⚔️ Web Hacker's Weapons / A collection of cool tools used by Web hackers. Happy hacking , Happy bug-hunting
Last updated Jul 9, 2026
4.9k
Stars
823
Forks
2
Issues
+10
Stars/day
Attention Score
98
Topics
Language breakdown
No language data available.
▸ Files
click to expand
README
A collection of awesome tools used by Web hackers. Happy hacking , Happy bug-hunting!
Family project
Table of Contents
- Tools - Bookmarklets - Browser Addons - Burpsuite, Caido and ZAP AddonsWeapons
Attributes | | Attributes | |-------|---------------------------------------------------| | Types |Army-Knife Proxy Recon Fuzzer Scanner Exploit Env Utils Etc|
| Tags | mitmproxy live-audit crawl osint recon forensics social-engineering steganography pentest exploit infra http repeater asn network-mapping cloud asset-discovery subdomains dns apk url endpoint csp param ssl tls certificates attack-surface port favicon js-analysis takeover portscan domain online graphql wordlist permutation cache-vuln path-traversal prototypepollution prototype-pollution smuggle fuzz ssrf jwt crlf header ssti vulnerability-scanner dependency-scanning xss s3 container-security sbom broken-link cors sqli lfi rfi open-redirect nosqli oast web-scanner aaa dependency-confusion 403 secret-scanning credentials sast code-analysis aws security terraform xxe RMI rop authentication zipbomb cidr network ip-manipulation deserialize web3 gRPC-Web notify documents cookie note blind-xss encode payload darkmode nuclei-templates package-manager tools-management dom race-condition diff clipboard json browser-record report |
| Langs | Java Python Ruby Go Shell JavaScript Rust Kotlin Crystal C Perl C# TypeScript Txt HTML BlitzBasic CSS C++ PHP |
Tools
| Type | Name | Description | Star | Tags | Badges | | --- | --- | --- | --- | --- | --- | |Army-Knife|ZAP|The ZAP core project|mitmproxy live-audit crawl|



|
|Army-knife|Baudrillard Suite|Cross-platform security research toolkit with OSINT aggregation, memory forensics, social engineering tools, steganography, and predictive threat modeling.|osint recon forensics social-engineering steganography|


|
|Army-Knife|Metasploit|The world’s most used penetration testing framework|pentest|


|
|Army-Knife|BurpSuite|The BurpSuite Project||mitmproxy live-audit crawl|



|
|Army-knife|Ronin|Free and Open Source Ruby Toolkit for Security Research and Development||pentest crawl recon exploit|


|
|Army-Knife|jaeles|The Swiss Army knife for automated Web Application Testing |live-audit|


|
|Army-Knife|axiom|A dynamic infrastructure toolkit for red teamers and bug bounty hunters! |infra|


|
|Proxy|Glorp|A CLI-based HTTP intercept and replay proxy|mitmproxy|


|
|Proxy|Caido|A lightweight web security auditing toolkit||mitmproxy|



|
|Proxy|proxify|Swiss Army knife Proxy tool for HTTP/HTTPS traffic capture, manipulation and replay|mitmproxy|


|
|Proxy|hetty|Hetty is an HTTP toolkit for security research. It aims to become an open source alternative to commercial software like Burp Suite Pro, with powerful features tailored to the needs of the infosec and bug bounty community.|mitmproxy|


|
|Proxy|mitmproxy|An interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers.|mitmproxy|


|
|Proxy|EvilProxy|A ruby http/https proxy to do EVIL things.|mitmproxy|


|
|Proxy|Echo Mirage|A generic network proxy that uses DLL injection to capture and alter TCP traffic.||mitmproxy|
|
|Recon|lazyrecon|This script is intended to automate your reconnaissance process in an organized fashion |


|
|Recon|asnmap|Go CLI and Library for quickly mapping organization network ranges using ASN information|asn network-mapping|


|
|Recon|uncover|Quickly discover exposed hosts on the internet using multiple search engine.|


|
|Recon|parameth|This tool can be used to brute discover GET and POST parameters|


|
|Recon|Chaos Web| actively scan and maintain internet-wide assets' data. enhance research and analyse changes around DNS for better insights.|||

|
|Recon|cloudlist|Cloudlist is a tool for listing Assets from multiple Cloud Providers|cloud asset-discovery|


