# Web Applications

# CORS

  • Corsy - CORS Misconfiguration Scanner. last-commit

# Cross-Site Scripting

  • XSS'OR - XSS'OR - Hack with JavaScript. last-commit
  • XSStrike - Most advanced XSS scanner. last-commit

# CRLF

  • CRLFSuite - The most powerful CRLF injection (HTTP Response Splitting) scanner. last-commit

# CSRF

  • Bolt - CSRF Scanner. last-commit

# Databases

  • sql-map - Automatic SQL injection and database takeover tool. last-commit

# Directory Traversal

  • dotdotpwn - The Directory Traversal Fuzzer last-commit
  • slipit - Utility for creating ZipSlip archives. last-commit

# Frameworks

  • Commix - Automated All-in-One OS Command Injection Exploitation Tool. last-commit
  • TIDoS - HTTP Request Smuggling Detection Tool. last-commit
  • tplmap - Server-Side Template Injection and Code Injection Detection and Exploit Tool. last-commit

# Headers

  • Security Headers - Tool designed to help you better deploy and understand modern security features that are available for your website.

# Protocols

# SSL/TLS

  • TLS-Scanner - Assists in the evaluation of TLS Server configurations. last-commit

# LFI

  • LFISuite - Automated scan and exploitation of Local File Inclusion. last-commit
  • LFIFreak - Local File Inclusion automation tool for PHP. last-commit
  • Liffy - Local File Inclusion automation tool for PHP. last-commit