Tools starting with W
Looking for new tools to extend your tool box? The top 100 list of best security tools is a great start.
W3af is an open source web application attack and audit framework and helps in scanning for vulnerabilities. Read how it works in this review.
WAFPASS is a security tool to perform a security scan of a web application firewall (WAF). It tries to bypass the security defenses, to evaluate its effectiveness.
wafw00f is a security tool to perform fingerprinting on web applications and detect any web application firewall in use.
Wapiti is a security tool to perform vulnerability scans on web applications. It uses fuzzing to detect known and unknown paths, among other tests.
Wappalyzer is an information gathering tool for web applications and websites. It may be used for security assessments, or simply to look up technology details.
WarBerryPi is a toolkit to provide a hardware implant during penetration testing or red teaming. Read how it works in this review.
WeBaCoo is short for Web Backdoor Cookie Script-Kit. It is a tool to get a backdoor that is controlled by a specified cookie.
Web-hunter is a tool to crawl search engines like Google and Bing to find emails, sub domains, and URLs associated with a specified target domain.
The weblocator security tool performs a discovery search to find directories and files. This can be useful for penetration tests to find sensitive data.
Wfuzz is a security tool to do fuzzing of web applications. It is modular and can be used to discover and exploit web application vulnerabilities. This makes the tool useful for both developers as security professionals.
WhatWaf is a security tool to help with the identification of a web application firewall (WAF). If it discovers the presence of a WAF, the tool will try to bypass it and avoid detection.
WhatWeb is a security tool written in Ruby to fingerprint web applications. It helps with detecting what software is used for a particular web application.
Whitewidow is a security tool to perform automated SQL vulnerability scans. It can be used during penetration tests or for security assessments.
Wifiphisher is a security tool to perform automated and victim-customized phishing attacks against WiFi clients. It is useful for security assessments.
wig (WebApp Information Gatherer)
Wig is a tool written in Python 3. It helps with information gathering and in particular the software used behind web applications.
Wireshark is the well-known network protocol analyzer. It allows you to see what is happening on the network and zoom into the details of the network protocols.
Wordpresscan is a security scanner for WordPress installations. It is based on the work of WPScan with some ideas inspired by the WPSeku project.
WordPress Exploit Framework (WPXF)
The WordPress Exploit Framework (WPXF) is a framework written in Ruby. As the name implies, it aids in pentesting WordPress installations.
Looking for a wordlist based on geolocation to crack usernames and passwords? Wordsmith might be the tool you are looking for.
Wordstress is a security scanner for WordPress installations. It uses a white-box approach in scanning, which makes it different than most other scanners.
The wp_enum tool helps with the discovery of WordPress users and accounts.
WPForce is a suite of tools to attack Wordpress installations. One part focuses on brute forcing logins, the other to upload a shell upon finding credentials.
WPScan is a security tool to perform black box WordPress vulnerability scans, including enumeration of used plugins
WPSeku is a WordPress vulnerability scanner that can be used to scan remote WordPress installations.
The wpsik tool is used to perform security scans on a wireless network.
WPSploit helps developers and penetration testers to perform a code audit of WordPress themes and plugins. The tool runs a static code analysis on the systems itself for possible security flaws.
wpvulndb_cmd is a command-line security tool to perform a vulnerability scan on WordPress installations. It uses WP-CLI and the WPScan vulnerability database.
- Zeek (network security monitoring tool)
- XSStrike (XSS detection and exploitation suite)
- Decentraleyes (local CDN emulation for privacy)
- RootHelper (script to retrieve exploitation tools)
- graudit (static code analysis tool)
- Suhosin7 (Suhosin security extension for PHP 7.x)
- gosec (Golang security checker)
- CMSeeK (CMS detection and exploitation)
- siemstress (basic SIEM solution)
- Bleach (sanitizing library for Django)
- Malice (VirusTotal clone)
- SQLMate (a friend of SQLMap with additional features)
- hBlock (ad blocking and tracker/malware protection)
- BDA (vulnerability scan for Hadoop and Spark)
- CMSmap (reconnaissance tool for popular CMS frameworks)
- Tulpar (web vulnerability scanner)
- django-security (Security add-ons for Django)
- Malscan (malware scanner for web servers)
- Prowler (AWS benchmark tool)
- Hash Buster (find cleartext of hash)
- GitMiner (Git data miner)
- massh-enum (OpenSSH user enumeration)
- Termineter (smart meter security framework)
- Cutter (graphical user interface for radare2)
- SubFinder (subdomain scanner)