Sn1per alternatives

Looking for a better tool, or simply want to learn about alternatives? There is typically more than one option.

Alternatives (by tag)

64

Alternative: AutoNessus (autonessus)

The AutoNessus tool helps with automating vulnerability scans via the Nessus API. It lists policies and can configure the state of scans.

This tool is useful to time scans, for example by having it run outside of business hours, and stop when the day starts.

Note: originally another tool was named AutoNessus. That is now Seccubus.

Project details

AutoNessus is written in Python.

Strengths

  • + The source code of this software is available

Weaknesses

  • - No releases on GitHub available

Typical usage

  • vulnerability scanning

AutoNessus project page

97

Alternative: Cuckoo Sandbox (cuckoo)

Cuckoo Sandbox is a malware analysis system. By feeding it suspicious files, Cuckoo can provide detailed findings on what a file did and how it behaved.

In a matter of seconds, Cuckoo Sandbox provides detailed results on what a file does within an isolated environment. This helps with malware analysis and understanding what it exactly tries to achieve. Further analysis can be done, based on the previous actions that were done.

Cuckoo Sandbox was created by Claudio Guarnieri as part of the Google Summer of Code project in 2010.

Project details

Cuckoo Sandbox is written in Python.

Strengths

  • + More than 2000 GitHub stars
  • + The source code of this software is available

Weaknesses

  • - Many provided pull requests are still open
  • - Many reported issues are still open

Typical usage

  • digital forensics
  • malware analysis

Cuckoo Sandbox project page

60

Alternative: InstaRecon

InstaRecon is a security tool that can help with the reconnaissance phase of a penetration test. It can collect a number of data points with limited input.

Project details

InstaRecon is written in Python.

Strengths

  • + The source code of this software is available

Typical usage

  • penetration test
  • reconnaissance

InstaRecon project page

97

Alternative: Seccubus

Seccubus automates vulnerability scanning with support for Nessus, OpenVAS, NMap, SSLyze, Medusa, SkipFish, OWASP ZAP, and SSLlabs.

Supported engines and tools:

  • Nessus
  • OpenVAS
  • Nmap
  • Nikto
  • Medusa
  • Qualys SSL labs
  • SkipFish
  • SSLyze
  • testssl.sh
  • ZAP

70

Alternative: Viper

Viper is a binary analysis and management framework for security researchers. It provides a way to organization your collection of malware samples and exploits.

Viper organizes the malware samples and exploits you found over time. It calls itself "Metasploit for malware researchers". Viper has a terminal interface to store, search and analyze files. As it is a framework, is also allows you to create your plugins.

97

Alternative: detectem

Detectem can scan web applications and detect used software components like jQuery, Apache middleware, and others.

Project details

detectem is written in Python.

Strengths

  • + The source code of this software is available

Typical usage

  • application security
  • application testing
  • reconnaissance
  • vulnerability scanning

detectem project page

85

Alternative: dirsearch

Dirsearch is a tool to guide security professionals to find possible information leaks or sensitive data. It does this by looking for directory and file names.

Project details

dirsearch is written in Python.

Strengths

  • + More than 10 contributors
  • + More than 500 GitHub stars
  • + The source code of this software is available

Typical usage

  • information gathering
  • penetration test
  • security assessment

dirsearch project page

64

Alternative: DirSearch (Go)

DirSearch is a scanning tool to find directories and files on web applications. It is a remake of the dirsearch tool that was created by Mauro Soria.

Project details

DirSearch (Go) is written in Golang.

Strengths

  • + The source code of this software is available

Typical usage

  • information gathering
  • penetration test
  • security assessment

DirSearch (Go) project page

84

Alternative: Fierce

Fierce is a security tool that helps with DNS reconnaissance. It can locate non-contiguous IP space, but using DNS information.

Project details

Fierce is written in Python.

Strengths

  • + The source code of this software is available

Typical usage

  • information gathering
  • reconnaissance
  • security assessment

Fierce project page

63

Alternative: keimpx

The keimpx security tool can be used to check for valid credentials across a network. It uses the SMB protocol, typically used on Microsoft Windows and others.

Project details

keimpx is written in Python.

Strengths

  • + The source code of this software is available

Typical usage

  • penetration test
  • security assessment

keimpx project page

97

Alternative: O-Saft

O-Saft is a security tool to show information about SSL certificates. It tests the SSL connection with the given list of ciphers and configuration.

O-Saft is the abbreviation for OWASP SSL advanced forensic tool.

Project details

O-Saft is written in Perl.

Strengths

  • + The source code of this software is available

Typical usage

  • information gathering
  • penetration test
  • security assessment
  • vulnerability scanning
  • web application analysis

O-Saft project page

52

Alternative: Oscanner

Oscanner is an Oracle assessment framework to perform enumeration on Oracle installations. It is written in Java and provides a graphical overview of findings.

