Oscanner alternatives

Looking for an alternative tool to replace Oscanner? During the review of Oscanner we looked at other open source tools. Based on their category, tags, and text, these are the ones that have the best match.

Top 3

  1. TheDoc (automation tool for sqlmap)
  2. evilredis (Redis security scanner)
  3. sqlmap (SQL injection and database takeover tool)

These tools are ranked as the best alternatives to Oscanner.

Alternatives (by score)

60

TheDoc

Introduction

TheDoc is a tool written in shell-script to automate the usage of sqlmap. It comes with a built-in admin finder and hash cracker, using the Hashcat tool.

Project details

TheDoc is written in shell script.

Strengths and weaknesses

  • + Used language is shell script
  • + Very low number of dependencies
  • + The source code of this software is available
  • - Full name of author is unknown
  • - Unknown project license

Typical usage

  • Penetration testing

TheDoc review

60

evilredis

Introduction

Evilredis tool is an offensive security program for pentesting Redis databases. It can scan the target and perform different actions, like shutting down a Redis instance.

Project details

evilredis is written in Node.js.

Strengths and weaknesses

  • + The source code of this software is available

    Typical usage

    • Security assessment
    • Vulnerability scanning

    evilredis review

    74

    sqlmap

    Introduction

    The sqlmap is a well-known tool with an amazing number of GitHub stars (10,000+). It is used by many security professionals around the world to test the security of both web applications and the database that stores the data.

    Project details

    100

    Acra

    Introduction

    Acra is a database encryption proxy that provides encryption and data leakage prevention to applications. It provides selective encryption, access control, database and data leak prevention, and even intrusion detection capabilities. It is focused on developers and supports most popular programming languages such as Go, PHP, Python, Ruby.

    Project details

    Acra is written in Golang, Node.js, Objective-C, PHP, Python, Ruby.

    Strengths and weaknesses

    • + Commercial support available
    • + The source code of this software is available

      Typical usage

      • Data encryption
      • Data leak prevention
      • Data security
      • Vulnerability mitigation

      Acra review

      60

      MongoSanitizer (python-mongo-sanitizer)

      Introduction

      Typically this type of tool would be used as an additional defense layer to prevent injection attacks from reaching the database.

      Project details

      MongoSanitizer is written in Python.

      Strengths and weaknesses

      • + The source code of this software is available

        Typical usage

        • Application security
        • Database security

        MongoSanitizer review

        60

        NoSQLMap

        Introduction

        NoSQLMap is designed to audit database, as well to automate injection attacks. It can exploit configuration weaknesses in NoSQL databases and web applications using NoSQL.

        Project details

        NoSQLMap is written in Python.

        Strengths and weaknesses

        • + More than 10 contributors
        • + More than 500 GitHub stars
        • + The source code of this software is available

          Typical usage

          • Database security
          • Penetration testing
          • Security assessment

          NoSQLMap review

          64

          jSQL Injection

          Introduction

          jSQL Injection is a security tool to test web applications. It can be used to discover if an application is vulnerable to SQL injection attacks.

          Project details

          jSQL Injection is written in Java.

          Strengths and weaknesses

          • + The source code of this software is available
          • - Full name of author is unknown

          Typical usage

          • Database security

          jSQL Injection review

          60

          Parsero

          Introduction

          Entries that should not be crawled by a web spider, are typically placed in a Disallow entry in the robots.txt file. This file is read by a crawl tool and any of the Disallow entries are skipped for indexing. These entries are interesting, as sometimes they reveal a lot of information about the web server. This tool helps to quickly check which entries are accessible.

          Project details

          Parsero is written in Python.

          Strengths and weaknesses

          • + The source code of this software is available

            Parsero review

            52

            arp-scan

            Introduction

            The arp-scan utility can be used to detect hosts on the network. As it uses ARP, it only applies to IPv4, as IPv6 uses the neighbour discovery protocol (NDP).

            Project details

            68

            arping

            Introduction

            arping is similar to the 'ping' utility for testing a network and the discovery of systems. Where the 'ping' command typically uses the Internet Control Message Protocol (ICMP), arping uses the Address Resolution Protocol (ARP).

            Project details

            64

            DirSearch (Go)

            Introduction

            DirSearch is a Go implementation of the original dirsearch tool written by Mauro Soria. It is used to discover directories by using common names and guessing (fuzzing).

            Project details

            DirSearch (Go) is written in Golang.

            Strengths and weaknesses

            • + The source code of this software is available

              Typical usage

              • Information gathering
              • Penetration testing
              • Security assessment

              DirSearch (Go) review

              60

              Fierce

              Introduction

              Fierce is a security tool that helps with DNS reconnaissance. It can locate non-contiguous IP space, but using DNS information.

              Project details

              Fierce is written in Python.

              Strengths and weaknesses

              • + The source code of this software is available

                Typical usage

                • Information gathering
                • Reconnaissance
                • Security assessment

                Fierce review

                74

                LinEnum

                Introduction

                LinEnum is one of the tools that can help with automating penetration tests. It performs a discovery on the environment it runs in and tries finding weaknesses to allow privilege escalation.

                Project details

                LinEnum is written in shell script.

                Strengths and weaknesses

                • + Very low number of dependencies
                • + The source code of this software is available
                • + Well-known tool

                  Typical usage

                  • Penetration testing
                  • Privilege escalation
                  • System enumeration

                  LinEnum review

                  97

                  O-Saft

                  Introduction

                  O-Saft is the abbreviation for OWASP SSL advanced forensic tool.

                  Project details

                  O-Saft is written in Perl.

