Acra alternatives

Looking for an alternative tool to replace Acra? During the review of Acra we looked at other open source tools. Based on their category, tags, and text, these are the ones that have the best match.

Top 3

  1. NoSQLMap (database enumeration and exploitation)
  2. jSQL Injection (automatic SQL database injection)
  3. GRR Rapid Response (remote live forensics for incident response)

These tools are ranked as the best alternatives to Acra.

Alternatives (by score)

60

NoSQLMap

Introduction

NoSQLMap is designed to audit database, as well to automate injection attacks. It can exploit configuration weaknesses in NoSQL databases and web applications using NoSQL.

Project details

NoSQLMap is written in Python.

Strengths and weaknesses

  • + More than 10 contributors
  • + More than 500 GitHub stars
  • + The source code of this software is available

    Typical usage

    • Database security
    • Penetration testing
    • Security assessment

    NoSQLMap review

    64

    jSQL Injection

    Introduction

    jSQL Injection is a security tool to test web applications. It can be used to discover if an application is vulnerable to SQL injection attacks.

    Project details

    jSQL Injection is written in Java.

    Strengths and weaknesses

    • + The source code of this software is available
    • - Full name of author is unknown

    Typical usage

    • Database security

    jSQL Injection review

    93

    GRR Rapid Response

    Introduction

    The goal of the GRR tooling is to support digital forensics and investigations. By using a fast and scalable model, analysts can quickly perform their analysis. One of the main features is the ability to search for particular information or details. This process is called hunting.

    Project details

    GRR Rapid Response is written in Python.

    Strengths and weaknesses

    • + More than 25 contributors
    • + More than 3000 GitHub stars
    • + The source code of this software is available
    • + Supported by a large company

      Typical usage

      • Digital forensics
      • Intrusion detection
      • Threat hunting

      GRR Rapid Response review

      60

      MongoSanitizer (python-mongo-sanitizer)

      Introduction

      Typically this type of tool would be used as an additional defense layer to prevent injection attacks from reaching the database.

      Project details

      MongoSanitizer is written in Python.

      Strengths and weaknesses

      • + The source code of this software is available

        Typical usage

        • Application security
        • Database security

        MongoSanitizer review

        63

        Oscanner

        Introduction

        The tool has a plugin-based architecture for enumeration purposes of Oracle installations.

        • Sid enumeration
        • Passwords tests (common & dictionary)
        • Enumerate Oracle version
        • Enumerate account roles
        • Enumerate account privileges
        • Enumerate account hashes
        • Enumerate audit information
        • Enumerate password policies
        • Enumerate database links

        Project details

        Oscanner is written in Java.

        Strengths and weaknesses

        • + The source code of this software is available

          Oscanner review

          60

          TheDoc

          Introduction

          TheDoc is a tool written in shell-script to automate the usage of sqlmap. It comes with a built-in admin finder and hash cracker, using the Hashcat tool.

          Project details

          TheDoc is written in shell script.

          Strengths and weaknesses

          • + Used language is shell script
          • + Very low number of dependencies
          • + The source code of this software is available
          • - Full name of author is unknown
          • - Unknown project license

          Typical usage

          • Penetration testing

          TheDoc review

          60

          evilredis

          Introduction

          Evilredis tool is an offensive security program for pentesting Redis databases. It can scan the target and perform different actions, like shutting down a Redis instance.

          Project details

          evilredis is written in Node.js.

          Strengths and weaknesses

          • + The source code of this software is available

            Typical usage

            • Security assessment
            • Vulnerability scanning

            evilredis review

            74

            sqlmap

            Introduction

            The sqlmap is a well-known tool with an amazing number of GitHub stars (10,000+). It is used by many security professionals around the world to test the security of both web applications and the database that stores the data.

            Project details

            68

            DejaVu

            Introduction

            DejaVu is an open source deception framework which can be used to deploy and administer decoys or canaries across a network infrastructure. Defenders can use deception as a technique to learn quickly about possible attackers on the network and take actions.

