Here is the list of Web pentesting tools that help you a lot in your Web pentesting career. Following are the links of pen-testing tools to GitHub
All these mentioned tools links are available on Github.
JOOMLA SCAN:
Following is the link to Joomla Scan pretesting tool which is available on GitHub.
–= https://github.com/drego85/JoomlaScan
[TOOLS] WEBPENTEST LIST v5
π― SN1PER – AUTOMATED PENTEST RECON SCANNER π―
–= https://github.com/1N3/Sn1per
π SUBLIST3R – DNS SCAN π
–= https://github.com/aboul3la/Sublist3r
π PENTEST TOOL – CTF-TOOLS π
–= https://github.com/MrMugiwara/CTF-Tools
π A PRIVACY-RESPECTING, HACKABLE METASEARCH ENGINE π
–= https://github.com/asciimoo/searx
π CMSMAP SCANNER CMS AUTMOMATIC π
–= https://github.com/Dionach/CMSmap
π΅οΈ D-TECT – PENTESTING THE MODERN WEB π΅οΈ
–= https://github.com/shawarkhanethicalhacker/D-TECT-1
π JSQL INJECTION V0.77 – JAVA APPLICATION FOR AUTOMATIC SQL DATABASE INJECTION π
–= https://github.com/ron190/jsql-injection
βοΈ WAFNINJA – PENETRATION TESTERS FAVORITE FOR WAF BYPASSING βοΈ
–= https://github.com/khalilbijjou/WAFNinja
π WHITEWIDOW 1.5.0 – SQL VULNERABILITY SCANNER π
–= https://github.com/Ekultek/whitewidow
π₯ GOOGLE EXPLORER – GOOGLE MASS EXPLORER π₯
–= https://github.com/anarcoder/google_explorer
π WORDPRESS MASS EXPLOITER π
–= https://github.com/anarcoder/WordPressMassExploiter
βοΈ JOOMLA MASS EXPLOITER βοΈ
–= https://github.com/anarcoder/JoomlaMassExploiter
β¨οΈ BBQSQL – A BLIND SQL INJECTION EXPLOITATION TOOL β¨οΈ
–= https://github.com/Neohapsis/bbqsql
βοΈ VBSCAN 0.1.7.1 – BLACK BOX VBULLETIN VULNERABILITY SCANNER βοΈ
–= https://github.com/rezasp/vbscan/
π² DRACNMAP – PENTEST EXPLOIT NETWORK AND GATHERING INFORMATION WITH NMAP π²
–= https://github.com/screetsec/Dracnmap
π£ QRLJACKER – QRLJACKING EXPLOITATION FRAMEWORK π£
–= https://github.com/OWASP/QRLJacking/tree/master/QrlJacking-Framework
π§ ONIOFF – ONION URL INSPECTOR π§
–= https://github.com/k4m4/onioff
β¬οΈ BLACKBOX – A PENETRATION TESTING FRAMEWORK β¬οΈ
–= https://github.com/sepehrdaddev/blackbox
π BRUTEFORCE LISTS π
–= https://github.com/random-robbie/bruteforce-lists
πΉ DRUPAL ENUMERATION & EXPLOITATION TOOL πΉ
–= https://github.com/random-robbie/drupwn
π΄ DIRSEARCH WEB PATH SCANNER π΄
–= https://github.com/maurosoria/dirsearch
π€ PHP UNIT BRUTE π€
–= https://github.com/random-robbie/phpunit-brute
βοΈ MINI PHP SHELLS βοΈ
–= https://github.com/random-robbie/mini-php-shells
βοΈ AUTO RECON INFORMATION GATHERING TOOL βοΈ
–= https://github.com/random-robbie/AutoRecon
π§ WORDPRESS SMTP PLUGIN EXPLOIT π§
–= https://github.com/KTN1990/WordPress-Easy-WP-SMTP-plugin-0day
πΈ PHOTON WEB CRAWLER (OSINT) πΈ
–= https://github.com/s0md3v/Photon
βΆοΈ ACID REVERSE IP LOOKUP βοΈ
–= https://github.com/KTN1990/ACIDREVERSER
π¨ EMAIL LIST GRABBER V2 π¨
–= https://github.com/KTN1990/Email-Grabber
πJOOMLA COM_XCLONER UPLOAD SHELL π
–= https://github.com/KTN1990/joomla-com_xcloner-upload_shell
βοΈ CLOUD MANAGE SYSTEM(CMS) DETECTOR (PERL)βοΈ
–= https://github.com/KTN1990/CMS-FAST-CHECKR
π¬ POSTGRESQL DEFAULT PASSWORD AUTO EXPLOITER π¬
–= https://github.com/KTN1990/PostgreSQL–Attack-on-default-password-AUTOEXPLOITING-
π BREACHER – MULTITHREAD ADMIN PANEL FINDER π
–= https://github.com/s0md3v/Breacher
𧲠SHIVA – WORDPRESS DOS EXPLOIT TOOL π§²
–= https://github.com/s0md3v/Shiva
β PROXIFY MODULE FOR DUMP PROXIES β
–= https://github.com/s0md3v/proxify
π XSS FINDER (REFLECTED XSS) π
–= https://github.com/random-robbie/xssfinder
πΊMASSIVE | MIXED EXPLOIT TOOLS πΊ
–= https://github.com/XiphosResearch/exploits
π½ WORDPRESS USER ENUMERATION TOOL π½
–= https://github.com/XiphosResearch/wp-user-enum-scripts
π₯ WORDPRESS EXPLOITATION FRAMEWORK π₯
–= https://github.com/rastating/wordpress-exploit-framework
π‘ DEFACE WORDPRESS PAGE π‘
