hahwul/webhackersweapons

WebHackersWeapons is a curated list of tools used by web security researchers, penetration testers, and bug bounty hunters. It is not a single application but a reference collection: a structured directory of hundreds of external tools, browser add-ons, bookmarklets, and plugins that security professionals use when testing web applications for vulnerabilities. The list is organized into categories by what the tool does. The types include general-purpose Swiss-army tools, proxies that sit between a browser and a server to inspect traffic, reconnaissance tools for mapping targets, fuzzers that send unusual input to find crashes or unexpected behavior, scanners that check for known weaknesses, and exploit tools. There is also a section for utilities and miscellaneous entries. Each tool in the list is tagged with the specific vulnerability types or techniques it relates to, covering a wide range of web security concerns: cross-site scripting, SQL injection, server-side template injection, request smuggling, subdomain takeover, DNS reconnaissance, JavaScript analysis, secret scanning, authentication testing, and many others. Tools are also tagged by the programming language they are written in, spanning Java, Python, Go, Rust, Ruby, JavaScript, and more. In addition to standalone command-line and GUI tools, the list includes addons and extensions for Burp Suite, Caido, and OWASP ZAP, which are popular proxy tools used to intercept and manipulate web traffic during security assessments. Bookmarklets and browser extensions for in-browser testing are listed as well. The project is community-maintained and contributions are welcome via a contributing guide in the repository. A companion project, MobileHackersWeapons, covers the same concept for mobile application testing. The full README is longer than what was shown.