dirsearch alternatives

Looking for an alternative tool to replace dirsearch? During the review of dirsearch we looked at other open source tools. Based on their category, tags, and text, these are the ones that have the best match.

Top 3

  1. DirSearch (Go) (directory fuzzer for web applications)
  2. weblocator (dirbuster for directories in web applications)
  3. 0d1n (fuzzing tool for web applications)

These tools are ranked as the best alternatives to dirsearch.

Alternatives (by score)

64

DirSearch (Go)

Introduction

DirSearch is a Go implementation of the original dirsearch tool written by Mauro Soria. It is used to discover directories by using common names and guessing (fuzzing).

Project details

DirSearch (Go) is written in Golang.

Strengths and weaknesses

  • + The source code of this software is available

    Typical usage

    • Information gathering
    • Penetration testing
    • Security assessment

    DirSearch (Go) review

    64

    weblocator

    Introduction

    The weblocator security tool performs a discovery search to find directories and files. This can be useful for penetration tests to find sensitive data.

    Project details

    weblocator is written in Python.

    Strengths and weaknesses

    • + The source code of this software is available

      Typical usage

      • Information gathering
      • Penetration testing
      • Security assessment

      weblocator review

      76

      0d1n

      Introduction

      0d1n is useful to perform brute-force login attempts for authentication forms. It can discover useful directory names by using a predefined list of paths. With options to use a random proxy per request and load CSRF tokens, it is a tool that can be used in different type of assignments.

      Project details

      0d1n is written in C.

      Strengths and weaknesses

      • + The source code of this software is available

        Typical usage

        • Information gathering
        • Penetration testing
        • Security assessment
        • Vulnerability scanning

        0d1n review

        60

        Wfuzz

        Introduction

        Wfuzz is a fuzzing tool written in Python. Tools like Wfuzz are typically used to test web applications and how they handle both expected as unexpected input.

        Project details

        Wfuzz is written in Python.

        Strengths and weaknesses

        • + More than 1000 GitHub stars
        • + The source code of this software is available

          Typical usage

          • Application fuzzing
          • Application security
          • Application testing
          • Web application analysis

          Wfuzz review

          84

          aiodnsbrute (Async DNS Brute)

          Introduction

          When a project requires resolving or guessing host names, then this tool is a great addition to the toolkit. It focuses on 'fast' by using asynchronous operations. The list of names to try is provided with a wordlist.

          Project details

          aiodnsbrute is written in Python.

          Strengths and weaknesses

          • + Very low number of dependencies
          • + The source code of this software is available

            Typical usage

            • Network scanning
            • Penetration testing

            aiodnsbrute review

            60

            Crowbar

            Introduction

            While most brute forcing tools take a similar approach, Crowbar can use different methods that are not always available in other utilities. For example, Crowbar can use SSH keys, instead of the typical username and password combination. This might be useful during penetration testing when these type of details are discovered.

            Project details

            Crowbar is written in Python.

            Strengths and weaknesses

            • + The source code of this software is available

              Typical usage

              • Penetration testing

              Crowbar review

              85

              django-axes

              Introduction

              This tool may be used by developers that work with the Django framework. It adds a security layer on top of the application by looking at login attempts and track them.

              Project details

              django-axes is written in Python.

              Strengths and weaknesses

              • + More than 50 contributors
              • + The source code of this software is available

                Typical usage

                • Application security

                django-axes review

                74

                Fail2ban

                Introduction

                Fail2Ban is an intrusion prevention software framework that protects computer servers from brute-force attacks

                Project details

                Fail2ban is written in Python.

                Strengths and weaknesses

                • + More than 2000 GitHub stars
                • + The source code of this software is available

                  Typical usage

                  • Network traffic filtering
                  • Security monitoring

                  Fail2ban review

                  64

                  IKEForce

                  Introduction

                  IKEForce is a command line utility to brute force VPN connections (IPSEC) that allow group name/ID enumeration and XAUTH.

                  Project details

                  IKEForce is written in Python.

