DirSearch (Go) alternatives

Looking for a better tool, or simply want to learn about alternatives? There is typically more than one option.

Alternatives (by tag)

52

Alternative: dirsearch

Dirsearch is a tool to guide security professionals to find possible information leaks or sensitive data. It does this by looking for directory and file names.

Project details

dirsearch is written in Python.

Strengths

  • + More than 10 contributors
  • + More than 500 GitHub stars
  • + The source code of this software is available

Typical usage

  • information gathering
  • penetration test
  • security assessment

dirsearch project page

64

Alternative: weblocator

The weblocator security tool performs a discovery search to find directories and files. This can be useful for penetration tests to find sensitive data.

Project details

weblocator is written in Python.

Strengths

  • + The source code of this software is available

Typical usage

  • information gathering
  • penetration test
  • security assessment

weblocator project page

63

Alternative: keimpx

The keimpx security tool can be used to check for valid credentials across a network. It uses the SMB protocol, typically used on Microsoft Windows and others.

Project details

keimpx is written in Python.

Strengths

  • + The source code of this software is available

Typical usage

  • penetration test
  • security assessment

keimpx project page

97

Alternative: O-Saft

O-Saft is a security tool to show information about SSL certificates. It tests the SSL connection with the given list of ciphers and configuration.

O-Saft is the abbreviation for OWASP SSL advanced forensic tool.

Project details

O-Saft is written in Perl.

Strengths

  • + The source code of this software is available

Typical usage

  • information gathering
  • penetration test
  • security assessment
  • vulnerability scanning
  • web application analysis

O-Saft project page

52

Alternative: Oscanner

Oscanner is an Oracle assessment framework to perform enumeration on Oracle installations. It is written in Java and provides a graphical overview of findings.

The tool has a plugin-based architecture for enumeration purposes of Oracle installations.

  • Sid enumeration
  • Passwords tests (common & dictionary)
  • Enumerate Oracle version
  • Enumerate account roles
  • Enumerate account privileges
  • Enumerate account hashes
  • Enumerate audit information
  • Enumerate password policies
  • Enumerate database links

Project details

Oscanner is written in Java.

Strengths

  • + The source code of this software is available

Oscanner project page

78

Alternative: Sn1per

Sn1per is security scanner that can be used during a penetration test to enumerate and scan for vulnerabilities.

Project details

Sn1per is written in Python, shell script.

Strengths

  • + More than 10 contributors
  • + More than 1000 GitHub stars
  • + The source code of this software is available

Weaknesses

  • - Unknown project license

Typical usage

  • penetration test
  • reconnaissance

Sn1per project page

60

Alternative: SubBrute (subdomain-bruteforcer)

SubBrute is a DNS meta-query spider that enumerates DNS records and subdomains. This can be useful during penetration tests and security assessments.

Project details

SubBrute is written in Python.

Strengths

  • + More than 1000 GitHub stars
  • + The source code of this software is available

Typical usage

  • information gathering
  • penetration test
  • security assessment

SubBrute project page

60

Alternative: tlsenum

The CLI tool tlsenum attempts to enumerate what TLS cipher suites a server supports and then list them in order of priority.

This tool works by sending out sending out TLS ClientHello messages. Any ServerHello responses from the server are parsed. It assumes that the server is the one which decides the preferred cipher suite, giving an idea on the available ciphers.

Project details

tlsenum is written in Python.

Strengths

  • + The source code of this software is available

Typical usage

  • information gathering
  • security assessment
  • system hardening

tlsenum project page

64

Alternative: wafw00f

wafw00f is a security tool to perform fingerprinting on web applications and detect any web application firewall in use.

Project details

wafw00f is written in Python.

Strengths

  • + The source code of this software is available

Typical usage

  • information gathering
  • penetration test
  • reconnaissance
  • security assessment

wafw00f project page

64

Alternative: wp_enum

The wp_enum tool helps with the discovery of WordPress users and accounts.

This utility enumerates the available identities on a WordPress installation.

76

Alternative: 0d1n

0d1n is a security tool to perform fuzzing of web applications and discover potential security issues. It is commonly used during security assignments.

0d1n is useful to perform brute-force login attempts for authentication forms. It can discover useful directory names by using a predefined list of paths. With options to use a random proxy per request and load CSRF tokens, it is a tool that can be used in different type of assignments.

Project details

0d1n is written in C.

Strengths

  • + The source code of this software is available

Typical usage

  • information gathering
  • penetration test
  • security assessment
  • vulnerability scanning

0d1n project page

63

Alternative: afl (American fuzzy lop)

American fuzzy lop, or afl, is a security-oriented fuzzer. It helps with testing software to find unexpected results within applications.

Project details

afl is written in C.

Strengths

  • + The source code of this software is available

Typical usage

  • application testing

afl project page

84

Alternative: boofuzz

Boofuzz is a fork of Sulley fuzzing framework after its maintenance dropped. Besides numerous bug fixes, boofuzz aims for extensibility.

