ArpON alternatives

Looking for an alternative tool to replace ArpON? During the review of ArpON we looked at other open source tools. Based on their category, tags, and text, these are the ones that have the best match.

Top 3

  1. MongoSanitizer (defense against MongoDB injection attacks)
  2. Fail2ban (log parser and blocking utility)
  3. hBlock (ad blocking and tracker/malware protection)

These tools are ranked as the best alternatives to ArpON.

Alternatives (by score)

60

MongoSanitizer (python-mongo-sanitizer)

Introduction

Typically this type of tool would be used as an additional defense layer to prevent injection attacks from reaching the database.

Project details

MongoSanitizer is written in Python.

Strengths and weaknesses

  • + The source code of this software is available

    Typical usage

    • Application security
    • Database security

    MongoSanitizer review

    89

    Fail2ban

    Introduction

    Fail2Ban is an intrusion prevention software framework that protects computer servers from brute-force attacks

    Project details

    Fail2ban is written in Python.

    Strengths and weaknesses

    • + More than 2000 GitHub stars
    • + The source code of this software is available

      Typical usage

      • Network traffic filtering
      • Security monitoring

      Fail2ban review

      97

      hBlock

      Introduction

      For the privacy-aware users, tools like hBlock can be helpful to block malicious domains, malware, advertisements, and trackers. Trackers could be pixels added to websites to track which pages you visited, which might invade your privacy.

      Project details

      hBlock is written in shell script.

      Strengths and weaknesses

      • + Used language is shell script
      • + The source code of this software is available

        Typical usage

        • Malware protection
        • Privacy enhancement
        • Provide anonymity

        hBlock review

        84

        addrwatch

        Introduction

        Similar to arpwatch, this tool addrwatch will monitor the pairing between ethernet and IP addresses.

        Main features:

        • IPv4 and IPv6 address monitoring
        • Monitoring multiple network interfaces with one daemon
        • Monitoring of VLAN tagged (802.1Q) packets
        • Output to stdout, plain text files, syslog, sqlite3, MySQL
        • IP address usage history preserving output and logging

        Project details

        84

        arping

        Introduction

        arping is similar to the 'ping' utility for testing a network and the discovery of systems. Where the 'ping' command typically uses the Internet Control Message Protocol (ICMP), arping uses the Address Resolution Protocol (ARP).

        Project details

        52

        arp-scan

        Introduction

        The arp-scan utility can be used to detect hosts on the network. As it uses ARP, it only applies to IPv4, as IPv6 uses the neighbour discovery protocol (NDP).

        Project details

        74

        KickThemOut

        Introduction

        Kick devices off your network by performing an ARP spoofing attack.

        Project details

        KickThemOut is written in Python.

        Strengths and weaknesses

        • + More than 500 GitHub stars
        • + The source code of this software is available

          Typical usage

          • Offensive security

          KickThemOut review

          60

          larp

          Introduction

          Larp is a tool to perform ARP poisoning on the network. It is written in Python and can be used for security assessments.

          Project details

          larp is written in Python.

          Strengths and weaknesses

          • + The source code of this software is available

            Typical usage

            • Network spoofing
            • Penetration testing

            larp review

            60

            SCUTUM

            Introduction

            The primary goal of this solution is to prevent ARP spoofing by other computers on the local network. It uses a whitelist and blocks all other systems sending possible malicious ARP requests (e.g. with spoofing attack).

            Project details

            SCUTUM is written in Python.

            Strengths and weaknesses

            • + The source code of this software is available
            • - Full name of author is unknown

            Typical usage

            • Firewall management
            • Network traffic filtering

            SCUTUM review

            74

            DBShield

            Introduction

            This tool is typically used by developers and system administrators to protect their database against common database attacks. One of them is the SQL injection attack, that tries to bypass checks, resulting in data leakage. By using this tool, another level of security defense is implemented.

            Project details

            DBShield is written in Golang.

            Strengths and weaknesses

            • + The source code of this software is available

              Typical usage

              • Database security

              DBShield review

              85

              django-axes

              Introduction

              This tool may be used by developers that work with the Django framework. It adds a security layer on top of the application by looking at login attempts and track them.

              Project details

              django-axes is written in Python.

              Strengths and weaknesses

              • + More than 50 contributors
              • + The source code of this software is available

                Typical usage

                • Application security

                django-axes review

                84

                django-defender (Django Defender)

                Introduction

                Django-defender is a reusable app for Django that blocks people from performing brute forcing login attempts.

                Project details

                django-defender is written in Python.

