SCUTUM alternatives

CHIRON is a tool to provide network analytics based on the ELK stack. It is combined with Machine Learning threat detection using the Aktaion framework. Typical usage of the tool is home use and get the visibility of home internet devices. By leveraging the Aktaion framework, it helps with detection threats like ransomware, phishing, or other malicious traffic.

This script could be useful for system and network administrators that want to learn about better defending the network against lots of network packets. The Linux kernel has a default configuration that is optimized for performance. To further secure it, changes need to be made to these kernel settings. The Anti-DDoS tool will help with setting up the configuration.

nftables is supposed to replace netfilter as the primary interface of network filtering. It is available since Linux kernel 3.13. Both netfilter and nftables have been co-authored by Patrick McHardy.

This tool provides a centralized method to distribute ipset blacklists.

Kick devices off your network by performing an ARP spoofing attack.

ArpOn protects a system by running as a daemon and guard against a Man in the Middle (MitM) attack due to ARP spoofing, cache poisoning, or an ARP poison routing attack.

The tool works by using three types of inspection to detect a related attack.

• SARPI (Static ARP Inspection), statically configured networks (without DHCP)
• DARPI (Dynamic ARP Inspection), dynamically configured networks (with DHCP)
• HARPI (Hybrid ARP Inspection), statically and dynamically configured networks (with DHCP)

Similar to arpwatch, this tool addrwatch will monitor the pairing between ethernet and IP addresses.

Main features:

• IPv4 and IPv6 address monitoring
• Monitoring multiple network interfaces with one daemon
• Monitoring of VLAN tagged (802.1Q) packets
• Output to stdout, plain text files, syslog, sqlite3, MySQL
• IP address usage history preserving output and logging

The arp-scan utility can be used to detect hosts on the network. As it uses ARP, it only applies to IPv4, as IPv6 uses the neighbour discovery protocol (NDP).

arping is similar to the 'ping' utility for testing a network and the discovery of systems. Where the 'ping' command typically uses the Internet Control Message Protocol (ICMP), arping uses the Address Resolution Protocol (ARP).

Scapy can handle tasks like network scanning, tracerouting, probing, unit tests, attacks or network discovery. Due to its manipulation possibilities, Scapy can send invalid frames. It allows you also to inject custom 802.11 frames, or combine other attacking techniques.