opensvp alternatives

Looking for an alternative tool to replace opensvp? During the review of opensvp we looked at other open source tools. Based on their category, tags, and text, these are the ones that have the best match.

Top 3

  1. 0trace.py (reconnaissance and firewall bypass tool)
  2. FireAway (firewall audit and bypass tool)
  3. 360-FAAR (firewall analysis tool)

These tools are ranked as the best alternatives to opensvp.

Alternatives (by score)

56

0trace.py

Introduction

This security tool enables the user to perform hop enumeration (similar to traceroute). Instead of sending actual packets, it uses an established TCP connection.

Project details

0trace.py is written in Python.

Strengths and weaknesses

  • + Project is mature (10+ years)
  • - Unknown project license

Typical usage

  • Bypassing firewall rules
  • Bypassing security measures
  • Reconnaissance

0trace.py review

56

FireAway

Introduction

FireAway is a security tool to test the security of a firewall by trying to bypass its rules. It will use different methods to hide data or avoid detection by the firewall itself. This tool can be used for both defensive as offensive security.

Project details

FireAway is written in Python.

Strengths and weaknesses

  • + The source code of this software is available
  • - No releases on GitHub available
  • - Unknown project license

Typical usage

  • Bypassing firewall rules
  • Firewall auditing
  • Network traffic filtering
  • Penetration testing

FireAway review

63

360-FAAR

Introduction

360-FAAR is a tool written in Perl to parse policies and logs from firewalls. It can compare firewall policies and translate between a policy and log data. Supported firewalls include Checkpoint FW1, Cisco ASA, and Netscreen ScreenOS.

Project details

360-FAAR is written in Perl.

Strengths and weaknesses

  • + Project is mature (5+ years)
  • + The source code of this software is available

    Typical usage

    • Firewall auditing
    • Log analysis
    • Security assessment
    • Security reviews

    360-FAAR review

    64

    WAFPASS

    Introduction

    WAFPASS is a security tool to perform a security scan of a web application firewall (WAF). It tries to bypass the security defenses, to evaluate its effectiveness.

    Project details

    WAFPASS is written in Python.

    Strengths and weaknesses

    • + The source code of this software is available

      Typical usage

      • WAF bypassing
      • Application testing
      • Software testing

      WAFPASS review

      60

      Chiron

      Introduction

      Chiron is a security assessment framework for IPv6. It provides several modules including an IPv6 scanner, IPv6 Local Link, IPv4-to-IPv6 proxy, IPv6 attack module, and IPv6 proxy. These modules help to perform an assessment, like a penetration test.

      The tool uses IPv6 extension headers to create a headers chain. This may allow evading security devices like IDS, IPS, and firewalls. Due to the flexibility of the framework, the tool can also be used to perform fuzzing of the IPv6 stack of a device.

      Project details

      Chiron is written in Python.

      Strengths and weaknesses

      • + The source code of this software is available
      • - No releases on GitHub available

      Typical usage

      • Network analysis
      • Network scanning
      • Network security monitoring

      Chiron review

      74

      FireHOL

      Introduction

      FireHOL is promoted as an iptables stateful packet filtering firewall for humans. It also comes with FireQOS, which a bandwidth shaper based on tc.

      Project details

      FireHOL is written in shell script.

      Strengths and weaknesses

      • + More than 500 GitHub stars
      • + The source code of this software is available

        Typical usage

        • Firewall management
        • Network traffic filtering

        FireHOL review

        67

        iptables

        Introduction

        The iptables tool is the userspace command line program part of the netfilter project. Since Linux 2.4 it is the standard packet filtering engine. Among standard traffic filtering, it can be used for Network Address Translation (NAT).

        Project details

        iptables is written in C.

        Strengths and weaknesses

        • + The source code of this software is available
        • + Well-known tool

          Typical usage

          • Network traffic filtering

          iptables review

          60

          Assimilator

          Introduction

          A tool like Assimilator can be of great help to 'normalize' all firewall rules into one place. Especially when a company uses different firewalls, each with their own syntax and specifics. Assimilator will then simplify the way firewall rules are created and managed.

          Project details

          Assimilator is written in Python.

          Strengths and weaknesses

          • + The source code of this software is available

            Typical usage

            • Network traffic filtering

            Assimilator review

            64

            DFWFW (Docker Firewall Framework)

            Introduction

            DFWFW, short of Docker Firewall Framework, offers easy administration of the iptables rules of Docker containers. It updates using event streams.

            Project details

            DFWFW is written in Perl.

            Strengths and weaknesses

            • + The source code of this software is available
            • - Full name of author is unknown

            Typical usage

            • Firewall management

            DFWFW review

            81

            Douane

            Introduction

            Douane is an application firewall that blocks unknown or unwanted traffic. It provides a more fine-grained filtering as it looks at the combination of application and used network ports. This is useful when allowing common browse traffic on port 80 and 443. Instead of all applications being able to use this port, only the ones that are granted access will be able to do so. When a new connection is not trusted yet, Douane will ask to allow or deny the traffic stream.

            Project details

            Douane is written in C, C++, GTK+.

            Strengths and weaknesses

            • + The source code of this software is available

              Typical usage

              • Network traffic filtering

              Douane review

              63

              Knock

              Introduction

              Knock implements the principle of port knocking. It does so by using libpcap to sniff network traffic on interfaces and then use that to see if it matches a predefined sequence of steps.

              Project details

              Knock is written in C.

              Strengths and weaknesses

              • + Project is mature (10+ years)
              • - No updates for a while

              Knock review

              56

              LPFW (LeoPard FloWer)

              Introduction

              LPFW is the abbreviation for LeoPard FloWer and is an application firewall for Linux.

              Project details

              LPFW is written in C++, Python.

              Strengths and weaknesses

              • + The source code of this software is available
              • - Unknown project license

              Typical usage

              • Network traffic filtering

              LPFW review

              96

              OpenSnitch

              Introduction

              OpenSnitch is a tool based on Little Snitch, a macOS application level firewall. All outgoing connections are monitored and the user is alerted when a new outgoing connection occurs. This allows the user to detect and block any unwanted connections.

              Project details

              OpenSnitch is written in Golang.

              Strengths and weaknesses

              • + More than 3000 GitHub stars
              • + The source code of this software is available
              • - No releases on GitHub available

              Typical usage

              • Network traffic filtering

              OpenSnitch review

              67

              nftables

              Introduction

              nftables is supposed to replace netfilter as the primary interface of network filtering. It is available since Linux kernel 3.13. Both netfilter and nftables have been co-authored by Patrick McHardy.

              Project details

              nftables is written in C.

              Strengths and weaknesses

              • + The source code of this software is available

                Typical usage

                • Network traffic filtering

                nftables review

                Some relevant tool missing as an alternative to opensvp? Please contact us with your suggestion.