Chiron alternatives

Looking for an alternative tool to replace Chiron? During the review of Chiron we looked at other open source tools. Based on their category, tags, and text, these are the ones that have the best match.

Top 3

  1. pysap (SAP network protocol package generator)
  2. WarBerryPi (hardware implant for pentesting or red teaming)
  3. 0trace.py (reconnaissance and firewall bypass tool)

These tools are ranked as the best alternatives to Chiron.

Alternatives (by score)

85

pysap

Introduction

This Python library can be used to craft and send packets using SAP's NI, Message Server, Router, RFC, SNC, Enqueue, and Diag protocols. It is a useful toolkit for those who want to do security assessments in environments that use SAP solutions.

Project details

pysap is written in Python.

Strengths and weaknesses

  • + The source code of this software is available

    pysap review

    64

    WarBerryPi

    Introduction

    WarBerryPi is a toolkit to provide a hardware implant during Physical penetration testing or red teaming. The primary goal of the tool is to obtain as much information as possible, in a short period of time. The secondary goal is to be stealthy to avoid detection. As the name implies, the tool can be used on a small device like a RaspberryPi.

    Another use-case of WarBerryPi is to be an entry point to the network. In that case, a 3G connection is suggested, to avoid the outgoing network filtering (egress rules).

    Project details

    WarBerryPi is written in Python.

    Strengths and weaknesses

    • + More than 2000 GitHub stars
    • + The source code of this software is available
    • - Minimal or no documentation available
    • - No releases on GitHub available

    Typical usage

    • Information gathering
    • Information snooping
    • Penetration testing
    • Red teaming

    WarBerryPi review

    56

    0trace.py

    Introduction

    This security tool enables the user to perform hop enumeration (similar to traceroute). Instead of sending actual packets, it uses an established TCP connection.

    Project details

    0trace.py is written in Python.

    Strengths and weaknesses

    • + Project is mature (10+ years)
    • - Unknown project license

    Typical usage

    • Bypassing firewall rules
    • Bypassing security measures
    • Reconnaissance

    0trace.py review

    93

    Scapy

    Introduction

    Scapy can handle tasks like network scanning, tracerouting, probing, unit tests, attacks or network discovery. Due to its manipulation possibilities, Scapy can send invalid frames. It allows you also to inject custom 802.11 frames, or combine other attacking techniques.

    Project details

    Scapy is written in Python.

    Strengths and weaknesses

    • + More than 2000 GitHub stars
    • + The source code of this software is available
    • - Many provided pull requests are still open

    Typical usage

    • Network analysis
    • Security assessment

    Scapy review

    52

    ssldump

    Introduction

    ssldump is protocol analyzer for SSLv3/TLS network traffic. It identifies TCP connections on the chosen network interface and tries to interpret it.

    Project details

    Strengths and weaknesses

    • + The source code of this software is available
    • - No updates for a while

    Typical usage

    • Network analysis

    ssldump review

    93

    IVRE

    Introduction

    IVRE is a framework to perform reconnaissance for network traffic. It leverages other tools to pull in the data and show it in the web interface.

    Project details

    IVRE is written in Python.

    Strengths and weaknesses

    • + More than 10 contributors
    • + More than 1000 GitHub stars
    • + The source code of this software is available

      Typical usage

      • Digital forensics
      • Information gathering
      • Intrusion detection
      • Network analysis

      IVRE review

      67

      Wireshark

      Introduction

      Wireshark is a mature project with many users all over the world. Its library is stable and can be used by both graphical as text-based interfaces. With many books and even conferences around the subject, this tool is a safe bet to have in your toolbox.

      Project details

      Wireshark is written in C.

      Strengths and weaknesses

      • + The source code of this software is available
      • + Well-known tool

        Typical usage

        • Network analysis
        • Network traffic analysis
        • Security assessment
        • Troubleshooting

        Wireshark review

        56

        Pytbull (pytbull)

        Introduction

        None

        Project details

        67

        Snort

        Introduction

        Besides intrusion detection, Snort has the capabilities to prevent attacks. By taking a particular action based on traffic patterns, it can become an intrusion prevention system (IPS).

        Project details

        Snort is written in C.

        Strengths and weaknesses

        • + Supported by a large company
        • + Well-known tool

          Typical usage

          • Security monitoring

          Snort review

          100

          Suricata

          Introduction

          Suricata is a somewhat younger NIDS, though has a rapid development cycle. It can work with Snort rulesets, yet also has optimized rulesets for usage with Suricata itself. For example, this set is known as Emerging Threats and fully optimized.

          Project details

          Suricata is written in C, Lua.

