Webbies Toolkit is a pair of tools that enable asynchronous web recon & enumeration including SSL detection, banner grabbing and presence of login forms. Webbies Features Respects scope (including redirects) Uses same DNS resolver for enumeration and retrieval by patching aiohttp TCPConnector Cached DNS requests by wrapping aiodns SSLContext can be modified for specific SSL […]
enumeration
SubBrute – Subdomain Brute-forcing Tool
SubBrute is a community driven project with the goal of creating the fastest, and most accurate subdomain brute-forcing tool. Some of the magic behind SubBrute is that it uses open resolvers as a kind of proxy to circumvent DNS rate-limiting. This design also provides a layer of anonymity, as SubBrute does not send traffic directly […]
Host-Extract – Enumerate All IP/Host Patterns In A Web Page
host-extract is a little ruby script that tries to extract all IP/Host patterns in page response of a given URL and JavaScript/CSS files of that URL. With it, you can quickly identify internal IPs/Hostnames, development IPs/ports, cdn, load balancers, additional attack entries related to your target that are revealed in inline js, css, html comment […]
Web-Sorrow v1.48 – Version Detection, CMS Identification, Enumeration & Server Scanning Tool
Web-Sorrow is a PERL based tool for misconfiguration, version detection, enumeration, and server information scanning. It’s entirely focused on enumeration and collecting information about a target server. Web-Sorrow is a “safe to run” program, meaning it is not designed to be an exploit or perform any harmful attacks. There’s a couple of other tools that […]