Oscanner alternatives

Looking for an alternative tool to replace Oscanner? During the review of Oscanner we looked at other open source tools. Based on their category, tags, and text, these are the ones that have the best match.

Top 3

  1. evilredis (Redis security scanner)
  2. sqlmap (SQL injection and database takeover tool)
  3. TheDoc (automation tool for sqlmap)

These tools are ranked as the best alternatives to Oscanner.

Alternatives (by score)

60

evilredis

Introduction

Evilredis tool is an offensive security program for pentesting Redis databases. It can scan the target and perform different actions, like shutting down a Redis instance.

Project details

evilredis is written in Node.js.

Strengths and weaknesses

  • + The source code of this software is available

    Typical usage

    • Security assessment
    • Vulnerability scanning

    evilredis review

    81

    sqlmap

    Introduction

    The sqlmap is a well-known tool with an amazing number of GitHub stars (10,000+). It is used by many security professionals around the world to test the security of both web applications and the database that stores the data.

    Project details

    60

    TheDoc

    Introduction

    TheDoc is a tool written in shell-script to automate the usage of sqlmap. It comes with a built-in admin finder and hash cracker, using the Hashcat tool.

    Project details

    TheDoc is written in shell script.

    Strengths and weaknesses

    • + Used language is shell script
    • + Very low number of dependencies
    • + The source code of this software is available
    • - Full name of author is unknown
    • - Unknown project license

    Typical usage

    • Penetration testing

    TheDoc review

    85

    Acra

    Introduction

    Acra is a database encryption proxy that provides encryption and data leakage prevention to applications. It provides selective encryption, access control, database and data leak prevention, and even intrusion detection capabilities. It is focused on developers and supports most popular programming languages such as Go, PHP, Python, Ruby.

    Project details

    Acra is written in Golang, Node.js, Objective-C, PHP, Python, Ruby.

    Strengths and weaknesses

    • + Commercial support available
    • + The source code of this software is available

      Typical usage

      • Data encryption
      • Data leak prevention
      • Data security
      • Vulnerability mitigation

      Acra review

      64

      jSQL Injection

      Introduction

      jSQL Injection is a security tool to test web applications. It can be used to discover if an application is vulnerable to SQL injection attacks.

      Project details

      jSQL Injection is written in Java.

      Strengths and weaknesses

      • + The source code of this software is available
      • - Full name of author is unknown

      Typical usage

      • Database security

      jSQL Injection review

      60

      MongoSanitizer (python-mongo-sanitizer)

      Introduction

      Typically this type of tool would be used as an additional defense layer to prevent injection attacks from reaching the database.

      Project details

      MongoSanitizer is written in Python.

      Strengths and weaknesses

      • + The source code of this software is available

        Typical usage

        • Application security
        • Database security

        MongoSanitizer review

        60

        NoSQLMap

        Introduction

        NoSQLMap is designed to audit database, as well to automate injection attacks. It can exploit configuration weaknesses in NoSQL databases and web applications using NoSQL.

        Project details

        NoSQLMap is written in Python.

        Strengths and weaknesses

        • + More than 10 contributors
        • + More than 500 GitHub stars
        • + The source code of this software is available

          Typical usage

          • Database security
          • Penetration testing
          • Security assessment

          NoSQLMap review

          84

          arping

          Introduction

          arping is similar to the 'ping' utility for testing a network and the discovery of systems. Where the 'ping' command typically uses the Internet Control Message Protocol (ICMP), arping uses the Address Resolution Protocol (ARP).

          Project details

          52

          arp-scan

          Introduction

          The arp-scan utility can be used to detect hosts on the network. As it uses ARP, it only applies to IPv4, as IPv6 uses the neighbour discovery protocol (NDP).

          Project details

          60

          Parsero

          Introduction

          Entries that should not be crawled by a web spider, are typically placed in a Disallow entry in the robots.txt file. This file is read by a crawl tool and any of the Disallow entries are skipped for indexing. These entries are interesting, as sometimes they reveal a lot of information about the web server. This tool helps to quickly check which entries are accessible.

          Project details

          Parsero is written in Python.

          Strengths and weaknesses

          • + The source code of this software is available

            Parsero review

            64

            altdns

            Introduction

            Altdns is a security tool to discover subdomains. It generates permutations, alterations, and mutations of subdomains. The generated names can also be tested by performing DNS lookups. An enumeration tool like Altdns is useful during penetrating testing assignments.

            Project details

            altdns is written in Python.

            Strengths and weaknesses

            • + More than 500 GitHub stars
            • + The source code of this software is available

              Typical usage

              • Reconnaissance
              • Subdomain discovery
              • Subdomain enumeration

              altdns review

              100

              detectem

              Introduction

              Detectem can be a good early vulnerability detection system. By scanning regularly the dependencies of web applications, old versions of tools can be detected and upgraded. This tool is also helpful for penetration tests to find out what kind of software components are used.

              Project details

              detectem is written in Python.

              Strengths and weaknesses

              • + The source code of this software is available

                Typical usage

                • Application security
                • Application testing
                • Reconnaissance
                • Vulnerability scanning

                detectem review

                85

                dirsearch

                Introduction

                Dirsearch is a tool to guide security professionals to find possible information leaks or sensitive data. It does this by looking for directory and file names.

                Project details

                dirsearch is written in Python.

