django-axes alternatives

Looking for a better tool, or simply want to learn about alternatives? There is typically more than one option.

Alternatives (by tag)

76

Alternative: 0d1n

0d1n is a security tool to perform fuzzing of web applications and discover potential security issues. It is commonly used during security assignments.

0d1n is useful to perform brute-force login attempts for authentication forms. It can discover useful directory names by using a predefined list of paths. With options to use a random proxy per request and load CSRF tokens, it is a tool that can be used in different type of assignments.

Project details

0d1n is written in C.

Strengths

  • + The source code of this software is available

Typical usage

  • information gathering
  • penetration test
  • security assessment
  • vulnerability scanning

0d1n project page

52

Alternative: dirsearch

Dirsearch is a tool to guide security professionals to find possible information leaks or sensitive data. It does this by looking for directory and file names.

Project details

dirsearch is written in Python.

Strengths

  • + More than 10 contributors
  • + More than 500 GitHub stars
  • + The source code of this software is available

Typical usage

  • information gathering
  • penetration test
  • security assessment

dirsearch project page

97

Alternative: Fail2ban

Fail2Ban is an intrusion prevention software framework that protects computer servers from brute-force attacks

Project details

Fail2ban is written in Python.

Strengths

  • + More than 2000 GitHub stars
  • + The source code of this software is available

Typical usage

  • network traffic filtering
  • security monitoring

Fail2ban project page

64

Alternative: IKEForce

IKEForce is a command line utility to brute force VPN connections (IPSEC) that allow group name/ID enumeration and XAUTH.

Project details

IKEForce is written in Python.

Strengths

  • + The source code of this software is available

IKEForce project page

56

Alternative: John the Ripper

John the Ripper is a mature password cracker to find weak or known passwords.

John the Ripper is a mature password cracker to find weak or known passwords. It works on Linux and other flavors of Unix and Microsoft Windows.

70

Alternative: Patator

Patator is a security tool to perform enumeration or brute-force attempts to discover authentication details. It can be used during penetration testing.

Project details

Patator is written in Python.

Strengths

  • + More than 500 GitHub stars
  • + The source code of this software is available

Typical usage

  • password discovery
  • penetration test
  • reconnaissance
  • vulnerability scanning

Patator project page

100

Alternative: THC Hydra (thc-hydra)

THC Hydra is a brute-force cracking tool for remote authentication services. It supports many protocols, including telnet, FTP, LDAP, SSH, SNMP, and others.

Project details

THC Hydra is written in C.

Strengths

  • + More than 25 contributors
  • + More than 1000 GitHub stars
  • + Project is mature (10+ years)
  • + The source code of this software is available

Typical usage

  • penetration test
  • security assessment

THC Hydra project page

85

Alternative: WPForce

WPForce is a suite of tools to attack Wordpress installations. One part focuses on brute forcing logins, the other to upload a shell upon finding credentials.

This toolkit is fairly new and consists of WPForce and Yertle. As the name implies, the first component has the focus on brute force attacking of login credentials. When admin credentials have been found, it is Yertle that allows uploading a shell. Yertle also has post-exploitation modules for further research.

Project details

WPForce is written in Python.

Strengths

  • + The source code of this software is available

Weaknesses

  • - Full name of author is unknown

Typical usage

  • penetration test
  • security assessment
  • vulnerability scanning

WPForce project page

78

Alternative: WPSeku

WPSeku is a WordPress vulnerability scanner that can be used to scan remote WordPress installations.

With WPSeku a WordPress installation can be tested for the presence of security issues. Some examples are cross-site scripting (XSS), sql injection, and local file inclusion. The tool also tests for the presence of default configuration files. These files may reveal version numbers, used themes and plugins.

Project details

WPSeku is written in Python.

Strengths

  • + The source code of this software is available

Weaknesses

  • - Unknown project license

Typical usage

  • penetration test
  • security assessment
  • vulnerability scanning

WPSeku project page

63

Alternative: ArpON

ArpON is a host-based tool to improve the security of the Address Resolution Protocol (ARP).

ArpOn protects a system by running as a daemon and guard against a Man in the Middle (MitM) attack due to ARP spoofing, cache poisoning, or an ARP poison routing attack.

The tool works by using three types of inspection to detect a related attack.

  • SARPI (Static ARP Inspection), statically configured networks (without DHCP)
  • DARPI (Dynamic ARP Inspection), dynamically configured networks (with DHCP)
  • HARPI (Hybrid ARP Inspection), statically and dynamically configured networks (with DHCP)

Project details

ArpON is written in C.

Strengths

  • + The source code of this software is available

ArpON project page

81

Alternative: DBShield

DBShield is a gateway between an application and actual database engine. Its goal is to protect against SQL injections and other database attacks.

Project details

DBShield is written in Golang.

Strengths

  • + The source code of this software is available

Typical usage

  • database security

DBShield project page

84

Alternative: django-defender (Django Defender)

Django-defender is a reusable app for Django that blocks people from performing brute forcing login attempts.

