Cuckoo Sandbox alternatives

Looking for a better tool, or simply want to learn about alternatives? There is typically more than one option.

Alternatives (by tag)

64

Alternative: AutoNessus (autonessus)

The AutoNessus tool helps with automating vulnerability scans via the Nessus API. It lists policies and can configure the state of scans.

This tool is useful to time scans, for example by having it run outside of business hours, and stop when the day starts.

Note: originally another tool was named AutoNessus. That is now Seccubus.

Project details

AutoNessus is written in Python.

Strengths

  • + The source code of this software is available

Weaknesses

  • - No releases on GitHub available

Typical usage

  • vulnerability scanning

AutoNessus project page

60

Alternative: InstaRecon

InstaRecon is a security tool that can help with the reconnaissance phase of a penetration test. It can collect a number of data points with limited input.

Project details

InstaRecon is written in Python.

Strengths

  • + The source code of this software is available

Typical usage

  • penetration test
  • reconnaissance

InstaRecon project page

97

Alternative: Seccubus

Seccubus automates vulnerability scanning with support for Nessus, OpenVAS, NMap, SSLyze, Medusa, SkipFish, OWASP ZAP, and SSLlabs.

Supported engines and tools:

  • Nessus
  • OpenVAS
  • Nmap
  • Nikto
  • Medusa
  • Qualys SSL labs
  • SkipFish
  • SSLyze
  • testssl.sh
  • ZAP

78

Alternative: Sn1per

Sn1per is security scanner that can be used during a penetration test to enumerate and scan for vulnerabilities.

Project details

Sn1per is written in Python, shell script.

Strengths

  • + More than 10 contributors
  • + More than 1000 GitHub stars
  • + The source code of this software is available

Weaknesses

  • - Unknown project license

Typical usage

  • penetration test
  • reconnaissance

Sn1per project page

70

Alternative: Viper

Viper is a binary analysis and management framework for security researchers. It provides a way to organization your collection of malware samples and exploits.

Viper organizes the malware samples and exploits you found over time. It calls itself "Metasploit for malware researchers". Viper has a terminal interface to store, search and analyze files. As it is a framework, is also allows you to create your plugins.

56

Alternative: bingrep

Bingrep is a utility that can be described as the 'grep for binaries'. It runs on Linux and helps with reverse engineering and malware analysis.

Searches through binaries and highlights the most important areas with colors.

Supported binary formats:

  • ELF 32/64, arm, x86, openrisc
  • Mach 32/64, arm, x86
  • PE

67

Alternative: chkrootkit

chkrootkit is a malware scanner to locally check for signs of a rootkit. It is written in shell script and runs on the host system itself.

The chkrootkit tool consists of multiple parts that may detect the presence of rootkit parts of rootkit behavior on a system.

Some areas that are checked include:

  • interface in promiscuous mode
  • lastlog deletions
  • wtmp deletions
  • wtmpx deletions
  • signs of LKM trojans
  • utmp deletions

Project details

chkrootkit is written in C, shell script.

Strengths

  • + Used language is shell script
  • + Project is mature (10+ years)

Weaknesses

  • - Long time between releases

Typical usage

  • malware scan

chkrootkit project page

74

Alternative: ClamAV

ClamAV is an open source antivirus engine. It can detect malicious software (malware) like trojans, viruses, backdoors and other related threats.

ClamAV is a popular scan engine to detect malicious software (malware).

Project details

ClamAV is written in C.

Strengths

  • + Many maintainers
  • + The source code of this software is available

Typical usage

  • malware scan

ClamAV project page

64

Alternative: Diamorphine

Diamorphine is a so-called LKM rootkit for Linux. It runs on different kernels in the 2.6, 3.x, and 4.x branch.

Project details

Diamorphine is written in C.

Strengths

  • + The source code of this software is available

Typical usage

  • learning

Diamorphine project page

97

Alternative: hBlock

hBlock is a security tool to protect against advertisements, trackers, and malware. It does so by altering the /etc/hosts file and block bad or malicious hosts.

Project details

hBlock is written in shell script.

Strengths

  • + Used language is shell script
  • + The source code of this software is available

Typical usage

  • malware protection
  • privacy enhancement

hBlock project page

89

Alternative: LMD

Linux Malware Detect (LMD) is a malware scanner for systems running Linux. The open source software project is released with the GPLv2 license.

LMD uses MD5 file hashes and HEX pattern matches to define the malware signatures. These are used to detect malware.

Project details

LMD is written in shell script.

Strengths

  • + The source code of this software is available

Typical usage

  • malware scan

LMD project page

74

Alternative: Malscan

Malscan is a tool that sells itself as the robust ClamAV-based malware scanner for web servers. It can use signatures from multiple sources to perform scanning.

Malscan has multiple sources for its malware signatures:

  • RFX Networks Signatures
  • Metasploit Signatures
  • Malscan Signatures
  • ClamAV Main Signatures

Detection methods include HEX or MD5 matches, string length (e.g. base64), and MimeType mismatches.

Project details

Malscan is written in shell script.

Strengths

  • + Used language is shell script
  • + The source code of this software is available

Typical usage

  • malware scan

Malscan project page

74

Alternative: Rootkit Hunter (rkhunter)

Security tool to search for traces of rootkits, backdoors, and other malicious components on systems running Linux and other flavors of Unix

Rootkit Hunter is a small utility to find suspicious rootkit components. Other known backdoors or malicious software can also be discovered, especially if it has the goal to hide.

The tool uses different ways to hunt, like using predefined directory locations and comparing the output of system utilities. Another method is by requesting a specific output and see if this output is altered, therefore tricking rootkits to reveal themselves.

Project details

Rootkit Hunter is written in shell script.

Strengths

  • + Used language is shell script
  • + Project is mature (10+ years)
  • + The source code of this software is available

Typical usage

  • malware scan

Rootkit Hunter project page

76

Alternative: yarGen

The yarGen utility helps with creating YARA rules for malware detection. It can combine both 'goodware' and 'malware', to properly craft the right rules.

96

Alternative: LIEF

LIEF is a library to analyze executable formats like ELF, MachO, and PE. It can be used during reverse engineering, binary analysis, and malware research.

LIEF is short for Library to Instrument Executable Formats.

Project details

LIEF is written in Python.

Strengths

  • + The source code of this software is available

Typical usage

  • binary analysis
  • malware analysis
  • reverse engineering

LIEF project page

97

Alternative: radare2

radare2 is a tool to perform reverse engineering on files of all types. It can be used to analyze malware, firmware, or any other type of binary files.

RA-DA-RE stands for RAw DAta REcovery. It helps with performing analysis on files and images to retrieve useful artifacts. This can be used to better understand how malware works, recover lost data, or troubleshoot why software is crashing.

In 2014, radare1 was replaced by radare2, which was a parallel work and a full rewrite. It then was released under the LGPLv3 license.