Plecost alternatives
Looking for an alternative tool to replace Plecost? During the review of Plecost we looked at other open source tools. Based on their category, tags, and text, these are the ones that have the best match.
Top 3
- WPScan (WordPress vulnerability scanner)
- WordPress Exploit Framework (WordPress exploiting toolkit)
- Damn Small FI Scanner
These tools are ranked as the best alternatives to Plecost.
Alternatives (by score)
WPScan
Introduction
WPScan can scan WordPress installations and determine if there are vulnerabilities in a particular installation.
Project details
WPScan is written in Ruby.
Strengths and weaknesses
- + More than 25 contributors
- + More than 2000 GitHub stars
- + The source code of this software is available
- - Software usage is restricted (e.g. commercially)
Typical usage
- Penetration testing
- Security assessment
- Vulnerability scanning
WordPress Exploit Framework (WPXF)
Introduction
WordPress is still one of the most popular frameworks for websites. A variety of open source tools exist to assess the security of this content management system, and its themes and plugins.
Project details
WordPress Exploit Framework is written in Ruby.
Strengths and weaknesses
- + More than 500 GitHub stars
- + The source code of this software is available
- - Has longer learning curve
Typical usage
- Penetration testing
- Security assessment
- Vulnerability scanning
- Web application analysis
Damn Small FI Scanner (DSFS)
Introduction
NoneProject details
Damn Small FI Scanner is written in Python.
Strengths and weaknesses
- + The source code of this software is available
Typical usage
- Security assessment
- Vulnerability scanning
SSLyze
Introduction
SSLyze provides a library for scanning services that use SSL/TLS for encrypted communications. It can be used to test their implementation.Project details
changeme
Introduction
Supported protocols:
- HTTP/HTTPS
- MSSQL
- MySQL
- PostgreSQL
- SSH
- SSH with key
Project details
changeme is written in Python.
Strengths and weaknesses
- + The source code of this software is available
Typical usage
- Password strength testing
- Security assessment
exitmap
Introduction
A tool like exitmap might be useful to monitor the reliability and trustworthiness of Tor exit relays. The Tor Project actually uses exitmap to check for false negatives and find malicious exit relays. These are related to the check service page of the project.
Project details
ssh_scan
Introduction
This tool is light on its dependencies, as it only uses Ruby and BinData. The scanner is simple to use, as it is limited in the number of parameters and options. There is also the ability to show the results on the screen or export the data to a JSON file. The latter is great if you want to do further processing of the details, or simply store them for later comparison.
Project details
ssh_scan is written in Ruby.
Strengths and weaknesses
- + More than 10 contributors
- + Many releases available
- + The source code of this software is available
- + Supported by a large company
Typical usage
- Penetration testing
- Security assessment
- System hardening
- Vulnerability scanning
tlsenum
Introduction
Tlsenum is a CLI tool to enumerate TLS protocol and TLS cipher support by a server. The tool lists then the output based on the order of priority. Tlsenum can be used to find the supported protocols and ciphers of a system and determine if it is properly hardened. This information can be useful to system administrators and pentesters doing a security assessment of the system.
Project details
tlsenum is written in Python.
Strengths and weaknesses
- + The source code of this software is available
Typical usage
- Information gathering
- Security assessment
- System enumeration
- System hardening
Spaghetti
Introduction
Spaghetti is a light tool that can fingerprint and enumerate common locations in web applications. It is powerful in detection commonly used web frameworks and content management systems (CMS). This makes the tool useful as an additional scanner in your toolkit. From the defensive side, it is good to learn what information is leaked, so additional hardening can be applied.
Project details
Spaghetti is written in Python.
Strengths and weaknesses
- + The source code of this software is available
Typical usage
- Penetration testing
- Vulnerability scanning
- Vulnerability testing
Vane
Introduction
Vane is a forked project of the now non-free popular WordPress vulnerability scanner WPScan.Project details
Vane is written in Ruby.
