ArpON alternatives

Looking for a better tool, or simply want to learn about alternatives? There is typically more than one option.

Alternatives (by tag)

68

Alternative: addrwatch

Addrwatch is a tool similar to arpwatch to monitor IPv4/IPv6 and ethernet address pairing.

Similar to arpwatch, this tool addrwatch will monitor the pairing between ethernet and IP addresses.

Main features:

  • IPv4 and IPv6 address monitoring
  • Monitoring multiple network interfaces with one daemon
  • Monitoring of VLAN tagged (802.1Q) packets
  • Output to stdout, plain text files, syslog, sqlite3, MySQL
  • IP address usage history preserving output and logging

76

Alternative: arping

arping is a tool for the discovery of hosts on a computer network using the Address Resolution Protocol (ARP).

arping is similar to the 'ping' utility for testing a network and the discovery of systems. Where the 'ping' command typically uses the Internet Control Message Protocol (ICMP), arping uses the Address Resolution Protocol (ARP).

52

Alternative: arp-scan

arp-scan is a security tool that sends ARP packets to hosts on the local network. Any responses to the requests are displayed.

The arp-scan utility can be used to detect hosts on the network. As it uses ARP, it only applies to IPv4, as IPv6 uses the neighbour discovery protocol (NDP).

78

Alternative: KickThemOut

KickThemOut is a tool that can remove systems and devices from the network by performing an ARP spoofing attack.

Project details

KickThemOut is written in Python.

Strengths

  • + More than 500 GitHub stars
  • + The source code of this software is available

Typical usage

  • offensive security

KickThemOut project page

84

Alternative: larp

Larp is a tool to perform ARP poisoning on the network. It is written in Python and can be used for security assessments.

Project details

larp is written in Python.

Strengths

  • + The source code of this software is available

larp project page

76

Alternative: SCUTUM

SCUTUM is a security tool for Linux systems to filter network traffic. With this firewall functionality, it can allow only whitelisted network gateways.

Project details

SCUTUM is written in Python.

Strengths

  • + The source code of this software is available

Weaknesses

  • - Full name of author is unknown

Typical usage

  • firewall management
  • network traffic filtering

SCUTUM project page

78

Alternative: DBShield

DBShield is a gateway between an application and actual database engine. Its goal is to protect against SQL injections and other database attacks.

Project details

DBShield is written in Golang.

Strengths

  • + The source code of this software is available

Typical usage

  • database security

DBShield project page

85

Alternative: django-axes

Django-axes is a reusable app for Django to limit the brute force login attempts for your web application.

Project details

django-axes is written in Python.

Strengths

  • + More than 50 contributors
  • + The source code of this software is available

Typical usage

  • application security

django-axes project page

68

Alternative: django-defender (Django Defender)

Django-defender is a reusable app for Django that blocks people from performing brute forcing login attempts.

Project details

django-defender is written in Python.

Strengths

  • + More than 10 contributors
  • + The source code of this software is available

Typical usage

  • application security

django-defender project page

76

Alternative: MongoSanitizer (python-mongo-sanitizer)

MongoSanitizer is a software component sanitizes MongoDB queries to prevent injection attacks as much as possible.

Project details

MongoSanitizer is written in Python.

Strengths

  • + The source code of this software is available

Typical usage

  • application security
  • database security

MongoSanitizer project page

64

Alternative: nixarmor

Nixarmor is a set of shell scripts to harden Linux systems and help with security automation. It configures the system to increase its security level.

Project details

nixarmor is written in shell script.

Strengths

  • + Used language is shell script
  • + The source code of this software is available

Weaknesses

  • - Not ready for production usage
  • - No updates for a while
  • - Project looks outdated (old code or documentation)

Typical usage

  • system hardening

nixarmor project page

64

Alternative: OpenSnitch

OpenSnitch is a Linux port of the popular macOS Little Snitch application firewall

OpenSnitch is a tool based on Little Snitch, a macOS application level firewall. All outgoing connections are monitored and the user is alerted when a new outgoing connection occurs. This allows the user to detect and block any unwanted connections.

The OpenSnitch tool relies on NFQUEUE, which is an extension for iptables. With this extension software running in userland can intercept IP packets and allow/drop them.

Project details

OpenSnitch is written in Python.

Strengths

  • + More than 2000 GitHub stars
  • + The source code of this software is available

Typical usage

  • network traffic filtering

OpenSnitch project page

63

Alternative: Portspoof

Portspoof is a small utility with the goal to make port scanning by other much harder by showing all TCP ports as 'open' and emulating actual services.

