-
Notifications
You must be signed in to change notification settings - Fork 30
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
PIPELINE: tools list for web_3.1.1_amd64
- Loading branch information
exegol-images[pipeline]
committed
Aug 18, 2023
1 parent
41852ab
commit fa6ea91
Showing
2 changed files
with
143 additions
and
0 deletions.
There are no files selected for viewing
142 changes: 142 additions & 0 deletions
142
source/assets/installed_tools/lists/web_3.1.1_amd64.csv
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,142 @@ | ||
Tool,Link,Description | ||
amass,https://github.com/OWASP/Amass,A DNS enumeration / attack surface mapping & external assets discovery tool | ||
anew,https://github.com/tomnomnom/anew,A simple tool for filtering and manipulating text data / such as log files and other outputs. | ||
arjun,https://github.com/s0md3v/Arjun,HTTP parameter discovery suite. | ||
arsenal,https://github.com/Orange-Cyberdefense/arsenal,Powerful weapons for penetration testing. | ||
ascii,https://github.com/moul/ascii,ASCII command-line tool to replace images with color-coded ASCII art. | ||
assetfinder,https://github.com/tomnomnom/assetfinder,Tool to find subdomains and IP addresses associated with a domain. | ||
bolt,https://github.com/s0md3v/bolt,Bolt crawls the target website to the specified depth and stores all the HTML forms found in a database for further processing. | ||
brakeman,https://github.com/presidentbeef/brakeman,Static analysis tool for Ruby on Rails applications | ||
bruteforce-luks,https://github.com/glv2/bruteforce-luks,A tool to help recover encrypted LUKS2 containers | ||
burpsuite,https://portswigger.net/burp,Web application security testing tool. | ||
buster,https://github.com/sham00n/Buster,Advanced OSINT tool | ||
byp4xx,https://github.com/lobuhi/byp4xx,A Swiss Army knife for bypassing web application firewalls and filters. | ||
carbon14,https://github.com/Lazza/carbon14,OSINT tool for estimating when a web page was written. | ||
cewl,https://digi.ninja/projects/cewl.php,Generates custom wordlists by spidering a target's website and parsing the results | ||
cloudfail,https://github.com/m0rtem/CloudFail,a reconnaissance tool for identifying misconfigured CloudFront domains. | ||
clusterd,https://github.com/hatRiot/clusterd,A tool to distribute and remotely manage Hacking Team's RCS agents. | ||
cmsmap,https://github.com/Dionach/CMSmap,Tool for security audit of web content management systems. | ||
constellation,https://github.com/constellation-app/Constellation,Find and exploit vulnerabilities in mobile applications. | ||
corscanner,https://github.com/chenjj/CORScanner,a Python script for finding CORS misconfigurations. | ||
crunch,https://github.com/crunchsec/crunch,A wordlist generator where you can specify a standard character set or a character set you specify. | ||
cupp,https://github.com/Mebus/cupp,Cupp is a tool used to generate personalized password lists based on target information. | ||
dirb,https://github.com/v0re/dirb,Web Content Scanner | ||
dirsearch,https://github.com/maurosoria/dirsearch,Tool for searching files and directories on a web site. | ||
dnsenum,https://github.com/fwaeytens/dnsenum,dnsenum is a tool for enumerating DNS information about a domain. | ||
droopescan,https://github.com/droope/droopescan,Scan Drupal websites for vulnerabilities. | ||
drupwn,https://github.com/immunIT/drupwn,Drupal security scanner. | ||
exifprobe,https://github.com/hfiguiere/exifprobe,Exifprobe is a command-line tool to parse EXIF data from image files. | ||
exiftool,https://github.com/exiftool/exiftool,ExifTool is a Perl library and command-line tool for reading / writing and editing meta information in image / audio and video files. | ||
eyewitness,https://github.com/FortyNorthSecurity/EyeWitness,a tool to take screenshots of websites / provide some server header info / and identify default credentials if possible. | ||
fcrackzip,https://github.com/hyc/fcrackzip,Password cracker for zip archives. | ||
feroxbuster,https://github.com/epi052/feroxbuster,Simple / fast and recursive content discovery tool | ||
ffuf,https://github.com/ffuf/ffuf,Fast web fuzzer written in Go. | ||
finalrecon,https://github.com/thewhiteh4t/FinalRecon,A web reconnaissance tool that gathers information about web pages | ||
findomain,https://github.com/findomain/findomain,The fastest and cross-platform subdomain enumerator. | ||
firefox,https://www.mozilla.org,A web browser | ||