                  Strengths and weaknesses

                  • + The source code of this software is available

                    IKEForce review

                    56

                    John the Ripper

                    Introduction

                    John the Ripper is a mature password cracker to find weak or known passwords. It works on Linux and other flavors of Unix and Microsoft Windows.

                    Project details

                    60

                    Patator

                    Introduction

                    Patator is based on similar tools like Hydra, yet with the goal to avoid the common flaws these tools have like performance limitations. The tool is modular and supports different types of brute-force attacks or enumeration of information.

                    Project details

                    Patator is written in Python.

                    Strengths and weaknesses

                    • + More than 500 GitHub stars
                    • + The source code of this software is available

                      Typical usage

                      • Password discovery
                      • Penetration testing
                      • Reconnaissance
                      • Vulnerability scanning

                      Patator review

                      64

                      RouterSploit

                      Introduction

                      RouterSploit is a framework to exploit embedded devices such as cameras and routers. It can be used during penetration testing to test the security of a wide variety of devices. RouterSploit comes with several modules to scan and exploit the devices. The tool helps in all steps, like from credential testing to deploying a payload to perform an exploitation attempt.

                      Project details

                      RouterSploit is written in Python.

                      Strengths and weaknesses

                      • + More than 50 contributors
                      • + More than 6000 GitHub stars
                      • + The source code of this software is available

                        Typical usage

                        • Penetration testing
                        • Self-assessment
                        • Software testing
                        • Vulnerability scanning

                        RouterSploit review

                        93

                        THC Hydra (thc-hydra)

                        Introduction

                        THC Hydra is a brute-force cracking tool for remote authentication services. It supports many protocols, including telnet, FTP, LDAP, SSH, SNMP, and others.

                        Project details

                        THC Hydra is written in C.

                        Strengths and weaknesses

                        • + More than 25 contributors
                        • + More than 1000 GitHub stars
                        • + Project is mature (10+ years)
                        • + The source code of this software is available

                          Typical usage

                          • Penetration testing
                          • Security assessment

                          THC Hydra review

                          60

                          WPForce

                          Introduction

                          This toolkit is fairly new and consists of WPForce and Yertle. As the name implies, the first component has the focus on brute force attacking of login credentials. When admin credentials have been found, it is Yertle that allows uploading a shell. Yertle also has post-exploitation modules for further research.

                          Project details

                          WPForce is written in Python.

                          Strengths and weaknesses

                          • + The source code of this software is available
                          • - Full name of author is unknown

                          Typical usage

                          • Penetration testing
                          • Security assessment
                          • Vulnerability scanning

                          WPForce review

                          52

                          WPSeku

                          Introduction

                          With WPSeku a WordPress installation can be tested for the presence of security issues. Some examples are cross-site scripting (XSS), sql injection, and local file inclusion. The tool also tests for the presence of default configuration files. These files may reveal version numbers, used themes and plugins.

                          Project details

                          WPSeku is written in Python.

                          Strengths and weaknesses

                          • + The source code of this software is available
                          • - Unknown project license

                          Typical usage

                          • Penetration testing
                          • Security assessment
                          • Vulnerability scanning

                          WPSeku review

                          64

                          altdns

                          Introduction

                          Altdns is a security tool to discover subdomains. It generates permutations, alterations, and mutations of subdomains. The generated names can also be tested by performing DNS lookups. An enumeration tool like Altdns is useful during penetrating testing assignments.

                          Project details

                          altdns is written in Python.

                          Strengths and weaknesses

                          • + More than 500 GitHub stars
                          • + The source code of this software is available

                            Typical usage

                            • Reconnaissance
                            • Subdomain discovery
                            • Subdomain enumeration

                            altdns review

                            78

                            detectem

                            Introduction

                            Detectem can be a good early vulnerability detection system. By scanning regularly the dependencies of web applications, old versions of tools can be detected and upgraded. This tool is also helpful for penetration tests to find out what kind of software components are used.

                            Project details

                            detectem is written in Python.

