SMBMap alternatives

Looking for an alternative tool to replace SMBMap? During the review of SMBMap we looked at other open source tools. Based on their category, tags, and text, these are the ones that have the best match.

Top 3

  1. keimpx (SMB enumeration tool)
  2. AIL framework (framework to parse data of information leaks)
  3. S3Scanner (AWS S3 bucket scanner)

These tools are ranked as the best alternatives to SMBMap.

Alternatives (by score)

63

keimpx

Introduction

The keimpx security tool can be used to check for valid credentials across a network. It uses the SMB protocol, typically used on Microsoft Windows and others.

Project details

keimpx is written in Python.

Strengths and weaknesses

  • + The source code of this software is available

    Typical usage

    • Penetration testing
    • Security assessment

    keimpx review

    60

    AIL framework

    Introduction

    AIL is a modular framework which helps to analyze potential information leaks. The framework is flexible and supports different kinds of data formats and sources. For example, one of the sources is the collection of pastes from Pastebin. A tool like AIL is commonly used to detect or even prevent data leaks.

    Project details

    AIL framework is written in Python.

    Strengths and weaknesses

    • + More than 10 contributors
    • + The source code of this software is available

      Typical usage

      • Data extraction
      • Data leak detection
      • Information leak detection
      • Security monitoring

      AIL framework review

      76

      S3Scanner

      Introduction

      The aptly named S3Scanner is to be used to detect AWS S3 buckets. Discovered buckets are displayed, together with the related objects in the bucket.

      Project details

      S3Scanner is written in Python.

      Strengths and weaknesses

      • + The source code of this software is available

        Typical usage

        • Information gathering
        • Information leak detection
        • Penetration testing
        • Storage security testing

        S3Scanner review

        64

        Teh S3 Bucketeers

        Introduction

        Tools like Teh S3 Bucketeers are valuable for doing reconnaissance and information gathering. They may be used during penetration tests and security assessments. The primary goal of these tools is to find S3 buckets that may lead to sensitive data stored on Amazon's storage service.

        Project details

        Teh S3 Bucketeers is written in shell script.

        Strengths and weaknesses

        • + The source code is easy to read and understand
        • + Used language is shell script
        • + The source code of this software is available
        • - No releases on GitHub available

        Typical usage

        • Penetration testing
        • Security assessment
        • Storage security testing

        Teh S3 Bucketeers review

        60

        snallygaster

        Introduction

        This tool helps with detecting those files that you typically do not want to have exposed on your webservers. This includes files related to software repositories (e.g. .git), web shells,

        Project details

        snallygaster is written in Python.

        Strengths and weaknesses

        • + More than 1000 GitHub stars
        • + The source code of this software is available
        • - No releases on GitHub available

        Typical usage

        • Data leak detection
        • Discovery of sensitive information
        • Information leak detection

        snallygaster review

        60

        Dionaea

        Introduction

        Dionaea is a honeypot that can emulate a range of services like FTP, HTTP, MySQL, and SMB. It can be used to see and learn how attackers work.

        Project details

        Dionaea is written in C.

        Strengths and weaknesses

        • + The source code of this software is available
        • - Full name of author is unknown

        Typical usage

        • Learning
        • Threat discovery

        Dionaea review

        97

        Samba

        Introduction

        Since 1992, Samba provides file and print services based on the server message block (SMB) protocol. This protocol was released by Microsoft as part of the open specifications.

        Samba helps with interoperability between systems running Microsoft Windows and those running one of the flavor of Unix like Linux. The toolkit allows systems to become part of the Active Directory environment and join a domain controller or domain member.

        Project details

        Strengths and weaknesses

        • + The source code of this software is available

          Samba review

          52

          Samba-VirusFilter

          Introduction

          On-access antivirus filter for Samba to detect malware threats and prevent them from investing file shares.

          Project details

          Strengths and weaknesses

          • + The source code of this software is available

            Samba-VirusFilter review

            78

            Acra

            Introduction

            Acra is a database encryption proxy that provides encryption and data leakage prevention to applications. It provides selective encryption, access control, database and data leak prevention, and even intrusion detection capabilities. It is focused on developers and supports most popular programming languages such as Go, PHP, Python, Ruby.

