Pocsuite alternatives

Looking for an alternative tool to replace Pocsuite? During the review of Pocsuite we looked at other open source tools. Based on their category, tags, and text, these are the ones that have the best match.

Top 3

  1. vFeed (vulnerability database and query engine)
  2. Halcyon IDE (development interface for Nmap NSE scripts)
  3. arch-audit (detection of vulnerable packages on Arch Linux)

These tools are ranked as the best alternatives to Pocsuite.

Alternatives (by score)

93

vFeed

Introduction

vFeed consists of a database and utilities to store vulnerability data. It uses third-party references and data, which then can be used to see if a software component has a known vulnerability. The data itself is enriched by cross-checking it and store additional details about the vulnerabilities.

The vFeed tooling has an API available with JSON output. It can be used by security researchers and practitioners to validate vulnerabilities and retrieve all available details.

Project details

vFeed is written in Python.

Strengths and weaknesses

  • + Commercial support available
  • + The source code of this software is available

    Typical usage

    • Security assessment
    • Vulnerability scanning

    vFeed review

    89

    Halcyon IDE

    Introduction

    Halcyon IDE provides an interface to develop Nmap scripts (NSE). These scripts can be used to extend the functionality of Nmap and perform more advanced scans on applications and infrastructures. By using an IDE, the development of NSE scripts can be simplified.

    Project details

    Halcyon IDE is written in Java.

    Strengths and weaknesses

    • + Runs on multiple platforms
    • + The source code of this software is available

      Typical usage

      • Exploit development
      • Penetration testing
      • Security awareness

      Halcyon IDE review

      76

      arch-audit

      Introduction

      The arch-audit utility scans the system for known vulnerabilities. It does so by looking at the version of installed packages and compare them with a database of known vulnerable versions.

      Project details

      arch-audit is written in Rust.

      Strengths and weaknesses

      • + The source code of this software is available

        Typical usage

        • Vulnerability scanning

        arch-audit review

        88

        LFI Suite

        Introduction

        This tool is a useful addition to the pentesting toolbox of security professionals. It can help discover and exploit any local file inclusion weakness in applications. Upon success, a reverse shell can be used to get access to the system.

        Project details

        LFI Suite is written in Python.

        Strengths and weaknesses

        • + The source code of this software is available
        • - Full name of author is unknown

        Typical usage

        • Penetration testing
        • Web application analysis

        LFI Suite review

        96

        OpenVAS

        Introduction

        OpenVAS is an open source vulnerability scanner that emerged from when Nessus became closed source in October of 2005.

        Project details

        OpenVAS is written in C.

        Strengths and weaknesses

        • + The source code of this software is available
        • + Well-known tool

          Typical usage

          • Penetration testing
          • Security assessment
          • Vulnerability scanning

          OpenVAS review

          60

          Pompem

          Introduction

          Pompem is written in Python and helps pentesters to search public sources for vulnerability information and a related exploit.

          Sources

          • CXSecurity
          • National Vulnerability Database
          • PacketStorm security
          • Vulners
          • WPScan Vulnerability Database
          • ZeroDay

          Project details

          Pompem is written in Python.

          Strengths and weaknesses

          • + The source code of this software is available

            Typical usage

            • Vulnerability scanning

            Pompem review

            76

            vulnerability-alerter

            Introduction

            Vulnerability-alerter is a security tool to retrieve vulnerability data from NIST's database (NVD). This data can be used to discover recent vulnerabilities.

            Project details

            vulnerability-alerter is written in Python.

            Strengths and weaknesses

            • + The source code of this software is available

              Typical usage

              • Vulnerability management
              • Vulnerability testing

              vulnerability-alerter review

              100

              BetterCAP

              Introduction

              BetterCAP is often used by those who perform penetration testing and security assessments. This tool and framework is in particular useful for attempting man-in-the-middle attacks (MitM).

              Project details

              BetterCAP is written in Golang.

