git404hub

what is webhackersweapons fr?

hahwul/webhackersweapons — explained in plain English

Analysis updated 2026-06-26

4,598RubyAudience · developerComplexity · 1/5Setup · easy

tl;dr

A curated, community-maintained directory of hundreds of tools, browser extensions, and Burp Suite plugins used by web security researchers and bug bounty hunters, organized by category and vulnerability type.

vibe map

mindmap
  root((WebHackersWeapons))
    What It Does
      Curated tool directory
      Bug bounty reference
      Pentest toolkit guide
    Tool Categories
      Proxies
      Fuzzers
      Scanners
      Recon tools
      Exploit tools
    Vulnerability Types
      XSS
      SQL injection
      SSRF
      Request smuggling
    Proxy Add-ons
      Burp Suite plugins
      OWASP ZAP extensions
      Caido plugins
    Audience
      Pentesters
      Bug bounty hunters

Code map

Detail Auto

An interactive map of this repo's files and how they connect — its source is parsed live in your browser. Click Visualize to build it.

filefunction / class

what do people make with this?

VIBE 1

Find the right fuzzer or scanner for a specific web vulnerability type like SQL injection, SSRF, or XSS.

VIBE 2

Discover Burp Suite and OWASP ZAP add-ons recommended by the security community for proxy-based web testing.

VIBE 3

Build a personal web pentesting toolkit by browsing the categorized list and selecting tools that match your workflow.

VIBE 4

Look up tools for a specific technique such as subdomain takeover enumeration or JavaScript secret scanning.

what's the stack?

Ruby

how it stacks up fr

hahwul/webhackersweaponsactivemerchant/active_merchantsferik/twitter-ruby
Stars4,5984,5954,576
LanguageRubyRubyRuby
Setup difficultyeasymoderatemoderate
Complexity1/53/52/5
Audiencedeveloperdeveloperdeveloper

Figures from each repo's GitHub metadata at analysis time.

how do i run it?

Difficulty · easy time til it works · 5min
No license information was provided in the explanation, check the repository directly.

in plain english

WebHackersWeapons is a curated list of tools used by web security researchers, penetration testers, and bug bounty hunters. It is not a single application but a reference collection: a structured directory of hundreds of external tools, browser add-ons, bookmarklets, and plugins that security professionals use when testing web applications for vulnerabilities. The list is organized into categories by what the tool does. The types include general-purpose Swiss-army tools, proxies that sit between a browser and a server to inspect traffic, reconnaissance tools for mapping targets, fuzzers that send unusual input to find crashes or unexpected behavior, scanners that check for known weaknesses, and exploit tools. There is also a section for utilities and miscellaneous entries. Each tool in the list is tagged with the specific vulnerability types or techniques it relates to, covering a wide range of web security concerns: cross-site scripting, SQL injection, server-side template injection, request smuggling, subdomain takeover, DNS reconnaissance, JavaScript analysis, secret scanning, authentication testing, and many others. Tools are also tagged by the programming language they are written in, spanning Java, Python, Go, Rust, Ruby, JavaScript, and more. In addition to standalone command-line and GUI tools, the list includes addons and extensions for Burp Suite, Caido, and OWASP ZAP, which are popular proxy tools used to intercept and manipulate web traffic during security assessments. Bookmarklets and browser extensions for in-browser testing are listed as well. The project is community-maintained and contributions are welcome via a contributing guide in the repository. A companion project, MobileHackersWeapons, covers the same concept for mobile application testing. The full README is longer than what was shown.

prompts (copy fr)

prompt 1
I'm starting a bug bounty engagement on a web app and need tools for recon, fuzzing, and XSS testing. Which tools from WebHackersWeapons should I use for each phase?
prompt 2
Show me which tools in WebHackersWeapons are tagged for finding server-side template injection vulnerabilities.
prompt 3
I want to set up a Burp Suite-centered web pentesting workflow. Which companion tools and add-ons from WebHackersWeapons complement it best?
prompt 4
I'm doing subdomain enumeration on a target. Which reconnaissance tools in WebHackersWeapons are best suited for this step?

Frequently asked questions

what is webhackersweapons fr?

A curated, community-maintained directory of hundreds of tools, browser extensions, and Burp Suite plugins used by web security researchers and bug bounty hunters, organized by category and vulnerability type.

What language is webhackersweapons written in?

Mainly Ruby. The stack also includes Ruby.

What license does webhackersweapons use?

No license information was provided in the explanation, check the repository directly.

How hard is webhackersweapons to set up?

Setup difficulty is rated easy, with roughly 5min to a first successful run.

Who is webhackersweapons for?

Mainly developer.

peek the repo → explain another one

This repo across BitVibe Labs

double-check against the repo, no cap.