in Perl with a GTK interface, has a proxy for debugging and manipulation, proxy chaining, evasion rules, and more.|http://packetstormsecurity.com/files/104315/FHTTP-Attack-Tool.3.html
|
|
ghost-py|0.2.3|Webkit based webclient (relies on PyQT).|http://jeanphix.github.com/Ghost.py/
|
|
golismero|40.ece1eba|Opensource web security testing framework.|https://github.com/golismero/golismero
|
|
grabber|0.1|A web application scanner. Basically it detects some kind of vulnerabilities in your website.|http://rgaucher.info/beta/grabber/
|
|
htcap|12.952aa27|A web application analysis tool for detecting communications between javascript and the server.|https://github.com/segment-srl/htcap
|
|
httpforge|11.02.01|A set of shell tools that let you manipulate, send, receive, and analyze HTTP messages. These tools can be used to test, discover, and assert the security of Web servers, apps, and sites. An accompanying Python library is available for extensions.|http://packetstormsecurity.com/files/98109/HTTPForge.02.01.html
|
|
httppwnly|36.a55b6f6|"Repeater" style XSS post-exploitation tool for mass browser control.|https://github.com/Danladi/HttpPwnly
|
|
isr-form|1.0|Simple html parsing tool that extracts all form related information and generates reports of the data. Allows for quick analyzing of data.|http://www.infobyte.com.ar/
|
|
jaidam|10.a7d7c4a|Penetration testing tool that would take as input a list of domain names, scan them, determine if wordpress or joomla platform was used and finally check them automatically, for web vulnerabilities using two well-known open source tools, WPScan and Joomscan.|https://github.com/stasinopoulos/jaidam
|
|
jomplug|0.1|This php script fingerprints a given Joomla system and then uses Packet Storm's archive to check for bugs related to the installed components.|http://packetstormsecurity.com/files/121390/Janissaries-Joomla-Fingerprint-Tool.html
|
|
jooforce|11.43c21ad|A Joomla password brute force tester.|https://github.com/rastating/jooforce
|
|
joomlascan|1.2|Joomla scanner scans for known vulnerable remote file inclusion paths and files.|http://packetstormsecurity.com/files/62126/joomlascan.2.py.txt.html
|
|
joomlavs|209.2a7f03e|A black box, Ruby powered, Joomla vulnerability scanner.|https://github.com/rastating/joomlavs
|
|
joomscan|2012.03.10|Detects file inclusion, sql injection, command execution vulnerabilities of a target Joomla! web site.|http://joomscan.sourceforge.net/
|
|
kadimus|50.5897871|LFI Scan & Exploit Tool.|https://github.com/P0cL4bs/Kadimus
|
|
kolkata|3.0|A web application fingerprinting engine written in Perl that combines cryptography with IDS evasion.|http://www.blackhatlibrary.net/Kolkata
|
|
lfi-exploiter|1.1|This perl script leverages /proc/self/environ to attempt getting code execution out of a local file inclusion vulnerability..|http://packetstormsecurity.com/files/124332/LFI-Exploiter.1.html
|
|
lfi-fuzzploit|1.1|A simple tool to help in the fuzzing for, finding, and exploiting of local file inclusion vulnerabilities in Linux-based PHP applications.|http://packetstormsecurity.com/files/106912/LFI-Fuzzploit-Tool.1.html
|
|
lfi-image-helper|0.8|A simple script to infect images with PHP Backdoors for local file inclusion attacks.|http://packetstormsecurity.com/files/129871/LFI-Image-Helper.8.html
|
|
lfi-sploiter|1.0|This tool helps you exploit LFI (Local File Inclusion) vulnerabilities. Post discovery, simply pass the affected URL and vulnerable parameter to this tool. You can also use this tool to scan a URL for LFI vulnerabilities.|http://packetstormsecurity.com/files/96056/Simple-Local-File-Inclusion-Exploiter.0.html
|
|
lfifreak|21.0c6adef|A unique automated LFi Exploiter with Bind/Reverse Shells.|https://github.com/OsandaMalith/LFiFreak/