            Project details

            Acra is written in Golang, Node.js, Objective-C, PHP, Python, Ruby.

            Strengths and weaknesses

            • + Commercial support available
            • + The source code of this software is available

              Typical usage

              • Data encryption
              • Data leak prevention
              • Data security
              • Vulnerability mitigation

              Acra review

              64

              BuQuikker

              Introduction

              BuQuikker is a security tool to scan the Amazon S3 storage service. Its goal is to find open and unprotected S3 buckets.

              Project details

              BuQuikker is written in Python.

              Strengths and weaknesses

              • + The source code of this software is available

                Typical usage

                • Data leak detection
                • Security assessment

                BuQuikker review

                64

                DNSteal

                Introduction

                DNSteal allows you to extract files from a machine through DNS requests. This can be used to circumvent security measures and test them against data leakage. The tool supports compression and allows for multiple files to be transferred.

                Project details

                DNSteal is written in Python.

                Strengths and weaknesses

                • + More than 500 GitHub stars
                • + The source code of this software is available
                • - No releases on GitHub available
                • - Full name of author is unknown

                Typical usage

                • Application security
                • Data hiding

                DNSteal review

                60

                GitMiner

                Introduction

                GitMiner is a tool to scan for sensitive data that is leaked via software repositories. Examples of sensitive data are authentication details such as passwords or connection settings.

                Project details

                GitMiner is written in Python.

                Strengths and weaknesses

                • + More than 1000 GitHub stars
                • + The source code of this software is available

                  Typical usage

                  • Asset discovery
                  • Discovery of sensitive information
                  • Information leak detection

                  GitMiner review

                  60

                  git-secrets

                  Introduction

                  You would most likely use git-secrets in development teams or as an individual developer. The primary goal is to prevent accidentally submitting authentication details or otherwise sensitive information to your software repositories.

                  Project details

                  git-secrets is written in shell script.

                  Strengths and weaknesses

                  • + The source code of this software is available

                    Typical usage

                    • Data leak prevention
                    • Information leak prevention

                    git-secrets review

                    85

                    gitleaks

                    Introduction

                    Gitleaks scans the repository, including history, for secrets and other sensitive data. This can be useful for both developers as security professionals to discover any leaks.

                    Project details

                    gitleaks is written in Golang.

                    Strengths and weaknesses

                    • + More than 10 contributors
                    • + More than 3000 GitHub stars
                    • + The source code of this software is available

                      Typical usage

                      • Security assessment

                      gitleaks review

                      64

                      DirSearch (Go)

                      Introduction

                      DirSearch is a Go implementation of the original dirsearch tool written by Mauro Soria. It is used to discover directories by using common names and guessing (fuzzing).

                      Project details

                      DirSearch (Go) is written in Golang.

                      Strengths and weaknesses

                      • + The source code of this software is available

                        Typical usage

                        • Information gathering
                        • Penetration testing
                        • Security assessment

                        DirSearch (Go) review

                        60

                        Fierce

                        Introduction

                        Fierce is a security tool that helps with DNS reconnaissance. It can locate non-contiguous IP space, but using DNS information.

                        Project details

                        Fierce is written in Python.

                        Strengths and weaknesses

                        • + The source code of this software is available

                          Typical usage

                          • Information gathering
                          • Reconnaissance
                          • Security assessment

                          Fierce review

                          74

                          LinEnum

                          Introduction

                          LinEnum is one of the tools that can help with automating penetration tests. It performs a discovery on the environment it runs in and tries finding weaknesses to allow privilege escalation.

                          Project details

                          LinEnum is written in shell script.

                          Strengths and weaknesses

                          • + Very low number of dependencies
                          • + The source code of this software is available
                          • + Well-known tool

                            Typical usage

                            • Penetration testing
                            • Privilege escalation
                            • System enumeration

                            LinEnum review

                            97

                            O-Saft

                            Introduction

                            O-Saft is the abbreviation for OWASP SSL advanced forensic tool.

