Gitrob alternatives

Looking for a better tool, or simply want to learn about alternatives? There is typically more than one option.

Alternatives (by tag)

85

Alternative: jak

Jak is a security tool to encrypt and decrypt sensitive data in Git repositories, like application secrets.

Project details

jak is written in Python.

Strengths

  • + The source code of this software is available

Typical usage

  • data encryption

jak project page

84

Alternative: Belati

Belati is security tool to collect public data and information and calls itself a Swiss army knife for OSINT purposes.

Project details

Belati is written in Python.

Strengths

  • + The source code of this software is available

Weaknesses

  • - Full name of author is unknown

Typical usage

  • information gathering

Belati project page

84

Alternative: dirsearch

Dirsearch is a tool to guide security professionals to find possible information leaks or sensitive data. It does this by looking for directory and file names.

Project details

dirsearch is written in Python.

Strengths

  • + More than 10 contributors
  • + More than 500 GitHub stars
  • + The source code of this software is available

Typical usage

  • information gathering
  • penetration test
  • security assessment

dirsearch project page

64

Alternative: DirSearch (Go)

DirSearch is a scanning tool to find directories and files on web applications. It is a remake of the dirsearch tool that was created by Mauro Soria.

Project details

DirSearch (Go) is written in Golang.

Strengths

  • + The source code of this software is available

Typical usage

  • information gathering
  • penetration test
  • security assessment

DirSearch (Go) project page

84

Alternative: Gitem

Gitem is a reconnaissance tool to extract information about organizations on GitHub. It can be used to find the leaking of sensitive data.

Project details

Gitem is written in Python.

Strengths

  • + The source code of this software is available

Typical usage

  • information gathering
  • security assessment
  • security monitoring
  • self-assessment

Gitem project page

56

Alternative: Metagoofil

Metagoofil is an information gathering tool with focus extracting any metadata from public documents.

Metagoofil will perform a search in Google based on the given domain name. Any public documents will be downloaded and analyzed. For this task it uses libraries like Hachoir, PdfMiner, and others. Useful details include username, software versions, hostnames, etc.

File types: pdf, doc, xls, ppt, docx, pptx, xlsx

Project details

Metagoofil is written in Python.

Strengths

  • + The source code of this software is available

Typical usage

  • information gathering
  • penetration test

Metagoofil project page

100

Alternative: osquery

The osquery tool allows querying your Linux, Windows, and macOS infrastructure. It can help with intrusion detection, infrastructure reliability, or compliance.

Project details

osquery is written in C++, Python.

Strengths

  • + More than 100 contributors
  • + More than 9000 stars
  • + The source code of this software is available
  • + Supported by a large company

Typical usage

  • compliance testing
  • information gathering
  • security monitoring

osquery project page

64

Alternative: OSRFramework

OSRFramework is an open source research framework. The project helps with information gathering and can be classified as an OSINT tool.

Project details

OSRFramework is written in Python.

Strengths

  • + Available as package (simplified installation)
  • + The source code of this software is available

Weaknesses

  • - No releases on GitHub available

Typical usage

  • information gathering

OSRFramework project page

89

Alternative: SearchSploit

Exploit-DB's CLI search tool to find any exploits from the database. The tool is written in shell script and maintained by Offensive Security.

Project details

SearchSploit is written in shell script.

Strengths

  • + Used language is shell script

Weaknesses

  • - Full name of author is unknown

Typical usage

  • information gathering
  • penetration test

SearchSploit project page

56

Alternative: theHarvester

theHarvester is a tool to gather email accounts, subdomains, virtual hosts, open ports, banners, and employee names. It uses different public sources.

This tool is a typical information collection tool to retrieve public data and get it all into one place. It is useful for penetration tests, or if you want to see what is available for your company.

64

Alternative: web-hunter

Web-hunter is a tool to crawl search engines like Google and Bing to find emails, sub domains, and URLs associated with a specified target domain.

Project details

web-hunter is written in Python.

Strengths

  • + The source code of this software is available

Typical usage

  • information gathering

web-hunter project page

64

Alternative: weblocator

The weblocator security tool performs a discovery search to find directories and files. This can be useful for penetration tests to find sensitive data.

Project details

weblocator is written in Python.

Strengths

  • + The source code of this software is available

Typical usage

  • information gathering
  • penetration test
  • security assessment

weblocator project page

88

Alternative: DataSploit

DataSploit is a framework to perform intelligence gather to discover credentials, domain information, and other information related to the target.

Project details

DataSploit is written in Python.

Strengths

  • + The source code of this software is available

Typical usage

  • information gathering
  • security monitoring

DataSploit project page

97

Alternative: SpiderFoot

SpiderFoot is an open source intelligence automation tool (OSINT). It automates the process of gathering intelligence, like IP addresses, domains, and networks.

Project details

SpiderFoot is written in Python.

Strengths

  • + The source code of this software is available

Typical usage

  • information gathering

SpiderFoot project page

60

Alternative: ThreatPinch Lookup

ThreatPinch is a Chrome extension to perform information lookups on data artifacts like domain names, hashes, IP addresses, and more.

Project details

ThreatPinch Lookup is written in JavaScript.

Strengths

  • + Many integration possibilities available

Weaknesses

  • - Unknown project license

Typical usage

  • information gathering
  • threat hunting

ThreatPinch Lookup project page

64

Alternative: XRay

XRay is a security tool for reconnaissance, mapping, and OSINT gathering from public networks.

Project details

XRay is written in Golang.

Strengths

  • + The source code of this software is available

Typical usage

  • information gathering
  • reconnaissance

XRay project page

64

Alternative: Aletheia

Aletheia is a project to manage secrets in Google Cloud with CloudKMS and Cloud Storage. It can be used to store sensitive data like authentication details.

Project details

Aletheia is written in Python.

Strengths

  • + The source code of this software is available

Weaknesses

  • - Minimal or no documentation available
  • - No releases on GitHub available

Typical usage

  • data security
  • secure storage

Aletheia project page

100

Alternative: Buttercup for desktop

Buttercup is a cross-platform, free, and open-source password manager based on Node.js. It helps to store your passwords and secrets safely.

Project details

Buttercup for desktop is written in Node.js.

Strengths

  • + More than 10 contributors
  • + More than 1000 GitHub stars
  • + The source code of this software is available

Typical usage

  • password management

Buttercup for desktop project page

67

Alternative: KeePassX

KeePassX is a cross platform application to store sensitive information like usernames, passwords, and other secret.

The database is encrypted with AES (alias Rijndael) or Twofish encryption algorithm using a 256-bit key. KeePassX uses a database format that is compatible with KeePass Password Safe.

Project details

KeePassX is written in C++.

Strengths

  • + The source code of this software is available
  • + Well-known tool

Weaknesses

  • - Full name of author is unknown

Typical usage

  • secure storage

KeePassX project page

64

Alternative: pass (password-store)

The pass utility is also known as password-store. It uses GPG and Unix directories to store passwords and others secrets.

97

Alternative: pick

The pick tool provides a minimal password manager on the terminal for systems running macOS and Linux.

Project details

pick is written in Golang.

Strengths

  • + Very low number of dependencies
  • + The source code of this software is available

Typical usage

  • data security
  • secure storage

pick project page

97

Alternative: Vault

Vault is a tool created by HashiCorp to store secrets like keys and passwords. These secrets are typically used by other software components and scripts.

Project details

Vault is written in Golang.

Strengths

  • + More than 4000 GitHub stars
  • + The source code of this software is available

Typical usage

  • secure storage

Vault project page