Tool of the day

RVuln:-- A multi-threaded-vulnerability-scanner written in Rust. Automated #Web Vulnerability Scanner.

--xss  : Scan Site if vulnerable [Xss] url must be between double citation --sql  : Scan Site if vulnerable [Sql] url must be between double citation

Dex2Jar is an instrument whose primary point is to convert .dex files into jar and smali files. The Dex2jar is mainly used for reverse engineering Android applications.

Spaghetti is an Open Source web application scanner, it is designed to find various default and insecure files...

Insider tool is secure code reviewer, which exclusively focused on covering the OWASP Top 10, to make source code analysis to find vulnerabilities right in the source code.

Wfuzz is a command line tool written in python. It is used to discover common vulnerabilities in web applications through the method of fuzzing.

Weevely is a web shell designed for post-exploitation purposes that can be extended over the network at runtime.Upload weevely PHP agent to a target web server to get

Dirsearch is Tool that performs bruteforce attack of sensitive directories and files that are found on the websites.

LFISuite, an open source local file inclusion scanner and exploiter that is coded in Python. It supports multiple attack points and also has TOR proxy support.

A plugin-based scanner that aids security researchers in identifying issues with several CMS.

BlackWidow is a python based web application spider to gather subdomains, URL's, dynamic parameters, email addresses and phone numbers from a target website.

SecretFinder is a python script to discover sensitive data like api keys, access token, authorizations, jwt,..etc in JavaScript(JS) files. It verifies the files with large regular expression.

OneForAll is a powerful chinese subdomain and dns enumeration tool.When considering about subdomain enumeration, amass might be your first and preferable...

Filebuster is a HTTP fuzzer / content discovery script with loads of features and built to be easy to use and fast! It uses one of the fastest HTTP classes in the world...

Shcheck detects which security headers are enabled on certain websites. It just check headers and print a report about which are enabled and which not.

Infosploit is an Information Gathering Tool that can be used during a penetration test, OSINT  to enumerate Information about...

Complete Automated pentest framework for Servers, Application Layer to Web Security. Tishna is Web Server Security Penetration

Pompem is an open source tool, designed to automate the search for Exploits and Vulnerability in the most important databases.

JD-GUI is a standalone graphical utility that displays Java source codes of “.class” files. You can browse the reconstructed source code with the JD-GUI for instant access...

The OSINT project, the main idea of which is to collect all the possible Google dorks search combinations and to find the information about the specific web-site:

A complete versatile framework to cover up everything from Reconnaissance...