AppSec-Softwares
Tools
([WhatWeb] (https://github.com/urbanadventurer/WhatWeb)) - It recognises web technologies including content management systems (CMS), blogging platforms, statistic/analytics packages, JavaScript libraries, web servers, and embedded devices.
BurpSuite - A web application testing framework used by security professionals or web developers to identify attack vectors and to find security related flaws in their web applications
sqlmap - An open source penetration testing tool that automates the process of detecting and exploiting SQL injection (SQLi) flaws and taking over of database servers.
Commix - Automated All-in-One OS Command Injection and Exploitation Tool.
wfuzz - It's a web application brute forcer, that allows you to perform complex brute force attacks in different web application parts as: parameters, authentication, forms, directories/files, headers files, etc. dirbuster and dirsearch - Website directory and file bruteforcer.
tplmap - A tool that automate the process of detecting and exploiting Server-Side Template Injection (SSTI) vulnerabilities.
liffy - A little python tool to perform Local File Inclusion (LFI).
fuxploider - A tool that automates the process of detecting and exploiting file upload forms flaws.
SSRFmap - An automatic SSRF fuzzer and exploitation tool
GitTools - A Finder, Dumper, and Extractor of a .git repository of a website.
SecurityHeaders - A simple but detailed security header scanner
Nikto - is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers.
hydra - A parallelized login cracker which supports numerous protocols to attack.
Other Resources PayloadsAllTheThings - A list of useful payloads and bypass for Web Application Security and Pentest/CTF
Awesome-AppSec - A curated list of resources for learning about application security
<h5 style="padding-top: 3vh;"><b>Tools</b></h5>
<ul>
<li><a href="https://github.com/urbanadventurer/WhatWeb" target="_blank">WhatWeb</a> - It recognises web technologies including content management systems (CMS), blogging platforms, statistic/analytics packages, JavaScript libraries, web servers, and embedded devices.</li>
<li><a href="https://portswigger.net/burp" target="_blank">BurpSuite</a> - A web application testing framework used by security professionals or web developers to identify attack vectors and to find security related flaws in their web applications
</li>
<li><a href="http://sqlmap.org/" target="_blank">sqlmap</a> - An open source penetration testing tool that automates the process of detecting and exploiting SQL injection (SQLi) flaws and taking over of database servers.
</li>
<li><a href="https://github.com/commixproject/commix" target="_blank">Commix</a> - Automated All-in-One OS Command Injection and Exploitation Tool.
</li>
<li><a href="https://github.com/xmendez/wfuzz" target="_blank">wfuzz</a> - It's a web application brute forcer, that allows you to perform complex brute force attacks in different web application parts as: parameters, authentication, forms, directories/files, headers files, etc.
</li>
<li><a href="https://tools.kali.org/web-applications/dirbuster" target="_blank">dirbuster</a> and <a href="https://github.com/maurosoria/dirsearch" target="_blank">dirsearch</a> - Website directory and file bruteforcer.
</li>
<li><a href="https://github.com/epinna/tplmap" target="_blank">tplmap</a> - A tool that automate the process of detecting and exploiting Server-Side Template Injection (SSTI) vulnerabilities.
</li>
<li><a href="https://github.com/mzfr/liffy" target="_blank">liffy</a> - A little python tool to perform Local File Inclusion (LFI).
</li>
<li><a href="https://github.com/almandin/fuxploider" target="_blank">fuxploider</a> - A tool that automates the process of detecting and exploiting file upload forms flaws.
</li>
<li><a href="https://github.com/swisskyrepo/SSRFmap" target="_blank">SSRFmap</a> - An automatic SSRF fuzzer and exploitation tool</li>
<li><a href="https://github.com/internetwache/GitTools" target="_blank">GitTools</a> - A Finder, Dumper, and Extractor of a .git repository of a website.</li>
<li><a href="https://securityheaders.com/" target="_blank">SecurityHeaders</a> - A simple but detailed security header scanner
</li>
<li><a href="https://cirt.net/Nikto2" target="_blank">Nikto</a> - is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers.
</li>
<li><a href="https://github.com/vanhauser-thc/thc-hydra" target="_blank">hydra</a> - A parallelized login cracker which supports numerous protocols to attack.
</li>
</ul>
<h5 style="padding-top: 3vh;"><b>Other Resources</b></h5>
<ul>
<li><a href="https://github.com/swisskyrepo/PayloadsAllTheThings" target="_blank">PayloadsAllTheThings</a> - A list of useful payloads and bypass for Web Application Security and Pentest/CTF
</li>
<li><a href="https://github.com/paragonie/awesome-appsec" target="_blank">Awesome-AppSec</a> - A curated list of resources for learning about application security</li>
</ul>
</h5>
```