ffuf: A fast web fuzzer written in Go.
ffuf -w /path/to/wordlist -u https://target/FUZZ
Arjun: This tool can find query parameters for URL enpoints. If you don't get what that means, it's okay, read along.
arjun -u https://api.example.com/endpoint
vaf: very advanced (web) fuzzer.
parameth: This tool can be used to brute discover GET and POST parameters.
ParamSpider: Mining parameters from dark corners of Web Archives.
smuggler: An HTTP Request Smuggling / Desync testing tool written in Python 3.
python3 smuggler.py -u <URL>
Reference: https://raw.githubusercontent.com/gwen001/pentest-tools/master/smuggler.py
DirDar: DirDar is a tool that searches for (403-Forbidden) directories to break it and get dir listing on it.
HackBar: HackBar plugin for Burpsuite.
x8-Burp: Discovering hidden parameters with burp.
jsql-injection: jSQL Injection is a Java application for automatic SQL database injection.
HTTP Request Smuggling Detection Tool
Bonus
/cgi-bin/redirect.cgi?{payload}
/login?to={payload}
/out/{payload}
/out?{payload}
/redirect/{payload}
?action={payload}
?arg={payload}
?begindate={payload}
?board={payload}
?cat={payload}
?category={payload}
?categoryid={payload}
?checkout_url={payload}
?class={payload}
?cmd={payload}
?code={payload}
?command={payload}
?conf={payload}
?content={payload}
?continue={payload}
?date={payload}
?dest={payload}
?destination={payload}
?detail={payload}
?dir={payload}
?do={payload}
?doc={payload}
?document={payload}
?download={payload}
?email={payload}
?enddate={payload}
?exe={payload}
?exec={payload}
?execute={payload}
?feature={payload}
?file={payload}
?folder={payload}
?form={payload}
?func={payload}
?function={payload}
?go={payload}
?id={payload}
?image_url={payload}
?immagine={payload}
?inc={payload}
?include={payload}
?item={payload}
?join={payload}
?jump={payload}
?key={payload}
?keyword={payload}
?keywords={payload}
?l={payload}
?lang={payload}
?layout={payload}
?list_type={payload}
?load={payload}
?locate={payload}
?main={payload}
?menu={payload}
?mod={payload}
?module={payload}
?month={payload}
?name={payload}
?nav={payload}
?news={payload}
?next={payload}
?option={payload}
?p={payload}
?page={payload}
?path={payload}
?payload={payload}
?ping={payload}
?prefix={payload}
?print={payload}
?process={payload}
?q={payload}
?query={payload}
?read={payload}
?redir={payload}
?redirect={payload}
?redirect_uri={payload}
?ref={payload}
?reg={payload}
?region={payload}
?req={payload}
?return={payload}
?returnTo={payload}
?return_path={payload}
?return_to={payload}
?run={payload}
?rurl={payload}
?s={payload}
?search={payload}
?show={payload}
?site={payload}
?step={payload}
?target={payload}
?terms={payload}
?thread={payload}
?title={payload}
?topic={payload}
?type={payload}
?url={payload}
?view={payload}
?year={payload}