Tool of the Day

xsssniper is an handy xss discovery tool with mass scanning functionalities. 

GoSpider is a Fast web spider written in Go. It has lot of features to find the subdomains, JS files, AWS details, etc. 

Parth is a Heuristic Vulnerable Parameter Scanner. Some HTTP parameter names are commonly associated with one functionality.

FinalRecon is a fast and simple python script for web reconnaissance. It follows a modular structure so in future new modules can be added with ease.

Uniscan is a simple Remote File Include, Local File Include and Remote Command Execution vulnerability scanner.

karen is tools for web application vulnerability scanner build in python3

A bash script to bypass "403 Forbidden" responses with well-known methods discussed in #bugbountytips

Web Application Vulnerability Scanners are automated tools that scan web applications.

WhatWaf is an advanced firewall detection tool which works by detecting a firewall on a web application.

A pentesting tool designed to assist with finding all sinks and sources of a web application

ParamSpider a parameter discovery suite. It finds parameters from web archives of the entered domain

Network Spoofing is a simple website hacking tool which can scan a website and can also perform attack using this tool.

Scilla is a information gathering tool (DNS/Subdomain/Port Enumeration).

Raccoon is a tool made for reconnaissance and information gathering with an emphasis on simplicity

Skull Generate a bunch of malicious pdf files with phone-home functionality.

Cross Site "Scripter" (aka XSSer) is an automatic -framework- to detect

Vulmap Online Local Vulnerability Scanners Project

CMS Detection and Exploitation suite - Scan WordPress, Joomla

It performs XSS, SQL Injection, Crawling, Hash Type finding