WebHackersWeapons

<h1 align="center"> <br> <a href=""><img src="https://user-images.githubusercontent.com/13212227/104400969-9f3d9280-5596-11eb-80f4-864effae95fc.png" alt="" width="500px;"></a> <br> <img src="https://img.shields.io/github/last-commit/hahwul/WebHackersWeapons?style=flat"> <img src="https://img.shields.io/badge/PRs-welcome-cyan"> <img src="https://github.com/hahwul/WebHackersWeapons/actions/workflows/cd.yml/badge.svg"> <a href="https://twitter.com/intent/follow?screen_name=hahwul"><img src="https://img.shields.io/twitter/follow/hahwul?style=flat&logo=twitter"></a> </h1> A collection of awesome tools used by Web hackers. Happy hacking , Happy bug-hunting

Family project

Weapons
Contribute
Thanks to contributor

Weapons

Attributes

	Attributes
Types	`Army-Knife` `Proxy` `Recon` `Fuzzer` `Scanner` `Exploit` `Env` `Utils` `Etc`
Tags	`infra` `pentest` `live-audit` `mitmproxy` `crawl` `recon` `exploit` `subdomains` `portscan` `url` `js-analysis` `dns` `osint` `param` `apk` `endpoint` `csp` `attack-surface` `favicon` `port` `takeover` `domain` `online` `graphql` `cache-vuln` `ssrf` `prototypepollution` `prototype-pollution` `ssti` `crlf` `smuggle` `fuzz` `jwt` `header` `path-traversal` `xss` `s3` `cors` `nosqli` `dependency-confusion` `broken-link` `403` `sqli` `aaa` `ssl` `lfi` `rfi` `oast` `RMI` `xxe` `rop` `deserialize` `notify` `dom` `report` `nuclei-templates` `json` `blind-xss` `wordlist` `documents` `payload` `note` `web3` `http` `cookie` `browser-record` `encode` `darkmode` `clipboard` `zipbomb` `diff` `gRPC-Web`
Langs	`Shell` `Ruby` `Go` `Java` `Rust` `Python` `C` `Crystal` `Kotlin` `JavaScript` `Perl` `C#` `TypeScript` `Txt` `BlitzBasic` `CSS` `PHP` `C++` `HTML`

Tools

Type	Name	Description	Tags
Army-Knife	axiom	A dynamic infrastructure toolkit for red teamers and bug bounty hunters!	`infra`
Army-Knife	Metasploit	The world’s most used penetration testing framework	`pentest`
Army-Knife	jaeles	The Swiss Army knife for automated Web Application Testing	`live-audit`
Army-Knife	BurpSuite	The BurpSuite Project	`mitmproxy` `live-audit` `crawl`
Army-Knife	ZAP	The ZAP core project	`mitmproxy` `live-audit` `crawl`
Army-knife	Ronin	Free and Open Source Ruby Toolkit for Security Research and Development	`pentest` `crawl` `recon` `exploit`
Proxy	hetty	Hetty is an HTTP toolkit for security research. It aims to become an open source alternative to commercial software like Burp Suite Pro, with powerful features tailored to the needs of the infosec and bug bounty community.	`mitmproxy`
Proxy	Echo Mirage	A generic network proxy that uses DLL injection to capture and alter TCP traffic.	`mitmproxy`
Proxy	Caido	A lightweight web security auditing toolkit	`mitmproxy`
Proxy	mitmproxy	An interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers.	`mitmproxy`
Proxy	proxify	Swiss Army knife Proxy tool for HTTP/HTTPS traffic capture, manipulation and replay	`mitmproxy`
Proxy	EvilProxy	A ruby http/https proxy to do EVIL things.	`mitmproxy`
Proxy	Glorp	A CLI-based HTTP intercept and replay proxy	`mitmproxy`
Recon	knock	Knock Subdomain Scan	`subdomains`
Recon	RustScan	Faster Nmap Scanning with Rust	`portscan`
Recon	gospider	Gospider - Fast web spider written in Go	`crawl`
Recon	gauplus	A modified version of gau for personal usage. Support workers, proxies and some extra things.	`url`
Recon	meg	Fetch many paths for many hosts - without killing the hosts
Recon	jsluice	Extract URLs, paths, secrets, and other interesting bits from JavaScript	`js-analysis`
Recon	puredns	Puredns is a fast domain resolver and subdomain bruteforcing tool that can accurately filter out wildcard subdomains and DNS poisoned entries.	`subdomains` `dns`
Recon	megplus	Automated reconnaissance wrapper — TomNomNom's meg on steroids.