251 tools indexed

🕸

Web Scanning

22 tools indexed

Web application scanning tools for directory brute-forcing, technology fingerprinting, vulnerability detection, and crawling. These scanners probe web applications for common misconfigurations, exposed files, known CVEs, and injection points that could lead to compromise.

httpx

Fast multi-purpose HTTP toolkit. Probes for running HTTP servers with retries and fallbacks.

http-probetech-detectionprojectdiscovery

Nikto

Classic web server scanner. Tests for dangerous files, outdated server software, and version-specific problems.

web-serverclassiccgi-scan

10.2k1.4k17d ago

Gobuster

Directory/file, DNS, and vhost busting tool. Brute-forces URIs, DNS subdomains, virtual host names, and S3 buckets.

directory-brutedns-brutevhosts3

13.6k1.6k10d ago

Feroxbuster

Fast, recursive content discovery tool written in Rust. Like gobuster on steroids with auto-recursion.

directory-bruterecursiverustfast

Burp Suite Community

Web vulnerability scanner and proxy. Intercept, modify, and replay HTTP/S traffic for web app testing.

proxyweb-appinterceptorscanner

ffuf

Fast web fuzzer written in Go. Fuzz anything — URLs, headers, POST data — with blazing speed.

fuzzingdirectory-brutefastflexible

15.9k1.5k11mo ago

Katana

Next-gen crawling and spidering framework. Headless browser and standard mode with automatic form fill.

crawlerspiderheadlessprojectdiscovery

16.4k1.1k2d ago

waybackurls

Fetch all URLs that the Wayback Machine knows about for a domain. Gold mine for hidden endpoints.

wayback-machineurl-discoveryarchivetomnomnom

gau

Get All URLs. Fetches known URLs from AlienVault OTX, Wayback Machine, Common Crawl, and URLScan.

url-discoverypassivemulti-source

Arjun

HTTP parameter discovery suite. Finds hidden query parameters in web applications using smart heuristics.

parameter-discoveryhidden-paramsfuzzing

Wfuzz

Web application fuzzer. Brute force parameters, directories, headers, and authentication credentials.

fuzzingbrute-forceweb-appflexible

6.5k1.4k2mo ago

WhatWeb

Web technology fingerprinter. Identifies CMS, frameworks, JS libraries, servers, and analytics from HTTP responses.

fingerprinttech-detectioncmsframework

ParamSpider

Mine parameters from web archives for any domain to find hidden attack surfaces.

parametersweb-archiveattack-surfacerecon

GoSpider

Fast web spider written in Go for crawling and collecting URLs, subdomains, and endpoints.

crawlerspiderurl-collectionendpoints

Hakrawler

Simple Go web crawler for quick discovery of endpoints and assets within a web application.

crawlerendpointsdiscoveryweb-app

LinkFinder

Python script to discover endpoints and their parameters in JavaScript files.

javascriptendpointsparametersapi-discovery

SecretFinder

Discover sensitive data like API keys, tokens, and credentials in JavaScript files.

secretsapi-keysjavascriptcredentials

JSFScan

Automation framework combining multiple JS analysis tools for comprehensive JavaScript recon.

javascriptautomationreconendpoints

dirsearch

Mature web path discovery tool with recursive scanning, wordlist-based bruteforcing, and extensive extension support.

directory-bruteforcepath-discoveryweb-scannerenumeration

14.1k2.4k20d ago

meg

Fetch many paths for many hosts concurrently without overloading servers — ideal for large-scale recon on bug bounties.

mass-fetchbug-bountyconcurrentpath-probing

Caido

Lightweight and modern web security testing toolkit built in Rust, designed as a fast alternative to Burp Suite.

web-proxyinterceptorsecurity-testingburp-alternative

SilverBullet

Multi-purpose automation suite for web testing with configurable request sequences, scraping, and credential testing.

automationcredential-testingweb-testingconfig-based

Related Categories

Network Recon

21 tools

Subdomain Enumeration

13 tools

Vulnerability Scanning

12 tools

Exploitation

15 tools