          Strengths and weaknesses

          • + More than 50 contributors
          • + The source code of this software is available

            Typical usage

            • Information gathering
            • Intrusion detection
            • Network analysis
            • Threat discovery

            Suricata review

            56

            FireAway

            Introduction

            FireAway is a security tool to test the security of a firewall by trying to bypass its rules. It will use different methods to hide data or avoid detection by the firewall itself. This tool can be used for both defensive as offensive security.

            Project details

            FireAway is written in Python.

            Strengths and weaknesses

            • + The source code of this software is available
            • - No releases on GitHub available
            • - Unknown project license

            Typical usage

            • Bypassing firewall rules
            • Firewall auditing
            • Network traffic filtering
            • Penetration testing

            FireAway review

            59

            OSSEC

            Introduction

            OSSEC uses a centralized, cross-platform architecture allowing multiple systems to be monitored and managed.

            Highlights:
            The OSSEC project was acquired by Third Brigade, Inc in June 2008. This included the copyrights owned by Daniel Cid, its project leader. They promised to continue the development, keep it open source, and extend commercial support and training to the community.

            Trend Micro acquired Third Brigade in May 2009. This included the OSSEC project. Trend Micro promised to keep the software open source and free.

            Project details

            Strengths and weaknesses

            • + Commercial support available
            • + Well-known tool
            • - Commercial support available

            OSSEC review

            52

            Samhain

            Introduction

            Samhain is a host-based intrusion detection system (HIDS). It provides file integrity checking and log file monitoring/analysis. Additional features are rootkit detection, port monitoring, detection of rogue SUID executables, and the detection of hidden processes.

            Samhain is typically deployed as a standalone application, although it supports centralized logging. This makes it ideal for environments with multiple systems.

            Samhain is open source software and written by Rainer Wichmann.

            Project details

            Strengths and weaknesses

            • + The source code of this software is available

              Samhain review

              60

              Scirius

              Introduction

              Scirius is a web application to do Suricata ruleset management. There is both a community version as paid version available.

              Project details

              Scirius is written in Python.

              Strengths and weaknesses

              • + The source code of this software is available

                Typical usage

                • Network security monitoring

                Scirius review

                100

                Zeek (Bro)

                Introduction

                Zeek helps to perform security monitoring by looking into the network's activity. It can find suspicious data streams. Based on the data, it alert, react, and integrate with other tools.

                Project details

                Zeek is written in C++.

                Strengths and weaknesses

                • + More than 50 contributors
                • + More than 2000 GitHub stars
                • + The source code of this software is available
                • + Well-known tool

                  Typical usage

                  • Security monitoring

                  Zeek review

                  80

                  THC IPv6 Attack Toolkit (thc-ipv6)

                  Introduction

                  Tools:
                  - parasite6: ICMPv6 neighbor solitication/advertisement spoofer, puts you as man-in-the-middle, same as ARP MitM (and parasite)
                  - alive6: an effective alive scanng, which will detect all systems listening to this address
                  - dnsdict6: parallel DNS IPv6 dictionary brute-forcer
                  - fake_router6: announce yourself as a router on the network, with the highest priority
                  - redir6: redirect traffic to you intelligently (man-in-the-middle) with a clever ICMPv6 redirect spoofer
                  - toobig6: mtu decreaser with the same intelligence as redir6
                  - detect-new-ip6: detect new IPv6 devices which join the network, you can run a script to automatically scan these systems etc.
                  - dos-new-ip6: detect new IPv6 devices and tell them that their chosen IP collides on the network (DOS).
                  - trace6: very fast traceroute6 with supports ICMP6 echo request and TCP-SYN
                  - flood_router6: flood a target with random router advertisements
                  - flood_advertise6: flood a target with random neighbor advertisements
                  - fuzz_ip6: fuzzer for IPv6
                  - implementation6: performs various implementation checks on IPv6
                  - implementation6d: listen daemon for implementation6 to check behind a firewall
                  - fake_mld6: announce yourself in a multicast group of your choice on the net
                  - fake_mld26: same but for MLDv2
                  - fake_mldrouter6: fake MLD router messages
                  - fake_mipv6: steal a mobile IP to yours if IPSEC is not needed for authentication
                  - fake_advertiser6: announce yourself on the network
                  - smurf6: local smurfer
                  - rsmurf6: remote smurfer, known to work only against Linux targets at the moment
                  - exploit6: known IPv6 vulnerabilities to test against a target
                  - denial6: a collection of denial-of-service tests against a target
                  - thcping6: sends a handcrafted ping6 packet
                  - sendpees6: a tool by willdamn@gmail.com, which generates a neighbor solicitation requests with a lot of CGAs (crypto) to keep the CPU busy.

