Damn Small JS Scanner alternatives

Looking for an alternative tool to replace Damn Small JS Scanner? During the review of Damn Small JS Scanner we looked at other open source tools. Based on their category, tags, and text, these are the ones that have the best match.

Top 3

  1. Anchore Engine (container analysis and inspection)
  2. Archery (vulnerability assessment and management)
  3. AutoNessus (scheduling of vulnerability scans)

These tools are ranked as the best alternatives to Damn Small JS Scanner.

Alternatives (by score)

64

Anchore Engine

Introduction

Anchore is a tool to help with discovering, analyzing and certifying container images. These images can be stored both on-premises or in the cloud. The tooling is mainly focused on developer so that perform analysis on their container images. Typical actions include running queries, creating reports, or set up policies for a continuous integration and deployment pipeline.

Project details

Anchore Engine is written in Python.

Strengths and weaknesses

  • + More than 10 contributors
  • + Commercial support available
  • + More than 1000 GitHub stars
  • + The source code of this software is available

    Typical usage

    • System hardening

    Anchore Engine review

    100

    Archery

    Introduction

    Archery is a tool that helps to collect data about vulnerabilities within an environment. Instead of focusing on the actual scanning, it allows managing findings in a web-based interface. This includes options like reporting, searching, and dashboards. It can interact with other tools, including the well-known vulnerability scanners.

    Project details

    Archery is written in Python.

    Strengths and weaknesses

    • + More than 500 GitHub stars
    • + The source code of this software is available

      Typical usage

      • Penetration testing
      • Vulnerability management
      • Vulnerability scanning
      • Vulnerability testing

      Archery review

      64

      AutoNessus (autonessus)

      Introduction

      This tool is useful to time scans, for example by having it run outside of business hours, and stop when the day starts.

      Note: originally another tool was named AutoNessus. That is now Seccubus.

      Project details

      AutoNessus is written in Python.

      Strengths and weaknesses

      • + The source code of this software is available
      • - No releases on GitHub available

      Typical usage

      • Vulnerability scanning

      AutoNessus review

      64

      CMSeeK

      Introduction

      CMSeeK is a security scanner for content management systems (CMS). It can perform a wide range of functions starting from the detection of the CMS, up to vulnerability scanning. The tool claims to support over 100 different CMS tools, with extensive support for the commonly used ones like Drupal, Joomla, and WordPress.

      The scans performed by CMSeeK include version detection. It can also do enumeration of users, plugins, and themes. This might be useful to see what users or components are available. The tool includes admin page discovery, file discovery, and directory listing. Anything that might be useful to a penetration test or security assessment, might be displayed.

      Project details

      CMSeeK is written in Python.

      Strengths and weaknesses

      • + The source code of this software is available
      • - Full name of author is unknown

      Typical usage

      • Penetration testing
      • Software exploitation
      • Software identification
      • Vulnerability scanning

      CMSeeK review

      60

      Dagda

      Introduction

      The main reasons to use Dagda is the detection of vulnerable or malicious components within your containerized environment.

      Project details

      Dagda is written in Python.

      Strengths and weaknesses

      • + The source code of this software is available

        Typical usage

        • Malware detection
        • Malware scanning
        • Vulnerability management
        • Vulnerability scanning

        Dagda review

        64

        Damn Small FI Scanner (DSFS)

        Introduction

        None

        Project details

        Damn Small FI Scanner is written in Python.

        Strengths and weaknesses

        • + The source code of this software is available

          Typical usage

          • Security assessment
          • Vulnerability scanning

          Damn Small FI Scanner review

          60

          Jackhammer

          Introduction

          The tool uses RBAC (Role Based Access Control) with different levels of access. Jackhammer uses several tools to do dynamic and static code analysis (e.g. for Java, Ruby, Python, and Nodejs). It checks also for vulnerabilities in libraries. Due to its modular architecture, it can use several scanners out of the box, with options to add your own.

          The Jackhammer project was initially added to GitHub on the 8th of May, 2017.

          Project details

          Jackhammer is written in Ruby.

          Strengths and weaknesses

          • + The source code of this software is available

            Typical usage

            • Collaboration
            • Information sharing

            Jackhammer review

            78

            JoomScan

            Introduction

            JoomScan could be used to test your Joomla installation or during security assessments. As it has a primary focus on Joomla, it may provide better results than generic vulnerability scanners.

