SMBMap alternatives

Looking for an alternative tool to replace SMBMap? During the review of SMBMap we looked at other open source tools. Based on their category, tags, and text, these are the ones that have the best match.

Top 3

  1. keimpx (SMB enumeration tool)
  2. AIL framework (framework to parse data of information leaks)
  3. S3Scanner (AWS S3 bucket scanner)

These tools are ranked as the best alternatives to SMBMap.

Alternatives (by score)

63

keimpx

Introduction

The keimpx security tool can be used to check for valid credentials across a network. It uses the SMB protocol, typically used on Microsoft Windows and others.

Project details

keimpx is written in Python.

Strengths and weaknesses

  • + The source code of this software is available

    Typical usage

    • Penetration testing
    • Security assessment

    keimpx review

    85

    AIL framework

    Introduction

    AIL is a modular framework which helps to analyze potential information leaks. The framework is flexible and supports different kinds of data formats and sources. For example, one of the sources is the collection of pastes from Pastebin. A tool like AIL is commonly used to detect or even prevent data leaks.

    Project details

    AIL framework is written in Python.

    Strengths and weaknesses

    • + More than 10 contributors
    • + The source code of this software is available

      Typical usage

      • Data extraction
      • Data leak detection
      • Information leak detection
      • Security monitoring

      AIL framework review

      60

      S3Scanner

      Introduction

      The aptly named S3Scanner is to be used to detect AWS S3 buckets. Discovered buckets are displayed, together with the related objects in the bucket.

      Project details

      S3Scanner is written in Python.

      Strengths and weaknesses

      • + The source code of this software is available

        Typical usage

        • Information gathering
        • Information leak detection
        • Penetration testing
        • Storage security testing

        S3Scanner review

        64

        snallygaster

        Introduction

        This tool helps with detecting those files that you typically do not want to have exposed on your webservers. This includes files related to software repositories (e.g. .git), web shells,

        Project details

        snallygaster is written in Python.

        Strengths and weaknesses

        • + More than 1000 GitHub stars
        • + The source code of this software is available
        • - No releases on GitHub available

        Typical usage

        • Data leak detection
        • Discovery of sensitive information
        • Information leak detection

        snallygaster review

        64

        Teh S3 Bucketeers

        Introduction

        Tools like Teh S3 Bucketeers are valuable for doing reconnaissance and information gathering. They may be used during penetration tests and security assessments. The primary goal of these tools is to find S3 buckets that may lead to sensitive data stored on Amazon's storage service.

        Project details

        Teh S3 Bucketeers is written in shell script.

        Strengths and weaknesses

        • + The source code is easy to read and understand
        • + Used language is shell script
        • + The source code of this software is available
        • - No releases on GitHub available

        Typical usage

        • Penetration testing
        • Security assessment
        • Storage security testing

        Teh S3 Bucketeers review

        100

        Acra

        Introduction

        Acra is a database encryption proxy that provides encryption and data leakage prevention to applications. It provides selective encryption, access control, database and data leak prevention, and even intrusion detection capabilities. It is focused on developers and supports most popular programming languages such as Go, PHP, Python, Ruby.

        Project details

        Acra is written in Golang, Node.js, Objective-C, PHP, Python, Ruby.

        Strengths and weaknesses

        • + Commercial support available
        • + The source code of this software is available

          Typical usage

          • Data encryption
          • Data leak prevention
          • Data security
          • Vulnerability mitigation

          Acra review

          64

          BuQuikker

          Introduction

          BuQuikker is a security tool to scan the Amazon S3 storage service. Its goal is to find open and unprotected S3 buckets.

          Project details

          BuQuikker is written in Python.

          Strengths and weaknesses

          • + The source code of this software is available

            Typical usage

            • Data leak detection
            • Security assessment

            BuQuikker review

            64

            DNSteal

            Introduction

            DNSteal allows you to extract files from a machine through DNS requests. This can be used to circumvent security measures and test them against data leakage. The tool supports compression and allows for multiple files to be transferred.

            Project details

            DNSteal is written in Python.

