iniscan alternatives

Looking for an alternative tool to replace iniscan? During the review of iniscan we looked at other open source tools. Based on their category, tags, and text, these are the ones that have the best match.

Top 3

  1. Parse (PHP security scanner)
  2. pcc (PHP configuration scanner)
  3. Cloud Security Suite (cloud security toolkit)

These tools are ranked as the best alternatives to iniscan.

Alternatives (by score)

60

Parse

Introduction

Writing insecure code is often easier than one might expect. A tool like Parse can perform a security analysis on PHP code.

Project details

Parse is written in PHP.

Strengths and weaknesses

  • + The source code of this software is available

    Typical usage

    • Code analysis
    • Security assessment

    Parse review

    64

    pcc (PHP Secure Configuration Checker)

    Introduction

    This tool helps with the detection of security issues in your PHP configuration. This is useful for web hosters, developers, and application owners to test their configuration for common weaknesses.

    Project details

    pcc is written in PHP.

    Strengths and weaknesses

    • + The source code of this software is available

      pcc review

      68

      Cloud Security Suite (CS Suite)

      Introduction

      Cloud Security Suite (CS Suite) is a security toolkit that allows scanning Amazon, Google, and Azure cloud platforms. It leverages tools like Lynis, Prowler, and Scout2 to collect all information. The promise of the tool is to simplify the installation of the tools, their configuration, and the data collection.

      Project details

      Cloud Security Suite is written in Python.

      Strengths and weaknesses

      • + The source code of this software is available
      • - No releases on GitHub available

      Typical usage

      • IT audit
      • Configuration audit
      • Penetration testing
      • System hardening

      Cloud Security Suite review

      74

      CloudSploit scans

      Introduction

      CloudSploit scans is an open source software project to test security risks related to an AWS account. It runs tests against your Amazon account and aims to discover any potential misconfigured setting or other risks.

      Project details

      CloudSploit scans is written in Node.js.

      Strengths and weaknesses

      • + More than 10 contributors
      • + More than 500 GitHub stars
      • + The source code of this software is available
      • - No releases on GitHub available

      Typical usage

      • IT audit
      • Configuration audit
      • Security assessment

      CloudSploit scans review

      85

      Kube-Bench

      Introduction

      Tools like Kube-Bench help with quickly checking configuration weaknesses or discovering bad defaults.

      Project details

      Kube-Bench is written in Golang.

      Strengths and weaknesses

      • + The source code of this software is available

        Kube-Bench review

        64

        LUNAR

        Introduction

        LUNAR is short for Lockdown UNix Auditing and Reporting and runs on the system itself.

        Project details

        LUNAR is written in shell script.

        Strengths and weaknesses

        • + The source code of this software is available

          Typical usage

          • Security assessment
          • Self-assessment
          • System hardening

          LUNAR review

          93

          Lynis

          Introduction

          Lynis is an open-source security auditing tool that is available since 2007 and created by Michael Boelen. Its primary goal is to evaluate the security defenses of systems running Linux or other flavors of Unix. It provides suggestions to install, configure, or correct any security measures.

          Project details

          Lynis is written in shell script.

          Strengths and weaknesses

          • + The source code is easy to read and understand
          • + More than 100 contributors
          • + More than 8000 GitHub stars
          • + Tool is easy to use
          • + Available as package (simplified installation)
          • + Commercial support available
          • + Used language is shell script
          • + Very low number of dependencies
          • + Project is mature (10+ years)
          • + The source code of this software is available

            Typical usage

            • IT audit
            • Penetration testing
            • Security assessment
            • System hardening
            • Vulnerability scanning

            Lynis review

            72

            OpenSCAP

            Introduction

            The OpenSCAP project provides a wide variety of hardening guides, configuration baselines, and tools to test for vulnerabilities and configuration issues. It uses SCAP as the protocol to store the underlying data.

            Project details

            OpenSCAP is written in C.

            Strengths and weaknesses

            • + More than 25 contributors
            • + The source code of this software is available
            • + Supported by a large company

              Typical usage

              • Security assessment
              • Vulnerability scanning

              OpenSCAP review

              85

              Prowler

              Introduction

              Prowler is a security tool to check systems on AWS against the related CIS benchmark. This benchmark provides a set of best practices for AWS. The primary usage for this tool is system hardening and compliance checking.

