Docker Bench for Security alternatives

Looking for a better tool, or simply want to learn about alternatives? There is typically more than one option.

Alternatives (by tag)

67

Alternative: 360-FAAR

Supported firewall configurations

  • Checkpoint FW1
  • Cisco ASA
  • Netscreen ScreenOS

84

Alternative: Prowler

Prowler is a security tool to perform security audits on AWS configurations. It helps to find configuration flaws and improve system hardening.

Project details

Prowler is written in shell script.

Strengths

  • + The source code of this software is available

Typical usage

  • security assessment
  • system hardening

Prowler project page

85

Alternative: VHostScan

VHostScan is a security tool that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, aliases, and dynamic default pages.

Project details

VHostScan is written in Python.

Strengths

  • + The source code of this software is available

Typical usage

  • penetration test
  • reconnaissance

VHostScan project page

100

Alternative: Anchore

Anchore is a toolkit to perform in-depth container analysis, inspection, and controlling them. Among security scanning, it can do a wide range of functions.

Project details

Anchore is written in Python.

Strengths

  • + Commercial support available
  • + The source code of this software is available

Typical usage

  • system hardening

Anchore project page

85

Alternative: bane

The bane tool is an AppArmor profile generator for Docker containers. It helps with creating the appropriate profile for confinement on system level.

With bane it becomes much easier to create an AppArmor profile. It works by running a Docker container while bane monitors it. Any required permissions will then be stored in the profile.

Project details

bane is written in Golang.

Strengths

  • + The source code of this software is available

Typical usage

  • security monitoring
  • system hardening

bane project page

64

Alternative: DFWFW (Docker Firewall Framework)

DFWFW, short of Docker Firewall Framework, offers easy administration of the iptables rules of Docker containers. It updates using event streams.

Project details

DFWFW is written in Perl.

Strengths

  • + The source code of this software is available

Weaknesses

  • - Full name of author is unknown

Typical usage

  • firewall management

DFWFW project page

64

Alternative: Dockerscan

Dockerscan is a Docker toolkit for security analysis which includes attacking tools. It is more focused on side of the offensive than defensive.

Project details

Dockerscan is written in Python.

Strengths

  • + More than 500 GitHub stars
  • + The source code of this software is available

Typical usage

  • information gathering
  • security assessment
  • vulnerability scanning

Dockerscan project page

93

Alternative: subuser

Subuser is a tool that allows commands to be executed with restrictions. It works on Linux and can increase security by lowering access levels.

Project details

subuser is written in Python.

Strengths

  • + More than 10 contributors
  • + More than 500 GitHub stars
  • + The source code of this software is available

Typical usage

  • software testing

subuser project page

76

Alternative: Clair

Clair is an open source container analyzer. It performs static analysis of container images and correlates their contents with public vulnerability databases.

The tool has been created by CoreOS and can scan containers of different formats. It analyzes them and determines available security weaknesses in the container.

Project details

Clair is written in Golang.

Strengths

  • + The source code of this software is available

Typical usage

  • security assessment
  • vulnerability scanning

Clair project page

64

Alternative: JShielder

JShielder is a security tool for Linux systems to make them more secure by adding system hardening measures.

Project details

JShielder is written in Python, shell script.

Strengths

  • + Used language is shell script
  • + The source code of this software is available

Typical usage

  • system hardening

JShielder project page

64

Alternative: LUNAR

LUNAR is a security scanner that runs on a Linux system or other flavors of Unix. It provides insights on what can be done to harden the system.

LUNAR is short for Lockdown UNix Auditing and Reporting and runs on the system itself.

Project details

LUNAR is written in shell script.

Strengths

  • + The source code of this software is available

Typical usage

  • security assessment
  • self-assessment
  • system hardening

LUNAR project page

100

Alternative: Lynis

Security auditing tool for systems running Linux, mac OS, or Unix, to perform an in-depth health check.

Lynis is an open source security auditing tool that is available since 2007 and created by Michael Boelen. Its primary goal is to evaluate the security defenses of systems running Linux or other flavors of Unix. It provides suggestions to install, configure, or correct any security measures.

Project details

Lynis is written in shell script.

Strengths

  • + Commercial support available
  • + More than 50 contributors
  • + More than 3000 GitHub stars
  • + Used language is shell script
  • + Very low number of dependencies
  • + Project is mature (5+ years)
  • + The source code of this software is available

Typical usage

  • IT audit
  • penetration test
  • security assessment
  • system hardening

Lynis project page

68

Alternative: Nix-Auditor

Nix-Auditor is a tool to help with scanning Linux systems and test them against CIS benchmarks.

This fairly new tool is written in shell script to scan Linux systems with the focus on security auditing.

Project details

Nix-Auditor is written in shell script.

Strengths

  • + Used language is shell script

Weaknesses

  • - Full name of author is unknown
  • - Unknown project license

Nix-Auditor project page

85

Alternative: Scout2

Scout2 is a security tool to assess the security of an AWS environment. It can be used for system hardening and IT audits.

Project details

Scout2 is written in Python.

Strengths

  • + More than 10 contributors
  • + More than 500 GitHub stars

Typical usage

  • IT audit
  • security assessment
  • self-assessment
  • system hardening

Scout2 project page

64

Alternative: seccheck

Seccheck is a security scanner for Linux systems. It is originally written for SuSE Linux by Marc Heuse.

Project details

seccheck is written in shell script.

Strengths

  • + The source code of this software is available

Weaknesses

  • - Project looks outdated (old code or documentation)

Typical usage

  • security assessment
  • system hardening

seccheck project page

59

Alternative: Tiger

Tiger a security audit and intrusion detection tool for flavors of Unix

Project details

Tiger is written in shell script.

Strengths

  • + Used language is shell script
  • + The source code of this software is available

Weaknesses

  • - No updates for a while

Typical usage

  • intrusion detection
  • IT audit
  • system hardening
  • vulnerability scanning

Tiger project page

74

Alternative: YASAT

YASAT describes itself as another simple stupid audit tool to test Linux systems. It has many tests for checking the security configuration of the system.

The YASAT tool performs a system scan to detect configuration issues and possible improvements for hardening the system.

Project details

YASAT is written in shell script.

Strengths

  • + Used language is shell script

Weaknesses

  • - No updates for a while

Typical usage

  • IT audit
  • security assessment

YASAT project page

64

Alternative: Zeus

Zeus is a security tool to provide security audits on AWS environments. It is written in shell script and can be used for security audits.

Project details

Zeus is written in shell script.

Strengths

  • + Used language is shell script
  • + The source code of this software is available

Typical usage

  • security assessment
  • self-assessment
  • system hardening

Zeus project page