Maltrail alternatives

Looking for an alternative tool to replace Maltrail? During the review of Maltrail we looked at other open source tools. Based on their category, tags, and text, these are the ones that have the best match.

Top 3

  1. Malscan (malware scanner for web servers)
  2. MultiScanner (file scanning and analysis framework)
  3. ClamAV (malware scanner)

These tools are ranked as the best alternatives to Maltrail.

Alternatives (by score)

74

Malscan

Introduction

Malscan is a tool to scan for malicious software (malware) such as viruses, worms, and backdoors. Its goal is to extend ClamAV with more scanning modes and signatures. It targets web servers running Linux, but can also be used on mail servers and desktops.

Project details

Malscan is written in shell script.

Strengths and weaknesses

  • + Used language is shell script
  • + The source code of this software is available

    Typical usage

    • Malware protection
    • Malware scanning

    Malscan review

    60

    MultiScanner

    Introduction

    MultiScanner helps malware analysts by providing a toolkit to perform both automated and manual analysis. The data extracted from the analysis can be easily stored together, including the relevant metadata and samples. It allows enriching the data further by retrieving information from external resources.

    Project details

    Strengths and weaknesses

    • + More than 10 contributors
    • + The source code of this software is available

      Typical usage

      • Malware analysis
      • Malware detection
      • Malware scanning

      MultiScanner review

      100

      ClamAV

      Introduction

      ClamAV is a popular tool to detect malicious software or malware. While it calls itself an antivirus engine, it probably won't encounter many viruses, as they have become rare. It is more likely to find other forms of malware like worms, backdoors, and ransomware. ClamAV can be used in a few ways, from doing an occasional scan up to scanning in batch. ClamAV does not do on-access scanning but can be combined with other tools to obtain similar functionality. ClamAV is often used to support scanning incoming emails for malicious content.

      Project details

      ClamAV is written in C.

      Strengths and weaknesses

      • + Many maintainers
      • + The source code of this software is available

        Typical usage

        • Malware analysis
        • Malware detection
        • Malware scanning

        ClamAV review

        70

        Loki

        Introduction

        Loki is security tool to find so-called indicators of compromise (IOC). It does this by scanning files and then uses pattern matching.

        Project details

        Loki is written in Python.

        Strengths and weaknesses

        • + More than 10 contributors
        • + Commercial support available
        • + More than 500 GitHub stars
        • + The source code of this software is available

          Typical usage

          • Digital forensics
          • Intrusion detection
          • Security monitoring

          Loki review

          74

          LMD

          Introduction

          LMD uses MD5 file hashes and HEX pattern matches to define the malware signatures. These are used to detect malware.

          Project details

          LMD is written in shell script.

          Strengths and weaknesses

          • + The source code of this software is available

            Typical usage

            • Malware scanning

            LMD review

            60

            Malice

            Introduction

            Malice is a malware analysis that wants to provide a free and open source version of VirusTotal. The goal of Malice is to make it usable by both independent researchers up to fortune 500 companies.

            Malice is useful for those that do malware analysis or deal with user-generated files that may contain malware. The framework allows scanning files and directories to see if they are infected.

            Project details

            Malice is written in Golang.

            Strengths and weaknesses

            • + More than 500 GitHub stars
            • + The source code of this software is available

              Typical usage

              • Malware analysis
              • Malware detection
              • Malware research
              • Malware scanning

              Malice review

              59

              Rootkit Hunter (rkhunter)

              Introduction

              Rootkit Hunter is a small utility to find suspicious rootkit components. Other known backdoors or malicious software can also be discovered, especially if it has the goal to hide.

              The tool uses different ways to hunt, like using predefined directory locations and comparing the output of system utilities. Another method is by requesting a specific output and see if this output is altered, therefore tricking rootkits to reveal themselves.

              Project details

              Rootkit Hunter is written in shell script.

              Strengths and weaknesses

              • + Used language is shell script
              • + Project is mature (10+ years)
              • + The source code of this software is available

                Typical usage

                • Malware detection
                • Malware scanning

                Rootkit Hunter review

                97

                YARA

                Introduction

                YARA is a tool to identify and classify malware samples. It uses textual or binary patterns to match data, combined with a boolean expression to define a match. YARA is multi-platform, can be used via a command-line interface or via Python scripts using the yara-python extension.

                Project details

                YARA is written in C.