            Project details

            JoomScan is written in Perl.

            Strengths and weaknesses

            • + The source code of this software is available

              Typical usage

              • Vulnerability scanning
              • Vulnerability testing

              JoomScan review

              64

              LFI Suite

              Introduction

              This tool is a useful addition to the pentesting toolbox of security professionals. It can help discover and exploit any local file inclusion weakness in applications. Upon success, a reverse shell can be used to get access to the system.

              Project details

              LFI Suite is written in Python.

              Strengths and weaknesses

              • + The source code of this software is available
              • - Full name of author is unknown

              Typical usage

              • Penetration testing
              • Web application analysis

              LFI Suite review

              93

              Lynis

              Introduction

              Lynis is an open-source security auditing tool that is available since 2007 and created by Michael Boelen. Its primary goal is to evaluate the security defenses of systems running Linux or other flavors of Unix. It provides suggestions to install, configure, or correct any security measures.

              Project details

              Lynis is written in shell script.

              Strengths and weaknesses

              • + The source code is easy to read and understand
              • + More than 100 contributors
              • + More than 8000 GitHub stars
              • + Tool is easy to use
              • + Available as package (simplified installation)
              • + Commercial support available
              • + Used language is shell script
              • + Very low number of dependencies
              • + Project is mature (10+ years)
              • + The source code of this software is available

                Typical usage

                • IT audit
                • Penetration testing
                • Security assessment
                • System hardening
                • Vulnerability scanning

                Lynis review

                74

                Nikto

                Introduction

                Nikto helps with performing security scans against web servers and to search for vulnerabilities in web applications.

                Project details

                Nikto is written in Perl.

                Strengths and weaknesses

                • + The source code of this software is available
                • + Well-known tool

                  Typical usage

                  • Penetration testing
                  • Security assessment
                  • Web application analysis

                  Nikto review

                  78

                  Nmap

                  Introduction

                  Nmap is short for "Network Mapper". It is a free and open source utility for network discovery and security auditing. It was release in September of 1997 by Gordon Lyon, commonly known under his pseudonym "Fyodor".

                  Project details

                  Nmap is written in C, C++, Lua, Python.

                  Strengths and weaknesses

                  • + Project is mature (10+ years)
                  • + The source code of this software is available
                  • + Well-known author
                  • + Well-known tool
                  • - Software usage is restricted (e.g. commercially)

                  Typical usage

                  • Network scanning
                  • Vulnerability scanning

                  Nmap review

                  72

                  OpenSCAP

                  Introduction

                  The OpenSCAP project provides a wide variety of hardening guides, configuration baselines, and tools to test for vulnerabilities and configuration issues. It uses SCAP as the protocol to store the underlying data.

                  Project details

                  OpenSCAP is written in C.

                  Strengths and weaknesses

                  • + More than 25 contributors
                  • + The source code of this software is available
                  • + Supported by a large company

                    Typical usage

                    • Security assessment
                    • Vulnerability scanning

                    OpenSCAP review

                    96

                    OpenVAS

                    Introduction

                    OpenVAS is an open source vulnerability scanner that emerged from when Nessus became closed source in October of 2005.

                    Project details

                    OpenVAS is written in C.

                    Strengths and weaknesses

                    • + The source code of this software is available
                    • + Well-known tool

                      Typical usage

                      • Penetration testing
                      • Security assessment
                      • Vulnerability scanning

                      OpenVAS review

                      97

                      Safety

                      Introduction

                      When having applications deployed in your environment, not all of those may be installed via a package manager. When your infrastructure grows, it becomes even harder to know which tools are properly patched and which ones are not. For Python applications, this is where Safety comes in that can help scan installed software components via pip. It will also look at any of the dependencies that are installed.

                      Project details

                      Safety is written in Python.

                      Strengths and weaknesses

                      • + More than 10 contributors
                      • + The source code of this software is available

                        Typical usage

                        • Penetration testing
                        • Security assessment
                        • Security monitoring
                        • Vulnerability scanning

                        Safety review

                        74

                        Seccubus

                        Introduction

                        Supported engines and tools:

                        • Nessus
                        • OpenVAS
                        • Nmap
                        • Nikto
                        • Medusa
                        • Qualys SSL labs
                        • SkipFish
                        • SSLyze
                        • testssl.sh
                        • ZAP

                        Project details

                        64

                        Tulpar

                        Introduction

                        Tulpar is a vulnerability scanner that can be used to test new or existing web applications. In the former case, it could be helpful to test a new project before it is deployed into production. This could be done by the developer or a security professional. If some web application is already in production, then it might be a good tool to perform regular testing on known vulnerabilities. In this case, it is typically a pentester or security specialist that does the testing.

