GraphQLmap
A scripting engine for interacting with GraphQL endpoints for pentesting purposes.
Wfuzz is a tool designed for bruteforcing Web Applications, it can be used for finding resources not linked (directories, servlets, scripts, etc), bruteforce GET and POST parameters for checking different kind of injections (SQL, XSS, LDAP,etc), bruteforce Forms parameters (User/Password), Fuzzing,etc. Some features: - Multiple Injection points capability with multiple dictionaries - Recursion (When doing directory bruteforce) - Post, headers and authentication data brute forcing - Output to HTML - Colored output - Hide results by return code, word numbers, line numbers, regex - Cookies fuzzing - Multi threading - Proxy support - SOCK support - Time delays between requests - Authentication support (NTLM, Basic) - All parameters bruteforcing (POST and GET) - Multiple encoders per payload - Payload combinations with iterators - Baseline request (to filter results against) - Brute force HTTP methods - Multiple proxy support (each request through a different proxy) - HEAD scan (faster for resource discovery) - Dictionaries tailored for known applications (Weblogic, Iplanet, Tomcat, Domino, Oracle 9i, Vignette, Coldfusion and many more.i (Many dictionaries are from Darkraver's Dirb, www.open-labs.org) Payloads: - File - List - hexrand - range - names - hexrange
A scripting engine for interacting with GraphQL endpoints for pentesting purposes.
High-performant, coroutines-driven, and fully customisable Low & Slow load generator for real-world pentesting with undetectability through Tor.
Ultimate Internet of Things/Industrial Control Systems reconnaissance tool powered by Shodan.
Small script to simplify format string exploitation.
Modern, asynchronous, multiplayer & multiserver C2/post-exploitation framework with Python 3 and .NETs DLR.
An open source network penetration testing framework with automatic recon and scanning capabilities.