                Strengths and weaknesses

                • + More than 50 contributors
                • + More than 2000 GitHub stars
                • + The source code of this software is available

                  Typical usage

                  • Malware analysis
                  • Malware detection
                  • Malware scanning

                  YARA review

                  78

                  SSMA

                  Introduction

                  SSMA is short for Simple Static Malware Analyzer. The tool can perform a set of tests against a malware sample and retrieve metadata from it. SSMA can analyze ELF and PE and analyze its structure. For example, it can retrieve the PE file header information and its sections. Other pieces it can analyze is the usage of packers, anti-debugging techniques, cryptographic algorithms, domains, email addresses, and IP addresses. It can also check if the sample is already detected or blocked by using VirusTotal and the blocklist of malwaredomains.com.

                  Project details

                  SSMA is written in Python.

                  Strengths and weaknesses

                  • + The source code of this software is available
                  • - No releases on GitHub available

                  Typical usage

                  • Malware analysis
                  • Malware detection
                  • Malware scanning
                  • Reverse engineering

                  SSMA review

                  67

                  Snort

                  Introduction

                  Besides intrusion detection, Snort has the capabilities to prevent attacks. By taking a particular action based on traffic patterns, it can become an intrusion prevention system (IPS).

                  Project details

                  Snort is written in C.

                  Strengths and weaknesses

                  • + Supported by a large company
                  • + Well-known tool

                    Typical usage

                    • Security monitoring

                    Snort review

                    100

                    Zeek (Bro)

                    Introduction

                    Zeek helps to perform security monitoring by looking into the network's activity. It can find suspicious data streams. Based on the data, it alert, react, and integrate with other tools.

                    Project details

                    Zeek is written in C++.

                    Strengths and weaknesses

                    • + More than 50 contributors
                    • + More than 2000 GitHub stars
                    • + The source code of this software is available
                    • + Well-known tool

                      Typical usage

                      • Security monitoring

                      Zeek review

                      60

                      Dagda

                      Introduction

                      The main reasons to use Dagda is the detection of vulnerable or malicious components within your containerized environment.

                      Project details

                      Dagda is written in Python.

                      Strengths and weaknesses

                      • + The source code of this software is available

                        Typical usage

                        • Malware detection
                        • Malware scanning
                        • Vulnerability management
                        • Vulnerability scanning

                        Dagda review

                        59

                        chkrootkit

                        Introduction

                        The chkrootkit tool consists of multiple parts that may detect the presence of rootkit parts of rootkit behavior on a system.

                        Some areas that are checked include:

                        • interface in promiscuous mode
                        • lastlog deletions
                        • wtmp deletions
                        • wtmpx deletions
                        • signs of LKM trojans
                        • utmp deletions

                        Project details

                        chkrootkit is written in C, shell script.

                        Strengths and weaknesses

                        • + Used language is shell script
                        • + Project is mature (10+ years)
                        • - Long time between releases

                        Typical usage

                        • Malware detection
                        • Malware scanning

                        chkrootkit review

                        60

                        DejaVu

                        Introduction

                        DejaVu is an open source deception framework which can be used to deploy and administer decoys or canaries across a network infrastructure. Defenders can use deception as a technique to learn quickly about possible attackers on the network and take actions.

                        Project details

                        Strengths and weaknesses

                        • + The source code of this software is available
                        • - No releases on GitHub available

                        Typical usage

                        • Security monitoring
                        • Threat discovery

                        DejaVu review

                        60

                        Scirius

                        Introduction

                        Scirius is a web application to do Suricata ruleset management. There is both a community version as paid version available.

                        Project details

                        Scirius is written in Python.

                        Strengths and weaknesses

                        • + The source code of this software is available

                          Typical usage

                          • Network security monitoring

                          Scirius review

                          100

                          Suricata

                          Introduction

                          Suricata is a somewhat younger NIDS, though has a rapid development cycle. It can work with Snort rulesets, yet also has optimized rulesets for usage with Suricata itself. For example, this set is known as Emerging Threats and fully optimized.

                          Project details

                          Suricata is written in C, Lua.

                          Strengths and weaknesses

                          • + More than 50 contributors
                          • + The source code of this software is available

                            Typical usage

                            • Information gathering
                            • Intrusion detection
                            • Network analysis
                            • Threat discovery

                            Suricata review

                            64

                            Sweet Security

                            Introduction

                            This tool helps with automating the installation of several components like Bro IDS, Elasticsearch, Logstash, Kibana (ELK stack), and Critical Stack. Saving time on installation and configuration is its primary purpose.

                            Project details

                            Sweet Security is written in Python.

