Maltrail alternatives

Looking for a better tool, or simply want to learn about alternatives? There is typically more than one option.

Alternatives (by tag)

96

Alternative: Bro

Bro is a network security monitoring tool (NSM) and helps with monitoring. It can also play an active rol in performing forensics and incident response.

Project details

Bro is written in C++.

Strengths

  • + More than 25 contributors
  • + More than 1000 GitHub stars
  • + The source code of this software is available

Typical usage

  • security monitoring

Bro project page

93

Alternative: Loki

Loki is security tool to find so-called indicators of compromise (IOC). It does this by scanning files and then uses pattern matching.

Project details

Loki is written in Python.

Strengths

  • + Commercial support available
  • + More than 10 contributors
  • + More than 500 GitHub stars
  • + The source code of this software is available

Typical usage

  • digital forensics
  • intrusion detection
  • security monitoring

Loki project page

81

Alternative: OSSEC

OSSEC is an open source host-based intrusion detection system (HIDS). It performs log analysis, integrity checking, rootkit detection, and more.

OSSEC uses a centralized, cross-platform architecture allowing multiple systems to be monitored and managed.

Highlights:
The OSSEC project was acquired by Third Brigade, Inc in June 2008. This included the copyrights owned by Daniel Cid, its project leader. They promised to continue the development, keep it open source, and extend commercial support and training to the community.

Trend Micro acquired Third Brigade in May 2009. This included the OSSEC project. Trend Micro promised to keep the software open source and free.

Project details

Strengths

  • + Commercial support available
  • + Well-known tool

Weaknesses

  • - Commercial support available

OSSEC project page

56

Alternative: Samhain

Host-based intrusion detection system (HIDS) providing file integrity checking and log file monitoring

Samhain is a host-based intrusion detection system (HIDS). It provides file integrity checking and log file monitoring/analysis. Additional features are rootkit detection, port monitoring, detection of rogue SUID executables, and the detection of hidden processes.

Samhain is typically deployed as a standalone application, although it supports centralized logging. This makes it ideal for environments with multiple systems.

Samhain is open source software and written by Rainer Wichmann.

Project details

Strengths

  • + The source code of this software is available

Samhain project page

74

Alternative: Snort

Snort is a network intrusion detection system (NIDS) that runs on Linux and other platforms.

Besides intrusion detection, Snort has the capabilities to prevent attacks by taking actions.

Project details

Snort is written in C.

Strengths

  • + Supported by a large company

Typical usage

  • security monitoring

Snort project page

96

Alternative: LMD

Linux Malware Detect (LMD) is a malware scanner for systems running Linux. The open source software project is released with the GPLv2 license.

LMD uses MD5 file hashes and HEX pattern matches to define the malware signatures. These are used to detect malware.

Project details

LMD is written in shell script.

Strengths

  • + The source code of this software is available

Typical usage

  • malware scan

LMD project page

74

Alternative: Malscan

Malscan is a tool that sells itself as the robust ClamAV-based malware scanner for web servers. It can use signatures from multiple sources to perform scanning.

Malscan has multiple sources for its malware signatures:

  • RFX Networks Signatures
  • Metasploit Signatures
  • Malscan Signatures
  • ClamAV Main Signatures

Detection methods include HEX or MD5 matches, string length (e.g. base64), and MimeType mismatches.

Project details

Malscan is written in shell script.

Strengths

  • + Used language is shell script
  • + The source code of this software is available

Typical usage

  • malware scan

Malscan project page

68

Alternative: PHP Malware Finder

PHP Malware Finder is a tool to find malicious PHP scripts. This threat is common for most web hosters and websites of their customers.

Project details

PHP Malware Finder is written in shell script.

Strengths

  • + More than 500 GitHub stars
  • + The source code of this software is available

Typical usage

  • malware scan

PHP Malware Finder project page

81

Alternative: Rootkit Hunter (rkhunter)

Security tool to search for traces of rootkits, backdoors, and other malicious components on systems running Linux and other flavors of Unix

Rootkit Hunter is a small utility to find suspicious rootkit components. Other known backdoors or malicious software can also be discovered, especially if it has the goal to hide.

The tool uses different ways to hunt, like using predefined directory locations and comparing the output of system utilities. Another method is by requesting a specific output and see if this output is altered, therefore tricking rootkits to reveal themselves.

Project details

Rootkit Hunter is written in shell script.

Strengths

  • + Used language is shell script
  • + Project is mature (10+ years)
  • + The source code of this software is available

Typical usage

  • malware scan

Rootkit Hunter project page

96

Alternative: YARA

YARA is a security tool to help malware researchers to identify and classify malware samples. For example by defining malware families based on patterns.

Project details

YARA is written in C.

Strengths

  • + More than 50 contributors
  • + More than 1000 GitHub stars

Typical usage

  • malware analysis
  • malware scan

YARA project page

85

Alternative: yarGen

The yarGen utility helps with creating YARA rules for malware detection. It can combine both 'goodware' and 'malware', to properly craft the right rules.

89

Alternative: mitmproxy (mitmproxy)

The mitmproxy tool allows to intercept, inspect, modify, and replay traffic flows. It may be used for pentesting, troubleshooting, or learning about SSL/TLS.

Project details

mitmproxy is written in Python.

Strengths

  • + More than 50 contributors
  • + More than 7000 GitHub stars
  • + The source code of this software is available

Typical usage

  • network analysis
  • penetration test
  • security assessment

mitmproxy project page

93

Alternative: ntopng

ntopng is the successor of the original ntop utility. It shows network usage by capturing traffic and provide insights on the usage.

The ntopng replaced the older ntop utility. It now focuses on high-speed traffic analysis and flow collection. Typically this is useful for analysis of network traffic and troubleshooting of overused network links.

Project details

ntopng is written in C++.

Strengths

  • + The source code of this software is available

Typical usage

  • network analysis
  • troubleshooting

ntopng project page