              Project details

              Prowler is written in shell script.

              Strengths and weaknesses

              • + More than 25 contributors
              • + More than 500 GitHub stars
              • + The source code of this software is available

                Typical usage

                • Compliance testing
                • Security assessment
                • System hardening

                Prowler review

                60

                SSHsec

                Introduction

                SSHsec scans a system running the SSH protocol and retrieves its configuration, host keys, and Diffie-Hellman groups.

                Project details

                SSHsec is written in Python.

                Strengths and weaknesses

                • + The source code of this software is available

                  Typical usage

                  • Information gathering
                  • Penetration testing
                  • Security assessment

                  SSHsec review

                  60

                  VHostScan

                  Introduction

                  Tools like VHostScan are powerful to perform reconnaissance and discover configuration defaults. This can be useful during penetration tests or security testing, to see if a system has been stripped from default pages. If not, this tool might discover them and provide valuable information about the system.

                  Project details

                  VHostScan is written in Python.

                  Strengths and weaknesses

                  • + The source code of this software is available

                    Typical usage

                    • Penetration testing
                    • Reconnaissance

                    VHostScan review

                    64

                    Zeus

                    Introduction

                    Zeus is a tool to perform a quick security scan of an AWS environment. It helps to find missing security controls, so additional system hardening measures can be applied to systems.

                    Project details

                    Zeus is written in shell script.

                    Strengths and weaknesses

                    • + Used language is shell script
                    • + The source code of this software is available
                    • - No releases on GitHub available

                    Typical usage

                    • Configuration audit
                    • Security assessment
                    • Self-assessment
                    • System hardening

                    Zeus review

                    60

                    orthrus

                    Introduction

                    Orthrus is a security framework and auditing tool. It allows monitoring and analyzing security configurations across multiple environments.

                    Project details

                    orthrus is written in Golang.

                    Strengths and weaknesses

                    • + The source code of this software is available
                    • - Project is in early phase and may be unstable

                    Typical usage

                    • Security assessment
                    • Self-assessment
                    • System hardening
                    • Vulnerability scanning

                    orthrus review

                    60

                    otseca

                    Introduction

                    Tools like otseca help with data collection. This could be useful for system administrators to collect data on a regular interval. This data then can be compared with a future data capture. Another possibility is to use it during pentesting. In that case one should have already obtained root access, as the tool requires this as well.

                    Project details

                    otseca is written in shell script.

                    Strengths and weaknesses

                    • + The source code is easy to read and understand
                    • + Tool is modular and extendable
                    • + The source code of this software is available

                      Typical usage

                      • Configuration audit
                      • Penetration testing
                      • Security assessment

                      otseca review

                      60

                      sysechk (System Security Checker)

                      Introduction

                      System Security Checker, or sysechk, is a tool to perform a system audit against a set of best practices. It uses a modular approach to test the system.

                      Project details

                      sysechk is written in shell script.

                      Strengths and weaknesses

                      • + Used language is shell script
                      • + The source code of this software is available

                        Typical usage

                        • IT audit
                        • System hardening

                        sysechk review

                        74

                        testssl.sh

                        Introduction

                        Key features of testssl.sh include:

                        • Clear output: you can tell easily whether anything is good or bad
                        • Ease of installation: It works for Linux, Darwin, FreeBSD, NetBSD and MSYS2/Cygwin out of the box: no need to install or configure something, no gems, CPAN, pip or the like.
                        • Flexibility: You can test any SSL/TLS enabled and STARTTLS service, not only webservers at port 443
                        • Toolbox: Several command line options help you to run YOUR test and configure YOUR output
                        • Reliability: features are tested thoroughly
                        • Verbosity: If a particular check cannot be performed because of a missing capability on your client side, you'll get a warning
                        • Privacy: It's only you who sees the result, not a third party
                        • Freedom: It's 100% open source. You can look at the code, see what's going on and you can change it.

                        Project details

                        testssl.sh is written in shell script.

                        Strengths and weaknesses

                        • + Used language is shell script
                        • + The source code of this software is available

                          Typical usage

                          • Application testing
                          • Configuration audit

                          testssl.sh review

                          74

                          Suhosin

                          Introduction

                          Suhosin is a security extension for PHP and consists of two parts that enhance PHP. It helps with protecting against known and unknown attacks.

                          Project details

                          Suhosin is written in C.

                          Strengths and weaknesses

                          • + The source code of this software is available
                          • - Well-known tool

                          Typical usage

                          • Application security

                          Suhosin review

                          89

                          Arachni

                          Introduction

                          Arachni is framework written in Ruby with focus on evaluating the security of web applications. Typical users include security professionals and system administrators.

                          The tooling is free and open source. Besides Linux, it also runs on macOS and Microsoft Windows.

                          Project details

                          Arachni is written in Ruby.

                          Strengths and weaknesses

                          • + More than 1000 GitHub stars
                          • + The source code of this software is available

                            Typical usage

                            • Penetration testing
                            • Security assessment
                            • Web application analysis

                            Arachni review

                            60

                            PHP Malware Finder

                            Introduction

                            PHP Malware Finder is a tool to find malicious PHP scripts. This threat is common for most web hosters and websites of their customers.

                            Project details

                            PHP Malware Finder is written in shell script.

                            Strengths and weaknesses

                            • + More than 500 GitHub stars
                            • + The source code of this software is available

                              Typical usage

                              • Malware scanning

                              PHP Malware Finder review

                              78

                              Suhosin7

                              Introduction

                              Suhosin7 is the security extension for PHP 7 versions. It protects a PHP installation by preventing different types of attacks.

                              Project details

                              Suhosin7 is written in C.

                              Strengths and weaknesses

                              • + The source code of this software is available

                                Typical usage

                                • Application security

                                Suhosin7 review

                                74

                                Nikto

                                Introduction

                                Nikto helps with performing security scans against web servers and to search for vulnerabilities in web applications.

                                Project details

                                Nikto is written in Perl.

                                Strengths and weaknesses

                                • + The source code of this software is available
                                • + Well-known tool

                                  Typical usage

                                  • Penetration testing
                                  • Security assessment
                                  • Web application analysis

                                  Nikto review

                                  60

                                  Parsero

                                  Introduction

                                  Entries that should not be crawled by a web spider, are typically placed in a Disallow entry in the robots.txt file. This file is read by a crawl tool and any of the Disallow entries are skipped for indexing. These entries are interesting, as sometimes they reveal a lot of information about the web server. This tool helps to quickly check which entries are accessible.

                                  Project details

                                  Parsero is written in Python.

                                  Strengths and weaknesses

                                  • + The source code of this software is available

                                    Parsero review

                                    97

                                    Commix

                                    Introduction

                                    Commix is short for COMMand Injection eXploiter.

                                    Project details

                                    Commix is written in Python.

                                    Strengths and weaknesses

                                    • + More than 10 contributors
                                    • + More than 1000 GitHub stars
                                    • + The source code of this software is available

                                      Commix review

                                      64

                                      DorkNet

                                      Introduction

                                      DorkNet helps with the discovery of vulnerable web apps. It is a script written in Python that leverages Selenium.

                                      Project details

                                      DorkNet is written in Python.

                                      Strengths and weaknesses

                                      • + The source code of this software is available

                                        Typical usage

                                        • Security assessment
                                        • Vulnerability scanning
                                        • Web application analysis

                                        DorkNet review

                                        60

                                        Jackhammer

                                        Introduction

                                        The tool uses RBAC (Role Based Access Control) with different levels of access. Jackhammer uses several tools to do dynamic and static code analysis (e.g. for Java, Ruby, Python, and Nodejs). It checks also for vulnerabilities in libraries. Due to its modular architecture, it can use several scanners out of the box, with options to add your own.

                                        The Jackhammer project was initially added to GitHub on the 8th of May, 2017.

                                        Project details

                                        Jackhammer is written in Ruby.

                                        Strengths and weaknesses

                                        • + The source code of this software is available

                                          Typical usage

                                          • Collaboration
                                          • Information sharing

                                          Jackhammer review

                                          Some relevant tool missing as an alternative to iniscan? Please contact us with your suggestion.