Web Application Tools

Web Application Tools

ToolsDescription
apache-usersIt enumerates usernames on systems with the Apache UserDir module.
ArachniIt is used by the penetration testers and administrators to evaluate the security of web applications.
BlindElephantIt is a generic web application finger-printer.
Burp SuiteIt is a platform for security testing f web applications.
CutyCaptIt is a utility to capture WebKit's rendering of a web page.
DAVTestIt is a testing tool for WebDAV servers that test servers by uploading test executable files.
DeblazeIt is a tool to perform testing against flash remoting endpoint.
DIRBIt is a web content scanner to check for existing web objects.
DirBusterIt is a web server directory brute-forcer.
FitmapIt is used to find, prepare, audit, exploit, and even google automatically for local and remote file inclusion bugs in webapps.
FunkLoadIt is a functional and load web tester that launches a TCPWatch proxy and record activities over the network.
GobusterIt is a tool for brute-force URIs and DNS subdomains.
GrabberIt is a web application scanner that scans for vulnerabilities in the application.
hURLIt is a hexadecimal and URL encoder and decoder.
joomscanIt is a vulnerability scanner project to detect Joomla CMS vulnerabilities and analyse them.
jSQL InjectionThis tool is used to find the database information.
NiktoIt is an open source web server scanner used to run the comprehensive test against web servers for multiple items that includes a huge number of potentially dangerous files, run checks for outdated version over thousands of servers and also version specific problems
PadBusterIt automates the padding of Oracle attacks and has the ability to decrypt arbitrary cipher text, encrypt the arbitrary plaintext, and perform automated response analysis.
ParsoIt is a web application proxy for accessing web application vulnerabilities.
ParseroIt is used to read the Robots.txt files of a web server and look at the banned entries. These entries tell the search engines what directories or files hosted on a web server mustn't be indexed.
PlecostIt is a tool to search and retrieve information about the plugins versions installed in WordPress systems.
PowerfuzzerIt is an automatic web fuzzer used for Cross Site Scripting.
proxyStrikeIt is an active web application proxy tool designed to find vulnerabilities while browsing an application.
Recon-ngIt is a fully loaded web survey framework in which open source web-based reconnaissance can be conducted quickly and thoroughly.
SkipfishIt is a full automated and active web application security survey tool.
Ua-testerIt automatically checks a given URL using a list of standard and non-standard User Agent strings provided by the user.
UniscanIt is a Remote File Include (RFI), Local file Include (LFI) and Remote Command Execution (RCE) vulnerability scanner.
WebScarabIt is a web application review tool
WebshagIt is a Multi-threaded web server audit tool that gathers commonly useful functionalities for web server auditing like website crawling, URL scanning, or file fuzzing.
webSlayerIt brute-force web applications and can be used for finding resources that are not linked.
webSploitIt is used for Social Engineering Works, Scan, Crawl and Analysis web, etc
WhatWebIt recognises web technologies, including CMS of a website, blogging platform, web servers, etc. It also identifies version numbers, email addresses and more.
WPScanIt is a WordPress vulnerability scanner that can be used to scan remote WordPress installations.
XSSerIt is a framework to detect, exploit ad report XSS vulnerability in web-based applications.
zaproxyIt is a penetration testing tool for finding vulnerabilities in web applications.





Latest Courses