Cazador – WebApp Pentest Toolkit

Cazador is Web Application Penetration toolkit for bug bounty hunters.

Tools Featured


  • HTTP Server
  • DNS Server
  • TCP Server
  • POSTMessage Hooker
  • Websocket Hooker


  • HTTP/JS-Files/Binary Analyze
  • Analyze Files (Binary , Metadata, Text files, Js sinks)

Net Tools

  • Get DNS Records
  • Resolve Hosts
  • Reverse IPs
  • Passive DNS
  • DNS History

Text Tools

  • Text Processing
  • Block construct
  • Format generator
  • pattern creation
  • Encrypt/Decrypt data
  • Hash Identification
  • Crackers
  • Payload Generators
  • Encoders/Decoders
  • Poc Generators (Python , bash , HTML)


  • Get Websites ScreenShots
  • GET Subdomains (Scrabbing , Minning , DNS-brute-force,Http-brute-force)
  • Site categorizer
  • s3/GC bucket enumeration
  • Github Lister
  • Ip History


  • Detect Misconfiguration
  • Port/vulnerability/ssl scanner
  • Vulnerability Exploiters
  • Waf Detection


  • Download Android apps (APK)
  • Travis-CI logs fetching

Tools discussed separately here

[Dig] [scanner] [TcpListener]
[Subscrabber] [Hpinger]

virustotal Scan result

if the app is not working proberly , Download this archive dlls.zip and extract the dll files , put them in application folder , beside the executable file

Some notes:

  • This tool is meant primarily for bug hunnters (specially beginers).
  • This tool is not backdoored with any malicious software/tracking .
  • This tool contains bugs more than features so use it carefully.
  • Connections are issued using the .Net (SystemDotWeb) which is slow and limited by design , consider using many threads, this will be replaced with another solution.
  • Memory is not carefully managed so be carefull , do not use all the tools at the same time.
  • Do not use it illegally
  • Tools starting with _ are not built yet , i added buttons to remmember writing them so i could build them in future, hence no need to reverse engineer the tool in order to enable them , if you have time feel free to do it no problem.
  • Many third-parties are used without permitssion no APIS used.
  • The source code is not published because the tool is a beta and the code is uggly and worse than my hand writing.
  • Project is planned to be open-source with the first release.
  • Suggestions are deeply welcome.
  • Credits are reserved for all authors and third-parties.

Download cazador

Source : Haxf4rall

Previous ArticleNext Article
Send this to a friend