–= https://github.com/Bayz21/WP-3u3
β WORDPRESS PLUGIN “WP CHECKOUT” MASS EXPLOIT β
–= https://github.com/2inf3rnal/wp-checkout-exploit
π WP CONTENT INJECTION MASS EXPLOIT TOOL π
–= https://github.com/dr-iman/wp-content-injection-mass-exploit
π M3M0 PENETRATION TESTING TOOL (WORDPRESS, JOOMLA, DRUPAL) π
–= https://github.com/mrwn007/M3M0.git
π DRUPAL HUNTER EXPLOITATION TOOL π
–= https://github.com/dr-iman/Drupal-Hunter
β° CMS DETECTOR v2 (WP, DUPAL, JOOMLA) β°
–= https://github.com/dr-iman/cms-detector
π§ WORDPRESS DETECTOR (VULN DORKER) π§
–= https://github.com/dr-iman/Wordpress-detector
π PACKET STORM EXPLOIT LIST π
–= https://github.com/BuddhaLabs/PacketStorm-Exploits
βοΈ PHP SHELLS [LIST] βοΈ
–= https://github.com/backdoorhub/shell-backdoor-list/tree/master/shell/php
π PHP FILE MANAGER π
–= https://github.com/alexantr/filemanager
π OPENCART BRUTEFORCE AND IMAGE UPLOAD π
–= https://github.com/indoxploit-coders/opencart-bruteforce
πΈ WEBSHELLS v2 πΈ
–= https://github.com/phpshellxyz/webshell
π MIXED TOOLS (Cpanel Brute, ShellFinder, Symlink Shell, DDoSer) π
–= https://github.com/incredibleindishell/PHP-web-shells
βοΈ WHMCS KILLER V4 SHELL(Server Root, Domain Resellers, Client Root, CC, Pass, Accs) βοΈ
–= https://github.com/iamhex/WHMCS-Killer-v4
π₯ͺ Amazon AWS S3 Bucket Enumeration π₯ͺ
–= https://github.com/0xSearches/sandcastle/
π§ Amazon SMTP Credential Checker π§
–= https://github.com/noolep/AWCREC
π Twilio Mass Checker π
–= https://github.com/noolep/Twilio_Check
𧧠Laravel .env Database Exploit π§§
–= https://github.com/security007/laravelExploit
π« 007 Scanner(Grabber, Admin finder and more) π«
–= https://github.com/security007/007scanner
π₯ Laravel Config Exploit π₯
–= https://github.com/anhaxteam/laravel-config-exploit
βοΈ Laravel PHP Unit RCE and Env Exploiter βοΈ
–= https://github.com/vsec7/Laravel-PhpUnit-Rce-And-Get-Env-Exploiter
0οΈβ£ Zerobyte’s Laravel Exploiter 0οΈβ£
–= https://github.com/zerobyte-id-bak/LaravelENV
πΆ DarkSplitz Exploit Framework πΆ
–= https://github.com/koboi137/darksplitz
π NetAss2 – Network Assessment Assistance Framework π
–= https://github.com/zerobyte-id-bak/NetAss2
π Bashter – Web Scanner & Analyzer π
–= https://github.com/zerobyte-id-bak/Bashter
π₯‘ Domain Take Over Finder π₯‘
–= https://github.com/zerobyte-id-bak/FinderDomainTakeOver
π Sudomy – Subdomain Enumeration & Analysis π
–= https://github.com/Screetsec/Sudomy
π WordPress Auto Upload Shell in Plugin π
–= https://github.com/AnonRoz-Team/wp_auto_upshell
πΌDomain to IP [FAST] πΌ
–= https://github.com/rebl0x3r/domain2ip
𧲠attacker – Website Vulnerability Scanner & Auto Exploiter π§²
–= https://github.com/moham3driahi/xattacker
π SQLI, LFI, XSS and RCE Darker & Auto Exploiter π
–= https://github.com/xpr1m3/sqli-lfi-xss-rce-dorker-and-auto-exploiter-python-
π¦ Drupal Hunter π¦
–= https://github.com/dr-iman/drupal-hunter
π₯ WordPress Exploits (Stored XSS, XML-RPC DDoS, Add Admin, RSS, log in) π₯
–= https://github.com/shadowz3n/wpexploit
βοΈ Revslider Auto Exploiter βοΈ
–= https://github.com/kyo1337/revsliderautoexploiter
πΈ WebDav Mass Exploiter πΈ
–= https://github.com/kyo1337/Webdav-Mass-Exploiter
π§ IP Mass Grabber [.exe] π§
–= https://github.com/kyo1337/Mass-IP-Grabbing
π Shell Finder [ Dictionary Attack + Wordlist ]π
–= https://github.com/kyo1337/Shell-Finder
π CMS Detector + Vulnerability Finder (Exploit DB) π
–= https://github.com/ptonewreckin/cmsdetector
π¦Ύ Advanced CMS Detector (Slow but Exact) π¦Ύ
–= https://github.com/redhathackers/cms-detector
π₯ RDP Cracker [ BASH + Wordlists ] π₯
–= https://github.com/exploit-inters/crackrdp
βοΈ TIDoS – The Offensive Manual Web Application Penetration Testing Framework βοΈ
–= https://github.com/exploit-inters/TIDoS-Framework
β‘οΈ CMS Detector v3 – Fast & Multi Threadsβ‘οΈ