ReconFTW ReconFTW automates the entire process of reconnaisance for you. It outperforms the work of subdomain enumeration along with various vulnerability checks and obtaining maximum information about your target. ReconFTW uses a lot of techniques...
SubCrawl SubCrawl is a framework developed by Patrick Schläpfer, Josh Stroschein, and Alex Holland of HP Inc’s Threat Research team. SubCrawl is designed to find, scan and analyze open directories. The framework is modular, consisting of four components: input modules,...
Salus: Guardian of Code Safety and Security Salus (Security Automation as a Lightweight Universal Scanner), named after the Roman goddess of protection, is a tool for coordinating the execution of security scanners. You can run...
Goby – Attack surface mapping The new generation of network security technology achieves rapid security emergencies through the establishment of a complete asset database for the target. Scan Asset Scanning Automatically detect the existing...
shisho Shisho is a lightweight static code analyzer designed for developers and security teams. The key motivation of Shisho is providing a means of Security-as-Code for Code. It allows us to analyze and transform your source...
GoKart – Go Security Static Analysis GoKart is a static analysis tool for Go that finds vulnerabilities using the SSA (single static assignment) form of Go source code. It is capable of tracing the...
WPScan is a black box WordPress vulnerability scanner. Changelog v3.8.19 Minor: New version for updated dependencies Install Requirement Ruby >= 2.2.2 – Recommended: 2.3.3 Curl >= 7.21 – Recommended: latest – FYI the 7.29...
crawlergo crawlergo is a browser crawler that uses chrome headless mode for URL collection. It hooks key positions of the whole web page with the DOM rendering stage, automatically fills and submits forms, with...
Semgrep Semgrep is a command-line tool for offline static analysis. Use pre-built or custom rules to enforce code and security standards in your codebase. You can try it now with our interactive live editor. Semgrep combines the...
DongTai DongTai IAST is an open-source passive interactive security testing (IAST) product. It uses dynamic hooks and taint tracking algorithms to achieve universal vulnerability detection and multiples request associated with vulnerability detection (including but not limited to...
Suggested Reading