Alternatives and similar repositories for w3af

Users that are interested in w3af are comparing it to the libraries listed below

• Arachni / arachni

  View on GitHub
  Web Application Security Scanner Framework
  ☆3,996May 22, 2025Updated 8 months ago
• sullo / nikto

  View on GitHub
  Nikto web server scanner
  ☆10,065Feb 1, 2026Updated 2 weeks ago
• xmendez / wfuzz

  View on GitHub
  Web application fuzzer
  ☆6,411Jan 21, 2026Updated 3 weeks ago
• urbanadventurer / WhatWeb

  View on GitHub
  Next generation web scanner
  ☆6,406Oct 19, 2025Updated 3 months ago
• zaproxy / zaproxy

  View on GitHub
  The ZAP by Checkmarx Core project
  ☆14,751Updated this week
• sqlmapproject / sqlmap

  View on GitHub
  Automatic SQL injection and database takeover tool
  ☆36,602Feb 5, 2026Updated last week
• infobyte / faraday

  View on GitHub
  Open Source Vulnerability Management Platform
  ☆6,255Jan 26, 2026Updated 2 weeks ago
• EnableSecurity / wafw00f

  View on GitHub
  WAFW00F allows one to identify and fingerprint Web Application Firewall (WAF) products protecting a website.
  ☆6,157Jan 27, 2026Updated 2 weeks ago
• 1N3 / Sn1per

  View on GitHub
  Attack Surface Management Platform
  ☆9,386Jan 12, 2026Updated last month
• maurosoria / dirsearch

  View on GitHub
  Web path scanner
  ☆13,979Updated this week
• wpscanteam / wpscan

  View on GitHub
  WPScan WordPress security scanner. Written for security professionals and blog maintainers to test the security of their WordPress websit…
  ☆9,448Feb 9, 2026Updated last week
• s0md3v / XSStrike

  View on GitHub
  Most advanced XSS scanner.
  ☆14,735Apr 26, 2025Updated 9 months ago
• rapid7 / metasploit-framework

  View on GitHub
  Metasploit Framework
  ☆37,499Updated this week
• fuzzdb-project / fuzzdb

  View on GitHub
  Dictionary of attack patterns and primitives for black-box application fault injection and resource discovery.
  ☆8,810Nov 10, 2023Updated 2 years ago
• commixproject / commix

  View on GitHub
  Automated All-in-One OS Command Injection Exploitation Tool
  ☆5,624Feb 8, 2026Updated last week
• beefproject / beef

  View on GitHub
  The Browser Exploitation Framework Project
  ☆10,718Feb 9, 2026Updated last week
• codingo / NoSQLMap

  View on GitHub
  Automated NoSQL database enumeration and web application exploitation tool.
  ☆3,230Aug 26, 2025Updated 5 months ago
• aboul3la / Sublist3r

  View on GitHub
  Fast subdomains enumeration tool for penetration testers
  ☆10,802Aug 2, 2024Updated last year
• future-architect / vuls

  View on GitHub
  Agent-less vulnerability scanner for Linux, FreeBSD, Container, WordPress, Programming language libraries, Network devices
  ☆12,044Updated this week
• michenriksen / aquatone

  View on GitHub
  A Tool for Domain Flyovers
  ☆5,897May 22, 2022Updated 3 years ago
• byt3bl33d3r / CrackMapExec

  View on GitHub
  A swiss army knife for pentesting networks
  ☆9,056Dec 6, 2023Updated 2 years ago
• We5ter / Scanners-Box

  View on GitHub
  A powerful and open-source toolkit for hackers and security automation - 安全行业从业者自研开源扫描器合辑
  ☆8,818Oct 9, 2025Updated 4 months ago
• EmpireProject / Empire

  View on GitHub
  Empire is a PowerShell and Python post-exploitation agent.
  ☆7,798Jan 19, 2020Updated 6 years ago
• scipag / vulscan

  View on GitHub
  Advanced vulnerability scanning with Nmap NSE
  ☆3,717Feb 6, 2026Updated last week
• owtf / owtf

  View on GitHub
  Offensive Web Testing Framework (OWTF), is a framework which tries to unite great tools and make pen testing more efficient http://owtf.o…
  ☆1,926Jan 21, 2026Updated 3 weeks ago
• offensive-security / exploitdb

  View on GitHub
  The legacy Exploit Database repository - New repo located at https://gitlab.com/exploit-database/exploitdb
  ☆7,842Nov 10, 2022Updated 3 years ago
• robertdavidgraham / masscan

  View on GitHub
  TCP port scanner, spews SYN packets asynchronously, scanning entire Internet in under 5 minutes.
  ☆25,305Jun 5, 2025Updated 8 months ago
• frohoff / ysoserial

  View on GitHub
  A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.
  ☆8,741Dec 4, 2025Updated 2 months ago
• RedSiege / EyeWitness

  View on GitHub
  EyeWitness is designed to take screenshots of websites, provide some server header info, and identify default credentials if possible.
  ☆5,638Jan 5, 2026Updated last month
• epinna / tplmap

  View on GitHub
  Server-Side Template Injection and Code Injection Detection and Exploitation Tool
  ☆4,117Apr 21, 2024Updated last year
• threat9 / routersploit

  View on GitHub
  Exploitation Framework for Embedded Devices
  ☆12,968Jun 10, 2025Updated 8 months ago
• PowerShellMafia / PowerSploit

  View on GitHub
  PowerSploit - A PowerShell Post-Exploitation Framework
  ☆12,865Aug 17, 2020Updated 5 years ago
• strozfriedberg / Windows-Exploit-Suggester

  View on GitHub
  This tool compares a targets patch levels against the Microsoft vulnerability database in order to detect potential missing patches on th…
  ☆4,169May 11, 2023Updated 2 years ago
• laramies / theHarvester

  View on GitHub
  E-mails, subdomains and names Harvester - OSINT
  ☆15,617Feb 8, 2026Updated last week
• knownsec / Pocsuite

  View on GitHub
  This project has stopped to maintenance, please to https://github.com/knownsec/pocsuite3 project.
  ☆1,821May 27, 2022Updated 3 years ago
• 1N3 / IntruderPayloads

  View on GitHub
  A collection of Burpsuite Intruder payloads, BurpBounty payloads, fuzz lists, malicious file uploads and web pentesting methodologies and…
  ☆3,897Sep 27, 2021Updated 4 years ago
• TheRook / subbrute

  View on GitHub
  A DNS meta-query spider that enumerates DNS records, and subdomains.
  ☆3,501Jan 13, 2022Updated 4 years ago
• tennc / webshell

  View on GitHub
  This is a webshell open source project
  ☆10,683Dec 24, 2024Updated last year
• lanjelot / patator

  View on GitHub
  Patator is a multi-purpose brute-forcer, with a modular design and a flexible usage.
  ☆3,845May 20, 2025Updated 8 months ago