Yasuo alternatives

Looking for a better tool, or simply want to learn about alternatives? There is typically more than one option.

Alternatives (by tag)

96

Alternative: Arachni

Web Application Security Scanner aimed towards helping users evaluate the security of web applications

Arachni is framework written in Ruby with focus on evaluating the security of web applications. Typical users include security professionals and system administrators.

The tooling is free and open source. Besides Linux, it also runs on macOS and Microsoft Windows.

Project details

Arachni is written in Ruby.

Strengths

  • + More than 1000 GitHub stars
  • + The source code of this software is available

Typical usage

  • penetration test
  • security assessment
  • web application analysis

Arachni project page

97

Alternative: Commix

Commit is a security tool to test web applications and find vulnerabilities related to command injection attacks. It can be used during security assignments.

Commix is short for COMMand Injection eXploiter.

Project details

Commix is written in Python.

Strengths

  • + More than 10 contributors
  • + More than 1000 GitHub stars
  • + The source code of this software is available

Commix project page

85

Alternative: django-axes

Django-axes is a reusable app for Django to limit the brute force login attempts for your web application.

Project details

django-axes is written in Python.

Strengths

  • + More than 50 contributors
  • + The source code of this software is available

Typical usage

  • application security

django-axes project page

64

Alternative: DorkNet

DorkNet helps with the discovery of vulnerable web apps. It is a script written in Python that leverages Selenium.

Project details

DorkNet is written in Python.

Strengths

  • + The source code of this software is available

Typical usage

  • security assessment
  • vulnerability scanning
  • web application analysis

DorkNet project page

84

Alternative: hsecscan (hsecscan)

hsecscan performs a security scan of a website and analyses any discovered HTTP headers. For each header, it will provide details and recommendations.

The hsecscan utility is written in Python and opens a connection (via HTTP or HTTPS) to the related web server. It will return all headers found and includes an explanation of what each header does. Any security recommendations are listed as well.

Project details

hsecscan is written in Python.

Strengths

  • + The source code of this software is available

Typical usage

  • information gathering
  • learning
  • penetration test
  • security assessment
  • web application analysis

hsecscan project page

64

Alternative: Jackhammer

Jackhammer is a collaboration tool to get security and developer teams together. Focus is on static code analysis and dynamic analysis vulnerability discovery.

The tool uses RBAC (Role Based Access Control) with different levels of access. Jackhammer uses several tools to do dynamic and static code analysis (e.g. for Java, Ruby, Python, and Nodejs). It checks also for vulnerabilities in libraries. Due to its modular architecture, it can use several scanners out of the box, with options to add your own.

The Jackhammer project was initially added to GitHub on the 8th of May, 2017.

Project details

Jackhammer is written in Ruby.

Strengths

  • + The source code of this software is available

Typical usage

  • collaboration
  • information sharing

Jackhammer project page

64

Alternative: Jawfish

Jawfish is a security tool to test web applications. It can find related exploits and update according to an internal database.

Project details

Jawfish is written in Python.

Strengths

  • + The source code of this software is available

Typical usage

  • penetration test
  • security assessment
  • vulnerability scanning
  • web application analysis

Jawfish project page

64

Alternative: Spaghetti

Spaghetti is a web vulnerability scanner to find flaws in common web applications and frameworks. It can perform fingerprinting and vulnerability discovery.

Project details

Spaghetti is written in Python.

Strengths

  • + The source code of this software is available

Typical usage

  • penetration test
  • vulnerability scanning
  • vulnerability testing

Spaghetti project page

74

Alternative: Suhosin

Suhosin is a security extension for PHP and consists of two parts that enhance PHP. It helps with protecting against known and unknown attacks.

Project details

Suhosin is written in C.

Strengths

  • + The source code of this software is available

Weaknesses

  • - Well-known tool

Typical usage

  • application security

Suhosin project page

64

Alternative: Susanoo

Susanoo is a security tool to test the security of a REST API. With this focus, it goes beyond the typical attack surface of a web application.

Project details

Susanoo is written in Python.

Strengths

  • + The source code of this software is available

Typical usage

  • API testing
  • application testing

Susanoo project page

56

Alternative: Admin Page Finder (PHP)

Admin Page Finder is a tool written in PHP to find admin sections within a website. It can be used during pentesting and security assessments.

Project details

Admin Page Finder (PHP) is written in PHP.

Strengths

  • + The source code of this software is available

Weaknesses

  • - Unknown project license

Typical usage

  • penetration test
  • reconnaissance

Admin Page Finder (PHP) project page

59

Alternative: BlindElephant

BlindElephant is a security tool to perform fingerprinting of web applications. It can discover the name and version of known web applications.

100

Alternative: ZAP (zaproxy)

The OWASP Zed Attack Proxy (ZAP) helps to find security vulnerabilities in web applications during development and testing.

ZAP is an intercepting proxy of web traffic. You will need to configure your browser to connect to the web application you wish to test through ZAP.

Note: Zed Attack Proxy, or ZAP, is also known as zaproxy.

Project details

ZAP is written in Java.

Strengths

  • + More than 50 contributors
  • + More than 2000 GitHub stars
  • + Many maintainers
  • + The source code of this software is available

Weaknesses

  • - Many reported issues are still open

Typical usage

  • penetration test
  • security assessment
  • software testing

ZAP project page