|
|
|
|
@ -28,7 +28,7 @@ A collection of awesome tools used by Web hackers. Happy hacking , Happy bug-hun
|
|
|
|
|
| | Attributes |
|
|
|
|
|
|-------|---------------------------------------------------|
|
|
|
|
|
| Types | `Army-Knife` `Proxy` `Recon` `Fuzzer` `Scanner` `Exploit` `Env` `Utils` `Etc`|
|
|
|
|
|
| Tags | [`infra`](/categorize/tags/infra.md) [`live-audit`](/categorize/tags/live-audit.md) [`mitmproxy`](/categorize/tags/mitmproxy.md) [`crawl`](/categorize/tags/crawl.md) [`pentest`](/categorize/tags/pentest.md) [`subdomains`](/categorize/tags/subdomains.md) [`takeover`](/categorize/tags/takeover.md) [`endpoint`](/categorize/tags/endpoint.md) [`url`](/categorize/tags/url.md) [`param`](/categorize/tags/param.md) [`dns`](/categorize/tags/dns.md) [`online`](/categorize/tags/online.md) [`port`](/categorize/tags/port.md) [`portscan`](/categorize/tags/portscan.md) [`osint`](/categorize/tags/osint.md) [`graphql`](/categorize/tags/graphql.md) [`domain`](/categorize/tags/domain.md) [`apk`](/categorize/tags/apk.md) [`crlf`](/categorize/tags/crlf.md) [`jwt`](/categorize/tags/jwt.md) [`cache-vuln`](/categorize/tags/cache-vuln.md) [`path-traversal`](/categorize/tags/path-traversal.md) [`ssrf`](/categorize/tags/ssrf.md) [`xss`](/categorize/tags/xss.md) [`smuggle`](/categorize/tags/smuggle.md) [`exploit`](/categorize/tags/exploit.md) [`broken-link`](/categorize/tags/broken-link.md) [`ssl`](/categorize/tags/ssl.md) [`cors`](/categorize/tags/cors.md) [`sqli`](/categorize/tags/sqli.md) [`aaa`](/categorize/tags/aaa.md) [`s3`](/categorize/tags/s3.md) [`403`](/categorize/tags/403.md) [`oast`](/categorize/tags/oast.md) [`csp`](/categorize/tags/csp.md) [`dependency-confusion`](/categorize/tags/dependency-confusion.md) [`xxe`](/categorize/tags/xxe.md) [`lfi`](/categorize/tags/lfi.md) [`rop`](/categorize/tags/rop.md) [`notify`](/categorize/tags/notify.md) [`blind-xss`](/categorize/tags/blind-xss.md) [`diff`](/categorize/tags/diff.md) [`darkmode`](/categorize/tags/darkmode.md) [`cookie`](/categorize/tags/cookie.md) [`documents`](/categorize/tags/documents.md) [`wordlist`](/categorize/tags/wordlist.md) [`http`](/categorize/tags/http.md) [`web3`](/categorize/tags/web3.md) [`payload`](/categorize/tags/payload.md) [`report`](/categorize/tags/report.md) |
|
|
|
|
|
| Tags | [`infra`](/categorize/tags/infra.md) [`live-audit`](/categorize/tags/live-audit.md) [`mitmproxy`](/categorize/tags/mitmproxy.md) [`crawl`](/categorize/tags/crawl.md) [`pentest`](/categorize/tags/pentest.md) [`subdomains`](/categorize/tags/subdomains.md) [`takeover`](/categorize/tags/takeover.md) [`endpoint`](/categorize/tags/endpoint.md) [`url`](/categorize/tags/url.md) [`param`](/categorize/tags/param.md) [`dns`](/categorize/tags/dns.md) [`online`](/categorize/tags/online.md) [`port`](/categorize/tags/port.md) [`portscan`](/categorize/tags/portscan.md) [`osint`](/categorize/tags/osint.md) [`graphql`](/categorize/tags/graphql.md) [`domain`](/categorize/tags/domain.md) [`apk`](/categorize/tags/apk.md) [`crlf`](/categorize/tags/crlf.md) [`jwt`](/categorize/tags/