p0f alternatives
Looking for an alternative tool to replace p0f? During the review of p0f we looked at other open source tools. Based on their category, tags, and text, these are the ones that have the best match.
Top 3
- InstaRecon (automated digital reconnaissance)
- Sn1per (automated pentest recon scanner)
- Plecost (WordPress fingerprinting)
These tools are ranked as the best alternatives to p0f.
Alternatives (by score)
InstaRecon
Introduction
InstaRecon is a security tool that can help with the reconnaissance phase of a penetration test. It can collect a number of data points with limited input.Project details
InstaRecon is written in Python.
Strengths and weaknesses
- + The source code of this software is available
Typical usage
- Penetration testing
- Reconnaissance
Sn1per
Introduction
Sn1per is security scanner that can be used during a penetration test to enumerate and scan for vulnerabilities.Project details
Sn1per is written in Python, shell script.
Strengths and weaknesses
- + More than 10 contributors
- + More than 1000 GitHub stars
- + The source code of this software is available
- - Unknown project license
Typical usage
- Penetration testing
- Reconnaissance
Plecost
Introduction
Plecost is a security tool to fingerprint WordPress installations and find available vulnerabilities.Project details
Plecost is written in Python.
Strengths and weaknesses
- + Screen output is colored
- + The source code of this software is available
Typical usage
- Web application analysis
WhatWeb
Introduction
WhatWeb can be used stealthy and fast to determine what technologies are used on a particular website or web application. This process called fingerprinting can tell a lot about how it was build and possible weaknesses it might have. The tool can be used in different levels, from stealthy to very aggressive. This last one is useful in penetration tests or during development.
Project details
WhatWeb is written in Ruby.
Strengths and weaknesses
- + More than 25 contributors
- + More than 1000 GitHub stars
- + The source code of this software is available
Typical usage
- Reconnaissance
- Web application analysis
wafw00f
Introduction
wafw00f is a security tool to perform fingerprinting on web applications and detect any web application firewall in use.Project details
wafw00f is written in Python.
Strengths and weaknesses
- + The source code of this software is available
Typical usage
- Application fingerprinting
- Information gathering
- Penetration testing
- Reconnaissance
- Security assessment
APT2 (apt2)
Introduction
APT2 stands for Automated Penetration Testing Toolkit.
APT2 performs a scan with Nmap or can import the results of a scan from Nexpose or Nessus. The processed results will be used in the second phase. This phase launches exploit and enumeration modules. It helps pentesters to automate assessments and tasks.
Suggested components to have installed: convert, dirb, hydra, java, john, ldapsearch, msfconsole, nmap, nmblookup, phantomjs, responder, rpcclient, secretsdump.py, smbclient, snmpwalk, sslscan, xwd
Project details
APT2 is written in Python.
Strengths and weaknesses
- + The source code of this software is available
Typical usage
- Penetration testing
- Security assessment
BeEF
Introduction
BeEF is used by penetration testers to assess the security of a system by leveraging the web browser. This makes the tool different to many other tools, as it ignores the security on network or system level. It uses command modules from within the web browser to perform requested attacks against the system.
Project details
Faraday
Introduction
Faraday helps teams to collaborate when working on penetration tests or vulnerability management. It stores related security information in one place, which can be easily tracked and tested by other colleagues.
Project details
Faraday is written in Python.
Strengths and weaknesses
- + Commercial support available
- + More than 1000 GitHub stars
- + The source code of this software is available
Typical usage
- Collaboration
- Penetration testing
- Security assessment
- Vulnerability scanning
Metasploit Framework
Introduction
Metasploit is a framework that consists of tools to perform security assignments. It focuses on the offensive side of security and leverages exploit modules.Project details
Metasploit Framework is written in Ruby.
Strengths and weaknesses
- + More than 400 contributors
- + More than 9000 stars
- + Many maintainers
- + The source code of this software is available
- + Supported by a large company
- + Well-known tool
Typical usage
- Penetration testing
- Security assessment
- Vulnerability scanning
OWTF (Offensive Web Testing Framework)
Introduction
OWTF is short for Offensive Web Testing Framework and it is one of the many OWASP projects to improve security.
Project details
OWTF is written in Python.
Strengths and weaknesses
- + More than 25 contributors
- + More than 500 GitHub stars
- + The source code of this software is available
Typical usage
- Penetration testing
- Security assessment
PTF (The PenTesters Framework)
Introduction
PTF or the PenTesters Framework is a Python script to keep your penetration testing toolkit up-to-date. It is designed for distributions running Debian, Ubuntu, Arch Linux, or related clones. PTF will do the retrieval, compilation, and installation of the tools that you use. As it is a modular framework, you can use many of the common pentesting tools or add your own tools.
Project details
PTF is written in Python.
Strengths and weaknesses
- + More than 50 contributors
- + Tool is easy to use
- + More than 1000 GitHub stars
- + The source code of this software is available
Typical usage
- Penetration testing
- Security assessment
- Software management
- Software testing
SearchSploit
Introduction
SearchSploit is a small by OffensiveSecurity to search for exploits and related data in the exploit database (Exploit-DB). This may help penetration testers in their security assignments.
Project details
SearchSploit is written in shell script.
Strengths and weaknesses
- + The source code is easy to read and understand
- + Tool is easy to use
- + Used language is shell script
- - Full name of author is unknown
Typical usage
- Information gathering
- Penetration testing
- Service exploitation
- System exploitation
- Vulnerability testing
TheDoc
Introduction
TheDoc is a tool written in shell-script to automate the usage of sqlmap. It comes with a built-in admin finder and hash cracker, using the Hashcat tool.Project details
TheDoc is written in shell script.