              Strengths and weaknesses

              • + More than 25 contributors
              • + More than 2000 GitHub stars
              • + The source code of this software is available

                Typical usage

                • Bypassing security measures
                • Penetration testing
                • Security assessment

                BetterCAP review

                60

                Bowcaster

                Introduction

                Bowcaster is a framework to create exploits. It is written in Python and comes with a set of tool and modules to help exploit development.

                Project details

                Bowcaster is written in Python.

                Strengths and weaknesses

                • + The source code of this software is available
                • - No updates for a while

                Typical usage

                • Exploit development
                • Penetration testing

                Bowcaster review

                64

                fsociety

                Introduction

                The fsociety toolkit is a penetration framework containing other security tools. The project states that is includes all the tools that are used in the Mr. Robot tv series.

                Project details

                fsociety is written in Python.

                Strengths and weaknesses

                • + More than 10 contributors
                • + More than 2000 GitHub stars
                • + The source code of this software is available
                • - Full name of author is unknown

                Typical usage

                • Penetration testing
                • Security assessment

                fsociety review

                60

                Kitty

                Introduction

                Kitty is a framework for those who want to do fuzzing unusual targets, like proprietary protocols. Although Kitty itself is not a fuzzing tool, it allows one to build a fuzzing tool.

                Project details

                Kitty is written in Python.

                Strengths and weaknesses

                • + The source code of this software is available

                  Typical usage

                  • Application fuzzing

                  Kitty review

                  74

                  Metasploit Framework

                  Introduction

                  Metasploit is a framework that consists of tools to perform security assignments. It focuses on the offensive side of security and leverages exploit modules.

                  Project details

                  Metasploit Framework is written in Ruby.

                  Strengths and weaknesses

                  • + More than 400 contributors
                  • + More than 9000 stars
                  • + Many maintainers
                  • + The source code of this software is available
                  • + Supported by a large company
                  • + Well-known tool

                    Typical usage

                    • Penetration testing
                    • Security assessment
                    • Vulnerability scanning

                    Metasploit Framework review

                    89

                    OWTF (Offensive Web Testing Framework)

                    Introduction

                    OWTF is short for Offensive Web Testing Framework and it is one of the many OWASP projects to improve security.

                    Project details

                    OWTF is written in Python.

                    Strengths and weaknesses

                    • + More than 25 contributors
                    • + More than 500 GitHub stars
                    • + The source code of this software is available

                      Typical usage

                      • Penetration testing
                      • Security assessment

                      OWTF review

                      93

                      Viper

                      Introduction

                      Viper organizes the malware samples and exploits you found over time. It calls itself "Metasploit for malware researchers". Viper has a terminal interface to store, search and analyze files. As it is a framework, is also allows you to create your plugins.

                      Project details

                      74

                      Arachni

                      Introduction

                      Arachni is framework written in Ruby with focus on evaluating the security of web applications. Typical users include security professionals and system administrators.

                      The tooling is free and open source. Besides Linux, it also runs on macOS and Microsoft Windows.

                      Project details

                      Arachni is written in Ruby.

                      Strengths and weaknesses

                      • + More than 1000 GitHub stars
                      • + The source code of this software is available

                        Typical usage

                        • Penetration testing
                        • Security assessment
                        • Web application analysis

                        Arachni review

                        100

                        Lynis

                        Introduction

                        Lynis is an open source security auditing tool that is available since 2007 and created by Michael Boelen. Its primary goal is to evaluate the security defenses of systems running Linux or other flavors of Unix. It provides suggestions to install, configure, or correct any security measures.

                        Project details

                        Lynis is written in shell script.

                        Strengths and weaknesses

                        • + More than 50 contributors
                        • + Commercial support available
                        • + More than 4000 GitHub stars
                        • + Used language is shell script
                        • + Very low number of dependencies
                        • + Project is mature (10+ years)
                        • + The source code of this software is available

                          Typical usage

                          • IT audit
                          • Penetration testing
                          • Security assessment
                          • System hardening

                          Lynis review

                          74

                          Nikto

                          Introduction

                          Nikto helps with performing security scans against web servers and to search for vulnerabilities in web applications.

