Web Application Tools

exifLooter

Open Source Exploitation Reconnaissance

ExifLooter finds geolocation on all image urls and directories also integrates with OpenStreetMap

exploit-writing-for-oswe

Free Exploitation Web Application

Tips on how to write exploit scripts (faster!)

ExternalAttacker-MCP

Free Web Application

A modular external attack surface mapping tool integrating tools for automated reconnaissance and bug bounty workflows.

EyeWitness

Open Source Kali Reconnaissance Web Application

Takes screenshots of web pages, RDP, and VNC services. Reports on default credentials and interesting headers. Useful for rapidly assessing …

ezXSS

Open Source Exploitation Web Application

ezXSS is an easy way for penetration testers and bug bounty hunters to test (blind) Cross Site Scripting.

Facebook-BugBounty-Writeups

Free Web Application

Collection of Facebook Bug Bounty Writeups

fallparams

Open Source Password Attacks Web Application

Find All Parameters - Tool to crawl pages, find potential parameters and generate a custom target parameter wordlist

favirecon

Open Source Reconnaissance Web Application

Use favicons to improve your target recon phase. Quickly detect technologies, WAF, exposed panels, known services.

fback

Open Source Password Attacks Web Application

Fback is a tool that helps you create target-specific wordlists using a .json pattern.

FBI-tools

Free Forensics Reconnaissance

🕵️ OSINT Tools for gathering information and actions forensics 🕵️

FCaptcha

Open Source Web Application

Detect bots, vision AI agents, and headless browsers through 40+ behavioral signals and SHA-256 proof of work. Self-hosted, privacy-first, a…

fencer

Open Source Exploitation Web Application

Automated API security testing

Feroxbuster

Open Source Kali Scanning & Enumeration Web Application

Fast, recursive content discovery tool written in Rust. Performs automatic recursive scanning and handles redirects, filters, and parallel s…

ffuf

Open Source Kali Scanning & Enumeration Web Application

Fast web fuzzer written in Go. Supports directory discovery, parameter fuzzing, virtual host discovery, POST data fuzzing, and custom header…

firefly

Free Scanning & Enumeration Web Application

Black box fuzzer for web applications

fleex

Open Source Web Application

Fleex makes it easy to create multiple VPS on cloud providers and use them to distribute workloads.

forbidden

Open Source Password Attacks Scanning & Enumeration

Bypass 4xx HTTP response status codes and more. The tool is based on Python Requests, PycURL, and HTTP Client.

frida_setup

Free Reconnaissance Reverse Engineering

One-click installer for Frida and Burp certs for SSL Pinning bypass

FrogPost

Free Web Application

FrogPost: postMessage Security Testing Tool

fsociety

Open Source Exploitation Post-Exploitation

fsociety Hacking Tools Pack – A Penetration Testing Framework

ftw

Open Source Web Application

Framework for Testing WAFs (FTW!)

fucking-Awesome-Hacking

Free Reverse Engineering Scanning & Enumeration

A collection of various awesome lists for hackers, pentesters and security researchers. With repository stars⭐ and forks🍴

fuzz

Free Exploitation Scanning & Enumeration

Commodity Injection Signatures, Malicious Inputs, XSS, HTTP Header Injection, XXE, RCE, Javascript, XSLT

GarudRecon

Open Source Exploitation Reconnaissance

GarudRecon automates domain recon with top open-source tools to discover assets, enumerate subdomains, and detect XSS, SQLi, LFI, RCE & more…