                            Project details

                            O-Saft is written in Perl.

                            Strengths and weaknesses

                            • + The source code of this software is available

                              Typical usage

                              • Information gathering
                              • Penetration testing
                              • Security assessment
                              • Vulnerability scanning
                              • Web application analysis

                              O-Saft review

                              63

                              Oscanner

                              Introduction

                              The tool has a plugin-based architecture for enumeration purposes of Oracle installations.

                              • Sid enumeration
                              • Passwords tests (common & dictionary)
                              • Enumerate Oracle version
                              • Enumerate account roles
                              • Enumerate account privileges
                              • Enumerate account hashes
                              • Enumerate audit information
                              • Enumerate password policies
                              • Enumerate database links

                              Project details

                              Oscanner is written in Java.

                              Strengths and weaknesses

                              • + The source code of this software is available

                                Oscanner review

                                64

                                RootHelper

                                Introduction

                                RootHelper is a small script to retrieve several enumeration and privilege escalation tools. It can be used during penetration testing.

                                Project details

                                RootHelper is written in shell script.

                                Strengths and weaknesses

                                • + Used language is shell script
                                • + The source code of this software is available

                                  Typical usage

                                  • Penetration testing
                                  • Privilege escalation
                                  • Security assessment

                                  RootHelper review

                                  68

                                  Sn1per

                                  Introduction

                                  Sn1per is security scanner that can be used during a penetration test to enumerate and scan for vulnerabilities.

                                  Project details

                                  Sn1per is written in Python, shell script.

                                  Strengths and weaknesses

                                  • + More than 10 contributors
                                  • + More than 1000 GitHub stars
                                  • + The source code of this software is available
                                  • - Unknown project license

                                  Typical usage

                                  • Penetration testing
                                  • Reconnaissance

                                  Sn1per review

                                  60

                                  SubBrute (subdomain-bruteforcer)

                                  Introduction

                                  SubBrute is a DNS meta-query spider that enumerates DNS records and subdomains. This can be useful during penetration tests and security assessments.

                                  Project details

                                  SubBrute is written in Python.

                                  Strengths and weaknesses

                                  • + More than 1000 GitHub stars
                                  • + The source code of this software is available
                                  • - Full name of author is unknown

                                  Typical usage

                                  • Information gathering
                                  • Penetration testing
                                  • Security assessment

                                  SubBrute review

                                  60

                                  Sublist3r

                                  Introduction

                                  Sublist3r helps penetration testers and bug hunters collect and gather subdomains for the domain they are targeting.

                                  Project details

                                  Sublist3r is written in Python.

                                  Strengths and weaknesses

                                  • + More than 2000 GitHub stars
                                  • + The source code of this software is available

                                    Sublist3r review

                                    74

                                    WhatWeb

                                    Introduction

                                    WhatWeb can be used stealthy and fast to determine what technologies are used on a particular website or web application. This process called fingerprinting can tell a lot about how it was build and possible weaknesses it might have. The tool can be used in different levels, from stealthy to very aggressive. This last one is useful in penetration tests or during development.

                                    Project details

                                    WhatWeb is written in Ruby.

                                    Strengths and weaknesses

                                    • + More than 25 contributors
                                    • + More than 1000 GitHub stars
                                    • + The source code of this software is available

                                      Typical usage

                                      • Reconnaissance
                                      • Web application analysis

                                      WhatWeb review

                                      64

                                      altdns

                                      Introduction

                                      Altdns is a security tool to discover subdomains. It generates permutations, alterations, and mutations of subdomains. The generated names can also be tested by performing DNS lookups. An enumeration tool like Altdns is useful during penetrating testing assignments.

                                      Project details

                                      altdns is written in Python.

                                      Strengths and weaknesses

                                      • + More than 500 GitHub stars
                                      • + The source code of this software is available

                                        Typical usage

                                        • Reconnaissance
                                        • Subdomain discovery
                                        • Subdomain enumeration

                                        altdns review

                                        Some relevant tool missing as an alternative to SMBMap? Please contact us with your suggestion.