OpenSnitch alternatives

Looking for a better tool, or simply want to learn about alternatives? There is typically more than one option.

Alternatives (by tag)

78

Alternative: Douane

Douane is an application firewall that interacts with the user to allow or deny new network connections.

Project details

Douane is written in C, C++, GTK+.

Strengths

  • + The source code of this software is available

Typical usage

  • network traffic filtering

Douane project page

56

Alternative: LPFW (LeoPard FloWer)

LPFW is the abbreviation for LeoPard FloWer and is an application firewall for Linux.

Project details

LPFW is written in C++, Python.

Strengths

  • + The source code of this software is available

Weaknesses

  • - Unknown project license

Typical usage

  • network traffic filtering

LPFW project page

59

Alternative: TuxGuardian

63

Alternative: ArpON

ArpON is a host-based tool to improve the security of the Address Resolution Protocol (ARP).

ArpOn protects a system by running as a daemon and guard against a Man in the Middle (MitM) attack due to ARP spoofing, cache poisoning, or an ARP poison routing attack.

The tool works by using three types of inspection to detect a related attack.

  • SARPI (Static ARP Inspection), statically configured networks (without DHCP)
  • DARPI (Dynamic ARP Inspection), dynamically configured networks (with DHCP)
  • HARPI (Hybrid ARP Inspection), statically and dynamically configured networks (with DHCP)

Project details

ArpON is written in C.

Strengths

  • + The source code of this software is available

ArpON project page

81

Alternative: DBShield

DBShield is a gateway between an application and actual database engine. Its goal is to protect against SQL injections and other database attacks.

Project details

DBShield is written in Golang.

Strengths

  • + The source code of this software is available

Typical usage

  • database security

DBShield project page

85

Alternative: django-axes

Django-axes is a reusable app for Django to limit the brute force login attempts for your web application.

Project details

django-axes is written in Python.

Strengths

  • + More than 50 contributors
  • + The source code of this software is available

Typical usage

  • application security

django-axes project page

84

Alternative: django-defender (Django Defender)

Django-defender is a reusable app for Django that blocks people from performing brute forcing login attempts.

Project details

django-defender is written in Python.

Strengths

  • + More than 10 contributors
  • + The source code of this software is available

Typical usage

  • application security

django-defender project page

63

Alternative: Portspoof

Portspoof is a small utility with the goal to make port scanning by other much harder by showing all TCP ports as 'open' and emulating actual services.

Portspoof is a small utility with the goal to make port scanning by other much harder. It achieves this by showing all configured TCP ports to be in the 'open' state instead of closed or filter. The related ports are also emulating valid services. This way a port scan on the system will reveal many open ports and look to have legitimate services running.

59

Alternative: 0trace.py

The 0trace.py utility is a rewrite of 0trace (by another author) to perform reconnaissance and bypass network firewalls.

This security tool enables the user to perform hop enumeration (similar to traceroute). Instead of sending actual packets, it uses an established TCP connection.

67

Alternative: 360-FAAR

Supported firewall configurations

  • Checkpoint FW1
  • Cisco ASA
  • Netscreen ScreenOS

85

Alternative: Assimilator

Assimilator is a firewall orchestration tool. It allows configuration and automation of firewall rules by proxy requests to different types of firewalls.

Project details

Assimilator is written in Python.

Strengths

  • + The source code of this software is available

Typical usage

  • network traffic filtering

Assimilator project page

67

Alternative: Knock

A port knocking implementation to make network ports to become stealth or trigger events based on a port knocking sequence.

Knock implements the principle of port knocking. It does so by using libpcap to sniff network traffic on interfaces and then use that to see if it matches a predefined sequence of steps.

Project details

Knock is written in C.

Strengths

  • + Project is mature (10+ years)

Weaknesses

  • - No updates for a while

Knock project page

81

Alternative: nftables

nftables is a subsystem of the Linux kernel to filter and classify network traffic and supposed to replace netfilter.

nftables is supposed to replace netfilter as the primary interface of network filtering. It is available since Linux kernel 3.13. Both netfilter and nftables have been co-authored by Patrick McHardy.

Project details

nftables is written in C.

Strengths

  • + The source code of this software is available

Typical usage

  • network traffic filtering

nftables project page