                        Project details

                        Tulpar is written in Python.

                        Strengths and weaknesses

                        • + The source code of this software is available
                        • - Minimal or no documentation available

                        Typical usage

                        • Application security
                        • Application testing
                        • Web application analysis

                        Tulpar review

                        64

                        VScan

                        Introduction

                        Vscan is a security tool to perform vulnerability scanning with Nmap. It leverages NSE scripts to provide some flexibility in terms of vulnerability detection and exploitation.

                        Project details

                        VScan is written in shell script.

                        Strengths and weaknesses

                        • + The source code of this software is available

                          Typical usage

                          • Backdoor detection
                          • Vulnerability scanning

                          VScan review

                          64

                          Vane

                          Introduction

                          Vane is a forked project of the now non-free popular WordPress vulnerability scanner WPScan.

                          Project details

                          Vane is written in Ruby.

                          Strengths and weaknesses

                          • + More than 25 contributors
                          • + The source code of this software is available

                            Typical usage

                            • Application security
                            • Web application analysis

                            Vane review

                            64

                            VulnWhisperer

                            Introduction

                            VulnWhisperer helps with the collection of vulnerability data and its reports. The goal of the tool is to make vulnerability data more actionable. It supports scans and data from products like Nessus, Qualys products, OpenVAS, and Tenable.io.

                            Project details

                            VulnWhisperer is written in Python.

                            Strengths and weaknesses

                            • + More than 10 contributors
                            • + The source code of this software is available

                              Typical usage

                              • Vulnerability management
                              • Vulnerability scanning

                              VulnWhisperer review

                              100

                              Vuls

                              Introduction

                              Vuls is a vulnerability scanner for Linux and FreeBSD. It is written in Go, agentless, and can use a remote login to find any software vulnerabilities. It has multiple levels of scanning, from a fast scan up to a deep scan with extensive analysis.

                              Project details

                              Vuls is written in Golang.

                              Strengths and weaknesses

                              • + More than 50 contributors
                              • + More than 5000 GitHub stars
                              • + The source code of this software is available

                                Typical usage

                                • System hardening
                                • Vulnerability scanning

                                Vuls review

                                93

                                WPScan

                                Introduction

                                WPScan can scan WordPress installations and determine if there are vulnerabilities in a particular installation.

                                Project details

                                WPScan is written in Ruby.

                                Strengths and weaknesses

                                • + More than 25 contributors
                                • + More than 2000 GitHub stars
                                • + The source code of this software is available
                                • - Software usage is restricted (e.g. commercially)

                                Typical usage

                                • Penetration testing
                                • Security assessment
                                • Vulnerability scanning

                                WPScan review

                                52

                                WPSeku

                                Introduction

                                With WPSeku a WordPress installation can be tested for the presence of security issues. Some examples are cross-site scripting (XSS), sql injection, and local file inclusion. The tool also tests for the presence of default configuration files. These files may reveal version numbers, used themes and plugins.

                                Project details

                                WPSeku is written in Python.

                                Strengths and weaknesses

                                • + The source code of this software is available
                                • - Unknown project license

                                Typical usage

                                • Penetration testing
                                • Security assessment
                                • Vulnerability scanning

                                WPSeku review

                                60

                                Whitewidow

                                Introduction

                                Whitewidow is a security tool to perform automated SQL vulnerability scans. It can be used during penetration tests or for security assessments.

                                Project details

                                Whitewidow is written in Ruby.

                                Strengths and weaknesses

                                • + More than 500 GitHub stars
                                • + The source code of this software is available

                                  Typical usage

                                  • Application security
                                  • Penetration testing
                                  • Vulnerability scanning

                                  Whitewidow review

                                  78

                                  XSS Hunter

                                  Introduction

                                  By using a specific link, XSS Hunter can see when some attack successfully is triggered. It will then store information like the vulnerable page's URI, referer, HTML DOM, the screenshot of page, and cookies. Regarding the victim, it stores the IP address and the user agent.

                                  Project details

                                  Some relevant tool missing as an alternative to Damn Small JS Scanner? Please contact us with your suggestion.