XRay alternatives

DataSploit is a framework to perform intelligence gathering to discover credentials, domain information, and other information related to the target. It uses various reconnaissance techniques on companies, people, phone numbers, and even cryptocoin technology. It allows aggregating all raw data and return it in multiple formats.

The OSINT framework provides a collection of tools to gather and parse public data. The tool is web-based and makes it easy to find tools for a particular task.

OSINT-SPY is a modular tool to query information on different subjects like an IP address, domain, email address, or even Bitcoin address. This tool can be valuable during the reconnaissance phase of a penetration test. It can be used also for defenses purpose, like learning what information is publically available about your organization and its assets.

SpiderFoot can be used offensively during penetration tests, or defensively to learn what information is available about your organization.

Intrigue Core provides a framework to measure the attack surface of an environment. This includes discovering infrastructure and applications, performing security research, and doing vulnerability discovery.

Intrigue also allows enriching available data and perform OSINT research (open source intelligence). The related scans include DNS subdomain brute-forcing, email harvesting, IP geolocation, port scanning, and using public search engines like Censys, Shodan, and Bing.

ThreatPinch helps to speed up collecting information from common resources like CVE databases or public WHOIS data. As it works from the browser, it is a helpful addition for people who have to perform forensics, security monitoring, or system administration. For example, getting the owner of a domain and IP address becomes almost instant knowledge.

Especially open source developers may share their code in a public repository like GitHub. This is a great way to collaborate between the developer(s) and the community. The risk of sharing code is that sensitive data is part of the repository and uploaded by accident. GitRob helps to detect this kind of accidental leaks.

This OSINT framework allows combining sources and provide data in different formats (web interface, API, command line).

This tool is a typical information collection tool to retrieve public data and get it all into one place. It is useful for penetration tests, or if you want to see what is available for your company.

The main purpose to use HELK is to do analytic research on data, which are typically the events coming from your systems. Suspicious events could be discovered by doing so-called threat hunting. It may give additional insights about the existing infrastructure and required security defenses.

MISP collects, stores, and distributes security indicators and discovered threats. This makes the platform useful for those involved with security incidents and malware research. Users benefit from having a well-tested platform to structure the vast number of data points available when it comes to security threats. The tooling allows interaction with other tools, like security incident and event management (SIEM) and intrusion detection systems (IDS).

Sqhunter is a security tool to find known and unknown threats within your network. The goal is to find possible adversaries within your network by doing specific queries. The tool uses data from osquery, Salt Open, and the Cymon API.