                Strengths and weaknesses

                • + More than 10 contributors
                • + The source code of this software is available

                  Typical usage

                  • Application security

                  django-defender review

                  78

                  OpenSnitch

                  Introduction

                  OpenSnitch is a tool based on Little Snitch, a macOS application level firewall. All outgoing connections are monitored and the user is alerted when a new outgoing connection occurs. This allows the user to detect and block any unwanted connections.

                  Project details

                  OpenSnitch is written in Golang.

                  Strengths and weaknesses

                  • + More than 3000 GitHub stars
                  • + The source code of this software is available
                  • - No releases on GitHub available

                  Typical usage

                  • Network traffic filtering

                  OpenSnitch review

                  63

                  Portspoof

                  Introduction

                  Portspoof is a small utility with the goal to make port scanning by other much harder. It achieves this by showing all configured TCP ports to be in the 'open' state instead of closed or filter. The related ports are also emulating valid services. This way a port scan on the system will reveal many open ports and look to have legitimate services running.

                  Project details

                  100

                  BetterCAP

                  Introduction

                  BetterCAP is often used by those who perform penetration testing and security assessments. This tool and framework is in particular useful for attempting man-in-the-middle attacks (MitM).

                  Project details

                  BetterCAP is written in Golang.

                  Strengths and weaknesses

                  • + More than 25 contributors
                  • + More than 2000 GitHub stars
                  • + The source code of this software is available

                    Typical usage

                    • Bypassing security measures
                    • Penetration testing
                    • Security assessment

                    BetterCAP review

                    63

                    DNSChef

                    Introduction

                    DNSChef is a DNS proxy that can be used terminate or intercept traffic for DNS traffic. This might be useful during a penetration test or when researching malware and manipulate the actual DNS responses.

                    Project details

                    100

                    mitmproxy (mitmproxy)

                    Introduction

                    The mitmproxy tool allows to intercept, inspect, modify, and replay traffic flows. It may be used for pentesting, troubleshooting, or learning about SSL/TLS.

                    Project details

                    mitmproxy is written in Python.

                    Strengths and weaknesses

                    • + More than 200 contributors
                    • + More than 10000 GitHub stars
                    • + The source code of this software is available

                      Typical usage

                      • Network analysis
                      • Penetration testing
                      • Security assessment

                      mitmproxy review

                      60

                      Nili

                      Introduction

                      This tool performs multiple types of scanning and attacks, which can be useful during penetration tests and security assignments.

                      Project details

                      Nili is written in Python.

                      Strengths and weaknesses

                      • + The source code of this software is available

                        Typical usage

                        • Network scanning
                        • Penetration testing
                        • Security assessment

                        Nili review

                        64

                        Seth

                        Introduction

                        Seth is a security tool to perform a man-in-the-middle (MitM) attack and extract clear text credentials from RDP connections.

                        Project details

                        Seth is written in Python, shell script.

                        Strengths and weaknesses

                        • + The source code of this software is available

                          Typical usage

                          • Penetration testing
                          • Security assessment

                          Seth review

                          68

                          SSH MITM

                          Introduction

                          This tool would most likely be used to intercept traffic during security assessments. Plaintext passwords and session data can be intercepted with it.

                          Project details

                          SSH MITM is written in Python.

                          Strengths and weaknesses

                          • + More than 1000 GitHub stars
                          • + The source code of this software is available

                            Typical usage

                            • Password discovery
                            • Security assessment
                            • Session hijacking

                            SSH MITM review

                            60

                            sslcaudit

                            Introduction

                            Sslcaudit is a tool that focuses on the niche of testing SSL/TLS clients.

                            Project details

                            sslcaudit is written in Python.

                            Strengths and weaknesses

                            • + The source code of this software is available

                              Typical usage

                              • Security assessment
                              • Software testing

                              sslcaudit review

                              81

                              SSLsplit

                              Introduction

                              SSLsplit is a tool for man-in-the-middle attacks against SSL/TLS encrypted network connections. Connections are transparently intercepted through a network address translation engine and redirected to SSLsplit. SSLsplit terminates SSL/TLS and initiates a new SSL/TLS connection to the original destination address, while logging all data transmitted. SSLsplit is intended to be useful for network forensics and penetration testing.

