Web Application & Bug Hunters


(Abdel Rhman Anter) #1

Some tools for pentest Web application , and we will try to recommend some important tools , so we will delete old tools that are not updated or not important , if you know good tools Please suggest

• Web Application Proxies
Burp
zap

weevely
webacoo
nishang
sqlmap
commix

• Web Crawlers & Directory Bruteforce
sublist3r
knockpy
HostileSubBruteforcer
nikto
dirb
dirsearch
dig
dirhunt
photon
halberd
Subdomain-Takeover-master

• CMS & Framework Identification
wpscan
CMSeek
Wpscan
skipfish
webscarab
joomscan


(dmknght) #3

I strongly recommend vbscan, a vuln scanner for vbulletin forum.
I think paros should be removed. It is old verson of zap, isn’t it?
Parrot is having dirb and gobuster for scanning web path so adding new other tool is not nessecary i think.
p/s: it is not about web application but i hope Parrot will add these tools:
https://github.com/DominicBreuker/pspy snoop on processes without need for root permissions
https://github.com/AlessandroZ/LaZagne Steal browser’s password
They are good for Post-Exploitation step :smiley:


(dmknght) #4

I think this tool should be included too https://github.com/stampery/mongoaudit


(Abdel Rhman Anter) #5

thank you i will see it


(hazem) #6

Will the tool be placed in the next update or what will happen :roll_eyes:


(dmknght) #7

All tools must be tested first. Menu tool list should be modified too.


(Abdel Rhman Anter) #8

sure we will do this