jwt.md) [`cache-vuln`](/categorize/tags/cache-vuln.md) [`path-traversal`](/categorize/tags/path-traversal.md) [`ssrf`](/categorize/tags/ssrf.md) [`xss`](/categorize/tags/xss.md) [`smuggle`](/categorize/tags/smuggle.md) [`exploit`](/categorize/tags/exploit.md) [`broken-link`](/categorize/tags/broken-link.md) [`ssl`](/categorize/tags/ssl.md) [`cors`](/categorize/tags/cors.md) [`sqli`](/categorize/tags/sqli.md) [`aaa`](/categorize/tags/aaa.md) [`s3`](/categorize/tags/s3.md) [`403`](/categorize/tags/403.md) [`oast`](/categorize/tags/oast.md) [`csp`](/categorize/tags/csp.md) [`dependency-confusion`](/categorize/tags/dependency-confusion.md) [`xxe`](/categorize/tags/xxe.md) [`lfi`](/categorize/tags/lfi.md) [`RMI`](/categorize/tags/RMI.md) [`rop`](/categorize/tags/rop.md) [`notify`](/categorize/tags/notify.md) [`blind-xss`](/categorize/tags/blind-xss.md) [`diff`](/categorize/tags/diff.md) [`darkmode`](/categorize/tags/darkmode.md) [`cookie`](/categorize/tags/cookie.md) [`documents`](/categorize/tags/documents.md) [`wordlist`](/categorize/tags/wordlist.md) [`deserialize`](/categorize/tags/deserialize.md) [`http`](/categorize/tags/http.md) [`web3`](/categorize/tags/web3.md) [`payload`](/categorize/tags/payload.md) [`report`](/categorize/tags/report.md) |
|
|
|
|
|
| Langs | [`Shell`](/categorize/langs/Shell.md) [`Go`](/categorize/langs/Go.md) [`Java`](/categorize/langs/Java.md) [`Ruby`](/categorize/langs/Ruby.md) [`Python`](/categorize/langs/Python.md) [`Rust`](/categorize/langs/Rust.md) [`JavaScript`](/categorize/langs/JavaScript.md) [`Kotlin`](/categorize/langs/Kotlin.md) [`C`](/categorize/langs/C.md) [`Perl`](/categorize/langs/Perl.md) [`TypeScript`](/categorize/langs/TypeScript.md) [`BlitzBasic`](/categorize/langs/BlitzBasic.md) [`PHP`](/categorize/langs/PHP.md) [`CSS`](/categorize/langs/CSS.md) [`HTML`](/categorize/langs/HTML.md) [`C#`](/categorize/langs/C%23.md) [`C++`](/categorize/langs/C++.md) |
|
|
|
|
|
|
|
|
|
|
### Tools
|
|
|
|
|
@ -41,9 +41,9 @@ A collection of awesome tools used by Web hackers. Happy hacking , Happy bug-hun
|
|
|
|
|
|Army-Knife|[ZAP](https://github.com/zaproxy/zaproxy)|The OWASP ZAP core project||[`mitmproxy`](/categorize/tags/mitmproxy.md) [`live-audit`](/categorize/tags/live-audit.md) [`crawl`](/categorize/tags/crawl.md)|[](/categorize/langs/Java.md)|
|
|
|
|
|
|Proxy|[proxify](https://github.com/projectdiscovery/proxify)|Swiss Army knife Proxy tool for HTTP/HTTPS traffic capture, manipulation and replay||[`mitmproxy`](/categorize/tags/mitmproxy.md)|[](/categorize/langs/Go.md)|
|
|
|
|
|
|Proxy|[mitmproxy](https://github.com/mitmproxy/mitmproxy)|An interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers.||[`mitmproxy`](/categorize/tags/mitmproxy.md)|[](/categorize/langs/Python.md)|
|
|
|
|
|
|Proxy|[Echo Mirage](https://sourceforge.net/projects/echomirage.oldbutgold.p/)|A generic network proxy that uses DLL injection to capture and alter TCP traffic.||[`mitmproxy`](/categorize/tags/mitmproxy.md)||
|
|
|
|
|