Strengths and weaknesses
- + Used language is shell script
- + Very low number of dependencies
- + The source code of this software is available
- - Full name of author is unknown
- - Unknown project license
Typical usage
- Penetration testing
WarBerryPi
Introduction
WarBerryPi is a toolkit to provide a hardware implant during Physical penetration testing or red teaming. The primary goal of the tool is to obtain as much information as possible, in a short period of time. The secondary goal is to be stealthy to avoid detection. As the name implies, the tool can be used on a small device like a RaspberryPi.
Another use-case of WarBerryPi is to be an entry point to the network. In that case, a 3G connection is suggested, to avoid the outgoing network filtering (egress rules).
Project details
WarBerryPi is written in Python.
Strengths and weaknesses
- + More than 2000 GitHub stars
- + The source code of this software is available
- - Minimal or no documentation available
- - No releases on GitHub available
Typical usage
- Information gathering
- Information snooping
- Penetration testing
- Red teaming
domain
Introduction
Domain is a Python script written by Jason Haddix to combine the tools Recon-ng and altdns. It allows to use the two tool one multiple domains within the same session.
Project details
domain is written in Python.
Strengths and weaknesses
- + More than 500 GitHub stars
- + The source code of this software is available
- - Unknown project license
Typical usage
- Subdomain enumeration
fsociety
Introduction
The fsociety toolkit is a penetration framework containing other security tools. The project states that is includes all the tools that are used in the Mr. Robot tv series.Project details
fsociety is written in Python.
Strengths and weaknesses
- + More than 10 contributors
- + More than 2000 GitHub stars
- + The source code of this software is available
- - Full name of author is unknown
Typical usage
- Penetration testing
- Security assessment
0trace.py
Introduction
This security tool enables the user to perform hop enumeration (similar to traceroute). Instead of sending actual packets, it uses an established TCP connection.
Project details
0trace.py is written in Python.
Strengths and weaknesses
- + Project is mature (10+ years)
- - Unknown project license
Typical usage
- Bypassing firewall rules
- Bypassing security measures
- Reconnaissance
DataSploit
Introduction
DataSploit is a framework to perform intelligence gathering to discover credentials, domain information, and other information related to the target. It uses various reconnaissance techniques on companies, people, phone numbers, and even cryptocoin technology. It allows aggregating all raw data and return it in multiple formats.
Project details
DataSploit is written in Python.
Strengths and weaknesses
- + More than 10 contributors
- + More than 1000 GitHub stars
- + The source code of this software is available
Typical usage
- OSINT research
- Information gathering
- Security monitoring
Domain Analyzer
Introduction
Domain Analyzer is an information gathering tool and comes in handy for reconnaissance. This can be useful for doing penetration testing or evaluating what information is publically available about your own domains. Some pieces of information that can be discovered include DNS servers, IP addresses, mail servers, SPF information, open ports, and more.
Project details
Domain Analyzer is written in Python.
Strengths and weaknesses
- + More than 1000 GitHub stars
- + Very low number of dependencies
- + The source code of this software is available
Typical usage
- Information gathering
- Penetration testing
Gitem
Introduction
Gitem is a reconnaissance tool to extract information about organizations on GitHub. It can be used to find the leaking of sensitive data.Project details
Gitem is written in Python.
Strengths and weaknesses
- + The source code of this software is available
Typical usage
- Information gathering
- Security assessment
- Security monitoring
- Self-assessment
IVRE
Introduction
IVRE is a framework to perform reconnaissance for network traffic. It leverages other tools to pull in the data and show it in the web interface.Project details
IVRE is written in Python.
Strengths and weaknesses
- + More than 10 contributors
- + More than 1000 GitHub stars
- + The source code of this software is available
Typical usage
- Digital forensics
- Information gathering
- Intrusion detection
- Network analysis
Intrigue Core
Introduction
Intrigue Core provides a framework to measure the attack surface of an environment. This includes discovering infrastructure and applications, performing security research, and doing vulnerability discovery.
Intrigue also allows enriching available data and perform OSINT research (open source intelligence). The related scans include DNS subdomain brute-forcing, email harvesting, IP geolocation, port scanning, and using public search engines like Censys, Shodan, and Bing.
Project details
Intrigue Core is written in Ruby.
Strengths and weaknesses
- + More than 500 GitHub stars
- + The source code of this software is available
Typical usage
- OSINT research
- Asset discovery
- Attack surface measurement
- Intelligence gathering
- Penetration testing
- Security assessment
OSINT Framework
Introduction
The OSINT framework provides a collection of tools to gather and parse public data. The tool is web-based and makes it easy to find tools for a particular task.
Project details
OSINT Framework is written in JavaScript.
Strengths and weaknesses
- + More than 10 contributors
- + More than 500 GitHub stars
- + The source code of this software is available
- - No releases on GitHub available
Typical usage
- OSINT research
- Footprinting
- Intelligence gathering
- Reconnaissance
OSINT-SPY
Introduction
OSINT-SPY is a modular tool to query information on different subjects like an IP address, domain, email address, or even Bitcoin address. This tool can be valuable during the reconnaissance phase of a penetration test. It can be used also for defenses purpose, like learning what information is publically available about your organization and its assets.
Project details
OSINT-SPY is written in Python.
Strengths and weaknesses
- + The source code is easy to read and understand
- + The source code of this software is available
- - No releases on GitHub available
Typical usage
- Information gathering
- Penetration testing
- Reconnaissance
Recon-ng
Introduction
Recon-ng is a full-featured web reconnaissance framework. It is written in Python and modular, useful for penetrating tests and security assessments.Project details
Recon-ng is written in Python.
Strengths and weaknesses
- + The source code of this software is available
Typical usage
- Collaboration
- Information gathering
- Information sharing
- Security assessment
Some relevant tool missing as an alternative to p0f? Please contact us with your suggestion.