0d1n alternatives

Looking for a better tool, or simply want to learn about alternatives? There is typically more than one option.

Alternatives (by tag)

52

Alternative: dirsearch

Dirsearch is a tool to guide security professionals to find possible information leaks or sensitive data. It does this by looking for directory and file names.

Project details

dirsearch is written in Python.

Strengths

  • + More than 10 contributors
  • + More than 500 GitHub stars
  • + The source code of this software is available

Typical usage

  • information gathering
  • penetration test
  • security assessment

dirsearch project page

85

Alternative: django-axes

Django-axes is a reusable app for Django to limit the brute force login attempts for your web application.

Project details

django-axes is written in Python.

Strengths

  • + More than 50 contributors
  • + The source code of this software is available

Typical usage

  • application security

django-axes project page

97

Alternative: Fail2ban

Fail2Ban is an intrusion prevention software framework that protects computer servers from brute-force attacks

Project details

Fail2ban is written in Python.

Strengths

  • + More than 2000 GitHub stars
  • + The source code of this software is available

Typical usage

  • network traffic filtering
  • security monitoring

Fail2ban project page

64

Alternative: IKEForce

IKEForce is a command line utility to brute force VPN connections (IPSEC) that allow group name/ID enumeration and XAUTH.

Project details

IKEForce is written in Python.

Strengths

  • + The source code of this software is available

IKEForce project page

56

Alternative: John the Ripper

John the Ripper is a mature password cracker to find weak or known passwords.

John the Ripper is a mature password cracker to find weak or known passwords. It works on Linux and other flavors of Unix and Microsoft Windows.

70

Alternative: Patator

Patator is a security tool to perform enumeration or brute-force attempts to discover authentication details. It can be used during penetration testing.

Project details

Patator is written in Python.

Strengths

  • + More than 500 GitHub stars
  • + The source code of this software is available

Typical usage

  • password discovery
  • penetration test
  • reconnaissance
  • vulnerability scanning

Patator project page

100

Alternative: THC Hydra (thc-hydra)

THC Hydra is a brute-force cracking tool for remote authentication services. It supports many protocols, including telnet, FTP, LDAP, SSH, SNMP, and others.

Project details

THC Hydra is written in C.

Strengths

  • + More than 25 contributors
  • + More than 1000 GitHub stars
  • + Project is mature (10+ years)
  • + The source code of this software is available

Typical usage

  • penetration test
  • security assessment

THC Hydra project page

85

Alternative: WPForce

WPForce is a suite of tools to attack Wordpress installations. One part focuses on brute forcing logins, the other to upload a shell upon finding credentials.

This toolkit is fairly new and consists of WPForce and Yertle. As the name implies, the first component has the focus on brute force attacking of login credentials. When admin credentials have been found, it is Yertle that allows uploading a shell. Yertle also has post-exploitation modules for further research.

Project details

WPForce is written in Python.

Strengths

  • + The source code of this software is available

Weaknesses

  • - Full name of author is unknown

Typical usage

  • penetration test
  • security assessment
  • vulnerability scanning

WPForce project page

78

Alternative: WPSeku

WPSeku is a WordPress vulnerability scanner that can be used to scan remote WordPress installations.

With WPSeku a WordPress installation can be tested for the presence of security issues. Some examples are cross-site scripting (XSS), sql injection, and local file inclusion. The tool also tests for the presence of default configuration files. These files may reveal version numbers, used themes and plugins.

Project details

WPSeku is written in Python.

Strengths

  • + The source code of this software is available

Weaknesses

  • - Unknown project license

Typical usage

  • penetration test
  • security assessment
  • vulnerability scanning

WPSeku project page

63

Alternative: afl (American fuzzy lop)

American fuzzy lop, or afl, is a security-oriented fuzzer. It helps with testing software to find unexpected results within applications.

Project details

afl is written in C.

