Tools starting with W

Looking for new tools to extend your tool box? The top 100 list of best security tools is a great start.


WAFPASS is a security tool to perform a security scan of a web application firewall (WAF). It tries to bypass the security defenses, to evaluate its effectiveness.


WPForce is a suite of tools to attack Wordpress installations. One part focuses on brute forcing logins, the other to upload a shell upon finding credentials.


WPScan is a security tool to perform black box WordPress vulnerability scans, including enumeration of used plugins

Latest release: 3.8.25 [Sept. 29, 2023]


WPSeku is a WordPress vulnerability scanner that can be used to scan remote WordPress installations.


WPSploit helps developers and penetration testers to perform a code audit of WordPress themes and plugins. The tool runs a static code analysis on the systems itself for possible security flaws.


Wapiti is a security tool to perform vulnerability scans on web applications. It uses fuzzing to detect known and unknown paths, among other tests.

Latest release: 3.1.8 [May 16, 2024]


Wappalyzer is an information gathering tool for web applications and websites. It may be used for security assessments, or simply to look up technology details.

Latest release: 6.10.66 [Aug. 15, 2023]


WarBerryPi is a toolkit to provide a hardware implant during penetration testing or red teaming. Read how it works in this review.


WeBaCoo is short for Web Backdoor Cookie Script-Kit. It is a tool to get a backdoor that is controlled by a specified cookie.


Wfuzz is a security tool to do fuzzing of web applications. It is modular and can be used to discover and exploit web application vulnerabilities. This makes the tool useful for both developers as security professionals.


WhatWaf is a security tool to help with the identification of a web application firewall (WAF). If it discovers the presence of a WAF, the tool will try to bypass it and avoid detection.


WhatWeb is a security tool written in Ruby to fingerprint web applications. It helps with detecting what software is used for a particular web application.


Whitewidow is a security tool to perform automated SQL vulnerability scans. It can be used during penetration tests or for security assessments.


Wifiphisher is a security tool to perform automated and victim-customized phishing attacks against WiFi clients. It is useful for security assessments.


Wireshark is the well-known network protocol analyzer. It allows you to see what is happening on the network and zoom into the details of the network protocols.

WordPress Exploit Framework (WPXF)

The WordPress Exploit Framework (WPXF) is a framework written in Ruby. As the name implies, it aids in pentesting WordPress installations.


Wordpresscan is a security scanner for WordPress installations. It is based on the work of WPScan with some ideas inspired by the WPSeku project.


Looking for a wordlist based on geolocation to crack usernames and passwords? Wordsmith might be the tool you are looking for.


Wordstress is a security scanner for WordPress installations. It uses a white-box approach in scanning, which makes it different than most other scanners.


W3af is an open source web application attack and audit framework and helps in scanning for vulnerabilities. Read how it works in this review.


wafw00f is a security tool to perform fingerprinting on web applications and detect any web application firewall in use.


Web-hunter is a tool to crawl search engines like Google and Bing to find emails, sub domains, and URLs associated with a specified target domain.


The weblocator security tool performs a discovery search to find directories and files. This can be useful for penetration tests to find sensitive data.

wig (WebApp Information Gatherer)

Wig is a tool written in Python 3. It helps with information gathering and in particular the software used behind web applications.


The wp_enum tool helps with the discovery of WordPress users and accounts.


The wpsik tool is used to perform security scans on a wireless network.


wpvulndb_cmd is a command-line security tool to perform a vulnerability scan on WordPress installations. It uses WP-CLI and the WPScan vulnerability database.

RSS feed icon for Linux security tools

Recently reviewed

  • Archery (vulnerability assessment and management)
  • Wapiti (vulnerability scanner for web applications)
  • Patator (multi-purpose brute-force tool)
  • BleachBit (system cleaner and privacy tool)
  • OpenSCAP (suite with tools and security data)
  • Lynis (security scanner and compliance auditing tool)
  • BlackBox (store secrets in Git/Mercurial/Subversion)
  • salt-scanner (Linux vulnerability scanner)
  • Infection Monkey (security testing for data centers and networks)
  • Anchore Engine (container analysis and inspection)
  • Zeek (network security monitoring tool)
  • ZAP (web application analysis)
  • Maltrail (malicious traffic detection system)
  • tls-ca-manage
  • Vuls (agentless vulnerability scanner)
  • Cppcheck (static code analyzer)
  • XSStrike (XSS detection and exploitation suite)
  • Decentraleyes (local CDN emulation for privacy)
  • RootHelper (script to retrieve exploitation tools)
  • graudit (static code analysis tool)
  • Suhosin7 (Suhosin security extension for PHP 7.x)
  • gosec (Golang security checker)
  • Bleach (sanitizing library for Django)
  • CMSeeK (CMS detection and exploitation)
  • siemstress (basic SIEM solution)