|Proxy|[hetty](https://github.com/dstotijn/hetty)|Hetty is an HTTP toolkit for security research. It aims to become an open source alternative to commercial software like Burp Suite Pro, with powerful features tailored to the needs of the infosec and bug bounty community.||[`mitmproxy`](/categorize/tags/mitmproxy.md)|[](/categorize/langs/Go.md)|
|
|
|
|
|
|Proxy|[EvilProxy](https://github.com/bbtfr/evil-proxy)|A ruby http/https proxy to do EVIL things.||[`mitmproxy`](/categorize/tags/mitmproxy.md)|[](/categorize/langs/Ruby.md)|
|
|
|
|
|
|Proxy|[Echo Mirage](https://sourceforge.net/projects/echomirage.oldbutgold.p/)|A generic network proxy that uses DLL injection to capture and alter TCP traffic.||[`mitmproxy`](/categorize/tags/mitmproxy.md)||
|
|
|
|
|
|Proxy|[Caido](https://caido.io)|A lightweight web security auditing toolkit||[`mitmproxy`](/categorize/tags/mitmproxy.md)|[](/categorize/langs/Rust.md)|
|
|
|
|
|
|Recon|[subjack](https://github.com/haccer/subjack)|Subdomain Takeover tool written in Go ||[`subdomains`](/categorize/tags/subdomains.md) [`takeover`](/categorize/tags/takeover.md)|[](/categorize/langs/Go.md)|
|
|
|
|
|
|Recon|[longtongue](https://github.com/edoardottt/longtongue)|Customized Password/Passphrase List inputting Target Info|||[](/categorize/langs/Python.md)|
|
|
|
|
|
@ -232,11 +232,11 @@ A collection of awesome tools used by Web hackers. Happy hacking , Happy bug-hun
|
|
|
|
|
|Exploit|[XSRFProbe](https://github.com/0xInfection/XSRFProbe)|The Prime Cross Site Request Forgery (CSRF) Audit and Exploitation Toolkit.|||[](/categorize/langs/Python.md)|
|
|
|
|
|
|Exploit|[beef](https://github.com/beefproject/beef)|The Browser Exploitation Framework Project||[`xss`](/categorize/tags/xss.md)|[](/categorize/langs/Ruby.md)|
|
|
|
|
|
|Exploit|[xxeserv](https://github.com/staaldraad/xxeserv)|A mini webserver with FTP support for XXE payloads|||[](/categorize/langs/Go.md)|
|
|
|
|
|
|Exploit|[SQLNinja](https://gitlab.com/kalilinux/packages/sqlninja)| SQL Injection scanner||||
|
|
|
|
|
|Exploit|[SQL Ninja](https://gitlab.com/kalilinux/packages/sqlninja)|SQL Injection scanner||||
|
|
|
|
|
|Exploit|[SQLNinja](https://gitlab.com/kalilinux/packages/sqlninja)|Sqlninja is a tool targeted to exploit SQL Injection vulnerabilities.||[`sqli`](/categorize/tags/sqli.md)|[](/categorize/langs/Perl.md)|
|
|
|
|
|
|Exploit|[singularity](https://github.com/nccgroup/singularity)|A DNS rebinding attack framework.|||[](/categorize/langs/JavaScript.md)|
|
|
|
|
|
|Exploit|[Liffy](https://github.com/mzfr/liffy)|Local file inclusion exploitation tool||[`lfi`](/categorize/tags/lfi.md)|[](/categorize/langs/Python.md)|
|
|
|
|
|
|Exploit|[toxssin](https://github.com/t3l3machus/toxssin)|An XSS exploitation command-line interface and payload generator.||[`xss`](/categorize/tags/xss.md)|[](/categorize/langs/Python.md)|
|
|
|
|
|
|Exploit|[BaRMIe](https://github.com/NickstaDB/BaRMIe)|Java RMI enumeration and attack tool.||[`RMI`](/categorize/tags/RMI.md)|[](/categorize/langs/Java.md)|
|
|
|
|
|
|Exploit|[Sn1per](https://github.com/1N3/Sn1per)|Automated pentest framework for offensive security experts |||[](/categorize/langs/Shell.md)|
