graudit alternatives

Looking for a better tool, or simply want to learn about alternatives? There is typically more than one option.

Alternatives (by tag)

93

Alternative: ntopng

ntopng is the successor of the original ntop utility. It shows network usage by capturing traffic and provide insights on the usage.

The ntopng replaced the older ntop utility. It now focuses on high-speed traffic analysis and flow collection. Typically this is useful for analysis of network traffic and troubleshooting of overused network links.

Project details

ntopng is written in C++.

Strengths

  • + The source code of this software is available

Typical usage

  • network analysis
  • troubleshooting

ntopng project page

93

Alternative: Xplico

Xplico is a forensics analysis tool to investigate the traffic patterns in a pcap file. It is released as a GPL project, with some scripts under a CC license.

With Xplico analysis can be performed on captured internet traffic. The data stored in a pcap file can then be displayed and the related protocol data can be extracted from the capture file. This may include emails, HTTP sessions, VoIP calls, or anything that can be recognized and stored.

93

Alternative: Brakeman

Brakeman is a static code analysis tool for Ruby on Rails to perform a security review. It comes as an open source project with optional commercial support.

Project details

Brakeman is written in Ruby.

Strengths

  • + Commercial support available
  • + The source code of this software is available

Typical usage

  • code analysis

Brakeman project page

67

Alternative: Cppcheck

Cppcheck is a static code analysis tool for C and C++ code. It helps to discover bugs that would not be picked up by compilers, yet avoid any false positives.

64

Alternative: Jackhammer

Jackhammer is a collaboration tool to get security and developer teams together. Focus is on static code analysis and dynamic analysis vulnerability discovery.

The tool uses RBAC (Role Based Access Control) with different levels of access. Jackhammer uses several tools to do dynamic and static code analysis (e.g. for Java, Ruby, Python, and Nodejs). It checks also for vulnerabilities in libraries. Due to its modular architecture, it can use several scanners out of the box, with options to add your own.

The Jackhammer project was initially added to GitHub on the 8th of May, 2017.

Project details

Jackhammer is written in Ruby.

Strengths

  • + The source code of this software is available

Typical usage

  • collaboration
  • information sharing

Jackhammer project page

64

Alternative: PyT (Python Taint)

Python Taint (or PyT) is a static code analyzer for Python scripts and applications. It tries to discover vulnerabilities or other possible weaknesses.

Project details

PyT is written in Python.

Strengths

  • + The source code of this software is available

Typical usage

  • code analysis

PyT project page

56

Alternative: Shellyzer

Shellyzer helps with static code analysis for both developers and security professionals, to test the quality of shell scripts. This is also known as linting.

Project details

Shellyzer is written in Python.

Strengths

  • + The source code of this software is available

Weaknesses

  • - Unknown project license

Typical usage

  • code analysis

Shellyzer project page

74

Alternative: angr

Angr is a security tool written in Python to allow analyzing binaries. It provides a combination of static and dynamic analysis.

Project details

angr is written in Python.

Strengths

  • + More than 50 contributors
  • + More than 1000 GitHub stars
  • + The source code of this software is available

Typical usage

  • binary analysis
  • malware analysis

angr project page

64

Alternative: Bandit

Bandit is an AST-based static analyzer for analyzing Python code. It helps with finding code flaws that could lead to security vulnerabilities.

68

Alternative: yasca (Yet Another Source Code Analyzer)

Yasca is a tool to perform code analysis and linting. It can be used by developers and security professionals to evaluate the code quality.

Project details

yasca is written in PHP.

Strengths

  • + The source code of this software is available

Typical usage

  • code analysis

yasca project page

76

Alternative: arch-audit

Utility like pkg-audit for Arch Linux to find vulnerable packages on the system

The arch-audit utility scans the system for known vulnerabilities. It does so by looking at the version of installed packages and compare them with a database of known vulnerable versions.

Project details

arch-audit is written in Rust.

Strengths

  • + The source code of this software is available

Typical usage

  • vulnerability scanning

arch-audit project page

64

Alternative: CMSmap

CMSmap is a security tool to perform reconnaissance on a web target. It helps with the detection of several popular content management systems (CMS).

