03--Web Application HacKing

🔸 03 - Web Application HacKing

🔸 03 - Web Application HacKing
echo "\n\t\t[liffy]\n"
git clone https://github.com/mzfr/liffy
echo "\n\t\t[ffuf]\n"
git clone https://github.com/ffuf/ffuf
echo "\n\t\t[Hawk]\n"
git clone https://github.com/medpaf/hawk
echo "\n\t\t[Garud]\n"
git clone https://github.com/R0X4R/Garud
echo "\n\t\t[Juumla]\n"
git clone https://github.com/oppsec/juumla
echo "\n\t\t[XSpear]\n"
git clone https://github.com/hahwul/XSpear
echo "\n\t\t[DalFox]\n"
git clone https://github.com/hahwul/dalfox
echo "\n\t\t[Authz0]\n"
git clone https://github.com/hahwul/authz0
echo "\n\t\t[teler]\n"
git clone https://github.com/kitabisa/teler
echo "\n\t\t[Orusula]\n"
git clone https://github.com/Squuv/Orusula
echo "\n\t\t[HTTrack]\n"
git clone https://github.com/xroche/httrack
echo "\n\t\t[SQLMate]\n"
git clone https://github.com/s0md3v/sqlmate
echo "\n\t\t[w3af]\n"
git clone https://github.com/andresriancho/w3af
echo "\n\t\t[ScanT3r]\n"
git clone https://github.com/knassar702/scant3r
echo "\n\t\t[Tishna]\n"
git clone https://github.com/marciopocebon/Tishna
echo "\n\t\t[Hack-Tools]\n"
git clone https://github.com/LasCC/Hack-Tools
echo "\n\t\t[CRLFsuite]\n"
git clone https://github.com/Nefcore/CRLFsuite
echo "\n\t\t[PyPhisher]\n"
git clone https://github.com/KasRoudra/PyPhisher
echo "\n\t\t[BruteXSS]\n"
git clone https://github.com/rajeshmajumdar/BruteXSS
echo "\n\t\t[BruteSploit]\n"
git clone https://github.com/screetsec/BruteSploit
echo "\n\t\t[FinDOM-XSS]\n"
git clone https://github.com/dwisiswant0/findom-xss
echo "\n\t\t[FinDOM-XSS]\n"
git clone https://github.com/dwisiswant0/findom-xss
echo "\n\t\t[V3n0M-Scanner]\n"
git clone https://github.com/v3n0m-Scanner/V3n0M-Scanner
echo "\n\t\t[WebHackersWeapons]\n"
git clone https://github.com/hahwul/WebHackersWeapons
echo "\n\t\t[top 25 vulnerability parameters]\n"
git clone https://github.com/lutfumertceylan/top25-parameter

---

🔸 03 - Web Application HacKing

• liffy:

Local file inclusion exploitation tool

• SQLMate: A friend of SQLmap which will do what you always expected from SQLmap.

There are some features that we think SQLMap should have.
Like finding admin panel of the target, better hash cracking etc. If you think the same, SQLMate is for you.

• Tishna:

Software have 56 Options with full automation and can be use for web security swiss knife

• Hack-Tools: The all-in-one Red Team extension for Web Pentester 🛠

  HackTools, is a web extension facilitating your web application penetration tests, it includes cheat sheets as well as all the tools used during a test such as XSS payloads, Reverse shells and much more.

• BruteXSS: BruteXSS is a tool written in python simply to find XSS vulnerabilities in web application.

  This tool was originally developed by Shawar Khan in CLI.
  I just redesigned it and made it GUI for more convienience.

• V3n0M-Scanner: Popular Pentesting scanner in Python3.6 for SQLi/XSS/LFI/RFI and other Vulns

  Offensive Security Framework for Vulnerability Scanning & Pentesting
  Popular Pentesting scanner in Python3.6 for SQLi/XSS/LFI/RFI and other Vulns

• BruteSploit: BruteSploit is a collection of method for automated Generate, Bruteforce and Manipulation wordlist with interactive shell.

