OpenSnitch alternatives

Looking for an alternative tool to replace OpenSnitch? During the review of OpenSnitch we looked at other open source tools. Based on their category, tags, and text, these are the ones that have the best match.

Top 3

  1. Douane (application firewall)
  2. LPFW (application firewall)
  3. ArpON (MitM defense tool)

These tools are ranked as the best alternatives to OpenSnitch.

Alternatives (by score)

81

Douane

Introduction

Douane is an application firewall that blocks unknown or unwanted traffic. It provides a more fine-grained filtering as it looks at the combination of application and used network ports. This is useful when allowing common browse traffic on port 80 and 443. Instead of all applications being able to use this port, only the ones that are granted access will be able to do so. When a new connection is not trusted yet, Douane will ask to allow or deny the traffic stream.

Project details

Douane is written in C, C++, GTK+.

Strengths and weaknesses

  • + The source code of this software is available

    Typical usage

    • Network traffic filtering

    Douane review

    56

    LPFW (LeoPard FloWer)

    Introduction

    LPFW is the abbreviation for LeoPard FloWer and is an application firewall for Linux.

    Project details

    LPFW is written in C++, Python.

    Strengths and weaknesses

    • + The source code of this software is available
    • - Unknown project license

    Typical usage

    • Network traffic filtering

    LPFW review

    63

    ArpON

    Introduction

    ArpOn protects a system by running as a daemon and guard against a Man in the Middle (MitM) attack due to ARP spoofing, cache poisoning, or an ARP poison routing attack.

    The tool works by using three types of inspection to detect a related attack.

    • SARPI (Static ARP Inspection), statically configured networks (without DHCP)
    • DARPI (Dynamic ARP Inspection), dynamically configured networks (with DHCP)
    • HARPI (Hybrid ARP Inspection), statically and dynamically configured networks (with DHCP)

    Project details

    ArpON is written in C.

    Strengths and weaknesses

    • + The source code of this software is available

      ArpON review

      74

      DBShield

      Introduction

      This tool is typically used by developers and system administrators to protect their database against common database attacks. One of them is the SQL injection attack, that tries to bypass checks, resulting in data leakage. By using this tool, another level of security defense is implemented.

      Project details

      DBShield is written in Golang.

      Strengths and weaknesses

      • + The source code of this software is available

        Typical usage

        • Database security

        DBShield review

        85

        django-axes

        Introduction

        This tool may be used by developers that work with the Django framework. It adds a security layer on top of the application by looking at login attempts and track them.

        Project details

        django-axes is written in Python.

        Strengths and weaknesses

        • + More than 50 contributors
        • + The source code of this software is available

          Typical usage

          • Application security

          django-axes review

          76

          django-defender (Django Defender)

          Introduction

          Django-defender is a reusable app for Django that blocks people from performing brute forcing login attempts.

          Project details

          django-defender is written in Python.

          Strengths and weaknesses

          • + More than 10 contributors
          • + The source code of this software is available

            Typical usage

            • Application security

            django-defender review

            60

            MongoSanitizer (python-mongo-sanitizer)

            Introduction

            Typically this type of tool would be used as an additional defense layer to prevent injection attacks from reaching the database.

            Project details

            MongoSanitizer is written in Python.

            Strengths and weaknesses

            • + The source code of this software is available

              Typical usage

              • Application security
              • Database security

              MongoSanitizer review

              63

              Portspoof

              Introduction

              Portspoof is a small utility with the goal to make port scanning by other much harder. It achieves this by showing all configured TCP ports to be in the 'open' state instead of closed or filter. The related ports are also emulating valid services. This way a port scan on the system will reveal many open ports and look to have legitimate services running.

              Project details

              56

              0trace.py

              Introduction

              This security tool enables the user to perform hop enumeration (similar to traceroute). Instead of sending actual packets, it uses an established TCP connection.

              Project details

              0trace.py is written in Python.

              Strengths and weaknesses

              • + Project is mature (10+ years)
              • - Unknown project license

              Typical usage

              • Bypassing firewall rules
              • Bypassing security measures
              • Reconnaissance

              0trace.py review

              63

              360-FAAR

              Introduction

              360-FAAR is a tool written in Perl to parse policies and logs from firewalls. It can compare firewall policies and translate between a policy and log data. Supported firewalls include Checkpoint FW1, Cisco ASA, and Netscreen ScreenOS.

              Project details

              360-FAAR is written in Perl.

