Web漏洞利用框架
阿新 • • 發佈:2021-12-17
- BlindElephant- Web application fingerprinter.
- Browser Exploitation Framework (BeEF)- Command and control server for delivering exploits to commandeered Web browsers.
- Burp Suite- Integrated platform for performing security testing of web applications.
- Commix- Automated all-in-one operating system command injection and exploitation tool.
- DVCS Ripper- Rip web accessible (distributed) version control systems: SVN/GIT/HG/BZR.
- EyeWitness- Tool to take screenshots of websites, provide some server header info, and identify default credentials if possible.
- Fiddler- Free cross-platform web debugging proxy with user-friendly companion tools.
- FuzzDB
- GitTools- Automatically find and download Web-accessible
.git
repositories. - Kadabra- Automatic LFI exploiter and scanner.
- Kadimus- LFI scan and exploit tool.
- NoSQLmap- Automatic NoSQL injection and database takeover tool.
- OWASP Zed Attack Proxy (ZAP)- Feature-rich, scriptable HTTP intercepting proxy and fuzzer for penetration testing web applications.
- Offensive Web Testing Framework (OWTF)- Python-based framework for pentesting Web applications based on the OWASP Testing Guide.
- Raccoon- High performance offensive security tool for reconnaissance and vulnerability scanning.
- SQLmap- Automatic SQL injection and database takeover tool.
- VHostScan- Virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, aliases and dynamic default pages.
- WPSploit- Exploit WordPress-powered websites with Metasploit.
- Wappalyzer- Wappalyzer uncovers the technologies used on websites.
- WhatWaf- Detect and bypass web application firewalls and protection systems.
- WhatWeb- Website fingerprinter.
- Wordpress Exploit Framework- Ruby framework for developing and using modules which aid in the penetration testing of WordPress powered websites and systems.
- autochrome- Easy to install a test browser with all the appropriate setting needed for web application testing with native Burp support, from NCCGroup.
- badtouch- Scriptable network authentication cracker.
- fimap- Find, prepare, audit, exploit and even Google automatically for LFI/RFI bugs.
- liffy- LFI exploitation tool.
- recursebuster- Content discovery tool to perform directory and file bruteforcing.
- sslstrip2- SSLStrip version to defeat HSTS.
- sslstrip- Demonstration of the HTTPS stripping attacks.
- tplmap- Automatic server-side template injection and Web server takeover tool.
- wafw00f- Identifies and fingerprints Web Application Firewall (WAF) products.
- webscreenshot- Simple script to take screenshots of websites from a list of sites.
- weevely3- Weaponized PHP-based web shell.