Portspoof is a small utility with the goal to make port scanning by other much harder. It achieves this by showing all configured TCP ports to be in the 'open' state instead of closed or filter. The related ports are also emulating valid services. This way a port scan on the system will reveal many open ports and look to have legitimate services running.

93

Alternative: BetterCAP

BetterCAP is a complete, modular, portable and easily extensible MitM tool and framework. It is maintained well and appreciated by many.

Project details

BetterCAP is written in Ruby.

Strengths

  • + More than 25 contributors
  • + More than 2000 GitHub stars
  • + The source code of this software is available

Typical usage

  • bypassing security measures
  • penetration test
  • security assessment

BetterCAP project page

63

Alternative: DNSChef

DNSChef is a highly configurable DNS proxy for penetration testers and malware analysts

81

Alternative: mitmproxy (mitmproxy)

The mitmproxy tool allows to intercept, inspect, modify, and replay traffic flows. It may be used for pentesting, troubleshooting, or learning about SSL/TLS.

Project details

mitmproxy is written in Python.

Strengths

  • + More than 50 contributors
  • + More than 7000 GitHub stars
  • + The source code of this software is available

Typical usage

  • network analysis
  • penetration test
  • security assessment

mitmproxy project page

84

Alternative: Nili

Nili is a security tool with a wide range of goals, including network scanning, MitM attacks, protocol reverse engineering and application fuzzing.

Project details

Nili is written in Python.

Strengths

  • + The source code of this software is available

Typical usage

  • network scanning
  • penetration test
  • security assessment

Nili project page

64

Alternative: Seth

Seth is a security tool to perform a man-in-the-middle (MitM) attack and extract clear text credentials from RDP connections.

Project details

Seth is written in Python, shell script.

Strengths

  • + The source code of this software is available

Typical usage

  • penetration test
  • security assessment

Seth project page

60

Alternative: sslcaudit

The sslcaudit project helps with automated testing of SSL/TLS clients for resistance against MITM attacks.

This project focuses on the niche of testing SSL/TLS clients.

Project details

sslcaudit is written in Python.

Strengths

  • + The source code of this software is available

Typical usage

  • security assessment
  • software testing

sslcaudit project page

97

Alternative: SSLsplit

SSLsplit is a security tool to perform transparent SSL/TLS interception by using a so-called man-in-the-middle (MitM) attack.

SSLsplit is a tool for man-in-the-middle attacks against SSL/TLS encrypted network connections. Connections are transparently intercepted through a network address translation engine and redirected to SSLsplit. SSLsplit terminates SSL/TLS and initiates a new SSL/TLS connection to the original destination address, while logging all data transmitted. SSLsplit is intended to be useful for network forensics and penetration testing.

SSLsplit supports plain TCP, plain SSL, HTTP and HTTPS connections over both IPv4 and IPv6. For SSL and HTTPS connections, SSLsplit generates and signs forged X509v3 certificates on-the-fly, based on the original server certificate subject DN and subjectAltName extension. SSLsplit fully supports Server Name Indication (SNI) and is able to work with RSA, DSA and ECDSA keys and DHE and ECDHE cipher suites. Depending on the version of OpenSSL, SSLsplit supports SSL 3.0, TLS 1.0, TLS 1.1 and TLS 1.2, and optionally SSL 2.0 as well. SSLsplit can also use existing certificates of which the private key is available, instead of generating forged ones. SSLsplit supports NULL-prefix CN certificates and can deny OCSP requests in a generic way. For HTTP and HTTPS connections, SSLsplit removes response headers for HPKP in order to prevent public key pinning, for HSTS to allow the user to accept untrusted certificates, and Alternate Protocols to prevent switching to QUIC/SPDY. As an experimental feature, SSLsplit supports STARTTLS mechanisms in a generic manner.

Project details

SSLsplit is written in C.

Strengths

  • + The source code of this software is available

Typical usage

  • learning
  • network analysis
  • penetration test
  • security assessment

SSLsplit project page

74

Alternative: hping

hping is a tool to assemble and analyze TCP/IP packets. The interface is looks like the common ping command, yet allows more than just ICMP echo requests.

Used for: Firewall testing, port scanning, network testing, traceroute, OS fingerprinting, OS fingerprinting, uptime guessing, TCP/IP auditing

Supported protocols: TCP, UDP, ICMP and RAW IP

Abilities: traceroute mode, send files between a covered channel

According to the website, hping is no longer actively developed. Some changes may be integrated into the source tree at GitHub.