            Strengths and weaknesses

            • + More than 500 GitHub stars
            • + The source code of this software is available
            • - No releases on GitHub available
            • - Full name of author is unknown

            Typical usage

            • Application security
            • Data hiding

            DNSteal review

            85

            gitleaks

            Introduction

            Gitleaks scans the repository, including history, for secrets and other sensitive data. This can be useful for both developers as security professionals to discover any leaks.

            Project details

            gitleaks is written in Golang.

            Strengths and weaknesses

            • + More than 10 contributors
            • + More than 3000 GitHub stars
            • + The source code of this software is available

              Typical usage

              • Security assessment

              gitleaks review

              60

              GitMiner

              Introduction

              GitMiner is a tool to scan for sensitive data that is leaked via software repositories. Examples of sensitive data are authentication details such as passwords or connection settings.

              Project details

              GitMiner is written in Python.

              Strengths and weaknesses

              • + More than 1000 GitHub stars
              • + The source code of this software is available

                Typical usage

                • Asset discovery
                • Discovery of sensitive information
                • Information leak detection

                GitMiner review

                76

                git-secrets

                Introduction

                You would most likely use git-secrets in development teams or as an individual developer. The primary goal is to prevent accidentally submitting authentication details or otherwise sensitive information to your software repositories.

                Project details

                git-secrets is written in shell script.

                Strengths and weaknesses

                • + The source code of this software is available

                  Typical usage

                  • Data leak prevention
                  • Information leak prevention

                  git-secrets review

                  64

                  altdns

                  Introduction

                  Altdns is a security tool to discover subdomains. It generates permutations, alterations, and mutations of subdomains. The generated names can also be tested by performing DNS lookups. An enumeration tool like Altdns is useful during penetrating testing assignments.

                  Project details

                  altdns is written in Python.

                  Strengths and weaknesses

                  • + More than 500 GitHub stars
                  • + The source code of this software is available

                    Typical usage

                    • Reconnaissance
                    • Subdomain discovery
                    • Subdomain enumeration

                    altdns review

                    85

                    detectem

                    Introduction

                    Detectem can be a good early vulnerability detection system. By scanning regularly the dependencies of web applications, old versions of tools can be detected and upgraded. This tool is also helpful for penetration tests to find out what kind of software components are used.

                    Project details

                    detectem is written in Python.

                    Strengths and weaknesses

                    • + The source code of this software is available

                      Typical usage

                      • Application security
                      • Application testing
                      • Reconnaissance
                      • Vulnerability scanning

                      detectem review

                      60

                      dirsearch

                      Introduction

                      Dirsearch is a tool to guide security professionals to find possible information leaks or sensitive data. It does this by looking for directory and file names.

                      Project details

                      dirsearch is written in Python.

                      Strengths and weaknesses

                      • + More than 10 contributors
                      • + More than 500 GitHub stars
                      • + The source code of this software is available

                        Typical usage

                        • Information gathering
                        • Penetration testing
                        • Security assessment

                        dirsearch review

                        64

                        DirSearch (Go)

                        Introduction

                        DirSearch is a Go implementation of the original dirsearch tool written by Mauro Soria. It is used to discover directories by using common names and guessing (fuzzing).

                        Project details

                        DirSearch (Go) is written in Golang.

                        Strengths and weaknesses

                        • + The source code of this software is available

                          Typical usage

                          • Information gathering
                          • Penetration testing
                          • Security assessment

                          DirSearch (Go) review

                          56

                          domain

                          Introduction

                          Domain is a Python script written by Jason Haddix to combine the tools Recon-ng and altdns. It allows to use the two tool one multiple domains within the same session.

                          Project details

                          domain is written in Python.

                          Strengths and weaknesses

                          • + More than 500 GitHub stars
                          • + The source code of this software is available
                          • - Unknown project license

                          Typical usage

                          • Subdomain enumeration

                          domain review

                          84

                          Fierce

                          Introduction

                          Fierce is a security tool that helps with DNS reconnaissance. It can locate non-contiguous IP space, but using DNS information.

                          Project details

                          Fierce is written in Python.

