Vulnerability scanners
Nuclei
Nuclei is a template-based vulnerability scanner with hundreds of templates that are continually updated. Because of the ease of use, new templates are updated on a regular basis. It is also possible to create your own private personal templates.
GitHub - projectdiscovery/nuclei: Fast and customizable vulnerability scanner based on simple YAML based DSL.
Fast and customizable vulnerability scanner based on simple YAML based DSL. - GitHub - projectdiscovery/nuclei: Fast and customizable vulnerability scanner based on simple YAML based DSL.
projectdiscoveryWeb discovery
Arjun
Arjun is an excellent tool for discovering content based on endpoint fuzzing. The program allows you to scan several parameters by submitting several in the same request. Finding hidden parameters may reveal additional functionality and, in turn, increase the attack surface.
GitHub - s0md3v/Arjun: HTTP parameter discovery suite.
HTTP parameter discovery suite. Contribute to s0md3v/Arjun development by creating an account on GitHub.
s0md3vGobuster
Gobuster is a bruteforce tool built in Go, as the name implies. This program is useful for quickly enumerating Uris, subdomains, Vhosts, and open Amazon S3 buckets. Allowing for the speedy discovery of (hidden) information.
GitHub - OJ/gobuster: Directory/File, DNS and VHost busting tool written in Go
Directory/File, DNS and VHost busting tool written in Go - GitHub - OJ/gobuster: Directory/File, DNS and VHost busting tool written in Go
OJ