Gitrob alternatives

Looking for a better tool, or simply want to learn about alternatives? There is typically more than one option.

Alternatives (by tag)

85

Alternative: Belati

Belati is security tool to collect public data and information and calls itself a Swiss army knife for OSINT purposes.

Project details

Belati is written in Python.

Strengths

  • + The source code of this software is available

Weaknesses

  • - Full name of author is unknown

Typical usage

  • information gathering

Belati project page

52

Alternative: dirsearch

Dirsearch is a tool to guide security professionals to find possible information leaks or sensitive data. It does this by looking for directory and file names.

Project details

dirsearch is written in Python.

Strengths

  • + More than 10 contributors
  • + More than 500 GitHub stars
  • + The source code of this software is available

Typical usage

  • information gathering
  • penetration test
  • security assessment

dirsearch project page

64

Alternative: DirSearch (Go)

DirSearch is a scanning tool to find directories and files on web applications. It is a remake of the dirsearch tool that was created by Mauro Soria.

Project details

DirSearch (Go) is written in Golang.

Strengths

  • + The source code of this software is available

Typical usage

  • information gathering
  • penetration test
  • security assessment

DirSearch (Go) project page

76

Alternative: Gitem

Gitem is a reconnaissance tool to extract information about organizations on GitHub. It can be used to find the leaking of sensitive data.

Project details

Gitem is written in Python.

Strengths

  • + The source code of this software is available

Weaknesses

  • - Full name of author is unknown

Typical usage

  • information gathering
  • security assessment
  • security monitoring
  • self-assessment

Gitem project page

56

Alternative: Metagoofil

Metagoofil is an information gathering tool with focus extracting any metadata from public documents.

Metagoofil will perform a search in Google based on the given domain name. Any public documents will be downloaded and analyzed. For this task it uses libraries like Hachoir, PdfMiner?, and others. Useful details include username, software versions, hostnames, etc.

File types: pdf, doc, xls, ppt, docx, pptx, xlsx

Project details

Metagoofil is written in Python.

Strengths

  • + The source code of this software is available

Typical usage

  • information gathering
  • penetration test

Metagoofil project page

100

Alternative: osquery

The osquery tool allows querying your Linux, Windows, and macOS infrastructure. It can help with intrusion detection, infrastructure reliability, or compliance.

Project details

osquery is written in C++, Python.

Strengths

  • + More than 100 contributors
  • + More than 9000 stars
  • + The source code of this software is available
  • + Supported by a large company

Typical usage

  • compliance testing
  • information gathering
  • security monitoring

osquery project page

64

Alternative: OSRFramework

OSRFramework is an open source research framework. The project helps with information gathering and can be classified as an OSINT tool.

Project details

OSRFramework is written in Python.

Strengths

  • + Available as package (simplified installation)
  • + The source code of this software is available

Weaknesses

  • - No releases on GitHub available

Typical usage

  • information gathering

OSRFramework project page

78

Alternative: SearchSploit

Exploit-DB's CLI search tool to find any exploits from the database. The tool is written in shell script and maintained by Offensive Security.

This little utility can search for exploits and related data in the Exploit-DB.

Project details

SearchSploit is written in shell script.

Strengths

  • + Used language is shell script

Weaknesses

  • - Full name of author is unknown
  • - Unknown project license

Typical usage

  • information gathering

SearchSploit project page

56

Alternative: theHarvester

theHarvester is a tool to gather email accounts, subdomains, virtual hosts, open ports, banners, and employee names. It uses different public sources.

This tool is a typical information collection tool to retrieve public data and get it all into one place. It is useful for penetration tests, or if you want to see what is available for your company.

64

Alternative: web-hunter

Web-hunter is a tool to crawl search engines like Google and Bing to find emails, sub domains, and URLs associated with a specified target domain.

Project details

web-hunter is written in Python.

Strengths

  • + The source code of this software is available

Typical usage

  • information gathering

web-hunter project page

64

Alternative: weblocator

The weblocator security tool performs a discovery search to find directories and files. This can be useful for penetration tests to find sensitive data.

Project details

weblocator is written in Python.

Strengths

  • + The source code of this software is available

Typical usage

  • information gathering
  • penetration test
  • security assessment

weblocator project page

89

Alternative: DataSploit

DataSploit is a framework to perform intelligence gather to discover credentials, domain information, and other information related to the target.

Project details

DataSploit is written in Python.

Strengths

  • + The source code of this software is available

Typical usage

  • information gathering
  • security monitoring

DataSploit project page

97

Alternative: SpiderFoot

SpiderFoot is an open source intelligence automation tool (OSINT). It automates the process of gathering intelligence, like IP addresses, domains, and networks.

SpiderFoot can be used offensively during penetration tests, or defensively to learn what information is available about your organization.

Project details

SpiderFoot is written in Python.

Strengths

  • + The source code of this software is available

Typical usage

  • information gathering

SpiderFoot project page

60

Alternative: ThreatPinch Lookup

ThreatPinch is a Chrome extension to perform information lookups on data artifacts like domain names, hashes, IP addresses, and more.

Project details

ThreatPinch Lookup is written in JavaScript.

Strengths

  • + Many integration possibilities available

Weaknesses

  • - Unknown project license

Typical usage

  • information gathering
  • threat hunting

ThreatPinch Lookup project page

70

Alternative: KeePassX

KeePassX is a cross platform application to store sensitive information like usernames, passwords, and other secret.

The database is encrypted with AES (alias Rijndael) or Twofish encryption algorithm using a 256-bit key. KeePassX uses a database format that is compatible with KeePass Password Safe.

Project details

KeePassX is written in C++.

Strengths

  • + The source code of this software is available
  • + Well-known tool

Weaknesses

  • - Full name of author is unknown

Typical usage

  • secure storage

KeePassX project page

72

Alternative: pass (password-store)

The pass utility is also known as password-store. It uses GPG and Unix directories to store passwords and others secrets.

76

Alternative: pick

The pick tool provides a minimal password manager on the terminal for systems running macOS and Linux.

This CLI tool is a password manager to store secrets.

Project details

pick is written in Golang.

Strengths

  • + The source code of this software is available

pick project page

97

Alternative: Vault

Vault is a tool created by HashiCorp to store secrets like keys and passwords. These secrets are typically used by other software components and scripts.

Project details

Vault is written in Golang.

Strengths

  • + More than 4000 GitHub stars
  • + The source code of this software is available

Typical usage

  • secure storage

Vault project page