droopescan alternatives

Looking for an alternative tool to replace droopescan? During the review of droopescan we looked at other open source tools. Based on their category, tags, and text, these are the ones that have the best match.

Top 3

  1. JoomScan (vulnerability scanner for Joomla CMS)
  2. Vane (WordPress vulnerability scanner)
  3. Wordpresscan (WordPress vulnerability scanner)

These tools are ranked as the best alternatives to droopescan.

Alternatives (by score)

85

JoomScan

Introduction

JoomScan could be used to test your Joomla installation or during security assessments. As it has a primary focus on Joomla, it may provide better results than generic vulnerability scanners.

Project details

JoomScan is written in Perl.

Strengths and weaknesses

  • + The source code of this software is available

    Typical usage

    • Vulnerability scanning
    • Vulnerability testing

    JoomScan review

    64

    Vane

    Introduction

    Vane is a forked project of the now non-free popular WordPress vulnerability scanner WPScan.

    Project details

    Vane is written in Ruby.

    Strengths and weaknesses

    • + More than 25 contributors
    • + The source code of this software is available

      Typical usage

      • Application security
      • Web application analysis

      Vane review

      60

      Wordpresscan

      Introduction

      Tools like WordPresscan are useful to perform vulnerability scans on the popular WordPress platform. It can be used during development and on existing installations.

      Project details

      Wordpresscan is written in Python.

      Strengths and weaknesses

      • + The source code of this software is available

        Typical usage

        • Application security
        • Penetration testing
        • Web application analysis

        Wordpresscan review

        74

        WordPress Exploit Framework (WPXF)

        Introduction

        WordPress is still one of the most popular frameworks for websites. A variety of open source tools exist to assess the security of this content management system, and its themes and plugins.

        Project details

        WordPress Exploit Framework is written in Ruby.

        Strengths and weaknesses

        • + More than 500 GitHub stars
        • + The source code of this software is available
        • - Has longer learning curve

        Typical usage

        • Penetration testing
        • Security assessment
        • Vulnerability scanning
        • Web application analysis

        WordPress Exploit Framework review

        60

        Wordstress

        Introduction

        WordPress is a popular choice among content management systems (CMS). Powering many websites and blogs, it is also a popular target. So regular updates and security testing can help to reduce the risk. WordStress can help with this testing.

        Project details

        Wordstress is written in Ruby.

        Strengths and weaknesses

        • + The source code of this software is available

          Typical usage

          • Application security
          • Vulnerability scanning
          • Web application analysis

          Wordstress review

          78

          WPScan

          Introduction

          WPScan can scan WordPress installations and determine if there are vulnerabilities in a particular installation.

          Project details

          WPScan is written in Ruby.

          Strengths and weaknesses

          • + More than 25 contributors
          • + More than 2000 GitHub stars
          • + The source code of this software is available
          • - Software usage is restricted (e.g. commercially)

          Typical usage

          • Penetration testing
          • Security assessment
          • Vulnerability scanning

          WPScan review

          88

          CMSeeK

          Introduction

          CMSeeK is a security scanner for content management systems (CMS). It can perform a wide range of functions starting from the detection of the CMS, up to vulnerability scanning. The tool claims to support over 100 different CMS tools, with extensive support for the commonly used ones like Drupal, Joomla, and WordPress.

          The scans performed by CMSeeK include version detection. It can also do enumeration of users, plugins, and themes. This might be useful to see what users or components are available. The tool includes admin page discovery, file discovery, and directory listing. Anything that might be useful to a penetration test or security assessment, might be displayed.

          Project details

          CMSeeK is written in Python.

          Strengths and weaknesses

          • + The source code of this software is available
          • - Full name of author is unknown

          Typical usage

          • Penetration testing
          • Software exploitation
          • Software identification
          • Vulnerability scanning

          CMSeeK review

          64

          CMSmap

          Introduction

          CMSmap helps saving time in the process of detecting what CMS is used for a given web application. It performs reconnaissance and can do additional vulnerability scanning.

          Project details

          CMSmap is written in Python.

          Strengths and weaknesses

          • + More than 500 contributors
          • + The source code of this software is available
          • - No releases on GitHub available
          • - No updates for a while

          Typical usage

          • Application testing
          • Information gathering
          • Vulnerability scanning
          • Web application analysis

          CMSmap review

          68

          flunym0us

          Introduction

          Flunym0us is a security scanner for WordPress and Moodle installations. The tool tests the security of the installation by performing enumeration attempts.

          Project details

          flunym0us is written in Python.

          Strengths and weaknesses

          • + The source code of this software is available

            Typical usage

            • Vulnerability scanning
            • Web application analysis

            flunym0us review

            60

            Plecost

            Introduction

            Plecost is a security tool to fingerprint WordPress installations and find available vulnerabilities.

            Project details

            Plecost is written in Python.

            Strengths and weaknesses

            • + Screen output is colored
            • + The source code of this software is available

              Typical usage

              • Web application analysis

              Plecost review

              60

              WPForce

              Introduction

              This toolkit is fairly new and consists of WPForce and Yertle. As the name implies, the first component has the focus on brute force attacking of login credentials. When admin credentials have been found, it is Yertle that allows uploading a shell. Yertle also has post-exploitation modules for further research.

              Project details

              WPForce is written in Python.

              Strengths and weaknesses

              • + The source code of this software is available
              • - Full name of author is unknown

              Typical usage

              • Penetration testing
              • Security assessment
              • Vulnerability scanning

              WPForce review

              52

              WPSeku

              Introduction

              With WPSeku a WordPress installation can be tested for the presence of security issues. Some examples are cross-site scripting (XSS), sql injection, and local file inclusion. The tool also tests for the presence of default configuration files. These files may reveal version numbers, used themes and plugins.

              Project details

              WPSeku is written in Python.

              Strengths and weaknesses

              • + The source code of this software is available
              • - Unknown project license

              Typical usage

              • Penetration testing
              • Security assessment
              • Vulnerability scanning

              WPSeku review

              64

              wpvulndb_cmd

              Introduction

              wpvulndb_cmd is a command-line security tool to perform a vulnerability scan on WordPress installations. It uses WP-CLI and the WPScan vulnerability database.

              Project details

              wpvulndb_cmd is written in Python.

              Strengths and weaknesses

              • + The source code of this software is available

                Typical usage

                • Penetration testing
                • Security assessment
                • Web application analysis

                wpvulndb_cmd review

                Some relevant tool missing as an alternative to droopescan? Please contact us with your suggestion.