Tools
Softwares
Extensions
Methodology
WPScan
Wordpress Scanner
Scan wordpress websites and get an instant report of vulnerabilities.
GitHub
Sqlmap
SQL
Automatic SQL injection and database takeover tool.
GitHub
HTTPX
HTTP Toolkit
Fast and multi-purpose HTTP toolkit that allows running multiple probes using the retryablehttp library.
GitHub
Nuclei Templates
Templates
The core of nuclei scanner which powers the actual scanning engine.
GitHub
CustomBsqli
BlindSQL
Test Blind SQL Injection (BSQLi) on multiple URLs, use verbose/non-verbose modes for quick testing.
GitHub
Loxs
SQL
Efficiently detect critical web application vulnerabilities such as SQLi, XSS, LFI, CRLF injection, and Open Redirects.
GitHub
FFUF
Fuzz
Fast and efficient web fuzzer.
GitHub
GF
Wrapper
A wrapper around grep, to help you grep for things.
GitHub
URO
URLs
Declutters url lists for crawling/pentesting purposes.
GitHub
GXSS
XSS
A tool to check a bunch of URLs that contain reflecting parameters.
GitHub
KXSS
XSS
Kxss tool with a different, but very beneficial output format.
GitHub
GAU
URLs
Fetch known URLs from AlienVault's Open Threat Exchange, the Wayback Machine, and Common Crawl.
GitHub
Developed by
Javox