                Strengths and weaknesses

                • + More than 10 contributors
                • + More than 500 GitHub stars
                • + The source code of this software is available

                  Typical usage

                  • Information gathering
                  • Penetration testing
                  • Security assessment

                  dirsearch review

                  64

                  DirSearch (Go)

                  Introduction

                  DirSearch is a Go implementation of the original dirsearch tool written by Mauro Soria. It is used to discover directories by using common names and guessing (fuzzing).

                  Project details

                  DirSearch (Go) is written in Golang.

                  Strengths and weaknesses

                  • + The source code of this software is available

                    Typical usage

                    • Information gathering
                    • Penetration testing
                    • Security assessment

                    DirSearch (Go) review

                    56

                    domain

                    Introduction

                    Domain is a Python script written by Jason Haddix to combine the tools Recon-ng and altdns. It allows to use the two tool one multiple domains within the same session.

                    Project details

                    domain is written in Python.

                    Strengths and weaknesses

                    • + More than 500 GitHub stars
                    • + The source code of this software is available
                    • - Unknown project license

                    Typical usage

                    • Subdomain enumeration

                    domain review

                    85

                    Fierce

                    Introduction

                    Fierce is a security tool that helps with DNS reconnaissance. It can locate non-contiguous IP space, but using DNS information.

                    Project details

                    Fierce is written in Python.

                    Strengths and weaknesses

                    • + The source code of this software is available

                      Typical usage

                      • Information gathering
                      • Reconnaissance
                      • Security assessment

                      Fierce review

                      63

                      keimpx

                      Introduction

                      The keimpx security tool can be used to check for valid credentials across a network. It uses the SMB protocol, typically used on Microsoft Windows and others.

                      Project details

                      keimpx is written in Python.

                      Strengths and weaknesses

                      • + The source code of this software is available

                        Typical usage

                        • Penetration testing
                        • Security assessment

                        keimpx review

                        74

                        LinEnum

                        Introduction

                        LinEnum is one of the tools that can help with automating penetration tests. It performs a discovery on the environment it runs in and tries finding weaknesses to allow privilege escalation.

                        Project details

                        LinEnum is written in shell script.

                        Strengths and weaknesses

                        • + Very low number of dependencies
                        • + The source code of this software is available
                        • + Well-known tool

                          Typical usage

                          • Penetration testing
                          • Privilege escalation
                          • System enumeration

                          LinEnum review

                          60

                          massh-enum

                          Introduction

                          Massh-enum is a user enumeration tool for OpenSSH with the goal to find valid usernames. This can be useful during penetration tests or security assessments. The usernames can be valuable to brute-force or may be used on different locations within a network.

                          Project details

                          massh-enum is written in Python, shell script.

                          Strengths and weaknesses

                          • + The source code is easy to read and understand
                          • + Tool is easy to use
                          • + The source code of this software is available
                          • - Minimal or no documentation available

                          Typical usage

                          • Information gathering
                          • User enumeration

                          massh-enum review

                          81

                          O-Saft

                          Introduction

                          O-Saft is the abbreviation for OWASP SSL advanced forensic tool.

                          Project details

                          O-Saft is written in Perl.

                          Strengths and weaknesses

                          • + The source code of this software is available

                            Typical usage

                            • Information gathering
                            • Penetration testing
                            • Security assessment
                            • Vulnerability scanning
                            • Web application analysis

                            O-Saft review

                            64

                            RootHelper

                            Introduction

                            RootHelper is a small script to retrieve several enumeration and privilege escalation tools. It can be used during penetration testing.

                            Project details

                            RootHelper is written in shell script.

                            Strengths and weaknesses

                            • + Used language is shell script
                            • + The source code of this software is available

                              Typical usage

                              • Penetration testing
                              • Privilege escalation
                              • Security assessment

                              RootHelper review

                              85

                              SMBMap

                              Introduction

                              SMBMap allows scanning of file resources that are shared with the SMB protocol. The tool will list share drives, drive permissions, the share contents, upload/download functionality, file name auto-download pattern matching, and even execute remote commands. The tool was created for pentesters to simplify finding sensitive data, or at least test for it.

                              Project details

                              SMBMap is written in Python.

                              Strengths and weaknesses

                              • + The source code of this software is available

                                Typical usage

                                • Data leak detection
                                • Information gathering
                                • Penetration testing

                                SMBMap review

                                78

                                Sn1per

                                Introduction

                                Sn1per is security scanner that can be used during a penetration test to enumerate and scan for vulnerabilities.

                                Project details

                                Sn1per is written in Python, shell script.

                                Strengths and weaknesses

                                • + More than 10 contributors
                                • + More than 1000 GitHub stars
                                • + The source code of this software is available
                                • - Unknown project license

                                Typical usage

                                • Penetration testing
                                • Reconnaissance

                                Sn1per review

                                60

                                SubBrute (subdomain-bruteforcer)

                                Introduction

                                SubBrute is a DNS meta-query spider that enumerates DNS records and subdomains. This can be useful during penetration tests and security assessments.

                                Project details

                                SubBrute is written in Python.

                                Strengths and weaknesses

                                • + More than 1000 GitHub stars
                                • + The source code of this software is available
                                • - Full name of author is unknown

                                Typical usage

                                • Information gathering
                                • Penetration testing
                                • Security assessment

                                SubBrute review

                                60

                                Sublist3r

                                Introduction

                                Sublist3r helps penetration testers and bug hunters collect and gather subdomains for the domain they are targeting.

                                Project details

                                Sublist3r is written in Python.

                                Strengths and weaknesses

                                • + More than 2000 GitHub stars
                                • + The source code of this software is available

                                  Sublist3r review

                                  Some relevant tool missing as an alternative to Oscanner? Please contact us with your suggestion.