# Web Applications

# CORS

• Corsy - CORS Misconfiguration Scanner.

# Cross-Site Scripting

• XSS'OR - XSS'OR - Hack with JavaScript.
• XSStrike - Most advanced XSS scanner.

# CRLF

• CRLFSuite - The most powerful CRLF injection (HTTP Response Splitting) scanner.

# CSRF

• Bolt - CSRF Scanner.

# Databases

• sql-map - Automatic SQL injection and database takeover tool.

# Directory Traversal

• dotdotpwn - The Directory Traversal Fuzzer
• slipit - Utility for creating ZipSlip archives.

# Frameworks

• Commix - Automated All-in-One OS Command Injection Exploitation Tool.
• TIDoS - HTTP Request Smuggling Detection Tool.
• tplmap - Server-Side Template Injection and Code Injection Detection and Exploit Tool.

# Headers

• Security Headers - Tool designed to help you better deploy and understand modern security features that are available for your website.

# Protocols

• http-request-smuggling - HTTP Request Smuggling Detection Tool.

# SSL/TLS

• TLS-Scanner - Assists in the evaluation of TLS Server configurations.

# LFI

• LFISuite - Automated scan and exploitation of Local File Inclusion.
• LFIFreak - Local File Inclusion automation tool for PHP.
• Liffy - Local File Inclusion automation tool for PHP.