  That can be used during a penetration test to enumerate and maybe can be used in CTF for manipulation,combine,transform and permutation some words or file text :p

• ffuf: Fast web fuzzer written in Go

  

• HTTrack: HTTrack Website Copier, copy websites to your computer (Official repository)

  HTTrack is an offline browser utility, allowing you to download a World Wide website from the Internet to a local directory, building recursively all directories, getting html, images, and other files from the server to your computer.

• PyPhisher: Easy to use phishing tool with 65 website templates.

  Author is not responsible for any misuse.
  Ultimate phishing tool in python.
  Includes popular websites like facebook, twitter, instagram, github, reddit, gmail and many others.

• CRLFsuite: CRLFsuite - CRLF injection scanner

  CRLFsuite is a fast tool specially designed to scan CRLF injection.

• Hawk

  
  Hawk is a network and pentest utility that I developed so that I could perform different kinds of tasks using the same suite, instead of jumping from one tool to another.

• Juumla

  🦁 Juumla is a python tool created to identify Joomla version, scan for vulnerabilities and search for config files.

• WebHackersWeapons

  ⚔️ Web Hacker's Weapons / A collection of cool tools used by Web hackers.
  Happy hacking , Happy bug-hunting

  • top 25 vulnerability parameters

    For basic researches, top 25 vulnerability parameters that can be used in automation tools or manual recon. 🛡️⚔️🧙

    • 

• XSpear: Powerfull XSS Scanning and Parameter analysis tool&gem

  XSpear is XSS Scanner on ruby gems

• FinDOM-XSS: A fast DOM based XSS vulnerability scanner with simplicity.

  FinDOM-XSS is a tool that allows you to finding for possible and/ potential DOM based XSS vulnerability in a fast manner.

• Garud: An automation tool that scans sub-domains, sub-domain takeover, then filters out XSS, SSTI, SSRF, and more injection point parameters and scans for some low hanging vulnerabilities automatically.

  An automation tool that scans sub-domains, sub-domain takeover and then filters out xss, ssti, ssrf and more injection point parameters.
  

• Authz0: 🔑 Authz0 is an automated authorization test tool. Unauthorized access can be identified based on URLs and Roles & Credentials.

  URLs and Roles are managed as YAML-based templates, which can be automatically created and added through authz0.
  You can also test based on multiple authentication headers and cookies with a template file created/generated once.

• DalFox: 🌙🦊 DalFox is an powerful open source XSS scanning tool and parameter analyzer, utility

  DalFox is an powerful open source XSS scanning tool and parameter analyzer and utility that fast the process of detecting and verify XSS flaws.
  It comes with a powerful testing engine, many niche features for the cool hacker!

• ScanT3r:

  ScanT3r - Module based Bug Bounty Automation Tool

• teler: Real-time HTTP Intrusion Detection

  teler is an real-time intrusion detection and threat alert based on web log that runs in a terminal with resources that we collect and provide by the community. ❤️

• FinDOM-XSS: A fast DOM based XSS vulnerability scanner with simplicity.

  FinDOM-XSS is a tool that allows you to finding for possible and/ potential DOM based XSS vulnerability in a fast manner.

• w3af: Web Application Attack and Audit Framework

  w3af is an open source web application security scanner which helps developers and penetration testers identify and exploit vulnerabilities in their web applications.
  The scanner is able to identify 200+ vulnerabilities, including Cross-Site Scripting, SQL injection and OS commanding.

• Orusula ~ Orusula is an Website hacking tool.

  Orusula 🕷️ is An Intelligent Bot Auto Shell Exploit and detect multiple types of Cms

  

  🕷️ Features

  • Detect cms (wordpress, joomla, prestashop, drupal, opencart, magento, lokomedia)
  • Target informations gatherings
  • Multi-threading on demand
  • Checks for vulnerabilities
  • Auto shell injector
  • Exploit dork searcher

• tplmap

  Server-Side Template Injection and Code Injection Detection and Exploitation Tool

  Tplmap assists the exploitation of Code Injection and Server-Side Template Injection vulnerabilities with a number of sandbox escape techniques to get access to the underlying operating system.

---

CMS

• wpscan
• joomscan
• droopescan
• cmseek