Web Application & Bug Hunters

Some tools for pentest Web application , and we will try to recommend some important tools , so we will delete old tools that are not updated or not important , if you know good tools Please suggest

dirsearch
dirhunt
photon
halberd
SubOver

1 Like

I strongly recommend vbscan, a vuln scanner for vbulletin forum.
I think paros should be removed. It is old verson of zap, isn’t it?
Parrot is having dirb and gobuster for scanning web path so adding new other tool is not nessecary i think.
p/s: it is not about web application but i hope Parrot will add these tools:
https://github.com/DominicBreuker/pspy snoop on processes without need for root permissions
https://github.com/AlessandroZ/LaZagne Steal browser’s password
They are good for Post-Exploitation step :smiley:

1 Like

I think this tool should be included too https://github.com/stampery/mongoaudit

1 Like

thank you i will see it

Will the tool be placed in the next update or what will happen :roll_eyes:

All tools must be tested first. Menu tool list should be modified too.

sure we will do this

Can I suggest some new tools which are mainly used in this year, and maybe I could also take a look at existing similar tools and recommend which one should be removed?

Look for this list https://nest.parrotsec.org/anubi5egypt/awesome-tools

That list looks good.

Currently some of the good tools in Parrot Sec:

  • nmap
  • masscan
  • burpsuite
  • owasp-zap
  • gobuster
  • wfuzz

Tools Web Pentesters now mostly use:

  • Amass - github -> /OWASP/Amass
  • dirsearch - github -> /maurosoria/dirsearch
  • LinkFinder - github -> /GerbenJavado/LinkFinder
  • waybackurls - github -> /tomnomnom/waybackurls