fuxploider,https://github.com/almandin/fuxploider,a Python tool for finding and exploiting file upload forms/directories. | ||
gau,https://github.com/lc/gau,Fast tool for fetching URLs | ||
genusernames,https://gitlab.com/-/snippets/2480505/raw/main/bash,GenUsername is a Python tool for generating a list of usernames based on a name or email address. | ||
gf,https://github.com/tomnomnom/gf,A wrapper around grep to avoid typing common patterns | ||
git-dumper,https://github.com/arthaud/git-dumper,Small script to dump a Git repository from a website. | ||
githubemail,https://github.com/paulirish/github-email,a command-line tool to retrieve a user's email from Github. | ||
gittools,https://github.com/internetwache/GitTools,A collection of Git tools including a powerful Dumper for dumping Git repositories. | ||
gobuster,https://github.com/OJ/gobuster,Tool to discover hidden files and directories. | ||
gopherus,https://github.com/tarunkant/Gopherus,Gopherus is a simple command line tool for exploiting vulnerable Gopher servers. | ||
goshs,https://github.com/patrickhener/goshs,Goshs is a replacement for Python's SimpleHTTPServer. It allows uploading and downloading via HTTP/S with either self-signed certificate or user provided certificate and you can use HTTP basic auth. | ||
gowitness,https://github.com/sensepost/gowitness,A website screenshot utility written in Golang. | ||
gron,https://github.com/tomnomnom/gron,Make JSON greppable! | ||
h2csmuggler,https://github.com/BishopFox/h2csmuggler,HTTP Request Smuggling tool using H2C upgrade | ||
h8mail,https://github.com/khast3x/h8mail,Email OSINT and breach hunting. | ||
haiti,https://github.com/noraj/haiti,haiti is a A CLI tool (and library) to identify hash types (hash type identifier). | ||
hakrawler,https://github.com/hakluke/hakrawler,a fast web crawler for gathering URLs and other information from websites | ||
hakrevdns,https://github.com/hakluke/hakrevdns,Reverse DNS lookup utility that can help with discovering subdomains and other information. | ||
hashcat,https://hashcat.net/hashcat,A tool for advanced password recovery | ||
holehe,https://github.com/megadose/holehe,Exploit a vulnerable Samba service to gain root access. | ||
httpmethods,https://github.com/ShutdownRepo/httpmethods,Tool for exploiting HTTP methods (e.g. PUT / DELETE / etc.) | ||
httprobe,https://github.com/tomnomnom/httprobe,A simple utility for enumerating HTTP and HTTPS servers. | ||
httpx,https://github.com/projectdiscovery/httpx,A tool for identifying web technologies and vulnerabilities / including outdated software versions and weak encryption protocols. | ||
ignorant,https://github.com/megadose/ignorant,holehe but for phone numbers. | ||
imagemagick,https://github.com/ImageMagick/ImageMagick,ImageMagick is a free and open-source image manipulation tool used to create / edit / compose / or convert bitmap images. | ||
infoga,https://github.com/m4ll0k/Infoga,Information gathering tool for hacking. | ||
ipinfo,https://github.com/ipinfo/cli,Get information about an IP address or hostname. | ||
jdwp,https://github.com/IOActive/jdwp-shellifier,This exploitation script is meant to be used by pentesters against active JDWP service / in order to gain Remote Code Execution. | ||
john,https://github.com/openwall/john,John the Ripper password cracker. | ||
joomscan,https://github.com/rezasp/joomscan,A tool to enumerate Joomla-based websites | ||
jwt,https://github.com/ticarpi/jwt_tool,a command-line tool for working with JSON Web Tokens (JWTs) | ||
kadimus,https://github.com/P0cL4bs/Kadimus,a tool for detecting and exploiting file upload vulnerabilities | ||
kiterunner,https://github.com/assetnote/kiterunner,Tool for operating Active Directory environments. | ||
Kraken,https://github.com/kraken-ng/Kraken.git,Kraken is a modular multi-language webshell focused on web post-exploitation and defense evasion. It supports three technologies (PHP / JSP and ASPX) and is core is developed in Python. | ||
linkedin2username,https://github.com/initstring/linkedin2username,Generate a list of LinkedIn usernames from a company name. | ||
linkfinder,https://github.com/GerbenJavado/LinkFinder,a Python script that finds endpoints and their parameters in JavaScript files. | ||
maigret,https://github.com/soxoj/maigret,Collects information about a target email (or domain) from Google and Bing search results | ||
maltego,https://www.paterva.com/web7/downloads.php,A tool used for open-source intelligence and forensics | ||
