30 open-source projects similar to dionach/cmsmap, ranked by how many features they have in common. Compare stars, activity and what each one does to find the best CMSmap alternative.
WPScan is a security analysis utility and vulnerability scanner designed specifically for auditing WordPress installations and other content management systems. It functions as a web application security tool that identifies misconfigurations, outdated software, and security holes in core installations, plugins, and themes. The tool employs black-box scanning techniques to perform site component enumeration, identifying users, themes, and plugins by matching known file paths and response signatures. It matches these detected components against a database of known security flaws to analyze the
XSStrike is an automated security scanning engine designed for web application discovery, input
Nikto is an open-source HTTP security auditing tool and web server vulnerability scanner. It functions as a reconnaissance engine designed to identify insecure server options, outdated software, and common vulnerabilities by analyzing HTTP responses. The project differentiates itself through capabilities for intrusion detection evasion and web server fingerprinting. It uses request-level encoding and timing spacers to bypass security filters and employs signature-based identification to determine specific server software versions and misconfigurations. The scanner covers broad capability are
w3af is a web penetration testing suite and security audit framework designed to identify and exploit vulnerabilities in web applications. It functions as a vulnerability scanner that crawls targets to find injection points and a fuzzer used to discover hidden endpoints and test input validation. The project distinguishes itself by providing an intercepting HTTP proxy for capturing and modifying traffic, combined with a knowledge-base driven exploitation system. It enables the execution of security exploits to gain remote shell access and supports post-exploitation activities, such as routing
All-in-one plugin for Burp Suite for the detection and the exploitation of Java deserialization vulnerabilities
WRecon, is a tool for the recognition of vulnerabilities and blackbox information for wordpress.
Striker is an offensive information and vulnerability scanner.
RouterSploit is an embedded device exploitation framework and vulnerability scanner designed to identify and exploit security flaws in networked embedded hardware and firmware. It provides a centralized toolkit for scanning for known weaknesses and common misconfigurations to gain unauthorized system access. The framework includes an architecture-specific payload generator to create custom binary payloads tailored to the target hardware. It also features an automated brute force tool that uses dictionary-based credential guessing to bypass authentication on hardware devices. The tool covers
jexboss is a Java deserialization exploit framework and network vulnerability scanner designed to identify and exploit deserialization flaws to achieve remote code execution on target servers. It functions as a suite of tools for delivering payloads and executing system commands on vulnerable remote applications. The project includes a reverse shell orchestrator to establish and maintain persistent remote command connections from exploited targets back to a listener. It also provides post-exploitation automation for managing remote access and updating software on compromised systems. The fra
Trivy is a comprehensive security scanner designed to identify vulnerabilities and misconfigurations across container images, filesystems, and infrastructure as code files. It functions as a software composition analysis tool and an infrastructure security scanner, providing automated checks for CI/CD pipelines and cloud environments to ensure the integrity of the software supply chain. The tool distinguishes itself through a modular, plugin-based architecture that allows for the independent inspection of diverse targets. It utilizes a declarative policy engine to evaluate configurations agai
Arachni is a dynamic application security testing vulnerability scanner and web application security tool. It functions as a distributed web audit framework that performs active and passive audits to identify security flaws such as SQL injection and cross-site scripting. The project features a JavaScript-aware web crawler that executes scripts and monitors DOM changes to analyze modern dynamic web applications. It utilizes server platform fingerprinting to target compatible security payloads and provides a grid-based system to distribute scanning workloads across multiple nodes. The tool cov
HTTP Request Smuggling Detection Tool
Burp Suite plugin identifies insertion points for GWT (Google Web Toolkit) requests
Burp Suite extension to passively scan for applications revealing server error messages
Burp extension to passively scan for applications revealing software version numbers
Probe endpoints consuming Java serialized objects to identify classes, libraries, and library versions on remote Java classpaths.
Burp extension to scan Log4Shell (CVE-2021-44228) vulnerability pre and post auth.
This is an exploit for the CVE-2021-3156 sudo vulnerability (dubbed Baron Samedit by Qualys).