            Project details

            Strengths and weaknesses

            • + The source code of this software is available
            • - No releases on GitHub available

            Typical usage

            • Security monitoring
            • Threat discovery

            DejaVu review

            64

            MalPipe

            Introduction

            MalPipe is a modular malware and indicator collection and processing framework. It is designed to pull information about malware, domains, URLs, and IP addresses from multiple feeds. Finally, it will enrich the collected data and export the results.

            Project details

            MalPipe is written in Python.

            Strengths and weaknesses

            • + The source code of this software is available
            • - No releases on GitHub available

            Typical usage

            • Data enrichment
            • Data processing
            • Intrusion detection
            • Malware analysis
            • Malware detection

            MalPipe review

            74

            DBShield

            Introduction

            This tool is typically used by developers and system administrators to protect their database against common database attacks. One of them is the SQL injection attack, that tries to bypass checks, resulting in data leakage. By using this tool, another level of security defense is implemented.

            Project details

            DBShield is written in Golang.

            Strengths and weaknesses

            • + The source code of this software is available

              Typical usage

              • Database security

              DBShield review

              60

              DbDat

              Introduction

              This tool performs an assessment by running actual queries against the database engine or reading the configuration file for particular settings. The tool helps with finding any issues and possible improvements.

              Project details

              DbDat is written in Python.

              Strengths and weaknesses

              • + Screen output is colored
              • + The source code of this software is available
              • - Full name of author is unknown

              Typical usage

              • Security assessment
              • System hardening

              DbDat review

              93

              Loki

              Introduction

              Loki is security tool to find so-called indicators of compromise (IOC). It does this by scanning files and then uses pattern matching.

              Project details

              Loki is written in Python.

              Strengths and weaknesses

              • + More than 10 contributors
              • + Commercial support available
              • + More than 500 GitHub stars
              • + The source code of this software is available

                Typical usage

                • Digital forensics
                • Intrusion detection
                • Security monitoring

                Loki review

                85

                Maltrail

                Introduction

                Maltrail monitors for traffic on the network that might indicate system compromise or other bad behavior. It is great for intrusion detection and monitoring.

                Project details

                Maltrail is written in Python.

                Strengths and weaknesses

                • + More than 10 contributors
                • + More than 3000 GitHub stars
                • + The source code of this software is available

                  Typical usage

                  • Intrusion detection
                  • Network analysis
                  • Security monitoring

                  Maltrail review

                  59

                  OSSEC

                  Introduction

                  OSSEC uses a centralized, cross-platform architecture allowing multiple systems to be monitored and managed.

                  Highlights:
                  The OSSEC project was acquired by Third Brigade, Inc in June 2008. This included the copyrights owned by Daniel Cid, its project leader. They promised to continue the development, keep it open source, and extend commercial support and training to the community.

                  Trend Micro acquired Third Brigade in May 2009. This included the OSSEC project. Trend Micro promised to keep the software open source and free.

                  Project details

                  Strengths and weaknesses

                  • + Commercial support available
                  • + Well-known tool
                  • - Commercial support available

                  OSSEC review

                  52

                  Samhain

                  Introduction

                  Samhain is a host-based intrusion detection system (HIDS). It provides file integrity checking and log file monitoring/analysis. Additional features are rootkit detection, port monitoring, detection of rogue SUID executables, and the detection of hidden processes.

                  Samhain is typically deployed as a standalone application, although it supports centralized logging. This makes it ideal for environments with multiple systems.

                  Samhain is open source software and written by Rainer Wichmann.

                  Project details

                  Strengths and weaknesses

                  • + The source code of this software is available

                    Samhain review

                    67

                    Snort

                    Introduction

                    Besides intrusion detection, Snort has the capabilities to prevent attacks. By taking a particular action based on traffic patterns, it can become an intrusion prevention system (IPS).

                    Project details

                    Snort is written in C.

