p0f alternatives

Looking for a better tool, or simply want to learn about alternatives? There is typically more than one option.

Alternatives (by tag)

60

Alternative: Plecost

Plecost is a security tool to fingerprint WordPress installations and find available vulnerabilities.

Project details

Plecost is written in Python.

Strengths

  • + Screen output is colored
  • + The source code of this software is available

Typical usage

  • web application analysis

Plecost project page

64

Alternative: wafw00f

wafw00f is a security tool to perform fingerprinting on web applications and detect any web application firewall in use.

Project details

wafw00f is written in Python.

Strengths

  • + The source code of this software is available

Typical usage

  • information gathering
  • penetration test
  • reconnaissance
  • security assessment

wafw00f project page

67

Alternative: YASAT

YASAT describes itself as another simple stupid audit tool to test Linux systems. It has many tests for checking the security configuration of the system.

The YASAT tool performs a system scan to detect configuration issues and possible improvements for hardening the system.

Project details

YASAT is written in shell script.

Strengths

  • + Used language is shell script

Weaknesses

  • - No updates for a while

Typical usage

  • IT audit
  • security assessment

YASAT project page

85

Alternative: APT2 (apt2)

APT2 is a tool written by Adam Compton and Austin Lane to help pentesters automate mundane scanning tasks. It leverages scan results from Nexpose, Nessus, or Nm

APT2 stands for Automated Penetration Testing Toolkit.

APT2 performs a scan with Nmap or can import the results of a scan from Nexpose or Nessus. The processed results will be used in the second phase. This phase launches exploit and enumeration modules. It helps pentesters to automate assessments and tasks.

Suggested components to have installed: convert, dirb, hydra, java, john, ldapsearch, msfconsole, nmap, nmblookup, phantomjs, responder, rpcclient, secretsdump.py, smbclient, snmpwalk, sslscan, xwd

Project details

APT2 is written in Python.

Strengths

  • + The source code of this software is available

Typical usage

  • penetration test
  • security assessment

APT2 project page

74

Alternative: BeEF

The Browser Exploitation Framework (or BeEF) is a penetration testing tool that focuses on the web browser.

BeEF is used by penetration testers to assess the security of a system by leveraging the web browser. This makes the tool different to many other tools, as it ignores the security on network or system level. It uses command modules from within the web browser to perform requested attacks against the system.

60

Alternative: InstaRecon

InstaRecon is a security tool that can help with the reconnaissance phase of a penetration test. It can collect a number of data points with limited input.

Project details

InstaRecon is written in Python.

Strengths

  • + The source code of this software is available

Typical usage

  • penetration test
  • reconnaissance

InstaRecon project page

78

Alternative: Metasploit Framework

Metasploit is a framework that consists of tools to perform security assignments. It focuses on the offensive side of security and leverages exploit modules.

Project details

Metasploit Framework is written in Ruby.

Strengths

  • + More than 400 contributors
  • + More than 9000 stars
  • + Many maintainers
  • + The source code of this software is available
  • + Supported by a large company
  • + Well-known tool

Typical usage

  • penetration test
  • security assessment
  • vulnerability scanning

Metasploit Framework project page

88

Alternative: OWTF (Offensive Web Testing Framework)

The OWTF project (Offensive Web Testing Framework) unites tools for penetrating testing. Most parts are written in Python.

OWTF is short for Offensive Web Testing Framework and it is one of the many OWASP projects to improve security.

Project details

OWTF is written in Python.

Strengths

  • + More than 25 contributors
  • + More than 500 GitHub stars
  • + The source code of this software is available

Typical usage

  • penetration test
  • security assessment

OWTF project page

78

Alternative: SearchSploit

Exploit-DB's CLI search tool to find any exploits from the database. The tool is written in shell script and maintained by Offensive Security.

This little utility can search for exploits and related data in the Exploit-DB.

Project details

SearchSploit is written in shell script.

Strengths

  • + Used language is shell script

Weaknesses

  • - Full name of author is unknown
  • - Unknown project license

Typical usage

  • information gathering

SearchSploit project page

78

Alternative: Sn1per

Sn1per is security scanner that can be used during a penetration test to enumerate and scan for vulnerabilities.

Project details

Sn1per is written in Python, shell script.

Strengths

  • + More than 10 contributors
  • + More than 1000 GitHub stars
  • + The source code of this software is available

Weaknesses

  • - Unknown project license

Typical usage

  • penetration test
  • reconnaissance

Sn1per project page

56

Alternative: 0trace

0trace is a reconnaissance tool to enable hop enumeration within an existing TCP connection. It can be used to bypass firewalls.

Project details

0trace is written in C, shell script.

Strengths

  • + The source code of this software is available

Typical usage

  • penetration test

0trace project page

59

Alternative: 0trace.py

The 0trace.py utility is a rewrite of 0trace (by another author) to perform reconnaissance and bypass network firewalls.

This security tool enables the user to perform hop enumeration (similar to traceroute). Instead of sending actual packets, it uses an established TCP connection.

64

Alternative: CMSmap

CMSmap is a security tool to perform reconnaissance on a web target. It helps with the detection of several popular content management systems (CMS).

Project details

CMSmap is written in Python.

Strengths

  • + The source code of this software is available

Typical usage

  • application testing
  • information gathering
  • vulnerability scanning
  • web application analysis

CMSmap project page

89

Alternative: DataSploit

DataSploit is a framework to perform intelligence gather to discover credentials, domain information, and other information related to the target.

Project details

DataSploit is written in Python.

Strengths

  • + The source code of this software is available

Typical usage

  • information gathering
  • security monitoring

DataSploit project page

76

Alternative: Gitem

Gitem is a reconnaissance tool to extract information about organizations on GitHub. It can be used to find the leaking of sensitive data.

Project details

Gitem is written in Python.

Strengths

  • + The source code of this software is available

Weaknesses

  • - Full name of author is unknown

Typical usage

  • information gathering
  • security assessment
  • security monitoring
  • self-assessment

Gitem project page

100

Alternative: IVRE

IVRE is a framework to perform reconnaissance for network traffic. It leverages other tools to pull in the data and show it in the web interface.

Project details

IVRE is written in Python.

Strengths

  • + The source code of this software is available

Weaknesses

  • - More than 10 contributors
  • - More than 500 GitHub stars

Typical usage

  • digital forensics
  • information gathering
  • intrusion detection
  • network analysis

IVRE project page

52

Alternative: Recon-ng

Recon-ng is a full-featured web reconnaissance framework. It is written in Python and modular, useful for penetrating tests and security assessments.

Project details

Recon-ng is written in Python.

Strengths

  • + The source code of this software is available

Typical usage

  • collaboration
  • information gathering
  • information sharing
  • security assessment

Recon-ng project page

97

Alternative: SpiderFoot

SpiderFoot is an open source intelligence automation tool (OSINT). It automates the process of gathering intelligence, like IP addresses, domains, and networks.

SpiderFoot can be used offensively during penetration tests, or defensively to learn what information is available about your organization.

Project details

SpiderFoot is written in Python.

Strengths

  • + The source code of this software is available

Typical usage

  • information gathering

SpiderFoot project page

60

Alternative: tlsenum

The CLI tool tlsenum attempts to enumerate what TLS cipher suites a server supports and then list them in order of priority.

This tool works by sending out sending out TLS ClientHello messages. Any ServerHello responses from the server are parsed. It assumes that the server is the one which decides the preferred cipher suite, giving an idea on the available ciphers.

Project details

tlsenum is written in Python.

Strengths

  • + The source code of this software is available

Typical usage

  • information gathering
  • security assessment
  • system hardening

tlsenum project page