6 practical tools for web application security

hacker tools
hacker tools

Last updated: January 1, 2023

Here I will present to you a list of software and tools that are used by pentesters. Tools to detect server vulnerabilities, analyze a website and correct the vulnerabilities found.

If you are passionate about computer security, this list will surely please you. It is better to have Kali distribution Linux installed on a virtual machine.

Without further ado, here are some tools you need to scan and detect vulnerabilities in a web application :

1. The Mole

The Mole is an automatic tool for exploiting SQL injections. It is by providing a vulnerable link or a valid address of the targeted site that we can test the injection and why not exploit it. Either by using a union type technique, or a technique based on Boolean queries.

This tool works on databases such as MySQL, SQL Server, PostgreSQL and Oracle.

2. WPScan

WPScan is a vulnerability scanner specially designed for WordPress. Written in ruby. It is able to find the vulnerabilities present on a WordPress website, list the plugins used and give you the associated security loopholes. To learn more, read our article on WPScan

3. Joomscan Security Scanner

Joomscan Security Scanner is a website auditing tool for joomla, it is written in perl and is capable of detecting over 550 vulnerabilities such as file inclusions, SQL injections, RFI, LFI flaws, attacks XSS, blind sql injection, directory protection and others. To find out more, I invite you to read the article on Joomscan

4. Uniscan

Uniscan is an open source vulnerability scanner for web applications. Written in perl, it was For his tests, designed to detect flaws RFI, LFI, RCE, XSS and SQL injections.

This will identify the pages of the site via a crawler and will check the ignored file extensions, GET and POST methods of the pages. It supports SSL requests as well asproxy usage.

If you want to use it under Kali Linux, go to the tab:

Applications ->BackTrack ->Vulnerability Assessment ->Web Application assessment -> Web Vulnerability Scanners – >Uniscan

5. W3af (Web Application Attack & Audit Framework)

w3af (Web Application Attack & Audit Framework) is a project that aims to create a framework to find and exploit vulnerabilities in a web application. You can use it under BackTrack 5.

Applications ->BackTrack ->Vulnerability Assessment ->Web Application assessment -> Web Vulnerability Scanners – >W3af gui


Havij is an automated SQL injection tool that allows penetration testers to find and exploit SQL injection vulnerabilities on a website.

The power of havij What makes it different from other similar tools are its injection methods. The success rate of an SQL injection is over 95%. To learn more follow our article on the use of havij.

cropped cropped Ahmed el jaouari
Ahmed is a computer systems administration engineer, author, and trainer. He has a deep passion for IT security and new technologies. Through his tutorials, he has helped a large number of people effectively master today's IT tools.