|
|
lfimap|1.4.8|This script is used to take the highest beneficts of the local file include vulnerability in a webserver.|https://code.google.com/p/lfimap/
|
|
liffy|65.8011cdd|A Local File Inclusion Exploitation tool.|https://github.com/rotlogix/liffy
|
|
metoscan|05|Tool for scanning the HTTP methods supported by a webserver. It works by testing a URL and checking the responses for the different requests.|http://www.open-labs.org/
|
|
morxtraversal|1.0|Path Traversal checking tool.|http://www.morxploit.com/tools/
|
|
multiinjector|0.3|Automatic SQL injection utility using a lsit of URI addresses to test parameter manipulation.|http://chaptersinwebsecurity.blogspot.de/2008/11/multiinjector-v03-released.html
|
|
nosqlmap|182.0ff71dc|Automated Mongo database and NoSQL web application exploitation tool|https://github.com/tcstool/NoSQLMap.git
|
|
owasp-bywaf|26.e730d1b|A web application penetration testing framework (WAPTF).|https://github.com/depasonico/OWASP-ByWaf
|
|
owtf|1017.0bbeea1|The Offensive (Web) Testing Framework.|https://www.owasp.org/index.php/OWASP_OWTF
|
|
pappy-proxy|59.f28ab4f|An intercepting proxy for web application testing.|https://github.com/roglew/pappy-proxy
|
|
paros|3.2.13|Java-based HTTP/HTTPS proxy for assessing web app vulnerabilities. Supports editing/viewing HTTP messages on-the-fly, spiders, client certificates, proxy-chaining, intelligent scanning for XSS and SQLi, etc.|http://www.parosproxy.org
|
|
pblind|1.0|Little utility to help exploiting blind sql injection vulnerabilities.|http://www.edge-security.com/pblind.php
|
|
peepingtom|56.bc6f4d8|A tool to take screenshots of websites. Much like eyewitness.|https://bitbucket.org/LaNMaSteR53/peepingtom
|
|
phpsploit|686.d61fca7|Stealth post-exploitation framework.|https://github.com/nil0x42/phpsploit
|
|
plecost|88.149fd34|Wordpress finger printer Tool.|https://github.com/iniqua/plecost
|
|
plown|13.ccf998c|A security scanner for Plone CMS.|https://github.com/unweb/plown
|
|
proxenet|589.3e07775|THE REAL hacker friendly proxy for web application pentests.|https://github.com/hugsy/proxenet
|
|
pyfiscan|1548.d2ed692|Free web-application vulnerability and version scanner.|https://github.com/fgeek/pyfiscan
|
|
rww-attack|0.9.2|The Remote Web Workplace Attack tool will perform a dictionary attack against a live Microsoft Windows Small Business Server's 'Remote Web Workplace' portal. It currently supports both SBS 2003 and SBS 2008 and includes features to avoid account lock out.|http://packetstormsecurity.com/files/79021/Remote-Web-Workplace-Attack-Tool.html
|
|
sawef|28.e65dc9f|Send Attack Web Forms.|https://github.com/danilovazb/sawef
|
|
scrapy|1.0.5|A fast high-level scraping and web crawling framework.|http://scrapy.org
|
|
secscan|1.5|Web Apps Scanner and Much more utilities.|http://code.google.com/p/secscan-py/
|
|
shortfuzzy|0.1|A web fuzzing script written in perl.|http://packetstormsecurity.com/files/104872/Short-Fuzzy-Rat-Scanner.html
|
|
spaf|11.671a976|Static Php Analysis and Fuzzer.|https://github.com/Ganapati/spaf
|
|
sparty|0.1|An open source tool written in python to audit web applications using sharepoint and frontpage architecture.|http://sparty.secniche.org/
|
|
spiga|410.07b9055|Configurable web resource scanner.|https://github.com/getdual/scripts-n-tools/blob/master/spiga.py
|
|
spike-proxy|148|A Proxy for detecting vulnerabilities in web applications|http://www.immunitysec.com/resources-freesoftware.shtml
|
|
spipscan|69.4ad3235|SPIP (CMS) scanner for penetration testing purpose written in Python.|https://github.com/PaulSec/SPIPScan
|
|
sqid|0.3|A SQL injection digger.|http://sqid.rubyforge.org/
|
|
sqlmap|1.0.6|Automatic SQL injection and database takeover tool|http://sqlmap.org
