iniscan alternatives

Looking for an alternative tool to replace iniscan? During the review of iniscan we looked at other open source tools. Based on their category, tags, and text, these are the ones that have the best match.

Top 3

  1. Parse (PHP security scanner)
  2. pcc (PHP configuration scanner)
  3. Cloud Security Suite (cloud security toolkit)

These tools are ranked as the best alternatives to iniscan.

Alternatives (by score)

60

Parse

Introduction

Writing insecure code is often easier than one might expect. A tool like Parse can perform a security analysis on PHP code.

Project details

Parse is written in PHP.

Strengths and weaknesses

  • + The source code of this software is available

    Typical usage

    • Code analysis
    • Security assessment

    Parse review

    64

    pcc (PHP Secure Configuration Checker)

    Introduction

    This tool helps with the detection of security issues in your PHP configuration. This is useful for web hosters, developers, and application owners to test their configuration for common weaknesses.

    Project details

    pcc is written in PHP.

    Strengths and weaknesses

    • + The source code of this software is available

      pcc review

      68

      Cloud Security Suite (CS Suite)

      Introduction

      Cloud Security Suite (CS Suite) is a security toolkit that allows scanning Amazon, Google, and Azure cloud platforms. It leverages tools like Lynis, Prowler, and Scout2 to collect all information. The promise of the tool is to simplify the installation of the tools, their configuration, and the data collection.

      Project details

      Cloud Security Suite is written in Python.

      Strengths and weaknesses

      • + The source code of this software is available
      • - No releases on GitHub available

      Typical usage

      • Configuration audit
      • IT audit
      • Penetration testing
      • System hardening

      Cloud Security Suite review

      78

      CloudSploit scans

      Introduction

      CloudSploit scans is an open source software project to test security risks related to an AWS account. It runs tests against your Amazon account and aims to discover any potential misconfigured setting or other risks.

      Project details

      CloudSploit scans is written in Node.js.

      Strengths and weaknesses

      • + More than 10 contributors
      • + More than 500 GitHub stars
      • + The source code of this software is available
      • - No releases on GitHub available

      Typical usage

      • Configuration audit
      • IT audit
      • Security assessment

      CloudSploit scans review

      85

      Kube-Bench

      Introduction

      Tools like Kube-Bench help with quickly checking configuration weaknesses or discovering bad defaults.

      Project details

      Kube-Bench is written in Golang.

      Strengths and weaknesses

      • + The source code of this software is available

        Kube-Bench review

        64

        LUNAR

        Introduction

        LUNAR is short for Lockdown UNix Auditing and Reporting and runs on the system itself.

        Project details

        LUNAR is written in shell script.

        Strengths and weaknesses

        • + The source code of this software is available

          Typical usage

          • Security assessment
          • Self-assessment
          • System hardening

          LUNAR review

          100

          Lynis

          Introduction

          Lynis is an open source security auditing tool that is available since 2007 and created by Michael Boelen. Its primary goal is to evaluate the security defenses of systems running Linux or other flavors of Unix. It provides suggestions to install, configure, or correct any security measures.

          Project details

          Lynis is written in shell script.

          Strengths and weaknesses

          • + More than 50 contributors
          • + Commercial support available
          • + More than 4000 GitHub stars
          • + Used language is shell script
          • + Very low number of dependencies
          • + Project is mature (10+ years)
          • + The source code of this software is available

            Typical usage

            • IT audit
            • Penetration testing
            • Security assessment
            • System hardening
            • Vulnerability scanning

            Lynis review

            60

            orthrus

            Introduction

            Orthrus is a security framework and auditing tool. It allows monitoring and analyzing security configurations across multiple environments.

            Project details

            orthrus is written in Golang.

            Strengths and weaknesses

            • + The source code of this software is available
            • - Project is in early phase and may be unstable

            Typical usage

            • Security assessment
            • Self-assessment
            • System hardening
            • Vulnerability scanning

            orthrus review

            60

            otseca

            Introduction

            Tools like otseca help with data collection. This could be useful for system administrators to collect data on a regular interval. This data then can be compared with a future data capture. Another possibility is to use it during pentesting. In that case one should have already obtained root access, as the tool requires this as well.

            Project details

            otseca is written in shell script.

            Strengths and weaknesses

            • + The source code is easy to read and understand
            • + Tool is modular and extendable
            • + The source code of this software is available

              Typical usage

              • Configuration audit
              • Penetration testing
              • Security assessment

              otseca review

              68

              Prowler

              Introduction

              Prowler is a security tool to check systems on AWS against the related CIS benchmark. This benchmark provides a set of best practices for AWS. The primary usage for this tool is system hardening and compliance checking.

              Project details

              Prowler is written in shell script.

              Strengths and weaknesses

              • + More than 25 contributors
              • + More than 500 GitHub stars
              • + The source code of this software is available

                Typical usage

                • Compliance testing
                • Security assessment
                • System hardening

                Prowler review

                60

                SSHsec

                Introduction

                SSHsec scans a system running the SSH protocol and retrieves its configuration, host keys, and Diffie-Hellman groups.

                Project details

                SSHsec is written in Python.

                Strengths and weaknesses

                • + The source code of this software is available

                  Typical usage

                  • Information gathering
                  • Penetration testing
                  • Security assessment

                  SSHsec review

                  60

                  sysechk (System Security Checker)

                  Introduction

                  System Security Checker, or sysechk, is a tool to perform a system audit against a set of best practices. It uses a modular approach to test the system.

                  Project details

                  sysechk is written in shell script.

                  Strengths and weaknesses

                  • + Used language is shell script
                  • + The source code of this software is available

                    Typical usage

                    • IT audit
                    • System hardening

                    sysechk review

                    89

                    testssl.sh

                    Introduction

                    Key features of testssl.sh include:

                    • Clear output: you can tell easily whether anything is good or bad
                    • Ease of installation: It works for Linux, Darwin, FreeBSD, NetBSD and MSYS2/Cygwin out of the box: no need to install or configure something, no gems, CPAN, pip or the like.
                    • Flexibility: You can test any SSL/TLS enabled and STARTTLS service, not only webservers at port 443
                    • Toolbox: Several command line options help you to run YOUR test and configure YOUR output
                    • Reliability: features are tested thoroughly
                    • Verbosity: If a particular check cannot be performed because of a missing capability on your client side, you'll get a warning
                    • Privacy: It's only you who sees the result, not a third party
                    • Freedom: It's 100% open source. You can look at the code, see what's going on and you can change it.

                    Project details

                    testssl.sh is written in shell script.

                    Strengths and weaknesses

                    • + Used language is shell script
                    • + The source code of this software is available

                      Typical usage

                      • Application testing
                      • Configuration audit

                      testssl.sh review

                      60

                      VHostScan

                      Introduction

                      Tools like VHostScan are powerful to perform reconnaissance and discover configuration defaults. This can be useful during penetration tests or security testing, to see if a system has been stripped from default pages. If not, this tool might discover them and provide valuable information about the system.

                      Project details

                      VHostScan is written in Python.

                      Strengths and weaknesses

                      • + The source code of this software is available

                        Typical usage

                        • Penetration testing
                        • Reconnaissance

                        VHostScan review

                        64

                        Zeus

                        Introduction

                        Zeus is a tool to perform a quick security scan of an AWS environment. It helps to find missing security controls, so additional system hardening measures can be applied to systems.

                        Project details

                        Zeus is written in shell script.

                        Strengths and weaknesses

                        • + Used language is shell script
                        • + The source code of this software is available
                        • - No releases on GitHub available

                        Typical usage

                        • Configuration audit
                        • Security assessment
                        • Self-assessment
                        • System hardening

                        Zeus review

                        74

                        Suhosin

                        Introduction

                        Suhosin is a security extension for PHP and consists of two parts that enhance PHP. It helps with protecting against known and unknown attacks.

                        Project details

                        Suhosin is written in C.

                        Strengths and weaknesses

                        • + The source code of this software is available
                        • - Well-known tool

                        Typical usage

                        • Application security

                        Suhosin review

                        74

                        Arachni

                        Introduction

                        Arachni is framework written in Ruby with focus on evaluating the security of web applications. Typical users include security professionals and system administrators.

                        The tooling is free and open source. Besides Linux, it also runs on macOS and Microsoft Windows.

                        Project details

                        Arachni is written in Ruby.

                        Strengths and weaknesses

                        • + More than 1000 GitHub stars
                        • + The source code of this software is available

                          Typical usage

                          • Penetration testing
                          • Security assessment
                          • Web application analysis

                          Arachni review

                          60

                          PHP Malware Finder

                          Introduction

                          PHP Malware Finder is a tool to find malicious PHP scripts. This threat is common for most web hosters and websites of their customers.

                          Project details

                          PHP Malware Finder is written in shell script.

                          Strengths and weaknesses

                          • + More than 500 GitHub stars
                          • + The source code of this software is available

                            Typical usage

                            • Malware scanning

                            PHP Malware Finder review

                            78

                            Suhosin7

                            Introduction

                            Suhosin7 is the security extension for PHP 7 versions. It protects a PHP installation by preventing different types of attacks.

                            Project details

                            Suhosin7 is written in C.

                            Strengths and weaknesses

                            • + The source code of this software is available

                              Typical usage

                              • Application security

                              Suhosin7 review

                              74

                              Nikto

                              Introduction

                              Nikto helps with performing security scans against web servers and to search for vulnerabilities in web applications.

                              Project details

                              Nikto is written in Perl.

                              Strengths and weaknesses

                              • + The source code of this software is available
                              • + Well-known tool

                                Typical usage

                                • Penetration testing
                                • Security assessment
                                • Web application analysis

                                Nikto review

                                60

                                Parsero

                                Introduction

                                Entries that should not be crawled by a web spider, are typically placed in a Disallow entry in the robots.txt file. This file is read by a crawl tool and any of the Disallow entries are skipped for indexing. These entries are interesting, as sometimes they reveal a lot of information about the web server. This tool helps to quickly check which entries are accessible.

                                Project details

                                Parsero is written in Python.

                                Strengths and weaknesses

                                • + The source code of this software is available

                                  Parsero review

                                  96

                                  Commix

                                  Introduction

                                  Commix is short for COMMand Injection eXploiter.

                                  Project details

                                  Commix is written in Python.

                                  Strengths and weaknesses

                                  • + More than 10 contributors
                                  • + More than 1000 GitHub stars
                                  • + The source code of this software is available

                                    Commix review

                                    85

                                    django-axes

                                    Introduction

                                    This tool may be used by developers that work with the Django framework. It adds a security layer on top of the application by looking at login attempts and track them.

                                    Project details

                                    django-axes is written in Python.

                                    Strengths and weaknesses

                                    • + More than 50 contributors
                                    • + The source code of this software is available

                                      Typical usage

                                      • Application security

                                      django-axes review

                                      89

                                      django-security

                                      Introduction

                                      Django-security is an extension for developers seeking more security measures in their Django project. The toolkit can set or activate particular settings improving security. Examples of these settings include the use of particular HTTP headers that increase the security defenses of the web application.

                                      Part of the toolkit is middleware to enforce password strength, set the do-not-track header, enable content security policy (CSP), enable privacy policy (P3P), limit session length, use HTTPS (HSTS), XSS protection, and more.

                                      Project details

                                      django-security is written in Python.

                                      Strengths and weaknesses

                                      • + More than 10 contributors
                                      • + The source code of this software is available

                                        Typical usage

                                        • Application security

                                        django-security review

                                        64

                                        DorkNet

                                        Introduction

                                        DorkNet helps with the discovery of vulnerable web apps. It is a script written in Python that leverages Selenium.

                                        Project details

                                        DorkNet is written in Python.

                                        Strengths and weaknesses

                                        • + The source code of this software is available

                                          Typical usage

                                          • Security assessment
                                          • Vulnerability scanning
                                          • Web application analysis

                                          DorkNet review

                                          Some relevant tool missing as an alternative to iniscan? Please contact us with your suggestion.