The tool has a plugin-based architecture for enumeration purposes of Oracle installations.

  • Sid enumeration
  • Passwords tests (common & dictionary)
  • Enumerate Oracle version
  • Enumerate account roles
  • Enumerate account privileges
  • Enumerate account hashes
  • Enumerate audit information
  • Enumerate password policies
  • Enumerate database links

Project details

Oscanner is written in Java.

Strengths

  • + The source code of this software is available

Oscanner project page

68

Alternative: RootHelper

RootHelper is a small script to retrieve several enumeration and privilege escalation tools. It can be used during penetration testing.

Project details

RootHelper is written in shell script.

Strengths

  • + Used language is shell script
  • + The source code of this software is available

Typical usage

  • penetration test
  • privilege escalation
  • security assessment

RootHelper project page

60

Alternative: SubBrute (subdomain-bruteforcer)

SubBrute is a DNS meta-query spider that enumerates DNS records and subdomains. This can be useful during penetration tests and security assessments.

Project details

SubBrute is written in Python.

Strengths

  • + More than 1000 GitHub stars
  • + The source code of this software is available

Weaknesses

  • - Full name of author is unknown

Typical usage

  • information gathering
  • penetration test
  • security assessment

SubBrute project page

56

Alternative: Subdomino

Subdomino is a tool to perform enumeration on domain names. It can be used to detect and scan hostnames and subdomains.

Project details

Subdomino is written in Python.

Strengths

  • + The source code of this software is available

Weaknesses

  • - Full name of author is unknown
  • - Unknown project license

Typical usage

  • information gathering
  • penetration test

Subdomino project page

60

Alternative: tlsenum

The CLI tool tlsenum attempts to enumerate what TLS cipher suites a server supports and then list them in order of priority.

This tool works by sending out sending out TLS ClientHello messages. Any ServerHello responses from the server are parsed. It assumes that the server is the one which decides the preferred cipher suite, giving an idea on the available ciphers.

Project details

tlsenum is written in Python.

Strengths

  • + The source code of this software is available

Typical usage

  • information gathering
  • security assessment
  • system hardening

tlsenum project page

64

Alternative: wafw00f

wafw00f is a security tool to perform fingerprinting on web applications and detect any web application firewall in use.

Project details

wafw00f is written in Python.

Strengths

  • + The source code of this software is available

Typical usage

  • information gathering
  • penetration test
  • reconnaissance
  • security assessment

wafw00f project page

64

Alternative: weblocator

The weblocator security tool performs a discovery search to find directories and files. This can be useful for penetration tests to find sensitive data.

Project details

weblocator is written in Python.

Strengths

  • + The source code of this software is available

Typical usage

  • information gathering
  • penetration test
  • security assessment

weblocator project page

56

Alternative: wp_enum

The wp_enum tool helps with the discovery of WordPress users and accounts.

This utility enumerates the available identities on a WordPress installation.

84

Alternative: APT2 (apt2)

APT2 is a tool written by Adam Compton and Austin Lane to help pentesters automate mundane scanning tasks. It leverages scan results from Nexpose, Nessus, or Nm

APT2 stands for Automated Penetration Testing Toolkit.

APT2 performs a scan with Nmap or can import the results of a scan from Nexpose or Nessus. The processed results will be used in the second phase. This phase launches exploit and enumeration modules. It helps pentesters to automate assessments and tasks.

Suggested components to have installed: convert, dirb, hydra, java, john, ldapsearch, msfconsole, nmap, nmblookup, phantomjs, responder, rpcclient, secretsdump.py, smbclient, snmpwalk, sslscan, xwd

Project details

APT2 is written in Python.

Strengths

  • + The source code of this software is available

Typical usage

  • penetration test
  • security assessment

APT2 project page

74

Alternative: BeEF

The Browser Exploitation Framework (or BeEF) is a penetration testing tool that focuses on the web browser.

BeEF is used by penetration testers to assess the security of a system by leveraging the web browser. This makes the tool different to many other tools, as it ignores the security on network or system level. It uses command modules from within the web browser to perform requested attacks against the system.

100

Alternative: Faraday

Faraday is collaboration tool for pentest assignments and vulnerability management. It allows integration with a number of other security tools.

Project details

Faraday is written in Python.

Strengths

  • + Commercial support available
  • + More than 1000 GitHub stars
  • + The source code of this software is available

Typical usage

  • collaboration
  • penetration test
  • security assessment
  • vulnerability scanning

Faraday project page

78

Alternative: Metasploit Framework

Metasploit is a framework that consists of tools to perform security assignments. It focuses on the offensive side of security and leverages exploit modules.

Project details

Metasploit Framework is written in Ruby.

