Best WeirdAAL (AWS Attack Library) Alternatives & Competitors in 2026

Allseek

Open-source autonomous penetration testing platform.

AWS IAM Privilege Escalation Methods

Documentation of an AWS IAM privilege escalation technique that exploits the iam:CreatePolicyVersion permission to gain elevated access through policy manipulation.

VHostScan

A virtual host scanner with the ability to detect catch-all scenarios, aliases, and dynamic default pages, presented at SecTalks BNE in September 2017.

CloudCopy

CloudCopy implements a cloud version of the Shadow Copy attack to extract domain user hashes from AWS-hosted domain controllers by creating and mounting volume snapshots.

Sn1per

An open-source attack surface management platform for identifying and managing vulnerabilities

Synack Sara

AI-powered autonomous penetration testing platform with multi-agent system

FireCompass AI-powered Pen Testing

AI-powered automated pen testing & continuous red teaming platform

Cyver Pentest Management Platform

Pentest management platform for reporting, project mgmt & client collaboration

Rapid7 Metasploit

Penetration testing software for simulating attacks and validating vulnerabilities

ImmuniWeb® Continuous Penetration Testing

Continuous pentesting service monitoring web apps & APIs for code changes

Faraday Faraday All-in-One

Modular offensive security platform for continuous monitoring and testing

Core Security Core Impact

Pen testing platform with guided automation and certified exploit library.

Vulneri Pentest

Continuous pentest platform simulating real attacks across web, cloud, and network assets.

Novee AI Pentesting

AI-driven continuous penetration testing platform with automated remediation.

Tenzai

Agentic AI platform for continuous, autonomous penetration testing of enterprise apps.

Blindspot DDoS Resilience Testing

Managed DDoS resilience testing service with 100+ real-world attack vectors.

GlitchSecure

Continuous DAST and real-time human-verified penetration testing for SaaS.

Red Specter POLTERGEIST

Autonomous web app pentest swarm with 10 agents and 55 attack vectors.

StealthNet AI

AI agent fleet for autonomous pentesting across external, API, web & vishing surfaces.

Webray RayBox

Automated penetration testing appliance covering recon-to-exploitation attack chain.

BloodHound

BloodHound is a Javascript web application that uses graph theory to analyze Active Directory and Azure environments, revealing hidden relationships and potential attack paths through visual mapping.

Dradis Community Edition (CE)

Open-source platform for pentest reporting and security team collaboration

SaltWorks SaltMiner Community

Pen test management and reporting platform for manual assessments

ParrotSec

Parrot Security OS is a comprehensive, secure, and customizable operating system for cybersecurity professionals, offering over 600+ tools and utilities for red and blue team operations.

Sysreptor

A fully customizable, offensive security reporting solution for pentesters, red teamers, and other security professionals.

TechTarget

Sysreptor provides a customizable security reporting solution for penetration testers and red teamers.

stegify

A command line steganography tool that uses LSB technique to hide files within images without visible alteration.

Fridump

Fridump is an open source memory dumping tool that uses the Frida framework to extract accessible memory addresses from iOS, Android, and Windows applications for security testing and analysis.

Cloud Container Attack Tool (CCAT)

A security testing framework for assessing container environment security across AWS and GCP cloud platforms.

NoSQLMap

NoSQLMap is an open source Python tool that automates NoSQL injection attacks and exploits configuration weaknesses in NoSQL databases to disclose or clone data.

FuzzDB

FuzzDB is an open-source dictionary of attack patterns and predictable resource locations for dynamic application security testing and vulnerability discovery.

LazyKali

A tool that simplifies the installation of tools and configuration for Kali Linux

dvcs-ripper

Rip web accessible (distributed) version control systems: SVN, GIT, Mercurial/hg, bzr, ...

Cognito Scanner

A Python script that performs security testing attacks against AWS Cognito services including account creation, user enumeration, and privilege escalation vulnerabilities.

Payloads All The Things

A comprehensive repository of payloads and bypass techniques for web application security testing and penetration testing across multiple platforms and attack vectors.

PenTesters Framework (PTF)

A Python script for creating a cohesive and up-to-date penetration testing framework.

AWS pwn

A collection of Python scripts for conducting penetration testing activities against Amazon Web Services (AWS) environments.

Nimbostratus

A proof-of-concept toolkit for fingerprinting and exploiting Amazon Web Services cloud infrastructures using the boto library.

Enumerate IAM Permissions

A security assessment tool that identifies AWS IAM permissions by systematically testing API calls to determine the actual scope of access granted to specific credentials.

Pacu

Pacu is an open-source AWS exploitation framework designed for offensive security testing against cloud environments through modular attack capabilities.

Lambda-Proxy

Lambda-Proxy is a utility that enables SQL injection testing of AWS Lambda functions by converting SQLMap HTTP attacks into Lambda invoke calls through a local proxy.

Pentoo Linux

A Live CD and Live USB for penetration testing and security assessment

headi

A tool for automated HTTP header injection

Turbo Intruder

A Burp Suite extension for sending large numbers of HTTP requests and analyzing the results.

h2csmuggler

A tool for exploiting HTTP/2 cleartext smuggling vulnerabilities

ESC

ESC is an interactive .NET SQL console client with enhanced SQL Server discovery and data exfiltration features designed for penetration testing and red team engagements.

github-search

A collection of CLI tools and API utilities for searching and filtering GitHub repositories by various criteria including keywords, users, organizations, and repository attributes.

AWSBucketDump

A security tool for discovering and analyzing interesting files in AWS S3 buckets across multiple regions and bucket types.