Firewall testing tools

Tools

0trace (reconnaissance tool and firewall bypassing)

bypassing firewall rules, bypassing security measures, penetration testing

0trace is a reconnaissance tool to perform so-called hop enumeration within an established TCP connection. The goal is to allow traceroute-like functionality, yet in an alternative way. It can be used to bypass firewall rules. Tools like 0trace are typically used during pentesting assignments.

0trace.py (reconnaissance and firewall bypass tool)

bypassing firewall rules, bypassing security measures, reconnaissance

0trace is a small Python-based script to perform reconnaissance. It provides traceroute-like functionality. Additional data can be gathered about the network and its devices using this method.

360-FAAR (firewall analysis tool)

firewall auditing, log analysis, security assessment, security reviews

360-FAAR is a tool written in Perl to parse policies and logs from firewalls. It can compare firewall policies and translate between a policy and log data. Supported firewalls include Checkpoint FW1, Cisco ASA, and Netscreen ScreenOS.

FireAway (firewall audit and bypass tool)

bypassing firewall rules, firewall auditing, network traffic filtering, penetration testing

FireAway is a security tool to test the security of a firewall by trying to bypass its rules. It will use different methods to hide data or avoid detection by the firewall itself. This tool can be used for both defensive as offensive security.

opensvp (firewall testing tool)

application testing, defense testing, penetration testing, security assessment

Tools like opensvp can be used to test the strength of a configuration from the outside. It makes it a good tool for penetration testing and security assessments. While people may feel safe to have a firewall in place, it might be unknowingly vulnerable to several attacks on protocol level. This tool helps with finding these weaknesses.

Missing a favorite tool in this list? Share a tool suggestion and we will review it.