xss-http-injectorXSS HTTP Inject0r is a proof of concept tool that shows how XSS (Cross Site Scripting) flags can be exploited easily. It is written in HTML + Javascript + PHP and released under GPLv3.
xssfinderToolset for detecting reflected xss in websites
vafVaf is a cross-platform very advanced and fast web fuzzer written in nim
Wordlist404Small but effective wordlist for brute-forcing and discovering hidden things.
cdCloudDefense.ai is an automated web application security testing tool that audits your web applications by checking for vulnerabilities like SQL Injection, Cross-site scripting and other exploitable vulnerabilities.