addrwatch alternatives

Looking for an alternative tool to replace addrwatch? During the review of addrwatch we looked at other open source tools. Based on their category, tags, and text, these are the ones that have the best match.

Top 3

  1. arping (ARP scanner)
  2. ArpON (MitM defense tool)
  3. arp-scan (ARP scanner)

These tools are ranked as the best alternatives to addrwatch.

Alternatives (by score)

60

arping

Introduction

arping is similar to the 'ping' utility for testing a network and the discovery of systems. Where the 'ping' command typically uses the Internet Control Message Protocol (ICMP), arping uses the Address Resolution Protocol (ARP).

Project details

63

ArpON

Introduction

ArpOn protects a system by running as a daemon and guard against a Man in the Middle (MitM) attack due to ARP spoofing, cache poisoning, or an ARP poison routing attack.

The tool works by using three types of inspection to detect a related attack.

  • SARPI (Static ARP Inspection), statically configured networks (without DHCP)
  • DARPI (Dynamic ARP Inspection), dynamically configured networks (with DHCP)
  • HARPI (Hybrid ARP Inspection), statically and dynamically configured networks (with DHCP)

Project details

ArpON is written in C.

Strengths and weaknesses

  • + The source code of this software is available

    ArpON review

    52

    arp-scan

    Introduction

    The arp-scan utility can be used to detect hosts on the network. As it uses ARP, it only applies to IPv4, as IPv6 uses the neighbour discovery protocol (NDP).

    Project details

    74

    KickThemOut

    Introduction

    Kick devices off your network by performing an ARP spoofing attack.

    Project details

    KickThemOut is written in Python.

    Strengths and weaknesses

    • + More than 500 GitHub stars
    • + The source code of this software is available

      Typical usage

      • Offensive security

      KickThemOut review

      60

      larp

      Introduction

      Larp is a tool to perform ARP poisoning on the network. It is written in Python and can be used for security assessments.

      Project details

      larp is written in Python.

      Strengths and weaknesses

      • + The source code of this software is available

        Typical usage

        • Network spoofing
        • Penetration testing

        larp review

        60

        SCUTUM

        Introduction

        The primary goal of this solution is to prevent ARP spoofing by other computers on the local network. It uses a whitelist and blocks all other systems sending possible malicious ARP requests (e.g. with spoofing attack).

        Project details

        SCUTUM is written in Python.

        Strengths and weaknesses

        • + The source code of this software is available
        • - Full name of author is unknown

        Typical usage

        • Firewall management
        • Network traffic filtering

        SCUTUM review

        84

        Certigo

        Introduction

        This toolkit is useful for automatic auditing certificates and retrieving information from them. It can be used for monitoring certificates. These certificates could be stored in a local file or remotely on a system. In the latter case, the tool will be able to connect to the system and retrieve the related information.

        Project details

        Certigo is written in Golang.

        Strengths and weaknesses

        • + The source code of this software is available

          Typical usage

          • Certificate management

          Certigo review

          74

          K8Guard

          Introduction

          The primary goal of K8Guard is monitoring the environment. Instead of focusing on availability, K8Guard helps to detect misbehaving resources. These resources could be Deployments, DaemonSets, Ingresses, Jobs/CronJobs, Namespaces, Pods, and ResourceQuotas.

          Project details

          K8Guard is written in Golang.

          Strengths and weaknesses

          • + The source code of this software is available

            Typical usage

            • Event monitoring

            K8Guard review

            60

            USB Canary

            Introduction

            USB Canary is a tool to monitor the addition or removal of USB devices while a computer is locked. This small utility is written in Python and can provide an alert.

            Project details

            USB Canary is written in Python.

            Strengths and weaknesses

            • + More than 500 GitHub stars
            • + The source code of this software is available
            • - Full name of author is unknown

            Typical usage

            • Hardware security
            • System monitoring

            USB Canary review

            93

            ntopng

            Introduction

            The ntopng replaced the older ntop utility. It now focuses on high-speed traffic analysis and flow collection. Typically this is useful for analysis of network traffic and troubleshooting of overused network links.

