Web App Testing Frameworks

Web App Testing Frameworks

  • https://projectdiscovery.io/#/ - Collection of open source tools for attack surface management or Bug Bounties.
  • Fiddler - Powerful and flexible web debugging proxy.
  • OWASP Zap - Open Source Web Application testing tool made by the OWASP Foundation. Serves a similar function to Burp and even shares many extensions.
  • Jaeles - Jaeles is a powerful, flexible and easily extensible framework written in Go for building your own Web Application Scanner.
  • REngine - reNgine is an automated reconnaissance framework meant for information gathering during penetration testing of web applications. reNgine has customizable scan engines, which can be used to scan the domains, endpoints, or gather information. The beauty of reNgine is that it gathers everything in one place. It has a pipeline of reconnaissance, which is highly customizable.
  • OpenBullet2 - OpenBullet 2 is a cross platform automation suite powered by .NET core. It allows to perform requests towards a target webapp and offers a lot of tools to work with the results. This software can be used for scraping and parsing data, automated pentesting and much more.
  • FinalRecon - FinalRecon is an automatic web reconnaissance tool written in python. Goal of FinalRecon is to provide an overview of the target in a short amount of time while maintaining the accuracy of results.
  • ChopChop - ChopChop is a command-line tool for dynamic application security testing on web applications, initially written by the Michelin CERT. Its goal is to scan several endpoints and identify exposition of services/files/folders through the webroot.
  • TIDoS-Framework - Exceedingly detailed offensive manual web application testing framework.
  • SecApps Suite - SecApps Suite is a browser-based web security testing toolkit made of a growing number of applications and features suitable for a diverse set of offensive and defensive activities: from automated web application security assessments to fuzzing, manual web auditing and much more.
  • RapidScan - Multi-tool vulnerability scanner that runs separate tools in tandem for saving time in the scanning phase.
  • Sitadel - Sitadel is basically an update for WAScan making it compatible for python >= 3.4 It allows more flexibility for you to write new modules and implement new features
  • Garud - An automation tool that scans sub-domains, sub-domain takeover, then filters out XSS, SSTI, SSRF, and more injection point parameters and scans for some low hanging vulnerabilities automatically.
  • OpenWebTestingFramework - OWTF is a project focused on penetration testing efficiency and alignment of security tests to security standards like the OWASP Testing Guide (v3 and v4), the OWASP Top 10, PTES and NIST
  • SecApps - A flexible scanning platform that combines the funcitonality of multiple tools into a web based platform. Comes in both a premium and free sets of features.
  • paros - Lightweight web application testing proxy
  • sumrecon - Web recon script. No need to fear, sumrecon is here!
  • 0d1n - Tool for automating customized attacks against web applications. Fully made in C language with pthreads, it has fast performance.
  • BlackWidow - A Python based web application scanner to gather OSINT and fuzz for OWASP vulnerabilities on a target website.
  • https://caido.io/ - A lightweight web security auditing toolkit. Built from the ground up in Rust, Caido aims to help security professionals and enthusiasts audit web applications with efficiency and ease