|
|Recon|puredns|Puredns is a fast domain resolver and subdomain bruteforcing tool that can accurately filter out wildcard subdomains and DNS poisoned entries.|subdomains dns|


|
|Recon|spiderfoot|SpiderFoot automates OSINT collection so that you can focus on analysis.|osint|


|
|Recon|subsall|Subdomain Enumeration Wordlist. 8956437 unique words. Updated. |subdomains|

|
|Recon|hakrevdns|Small, fast tool for performing reverse DNS lookups en masse. |


|
|Recon|3klCon|Automation Recon tool which works with Large & Medium scopes. It performs more than 20 tasks and gets back all the results in separated files.|


|
|Recon|apkleaks|Scanning APK file for URIs, endpoints & secrets. |apk url endpoint|


|
|Recon|waybackurls|Fetch all the URLs that the Wayback Machine knows about for a domain |url|


|
|Recon|csprecon|Discover new target domains using Content Security Policy|csp|


|
|Recon|dirsearch|Web path scanner |


|
|Recon|meg|Fetch many paths for many hosts - without killing the hosts |


|
|Recon|tlsx|Fast and configurable TLS grabber focused on TLS based data collection|ssl tls certificates|


|
|Recon|rusolver|Fast and accurate DNS resolver.|dns|


|
|Recon|Osmedeus|Fully automated offensive security framework for reconnaissance and vulnerability scanning |


|
|Recon|Sudomy|subdomain enumeration tool to collect subdomains and analyzing domains|subdomains|


|
|Recon|ParamWizard|ParamWizard is a powerful Python-based tool designed for extracting and identifying URLs with parameters from a specified website.|param|


|
|Recon|sn0int|Semi-automatic OSINT framework and package manager|osint|


|
|Recon|pagodo|pagodo (Passive Google Dork) - Automate Google Hacking Database scraping and searching|


|
|Recon|reconftw|reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities|


|
|Recon|gauplus|A modified version of gau for personal usage. Support workers, proxies and some extra things.|url|


|
|Recon|SecretFinder|SecretFinder - A python script for find sensitive data (apikeys, accesstoken,jwt,..) and search anything on javascript files |


|
|Recon|Parth|Heuristic Vulnerable Parameter Scanner |param|


|
|Recon|waymore|Find way more from the Wayback Machine, Common Crawl, Alien Vault OTX, URLScan, VirusTotal & Intelligence X!|url|


|
|Recon|htcat|Parallel and Pipelined HTTP GET Utility |


|
|Recon|github-endpoints|Find endpoints on GitHub.|


|
|Recon|scilla|🏴☠️ Information Gathering tool 🏴☠️ dns/subdomain/port enumeration|subdomains dns port|


|
|Recon|urx|Extracts URLs from OSINT Archives for Security Insights|url|


|
|Recon|zdns|Fast CLI DNS Lookup Tool|dns|


|
|Recon|bbot|OSINT automation for hackers|osint|


|
|Recon|favirecon|Use favicon.ico to improve your target recon phase. Quickly detect technologies, WAF, exposed panels, known services.|favicon|


|
|Recon|httpx|httpx is a fast and multi-purpose HTTP toolkit allow to run multiple probers using retryablehttp library, it is designed to maintain the result reliability with increased threads. |url|


|
|Recon|CTsubdomains|An hourly updated list of subdomains gathered from certificate transparency logs |subdomains|

|
|Recon|shosubgo|Small tool to Grab subdomains using Shodan api.|subdomains|


|
|Recon|noir|Attack surface detector that identifies endpoints by static analysis|endpoint url attack-surface|

|
|Recon|gowitness|🔍 gowitness - a golang, web screenshot utility using Chrome Headless |


|
|Recon|Shodan| World's first search engine for Internet-connected devices||osint|

|
|Recon|altdns|Generates permutations, alterations and mutations of subdomains and then resolves them |dns subdomains|


|
|Recon|xnLinkFinder|A python tool used to discover endpoints (and potential parameters) for a given target|js-analysis|


|
|Recon|go-dork|The fastest dork scanner written in Go. |


|
|Recon|gobuster|Directory/File, DNS and VHost busting tool written in Go |subdomains|


|
|Recon|JSFScan.sh|Automation for javascript recon in bug bounty. |js-analysis|


|
|Recon|dnsx|dnsx is a fast and multi-purpose DNS toolkit allow to run multiple DNS queries of your choice with a list of user-supplied resolvers.|dns|