Strengths and weaknesses
- + More than 25 contributors
- + The source code of this software is available
Typical usage
- Application security
- Web application analysis
WPForce
Introduction
This toolkit is fairly new and consists of WPForce and Yertle. As the name implies, the first component has the focus on brute force attacking of login credentials. When admin credentials have been found, it is Yertle that allows uploading a shell. Yertle also has post-exploitation modules for further research.
Project details
WPForce is written in Python.
Strengths and weaknesses
- + The source code of this software is available
- - Full name of author is unknown
Typical usage
- Penetration testing
- Security assessment
- Vulnerability scanning
WPSeku
Introduction
With WPSeku a WordPress installation can be tested for the presence of security issues. Some examples are cross-site scripting (XSS), sql injection, and local file inclusion. The tool also tests for the presence of default configuration files. These files may reveal version numbers, used themes and plugins.
Project details
WPSeku is written in Python.
Strengths and weaknesses
- + The source code of this software is available
- - Unknown project license
Typical usage
- Penetration testing
- Security assessment
- Vulnerability scanning
Wordpresscan
Introduction
Tools like WordPresscan are useful to perform vulnerability scans on the popular WordPress platform. It can be used during development and on existing installations.
Project details
Wordpresscan is written in Python.
Strengths and weaknesses
- + The source code of this software is available
Typical usage
- Application security
- Penetration testing
- Web application analysis
Wordstress
Introduction
WordPress is a popular choice among content management systems (CMS). Powering many websites and blogs, it is also a popular target. So regular updates and security testing can help to reduce the risk. WordStress can help with this testing.
Project details
Wordstress is written in Ruby.
Strengths and weaknesses
- + The source code of this software is available
Typical usage
- Application security
- Vulnerability scanning
- Web application analysis
droopescan
Introduction
Droopescan can be used to test the security of several Content Management Systems (CMS). It mainly focuses on Drupal, SilverStripe, and Wordpress installations.
Project details
droopescan is written in Python.
Strengths and weaknesses
- + The source code of this software is available
Typical usage
- Web application analysis
flunym0us
Introduction
Flunym0us is a security scanner for WordPress and Moodle installations. The tool tests the security of the installation by performing enumeration attempts.Project details
flunym0us is written in Python.
Strengths and weaknesses
- + The source code of this software is available
Typical usage
- Vulnerability scanning
- Web application analysis
wpvulndb_cmd
Introduction
wpvulndb_cmd is a command-line security tool to perform a vulnerability scan on WordPress installations. It uses WP-CLI and the WPScan vulnerability database.Project details
wpvulndb_cmd is written in Python.
Strengths and weaknesses
- + The source code of this software is available
Typical usage
- Penetration testing
- Security assessment
- Web application analysis
WhatWeb
Introduction
WhatWeb can be used stealthy and fast to determine what technologies are used on a particular website or web application. This process called fingerprinting can tell a lot about how it was build and possible weaknesses it might have. The tool can be used in different levels, from stealthy to very aggressive. This last one is useful in penetration tests or during development.
Project details
WhatWeb is written in Ruby.
Strengths and weaknesses
- + More than 25 contributors
- + More than 1000 GitHub stars
- + The source code of this software is available
Typical usage
- Reconnaissance
- Web application analysis
p0f
Introduction
This tool is a great addition to nmap, especially if that reveals not reliable data or none at all. Due to the passive way of working, it won't be detected nor influences any connection.
- Version 3 of p0f is a full rewrite
- The idea for p0f dates back to June 10, 2000
- Tool can run in foreground or as a daemon process
Common uses for p0f include reconnaissance during penetration tests; routine network monitoring; detection of unauthorized network interconnects in corporate environments; providing signals for abuse-prevention tools; and miscellaneous forensics.
Project details
Strengths and weaknesses
- + Project is mature (10+ years)
- + The source code of this software is available
- + Well-known tool
wafw00f
Introduction
wafw00f is a security tool to perform fingerprinting on web applications and detect any web application firewall in use.Project details
wafw00f is written in Python.
Strengths and weaknesses
- + The source code of this software is available
Typical usage
- Application fingerprinting
- Information gathering
- Penetration testing
- Reconnaissance
- Security assessment
Some relevant tool missing as an alternative to Plecost? Please contact us with your suggestion.