➖ TOOLS ➖
Web Vulnerability Scanners + Explanation + Links
• Netsparker Application Security Scanner — Application security scanner to automatically find security flaws.
Download: https://www.netsparker.com/get-demo/
• Nikto — Noisybut fast black box web server and web application vulnerability scanner.
Download: https://sectools.org/tool/nikto/
• Arachni — Scriptable framework for evaluating the security of web applications.
Download: https://www.arachni-scanner.com/download/
• w3af — Webapplication attack and audit framework.
Clone: https://github.com/andresriancho/w3af
Download: http://w3af.org/download
• Wapiti — Blackbox web application vulnerability scanner with built-in fuzzer.
Download: http://wapiti.sourceforge.net/
• SecApps — In-browserweb application security testing suite. (Firefox Extension)
• WPScan — Blackbox WordPress vulnerability scanner.
Download: https://wpscan.org/
• cms-explorer — Revealthe specific modules,plugins,components and themes that various websites powered by content management systems are running.
Clone it: https://github.com/FlorianHeigl/cms-explorer
• joomscan — Joomlavulnerability scanner.
Download: https://github.com/rezasp/joomscan
• ACSTIS — Automatedclient-side template injection (sandboxescape/bypass)detection for AngularJS.
no download found :(
• SQLmate — Afriend of sqlmap that identifies sqli vulnerabilities based on a given dork and website (optional).
Download: https://github.com/s0md3v/sqlmate
Web Vulnerability Scanners + Explanation + Links
• Netsparker Application Security Scanner — Application security scanner to automatically find security flaws.
Download: https://www.netsparker.com/get-demo/
• Nikto — Noisybut fast black box web server and web application vulnerability scanner.
Download: https://sectools.org/tool/nikto/
• Arachni — Scriptable framework for evaluating the security of web applications.
Download: https://www.arachni-scanner.com/download/
• w3af — Webapplication attack and audit framework.
Clone: https://github.com/andresriancho/w3af
Download: http://w3af.org/download
• Wapiti — Blackbox web application vulnerability scanner with built-in fuzzer.
Download: http://wapiti.sourceforge.net/
• SecApps — In-browserweb application security testing suite. (Firefox Extension)
• WPScan — Blackbox WordPress vulnerability scanner.
Download: https://wpscan.org/
• cms-explorer — Revealthe specific modules,plugins,components and themes that various websites powered by content management systems are running.
Clone it: https://github.com/FlorianHeigl/cms-explorer
• joomscan — Joomlavulnerability scanner.
Download: https://github.com/rezasp/joomscan
• ACSTIS — Automatedclient-side template injection (sandboxescape/bypass)detection for AngularJS.
no download found :(
• SQLmate — Afriend of sqlmap that identifies sqli vulnerabilities based on a given dork and website (optional).
Download: https://github.com/s0md3v/sqlmate