Strengths

  • + The source code of this software is available

Typical usage

  • application testing

afl project page

84

Alternative: boofuzz

Boofuzz is a fork of Sulley fuzzing framework after its maintenance dropped. Besides numerous bug fixes, boofuzz aims for extensibility.

Project details

boofuzz is written in Python.

Strengths

  • + More than 10 contributors
  • + The source code of this software is available

Typical usage

  • vulnerability scanning

boofuzz project page

64

Alternative: DirSearch (Go)

DirSearch is a scanning tool to find directories and files on web applications. It is a remake of the dirsearch tool that was created by Mauro Soria.

Project details

DirSearch (Go) is written in Golang.

Strengths

  • + The source code of this software is available

Typical usage

  • information gathering
  • penetration test
  • security assessment

DirSearch (Go) project page

68

Alternative: Fuzzapi

Fuzzapi is a security tool to test a REST API using fuzzing. It can be used for security assessments and penetration tests.

Project details

Fuzzapi is written in Ruby.

Strengths

  • + The source code of this software is available

Typical usage

  • application fuzzing
  • application testing

Fuzzapi project page

84

Alternative: Kitty

Kitty is a modular and extensible fuzzing framework written in Python. It is inspired by OpenRCE's Sulley and Michael Eddington's Peach Fuzzer tool.

Project details

Kitty is written in Python.

Strengths

  • + The source code of this software is available

Typical usage

  • application fuzzing

Kitty project page

64

Alternative: SFTPfuzzer (Simple FTP Fuzzer)

Project details

SFTPfuzzer is written in Python.

Strengths

  • + The source code of this software is available

Typical usage

  • application testing

SFTPfuzzer project page

52

Alternative: Sulley

Sulley is an automated fuzzing framework that can be used during penetration tests and security assessments.

Project details

Sulley is written in Python.

Strengths

  • + More than 500 GitHub stars
  • + The source code of this software is available

Weaknesses

  • - No updates for a while

Typical usage

  • vulnerability management

Sulley project page

64

Alternative: Albatar

Albatar is an alternative to tools like sqlmap to find and exploit SQL injection vulnerabilities. However, this tool focuses on the exploitation side.

Project details

Albatar is written in Python.

Strengths

  • + The source code of this software is available

Typical usage

  • penetration test
  • security assessment
  • web application analysis

Albatar project page

64

Alternative: Damn Small SQLi Scanner (DSSS)

Project details

Damn Small SQLi Scanner is written in Python.

Strengths

  • + The source code of this software is available

Typical usage

  • penetration test
  • security assessment

Damn Small SQLi Scanner project page

81

Alternative: DBShield

DBShield is a gateway between an application and actual database engine. Its goal is to protect against SQL injections and other database attacks.

Project details

DBShield is written in Golang.

Strengths

  • + The source code of this software is available

Typical usage

  • database security

DBShield project page

96

Alternative: sqlmap

The sqlmap performs automatic SQL injection and can take over a database. It is a valued tool for pentesters and those who want to test their web applications.

64

Alternative: Damn Small XSS Scanner (DSXS)

Project details

Damn Small XSS Scanner is written in Python.

Strengths

  • + The source code of this software is available

Typical usage

  • penetration test

Damn Small XSS Scanner project page

68

Alternative: XSSER

XXSER leverages the execution of arbitrary code on the web server when an administrative user inadvertently triggers a hidden XSS payload.

This tools helps to get from XSS to Remote Code Execution (RCE). Custom tools and payloads integrated with Metasploit's Meterpreter in a highly automated approach can be used.

Project details

XSSER is written in Python.

Strengths

  • + The source code of this software is available

Typical usage

  • penetration test
  • security assessment

XSSER project page

78

Alternative: XSS Hunter

XSS Hunter helps with finding XSS attacks and trigger a warning when one is succesful. It exists as an online service, or self-hosted installation.

By using a specific link, XSS Hunter can see when some attack successfully is triggered. It will then store information like the vulnerable page's URI, referer, HTML DOM, the screenshot of page, and cookies. Regarding the victim, it stores the IP address and the user agent.