changeme alternatives

Looking for an alternative tool to replace changeme? During the review of changeme we looked at other open source tools. Based on their category, tags, and text, these are the ones that have the best match.

Top 3

  1. CloudSploit scans (AWS account scanner)
  2. Heralding (honeypot to catch credentials)
  3. RouterSploit (exploitation and testing for embedded devices)

These tools are ranked as the best alternatives to changeme.

Alternatives (by score)

97

CloudSploit scans

Introduction

CloudSploit scans is an open source software project to test security risks related to an AWS account. It runs tests against your Amazon account and aims to discover any potential misconfigured setting or other risks.

Project details

CloudSploit scans is written in Node.js.

Strengths and weaknesses

  • + More than 10 contributors
  • + More than 500 GitHub stars
  • + The source code of this software is available
  • - No releases on GitHub available

Typical usage

  • IT audit
  • Configuration audit
  • Security assessment

CloudSploit scans review

60

Heralding

Introduction

Heralding is a simple honeypot to collect credentials. It supports common protocols like FTP, SSH, HTTP, etc.

Project details

Heralding is written in Python.

Strengths and weaknesses

  • + Many releases available
  • + The source code of this software is available

    Heralding review

    64

    RouterSploit

    Introduction

    RouterSploit is a framework to exploit embedded devices such as cameras and routers. It can be used during penetration testing to test the security of a wide variety of devices. RouterSploit comes with several modules to scan and exploit the devices. The tool helps in all steps, like from credential testing to deploying a payload to perform an exploitation attempt.

    Project details

    RouterSploit is written in Python.

    Strengths and weaknesses

    • + More than 50 contributors
    • + More than 6000 GitHub stars
    • + The source code of this software is available

      Typical usage

      • Penetration testing
      • Self-assessment
      • Software testing
      • Vulnerability scanning

      RouterSploit review

      63

      keimpx

      Introduction

      The keimpx security tool can be used to check for valid credentials across a network. It uses the SMB protocol, typically used on Microsoft Windows and others.

      Project details

      keimpx is written in Python.

      Strengths and weaknesses

      • + The source code of this software is available

        Typical usage

        • Penetration testing
        • Security assessment

        keimpx review

        64

        Damn Small FI Scanner (DSFS)

        Introduction

        None

        Project details

        Damn Small FI Scanner is written in Python.

        Strengths and weaknesses

        • + The source code of this software is available

          Typical usage

          • Security assessment
          • Vulnerability scanning

          Damn Small FI Scanner review

          60

          Plecost

          Introduction

          Plecost is a security tool to fingerprint WordPress installations and find available vulnerabilities.

          Project details

          Plecost is written in Python.

          Strengths and weaknesses

          • + Screen output is colored
          • + The source code of this software is available

            Typical usage

            • Web application analysis

            Plecost review

            76

            SSLyze

            Introduction

            SSLyze provides a library for scanning services that use SSL/TLS for encrypted communications. It can be used to test their implementation.

            Project details

            60

            exitmap

            Introduction

            A tool like exitmap might be useful to monitor the reliability and trustworthiness of Tor exit relays. The Tor Project actually uses exitmap to check for false negatives and find malicious exit relays. These are related to the check service page of the project.

            Project details

            60

            ssh_scan

            Introduction

            This tool is light on its dependencies, as it only uses Ruby and BinData. The scanner is simple to use, as it is limited in the number of parameters and options. There is also the ability to show the results on the screen or export the data to a JSON file. The latter is great if you want to do further processing of the details, or simply store them for later comparison.

            Project details

            ssh_scan is written in Ruby.

            Strengths and weaknesses

            • + More than 10 contributors
            • + Many releases available
            • + The source code of this software is available
            • + Supported by a large company

              Typical usage

              • Penetration testing
              • Security assessment
              • System hardening
              • Vulnerability scanning

              ssh_scan review

              60

              tlsenum

              Introduction

              Tlsenum is a CLI tool to enumerate TLS protocol and TLS cipher support by a server. The tool lists then the output based on the order of priority. Tlsenum can be used to find the supported protocols and ciphers of a system and determine if it is properly hardened. This information can be useful to system administrators and pentesters doing a security assessment of the system.

              Project details

              tlsenum is written in Python.

              Strengths and weaknesses

              • + The source code of this software is available

                Typical usage

                • Information gathering
                • Security assessment
                • System enumeration
                • System hardening

                tlsenum review

                Some relevant tool missing as an alternative to changeme? Please contact us with your suggestion.