RootHelper alternatives

Looking for an alternative tool to replace RootHelper? During the review of RootHelper we looked at other open source tools. Based on their category, tags, and text, these are the ones that have the best match.

Top 3

  1. LinEnum (enumeration and privilege escalation)
  2. detectem (software enumeration)
  3. dirsearch (directory fuzzer for web applications)

These tools are ranked as the best alternatives to RootHelper.

Alternatives (by score)

97

LinEnum

Introduction

LinEnum is one of the tools that can help with automating penetration tests. It performs a discovery on the environment it runs in and tries finding weaknesses to allow privilege escalation.

Project details

LinEnum is written in shell script.

Strengths and weaknesses

  • + Very low number of dependencies
  • + The source code of this software is available
  • + Well-known tool

    Typical usage

    • Penetration testing
    • Privilege escalation
    • System enumeration

    LinEnum review

    81

    detectem

    Introduction

    Detectem can be a good early vulnerability detection system. By scanning regularly the dependencies of web applications, old versions of tools can be detected and upgraded. This tool is also helpful for penetration tests to find out what kind of software components are used.

    Project details

    detectem is written in Python.

    Strengths and weaknesses

    • + The source code of this software is available

      Typical usage

      • Application security
      • Application testing
      • Reconnaissance
      • Vulnerability scanning

      detectem review

      60

      dirsearch

      Introduction

      Dirsearch is a tool to guide security professionals to find possible information leaks or sensitive data. It does this by looking for directory and file names.

      Project details

      dirsearch is written in Python.

      Strengths and weaknesses

      • + More than 10 contributors
      • + More than 500 GitHub stars
      • + The source code of this software is available

        Typical usage

        • Information gathering
        • Penetration testing
        • Security assessment

        dirsearch review

        64

        DirSearch (Go)

        Introduction

        DirSearch is a scanning tool to find directories and files on web applications. It is a remake of the dirsearch tool that was created by Mauro Soria.

        Project details

        DirSearch (Go) is written in Golang.

        Strengths and weaknesses

        • + The source code of this software is available

          Typical usage

          • Information gathering
          • Penetration testing
          • Security assessment

          DirSearch (Go) review

          85

          Fierce

          Introduction

          Fierce is a security tool that helps with DNS reconnaissance. It can locate non-contiguous IP space, but using DNS information.

          Project details

          Fierce is written in Python.

          Strengths and weaknesses

          • + The source code of this software is available

            Typical usage

            • Information gathering
            • Reconnaissance
            • Security assessment

            Fierce review

            63

            keimpx

            Introduction

            The keimpx security tool can be used to check for valid credentials across a network. It uses the SMB protocol, typically used on Microsoft Windows and others.

            Project details

            keimpx is written in Python.

            Strengths and weaknesses

            • + The source code of this software is available

              Typical usage

              • Penetration testing
              • Security assessment

              keimpx review

              97

              O-Saft

              Introduction

              O-Saft is the abbreviation for OWASP SSL advanced forensic tool.

              Project details

              O-Saft is written in Perl.

              Strengths and weaknesses

              • + The source code of this software is available

                Typical usage

                • Information gathering
                • Penetration testing
                • Security assessment
                • Vulnerability scanning
                • Web application analysis

                O-Saft review

                63

                Oscanner

                Introduction

                The tool has a plugin-based architecture for enumeration purposes of Oracle installations.

                • Sid enumeration
                • Passwords tests (common & dictionary)
                • Enumerate Oracle version
                • Enumerate account roles
                • Enumerate account privileges
                • Enumerate account hashes
                • Enumerate audit information
                • Enumerate password policies
                • Enumerate database links

                Project details

                Oscanner is written in Java.

                Strengths and weaknesses

                • + The source code of this software is available

                  Oscanner review

                  78

                  Sn1per

                  Introduction

                  Sn1per is security scanner that can be used during a penetration test to enumerate and scan for vulnerabilities.

                  Project details

                  Sn1per is written in Python, shell script.

                  Strengths and weaknesses

                  • + More than 10 contributors
                  • + More than 1000 GitHub stars
                  • + The source code of this software is available
                  • - Unknown project license

                  Typical usage

                  • Penetration testing
                  • Reconnaissance

                  Sn1per review

                  60

                  SubBrute (subdomain-bruteforcer)

                  Introduction

                  SubBrute is a DNS meta-query spider that enumerates DNS records and subdomains. This can be useful during penetration tests and security assessments.

                  Project details

                  SubBrute is written in Python.

                  Strengths and weaknesses

                  • + More than 1000 GitHub stars
                  • + The source code of this software is available
                  • - Full name of author is unknown

                  Typical usage

                  • Information gathering
                  • Penetration testing
                  • Security assessment

                  SubBrute review

                  56

                  Subdomino

                  Introduction

                  Tools like Subdomino are often used for penetration testing and information discovery. This tool focuses on retrieving information via DNS and is related to domain names.

                  Project details

                  Subdomino is written in Python.

                  Strengths and weaknesses

                  • + The source code of this software is available
                  • - Full name of author is unknown
                  • - Unknown project license

                  Typical usage

                  • Information gathering
                  • Penetration testing

                  Subdomino review

                  60

                  Sublist3r

                  Introduction

                  Sublist3r helps penetration testers and bug hunters collect and gather subdomains for the domain they are targeting.

                  Project details

                  Sublist3r is written in Python.

                  Strengths and weaknesses

                  • + More than 2000 GitHub stars
                  • + The source code of this software is available

                    Sublist3r review

                    60

                    tlsenum

                    Introduction

                    This tool works by sending out sending out TLS ClientHello messages. Any ServerHello responses from the server are parsed. It assumes that the server is the one which decides the preferred cipher suite, giving an idea on the available ciphers.

                    Project details

                    tlsenum is written in Python.

                    Strengths and weaknesses

                    • + The source code of this software is available

                      Typical usage

                      • Information gathering
                      • Security assessment
                      • System hardening

                      tlsenum review

                      85

                      wafw00f

                      Introduction

                      wafw00f is a security tool to perform fingerprinting on web applications and detect any web application firewall in use.

                      Project details

                      wafw00f is written in Python.

                      Strengths and weaknesses

                      • + The source code of this software is available

                        Typical usage

                        • Application fingerprinting
                        • Information gathering
                        • Penetration testing
                        • Reconnaissance
                        • Security assessment

                        wafw00f review

                        64

                        weblocator

                        Introduction

                        The weblocator security tool performs a discovery search to find directories and files. This can be useful for penetration tests to find sensitive data.

                        Project details

                        weblocator is written in Python.

                        Strengths and weaknesses

                        • + The source code of this software is available

                          Typical usage

                          • Information gathering
                          • Penetration testing
                          • Security assessment

                          weblocator review

                          89

                          WhatWeb

                          Introduction

                          WhatWeb can be used stealthy and fast to determine what technologies are used on a particular website or web application. This process called fingerprinting can tell a lot about how it was build and possible weaknesses it might have. The tool can be used in different levels, from stealthy to very aggressive. This last one is useful in penetration tests or during development.

                          Project details

                          WhatWeb is written in Ruby.

                          Strengths and weaknesses

                          • + More than 25 contributors
                          • + More than 1000 GitHub stars
                          • + The source code of this software is available

                            Typical usage

                            • Reconnaissance
                            • Web application analysis

                            WhatWeb review

                            Some relevant tool missing as an alternative to RootHelper? Please contact us with your suggestion.