Web Security Security Tools

A powerful and comprehensive XSS vulnerability scanner with an intuitive GUI interface.

An XSS exploitation command-line interface and payload generator.

Selenium based web scraper to generate passwords list

Customisable and automated HTTP header injection

ASOC, ASPM, DevSecOps, Vulnerability Management Using ArcherySec.

A cheat sheet that contains advanced queries for SQL Injection of all types.

Interactive CLI tool for exploiting LFI via PHP filter chaining — a wrapper around Synacktiv’s php_filter_chain_generator.

A scanner/exploitation tool written in GO, which leverages client-side Prototype Pollution to XSS by exploiting known gadgets.

A fast WordPress plugin enumeration tool

Take a list of domains, crawl urls and scan for endpoints, secrets, api keys, file extensions, tokens and more

A high performance offensive security tool for reconnaissance and vulnerability scanning

An advanced cross-platform tool that automates the process of detecting and exploiting SQL injection security flaws

Automated client-side template injection (sandbox escape/bypass) detection for AngularJS v1.x.

🕵️‍♂️ All-in-one OSINT tool for analysing any website

Automatic SSTI detection tool with interactive interface

Web vulnerability scanner written in Python3

vulnx 🕷️ an intelligent Bot, Shell can achieve automatic injection, and help researchers detect security vulnerabilities CMS system. It can perform a quick CMS security detection, information collection (including sub-domain name, ip address, country information, organizational information and time zone, etc.) and vulnerability scanning.

Automatic SQL injection and database takeover tool

Attack Surface Management Platform