Skip to content

Latest commit

 

History

History
66 lines (34 loc) · 3.47 KB

web-app.md

File metadata and controls

66 lines (34 loc) · 3.47 KB
Raw
title description
Web Applications
Break that web application.

CORS

  • Corsy - CORS Misconfiguration Scanner. last-commit

Cross-Site Scripting

  • XSS'OR - XSS'OR - Hack with JavaScript. last-commit
  • XSStrike - Most advanced XSS scanner. last-commit

CRLF

  • CRLFSuite - The most powerful CRLF injection (HTTP Response Splitting) scanner. last-commit

CSRF

  • Bolt - CSRF Scanner. last-commit

Databases

  • sql-map - Automatic SQL injection and database takeover tool. last-commit

Directory Traversal

  • dotdotpwn - The Directory Traversal Fuzzer last-commit
  • slipit - Utility for creating ZipSlip archives. last-commit

Frameworks

  • Commix - Automated All-in-One OS Command Injection Exploitation Tool. last-commit
  • TIDoS - HTTP Request Smuggling Detection Tool. last-commit
  • tplmap - Server-Side Template Injection and Code Injection Detection and Exploit Tool. last-commit

Headers

  • Security Headers - Tool designed to help you better deploy and understand modern security features that are available for your website.

Protocols

SSL/TLS

  • TLS-Scanner - Assists in the evaluation of TLS Server configurations. last-commit

LFI

  • LFISuite - Automated scan and exploitation of Local File Inclusion. last-commit
  • LFIFreak - Local File Inclusion automation tool for PHP. last-commit
  • Liffy - Local File Inclusion automation tool for PHP. last-commit