Infection Monkey alternatives

Looking for an alternative tool to replace Infection Monkey? During the review of Infection Monkey we looked at other open source tools. Based on their category, tags, and text, these are the ones that have the best match.

Top 3

  1. AutoSploit (automated host exploitation)
  2. Leviathan Framework (mass audit toolkit)
  3. arpag (automatic exploiting tool)

These tools are ranked as the best alternatives to Infection Monkey.

Alternatives (by score)

64

AutoSploit

Introduction

AutoSploit attempts to automate the exploitation of remote hosts for security assessments. Targets can be collected automatically or manually provided. Automatic sources include Censys, Shodan, and Zoomeye.

Project details

AutoSploit is written in Python.

Strengths and weaknesses

  • + More than 10 contributors
  • + More than 3000 GitHub stars
  • + The source code of this software is available

    Typical usage

    • Service exploitation
    • System exploitation

    AutoSploit review

    60

    Leviathan Framework

    Introduction

    Leviathan is a security tool to provide a wide range of services including service discovery, brute force, SQL injection detection, and exploit capabilities. The primary reason to use this tool is to do massive scans on many systems at once. For example to include a huge network range, country-wide scan, or even full internet scan.

    Project details

    Leviathan Framework is written in Python.

    Strengths and weaknesses

    • + More than 500 contributors
    • + The source code of this software is available

      Typical usage

      • Penetration testing
      • Security assessment
      • Service exploitation

      Leviathan Framework review

      64

      arpag

      Introduction

      Tools like arpag can help with automating penetration tests and security assessments. By testing automatically for a set of exploits, the remaining time can be spend in other areas.

      Project details

      arpag is written in Python.

      Strengths and weaknesses

      • + Very low number of dependencies
      • + The source code of this software is available
      • - No releases on GitHub available

      Typical usage

      • Penetration testing
      • Security awareness
      • Service exploitation

      arpag review

      60

      ShellPop

      Introduction

      During a penetration test, you might have an opportunity to gain shell access to a system. This tool helps with crafting the required type of reverse or bind shell for the task. PopShell also helps with encoding, staging, or switching between different protocols.

      Project details

      ShellPop is written in Python.

      Strengths and weaknesses

      • + The source code of this software is available

        Typical usage

        • Penetration testing

        ShellPop review

        74

        Vulnreport

        Introduction

        Vulnreport is a platform to deal with penetration test results. The tool formats them and provides actionable findings reports. The platform is strong in focusing on automation, to reduce the time spent by engineers.

        Project details

        Vulnreport is written in Ruby.

        Strengths and weaknesses

        • + The source code of this software is available

          Typical usage

          • Security reviews
          • Vulnerability management
          • Vulnerability scanning

          Vulnreport review

          70

          BeEF

          Introduction

          BeEF is used by penetration testers to assess the security of a system by leveraging the web browser. This makes the tool different to many other tools, as it ignores the security on network or system level. It uses command modules from within the web browser to perform requested attacks against the system.

          Project details

          74

          Metasploit Framework

          Introduction

          Metasploit is a framework that consists of tools to perform security assignments. It focuses on the offensive side of security and leverages exploit modules.

          Project details

          Metasploit Framework is written in Ruby.

          Strengths and weaknesses

          • + More than 400 contributors
          • + More than 9000 stars
          • + Many maintainers
          • + The source code of this software is available
          • + Supported by a large company
          • + Well-known tool

            Typical usage

            • Penetration testing
            • Security assessment
            • Vulnerability scanning

            Metasploit Framework review

            60

            Pupy

            Introduction

            Pupy is an open source remote administration and post-exploitation tool. It is mainly written in Python and works Androi, Linux, macOS, and Windows.

            Project details

            Pupy is written in Python.

            Strengths and weaknesses

            • + The source code of this software is available

              Typical usage

              • Penetration testing
              • Security assessment

              Pupy review

              64

              RouterSploit

              Introduction

              RouterSploit is a framework to exploit embedded devices such as cameras and routers. It can be used during penetration testing to test the security of a wide variety of devices. RouterSploit comes with several modules to scan and exploit the devices. The tool helps in all steps, like from credential testing to deploying a payload to perform an exploitation attempt.

              Project details

              RouterSploit is written in Python.

              Strengths and weaknesses

              • + More than 50 contributors
              • + More than 6000 GitHub stars
              • + The source code of this software is available

                Typical usage

                • Penetration testing
                • Self-assessment
                • Software testing
                • Vulnerability scanning

                RouterSploit review

                84

                Ruler

                Introduction

                The main aim for this tool is abusing the client-side Outlook features and gain a shell remotely.

                Project details

                Ruler is written in Golang.

                Strengths and weaknesses

                • + The source code of this software is available

                  Typical usage

                  • Penetration testing
                  • Security assessment

                  Ruler review

                  89

                  sqlmap

                  Introduction

                  The sqlmap is a well-known tool with an amazing number of GitHub stars (10,000+). It is used by many security professionals around the world to test the security of both web applications and the database that stores the data.

                  Project details

                  60

                  PassGen

                  Introduction

                  PassGen is a tool to help with password dictionary attacks to guess a password. It does not perform the attack but creates the related database.

                  Project details

                  PassGen is written in Python.

                  Strengths and weaknesses

                  • + The source code of this software is available

                    Typical usage

                    • Password discovery
                    • Password strength testing
                    • Security assessment

                    PassGen review

                    68

                    Patator

                    Introduction

                    Patator is based on similar tools like Hydra, yet with the goal to avoid the common flaws these tools have like performance limitations. The tool is modular and supports different types of brute-force attacks or enumeration of information.

                    Project details

                    Patator is written in Python.

                    Strengths and weaknesses

                    • + More than 500 GitHub stars
                    • + The source code of this software is available

                      Typical usage

                      • Password discovery
                      • Penetration testing
                      • Reconnaissance
                      • Vulnerability scanning

                      Patator review

                      56

                      acccheck

                      Introduction

                      The acccheck tool performs a password guessing and dictionary attack on SMB services used to share files and printers.

                      Project details

                      acccheck is written in Perl.

                      Strengths and weaknesses

                      • + The source code of this software is available
                      • - No updates for a while

                      Typical usage

                      • Password discovery
                      • Password strength testing

                      acccheck review

                      74

                      Cuckoo Sandbox (cuckoo)

                      Introduction

                      In a matter of seconds, Cuckoo Sandbox provides detailed results on what a file does within an isolated environment. This helps with malware analysis and understanding what it exactly tries to achieve. Further analysis can be done, based on the previous actions that were done.

                      Cuckoo Sandbox was created by Claudio Guarnieri as part of the Google Summer of Code project in 2010.

                      Project details

                      Cuckoo Sandbox is written in Python.

                      Strengths and weaknesses

                      • + More than 2000 GitHub stars
                      • + The source code of this software is available
                      • - Many provided pull requests are still open
                      • - Many reported issues are still open

                      Typical usage

                      • Digital forensics
                      • Malware analysis

                      Cuckoo Sandbox review

                      Some relevant tool missing as an alternative to Infection Monkey? Please contact us with your suggestion.