mdcat,https://github.com/swsnr/mdcat,Fancy cat for Markdown | ||
moodlescan,https://github.com/inc0d3/moodlescan,Scan Moodle sites for information and vulnerabilities. | ||
naabu,https://github.com/projectdiscovery/naabu,A fast and reliable port scanner that can detect open ports and services. | ||
name-that-hash,https://github.com/HashPals/Name-That-Hash,Online tool for identifying hashes. | ||
ngrok,https://github.com/inconshreveable/ngrok,Expose a local server behind a NAT or firewall to the internet | ||
nosqlmap,https://github.com/codingo/NoSQLMap,a Python tool for testing NoSQL databases for security vulnerabilities. | ||
nuclei,https://github.com/projectdiscovery/nuclei,A fast and customizable vulnerability scanner that can detect a wide range of issues / including XSS / SQL injection / and misconfigured servers. | ||
objectwalker,https://github.com/p0dalirius/objectwalker,A python module to explore the object tree to extract paths to interesting objects in memory. | ||
oneforall,https://github.com/shmilylty/OneForAll,a powerful subdomain collection tool. | ||
osrframework,https://github.com/i3visio/osrframework,Include references to a bunch of different applications related to username checking / DNS lookups / information leaks research / deep web search / regular expressions extraction and many others. | ||
pass,https://github.com/hashcat/hashcat,TODO | ||
patator,https://github.com/lanjelot/patator,Login scanner. | ||
pdfcrack,https://github.com/robins/pdfcrack,A tool for cracking password-protected PDF files | ||
phoneinfoga,https://github.com/sundowndev/PhoneInfoga,Information gathering & OSINT framework for phone numbers. | ||
photon,https://github.com/s0md3v/Photon,a fast web crawler which extracts URLs / files / intel & endpoints from a target. | ||
PHP filter chain generator,https://github.com/synacktiv/php_filter_chain_generator,A CLI to generate PHP filters chain / get your RCE without uploading a file if you control entirely the parameter passed to a require or an include in PHP! | ||
phpggc,https://github.com/ambionics/phpggc,Exploit generation tool for the PHP platform. | ||
prips,https://manpages.ubuntu.com/manpages/focal/man1/prips.1.html,A utility for quickly generating IP ranges or enumerating hosts within a specified range. | ||
pwndb,https://github.com/davidtavarez/pwndb,A command-line tool for searching the pwndb database of compromised credentials. | ||
pwnedornot,https://github.com/thewhiteh4t/pwnedOrNot,Check if a password has been leaked in a data breach. | ||
recon-ng,https://github.com/lanmaster53/recon-ng,External recon tool. | ||
recondog,https://github.com/s0md3v/ReconDog,a reconnaissance tool for performing information gathering on a target. | ||
rlwrap,https://github.com/hanslub42/rlwrap,rlwrap is a small utility that wraps input and output streams of executables / making it possible to edit and re-run input history | ||
robotstester,https://github.com/p0dalirius/robotstester,Utility for testing whether a website's robots.txt file is correctly configured. | ||
rockyou,https://github.com/brannondorsey/naive-hashcat/releases/download/data/rockyou.txt,A password dictionary used by most hackers | ||
rsync,https://packages.debian.org/sid/rsync,File synchronization tool for efficiently copying and updating data between local or remote locations | ||
searchsploit,https://gitlab.com/exploit-database/exploitdb,A command line search tool for Exploit-DB | ||
seclists,https://github.com/danielmiessler/SecLists,A collection of multiple types of lists used during security assessments | ||
semgrep,https://github.com/returntocorp/semgrep/,Static analysis tool that supports multiple languages and can find a variety of vulnerabilities and coding errors. | ||
shellerator,https://github.com/ShutdownRepo/Shellerator,a simple command-line tool for generating shellcode | ||
simplyemail,https://github.com/SimplySecurity/SimplyEmail,a scriptable command line tool for sending emails | ||
smuggler,https://github.com/defparam/smuggler,Smuggler is a tool that helps pentesters and red teamers to smuggle data into and out of the network even when there are multiple layers of security in place. | ||
SoapUI,https://github.com/SmartBear/soapui,SoapUI is the world's leading testing tool for API testing. | ||
spiderfoot,https://github.com/smicallef/spiderfoot,A reconnaissance tool that automatically queries over 100 public data sources | ||
