Tool of the day

XCTR is an all in one tools for Information Gathering which can admin panel,page viewer,cms,reverse IP,dork finder,prxoy viewer.

XSpear is XSS Scanner tool which is written in ruby gems. It can be useful for detecting the XSS vulnerability with different level of payloads.

Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items.

XForwardy is a Host Header Injection scanning tool which can detect misconfigurations , where Host Header Injections are potentially possible.

Altair is a Python based tool that does not require any specific packages to be installed as a pre-requisite. The SQLMAP and Lfier tools must be available on the disposal of the tool.

SSHScan is a testing tool that enumerates SSH Ciphers and by using SSHScan, weak ciphers can be easily detected.

The Yuki Chan is an Automated Penetration Testing tool this tool will auditing all standard security test method for you.

MARA is a Mobile Application Reverse engineering and Analysis Framework. It is a tool that puts together commonly used mobile application reverse engineering and analysis tools.

The tool aims at automating the identification of potential services running behind ports identified manually either through manual scan or services running locally.

RiskInDroid (Risk Index for Android) is a quantitative risk analysis tool for Android applications written in Java and Python.

 multiple domain scanning with SQL injection dork by Bing, Google, or Yahoo .

Skipfish is a powerful reconnaissance tool that has the ability to carry out security checks on web-based applications.

ClassyShark is a standalone binary inspection tool for Android developers/testers.

Detective helps to find Sensitive information, files and directories that are not supposed to see.

--xss  : Scan Site if vulnerable [Xss] url must be between double citation --sql  : Scan Site if vulnerable [Sql] url must be between double citation

Spaghetti is an Open Source web application scanner, it is designed to find various default and insecure files...

Wfuzz is a command line tool written in python. It is used to discover common vulnerabilities in web applications through the method of fuzzing.

LFISuite, an open source local file inclusion scanner and exploiter that is coded in Python. It supports multiple attack points and also has TOR proxy support.

A plugin-based scanner that aids security researchers in identifying issues with several CMS.

BlackWidow is a python based web application spider to gather subdomains, URL's, dynamic parameters, email addresses and phone numbers from a target website.

OneForAll is a powerful chinese subdomain and dns enumeration tool.When considering about subdomain enumeration, amass might be your first and preferable...