Tool of the day

It performs XSS, SQL Injection, Crawling, Hash Type finding

CMS Detection and Exploitation suite - Scan WordPress, Joomla

GraphQL is a query language for APIs and a runtime for fulfilling those queries

File Inclusion & Directory Traversal fuzzing

Vulmap Online Local Vulnerability Scanners Project

Domain name permutation engine for detecting homograph phishing attacks

Cross Site "Scripter" (aka XSSer) is an automatic -framework- to detect

Skull Generate a bunch of malicious pdf files with phone-home functionality.

Raccoon is a tool made for reconnaissance and information gathering with an emphasis on simplicity

Scilla is a information gathering tool (DNS/Subdomain/Port Enumeration).

Web Scanner - Exploitation - Information Gathering

Weevely is a web shell designed for post-exploitation purposes that can be extended over the network at runtime.Upload weevely PHP agent to a target web server to get

A complete versatile framework to cover up everything from Reconnaissance...

peepdf is a Python tool to explore PDF files in order to find out if the file can be harmful or not

Network Spoofing is a simple website hacking tool which can scan a website and can also perform attack using this tool.

ParamSpider a parameter discovery suite. It finds parameters from web archives of the entered domain

A pentesting tool designed to assist with finding all sinks and sources of a web application

SUDO_KILLER is a tool that can be used for privilege escalation on linux environment by abusing SUDO in several ways

Frida IPA/iOS dump is an instrument whose primary point is to download IPA files from an jailbroken device

Whatweb is a tool which tells what is the website. Whatweb can identify all sorts of information about a live website.

WhatWaf is an advanced firewall detection tool which works by detecting a firewall on a web application.