|
|Recon|goverview|goverview - Get an overview of the list of URLs|url|


|
|Recon|BLUTO|DNS Analysis Tool|dns|


|
|Recon|crawlergo|A powerful browser crawler for web vulnerability scanners|crawl|


|
|Recon|reconprofile|Recon profile (bash profile) for bugbounty |


|
|Recon|Sub404|A python tool to check subdomain takeover vulnerability|subdomains takeover|


|
|Recon|Arjun|HTTP parameter discovery suite. |param|


|
|Recon|xurlfind3r|A command-line utility designed to discover URLs for a given domain in a simple, efficient way.|url|


|
|Recon|HydraRecon|All In One, Fast, Easy Recon Tool|


|
|Recon|cariddi|Take a list of domains, crawl urls and scan for endpoints, secrets, api keys, file extensions, tokens and more|crawl|


|
|Recon|knock|Knock Subdomain Scan |subdomains|


|
|Recon|Sublist3r|Fast subdomains enumeration tool for penetration testers |subdomains|


|
|Recon|uro|declutters url lists for crawling/pentesting|url|


|
|Recon|OneForAll|OneForAll是一款功能强大的子域收集工具 |


|
|Recon|Silver|Mass scan IPs for vulnerable services |port|


|
|Recon|haktrails|Golang client for querying SecurityTrails API data|


|
|Recon|dmut|A tool to perform permutations, mutations and alteration of subdomains in golang.|subdomains|


|
|Recon|assetfinder|Find domains and subdomains related to a given domain |subdomains|


|
|Recon|gospider|Gospider - Fast web spider written in Go |crawl|


|
|Recon|megplus|Automated reconnaissance wrapper — TomNomNom's meg on steroids. [DEPRECATED] |


|
|Recon|naabu|A fast port scanner written in go with focus on reliability and simplicity. Designed to be used in combination with other tools for attack surface discovery in bug bounties and pentests |portscan|


|
|Recon|dnsprobe|DNSProb (beta) is a tool built on top of retryabledns that allows you to perform multiple dns queries of your choice with a list of user supplied resolvers. |dns|


|
|Recon|longtongue|Customized Password/Passphrase List inputting Target Info|


|
|Recon|GitMiner|Tool for advanced mining for content on Github |


|
|Recon|ParamSpider|Mining parameters from dark corners of Web Archives |param|


|
|Recon|urlhunter|a recon tool that allows searching on URLs that are exposed via shortener services|url|


|
|Recon|hakrawler|Simple, fast web crawler designed for easy, quick discovery of endpoints and assets within a web application |crawl|


|
|Recon|github-subdomains|Find subdomains on GitHub|subdomains|


|
|Recon|BugBountyScanner|A Bash script and Docker image for Bug Bounty reconnaissance.|


|
|Recon|x8|Hidden parameters discovery suite|


|
|Recon|gitrob|Reconnaissance tool for GitHub organizations |


|
|Recon|Hunt3r|Made your bugbounty subdomains reconnaissance easier with Hunt3r the web application reconnaissance framework|


|
|Recon|aquatone|A Tool for Domain Flyovers |domain|


|
|Recon|DNSDumpster| Online dns recon & research, find & lookup dns records||dns online|

|
|Recon|dnsvalidator|Maintains a list of IPv4 DNS servers by verifying them against baseline servers, and ensuring accurate responses.|dns|


|
|Recon|STEWS|A Security Tool for Enumerating WebSockets|


|
|Recon|Amass|In-depth Attack Surface Mapping and Asset Discovery |subdomains|


|
|Recon|SubBrute|https://github.com/TheRook/subbrute|subdomains|


|
|Recon|getJS|A tool to fastly get all javascript sources/files|js-analysis|


|
|Recon|HostHunter|Recon tool for discovering hostnames using OSINT techniques.|osint|


|
|Recon|masscan|TCP port scanner, spews SYN packets asynchronously, scanning entire Internet in under 5 minutes. |portscan|


|
|Recon|subgen|A really simple utility to concate wordlists to a domain name - to pipe into your favourite resolver!|subdomains|


|
|Recon|shuffledns|shuffleDNS is a wrapper around massdns written in go that allows you to enumerate valid subdomains using active bruteforce as well as resolve subdomains with wildcard handling and easy input-output support. |dns|


|
|Recon|subfinder|Subfinder is a subdomain discovery tool that discovers valid subdomains for websites. Designed as a passive framework to be useful for bug bounties and safe for penetration testing. |subdomains|


|
|Recon|Photon|Incredibly fast crawler designed for OSINT. |osint crawl|


|
|Recon|Lepus|Subdomain finder|subdomains|


|
|Recon|SubOver|A Powerful Subdomain Takeover Tool|subdomains takeover|


|
|Recon|SecurityTrails| Online dns / subdomain / recon tool||subdomains online|

|
|Recon|rengine|reNgine is an automated reconnaissance framework meant for gathering information during penetration testing of web applications. reNgine has customizable scan engines, which can be used to scan the websites, endpoints, and gather information. |


|
|Recon|graphw00f|GraphQL Server Engine Fingerprinting utility|graphql|


|
|Recon|jsluice|Extract URLs, paths, secrets, and other interesting bits from JavaScript|js-analysis|


|
|Recon|subjs|Fetches javascript file from a list of URLS or subdomains.|url subdomains|


|
|Recon|katana|A next-generation crawling and spidering framework.|crawl|


|
|Recon|subzy|Subdomain takeover vulnerability checker|subdomains takeover|


|
|Recon|RustScan|Faster Nmap Scanning with Rust |portscan|


|
|Recon|subjack|Subdomain Takeover tool written in Go |subdomains takeover|


|
|Recon|gau|Fetch known URLs from AlienVault's Open Threat Exchange, the Wayback Machine, and Common Crawl.|url|


|
|Recon|chaos-client|Go client to communicate with Chaos DNS API. |


|
|Recon|cc.py|Extracting URLs of a specific target based on the results of "commoncrawl.org" |url|


|
|Recon|intrigue-core|Discover Your Attack Surface |


|
|Recon|Smap|a drop-in replacement for Nmap powered by shodan.io|port|


|
|Recon|fhc|Fast HTTP Checker.|


|
|Recon|alterx|Fast and customizable subdomain wordlist generator using DSL|subdomains wordlist permutation|


|
|Recon|FavFreak|Making Favicon.ico based Recon Great again ! |


|
|Recon|LinkFinder|A python script that finds endpoints in JavaScript files |js-analysis|


|
|Recon|findomain|The fastest and cross-platform subdomain enumerator, do not waste your time. |subdomains|


|
|Fuzzer|ParamPamPam|This tool for brute discover GET and POST parameters.|param cache-vuln|


|
|Fuzzer|wfuzz|Web application fuzzer |


|
|Fuzzer|dotdotpwn|DotDotPwn - The Directory Traversal Fuzzer |path-traversal|


|
|Fuzzer|ppfuzz|A fast tool to scan client-side prototype pollution vulnerability written in Rust. 🦀|prototypepollution prototype-pollution|


|
|Fuzzer|Clairvoyance|Obtain GraphQL API schema even if the introspection is disabled|graphql|


|
|Fuzzer|SmuggleFuzz|A rapid HTTP downgrade smuggling scanner written in Go.|smuggle fuzz|


|
|Fuzzer|BatchQL|GraphQL security auditing script with a focus on performing batch GraphQL queries and mutations|graphql|


|
|Fuzzer|SSRFmap|Automatic SSRF fuzzer and exploitation tool |ssrf|


|
|Fuzzer|fuzzparam|A fast go based param miner to fuzz possible parameters a URL can have.|param|


|
|Fuzzer|SSRFire|An automated SSRF finder. Just give the domain name and your server and chill|ssrf|

|
|Fuzzer|kiterunner|Contextual Content Discovery Tool|


|
|Fuzzer|c-jwt-cracker|JWT brute force cracker written in C |jwt|


|
|Fuzzer|ffuf|Fast web fuzzer written in Go |


|
|Fuzzer|crlfuzz|A fast tool to scan CRLF vulnerability written in Go |crlf|


|
|Fuzzer|hashcat|World's fastest and most advanced password recovery utility |


|
|Fuzzer|BruteX|Automatically brute force all services running on a target.|


|
|Fuzzer|thc-hydra|hydra |


|
|Fuzzer|medusa|Fastest recursive HTTP fuzzer, like a Ferrari. |
🔗 More in this category