ntopng alternatives

Looking for an alternative tool to replace ntopng? During the review of ntopng we looked at other open source tools. Based on their category, tags, and text, these are the ones that have the best match.

Top 3

  1. Xplico (network traffic analyzer)
  2. Scapy (network packet generator and analyzer)
  3. graudit (static code analysis tool)

These tools are ranked as the best alternatives to ntopng.

Alternatives (by score)

70

Xplico

Introduction

With Xplico analysis can be performed on captured internet traffic. The data stored in a pcap file can then be displayed and the related protocol data can be extracted from the capture file. This may include emails, HTTP sessions, VoIP calls, or anything that can be recognized and stored.

Project details

93

Scapy

Introduction

Scapy can handle tasks like network scanning, tracerouting, probing, unit tests, attacks or network discovery. Due to its manipulation possibilities, Scapy can send invalid frames. It allows you also to inject custom 802.11 frames, or combine other attacking techniques.

Project details

Scapy is written in Python.

Strengths and weaknesses

  • + More than 2000 GitHub stars
  • + The source code of this software is available
  • - Many provided pull requests are still open

Typical usage

  • Network analysis
  • Security assessment

Scapy review

93

graudit

Introduction

Analysis of source code helps to find programming flaws including those that can lead to software vulnerabilities. Graudit helps to uncover these by searching through the files and discover possible flaws. The tool supports languages like ASP, C, Perl, PHP, Python, and others.

Project details

graudit is written in shell script.

Strengths and weaknesses

  • + The source code is easy to read and understand
  • + Tool is easy to use
  • + Used language is shell script
  • + The source code of this software is available

    Typical usage

    • Code analysis

    graudit review

    78

    PyREBox

    Introduction

    PyREBox is short for Python scriptable Reverse Engineering Sandbox. It provides dynamic analysis and debugging capabilities of a running QEMU virtual machine. The primary usage is the analysis of running processes to perform reverse engineering. PyREBox can change parts of the running system by changing data in memory or within processor registers.

    Project details

    PyREBox is written in C++, Python.

    Strengths and weaknesses

    • + The source code of this software is available

      Typical usage

      • Binary analysis
      • Malware analysis
      • Reverse engineering

      PyREBox review

      60

      addrwatch

      Introduction

      Similar to arpwatch, this tool addrwatch will monitor the pairing between ethernet and IP addresses.

      Main features:

      • IPv4 and IPv6 address monitoring
      • Monitoring multiple network interfaces with one daemon
      • Monitoring of VLAN tagged (802.1Q) packets
      • Output to stdout, plain text files, syslog, sqlite3, MySQL
      • IP address usage history preserving output and logging

      Project details

      84

      arping

      Introduction

      arping is similar to the 'ping' utility for testing a network and the discovery of systems. Where the 'ping' command typically uses the Internet Control Message Protocol (ICMP), arping uses the Address Resolution Protocol (ARP).

      Project details

      63

      ArpON

      Introduction

      ArpOn protects a system by running as a daemon and guard against a Man in the Middle (MitM) attack due to ARP spoofing, cache poisoning, or an ARP poison routing attack.

      The tool works by using three types of inspection to detect a related attack.

      • SARPI (Static ARP Inspection), statically configured networks (without DHCP)
      • DARPI (Dynamic ARP Inspection), dynamically configured networks (with DHCP)
      • HARPI (Hybrid ARP Inspection), statically and dynamically configured networks (with DHCP)

      Project details

      ArpON is written in C.

      Strengths and weaknesses

      • + The source code of this software is available

        ArpON review

        52

        arp-scan

        Introduction

        The arp-scan utility can be used to detect hosts on the network. As it uses ARP, it only applies to IPv4, as IPv6 uses the neighbour discovery protocol (NDP).

