Scanners

airixss

Finding XSS during recon

Scanners

alterx

Fast and customizable vulnerability scanner based on simple YAML based DSL.

Scanners

bomber

Scans SBoMs for security vulnerabilities

Scanners

broken-link-checker

Find broken links, missing images, etc within your HTML.

Scanners

chopchop

ChopChop is a command-line tool for dynamic application security testing on web applications, initially written by the Michelin CERT.Its goal is to scan several endpoints and identify exposition of services/files/folders through the webroot. Checks/Signatures are declared in a config file (by default: chopchop.yml), fully configurable, and especially by developers.

Scanners

cmseek

CMSeeK is content management system(CMS) is detection & exploitation suite

Scanners

jaeles

The Swiss Army knife for automated Web Application Testing

Scanners

joomscan

OWASP Joomla! Vulnerability Scanner (JoomScan) is an open source project, developed with the aim of automating the task of vulnerability detection and reliability assurance in Joomla CMS deployments. Implemented in Perl, this tool enables seamless and effortless scanning of Joomla installations, while leaving a minimal footprint with its lightweight and modular architecture. It not only detects known offensive vulnerabilities, but also is able to detect many misconfigurations and admin-level shortcomings that can be exploited by adversaries to compromise the system. Furthermore, OWASP JoomScan provides a user-friendly interface and compiles the final reports in both text and HTML formats for ease of use and minimization of reporting overheads.

Scanners

nikto

Nikto is web server scanner which performs comprehensive tests against web servers for multiple items, including over 6700 potentially dangerous files/programs, checks for outdated versions of over 1250 servers, and version specific problems on over 270 servers.

Scanners

nikto-list

A wrapper around nikto with support for multiple targets. Nikto is web server scanner which performs comprehensive tests against web servers for multiple items, including over 6700 potentially dangerous files/programs, checks for outdated versions of over 1250 servers, and version specific problems on over 270 servers.

Scanners

nuclei

Fast and customizable vulnerability scanner based on simple YAML based DSL.

Scanners

nuclei-markdown

Run a Nuclei scan and export the results in markdown format. Nuclei is a fast and customizable vulnerability scanner based on simple YAML based DSL.

Scanners

patator

Patator is a multi-purpose brute-forcer, with a modular design and a flexible usage

Scanners

socialhunter

Crawls the website and finds broken social media links that can be hijacked

Scanners

sslyze

Fast and powerful SSL/TLS scanner

Scanners

twa

A tiny web auditor with strong opinions.

Scanners

twa-loop

A tiny web auditor with strong opinions.

Scanners

wafw00f

WAFW00F allows one to identify and fingerprint Web Application Firewall (WAF) products protecting a website.

Scanners

wapiti

Web vulnerability scanner written in Python3

Scanners

wascan

WAScan ((W)eb (A)pplication (Scan)ner) is a Open Source web application security scanner. It is designed to find various vulnerabilities using black-box method, that means it won't study the source code of web applications but will work like a fuzzer, scanning the pages of the deployed web application, extracting links and forms and attacking the scripts, sending payloads and looking for error messages,..etc.

Scanners

wpscan

WordPress security scanner. Written for security professionals and blog maintainers to test the security of their WordPress websites.

Scanners

wpscan-loop

WordPress security scanner. Written for security professionals and blog maintainers to test the security of their WordPress websites.

Scanners

zap-api-scan

Run a full scan against an API defined by OpenAPI/Swagger, SOAP or GraphQL using ZAP

Scanners

zap-automation-framework

Run ZAP via a single YAML file

Scanners

zap-full-scan

Run a full scan against a target URL using ZAP

ToolsWorkflows