Some useful web pen-testing tools
Hey amazing hackers,
welcome back to my blog-post.
Today I am going to be explaining and sharing some useful web scanners for hackers:) however before that I want to explain briefly what web application recon is and what it does, thus lets dive into it.
Web Application Scanning
Web application scanners provide an automated way of discovering vulnerabilities in the application similar to Nessus finding web server misconfiguration and missing patches. Most web application scanners help us to finding such issues and that makes easier for us to being able to update and patch that version furthermore, most web application scanners sit between a browser and the web application just like web proxy and are part of larger like burp-suite and OWASP zap. If you are not familiar with these tools go and learn the methodology and analyze the tool. For now it is enough at least you have now some knowledge how such scanners analyze the web application. Now I am going to drop some useful github links whereby you will clone that in /opt directory and more importantly, read the instruction carefully, which you can use by analyzing misconfiguration and gaining reverse shell If you are able to find the hole:)
Web Pentesting Tools:
👩💻WordPress admin finder
🔗 Link : https://github.com/kancotdiq/wpaf
👩💻 Smb scanner tool
🔗 Link : https://github.com/TechnicalMujeeb/smb-scanner
👩💻Heart Bleed scanner
🔗 Link : https://github.com/TechnicalMujeeb/HeartBleed
👩💻weevely php web shell
🔗 Link : https://github.com/sunge/Weevely
👩💻Webponized web shell
🔗 Link : https://github.com/epinna/weevely3
👩💻Nikto web scanner tool
🔗 Link : https://github.com/sullo/nikto
👩💻 Auto Ip or domain Attacking Tool
🔗 Link : https://github.com/Bhai4You/Ip-Attack
👩💻 Click jacking vulnerability scanner
🔗 Link : https://github.com/D4Vinci/Clickjacking-Tester
👩💻All in 1 information gathering and web penetration tool DTect
🔗 Link : https://github.com/Audi0x01/D-TECT-1
👩💻Detect phishing URL
🔗 Link : https://github.com/UndeadSec/checkURL
👩💻Dos attack tool — Golden eye
🔗 Link : https://github.com/jseidl/GoldenEye
👩💻 Dos attack with hulk
🔗 Link : https://github.com/grafov/hulk
👩💻Sql vulnerability scanner
🔗 Link : https://github.com/Pure-L0G1C/SQL-scanner
👩💻hack website with sqlmap
🔗 Link : https://github.com/sqlmapproject/sqlmap
👩💻information and vulnerability scanner with striker
🔗 Link : https://github.com/s0md3v/Striker
👩💻web server attacking tool with dost
🔗 Link : https://github.com/verluchie/dost-attack
👩💻 advanced multithreaded admin panel finder
🔗 Link : https://github.com/s0md3v/Breacher
👩💻Ssl vulnerability scanner
🔗 Link : https://github.com/PortSwigger/ssl-scanner
👩💻sublister — Subdomain enumeration
🔗 Link : https://github.com/aboul3la/Sublist3r
👩💻WordPress vulnerability scanner and attacker
🔗 Link : https://github.com/wpscanteam/wpscan
👩💻Hunner scanner framework
🔗 Link : https://github.com/b3-v3r/Hunner
👩💻Red hawk all in 1 information gathering and scanning tool
🔗 Link : https://github.com/Tuhinshubhra/RED_HAWK
👩💻Dos attack tool with Xerxes
🔗 Link : https://github.com/sepehrdaddev/Xerxes
👩💻weeman phishing tool no root
🔗 Link : https://github.com/evait-security/weeman
Do not like be a script kiddie do you own research and create your own tool, whick makes you happy and a superior hacker. I know this was a short blog but I reckon it does not matter ı guess:)) its my favor to sharing and investing myself into this sophisticated journey. Please stay bare with me, awesome hacking tools and techniques will be shared just trust me:))
Ahmet Göker | DDOS lover | CTF player | Content Creator | redteam | technophile|
linkedin : https://linkedin.com/in/ahmetgöker
Youtube: https://youtube.com/TurkishHoodie
telegram: stuXnet
twitter: https://twitter.com/TurkishHoodie_