                            Strengths and weaknesses

                            • + The source code of this software is available

                              Typical usage

                              • Network security monitoring
                              • Security monitoring

                              Sweet Security review

                              100

                              Acra

                              Introduction

                              Acra is a database encryption proxy that provides encryption and data leakage prevention to applications. It provides selective encryption, access control, database and data leak prevention, and even intrusion detection capabilities. It is focused on developers and supports most popular programming languages such as Go, PHP, Python, Ruby.

                              Project details

                              Acra is written in Golang, Node.js, Objective-C, PHP, Python, Ruby.

                              Strengths and weaknesses

                              • + Commercial support available
                              • + The source code of this software is available

                                Typical usage

                                • Data encryption
                                • Data leak prevention
                                • Data security
                                • Vulnerability mitigation

                                Acra review

                                100

                                GRR Rapid Response

                                Introduction

                                The goal of the GRR tooling is to support digital forensics and investigations. By using a fast and scalable model, analysts can quickly perform their analysis. One of the main features is the ability to search for particular information or details. This process is called hunting.

                                Project details

                                GRR Rapid Response is written in Python.

                                Strengths and weaknesses

                                • + More than 25 contributors
                                • + More than 3000 GitHub stars
                                • + The source code of this software is available
                                • + Supported by a large company

                                  Typical usage

                                  • Digital forensics
                                  • Intrusion detection
                                  • Threat hunting

                                  GRR Rapid Response review

                                  59

                                  OSSEC

                                  Introduction

                                  OSSEC uses a centralized, cross-platform architecture allowing multiple systems to be monitored and managed.

                                  Highlights:
                                  The OSSEC project was acquired by Third Brigade, Inc in June 2008. This included the copyrights owned by Daniel Cid, its project leader. They promised to continue the development, keep it open source, and extend commercial support and training to the community.

                                  Trend Micro acquired Third Brigade in May 2009. This included the OSSEC project. Trend Micro promised to keep the software open source and free.

                                  Project details

                                  Strengths and weaknesses

                                  • + Commercial support available
                                  • + Well-known tool
                                  • - Commercial support available

                                  OSSEC review

                                  52

                                  Samhain

                                  Introduction

                                  Samhain is a host-based intrusion detection system (HIDS). It provides file integrity checking and log file monitoring/analysis. Additional features are rootkit detection, port monitoring, detection of rogue SUID executables, and the detection of hidden processes.

                                  Samhain is typically deployed as a standalone application, although it supports centralized logging. This makes it ideal for environments with multiple systems.

                                  Samhain is open source software and written by Rainer Wichmann.

                                  Project details

                                  Strengths and weaknesses

                                  • + The source code of this software is available

                                    Samhain review

                                    60

                                    PHP Malware Finder

                                    Introduction

                                    PHP Malware Finder is a tool to find malicious PHP scripts. This threat is common for most web hosters and websites of their customers.

                                    Project details

                                    PHP Malware Finder is written in shell script.

                                    Strengths and weaknesses

                                    • + More than 500 GitHub stars
                                    • + The source code of this software is available

                                      Typical usage

                                      • Malware scanning

                                      PHP Malware Finder review

                                      60

                                      YaraGuardian

                                      Introduction

                                      YaraGuardian provides a web-based interface that helps to manage Yara rules. It can be used to search, organize, and bulk-edit rules. The tool also prevents creating duplicate entries, which is a nice additional benefit of this management utility.

                                      Project details

                                      YaraGuardian is written in Python.

                                      Strengths and weaknesses

                                      • + The source code of this software is available

                                        Typical usage

                                        • Malware analysis

                                        YaraGuardian review

                                        60

                                        bamfdetect

                                        Introduction

                                        With bamfdetect, malware and bots can be analyzed. It identifies and extracts information and returns data in JSON format.

                                        Project details

                                        bamfdetect is written in Python.

                                        Strengths and weaknesses

                                        • + The source code of this software is available

                                          Typical usage

                                          • Malware analysis
                                          • Malware scanning

                                          bamfdetect review

                                          60

                                          uitkyk

                                          Introduction

                                          Uitkyk is a security framework to identify Android malware by investigation memory. It detects suspicious processes by looking at the so-called memory heap.

                                          Project details

                                          uitkyk is written in JavaScript.

                                          Strengths and weaknesses

                                          • + The source code of this software is available

                                            uitkyk review

                                            Some relevant tool missing as an alternative to Maltrail? Please contact us with your suggestion.