Project details

django-defender is written in Python.

Strengths

  • + More than 10 contributors
  • + The source code of this software is available

Typical usage

  • application security

django-defender project page

64

Alternative: OpenSnitch

OpenSnitch is a Linux port of the popular macOS Little Snitch application firewall

OpenSnitch is a tool based on Little Snitch, a macOS application level firewall. All outgoing connections are monitored and the user is alerted when a new outgoing connection occurs. This allows the user to detect and block any unwanted connections.

The OpenSnitch tool relies on NFQUEUE, which is an extension for iptables. With this extension software running in userland can intercept IP packets and allow/drop them.

Project details

OpenSnitch is written in Python.

Strengths

  • + More than 2000 GitHub stars
  • + The source code of this software is available

Typical usage

  • network traffic filtering

OpenSnitch project page

63

Alternative: Portspoof

Portspoof is a small utility with the goal to make port scanning by other much harder by showing all TCP ports as 'open' and emulating actual services.

Portspoof is a small utility with the goal to make port scanning by other much harder. It achieves this by showing all configured TCP ports to be in the 'open' state instead of closed or filter. The related ports are also emulating valid services. This way a port scan on the system will reveal many open ports and look to have legitimate services running.

96

Alternative: Arachni

Web Application Security Scanner aimed towards helping users evaluate the security of web applications

Arachni is framework written in Ruby with focus on evaluating the security of web applications. Typical users include security professionals and system administrators.

The tooling is free and open source. Besides Linux, it also runs on macOS and Microsoft Windows.

Project details

Arachni is written in Ruby.

Strengths

  • + More than 1000 GitHub stars
  • + The source code of this software is available

Typical usage

  • penetration test
  • security assessment
  • web application analysis

Arachni project page

97

Alternative: Commix

Commit is a security tool to test web applications and find vulnerabilities related to command injection attacks. It can be used during security assignments.

Commix is short for COMMand Injection eXploiter.

Project details

Commix is written in Python.

Strengths

  • + More than 10 contributors
  • + More than 1000 GitHub stars
  • + The source code of this software is available

Commix project page

64

Alternative: DorkNet

DorkNet helps with the discovery of vulnerable web apps. It is a script written in Python that leverages Selenium.

Project details

DorkNet is written in Python.

Strengths

  • + The source code of this software is available

Typical usage

  • security assessment
  • vulnerability scanning
  • web application analysis

DorkNet project page

85

Alternative: hsecscan (hsecscan)

hsecscan performs a security scan of a website and analyses any discovered HTTP headers. For each header, it will provide details and recommendations.

The hsecscan utility is written in Python and opens a connection (via HTTP or HTTPS) to the related web server. It will return all headers found and includes an explanation of what each header does. Any security recommendations are listed as well.

Project details

hsecscan is written in Python.

Strengths

  • + The source code of this software is available

Typical usage

  • information gathering
  • learning
  • penetration test
  • security assessment
  • web application analysis

hsecscan project page

64

Alternative: Jackhammer

Jackhammer is a collaboration tool to get security and developer teams together. Focus is on static code analysis and dynamic analysis vulnerability discovery.

The tool uses RBAC (Role Based Access Control) with different levels of access. Jackhammer uses several tools to do dynamic and static code analysis (e.g. for Java, Ruby, Python, and Nodejs). It checks also for vulnerabilities in libraries. Due to its modular architecture, it can use several scanners out of the box, with options to add your own.

The Jackhammer project was initially added to GitHub on the 8th of May, 2017.

Project details

Jackhammer is written in Ruby.

Strengths

  • + The source code of this software is available

Typical usage

  • collaboration
  • information sharing

Jackhammer project page

64

Alternative: Jawfish

Jawfish is a security tool to test web applications. It can find related exploits and update according to an internal database.

Project details

Jawfish is written in Python.

Strengths

  • + The source code of this software is available

Typical usage

  • penetration test
  • security assessment
  • vulnerability scanning
  • web application analysis

Jawfish project page

74

Alternative: Suhosin

Suhosin is a security extension for PHP and consists of two parts that enhance PHP. It helps with protecting against known and unknown attacks.

Project details

Suhosin is written in C.

Strengths

  • + The source code of this software is available

Weaknesses

  • - Well-known tool

Typical usage

  • application security

Suhosin project page

64

Alternative: Susanoo

Susanoo is a security tool to test the security of a REST API. With this focus, it goes beyond the typical attack surface of a web application.

Project details

Susanoo is written in Python.

Strengths

  • + The source code of this software is available

Typical usage

  • API testing
  • application testing

Susanoo project page

64

Alternative: Yasuo

Yasuo is a Ruby script that scans for vulnerable and exploitable third-party web applications.

Project details

Strengths

  • + The source code of this software is available

Typical usage

  • penetration test
  • vulnerability scanning
  • web application analysis

Yasuo project page