WebSploit Is an open source project for web application assessments.
Wfuzz is a tool designed for bruteforcing Web Applications, it can be used for finding resources not linked (directories, servlets, scripts, etc), bruteforce GET and POST parameters for checking different kind of injections (SQL, XSS, LDAP,etc), bruteforce Forms parameters (User/Password), Fuzzing,etc.
WPScan Package Description WPScan is a black box WordPress vulnerability scanner that can be used to scan remote WordPress installations to find security issues. Source: http://wpscan.org/ WPScan Homepage | Kali wpscan Repo Author: The WPScan Team License: Other Tools included in the wpscan package wpscan – WordPress vulnerability scanner root@kali:~# wpscan –help _______________________________________________________________ …
DAVTest tests WebDAV enabled servers by uploading test executable files, and then (optionally) uploading files which allow for command execution or other actions directly on the target. It is meant for penetration testers to quickly and easily determine if enabled DAV services are exploitable.
Burp Suite is an integrated platform for performing security testing of web applications. Its various tools work seamlessly together to support the entire testing process, from initial mapping and analysis of an application’s attack surface, through to finding and exploiting security vulnerabilities.
The BlindElephant Web Application Fingerprinter attempts to discover the version of a (known) web application by comparing static files at known locations against precomputed hashes for versions of those files in all all available releases. The technique is fast, low-bandwidth, non-invasive, generic, and highly automatable