                  Project details

                  THC IPv6 Attack Toolkit is written in C.

                  Strengths and weaknesses

                  • + Project is mature (10+ years)
                  • + The source code of this software is available

                    Typical usage

                    • Network analysis
                    • Penetration testing
                    • Security assessment

                    THC IPv6 Attack Toolkit review

                    63

                    360-FAAR

                    Introduction

                    360-FAAR is a tool written in Perl to parse policies and logs from firewalls. It can compare firewall policies and translate between a policy and log data. Supported firewalls include Checkpoint FW1, Cisco ASA, and Netscreen ScreenOS.

                    Project details

                    360-FAAR is written in Perl.

                    Strengths and weaknesses

                    • + Project is mature (5+ years)
                    • + The source code of this software is available

                      Typical usage

                      • Firewall auditing
                      • Log analysis
                      • Security assessment
                      • Security reviews

                      360-FAAR review

                      60

                      Assimilator

                      Introduction

                      A tool like Assimilator can be of great help to 'normalize' all firewall rules into one place. Especially when a company uses different firewalls, each with their own syntax and specifics. Assimilator will then simplify the way firewall rules are created and managed.

                      Project details

                      Assimilator is written in Python.

                      Strengths and weaknesses

                      • + The source code of this software is available

                        Typical usage

                        • Network traffic filtering

                        Assimilator review

                        64

                        DFWFW (Docker Firewall Framework)

                        Introduction

                        DFWFW, short of Docker Firewall Framework, offers easy administration of the iptables rules of Docker containers. It updates using event streams.

                        Project details

                        DFWFW is written in Perl.

                        Strengths and weaknesses

                        • + The source code of this software is available
                        • - Full name of author is unknown

                        Typical usage

                        • Firewall management

                        DFWFW review

                        81

                        Douane

                        Introduction

                        Douane is an application firewall that blocks unknown or unwanted traffic. It provides a more fine-grained filtering as it looks at the combination of application and used network ports. This is useful when allowing common browse traffic on port 80 and 443. Instead of all applications being able to use this port, only the ones that are granted access will be able to do so. When a new connection is not trusted yet, Douane will ask to allow or deny the traffic stream.

                        Project details

                        Douane is written in C, C++, GTK+.

                        Strengths and weaknesses

                        • + The source code of this software is available

                          Typical usage

                          • Network traffic filtering

                          Douane review

                          89

                          FireHOL

                          Introduction

                          FireHOL is promoted as an iptables stateful packet filtering firewall for humans. It also comes with FireQOS, which a bandwidth shaper based on tc.

                          Project details

                          FireHOL is written in shell script.

                          Strengths and weaknesses

                          • + More than 500 GitHub stars
                          • + The source code of this software is available

                            Typical usage

                            • Firewall management
                            • Network traffic filtering

                            FireHOL review

                            86

                            Knock

                            Introduction

                            Knock implements the principle of port knocking. It does so by using libpcap to sniff network traffic on interfaces and then use that to see if it matches a predefined sequence of steps.

                            Project details

                            Knock is written in C.

                            Strengths and weaknesses

                            • + Project is mature (10+ years)
                            • - No updates for a while

                            Knock review

                            56

                            LPFW (LeoPard FloWer)

                            Introduction

                            LPFW is the abbreviation for LeoPard FloWer and is an application firewall for Linux.

                            Project details

                            LPFW is written in C++, Python.

                            Strengths and weaknesses

                            • + The source code of this software is available
                            • - Unknown project license

                            Typical usage

                            • Network traffic filtering

                            LPFW review

                            96

                            OpenSnitch

                            Introduction

                            OpenSnitch is a tool based on Little Snitch, a macOS application level firewall. All outgoing connections are monitored and the user is alerted when a new outgoing connection occurs. This allows the user to detect and block any unwanted connections.

                            Project details

                            OpenSnitch is written in Golang.

                            Strengths and weaknesses

                            • + More than 3000 GitHub stars
                            • + The source code of this software is available
                            • - No releases on GitHub available

                            Typical usage

                            • Network traffic filtering

                            OpenSnitch review

                            67

                            iptables

                            Introduction

                            The iptables tool is the userspace command line program part of the netfilter project. Since Linux 2.4 it is the standard packet filtering engine. Among standard traffic filtering, it can be used for Network Address Translation (NAT).

                            Project details

                            iptables is written in C.

                            Strengths and weaknesses

                            • + The source code of this software is available
                            • + Well-known tool

                              Typical usage

                              • Network traffic filtering

                              iptables review

                              Some relevant tool missing as an alternative to Chiron? Please contact us with your suggestion.