Resources
Last updated
Was this helpful?
Last updated
Was this helpful?
Attack platform (Kali, ParrotOS, etc)
Automated tools (Burp Scanner, Dirbuster, Nikto, etc)
Browser (Add-ons)
Interception proxies (Burp or ZAP)
There are >150 entries that can be used against web server scanning, crawling, and querying:
auxiliary/scanner/http/
Basic Spiders: auxiliary/crawler/msfcrawler and auxiliary/scanner/http/crawler
wmap (Web Scanning not updated since 2012)
sqlmap
OWASP WSTG - Web Security Testing Guide:
PortSwigger - Service-Side template Injection:
WebApp Hacking: Web Application Technologies, Part 1
KONTRA - OWASP Top 10, free appsec training
For Self Hosted Vulnerable Web Apps or Sites see:
Haksecuritytxt Takes a list of domains as the input, checks if they have a security.txt, outputs the results.
Full wordlist
Why Server-Side Input Validation Matters: