Pocsuite alternatives

Looking for an alternative tool to replace Pocsuite? During the review of Pocsuite we looked at other open source tools. Based on their category, tags, and text, these are the ones that have the best match.

Top 3

  1. vFeed (vulnerability database and query engine)
  2. Halcyon IDE (development interface for Nmap NSE scripts)
  3. Yasuo (vulnerability scanner for web applications)

These tools are ranked as the best alternatives to Pocsuite.

Alternatives (by score)

78

vFeed

Introduction

vFeed consists of a database and utilities to store vulnerability data. It uses third-party references and data, which then can be used to see if a software component has a known vulnerability. The data itself is enriched by cross-checking it and store additional details about the vulnerabilities.

The vFeed tooling has an API available with JSON output. It can be used by security researchers and practitioners to validate vulnerabilities and retrieve all available details.

Project details

vFeed is written in Python.

Strengths and weaknesses

  • + Commercial support available
  • + The source code of this software is available

    Typical usage

    • Security assessment
    • Vulnerability scanning

    vFeed review

    74

    Halcyon IDE

    Introduction

    Halcyon IDE provides an interface to develop Nmap scripts (NSE). These scripts can be used to extend the functionality of Nmap and perform more advanced scans on applications and infrastructures. By using an IDE, the development of NSE scripts can be simplified.

    Project details

    Halcyon IDE is written in Java.

    Strengths and weaknesses

    • + Runs on multiple platforms
    • + The source code of this software is available

      Typical usage

      • Exploit development
      • Penetration testing
      • Security awareness

      Halcyon IDE review

      64

      Yasuo

      Introduction

      Yasuo is a Ruby script that scans for vulnerable and exploitable third-party web applications. There are many remotely exploitable vulnerabilities for web applications and their front-end components. Yasuo helps to make it easier to scan for the weaknesses like remote code execution (RCE), SQL injections, and file inclusions.

      Project details

      Yasuo is written in Ruby.

      Strengths and weaknesses

      • + The source code of this software is available

        Typical usage

        • Penetration testing
        • Vulnerability scanning
        • Web application analysis

        Yasuo review

        60

        arch-audit

        Introduction

        Arch-audit is a small utility that scans the system for known vulnerabilities on Arch Linux. It can be used by users of the Linux distribution to know when to update and what packages have weaknesses. With Arch Linux being a rolling distribution, this may improve the interval or timing of software patching.

        Project details

        arch-audit is written in Rust.

        Strengths and weaknesses

        • + The source code of this software is available

          Typical usage

          • Software management
          • Vulnerability scanning

          arch-audit review

          64

          Damn Small Vulnerable Web (DSVW)

          Introduction

          Damn Small Vulnerable Web (DWVW) is a deliberately vulnerable web application to test your exploitation skills. It provides developers and penetration testers a practice tool. For developers, it is good to see common mistakes and create more secure software. Pentesters will be able to improve vulnerability detection and improving their attacks. Hopefully with the end goal of achieving privilege escalation or unauthorized data retrieval.

          Project details

          Damn Small Vulnerable Web is written in Python.

          Strengths and weaknesses

          • + The source code of this software is available

            Typical usage

            • Application testing
            • Learning
            • Skill development
            • Vulnerability testing

            Damn Small Vulnerable Web review

            64

            LFI Suite

            Introduction

            This tool is a useful addition to the pentesting toolbox of security professionals. It can help discover and exploit any local file inclusion weakness in applications. Upon success, a reverse shell can be used to get access to the system.

            Project details

            LFI Suite is written in Python.

            Strengths and weaknesses

            • + The source code of this software is available
            • - Full name of author is unknown

            Typical usage

            • Penetration testing
            • Web application analysis

            LFI Suite review

            96

            OpenVAS

            Introduction

            OpenVAS is an open source vulnerability scanner that emerged from when Nessus became closed source in October of 2005.

            Project details

            OpenVAS is written in C.

            Strengths and weaknesses

            • + The source code of this software is available
            • + Well-known tool

              Typical usage

              • Penetration testing
              • Security assessment
              • Vulnerability scanning

              OpenVAS review

              60

              Pompem

              Introduction

              Pompem is written in Python and helps pentesters to search public sources for vulnerability information and a related exploit.

              Sources

              • CXSecurity
              • National Vulnerability Database
              • PacketStorm security
              • Vulners
              • WPScan Vulnerability Database
              • ZeroDay

              Project details

              Pompem is written in Python.

              Strengths and weaknesses

              • + The source code of this software is available

                Typical usage

                • Vulnerability scanning

                Pompem review

                60

                vulnerability-alerter

                Introduction

                Vulnerability-alerter is a security tool to retrieve vulnerability data from NIST's database (NVD). This data can be used to discover recent vulnerabilities.

                Project details

                vulnerability-alerter is written in Python.

                Strengths and weaknesses

                • + The source code of this software is available

                  Typical usage

                  • Vulnerability management
                  • Vulnerability testing

                  vulnerability-alerter review

                  100

                  BetterCAP

                  Introduction

                  BetterCAP is often used by those who perform penetration testing and security assessments. This tool and framework is in particular useful for attempting man-in-the-middle attacks (MitM).

                  Project details

                  BetterCAP is written in Golang.

                  Strengths and weaknesses

                  • + More than 25 contributors
                  • + More than 2000 GitHub stars
                  • + The source code of this software is available

                    Typical usage

                    • Bypassing security measures
                    • Penetration testing
                    • Security assessment

                    BetterCAP review

                    60

                    Bowcaster

                    Introduction

                    Bowcaster is a framework to create exploits. It is written in Python and comes with a set of tool and modules to help exploit development.

                    Project details

                    Bowcaster is written in Python.

                    Strengths and weaknesses

                    • + The source code of this software is available
                    • - No updates for a while

                    Typical usage

                    • Exploit development
                    • Penetration testing

                    Bowcaster review

                    64

                    fsociety

                    Introduction

                    The fsociety toolkit is a penetration framework containing other security tools. The project states that is includes all the tools that are used in the Mr. Robot tv series.

                    Project details

                    fsociety is written in Python.

                    Strengths and weaknesses

                    • + More than 10 contributors
                    • + More than 2000 GitHub stars
                    • + The source code of this software is available
                    • - Full name of author is unknown

                    Typical usage

                    • Penetration testing
                    • Security assessment

                    fsociety review

                    60

                    Kitty

                    Introduction

                    Kitty is a framework for those who want to do fuzzing unusual targets, like proprietary protocols. Although Kitty itself is not a fuzzing tool, it allows one to build a fuzzing tool.

                    Project details

                    Kitty is written in Python.

                    Strengths and weaknesses

                    • + The source code of this software is available

                      Typical usage

                      • Application fuzzing

                      Kitty review

                      76

                      Malice

                      Introduction

                      Malice is a malware analysis that wants to provide a free and open source version of VirusTotal. The goal of Malice is to make it usable by both independent researchers up to fortune 500 companies.

                      Malice is useful for those that do malware analysis or deal with user-generated files that may contain malware. The framework allows scanning files and directories to see if they are infected.

                      Project details

                      Malice is written in Golang.

                      Strengths and weaknesses

                      • + More than 500 GitHub stars
                      • + The source code of this software is available

                        Typical usage

                        • Malware analysis
                        • Malware detection
                        • Malware research
                        • Malware scanning

                        Malice review

                        74

                        Metasploit Framework

                        Introduction

                        Metasploit is a framework that consists of tools to perform security assignments. It focuses on the offensive side of security and leverages exploit modules.

                        Project details

                        Metasploit Framework is written in Ruby.

                        Strengths and weaknesses

                        • + More than 400 contributors
                        • + More than 9000 stars
                        • + Many maintainers
                        • + The source code of this software is available
                        • + Supported by a large company
                        • + Well-known tool

                          Typical usage

                          • Penetration testing
                          • Security assessment
                          • Vulnerability scanning

                          Metasploit Framework review

                          88

                          OWTF (Offensive Web Testing Framework)

                          Introduction

                          OWTF is short for Offensive Web Testing Framework and it is one of the many OWASP projects to improve security.

                          Project details

                          OWTF is written in Python.

                          Strengths and weaknesses

                          • + More than 25 contributors
                          • + More than 500 GitHub stars
                          • + The source code of this software is available

                            Typical usage

                            • Penetration testing
                            • Security assessment

                            OWTF review

                            70

                            Viper

                            Introduction

                            Viper organizes the malware samples and exploits you found over time. It calls itself "Metasploit for malware researchers". Viper has a terminal interface to store, search and analyze files. As it is a framework, is also allows you to create your plugins.

                            Project details

                            74

                            Arachni

                            Introduction

                            Arachni is framework written in Ruby with focus on evaluating the security of web applications. Typical users include security professionals and system administrators.

                            The tooling is free and open source. Besides Linux, it also runs on macOS and Microsoft Windows.

                            Project details

                            Arachni is written in Ruby.

                            Strengths and weaknesses

                            • + More than 1000 GitHub stars
                            • + The source code of this software is available

                              Typical usage

                              • Penetration testing
                              • Security assessment
                              • Web application analysis

                              Arachni review

                              100

                              Lynis

                              Introduction

                              Lynis is an open source security auditing tool that is available since 2007 and created by Michael Boelen. Its primary goal is to evaluate the security defenses of systems running Linux or other flavors of Unix. It provides suggestions to install, configure, or correct any security measures.

                              Project details

                              Lynis is written in shell script.

                              Strengths and weaknesses

                              • + More than 50 contributors
                              • + Commercial support available
                              • + More than 4000 GitHub stars
                              • + Used language is shell script
                              • + Very low number of dependencies
                              • + Project is mature (10+ years)
                              • + The source code of this software is available

                                Typical usage

                                • IT audit
                                • Penetration testing
                                • Security assessment
                                • System hardening
                                • Vulnerability scanning

                                Lynis review

                                74

                                Nikto

                                Introduction

                                Nikto helps with performing security scans against web servers and to search for vulnerabilities in web applications.

                                Project details

                                Nikto is written in Perl.

                                Strengths and weaknesses

                                • + The source code of this software is available
                                • + Well-known tool

                                  Typical usage

                                  • Penetration testing
                                  • Security assessment
                                  • Web application analysis

                                  Nikto review

                                  81

                                  SearchSploit

                                  Introduction

                                  SearchSploit is a small by OffensiveSecurity to search for exploits and related data in the exploit database (Exploit-DB). This may help penetration testers in their security assignments.

                                  Project details

                                  SearchSploit is written in shell script.

                                  Strengths and weaknesses

                                  • + The source code is easy to read and understand
                                  • + Tool is easy to use
                                  • + Used language is shell script
                                  • - Full name of author is unknown

                                  Typical usage

                                  • Information gathering
                                  • Penetration testing
                                  • Service exploitation
                                  • System exploitation
                                  • Vulnerability testing

                                  SearchSploit review

                                  97

                                  Seccubus

                                  Introduction

                                  Supported engines and tools:

                                  • Nessus
                                  • OpenVAS
                                  • Nmap
                                  • Nikto
                                  • Medusa
                                  • Qualys SSL labs
                                  • SkipFish
                                  • SSLyze
                                  • testssl.sh
                                  • ZAP

                                  Project details

                                  78

                                  vuLnDAP

                                  Introduction

                                  VuLnDAP is a tool to show what can happen when a web application becomes vulnerable due to the business logic behind it. This tool uses LDAP, a common authentication protocol, to show such weaknesses. This tool helps penetration testers more about LDAP. At the same time, it provides useful insights to web and software developers to create more secure software.

                                  Project details

                                  vuLnDAP is written in Golang.

                                  Strengths and weaknesses

                                  • + The source code of this software is available

                                    Typical usage

                                    • Application security
                                    • Learning
                                    • Penetration testing

                                    vuLnDAP review

                                    74

                                    Vulnreport

                                    Introduction

                                    Vulnreport is a platform to deal with penetration test results. The tool formats them and provides actionable findings reports. The platform is strong in focusing on automation, to reduce the time spent by engineers.

                                    Project details

                                    Vulnreport is written in Ruby.

                                    Strengths and weaknesses

                                    • + The source code of this software is available

                                      Typical usage

                                      • Security reviews
                                      • Vulnerability management
                                      • Vulnerability scanning

                                      Vulnreport review

                                      64

                                      VulnWhisperer

                                      Introduction

                                      VulnWhisperer helps with the collection of vulnerability data and its reports. The goal of the tool is to make vulnerability data more actionable. It supports scans and data from products like Nessus, Qualys products, OpenVAS, and Tenable.io.

                                      Project details

                                      VulnWhisperer is written in Python.

                                      Strengths and weaknesses

                                      • + More than 10 contributors
                                      • + The source code of this software is available

                                        Typical usage

                                        • Vulnerability management
                                        • Vulnerability scanning

                                        VulnWhisperer review

                                        Some relevant tool missing as an alternative to Pocsuite? Please contact us with your suggestion.