Project details

hping is written in C.

Strengths

  • + The source code of this software is available

Weaknesses

  • - No releases on GitHub available
  • - No updates for a while

Typical usage

  • network analysis
  • penetration test

hping project page

93

Alternative: ntopng

ntopng is the successor of the original ntop utility. It shows network usage by capturing traffic and provide insights on the usage.

The ntopng replaced the older ntop utility. It now focuses on high-speed traffic analysis and flow collection. Typically this is useful for analysis of network traffic and troubleshooting of overused network links.

Project details

ntopng is written in C++.

Strengths

  • + The source code of this software is available

Typical usage

  • network analysis
  • troubleshooting

ntopng project page

93

Alternative: Scapy

Scapy is an interactive packet manipulation program. It is able to forge or decode packets of a wide number of protocols and send and capture them.

Scapy can handle tasks like network scanning, tracerouting, probing, unit tests, attacks or network discovery. Due to its manipulation possibilities, Scapy can send invalid frames. It allows you also to inject custom 802.11 frames, or combine other attacking techniques.

According to the description of the author, Scapy can replace hping, most of of nmap, arpspoof, arp-sk, arping, tcpdump, tethereal, and p0f.

Project details

Scapy is written in Python.

Strengths

  • + More than 1000 GitHub stars
  • + The source code of this software is available

Weaknesses

  • - Many provided pull requests are still open

Typical usage

  • network analysis
  • security assessment

Scapy project page

89

Alternative: THC IPv6 Attack Toolkit (thc-ipv6)

THC IPv6 attack toolkit a set of utilities. It can be used for penetrating testing and security assessments of correct network implementations.

Tools:
- parasite6: ICMPv6 neighbor solitication/advertisement spoofer, puts you as man-in-the-middle, same as ARP MitM (and parasite)
- alive6: an effective alive scanng, which will detect all systems listening to this address
- dnsdict6: parallel DNS IPv6 dictionary brute-forcer
- fake_router6: announce yourself as a router on the network, with the highest priority
- redir6: redirect traffic to you intelligently (man-in-the-middle) with a clever ICMPv6 redirect spoofer
- toobig6: mtu decreaser with the same intelligence as redir6
- detect-new-ip6: detect new IPv6 devices which join the network, you can run a script to automatically scan these systems etc.
- dos-new-ip6: detect new IPv6 devices and tell them that their chosen IP collides on the network (DOS).
- trace6: very fast traceroute6 with supports ICMP6 echo request and TCP-SYN
- flood_router6: flood a target with random router advertisements
- flood_advertise6: flood a target with random neighbor advertisements
- fuzz_ip6: fuzzer for IPv6
- implementation6: performs various implementation checks on IPv6
- implementation6d: listen daemon for implementation6 to check behind a firewall
- fake_mld6: announce yourself in a multicast group of your choice on the net
- fake_mld26: same but for MLDv2
- fake_mldrouter6: fake MLD router messages
- fake_mipv6: steal a mobile IP to yours if IPSEC is not needed for authentication
- fake_advertiser6: announce yourself on the network
- smurf6: local smurfer
- rsmurf6: remote smurfer, known to work only against Linux targets at the moment
- exploit6: known IPv6 vulnerabilities to test against a target
- denial6: a collection of denial-of-service tests against a target
- thcping6: sends a handcrafted ping6 packet
- sendpees6: a tool by willdamn@gmail.com, which generates a neighbor solicitation requests with a lot of CGAs (crypto) to keep the CPU busy.

Project details

THC IPv6 Attack Toolkit is written in C.

Strengths

  • + Project is mature (10+ years)
  • + The source code of this software is available

Typical usage

  • network analysis
  • penetration test
  • security assessment

THC IPv6 Attack Toolkit project page

93

Alternative: Yersinia

Yersinia is a framework to perform layer 2 attacks. It can be used for pentests and security assessments to test network safeguards.

The Yersinia tool takes advantage of known weaknesses in several network protocols. It helps with trying to abuse the weaknesses to ensure that network protections are implemented where possible.

Related protocols:

  • Spanning Tree Protocol (STP)
  • Cisco Discovery Protocol (CDP)
  • Dynamic Trunking Protocol (DTP)
  • Dynamic Host Configuration Protocol (DHCP)
  • Hot Standby Router Protocol (HSRP)
  • 802.1q
  • 802.1x
  • Inter-Switch Link Protocol (ISL)
  • VLAN Trunking Protocol (VTP)