                          Strengths and weaknesses

                          • + The source code of this software is available

                            Typical usage

                            • Information gathering
                            • Reconnaissance
                            • Security assessment

                            Fierce review

                            74

                            LinEnum

                            Introduction

                            LinEnum is one of the tools that can help with automating penetration tests. It performs a discovery on the environment it runs in and tries finding weaknesses to allow privilege escalation.

                            Project details

                            LinEnum is written in shell script.

                            Strengths and weaknesses

                            • + Very low number of dependencies
                            • + The source code of this software is available
                            • + Well-known tool

                              Typical usage

                              • Penetration testing
                              • Privilege escalation
                              • System enumeration

                              LinEnum review

                              60

                              massh-enum

                              Introduction

                              Massh-enum is a user enumeration tool for OpenSSH with the goal to find valid usernames. This can be useful during penetration tests or security assessments. The usernames can be valuable to brute-force or may be used on different locations within a network.

                              Project details

                              massh-enum is written in Python, shell script.

                              Strengths and weaknesses

                              • + The source code is easy to read and understand
                              • + Tool is easy to use
                              • + The source code of this software is available
                              • - Minimal or no documentation available

                              Typical usage

                              • Information gathering
                              • User enumeration

                              massh-enum review

                              89

                              O-Saft

                              Introduction

                              O-Saft is the abbreviation for OWASP SSL advanced forensic tool.

                              Project details

                              O-Saft is written in Perl.

                              Strengths and weaknesses

                              • + The source code of this software is available

                                Typical usage

                                • Information gathering
                                • Penetration testing
                                • Security assessment
                                • Vulnerability scanning
                                • Web application analysis

                                O-Saft review

                                63

                                Oscanner

                                Introduction

                                The tool has a plugin-based architecture for enumeration purposes of Oracle installations.

                                • Sid enumeration
                                • Passwords tests (common & dictionary)
                                • Enumerate Oracle version
                                • Enumerate account roles
                                • Enumerate account privileges
                                • Enumerate account hashes
                                • Enumerate audit information
                                • Enumerate password policies
                                • Enumerate database links

                                Project details

                                Oscanner is written in Java.

                                Strengths and weaknesses

                                • + The source code of this software is available

                                  Oscanner review

                                  64

                                  RootHelper

                                  Introduction

                                  RootHelper is a small script to retrieve several enumeration and privilege escalation tools. It can be used during penetration testing.

                                  Project details

                                  RootHelper is written in shell script.

                                  Strengths and weaknesses

                                  • + Used language is shell script
                                  • + The source code of this software is available

                                    Typical usage

                                    • Penetration testing
                                    • Privilege escalation
                                    • Security assessment

                                    RootHelper review

                                    78

                                    Sn1per

                                    Introduction

                                    Sn1per is security scanner that can be used during a penetration test to enumerate and scan for vulnerabilities.

                                    Project details

                                    Sn1per is written in Python, shell script.

                                    Strengths and weaknesses

                                    • + More than 10 contributors
                                    • + More than 1000 GitHub stars
                                    • + The source code of this software is available
                                    • - Unknown project license

                                    Typical usage

                                    • Penetration testing
                                    • Reconnaissance

                                    Sn1per review

                                    60

                                    SubBrute (subdomain-bruteforcer)

                                    Introduction

                                    SubBrute is a DNS meta-query spider that enumerates DNS records and subdomains. This can be useful during penetration tests and security assessments.

                                    Project details

                                    SubBrute is written in Python.

                                    Strengths and weaknesses

                                    • + More than 1000 GitHub stars
                                    • + The source code of this software is available
                                    • - Full name of author is unknown

                                    Typical usage

                                    • Information gathering
                                    • Penetration testing
                                    • Security assessment

                                    SubBrute review

                                    60

                                    Sublist3r

                                    Introduction

                                    Sublist3r helps penetration testers and bug hunters collect and gather subdomains for the domain they are targeting.

                                    Project details

                                    Sublist3r is written in Python.

                                    Strengths and weaknesses

                                    • + More than 2000 GitHub stars
                                    • + The source code of this software is available

                                      Sublist3r review

                                      Some relevant tool missing as an alternative to SMBMap? Please contact us with your suggestion.