                            Strengths and weaknesses

                            • + The source code of this software is available

                              Typical usage

                              • Application security
                              • Application testing
                              • Reconnaissance
                              • Vulnerability scanning

                              detectem review

                              56

                              domain

                              Introduction

                              Domain is a Python script written by Jason Haddix to combine the tools Recon-ng and altdns. It allows to use the two tool one multiple domains within the same session.

                              Project details

                              domain is written in Python.

                              Strengths and weaknesses

                              • + More than 500 GitHub stars
                              • + The source code of this software is available
                              • - Unknown project license

                              Typical usage

                              • Subdomain enumeration

                              domain review

                              85

                              Fierce

                              Introduction

                              Fierce is a security tool that helps with DNS reconnaissance. It can locate non-contiguous IP space, but using DNS information.

                              Project details

                              Fierce is written in Python.

                              Strengths and weaknesses

                              • + The source code of this software is available

                                Typical usage

                                • Information gathering
                                • Reconnaissance
                                • Security assessment

                                Fierce review

                                63

                                keimpx

                                Introduction

                                The keimpx security tool can be used to check for valid credentials across a network. It uses the SMB protocol, typically used on Microsoft Windows and others.

                                Project details

                                keimpx is written in Python.

                                Strengths and weaknesses

                                • + The source code of this software is available

                                  Typical usage

                                  • Penetration testing
                                  • Security assessment

                                  keimpx review

                                  74

                                  LinEnum

                                  Introduction

                                  LinEnum is one of the tools that can help with automating penetration tests. It performs a discovery on the environment it runs in and tries finding weaknesses to allow privilege escalation.

                                  Project details

                                  LinEnum is written in shell script.

                                  Strengths and weaknesses

                                  • + Very low number of dependencies
                                  • + The source code of this software is available
                                  • + Well-known tool

                                    Typical usage

                                    • Penetration testing
                                    • Privilege escalation
                                    • System enumeration

                                    LinEnum review

                                    60

                                    massh-enum

                                    Introduction

                                    Massh-enum is a user enumeration tool for OpenSSH with the goal to find valid usernames. This can be useful during penetration tests or security assessments. The usernames can be valuable to brute-force or may be used on different locations within a network.

                                    Project details

                                    massh-enum is written in Python, shell script.

                                    Strengths and weaknesses

                                    • + The source code is easy to read and understand
                                    • + Tool is easy to use
                                    • + The source code of this software is available
                                    • - Minimal or no documentation available

                                    Typical usage

                                    • Information gathering
                                    • User enumeration

                                    massh-enum review

                                    81

                                    O-Saft

                                    Introduction

                                    O-Saft is the abbreviation for OWASP SSL advanced forensic tool.

                                    Project details

                                    O-Saft is written in Perl.

                                    Strengths and weaknesses

                                    • + The source code of this software is available

                                      Typical usage

                                      • Information gathering
                                      • Penetration testing
                                      • Security assessment
                                      • Vulnerability scanning
                                      • Web application analysis

                                      O-Saft review

                                      63

                                      Oscanner

                                      Introduction

                                      The tool has a plugin-based architecture for enumeration purposes of Oracle installations.

                                      • Sid enumeration
                                      • Passwords tests (common & dictionary)
                                      • Enumerate Oracle version
                                      • Enumerate account roles
                                      • Enumerate account privileges
                                      • Enumerate account hashes
                                      • Enumerate audit information
                                      • Enumerate password policies
                                      • Enumerate database links

                                      Project details

                                      Oscanner is written in Java.

                                      Strengths and weaknesses

                                      • + The source code of this software is available

                                        Oscanner review

                                        64

                                        RootHelper

                                        Introduction

                                        RootHelper is a small script to retrieve several enumeration and privilege escalation tools. It can be used during penetration testing.

                                        Project details

                                        RootHelper is written in shell script.

                                        Strengths and weaknesses

                                        • + Used language is shell script
                                        • + The source code of this software is available

                                          Typical usage

                                          • Penetration testing
                                          • Privilege escalation
                                          • Security assessment

                                          RootHelper review

                                          Some relevant tool missing as an alternative to dirsearch? Please contact us with your suggestion.