WhatWeb identifies websites. Its goal is to answer the question, "What is that Website?". WhatWeb recognises web technologies including content management systems (CMS), blogging platforms, statistic/analytics packages, JavaScript libraries, web servers, and embedded devices.
WhatWeb has over 1800 plugins, each to recognise something different. WhatWeb also identifies version numbers, email addresses, account IDs, web framework modules, SQL errors, and more.
Stealth Mode
WhatWeb can be stealthy and fast, or thorough but slow. WhatWeb supports an aggression level to control the trade off between speed and reliability. When you visit a website in your browser, the transaction includes many hints of what web technologies are powering that website.
Sometimes a single webpage visit contains enough information to identify a website but when it does not, WhatWeb can interrogate the website further.
The default level of aggression, called 'stealthy', is the fastest and requires only one HTTP request of a website. This is suitable for scanning public websites. More aggressive modes were developed for use in penetration tests.
Plugins
Most WhatWeb plugins are thorough and recognise a range of cues from subtle to obvious. For example, most WordPress websites can be identified by the meta HTML tag, e.g. '', but a minority of WordPress websites remove this identifying tag but this does not thwart WhatWeb.
The WordPress WhatWeb plugin has over 15 tests, which include checking the favicon, default installation files, login pages, and checking for "/wp-content/" within relative links.
Matches are made with:
Text strings (case sensitive)
Regular expressions
Google Hack Database queries (limited set of keywords)
MD5 hashes
URL recognition
HTML tag patterns
Custom ruby code for passive and aggressive operations
Features
Over 1800 plugins
Control the trade off between speed/stealth and reliability
Performance tuning. Control how many websites to scan concurrently.
What is the FatRat?
TheFatRat is an exploitation and pentesting tool designed for educational purposes. It has the capability to compile malware with popular payloads, which can then be executed on various platforms including Windows, Linux, Mac, and Android.
This makes it a versatile tool for understanding the dynamics of
A web application vulnerability scanner is an expertly crafted software program, engineered to methodically scan web applications for security vulnerabilities.
It operates with precision, simulating attacks and meticulously observing the application's response to pinpoint potential weak points with absolute certainty.
The scanner isn't just helpful, it&
RapidScan is a free and open-source multi-tool web app vulnerability scanner, that allows pentesters, web developers and ethical hackers looks for bugs, and security issues in any web app.
It is written using Python and can be installed on any system either from source using Python or using Docker.
Features
Safety CLI is a Python dependency vulnerability scanner that enhances software supply chain security. It detects packages with known vulnerabilities and malicious packages in various environments, providing clear remediation recommendations.
It leverages a comprehensive database of vulnerabilities and malicious packages, allowing teams to detect vulnerabilities throughout the software development lifecycle.
What is a Network Port Scanner?
A network port scanner is a tool used by network security professionals and penetration testers to scan computer networks for open ports. Ports are communication endpoints that enable computers to send and receive data.
A port scanner identifies which ports on a network are
Raccoon is an open-source free OSINT high performance offensive security tool for reconnaissance and vulnerability scanning.
Raccoon is a tool made for reconnaissance and information gathering with an emphasis on simplicity.
It will do everything from fetching DNS records, retrieving WHOIS information, obtaining TLS data, detecting WAF presence and up
BBOT (Bighuge BLS OSINT Tool) is a modular, recursive OSINT framework that can execute the entire OSINT workflow in a single command.
BBOT is inspired by Spiderfoot but takes it to the next level with features like multi-target scans, lightning-fast asyncio performance, and NLP-powered subdomain mutations. It offers a wide
Arachni is a feature-full, modular, high-performance Ruby framework aimed towards helping penetration testers and administrators evaluate the security of web applications.
It is smart, it trains itself by monitoring and learning from the web application's behavior during the scan process and is able to perform meta-analysis using a
w3af is an open source web application security scanner which helps developers and penetration testers identify and exploit vulnerabilities in their web applications.
The scanner is able to identify 200+ vulnerabilities, including Cross-Site Scripting, SQL injection and OS commanding.
Features
* User-friendly
* Command-line interface
* GUI app
* Extenisable with plugins
* Dozens of
Scanners Box also known as scanbox, is a powerful hacker toolkit, which has collected more than 10 categories of open source scanners from Github, including subdomain, database, middleware and other modular design scanner etc.
But for other Well-known scanning tools, such as nmap, w3af, brakeman, arachni, nikto, metasploit, aircrack-ng will