Strengths

  • + More than 400 contributors
  • + More than 9000 stars
  • + Many maintainers
  • + The source code of this software is available
  • + Supported by a large company
  • + Well-known tool

Typical usage

  • penetration test
  • security assessment
  • vulnerability scanning

Metasploit Framework project page

88

Alternative: OWTF (Offensive Web Testing Framework)

The OWTF project (Offensive Web Testing Framework) unites tools for penetrating testing. Most parts are written in Python.

OWTF is short for Offensive Web Testing Framework and it is one of the many OWASP projects to improve security.

Project details

OWTF is written in Python.

Strengths

  • + More than 25 contributors
  • + More than 500 GitHub stars
  • + The source code of this software is available

Typical usage

  • penetration test
  • security assessment

OWTF project page

56

Alternative: p0f

P0f is a security tool that utilizes passive traffic fingerprinting mechanisms to identify the systems behind any incidental TCP/IP communications.

This tool is a great addition to nmap, especially if that reveals not reliable data or none at all. Due to the passive way of working, it won't be detected nor influences any connection.

- Version 3 of p0f is a full rewrite
- The idea for p0f dates back to June 10, 2000
- Tool can run in foreground or as a daemon process

Common uses for p0f include reconnaissance during penetration tests; routine network monitoring; detection of unauthorized network interconnects in corporate environments; providing signals for abuse-prevention tools; and miscellaneous forensics.

Project details

Strengths

  • + Project is mature (10+ years)
  • + The source code of this software is available
  • + Well-known tool

p0f project page

96

Alternative: SearchSploit

Exploit-DB's CLI search tool to find any exploits from the database. The tool is written in shell script and maintained by Offensive Security.

Project details

SearchSploit is written in shell script.

Strengths

  • + Used language is shell script

Weaknesses

  • - Full name of author is unknown

Typical usage

  • information gathering
  • penetration test

SearchSploit project page

56

Alternative: 0trace

0trace is a reconnaissance tool to enable hop enumeration within an existing TCP connection. It can be used to bypass firewalls.

Project details

0trace is written in C, shell script.

Strengths

  • + The source code of this software is available

Typical usage

  • penetration test

0trace project page

59

Alternative: 0trace.py

The 0trace.py utility is a rewrite of 0trace (by another author) to perform reconnaissance and bypass network firewalls.

This security tool enables the user to perform hop enumeration (similar to traceroute). Instead of sending actual packets, it uses an established TCP connection.

64

Alternative: CMSmap

CMSmap is a security tool to perform reconnaissance on a web target. It helps with the detection of several popular content management systems (CMS).

Project details

CMSmap is written in Python.

Strengths

  • + The source code of this software is available

Typical usage

  • application testing
  • information gathering
  • vulnerability scanning
  • web application analysis

CMSmap project page

89

Alternative: DataSploit

DataSploit is a framework to perform intelligence gather to discover credentials, domain information, and other information related to the target.

Project details

DataSploit is written in Python.

Strengths

  • + The source code of this software is available

Typical usage

  • information gathering
  • security monitoring

DataSploit project page

84

Alternative: Gitem

Gitem is a reconnaissance tool to extract information about organizations on GitHub. It can be used to find the leaking of sensitive data.

Project details

Gitem is written in Python.

Strengths

  • + The source code of this software is available

Typical usage

  • information gathering
  • security assessment
  • security monitoring
  • self-assessment

Gitem project page

100

Alternative: IVRE

IVRE is a framework to perform reconnaissance for network traffic. It leverages other tools to pull in the data and show it in the web interface.

Project details

IVRE is written in Python.

Strengths

  • + The source code of this software is available

Weaknesses

  • - More than 10 contributors
  • - More than 500 GitHub stars

Typical usage

  • digital forensics
  • information gathering
  • intrusion detection
  • network analysis

IVRE project page

52

Alternative: Recon-ng

Recon-ng is a full-featured web reconnaissance framework. It is written in Python and modular, useful for penetrating tests and security assessments.

Project details

Recon-ng is written in Python.

Strengths

  • + The source code of this software is available

Typical usage

  • collaboration
  • information gathering
  • information sharing
  • security assessment

Recon-ng project page

97

Alternative: SpiderFoot

SpiderFoot is an open source intelligence automation tool (OSINT). It automates the process of gathering intelligence, like IP addresses, domains, and networks.

SpiderFoot can be used offensively during penetration tests, or defensively to learn what information is available about your organization.

Project details

SpiderFoot is written in Python.

Strengths

  • + The source code of this software is available

Typical usage

  • information gathering

SpiderFoot project page

74

Alternative: YASAT

YASAT describes itself as another simple stupid audit tool to test Linux systems. It has many tests for checking the security configuration of the system.

The YASAT tool performs a system scan to detect configuration issues and possible improvements for hardening the system.

Project details

YASAT is written in shell script.

Strengths

  • + Used language is shell script

Weaknesses

  • - No updates for a while

Typical usage

  • IT audit
  • security assessment

YASAT project page