              Strengths and weaknesses

              • + Project is mature (5+ years)
              • + The source code of this software is available

                Typical usage

                • Firewall auditing
                • Log analysis
                • Security assessment
                • Security reviews

                360-FAAR review

                60

                Assimilator

                Introduction

                A tool like Assimilator can be of great help to 'normalize' all firewall rules into one place. Especially when a company uses different firewalls, each with their own syntax and specifics. Assimilator will then simplify the way firewall rules are created and managed.

                Project details

                Assimilator is written in Python.

                Strengths and weaknesses

                • + The source code of this software is available

                  Typical usage

                  • Network traffic filtering

                  Assimilator review

                  60

                  Chiron

                  Introduction

                  Chiron is a security assessment framework for IPv6. It provides several modules including an IPv6 scanner, IPv6 Local Link, IPv4-to-IPv6 proxy, IPv6 attack module, and IPv6 proxy. These modules help to perform an assessment, like a penetration test.

                  The tool uses IPv6 extension headers to create a headers chain. This may allow evading security devices like IDS, IPS, and firewalls. Due to the flexibility of the framework, the tool can also be used to perform fuzzing of the IPv6 stack of a device.

                  Project details

                  Chiron is written in Python.

                  Strengths and weaknesses

                  • + The source code of this software is available
                  • - No releases on GitHub available

                  Typical usage

                  • Network analysis
                  • Network scanning
                  • Network security monitoring

                  Chiron review

                  64

                  DFWFW (Docker Firewall Framework)

                  Introduction

                  DFWFW, short of Docker Firewall Framework, offers easy administration of the iptables rules of Docker containers. It updates using event streams.

                  Project details

                  DFWFW is written in Perl.

                  Strengths and weaknesses

                  • + The source code of this software is available
                  • - Full name of author is unknown

                  Typical usage

                  • Firewall management

                  DFWFW review

                  56

                  FireAway

                  Introduction

                  FireAway is a security tool to test the security of a firewall by trying to bypass its rules. It will use different methods to hide data or avoid detection by the firewall itself. This tool can be used for both defensive as offensive security.

                  Project details

                  FireAway is written in Python.

                  Strengths and weaknesses

                  • + The source code of this software is available
                  • - No releases on GitHub available
                  • - Unknown project license

                  Typical usage

                  • Bypassing firewall rules
                  • Firewall auditing
                  • Network traffic filtering
                  • Penetration testing

                  FireAway review

                  74

                  FireHOL

                  Introduction

                  FireHOL is promoted as an iptables stateful packet filtering firewall for humans. It also comes with FireQOS, which a bandwidth shaper based on tc.

                  Project details

                  FireHOL is written in shell script.

                  Strengths and weaknesses

                  • + More than 500 GitHub stars
                  • + The source code of this software is available

                    Typical usage

                    • Firewall management
                    • Network traffic filtering

                    FireHOL review

                    67

                    iptables

                    Introduction

                    The iptables tool is the userspace command line program part of the netfilter project. Since Linux 2.4 it is the standard packet filtering engine. Among standard traffic filtering, it can be used for Network Address Translation (NAT).

                    Project details

                    iptables is written in C.

                    Strengths and weaknesses

                    • + The source code of this software is available
                    • + Well-known tool

                      Typical usage

                      • Network traffic filtering

                      iptables review

                      67

                      Knock

                      Introduction

                      Knock implements the principle of port knocking. It does so by using libpcap to sniff network traffic on interfaces and then use that to see if it matches a predefined sequence of steps.

                      Project details

                      Knock is written in C.

                      Strengths and weaknesses

                      • + Project is mature (10+ years)
                      • - No updates for a while

                      Knock review

                      67

                      nftables

                      Introduction

                      nftables is supposed to replace netfilter as the primary interface of network filtering. It is available since Linux kernel 3.13. Both netfilter and nftables have been co-authored by Patrick McHardy.

                      Project details

                      nftables is written in C.

                      Strengths and weaknesses

                      • + The source code of this software is available

                        Typical usage

                        • Network traffic filtering

                        nftables review

                        60

                        opensvp

                        Introduction

                        Tools like opensvp can be used to test the strength of a configuration from the outside. It makes it a good tool for penetration testing and security assessments. While people may feel safe to have a firewall in place, it might be unknowingly vulnerable to several attacks on protocol level. This tool helps with finding these weaknesses.

                        Project details

                        opensvp is written in Python.

                        Strengths and weaknesses

                        • + The source code of this software is available

                          Typical usage

                          • Application testing
                          • Defense testing
                          • Penetration testing
                          • Security assessment

                          opensvp review

                          Some relevant tool missing as an alternative to OpenSnitch? Please contact us with your suggestion.