Project details

boofuzz is written in Python.

Strengths

  • + More than 10 contributors
  • + The source code of this software is available

Typical usage

  • vulnerability scanning

boofuzz project page

68

Alternative: Fuzzapi

Fuzzapi is a security tool to test a REST API using fuzzing. It can be used for security assessments and penetration tests.

Project details

Fuzzapi is written in Ruby.

Strengths

  • + The source code of this software is available

Typical usage

  • application fuzzing
  • application testing

Fuzzapi project page

84

Alternative: Kitty

Kitty is a modular and extensible fuzzing framework written in Python. It is inspired by OpenRCE's Sulley and Michael Eddington's Peach Fuzzer tool.

Project details

Kitty is written in Python.

Strengths

  • + The source code of this software is available

Typical usage

  • application fuzzing

Kitty project page

64

Alternative: SFTPfuzzer (Simple FTP Fuzzer)

Project details

SFTPfuzzer is written in Python.

Strengths

  • + The source code of this software is available

Typical usage

  • application testing

SFTPfuzzer project page

52

Alternative: Sulley

Sulley is an automated fuzzing framework that can be used during penetration tests and security assessments.

Project details

Sulley is written in Python.

Strengths

  • + More than 500 GitHub stars
  • + The source code of this software is available

Weaknesses

  • - No updates for a while

Typical usage

  • vulnerability management

Sulley project page

85

Alternative: Belati

Belati is security tool to collect public data and information and calls itself a Swiss army knife for OSINT purposes.

Project details

Belati is written in Python.

Strengths

  • + The source code of this software is available

Weaknesses

  • - Full name of author is unknown

Typical usage

  • information gathering

Belati project page

76

Alternative: Gitem

Gitem is a reconnaissance tool to extract information about organizations on GitHub. It can be used to find the leaking of sensitive data.

Project details

Gitem is written in Python.

Strengths

  • + The source code of this software is available

Weaknesses

  • - Full name of author is unknown

Typical usage

  • information gathering
  • security assessment
  • security monitoring
  • self-assessment

Gitem project page

84

Alternative: Gitrob

Gitrob is a security tool to find sensitive information on GitHub. During the audit, it may detect passwords, API keys, or other secrets.

Project details

Gitrob is written in Ruby.

Strengths

  • + More than 1000 GitHub stars
  • + The source code of this software is available

Typical usage

  • information gathering
  • penetration test
  • security assessment

Gitrob project page

56

Alternative: Metagoofil

Metagoofil is an information gathering tool with focus extracting any metadata from public documents.

Metagoofil will perform a search in Google based on the given domain name. Any public documents will be downloaded and analyzed. For this task it uses libraries like Hachoir, PdfMiner?, and others. Useful details include username, software versions, hostnames, etc.

File types: pdf, doc, xls, ppt, docx, pptx, xlsx

Project details

Metagoofil is written in Python.

Strengths

  • + The source code of this software is available

Typical usage

  • information gathering
  • penetration test

Metagoofil project page

100

Alternative: osquery

The osquery tool allows querying your Linux, Windows, and macOS infrastructure. It can help with intrusion detection, infrastructure reliability, or compliance.

Project details

osquery is written in C++, Python.

Strengths

  • + More than 100 contributors
  • + More than 9000 stars
  • + The source code of this software is available
  • + Supported by a large company

Typical usage

  • compliance testing
  • information gathering
  • security monitoring

osquery project page

64

Alternative: OSRFramework

OSRFramework is an open source research framework. The project helps with information gathering and can be classified as an OSINT tool.

Project details

OSRFramework is written in Python.

Strengths

  • + Available as package (simplified installation)
  • + The source code of this software is available

Weaknesses

  • - No releases on GitHub available

Typical usage

  • information gathering

OSRFramework project page

78

Alternative: SearchSploit

Exploit-DB's CLI search tool to find any exploits from the database. The tool is written in shell script and maintained by Offensive Security.

This little utility can search for exploits and related data in the Exploit-DB.

Project details

SearchSploit is written in shell script.

Strengths

  • + Used language is shell script

Weaknesses

  • - Full name of author is unknown
  • - Unknown project license

Typical usage

  • information gathering

SearchSploit project page

56

Alternative: theHarvester

theHarvester is a tool to gather email accounts, subdomains, virtual hosts, open ports, banners, and employee names. It uses different public sources.

This tool is a typical information collection tool to retrieve public data and get it all into one place. It is useful for penetration tests, or if you want to see what is available for your company.

64

Alternative: web-hunter

Web-hunter is a tool to crawl search engines like Google and Bing to find emails, sub domains, and URLs associated with a specified target domain.

Project details

web-hunter is written in Python.

Strengths

  • + The source code of this software is available

Typical usage

  • information gathering

web-hunter project page