|
|
themole|0.3|Automatic SQL injection exploitation tool.|http://sourceforge.net/projects/themole/
|
|
urlcrazy|0.5|Generate and test domain typos and variations to detect and perform typo squatting, URL hijacking, phishing, and corporate espionage.|http://www.morningstarsecurity.com/research/urlcrazy
|
|
urldigger|02c|A python tool to extract URL addresses from different HOT sources and/or detect SPAM and malicious code|https://code.google.com/p/urldigger/
|
|
vanguard|0.1|A comprehensive web penetration testing tool written in Perl thatidentifies vulnerabilities in web applications.|http://packetstormsecurity.com/files/110603/Vanguard-Pentesting-Scanner.html
|
|
vbscan|10.1afac1b|A black box vBulletin vulnerability scanner written in perl.|https://github.com/rezasp/vbscan
|
|
vega|1.0|An open source platform to test the security of web applications.|https://github.com/subgraph/Vega/wiki
|
|
vsvbp|6.241a7ab|Black box tool for Vulnerability detection in web applications.|https://github.com/varunjammula/VSVBP
|
|
wafp|0.01_26c3|An easy to use Web Application Finger Printing tool written in ruby using sqlite3 databases for storing the fingerprints.|http://packetstormsecurity.com/files/84468/Web-Application-Finger-Printer.01-26c3.html
|
|
web-soul|2|A plugin based scanner for attacking and data mining web sites written in Perl.|http://packetstormsecurity.com/files/122064/Web-Soul-Scanner.html
|
|
webhandler|324.047dddf|A handler for PHP system functions & also an alternative 'netcat' handler.|https://github.com/lnxg33k/webhandler
|
|
webslayer|5|A tool designed for brute forcing Web Applications.|https://code.google.com/p/webslayer/
|
|
webxploiter|20.41a11d1|An OWASP Top 10 Security scanner.|https://github.com/xionsec/WebXploiter
|
|
wig|561.e4e5482|WebApp Information Gatherer.|https://github.com/jekyc/wig
|
|
witchxtool|1.1|A perl script that consists of a port scanner, LFI scanner, MD5 bruteforcer, dork SQL injection scanner, fresh proxy scanner, and a dork LFI scanner.|http://packetstormsecurity.com/files/97465/Witchxtool-Port-LFI-SQL-Scanner-And-MD5-Bruteforcing-Tool.1.html
|
|
ws-attacker|1.7|A modular framework for web services penetration testing.|http://ws-attacker.sourceforge.net/
|
|
xsser|1.7|A penetration testing tool for detecting and exploiting XSS vulnerabilites.|http://xsser.sourceforge.net/
|
|
xssless|45.8e7ebe1|An automated XSS payload generator written in python.|https://github.com/mandatoryprogrammer/xssless
|
|
xsspy|25.7b1a833|Web Application XSS Scanner.|https://github.com/faizann24/XssPy
|
|
xsss|0.40b|A brute force cross site scripting scanner.|http://www.sven.de/xsss/
|
|
xssscan|17.7f1ea90|Command line tool for detection of XSS attacks in URLs. Based on ModSecurity rules from OWASP CRS.|https://github.com/gwroblew/detectXSSlib
|
|
xsssniper|0.9|An automatic XSS discovery tool|https://github.com/gbrindisi/xsssniper
|
|
xssya|12.abe1aec|A Cross Site Scripting Scanner & Vulnerability Confirmation.|https://github.com/yehia-mamdouh/XSSYA
|
|
yaaf|7.4d6273a|Yet Another Admin Finder.|https://github.com/Plasticoo/YAAF
|
|
yasuo|107.a917a6e|A ruby script that scans for vulnerable & exploitable 3rd-party web applications on a network.|https://github.com/0xsauby/yasuo
|
|
ycrawler|0.1|A web crawler that is useful for grabbing all user supplied input related to a given website and will save the output. It has proxy and log file support.|http://packetstormsecurity.com/files/98546/yCrawler-Web-Crawling-Utility.html
|
|
ysoserial|0.0.2|A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.|https://github.com/frohoff/ysoserial
|
|
zaproxy|2.5.0|Integrated penetration testing tool for finding vulnerabilities in web applications|https://www.owasp.org/index.php/ZAP
|