SFTPfuzzer alternatives

Looking for a better tool, or simply want to learn about alternatives? There is typically more than one option.

Alternatives (by tag)

68

Alternative: 0d1n

0d1n is a security tool to perform fuzzing of web applications and discover potential security issues. It is commonly used during security assignments.

0d1n is useful to perform brute-force login attempts for authentication forms. It can discover useful directory names by using a predefined list of paths. With options to use a random proxy per request and load CSRF tokens, it is a tool that can be used in different type of assignments.

Project details

0d1n is written in C.

Strengths

  • + The source code of this software is available

Typical usage

  • information gathering
  • penetration test
  • security assessment
  • vulnerability scanning

0d1n project page

63

Alternative: afl (American fuzzy lop)

American fuzzy lop, or afl, is a security-oriented fuzzer. It helps with testing software to find unexpected results within applications.

Project details

afl is written in C.

Strengths

  • + The source code of this software is available

Typical usage

  • application testing

afl project page

84

Alternative: boofuzz

Boofuzz is a fork of Sulley fuzzing framework after its maintenance dropped. Besides numerous bug fixes, boofuzz aims for extensibility.

Project details

boofuzz is written in Python.

Strengths

  • + More than 10 contributors
  • + The source code of this software is available

Typical usage

  • vulnerability scanning

boofuzz project page

84

Alternative: dirsearch

Dirsearch is a tool to guide security professionals to find possible information leaks or sensitive data. It does this by looking for directory and file names.

Project details

dirsearch is written in Python.

Strengths

  • + More than 10 contributors
  • + More than 500 GitHub stars
  • + The source code of this software is available

Typical usage

  • information gathering
  • penetration test
  • security assessment

dirsearch project page

64

Alternative: DirSearch (Go)

DirSearch is a scanning tool to find directories and files on web applications. It is a remake of the dirsearch tool that was created by Mauro Soria.

Project details

DirSearch (Go) is written in Golang.

Strengths

  • + The source code of this software is available

Typical usage

  • information gathering
  • penetration test
  • security assessment

DirSearch (Go) project page

64

Alternative: DotDotPwn

DotDotPwn is a security tool to perform directory traversal attempts to discover interesting paths in web applications.

Project details

DotDotPwn is written in Perl.

Strengths

  • + The source code of this software is available

Typical usage

  • application fuzzing
  • penetration test

DotDotPwn project page

68

Alternative: Fuzzapi

Fuzzapi is a security tool to test a REST API using fuzzing. It can be used for security assessments and penetration tests.

Project details

Fuzzapi is written in Ruby.

Strengths

  • + The source code of this software is available

Typical usage

  • application fuzzing
  • application testing

Fuzzapi project page

76

Alternative: Kitty

Kitty is a modular and extensible fuzzing framework written in Python. It is inspired by OpenRCE's Sulley and Michael Eddington's Peach Fuzzer tool.

Project details

Kitty is written in Python.

Strengths

  • + The source code of this software is available

Typical usage

  • application fuzzing

Kitty project page

52

Alternative: Sulley

Sulley is an automated fuzzing framework that can be used during penetration tests and security assessments.

Project details

Sulley is written in Python.

Strengths

  • + More than 500 GitHub stars
  • + The source code of this software is available

Weaknesses

  • - No updates for a while

Typical usage

  • vulnerability management

Sulley project page

64

Alternative: syzkaller

Syzkaller is an unsupervised coverage-guided Linux kernel fuzzer. It tests kernel system calls (syscall) to see how they respond to unexpected data.

Project details

syzkaller is written in Golang.

Strengths

  • + More than 25 contributors
  • + More than 1000 GitHub stars
  • + The source code of this software is available

Typical usage

  • application fuzzing
  • application testing

syzkaller project page

59

Alternative: Wapiti

Wapiti is a security tool to perform vulnerability scans on web applications. It uses fuzzing to detect known and unknown paths, among other tests.

Project details

Wapiti is written in Python.

Strengths

  • + The source code of this software is available
  • + Well-known tool

Weaknesses

  • - No updates for a while

Typical usage

  • vulnerability scanning
  • web application analysis

Wapiti project page