MongoSanitizer alternatives

ArpOn protects a system by running as a daemon and guard against a Man in the Middle (MitM) attack due to ARP spoofing, cache poisoning, or an ARP poison routing attack.

The tool works by using three types of inspection to detect a related attack.

• SARPI (Static ARP Inspection), statically configured networks (without DHCP)
• DARPI (Dynamic ARP Inspection), dynamically configured networks (with DHCP)
• HARPI (Hybrid ARP Inspection), statically and dynamically configured networks (with DHCP)

The sqlmap is a well-known tool with an amazing number of GitHub stars (10,000+). It is used by many security professionals around the world to test the security of both web applications and the database that stores the data.

For the privacy-aware users, tools like hBlock can be helpful to block malicious domains, malware, advertisements, and trackers. Trackers could be pixels added to websites to track which pages you visited, which might invade your privacy.

Acra is a database encryption proxy that provides encryption and data leakage prevention to applications. It provides selective encryption, access control, database and data leak prevention, and even intrusion detection capabilities. It is focused on developers and supports most popular programming languages such as Go, PHP, Python, Ruby.

NoSQLMap is designed to audit database, as well to automate injection attacks. It can exploit configuration weaknesses in NoSQL databases and web applications using NoSQL.

The tool has a plugin-based architecture for enumeration purposes of Oracle installations.

• Sid enumeration
• Passwords tests (common & dictionary)
• Enumerate Oracle version
• Enumerate account roles
• Enumerate account privileges
• Enumerate account hashes
• Enumerate audit information
• Enumerate password policies
• Enumerate database links

Evilredis tool is an offensive security program for pentesting Redis databases. It can scan the target and perform different actions, like shutting down a Redis instance.

This tool is typically used by developers and system administrators to protect their database against common database attacks. One of them is the SQL injection attack, that tries to bypass checks, resulting in data leakage. By using this tool, another level of security defense is implemented.

OpenSnitch is a tool based on Little Snitch, a macOS application level firewall. All outgoing connections are monitored and the user is alerted when a new outgoing connection occurs. This allows the user to detect and block any unwanted connections.

Portspoof is a small utility with the goal to make port scanning by other much harder. It achieves this by showing all configured TCP ports to be in the 'open' state instead of closed or filter. The related ports are also emulating valid services. This way a port scan on the system will reveal many open ports and look to have legitimate services running.

This tool may be used by developers that work with the Django framework. It adds a security layer on top of the application by looking at login attempts and track them.

Databases typically store sensitive data or data that is important for the company. This data needs to be protected in different ways, like who has access, what level, and how it is stored. Mongoaudit helps to audit several technical aspects of running a MongoDB instance and get it properly secured.

0d1n is useful to perform brute-force login attempts for authentication forms. It can discover useful directory names by using a predefined list of paths. With options to use a random proxy per request and load CSRF tokens, it is a tool that can be used in different type of assignments.

Albatar has the focus on the situations where tools like sqlmap need to be adjusted to make an exploit work. It is written in Python and unlike sqlmap, it does not detect SQL injection vulnerabilities.

Leviathan is a security tool to provide a wide range of services including service discovery, brute force, SQL injection detection, and exploit capabilities. The primary reason to use this tool is to do massive scans on many systems at once. For example to include a huge network range, country-wide scan, or even full internet scan.

The pybelt toolkit may be useful during a pentest to simplify the process of scanning. It includes options like port scanning, dork checking, cracking and verification of hashes, and scanning for SQL injections.

Tulpar is a vulnerability scanner that can be used to test new or existing web applications. In the former case, it could be helpful to test a new project before it is deployed into production. This could be done by the developer or a security professional. If some web application is already in production, then it might be a good tool to perform regular testing on known vulnerabilities. In this case, it is typically a pentester or security specialist that does the testing.

With WPSeku a WordPress installation can be tested for the presence of security issues. Some examples are cross-site scripting (XSS), sql injection, and local file inclusion. The tool also tests for the presence of default configuration files. These files may reveal version numbers, used themes and plugins.

Yasuo is a Ruby script that scans for vulnerable and exploitable third-party web applications. There are many remotely exploitable vulnerabilities for web applications and their front-end components. Yasuo helps to make it easier to scan for the weaknesses like remote code execution (RCE), SQL injections, and file inclusions.