Vulnerability scanners

Nuclei

Nuclei is a template-based vulnerability scanner with hundreds of templates that are continually updated. Because of the ease of use, new templates are updated on a regular basis. It is also possible to create your own private personal templates.

GitHub - projectdiscovery/nuclei: Fast and customizable vulnerability scanner based on simple YAML based DSL.
Fast and customizable vulnerability scanner based on simple YAML based DSL. - GitHub - projectdiscovery/nuclei: Fast and customizable vulnerability scanner based on simple YAML based DSL.

Web discovery

Arjun

Arjun is an excellent tool for discovering content based on endpoint fuzzing. The program allows you to scan several parameters by submitting several in the same request. Finding hidden parameters may reveal additional functionality and, in turn, increase the attack surface.

GitHub - s0md3v/Arjun: HTTP parameter discovery suite.
HTTP parameter discovery suite. Contribute to s0md3v/Arjun development by creating an account on GitHub.

Gobuster

Gobuster is a bruteforce tool built in Go, as the name implies. This program is useful for quickly enumerating Uris, subdomains, Vhosts, and open Amazon S3 buckets. Allowing for the speedy discovery of (hidden) information.

GitHub - OJ/gobuster: Directory/File, DNS and VHost busting tool written in Go
Directory/File, DNS and VHost busting tool written in Go - GitHub - OJ/gobuster: Directory/File, DNS and VHost busting tool written in Go