- https://pentestwiki.org/tools-for-web-penetration-testing/
author:">created: 2022-04-19T19:56:20 (UTC +08:00)
tags: []
source: https://pentestwiki.org/tools-for-web-penetration-testing/
author: - ✅ Tools for Web Penetration Testing - pentestwiki.org
created: 2022-04-19T19:56:20 (UTC +08:00)
tags: []
source: https://pentestwiki.org/tools-for-web-penetration-testing/
author:
✅ Tools for Web Penetration Testing - pentestwiki.org
Excerpt
Set of tools for web penetration testing and bug bounties. Also the essential BurpSuite Pro plugins to success.
Standard tools for web pentesting
Web proxies
- Burpsuite Pro https://portswigger.net/burp/pro
- ZAP https://www.zaproxy.org/
- HTTP Toolkit https://httptoolkit.tech/
Charles Proxy https://www.charlesproxy.com/
SQLinjection
SQLmap http://sqlmap.org/
Web files & dirs fuzzing
- Dirb https://tools.kali.org/web-applications/dirb
- wfuzz https://github.com/xmendez/wfuzz
- gobuster https://github.com/OJ/gobuster
ffuf https://github.com/ffuf/ffuf
BurpSuite Pro essential plugins
protobuf decoding https://github.com/nccgroup/blackboxprotobuf
- J2EEScan https://portswigger.net/bappstore/7ec6d429fed04cdcb6243d8ba7358880
- ParamMiner https://portswigger.net/bappstore/17d2949a985c4b7ca092728dba871943
- Upload Scanner https://portswigger.net/bappstore/b2244cbb6953442cb3c82fa0a0d908fa
- Retire.jshttps://portswigger.net/bappstore/36238b534a78494db9bf2d03f112265c
- Msgpack https://portswigger.net/bappstore/c199ec3330864d548ff7d6bf761960ba
Turbo Intruder https://portswigger.net/bappstore/9abaa233088242e8be252cd4ff534988
More info
Portswigger Learning materials: https://portswigger.net/web-security/all-materials
- Intro to web application testing
- OWASP TOP 10 explained
-
HTTP debugging
Check your headers (good for open redirects, data exfiltration): https://httpbin.org/get
- CORS checker: https://app.cors.bridged.cc
- Burp Collaborator (good for testing SSRF): https://burpcollaborator.net/
- HTTP Requestbin (good for testing SSRF): https://requestbin.net/
若有收获,就点个赞吧
0 人点赞
