Tools and Scripts

This page links to various tools and scripts which might be useful when attempting a target or automizing different tasks. Open-source software only!
Back to Main

"WFuzz" is a web application security fuzzer tool and library for Python. A payload in "Wfuzz" is a source of data.
This simple concept allows any input to be injected in any field of an HTTP request, allowing to perform complex web security attacks in different web application components such as: parameters, authentication, forms, directories/files, headers, etc.
sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers.
It comes with a powerful detection engine, many niche features for the ultimate penetration tester and a broad range of switches lasting from database fingerprinting, over data fetching from the database, to accessing the underlying file system and executing commands on the operating system via out-of-band connections.
testssl.sh is a free command line tool which checks a server's service on any port for the support of TLS/SSL ciphers, protocols as well as some cryptographic flaws.WPScan is a free, for non-commercial use, black box WordPress vulnerability scanner written for security professionals and blog maintainers to test the security of their sites.
WFuzz https://github.com/xmendez/wfuzz
sqlmap https://github.com/sqlmapproject/sqlmap
testssl.sh https://github.com/drwetter/testssl.sh
WPScan https://github.com/wpscanteam/wpscan