SHODAN alternatives

  • ZoomEye

  • ZoomEye is a search engine for Cyberspace

    tags: search-engine search-by-device
  • Zed Attack Proxy

  • The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications.It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing.ZAP provides automated scanners as well as a set of tools that allow you to find security vulnerabilities manually.

    tags: fuzzer owasp penetration-testing proxy sql-injection
  • Censys

  • Censys is a search engine that enables researchers to ask questions about the hosts and networks that compose the Internet. Censys collects data on hosts and websites through daily ZMap and ZGrab scans of the IPv4 address space, in turn maintaining a database of how hosts and websites are configured. Researchers can interact with this data through a search interface, report builder, and SQL engine.

    tags: search-engine vulnerability-scanner open-source-cms scan-for-vulnerabilities vulnerability-scan
  • Nikto

  • Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 6400 potentially dangerous files/CGIs, checks for outdated versions of over 1000 servers, and version specific problems on over 270 servers.

    tags: security-utilities vulnerability vulnerability-scanner
  • IVRE

  • IVRE, a network recon framework.

    tags: internet-of-things-feature ip-address ip-addresses-informations network-analyzer network-monitoring
  • Nessus

  • The Nessus vulnerability scanner is the world-leader in active scanners, featuring high-speed discovery, configuration auditing, asset profiling, sensitive data discovery and vulnerability analysis of your security posture. Nessus scanners can be distributed throughout an entire enterprise, inside DMZs and across physically separate networks.

    tags: port-scanner vulnerability-scanner
  • OpenVAS

  • The Open Vulnerability Assessment System (OpenVAS) is a framework of several services and tools offering a comprehensive and powerful vulnerability scanning and vulnerability management solution.

    tags: vulnerability-scanner
  • w3af

  • w3af is a Web Application Attack and Audit Framework

    tags: web-application-security web-security-scanner web-application-scanner web-hacking
  • PunkSPIDER

  • PunkSPIDER is a global-reaching web application vulnerability search engine. The goal is to allow the user to determine vulnerabilities across the Internet quickly, easily, and intuitively.

    tags: hacking scada search-engine vulnerability-scanner
  • Arachni

  • Arachni is an Open Source, feature-full, modular, high-performance Ruby framework aimed towards helping penetration testers and administrators evaluate the security of web applications.

    tags: web-security xss sql-injection web-security-scanner web-application-scanner
  • Acunetix

  • Audit your website security and web applications for SQL injection, Cross site scripting and other web vulnerabilities with Acunetix Web Security Scanner. Download Free Edition!

    tags: website-security
  • IronWASP

  • IronWASP (Iron Web application Advanced Security testing Platform) is an open source system for web application vulnerability testing. It is designed to be customizable to the extent where users can create their own custom security scanners using it. Though an advanced user with Python/Ruby scripting expertise would be able to make full use of the platform, a lot of the tool's features are simple enough to be used by absolute beginners.

    tags: internet-security penetration-testing web-application
  • skipfish

  • A fully automated, active web application security reconnaissance tool. Key features: High speed: pure C code, highly optimized HTTP handling, minimal CPU footprint - easily achieving 2000 requests per second with responsive targets. Ease of use: heuristics to support a variety of quirky web frameworks and mixed-technology sites, with automatic learning capabilities, on-the-fly wordlist creation, and form autocompletion.

    tags: Discontinued command-line-interface vulnerability-scanner heuristic-detection reconnaissance
  • wapiti

  • Wapiti allows you to audit the security of your web applications. Wapiti is a command line tool.

    tags: command-line-interface security-focused web-application-scanner web-application-security web-hacking