        Project details

        72

        THC IPv6 Attack Toolkit (thc-ipv6)

        Introduction

        Tools:
        - parasite6: ICMPv6 neighbor solitication/advertisement spoofer, puts you as man-in-the-middle, same as ARP MitM (and parasite)
        - alive6: an effective alive scanng, which will detect all systems listening to this address
        - dnsdict6: parallel DNS IPv6 dictionary brute-forcer
        - fake_router6: announce yourself as a router on the network, with the highest priority
        - redir6: redirect traffic to you intelligently (man-in-the-middle) with a clever ICMPv6 redirect spoofer
        - toobig6: mtu decreaser with the same intelligence as redir6
        - detect-new-ip6: detect new IPv6 devices which join the network, you can run a script to automatically scan these systems etc.
        - dos-new-ip6: detect new IPv6 devices and tell them that their chosen IP collides on the network (DOS).
        - trace6: very fast traceroute6 with supports ICMP6 echo request and TCP-SYN
        - flood_router6: flood a target with random router advertisements
        - flood_advertise6: flood a target with random neighbor advertisements
        - fuzz_ip6: fuzzer for IPv6
        - implementation6: performs various implementation checks on IPv6
        - implementation6d: listen daemon for implementation6 to check behind a firewall
        - fake_mld6: announce yourself in a multicast group of your choice on the net
        - fake_mld26: same but for MLDv2
        - fake_mldrouter6: fake MLD router messages
        - fake_mipv6: steal a mobile IP to yours if IPSEC is not needed for authentication
        - fake_advertiser6: announce yourself on the network
        - smurf6: local smurfer
        - rsmurf6: remote smurfer, known to work only against Linux targets at the moment
        - exploit6: known IPv6 vulnerabilities to test against a target
        - denial6: a collection of denial-of-service tests against a target
        - thcping6: sends a handcrafted ping6 packet
        - sendpees6: a tool by willdamn@gmail.com, which generates a neighbor solicitation requests with a lot of CGAs (crypto) to keep the CPU busy.

        Project details

        THC IPv6 Attack Toolkit is written in C.

        Strengths and weaknesses

        • + Project is mature (10+ years)
        • + The source code of this software is available

          Typical usage

          • Network analysis
          • Penetration testing
          • Security assessment

          THC IPv6 Attack Toolkit review

          70

          Yersinia

          Introduction

          The Yersinia tool takes advantage of known weaknesses in several network protocols. It helps with trying to abuse the weaknesses to ensure that network protections are implemented where possible.

          Related protocols:

          • Spanning Tree Protocol (STP)
          • Cisco Discovery Protocol (CDP)
          • Dynamic Trunking Protocol (DTP)
          • Dynamic Host Configuration Protocol (DHCP)
          • Hot Standby Router Protocol (HSRP)
          • 802.1q
          • 802.1x
          • Inter-Switch Link Protocol (ISL)
          • VLAN Trunking Protocol (VTP)

          Project details

          100

          IVRE

          Introduction

          IVRE is a framework to perform reconnaissance for network traffic. It leverages other tools to pull in the data and show it in the web interface.

          Project details

          IVRE is written in Python.

          Strengths and weaknesses

          • + More than 10 contributors
          • + More than 1000 GitHub stars
          • + The source code of this software is available

            Typical usage

            • Digital forensics
            • Information gathering
            • Intrusion detection
            • Network analysis

            IVRE review

            67

            Wireshark

            Introduction

            Wireshark is a mature project with many users all over the world. Its library is stable and can be used by both graphical as text-based interfaces. With many books and even conferences around the subject, this tool is a safe bet to have in your toolbox.

            Project details

            Wireshark is written in C.

            Strengths and weaknesses

            • + The source code of this software is available
            • + Well-known tool

              Typical usage

              • Network analysis
              • Network traffic analysis
              • Security assessment
              • Troubleshooting

              Wireshark review

              85

              Maltrail

              Introduction

              Maltrail monitors for traffic on the network that might indicate system compromise or other bad behavior. It is great for intrusion detection and monitoring.

              Project details

              Maltrail is written in Python.

              Strengths and weaknesses

              • + More than 10 contributors
              • + More than 2000 GitHub stars
              • + The source code of this software is available

                Typical usage

                • Intrusion detection
                • Network analysis
                • Security monitoring

                Maltrail review

                78

                mitmproxy (mitmproxy)

                Introduction

                The mitmproxy tool allows to intercept, inspect, modify, and replay traffic flows. It may be used for pentesting, troubleshooting, or learning about SSL/TLS.

                Project details

                mitmproxy is written in Python.

                Strengths and weaknesses

                • + More than 200 contributors
                • + More than 10000 GitHub stars
                • + The source code of this software is available

                  Typical usage

                  • Network analysis
                  • Penetration testing
                  • Security assessment

                  mitmproxy review

                  Some relevant tool missing as an alternative to ntopng? Please contact us with your suggestion.