                    Strengths and weaknesses

                    • + Supported by a large company
                    • + Well-known tool

                      Typical usage

                      • Security monitoring

                      Snort review

                      100

                      Zeek (Bro)

                      Introduction

                      Zeek helps to perform security monitoring by looking into the network's activity. It can find suspicious data streams. Based on the data, it alert, react, and integrate with other tools.

                      Project details

                      Zeek is written in C++.

                      Strengths and weaknesses

                      • + More than 50 contributors
                      • + More than 2000 GitHub stars
                      • + The source code of this software is available
                      • + Well-known tool

                        Typical usage

                        • Security monitoring

                        Zeek review

                        60

                        AIL framework

                        Introduction

                        AIL is a modular framework which helps to analyze potential information leaks. The framework is flexible and supports different kinds of data formats and sources. For example, one of the sources is the collection of pastes from Pastebin. A tool like AIL is commonly used to detect or even prevent data leaks.

                        Project details

                        AIL framework is written in Python.

                        Strengths and weaknesses

                        • + More than 10 contributors
                        • + The source code of this software is available

                          Typical usage

                          • Data extraction
                          • Data leak detection
                          • Information leak detection
                          • Security monitoring

                          AIL framework review

                          64

                          BuQuikker

                          Introduction

                          BuQuikker is a security tool to scan the Amazon S3 storage service. Its goal is to find open and unprotected S3 buckets.

                          Project details

                          BuQuikker is written in Python.

                          Strengths and weaknesses

                          • + The source code of this software is available

                            Typical usage

                            • Data leak detection
                            • Security assessment

                            BuQuikker review

                            64

                            DNSteal

                            Introduction

                            DNSteal allows you to extract files from a machine through DNS requests. This can be used to circumvent security measures and test them against data leakage. The tool supports compression and allows for multiple files to be transferred.

                            Project details

                            DNSteal is written in Python.

                            Strengths and weaknesses

                            • + More than 500 GitHub stars
                            • + The source code of this software is available
                            • - No releases on GitHub available
                            • - Full name of author is unknown

                            Typical usage

                            • Application security
                            • Data hiding

                            DNSteal review

                            60

                            GitMiner

                            Introduction

                            GitMiner is a tool to scan for sensitive data that is leaked via software repositories. Examples of sensitive data are authentication details such as passwords or connection settings.

                            Project details

                            GitMiner is written in Python.

                            Strengths and weaknesses

                            • + More than 1000 GitHub stars
                            • + The source code of this software is available

                              Typical usage

                              • Asset discovery
                              • Discovery of sensitive information
                              • Information leak detection

                              GitMiner review

                              60

                              SMBMap

                              Introduction

                              SMBMap allows scanning of file resources that are shared with the SMB protocol. The tool will list share drives, drive permissions, the share contents, upload/download functionality, file name auto-download pattern matching, and even execute remote commands. The tool was created for pentesters to simplify finding sensitive data, or at least test for it.

                              Project details

                              SMBMap is written in Python.

                              Strengths and weaknesses

                              • + The source code of this software is available

                                Typical usage

                                • Data leak detection
                                • Information gathering
                                • Penetration testing

                                SMBMap review

                                60

                                git-secrets

                                Introduction

                                You would most likely use git-secrets in development teams or as an individual developer. The primary goal is to prevent accidentally submitting authentication details or otherwise sensitive information to your software repositories.

                                Project details

                                git-secrets is written in shell script.

                                Strengths and weaknesses

                                • + The source code of this software is available

                                  Typical usage

                                  • Data leak prevention
                                  • Information leak prevention

                                  git-secrets review

                                  85

                                  gitleaks

                                  Introduction

                                  Gitleaks scans the repository, including history, for secrets and other sensitive data. This can be useful for both developers as security professionals to discover any leaks.

                                  Project details

                                  gitleaks is written in Golang.

                                  Strengths and weaknesses

                                  • + More than 10 contributors
                                  • + More than 3000 GitHub stars
                                  • + The source code of this software is available

                                    Typical usage

                                    • Security assessment

                                    gitleaks review

                                    Some relevant tool missing as an alternative to Acra? Please contact us with your suggestion.