                  Strengths and weaknesses

                  • + The source code of this software is available

                    Typical usage

                    • Information gathering
                    • Penetration testing
                    • Security assessment
                    • Vulnerability scanning
                    • Web application analysis

                    O-Saft review

                    64

                    RootHelper

                    Introduction

                    RootHelper is a small script to retrieve several enumeration and privilege escalation tools. It can be used during penetration testing.

                    Project details

                    RootHelper is written in shell script.

                    Strengths and weaknesses

                    • + Used language is shell script
                    • + The source code of this software is available

                      Typical usage

                      • Penetration testing
                      • Privilege escalation
                      • Security assessment

                      RootHelper review

                      60

                      SMBMap

                      Introduction

                      SMBMap allows scanning of file resources that are shared with the SMB protocol. The tool will list share drives, drive permissions, the share contents, upload/download functionality, file name auto-download pattern matching, and even execute remote commands. The tool was created for pentesters to simplify finding sensitive data, or at least test for it.

                      Project details

                      SMBMap is written in Python.

                      Strengths and weaknesses

                      • + The source code of this software is available

                        Typical usage

                        • Data leak detection
                        • Information gathering
                        • Penetration testing

                        SMBMap review

                        52

                        Sn1per

                        Introduction

                        Sn1per is security scanner that can be used during a penetration test to enumerate and scan for vulnerabilities.

                        Project details

                        Sn1per is written in Python, shell script.

                        Strengths and weaknesses

                        • + More than 10 contributors
                        • + More than 1000 GitHub stars
                        • + The source code of this software is available
                        • - Unknown project license

                        Typical usage

                        • Penetration testing
                        • Reconnaissance

                        Sn1per review

                        60

                        SubBrute (subdomain-bruteforcer)

                        Introduction

                        SubBrute is a DNS meta-query spider that enumerates DNS records and subdomains. This can be useful during penetration tests and security assessments.

                        Project details

                        SubBrute is written in Python.

                        Strengths and weaknesses

                        • + More than 1000 GitHub stars
                        • + The source code of this software is available
                        • - Full name of author is unknown

                        Typical usage

                        • Information gathering
                        • Penetration testing
                        • Security assessment

                        SubBrute review

                        60

                        Sublist3r

                        Introduction

                        Sublist3r helps penetration testers and bug hunters collect and gather subdomains for the domain they are targeting.

                        Project details

                        Sublist3r is written in Python.

                        Strengths and weaknesses

                        • + More than 2000 GitHub stars
                        • + The source code of this software is available

                          Sublist3r review

                          74

                          WhatWeb

                          Introduction

                          WhatWeb can be used stealthy and fast to determine what technologies are used on a particular website or web application. This process called fingerprinting can tell a lot about how it was build and possible weaknesses it might have. The tool can be used in different levels, from stealthy to very aggressive. This last one is useful in penetration tests or during development.

                          Project details

                          WhatWeb is written in Ruby.

                          Strengths and weaknesses

                          • + More than 25 contributors
                          • + More than 1000 GitHub stars
                          • + The source code of this software is available

                            Typical usage

                            • Reconnaissance
                            • Web application analysis

                            WhatWeb review

                            64

                            altdns

                            Introduction

                            Altdns is a security tool to discover subdomains. It generates permutations, alterations, and mutations of subdomains. The generated names can also be tested by performing DNS lookups. An enumeration tool like Altdns is useful during penetrating testing assignments.

                            Project details

                            altdns is written in Python.

                            Strengths and weaknesses

                            • + More than 500 GitHub stars
                            • + The source code of this software is available

                              Typical usage

                              • Reconnaissance
                              • Subdomain discovery
                              • Subdomain enumeration

                              altdns review

                              78

                              detectem

                              Introduction

                              Detectem can be a good early vulnerability detection system. By scanning regularly the dependencies of web applications, old versions of tools can be detected and upgraded. This tool is also helpful for penetration tests to find out what kind of software components are used.

                              Project details

                              detectem is written in Python.

                              Strengths and weaknesses

                              • + The source code of this software is available

                                Typical usage

                                • Application security
                                • Application testing
                                • Reconnaissance
                                • Vulnerability scanning

                                detectem review

                                85

                                dirsearch

                                Introduction

                                Dirsearch is a tool to guide security professionals to find possible information leaks or sensitive data. It does this by looking for directory and file names.

                                Project details

                                dirsearch is written in Python.

                                Strengths and weaknesses

                                • + More than 10 contributors
                                • + More than 500 GitHub stars
                                • + The source code of this software is available

                                  Typical usage

                                  • Information gathering
                                  • Penetration testing
                                  • Security assessment

                                  dirsearch review

                                  56

                                  domain

                                  Introduction

                                  Domain is a Python script written by Jason Haddix to combine the tools Recon-ng and altdns. It allows to use the two tool one multiple domains within the same session.

                                  Project details

                                  domain is written in Python.

                                  Strengths and weaknesses

                                  • + More than 500 GitHub stars
                                  • + The source code of this software is available
                                  • - Unknown project license

                                  Typical usage

                                  • Subdomain enumeration

                                  domain review

                                  63

                                  keimpx

                                  Introduction

                                  The keimpx security tool can be used to check for valid credentials across a network. It uses the SMB protocol, typically used on Microsoft Windows and others.

                                  Project details

                                  keimpx is written in Python.

                                  Strengths and weaknesses

                                  • + The source code of this software is available

                                    Typical usage

                                    • Penetration testing
                                    • Security assessment

                                    keimpx review

                                    Some relevant tool missing as an alternative to Oscanner? Please contact us with your suggestion.