Plecost alternatives

Looking for an alternative tool to replace Plecost? During the review of Plecost we looked at other open source tools. Based on their category, tags, and text, these are the ones that have the best match.

Top 3

  1. WPScan (WordPress vulnerability scanner)
  2. WordPress Exploit Framework (WordPress exploiting toolkit)
  3. Damn Small FI Scanner

These tools are ranked as the best alternatives to Plecost.

Alternatives (by score)

100

WPScan

Introduction

WPScan can scan WordPress installations and determine if there are vulnerabilities in a particular installation.

Project details

WPScan is written in Ruby.

Strengths and weaknesses

  • + More than 25 contributors
  • + More than 2000 GitHub stars
  • + The source code of this software is available
  • - Software usage is restricted (e.g. commercially)

Typical usage

  • Penetration testing
  • Security assessment
  • Vulnerability scanning

WPScan review

74

WordPress Exploit Framework (WPXF)

Introduction

WordPress is still one of the most popular frameworks for websites. A variety of open source tools exist to assess the security of this content management system, and its themes and plugins.

Project details

WordPress Exploit Framework is written in Ruby.

Strengths and weaknesses

  • + More than 500 GitHub stars
  • + The source code of this software is available
  • - Has longer learning curve

Typical usage

  • Penetration testing
  • Security assessment
  • Vulnerability scanning
  • Web application analysis

WordPress Exploit Framework review

64

Damn Small FI Scanner (DSFS)

Introduction

None

Project details

Damn Small FI Scanner is written in Python.

Strengths and weaknesses

  • + The source code of this software is available

    Typical usage

    • Security assessment
    • Vulnerability scanning

    Damn Small FI Scanner review

    84

    SSLyze

    Introduction

    SSLyze provides a library for scanning services that use SSL/TLS for encrypted communications. It can be used to test their implementation.

    Project details

    60

    changeme

    Introduction

    Supported protocols:

    • HTTP/HTTPS
    • MSSQL
    • MySQL
    • PostgreSQL
    • SSH
    • SSH with key

    Project details

    changeme is written in Python.

    Strengths and weaknesses

    • + The source code of this software is available

      Typical usage

      • Password strength testing
      • Security assessment

      changeme review

      76

      exitmap

      Introduction

      A tool like exitmap might be useful to monitor the reliability and trustworthiness of Tor exit relays. The Tor Project actually uses exitmap to check for false negatives and find malicious exit relays. These are related to the check service page of the project.

      Project details

      85

      ssh_scan

      Introduction

      This tool is light on its dependencies, as it only uses Ruby and BinData. The scanner is simple to use, as it is limited in the number of parameters and options. There is also the ability to show the results on the screen or export the data to a JSON file. The latter is great if you want to do further processing of the details, or simply store them for later comparison.

      Project details

      ssh_scan is written in Ruby.

      Strengths and weaknesses

      • + More than 10 contributors
      • + Many releases available
      • + The source code of this software is available
      • + Supported by a large company

        Typical usage

        • Penetration testing
        • Security assessment
        • System hardening
        • Vulnerability scanning

        ssh_scan review

        60

        tlsenum

        Introduction

        Tlsenum is a CLI tool to enumerate TLS protocol and TLS cipher support by a server. The tool lists then the output based on the order of priority. Tlsenum can be used to find the supported protocols and ciphers of a system and determine if it is properly hardened. This information can be useful to system administrators and pentesters doing a security assessment of the system.

        Project details

        tlsenum is written in Python.

        Strengths and weaknesses

        • + The source code of this software is available

          Typical usage

          • Information gathering
          • Security assessment
          • System enumeration
          • System hardening

          tlsenum review

          60

          Spaghetti

          Introduction

          Spaghetti is a light tool that can fingerprint and enumerate common locations in web applications. It is powerful in detection commonly used web frameworks and content management systems (CMS). This makes the tool useful as an additional scanner in your toolkit. From the defensive side, it is good to learn what information is leaked, so additional hardening can be applied.

          Project details

          Spaghetti is written in Python.

          Strengths and weaknesses

          • + The source code of this software is available

            Typical usage

            • Penetration testing
            • Vulnerability scanning
            • Vulnerability testing

            Spaghetti review

            64

            Vane

            Introduction

            Vane is a forked project of the now non-free popular WordPress vulnerability scanner WPScan.

            Project details

            Vane is written in Ruby.

            Strengths and weaknesses

            • + More than 25 contributors
            • + The source code of this software is available

              Typical usage

              • Application security
              • Web application analysis

              Vane review

              60

              WPForce

              Introduction

              This toolkit is fairly new and consists of WPForce and Yertle. As the name implies, the first component has the focus on brute force attacking of login credentials. When admin credentials have been found, it is Yertle that allows uploading a shell. Yertle also has post-exploitation modules for further research.

              Project details

              WPForce is written in Python.

              Strengths and weaknesses

              • + The source code of this software is available
              • - Full name of author is unknown

              Typical usage

              • Penetration testing
              • Security assessment
              • Vulnerability scanning

              WPForce review

              52

              WPSeku

              Introduction

              With WPSeku a WordPress installation can be tested for the presence of security issues. Some examples are cross-site scripting (XSS), sql injection, and local file inclusion. The tool also tests for the presence of default configuration files. These files may reveal version numbers, used themes and plugins.

              Project details

              WPSeku is written in Python.

              Strengths and weaknesses

              • + The source code of this software is available
              • - Unknown project license

              Typical usage

              • Penetration testing
              • Security assessment
              • Vulnerability scanning

              WPSeku review

              60

              Wordpresscan

              Introduction

              Tools like WordPresscan are useful to perform vulnerability scans on the popular WordPress platform. It can be used during development and on existing installations.

              Project details

              Wordpresscan is written in Python.

              Strengths and weaknesses

              • + The source code of this software is available

                Typical usage

                • Application security
                • Penetration testing
                • Web application analysis

                Wordpresscan review

                60

                Wordstress

                Introduction

                WordPress is a popular choice among content management systems (CMS). Powering many websites and blogs, it is also a popular target. So regular updates and security testing can help to reduce the risk. WordStress can help with this testing.

                Project details

                Wordstress is written in Ruby.

                Strengths and weaknesses

                • + The source code of this software is available

                  Typical usage

                  • Application security
                  • Vulnerability scanning
                  • Web application analysis

                  Wordstress review

                  85

                  droopescan

                  Introduction

                  Droopescan can be used to test the security of several Content Management Systems (CMS). It mainly focuses on Drupal, SilverStripe, and Wordpress installations.

                  Project details

                  droopescan is written in Python.

                  Strengths and weaknesses

                  • + The source code of this software is available

                    Typical usage

                    • Web application analysis

                    droopescan review

                    68

                    flunym0us

                    Introduction

                    Flunym0us is a security scanner for WordPress and Moodle installations. The tool tests the security of the installation by performing enumeration attempts.

                    Project details

                    flunym0us is written in Python.

                    Strengths and weaknesses

                    • + The source code of this software is available

                      Typical usage

                      • Vulnerability scanning
                      • Web application analysis

                      flunym0us review

                      64

                      wpvulndb_cmd

                      Introduction

                      wpvulndb_cmd is a command-line security tool to perform a vulnerability scan on WordPress installations. It uses WP-CLI and the WPScan vulnerability database.

                      Project details

                      wpvulndb_cmd is written in Python.

                      Strengths and weaknesses

                      • + The source code of this software is available

                        Typical usage

                        • Penetration testing
                        • Security assessment
                        • Web application analysis

                        wpvulndb_cmd review

                        89

                        WhatWeb

                        Introduction

                        WhatWeb can be used stealthy and fast to determine what technologies are used on a particular website or web application. This process called fingerprinting can tell a lot about how it was build and possible weaknesses it might have. The tool can be used in different levels, from stealthy to very aggressive. This last one is useful in penetration tests or during development.

                        Project details

                        WhatWeb is written in Ruby.

                        Strengths and weaknesses

                        • + More than 25 contributors
                        • + More than 1000 GitHub stars
                        • + The source code of this software is available

                          Typical usage

                          • Reconnaissance
                          • Web application analysis

                          WhatWeb review

                          56

                          p0f

                          Introduction

                          This tool is a great addition to nmap, especially if that reveals not reliable data or none at all. Due to the passive way of working, it won't be detected nor influences any connection.

                          - Version 3 of p0f is a full rewrite
                          - The idea for p0f dates back to June 10, 2000
                          - Tool can run in foreground or as a daemon process

                          Common uses for p0f include reconnaissance during penetration tests; routine network monitoring; detection of unauthorized network interconnects in corporate environments; providing signals for abuse-prevention tools; and miscellaneous forensics.

                          Project details

                          Strengths and weaknesses

                          • + Project is mature (10+ years)
                          • + The source code of this software is available
                          • + Well-known tool

                            p0f review

                            60

                            wafw00f

                            Introduction

                            wafw00f is a security tool to perform fingerprinting on web applications and detect any web application firewall in use.

                            Project details

                            wafw00f is written in Python.

                            Strengths and weaknesses

                            • + The source code of this software is available

                              Typical usage

                              • Application fingerprinting
                              • Information gathering
                              • Penetration testing
                              • Reconnaissance
                              • Security assessment

                              wafw00f review

                              Some relevant tool missing as an alternative to Plecost? Please contact us with your suggestion.