sqlmap,https://github.com/sqlmapproject/sqlmap,Sqlmap is an open-source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws | ||
sslscan,https://github.com/rbsec/sslscan,a tool for testing SSL/TLS encryption on servers | ||
ssrfmap,https://github.com/swisskyrepo/SSRFmap,a tool for testing SSRF vulnerabilities. | ||
subfinder,https://github.com/projectdiscovery/subfinder,Tool to find subdomains associated with a domain. | ||
sublist3r,https://github.com/aboul3la/Sublist3r,a Python tool designed to enumerate subdomains of websites. | ||
swaks,https://github.com/jetmore/swaks,Swaks is a featureful flexible scriptable transaction-oriented SMTP test tool. | ||
symfony-exploits,https://github.com/ambionics/symfony-exploits,Collection of Symfony exploits and PoCs. | ||
testssl,https://github.com/drwetter/testssl.sh,a tool for testing SSL/TLS encryption on servers | ||
theharvester,https://github.com/laramies/theHarvester,Tool for gathering e-mail accounts / subdomain names / virtual host / open ports / banners / and employee names from different public sources | ||
timing,https://github.com/ffleming/timing_attack,Tool to generate a timing profile for a given command. | ||
tls-scanner,https://github.com/tls-attacker/tls-scanner,a simple script to check the security of a remote TLS/SSL web server | ||
tomcatwardeployer,https://github.com/mgeeky/tomcatwardeployer,Script to deploy war file in Tomcat. | ||
tor,https://github.com/torproject/tor,Anonymity tool that can help protect your privacy and online identity by routing your traffic through a network of servers. | ||
toutatis,https://github.com/megadose/Toutatis,Toutatis is a tool that allows you to extract information from instagrams accounts such as e-mails / phone numbers and more. | ||
trevorspray,https://github.com/blacklanternsecurity/TREVORspray,TREVORspray is a modular password sprayer with threading SSH proxying loot modules / and more | ||
trilium,https://github.com/zadam/trilium,Personal knowledge management system. | ||
uberfile,https://github.com/ShutdownRepo/Uberfile,Uberfile is a simple command-line tool aimed to help pentesters quickly generate file downloader one-liners in multiple contexts (wget / curl / powershell / certutil...). This project code is based on my other similar project for one-liner reverseshell generation Shellerator. | ||
updog,https://github.com/sc0tfree/updog,Simple replacement for Python's SimpleHTTPServer. | ||
username-anarchy,https://github.com/urbanadventurer/username-anarchy,Tools for generating usernames when penetration testing. Usernames are half the password brute force problem. | ||
vulny-code-static-analysis,https://github.com/swisskyrepo/Vulny-Code-Static-Analysis,Static analysis tool for C code | ||
wafw00f,https://github.com/EnableSecurity/wafw00f,a Python tool that helps to identify and fingerprint web application firewall (WAF) products. | ||
waybackurls,https://github.com/tomnomnom/waybackurls,Fetch all the URLs that the Wayback Machine knows about for a domain. | ||
weevely,https://github.com/epinna/weevely3,a webshell designed for post-exploitation purposes that can be extended over the network at runtime. | ||
wfuzz,https://github.com/xmendez/wfuzz,WFuzz is a web application vulnerability scanner that allows you to find vulnerabilities using a wide range of attack payloads and fuzzing techniques | ||
whatportis,https://github.com/ncrocfer/whatportis,Command-line tool to lookup port information | ||
whatweb,https://github.com/urbanadventurer/WhatWeb,Next generation web scanner that identifies what websites are running. | ||
whois,https://packages.debian.org/sid/whois,See information about a specific domain name or IP address. | ||
wpscan,https://github.com/wpscanteam/wpscan,A tool to enumerate WordPress-based websites | ||
wuzz,https://github.com/asciimoo/wuzz,a command-line tool for interacting with HTTP(S) web services | ||
XSpear,https://github.com/hahwul/XSpear,a powerful XSS scanning and exploitation tool. | ||
xsrfprobe,https://github.com/0xInfection/XSRFProbe,a tool for detecting and exploiting Cross-Site Request Forgery (CSRF) vulnerabilities | ||
xsser,https://github.com/epsylon/xsser,XSS scanner. | ||
xsstrike,https://github.com/s0md3v/XSStrike,a Python tool for detecting and exploiting XSS vulnerabilities. | ||
youtubedl,https://github.com/ytdl-org/youtube-dl,Download videos from YouTube and other sites. | ||
ysoserial,https://github.com/frohoff/ysoserial,A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters