Metasploit Framework alternatives
Looking for an alternative tool to replace Metasploit Framework? During the review of Metasploit Framework we looked at other open source tools. Based on their category, tags, and text, these are the ones that have the best match.
Top 3
- OWTF (offensive web testing framework)
- BeEF (browser exploitation framework)
- RouterSploit (exploitation and testing for embedded devices)
These tools are ranked as the best alternatives to Metasploit Framework.
Alternatives (by score)
OWTF (Offensive Web Testing Framework)
Introduction
OWTF is short for Offensive Web Testing Framework and it is one of the many OWASP projects to improve security.
Project details
OWTF is written in Python.
Strengths and weaknesses
- + More than 25 contributors
- + More than 500 GitHub stars
- + The source code of this software is available
Typical usage
- Penetration testing
- Security assessment
BeEF
Introduction
BeEF is used by penetration testers to assess the security of a system by leveraging the web browser. This makes the tool different to many other tools, as it ignores the security on network or system level. It uses command modules from within the web browser to perform requested attacks against the system.
Project details
RouterSploit
Introduction
RouterSploit is a framework to exploit embedded devices such as cameras and routers. It can be used during penetration testing to test the security of a wide variety of devices. RouterSploit comes with several modules to scan and exploit the devices. The tool helps in all steps, like from credential testing to deploying a payload to perform an exploitation attempt.
Project details
RouterSploit is written in Python.
Strengths and weaknesses
- + More than 50 contributors
- + More than 6000 GitHub stars
- + The source code of this software is available
Typical usage
- Penetration testing
- Self-assessment
- Software testing
- Vulnerability scanning
fsociety
Introduction
The fsociety toolkit is a penetration framework containing other security tools. The project states that is includes all the tools that are used in the Mr. Robot tv series.Project details
fsociety is written in Python.
Strengths and weaknesses
- + More than 10 contributors
- + More than 2000 GitHub stars
- + The source code of this software is available
- - Full name of author is unknown
Typical usage
- Penetration testing
- Security assessment
AutoSploit
Introduction
AutoSploit attempts to automate the exploitation of remote hosts for security assessments. Targets can be collected automatically or manually provided. Automatic sources include Censys, Shodan, and Zoomeye.
Project details
AutoSploit is written in Python.
Strengths and weaknesses
- + More than 10 contributors
- + More than 3000 GitHub stars
- + The source code of this software is available
Typical usage
- Service exploitation
- System exploitation
Infection Monkey
Introduction
This tool is useful for security assessments to test for weaknesses within the network. By automating the exploitation phase as much as possible, it will help finding any weak targets within the boundaries of the data center.
Project details
Infection Monkey is written in Python.
Strengths and weaknesses
- + More than 25 contributors
- + More than 5000 GitHub stars
- + The source code of this software is available
Typical usage
- Password discovery
- Service exploitation
- System exploitation
Leviathan Framework
Introduction
Leviathan is a security tool to provide a wide range of services including service discovery, brute force, SQL injection detection, and exploit capabilities. The primary reason to use this tool is to do massive scans on many systems at once. For example to include a huge network range, country-wide scan, or even full internet scan.
Project details
Leviathan Framework is written in Python.
Strengths and weaknesses
- + More than 500 contributors
- + The source code of this software is available
Typical usage
- Penetration testing
- Security assessment
- Service exploitation
Pupy
Introduction
Pupy is an open source remote administration and post-exploitation tool. It is mainly written in Python and works Androi, Linux, macOS, and Windows.Project details
Pupy is written in Python.
Strengths and weaknesses
- + The source code of this software is available
Typical usage
- Penetration testing
- Security assessment
Ruler
Introduction
The main aim for this tool is abusing the client-side Outlook features and gain a shell remotely.
Project details
Ruler is written in Golang.
Strengths and weaknesses
- + The source code of this software is available
Typical usage
- Penetration testing
- Security assessment
arpag
Introduction
Tools like arpag can help with automating penetration tests and security assessments. By testing automatically for a set of exploits, the remaining time can be spend in other areas.
Project details
arpag is written in Python.
Strengths and weaknesses
- + Very low number of dependencies
- + The source code of this software is available
- - No releases on GitHub available
Typical usage
- Penetration testing
- Security awareness
- Service exploitation
sqlmap
Introduction
The sqlmap is a well-known tool with an amazing number of GitHub stars (10,000+). It is used by many security professionals around the world to test the security of both web applications and the database that stores the data.
Project details
Dockerscan
Introduction
Dockerscan is a Docker toolkit for security analysis which includes attacking tools. It is more focused on side of the offensive than defensive.Project details
Dockerscan is written in Python.
Strengths and weaknesses
- + More than 500 GitHub stars
- + The source code of this software is available
Typical usage
- Information gathering
- Security assessment
- Vulnerability scanning
Pyersinia
Introduction
Pyersinia is a tool like Yersinia and can perform network attacks such as spoofing ARP, DHCP DoS , STP DoS, and more. It is written in Python and uses Scapy.Project details
Pyersinia is written in Python.
Strengths and weaknesses
- + The source code of this software is available
Typical usage
- Network analysis
- Penetration testing
- Security assessment
evilredis
Introduction
Evilredis tool is an offensive security program for pentesting Redis databases. It can scan the target and perform different actions, like shutting down a Redis instance.
Project details
evilredis is written in Node.js.
Strengths and weaknesses
- + The source code of this software is available
Typical usage
- Security assessment
- Vulnerability scanning
BetterCAP
Introduction
BetterCAP is often used by those who perform penetration testing and security assessments. This tool and framework is in particular useful for attempting man-in-the-middle attacks (MitM).
Project details
BetterCAP is written in Golang.
Strengths and weaknesses
- + More than 25 contributors
- + More than 2000 GitHub stars
- + The source code of this software is available
Typical usage
- Bypassing security measures
- Penetration testing
- Security assessment
Bowcaster
Introduction
Bowcaster is a framework to create exploits. It is written in Python and comes with a set of tool and modules to help exploit development.Project details
Bowcaster is written in Python.
Strengths and weaknesses
- + The source code of this software is available
- - No updates for a while
Typical usage
- Exploit development
- Penetration testing
Kitty
Introduction
Kitty is a framework for those who want to do fuzzing unusual targets, like proprietary protocols. Although Kitty itself is not a fuzzing tool, it allows one to build a fuzzing tool.
Project details
Kitty is written in Python.
Strengths and weaknesses
- + The source code of this software is available
Typical usage
- Application fuzzing
Malice
Introduction
Malice is a malware analysis that wants to provide a free and open source version of VirusTotal. The goal of Malice is to make it usable by both independent researchers up to fortune 500 companies.
Malice is useful for those that do malware analysis or deal with user-generated files that may contain malware. The framework allows scanning files and directories to see if they are infected.
Project details
Malice is written in Golang.
Strengths and weaknesses
- + More than 500 GitHub stars
- + The source code of this software is available
Typical usage
- Malware analysis
- Malware detection
- Malware research
- Malware scanning
Pocsuite
Introduction
Pocsuite is a remote vulnerability testing and development framework. It can be used by penetration testers and vulnerability researchers.Project details
Pocsuite is written in Python.
Strengths and weaknesses
- + More than 10 contributors
- + More than 1000 GitHub stars
- + The source code of this software is available
Typical usage
- Vulnerability development
- Vulnerability testing
Viper
Introduction
Viper organizes the malware samples and exploits you found over time. It calls itself "Metasploit for malware researchers". Viper has a terminal interface to store, search and analyze files. As it is a framework, is also allows you to create your plugins.
Project details
APT2 (apt2)
Introduction
APT2 stands for Automated Penetration Testing Toolkit.
APT2 performs a scan with Nmap or can import the results of a scan from Nexpose or Nessus. The processed results will be used in the second phase. This phase launches exploit and enumeration modules. It helps pentesters to automate assessments and tasks.
Suggested components to have installed: convert, dirb, hydra, java, john, ldapsearch, msfconsole, nmap, nmblookup, phantomjs, responder, rpcclient, secretsdump.py, smbclient, snmpwalk, sslscan, xwd
Project details
APT2 is written in Python.
Strengths and weaknesses
- + The source code of this software is available
Typical usage
- Penetration testing
- Security assessment
Faraday
Introduction
Faraday helps teams to collaborate when working on penetration tests or vulnerability management. It stores related security information in one place, which can be easily tracked and tested by other colleagues.
Project details
Faraday is written in Python.
Strengths and weaknesses
- + Commercial support available
- + More than 1000 GitHub stars
- + The source code of this software is available
Typical usage
- Collaboration
- Penetration testing
- Security assessment
- Vulnerability scanning
InstaRecon
Introduction
InstaRecon is a security tool that can help with the reconnaissance phase of a penetration test. It can collect a number of data points with limited input.Project details
InstaRecon is written in Python.
Strengths and weaknesses
- + The source code of this software is available
Typical usage
- Penetration testing
- Reconnaissance
PTF (The PenTesters Framework)
Introduction
PTF or the PenTesters Framework is a Python script to keep your penetration testing toolkit up-to-date. It is designed for distributions running Debian, Ubuntu, Arch Linux, or related clones. PTF will do the retrieval, compilation, and installation of the tools that you use. As it is a modular framework, you can use many of the common pentesting tools or add your own tools.
Project details
PTF is written in Python.
Strengths and weaknesses
- + More than 50 contributors
- + Tool is easy to use
- + More than 1000 GitHub stars
- + The source code of this software is available
Typical usage
- Penetration testing
- Security assessment
- Software management
- Software testing
SearchSploit
Introduction
SearchSploit is a small by OffensiveSecurity to search for exploits and related data in the exploit database (Exploit-DB). This may help penetration testers in their security assignments.
Project details
SearchSploit is written in shell script.
Strengths and weaknesses
- + The source code is easy to read and understand
- + Tool is easy to use
- + Used language is shell script
- - Full name of author is unknown
Typical usage
- Information gathering
- Penetration testing
- Service exploitation
- System exploitation
- Vulnerability testing
Some relevant tool missing as an alternative to Metasploit Framework? Please contact us with your suggestion.