flunym0us alternatives

Looking for a better tool, or simply want to learn about alternatives? There is typically more than one option.

Alternatives (by tag)

64

Alternative: CMSmap

CMSmap is a security tool to perform reconnaissance on a web target. It helps with the detection of several popular content management systems (CMS).

Project details

CMSmap is written in Python.

Strengths

  • + The source code of this software is available

Typical usage

  • application testing
  • information gathering
  • vulnerability scanning
  • web application analysis

CMSmap project page

60

Alternative: Plecost

Plecost is a security tool to fingerprint WordPress installations and find available vulnerabilities.

Project details

Plecost is written in Python.

Strengths

  • + Screen output is colored
  • + The source code of this software is available

Typical usage

  • web application analysis

Plecost project page

84

Alternative: Spaghetti

Spaghetti is a web vulnerability scanner to find flaws in common web applications and frameworks. It can perform fingerprinting and vulnerability discovery.

Project details

Spaghetti is written in Python.

Strengths

  • + The source code of this software is available

Typical usage

  • penetration test
  • vulnerability scanning
  • vulnerability testing

Spaghetti project page

64

Alternative: Vane

Vane is a forked project of the now non-free popular WordPress vulnerability scanner WPScan.

Project details

Vane is written in Ruby.

Strengths

  • + More than 25 contributors
  • + The source code of this software is available

Typical usage

  • application security
  • web application analysis

Vane project page

84

Alternative: Wordpresscan

Wordpresscan is a security scanner for WordPress installations. It is based on the work of WPScan with some ideas inspired by the WPSeku project.

Project details

Wordpresscan is written in Python.

Strengths

  • + The source code of this software is available

Typical usage

  • application security
  • penetration test
  • web application analysis

Wordpresscan project page

93

Alternative: WordPress Exploit Framework (WPXF)

The WordPress Exploit Framework (WPXF) is a framework written in Ruby. As the name implies, it aids in pentesting WordPress installations.

This framework is a tool that can be used as part of the pentesters toolbox. When running the tool, you will have to define a host, exploit, and payload. The tool is less friendly for beginners, but more experienced pentesters will find no difficulty in using it.

Project details

WordPress Exploit Framework is written in Ruby.

Strengths

  • + The source code of this software is available

Weaknesses

  • - Has longer learning curve

Typical usage

  • penetration test
  • security assessment
  • vulnerability scanning

WordPress Exploit Framework project page

60

Alternative: Wordstress

Wordstress is a security scanner for WordPress installations. It uses a white-box approach in scanning, which makes it different than most other scanners.

Project details

Wordstress is written in Ruby.

Strengths

  • + The source code of this software is available

Typical usage

  • application security
  • vulnerability scanning
  • web application analysis

Wordstress project page

48

Alternative: wp_enum

The wp_enum tool helps with the discovery of WordPress users and accounts.

This utility enumerates the available identities on a WordPress installation.

76

Alternative: WPForce

WPForce is a suite of tools to attack Wordpress installations. One part focuses on brute forcing logins, the other to upload a shell upon finding credentials.

This toolkit is fairly new and consists of WPForce and Yertle. As the name implies, the first component has the focus on brute force attacking of login credentials. When admin credentials have been found, it is Yertle that allows uploading a shell. Yertle also has post-exploitation modules for further research.

Project details

WPForce is written in Python.

Strengths

  • + The source code of this software is available

Weaknesses

  • - Full name of author is unknown

Typical usage

  • penetration test
  • security assessment
  • vulnerability scanning

WPForce project page

93

Alternative: WPScan

WPScan is a security tool to perform black box WordPress vulnerability scans, including enumeration of used plugins

Project details

WPScan is written in Ruby.

Strengths

  • + More than 25 contributors
  • + More than 2000 GitHub stars
  • + The source code of this software is available

Weaknesses

  • - Software usage is restricted (e.g. commercially)

Typical usage

  • penetration test
  • security assessment
  • vulnerability scanning

WPScan project page

60

Alternative: WPSeku

WPSeku is a WordPress vulnerability scanner that can be used to scan remote WordPress installations.

With WPSeku a WordPress installation can be tested for the presence of security issues. Some examples are cross-site scripting (XSS), sql injection, and local file inclusion. The tool also tests for the presence of default configuration files. These files may reveal version numbers, used themes and plugins.

Project details

WPSeku is written in Python.

Strengths

  • + The source code of this software is available

Weaknesses

  • - Unknown project license

Typical usage

  • penetration test
  • security assessment
  • vulnerability scanning

WPSeku project page

64

Alternative: wpvulndb_cmd

wpvulndb_cmd is a command-line security tool to perform a vulnerability scan on WordPress installations. It uses WP-CLI and the WPScan vulnerability database.

Project details

wpvulndb_cmd is written in Python.

Strengths

  • + The source code of this software is available

Typical usage

  • penetration test
  • security assessment
  • web application analysis

wpvulndb_cmd project page