|
|
|
|
|
|Exploit|[ropr](https://github.com/Ben-Lichtman/ropr)|A blazing fast™ multithreaded ROP Gadget finder. ropper||[`rop`](/categorize/tags/rop.md)|[](/categorize/langs/Rust.md)|
|
|
|
|
|
|Exploit|[Gopherus](https://github.com/tarunkant/Gopherus)|This tool generates gopher link for exploiting SSRF and gaining RCE in various servers ||[`ssrf`](/categorize/tags/ssrf.md)|[](/categorize/langs/Python.md)|
|
|
|
|
|
@ -244,6 +244,7 @@ A collection of awesome tools used by Web hackers. Happy hacking , Happy bug-hun
|
|
|
|
|
|Utils|[gxss](https://github.com/rverton/gxss)|Blind XSS service alerting over slack or email||[`xss`](/categorize/tags/xss.md) [`blind-xss`](/categorize/tags/blind-xss.md)|[](/categorize/langs/Go.md)|
|
|
|
|
|
|Utils|[pentest-tools](https://github.com/gwen001/pentest-tools)|Custom pentesting tools |||[](/categorize/langs/Python.md)|
|
|
|
|
|
|Utils|[pwncat](https://github.com/cytopia/pwncat)|pwncat - netcat on steroids with Firewall, IDS/IPS evasion, bind and reverse shell, self-injecting shell and port forwarding magic - and its fully scriptable with Python (PSE) |||[](/categorize/langs/Shell.md)|
|
|
|
|
|
|Utils|[dsieve](https://github.com/trickest/dsieve)|Filter and enrich a list of subdomains by level||[`subdomains`](/categorize/tags/subdomains.md)|[](/categorize/langs/Go.md)|
|
|
|
|
|
|Utils|[cf-check](https://github.com/dwisiswant0/cf-check)|Cloudflare Checker written in Go |||[](/categorize/langs/Go.md)|
|
|
|
|
|
|Utils|[urlgrab](https://github.com/IAmStoxe/urlgrab)|A golang utility to spider through a website searching for additional links. ||[`url`](/categorize/tags/url.md)|[](/categorize/langs/Go.md)|
|
|
|
|
|
|Utils|[Findsploit](https://github.com/1N3/Findsploit)|Find exploits in local and online databases instantly||[`exploit`](/categorize/tags/exploit.md)|[](/categorize/langs/Shell.md)|
|
|
|
|
|
@ -286,10 +287,11 @@ A collection of awesome tools used by Web hackers. Happy hacking , Happy bug-hun
|
|
|
|
|
|Utils|[xss-cheatsheet-data](https://github.com/PortSwigger/xss-cheatsheet-data)|This repository contains all the XSS cheatsheet data to allow contributions from the community. ||[`xss`](/categorize/tags/xss.md)||
|
|
|
|
|
|Utils|[Redcloud](https://github.com/khast3x/Redcloud)|Automated Red Team Infrastructure deployement using Docker||[`infra`](/categorize/tags/infra.md)|[](/categorize/langs/Python.md)|
|
|
|
|
|
|Utils|[qsreplace](https://github.com/tomnomnom/qsreplace)|Accept URLs on stdin, replace all query string values with a user-supplied value |||[](/categorize/langs/Go.md)|
|
|
|
|
|
|Utils|[ysoserial.net](https://github.com/pwntester/ysoserial.net)|Deserialization payload generator for a variety of .NET formatters |||[](/categorize/langs/C%23.md)|
|
|
|
|
|
|Utils|[ysoserial.net](https://github.com/pwntester/ysoserial.net)|Deserialization payload generator for a variety of .NET formatters ||[`deserialize`](/categorize/tags/deserialize.md)|[](/categorize/langs/C%23.md)|
|
|
|
|
|
