UWNZ
Follow
Pentest Web
SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, seβ¦
List of regex for scraping secret API keys and juicy information.
A fast, simple, recursive content discovery tool written in Rust.
Directory/File, DNS and VHost busting tool written in Go
A simple multi-threaded distributed SSH brute-forcing tool written in Python
Automated All-in-One OS Command Injection Exploitation Tool
Automatic SQL injection and database takeover tool
An advanced cross-platform tool that automates the process of detecting and exploiting SQL injection security flaws
ππ¦ Dalfox is a powerful open-source XSS scanner and utility focused on automation.
π± Powerfull XSS Scanning and Parameter analysis tool&gem
Server-Side Template Injection and Code Injection Detection and Exploitation Tool
An automated SSRF finder. Just give the domain name and your server and chill! ;) Also has options to find XSS and open redirects
A fully automated, accurate, and extensive scanner for finding log4j RCE CVE-2021-44228
A fully automated, reliable, and accurate scanner for finding Spring4Shell and Spring Cloud RCE vulnerabilities
Automatic SSTI detection tool with interactive interface
A fast tool to scan CRLF vulnerability written in Go
Totally Automatic LFI Exploiter (+ Reverse Shell) and Scanner
π« Advanced tool for security researchers to bypass 403/40X restrictions through smart techniques and adaptive request manipulation. Fast. Precise. Effective.
40X/HTTP bypasser in Go. Features: Verb tampering, headers, #bugbountytips, User-Agents, extensions, default credentials...
π A toolkit for testing, tweaking and cracking JSON Web Tokens
GraphQLmap is a scripting engine to interact with a graphql endpoint for pentesting purposes. - Do not use for illegal testing ;)