Web Application Tools

462 tools
hackliner
hackliner
Open Source Exploitation Web Application

HackLiners: CyberSec/BugHunting OneLiners
HackTools
HackTools
Free Exploitation Web Application

The all-in-one browser extension for offensive security professionals 🛠
hadrian
hadrian
Open Source Web Application

API security testing framework for REST, GraphQL, and gRPC that validates authorization logic using role-based testing and YAML-driven templ…
handbook
handbook
Open Source Kali Exploitation Web Application

A living document for penetration testing and offensive security.
hast-util-sanitize
hast-util-sanitize
Open Source Web Application

utility to sanitize hast nodes
Helios
Helios
Free Exploitation Web Application

Use python helios.py --help for a full list of options and usage instructions.
hookish
hookish
Open Source Web Application

Hooks in to interesting functions and helps reverse the web app faster.
HopLa
HopLa
Open Source Web Application

HopLa Burp Suite Extender plugin - Brings AI capabilities, autocompletion support, and a set of useful payloads to Burp Suite
htb-writeups
htb-writeups
Open Source Exploitation Post-Exploitation

The most comprehensive Hack The Box writeup collection - 500+ machines, 400+ challenges, interactive knowledge graph, skill trees, attack pa…
HtmlSanitizer
HtmlSanitizer
Open Source Web Application

Cleans HTML to avoid XSS attacks
humble
humble
Open Source Kali Web Application

A humble, and 𝗳𝗮𝘀𝘁, security-oriented HTTP headers analyzer.
HuntTheBug
HuntTheBug
Open Source Kali Reconnaissance Web Application

Advanced reconnaissance framework for bug bounty hunters - Automate subdomain enumeration, vulnerability scanning, and security reconnaissan…
IDOR-Forge
IDOR-Forge
Open Source Exploitation Web Application

IDOR Forge is an advanced and versatile tool designed to detect Insecure Direct Object Reference (IDOR) vulnerabilities in web applications.
inql
inql
Open Source Web Application

InQL is a robust, open-source Burp Suite extension for advanced GraphQL testing, offering intuitive vulnerability detection, customizable sc…
Interactsh
Interactsh
Open Source Scanning & Enumeration Web Application

Out-of-band interaction gathering server. Generates unique collaboration URLs for detecting blind vulnerabilities like SSRF, XXE, SSTI, blin…
inventory
inventory
Open Source Exploitation Reconnaissance

Asset inventory of over 800 public bug bounty programs.
ios-penetration-testing-cheat-sheet
ios-penetration-testing-cheat-sheet
Open Source Reverse Engineering Web Application

This is more of a checklist for myself. May contain useful tips and tricks. Still need to add a lot of things.
ipranges
ipranges
Free Reconnaissance Web Application

🔨 List all IP ranges from: Google (Cloud & GoogleBot), Bing (Bingbot), Amazon (AWS), Microsoft, Oracle (Cloud), GitHub, Facebook (Meta), Ope…
isomorphic-dompurify
isomorphic-dompurify
Open Source Web Application

Use DOMPurify on server and client in the same way
janusec
janusec
Free Exploitation Web Application

JANUSEC Application Gateway provides secure access, including reverse proxy, K8S Ingress Controller, Automatic ACME Certificate, WAF, 5-Seco…
java-reverse-tcp
java-reverse-tcp
Open Source Web Application

JAR, Java, and JSP shells that work on Linux OS, macOS, and Windows OS.
JavaSecurity
JavaSecurity
Open Source Web Application

Java web and command line applications demonstrating various security topics
jiff
jiff
Open Source Web Application

JavaScript library for building web-based applications that employ secure multi-party computation (MPC).
jok3r
jok3r
Free Web Application

Jok3r v3 BETA 2 - Network and Web Pentest Automation Framework