|Utils|[fff](https://github.com/tomnomnom/fff)|The Fairly Fast Fetcher. Requests a bunch of URLs provided on stdin fairly quickly.||[`url`](/categorize/tags/url.md)|[](/categorize/langs/Go.md)|
|
|
|
|
|
|Utils|[wuzz](https://github.com/asciimoo/wuzz)|Interactive cli tool for HTTP inspection ||[`http`](/categorize/tags/http.md)|[](/categorize/langs/Go.md)|
|
|
|
|
|
|Utils|[bat](https://github.com/sharkdp/bat)|A cat(1) clone with wings.|||[](/categorize/langs/Rust.md)|
|
|
|
|
|
|Utils|[SerializationDumper](https://github.com/NickstaDB/SerializationDumper)|A tool to dump Java serialization streams in a more human readable form.||[`deserialize`](/categorize/tags/deserialize.md)|[](/categorize/langs/Java.md)|
|
|
|
|
|
|Utils|[interactsh](https://github.com/projectdiscovery/interactsh)|An OOB interaction gathering server and client library||[`oast`](/categorize/tags/oast.md)|[](/categorize/langs/Go.md)|
|
|
|
|
|
|Utils|[s3reverse](https://github.com/hahwul/s3reverse)|The format of various s3 buckets is convert in one format. for bugbounty and security testing. ||[`s3`](/categorize/tags/s3.md)|[](/categorize/langs/Go.md)|
|
|
|
|
|
|Utils|[gf](https://github.com/tomnomnom/gf)|A wrapper around grep, to help you grep for things |||[](/categorize/langs/Go.md)|
|
|
|
|
|
@ -306,7 +308,7 @@ A collection of awesome tools used by Web hackers. Happy hacking , Happy bug-hun
|
|
|
|
|
|Utils|[CyberChef](https://github.com/gchq/CyberChef)|The Cyber Swiss Army Knife - a web app for encryption, encoding, compression and data analysis |||[](/categorize/langs/JavaScript.md)|
|
|
|
|
|
|Utils|[ob_hacky_slack](https://github.com/openbridge/ob_hacky_slack)|Hacky Slack - a bash script that sends beautiful messages to Slack||[`notify`](/categorize/tags/notify.md)|[](/categorize/langs/Shell.md)|
|
|
|
|
|
|Utils|[reverse-shell-generator](https://github.com/0dayCTF/reverse-shell-generator)|Hosted Reverse Shell generator with a ton of functionality. -- (Great for CTFs)||[`payload`](/categorize/tags/payload.md)|[](/categorize/langs/JavaScript.md)|
|
|
|
|
|
|Utils|[ysoserial](https://github.com/frohoff/ysoserial)|A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization. |||[](/categorize/langs/Java.md)|
|
|
|
|
|
|Utils|[ysoserial](https://github.com/frohoff/ysoserial)|A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization. ||[`deserialize`](/categorize/tags/deserialize.md)|[](/categorize/langs/Java.md)|
|
|
|
|
|
|Utils|[httptoolkit](https://github.com/httptoolkit/httptoolkit)|HTTP Toolkit is a beautiful & open-source tool for debugging, testing and building with HTTP(S) on Windows, Linux & Mac||||
|
|
|
|
|
|Utils|[docem](https://github.com/whitel1st/docem)|Uility to embed XXE and XSS payloads in docx,odt,pptx,etc (OXML_XEE on steroids)||[`xxe`](/categorize/tags/xxe.md) [`xss`](/categorize/tags/xss.md)|[](/categorize/langs/Python.md)|
|
|
|
|
|
|Utils|[quickjack](https://github.com/samyk/quickjack)|Quickjack is a point-and-click tool for intuitively producing advanced clickjacking and frame slicing attacks.|||[](/categorize/langs/JavaScript.md)|
|
|
|
|
|
|
WHW