SubBrute alternatives

Looking for a better tool, or simply want to learn about alternatives? There is typically more than one option.

Alternatives (by tag)

64

Alternative: aiodnsbrute (Async DNS Brute)

Async DNS Brute, or aiodnsbrute, is a security tool to help with resolving many DNS entries and the related discovery.

Project details

aiodnsbrute is written in Python.

Strengths

  • + Very low number of dependencies
  • + The source code of this software is available

Typical usage

  • network scanning
  • penetration test

aiodnsbrute project page

63

Alternative: DNSChef

DNSChef is a highly configurable DNS proxy for penetration testers and malware analysts

68

Alternative: dnsteal

The dnsteal tool can be used to stealthily send data over DNS requests. It may be used to test data loss prevention (DLP) tools.

Project details

dnsteal is written in Python.

Strengths

  • + The source code of this software is available

Weaknesses

  • - Full name of author is unknown

Typical usage

  • application security
  • data hiding

dnsteal project page

84

Alternative: Fierce

Fierce is a security tool that helps with DNS reconnaissance. It can locate non-contiguous IP space, but using DNS information.

Project details

Fierce is written in Python.

Strengths

  • + The source code of this software is available

Typical usage

  • information gathering
  • reconnaissance
  • security assessment

Fierce project page

68

Alternative: QuickScan

QuickScan is a simple port scanning utility with additional abilities like resolving. It has a built-in WHOIS lookups, among other supporting features.

Project details

QuickScan is written in Python.

Strengths

  • + Very low number of dependencies
  • + The source code of this software is available

Weaknesses

  • - No releases on GitHub available
  • - Full name of author is unknown

Typical usage

  • network scanning

QuickScan project page

97

Alternative: detectem

Detectem can scan web applications and detect used software components like jQuery, Apache middleware, and others.

Project details

detectem is written in Python.

Strengths

  • + The source code of this software is available

Typical usage

  • application security
  • application testing
  • reconnaissance
  • vulnerability scanning

detectem project page

84

Alternative: dirsearch

Dirsearch is a tool to guide security professionals to find possible information leaks or sensitive data. It does this by looking for directory and file names.

Project details

dirsearch is written in Python.

Strengths

  • + More than 10 contributors
  • + More than 500 GitHub stars
  • + The source code of this software is available

Typical usage

  • information gathering
  • penetration test
  • security assessment

dirsearch project page

64

Alternative: DirSearch (Go)

DirSearch is a scanning tool to find directories and files on web applications. It is a remake of the dirsearch tool that was created by Mauro Soria.

Project details

DirSearch (Go) is written in Golang.

Strengths

  • + The source code of this software is available

Typical usage

  • information gathering
  • penetration test
  • security assessment

DirSearch (Go) project page

63

Alternative: keimpx

The keimpx security tool can be used to check for valid credentials across a network. It uses the SMB protocol, typically used on Microsoft Windows and others.

Project details

keimpx is written in Python.

Strengths

  • + The source code of this software is available

Typical usage

  • penetration test
  • security assessment

keimpx project page

96

Alternative: O-Saft

O-Saft is a security tool to show information about SSL certificates. It tests the SSL connection with the given list of ciphers and configuration.

O-Saft is the abbreviation for OWASP SSL advanced forensic tool.

Project details

O-Saft is written in Perl.

Strengths

  • + The source code of this software is available

Typical usage

  • information gathering
  • penetration test
  • security assessment
  • vulnerability scanning
  • web application analysis

O-Saft project page

63

Alternative: Oscanner

Oscanner is an Oracle assessment framework to perform enumeration on Oracle installations. It is written in Java and provides a graphical overview of findings.

The tool has a plugin-based architecture for enumeration purposes of Oracle installations.

  • Sid enumeration
  • Passwords tests (common & dictionary)
  • Enumerate Oracle version
  • Enumerate account roles
  • Enumerate account privileges
  • Enumerate account hashes
  • Enumerate audit information
  • Enumerate password policies
  • Enumerate database links

Project details

Oscanner is written in Java.

Strengths

  • + The source code of this software is available

Oscanner project page

68

Alternative: RootHelper

RootHelper is a small script to retrieve several enumeration and privilege escalation tools. It can be used during penetration testing.

Project details

RootHelper is written in shell script.

Strengths

  • + Used language is shell script
  • + The source code of this software is available

Typical usage

  • penetration test
  • privilege escalation
  • security assessment

RootHelper project page

78

Alternative: Sn1per

Sn1per is security scanner that can be used during a penetration test to enumerate and scan for vulnerabilities.

Project details

Sn1per is written in Python, shell script.

Strengths

  • + More than 10 contributors
  • + More than 1000 GitHub stars
  • + The source code of this software is available

Weaknesses

  • - Unknown project license

Typical usage

  • penetration test
  • reconnaissance

Sn1per project page

56

Alternative: Subdomino

Subdomino is a tool to perform enumeration on domain names. It can be used to detect and scan hostnames and subdomains.

Project details

Subdomino is written in Python.

Strengths

  • + The source code of this software is available

Weaknesses

  • - Full name of author is unknown
  • - Unknown project license

Typical usage

  • information gathering
  • penetration test

Subdomino project page

60

Alternative: tlsenum

The CLI tool tlsenum attempts to enumerate what TLS cipher suites a server supports and then list them in order of priority.

This tool works by sending out sending out TLS ClientHello messages. Any ServerHello responses from the server are parsed. It assumes that the server is the one which decides the preferred cipher suite, giving an idea on the available ciphers.

Project details

tlsenum is written in Python.

Strengths

  • + The source code of this software is available

Typical usage

  • information gathering
  • security assessment
  • system hardening

tlsenum project page

64

Alternative: wafw00f

wafw00f is a security tool to perform fingerprinting on web applications and detect any web application firewall in use.

Project details

wafw00f is written in Python.

Strengths

  • + The source code of this software is available

Typical usage

  • information gathering
  • penetration test
  • reconnaissance
  • security assessment

wafw00f project page

64

Alternative: weblocator

The weblocator security tool performs a discovery search to find directories and files. This can be useful for penetration tests to find sensitive data.

Project details

weblocator is written in Python.

Strengths

  • + The source code of this software is available

Typical usage

  • information gathering
  • penetration test
  • security assessment

weblocator project page

78

Alternative: WhatWeb

WhatWeb is a security tool written in Ruby to fingerprint web applications. It helps with detecting what software is used for a particular web application.

Project details

WhatWeb is written in Ruby.

Strengths

  • + More than 25 contributors
  • + More than 1000 GitHub stars
  • + The source code of this software is available

Weaknesses

  • - No releases on GitHub available

Typical usage

  • reconnaissance
  • web application analysis

WhatWeb project page

56

Alternative: wp_enum

The wp_enum tool helps with the discovery of WordPress users and accounts.

This utility enumerates the available identities on a WordPress installation.