            Project details

            ntopng is written in C++.

            Strengths and weaknesses

            • + The source code of this software is available

              Typical usage

              • Network analysis
              • Troubleshooting

              ntopng review

              93

              Scapy

              Introduction

              Scapy can handle tasks like network scanning, tracerouting, probing, unit tests, attacks or network discovery. Due to its manipulation possibilities, Scapy can send invalid frames. It allows you also to inject custom 802.11 frames, or combine other attacking techniques.

              Project details

              Scapy is written in Python.

              Strengths and weaknesses

              • + More than 2000 GitHub stars
              • + The source code of this software is available
              • - Many provided pull requests are still open

              Typical usage

              • Network analysis
              • Security assessment

              Scapy review

              88

              THC IPv6 Attack Toolkit (thc-ipv6)

              Introduction

              Tools:
              - parasite6: ICMPv6 neighbor solitication/advertisement spoofer, puts you as man-in-the-middle, same as ARP MitM (and parasite)
              - alive6: an effective alive scanng, which will detect all systems listening to this address
              - dnsdict6: parallel DNS IPv6 dictionary brute-forcer
              - fake_router6: announce yourself as a router on the network, with the highest priority
              - redir6: redirect traffic to you intelligently (man-in-the-middle) with a clever ICMPv6 redirect spoofer
              - toobig6: mtu decreaser with the same intelligence as redir6
              - detect-new-ip6: detect new IPv6 devices which join the network, you can run a script to automatically scan these systems etc.
              - dos-new-ip6: detect new IPv6 devices and tell them that their chosen IP collides on the network (DOS).
              - trace6: very fast traceroute6 with supports ICMP6 echo request and TCP-SYN
              - flood_router6: flood a target with random router advertisements
              - flood_advertise6: flood a target with random neighbor advertisements
              - fuzz_ip6: fuzzer for IPv6
              - implementation6: performs various implementation checks on IPv6
              - implementation6d: listen daemon for implementation6 to check behind a firewall
              - fake_mld6: announce yourself in a multicast group of your choice on the net
              - fake_mld26: same but for MLDv2
              - fake_mldrouter6: fake MLD router messages
              - fake_mipv6: steal a mobile IP to yours if IPSEC is not needed for authentication
              - fake_advertiser6: announce yourself on the network
              - smurf6: local smurfer
              - rsmurf6: remote smurfer, known to work only against Linux targets at the moment
              - exploit6: known IPv6 vulnerabilities to test against a target
              - denial6: a collection of denial-of-service tests against a target
              - thcping6: sends a handcrafted ping6 packet
              - sendpees6: a tool by willdamn@gmail.com, which generates a neighbor solicitation requests with a lot of CGAs (crypto) to keep the CPU busy.

              Project details

              THC IPv6 Attack Toolkit is written in C.

              Strengths and weaknesses

              • + Project is mature (10+ years)
              • + The source code of this software is available

                Typical usage

                • Network analysis
                • Penetration testing
                • Security assessment

                THC IPv6 Attack Toolkit review

                70

                Yersinia

                Introduction

                The Yersinia tool takes advantage of known weaknesses in several network protocols. It helps with trying to abuse the weaknesses to ensure that network protections are implemented where possible.

                Related protocols:

                • Spanning Tree Protocol (STP)
                • Cisco Discovery Protocol (CDP)
                • Dynamic Trunking Protocol (DTP)
                • Dynamic Host Configuration Protocol (DHCP)
                • Hot Standby Router Protocol (HSRP)
                • 802.1q
                • 802.1x
                • Inter-Switch Link Protocol (ISL)
                • VLAN Trunking Protocol (VTP)

                Project details

                Some relevant tool missing as an alternative to addrwatch? Please contact us with your suggestion.