                          Project details

                          Nikto is written in Perl.

                          Strengths and weaknesses

                          • + The source code of this software is available
                          • + Well-known tool

                            Typical usage

                            • Penetration testing
                            • Security assessment
                            • Web application analysis

                            Nikto review

                            97

                            SearchSploit

                            Introduction

                            This little utility can search for exploits and related data in the Exploit-DB.

                            Project details

                            SearchSploit is written in shell script.

                            Strengths and weaknesses

                            • + Used language is shell script
                            • - Full name of author is unknown

                            Typical usage

                            • Information gathering
                            • Penetration testing

                            SearchSploit review

                            97

                            Seccubus

                            Introduction

                            Supported engines and tools:

                            • Nessus
                            • OpenVAS
                            • Nmap
                            • Nikto
                            • Medusa
                            • Qualys SSL labs
                            • SkipFish
                            • SSLyze
                            • testssl.sh
                            • ZAP

                            Project details

                            74

                            Vulnreport

                            Introduction

                            Vulnreport is a platform to deal with penetration test results. The tool formats them and provides actionable findings reports. The platform is strong in focusing on automation, to reduce the time spent by engineers.

                            Project details

                            Vulnreport is written in Ruby.

                            Strengths and weaknesses

                            • + The source code of this software is available

                              Typical usage

                              • Security reviews
                              • Vulnerability management
                              • Vulnerability scanning

                              Vulnreport review

                              89

                              VulnWhisperer

                              Introduction

                              VulnWhisperer helps with the collection of vulnerability data and its reports. The goal of the tool is to make vulnerability data more actionable. It supports scans and data from products like Nessus, Qualys products, OpenVAS, and Tenable.io.

                              Project details

                              VulnWhisperer is written in Python.

                              Strengths and weaknesses

                              • + More than 10 contributors
                              • + The source code of this software is available

                                Typical usage

                                • Vulnerability management
                                • Vulnerability scanning

                                VulnWhisperer review

                                100

                                WPScan

                                Introduction

                                WPScan can scan WordPress installations and determine if there are vulnerabilities in a particular installation.

                                Project details

                                WPScan is written in Ruby.

                                Strengths and weaknesses

                                • + More than 25 contributors
                                • + More than 2000 GitHub stars
                                • + The source code of this software is available
                                • - Software usage is restricted (e.g. commercially)

                                Typical usage

                                • Penetration testing
                                • Security assessment
                                • Vulnerability scanning

                                WPScan review

                                96

                                Archery

                                Introduction

                                Archery is a tool that helps to collect data about vulnerabilities within an environment. Instead of focusing on the actual scanning, it allows managing findings in a web-based interface. This includes options like reporting, searching, and dashboards. It can interact with other tools, including the well-known vulnerability scanners.

                                Project details

                                Archery is written in Python.

                                Strengths and weaknesses

                                • + The source code of this software is available

                                  Typical usage

                                  • Vulnerability management
                                  • Vulnerability scanning
                                  • Vulnerability testing

                                  Archery review

                                  64

                                  CMSmap

                                  Introduction

                                  CMSmap helps saving time in the process of detecting what CMS is used for a given web application. It performs reconnaissance and can do additional vulnerability scanning.

                                  Project details

                                  CMSmap is written in Python.

                                  Strengths and weaknesses

                                  • + The source code of this software is available

                                    Typical usage

                                    • Application testing
                                    • Information gathering
                                    • Vulnerability scanning
                                    • Web application analysis

                                    CMSmap review

                                    68

                                    Dagda

                                    Introduction

                                    The main reasons to use Dagda is the detection of vulnerable or malicious components within your containerized environment.

                                    Project details

                                    Dagda is written in Python.

                                    Strengths and weaknesses

                                    • + The source code of this software is available

                                      Typical usage

                                      • Malware detection
                                      • Malware scanning
                                      • Vulnerability management
                                      • Vulnerability scanning

                                      Dagda review

                                      Some relevant tool missing as an alternative to Pocsuite? Please contact us with your suggestion.