Project details

CMSmap is written in Python.

Strengths

  • + The source code of this software is available

Typical usage

  • application testing
  • information gathering
  • vulnerability scanning
  • web application analysis

CMSmap project page

96

Alternative: detectem

Detectem can scan web applications and detect used software components like jQuery, Apache middleware, and others.

Project details

detectem is written in Python.

Strengths

  • + The source code of this software is available

Typical usage

  • application security
  • application testing
  • reconnaissance
  • vulnerability scanning

detectem project page

52

Alternative: Glastopf

Glastopf is a honeypot for web applications. It is written in Python and collects all kind of attacks against it for further analysis.

Glastopf emulates vulnerabilities in a generic way. Instead of emulating specific vulnerabilities, it mimics being vulnerable for more attacks within that area (e.g. Remote File Inclusion). The tool is modular and allows to be extended with different logging capabilities.

This project is replaced by SNARE.

64

Alternative: Pompem

Pompem is an open source security tool to automate the search for exploits and vulnerabilities in public databases.

Pompem is written in Python and helps pentesters to search public sources for vulnerability information and a related exploit.

Sources

  • CXSecurity
  • National Vulnerability Database
  • PacketStorm security
  • Vulners
  • WPScan Vulnerability Database
  • ZeroDay

Project details

Pompem is written in Python.

Strengths

  • + The source code of this software is available

Typical usage

  • vulnerability scanning

Pompem project page

84

Alternative: Spaghetti

Spaghetti is a web vulnerability scanner to find flaws in common web applications and frameworks. It can perform fingerprinting and vulnerability discovery.

Project details

Spaghetti is written in Python.

Strengths

  • + The source code of this software is available

Typical usage

  • penetration test
  • vulnerability scanning
  • vulnerability testing

Spaghetti project page

100

Alternative: vFeed

vFeed is a set of tools around correlated vulnerability and threat intelligence. It provides a database, API, and supporting tools to store vulnerability data.

vFeed consists of a database and utilities to store vulnerability data. It uses third-party references and data, which then can be used to see if a software component has a known vulnerability. The data itself is enriched by cross-checking it and store additional details about the vulnerabilities.

The vFeed tooling has an API available with JSON output. It can be used by security researchers and practitioners to validate vulnerabilities and retrieve all available details.

Project details

vFeed is written in Python.

Strengths

  • + Commercial support available
  • + The source code of this software is available

Typical usage

  • security assessment
  • vulnerability scanning

vFeed project page

85

Alternative: vulnerability-alerter

Vulnerability-alerter is a security tool to retrieve vulnerability data from NIST's database (NVD). This data can be used to discover recent vulnerabilities.

Project details

vulnerability-alerter is written in Python.

Strengths

  • + The source code of this software is available

Typical usage

  • vulnerability management
  • vulnerability testing

vulnerability-alerter project page

64

Alternative: vulnerable-node

Vulnerable-node is a vulnerable website with identified vulnerabilities. It can be used to test the quality of tools and is written in Node.js.

Project details

vulnerable-node is written in Node.js.

Strengths

  • + The source code of this software is available

Typical usage

  • learning
  • security assessment
  • software testing
  • vulnerability scanning
  • web application analysis

vulnerable-node project page

64

Alternative: vulnix

Vulnix is a security scanner for NixOS. It specifically looks for vulnerabilities in available packages and comes with a command line interface (CLI).

Project details

vulnix is written in Python.

Strengths

  • + The source code of this software is available

Typical usage

  • vulnerability scanning

vulnix project page

89

Alternative: Vuls

Vuls is a vulnerability scanner for Linux and FreeBSD. It is written in Go, agentless, and does a remote login to find any software vulnerabilities.

Project details

Vuls is written in Golang.

Strengths

  • + More than 50 contributors
  • + More than 4000 GitHub stars
  • + The source code of this software is available

Typical usage

  • system hardening
  • vulnerability scanning

Vuls project page