                              SSLsplit supports plain TCP, plain SSL, HTTP and HTTPS connections over both IPv4 and IPv6. For SSL and HTTPS connections, SSLsplit generates and signs forged X509v3 certificates on-the-fly, based on the original server certificate subject DN and subjectAltName extension. SSLsplit fully supports Server Name Indication (SNI) and is able to work with RSA, DSA and ECDSA keys and DHE and ECDHE cipher suites. Depending on the version of OpenSSL, SSLsplit supports SSL 3.0, TLS 1.0, TLS 1.1 and TLS 1.2, and optionally SSL 2.0 as well. SSLsplit can also use existing certificates of which the private key is available, instead of generating forged ones. SSLsplit supports NULL-prefix CN certificates and can deny OCSP requests in a generic way. For HTTP and HTTPS connections, SSLsplit removes response headers for HPKP in order to prevent public key pinning, for HSTS to allow the user to accept untrusted certificates, and Alternate Protocols to prevent switching to QUIC/SPDY. As an experimental feature, SSLsplit supports STARTTLS mechanisms in a generic manner.

                              Project details

                              SSLsplit is written in C.

                              Strengths and weaknesses

                              • + The source code of this software is available

                                Typical usage

                                • Learning
                                • Network analysis
                                • Penetration testing
                                • Security assessment

                                SSLsplit review

                                93

                                ntopng

                                Introduction

                                The ntopng replaced the older ntop utility. It now focuses on high-speed traffic analysis and flow collection. Typically this is useful for analysis of network traffic and troubleshooting of overused network links.

                                Project details

                                ntopng is written in C++.

                                Strengths and weaknesses

                                • + The source code of this software is available

                                  Typical usage

                                  • Network analysis
                                  • Troubleshooting

                                  ntopng review

                                  78

                                  Scapy

                                  Introduction

                                  Scapy can handle tasks like network scanning, tracerouting, probing, unit tests, attacks or network discovery. Due to its manipulation possibilities, Scapy can send invalid frames. It allows you also to inject custom 802.11 frames, or combine other attacking techniques.

                                  Project details

                                  Scapy is written in Python.

                                  Strengths and weaknesses

                                  • + More than 2000 GitHub stars
                                  • + The source code of this software is available
                                  • - Many provided pull requests are still open

                                  Typical usage

                                  • Network analysis
                                  • Security assessment

                                  Scapy review

                                  64

                                  THC IPv6 Attack Toolkit (thc-ipv6)

                                  Introduction

                                  Tools:
                                  - parasite6: ICMPv6 neighbor solitication/advertisement spoofer, puts you as man-in-the-middle, same as ARP MitM (and parasite)
                                  - alive6: an effective alive scanng, which will detect all systems listening to this address
                                  - dnsdict6: parallel DNS IPv6 dictionary brute-forcer
                                  - fake_router6: announce yourself as a router on the network, with the highest priority
                                  - redir6: redirect traffic to you intelligently (man-in-the-middle) with a clever ICMPv6 redirect spoofer
                                  - toobig6: mtu decreaser with the same intelligence as redir6
                                  - detect-new-ip6: detect new IPv6 devices which join the network, you can run a script to automatically scan these systems etc.
                                  - dos-new-ip6: detect new IPv6 devices and tell them that their chosen IP collides on the network (DOS).
                                  - trace6: very fast traceroute6 with supports ICMP6 echo request and TCP-SYN
                                  - flood_router6: flood a target with random router advertisements
                                  - flood_advertise6: flood a target with random neighbor advertisements
                                  - fuzz_ip6: fuzzer for IPv6
                                  - implementation6: performs various implementation checks on IPv6
                                  - implementation6d: listen daemon for implementation6 to check behind a firewall
                                  - fake_mld6: announce yourself in a multicast group of your choice on the net
                                  - fake_mld26: same but for MLDv2
                                  - fake_mldrouter6: fake MLD router messages
                                  - fake_mipv6: steal a mobile IP to yours if IPSEC is not needed for authentication
                                  - fake_advertiser6: announce yourself on the network
                                  - smurf6: local smurfer
                                  - rsmurf6: remote smurfer, known to work only against Linux targets at the moment
                                  - exploit6: known IPv6 vulnerabilities to test against a target
                                  - denial6: a collection of denial-of-service tests against a target
                                  - thcping6: sends a handcrafted ping6 packet
                                  - sendpees6: a tool by willdamn@gmail.com, which generates a neighbor solicitation requests with a lot of CGAs (crypto) to keep the CPU busy.

                                  Project details

                                  THC IPv6 Attack Toolkit is written in C.

                                  Strengths and weaknesses

                                  • + Project is mature (10+ years)
                                  • + The source code of this software is available

                                    Typical usage

                                    • Network analysis
                                    • Penetration testing
                                    • Security assessment

                                    THC IPv6 Attack Toolkit review

                                    Some relevant tool missing as an alternative to ArpON? Please contact us with your suggestion.