SCUTUM alternatives

Looking for a better tool, or simply want to learn about alternatives? There is typically more than one option.

Alternatives (by tag)


Alternative: addrwatch

Addrwatch is a tool similar to arpwatch to monitor IPv4/IPv6 and ethernet address pairing.

Similar to arpwatch, this tool addrwatch will monitor the pairing between ethernet and IP addresses.

Main features:

  • IPv4 and IPv6 address monitoring
  • Monitoring multiple network interfaces with one daemon
  • Monitoring of VLAN tagged (802.1Q) packets
  • Output to stdout, plain text files, syslog, sqlite3, MySQL
  • IP address usage history preserving output and logging


Alternative: arping

arping is a tool for the discovery of hosts on a computer network using the Address Resolution Protocol (ARP).

arping is similar to the 'ping' utility for testing a network and the discovery of systems. Where the 'ping' command typically uses the Internet Control Message Protocol (ICMP), arping uses the Address Resolution Protocol (ARP).


Alternative: ArpON

ArpON is a host-based tool to improve the security of the Address Resolution Protocol (ARP).

ArpOn protects a system by running as a daemon and guard against a Man in the Middle (MitM) attack due to ARP spoofing, cache poisoning, or an ARP poison routing attack.

The tool works by using three types of inspection to detect a related attack.

  • SARPI (Static ARP Inspection), statically configured networks (without DHCP)
  • DARPI (Dynamic ARP Inspection), dynamically configured networks (with DHCP)
  • HARPI (Hybrid ARP Inspection), statically and dynamically configured networks (with DHCP)

Project details

ArpON is written in C.


  • + The source code of this software is available

ArpON project page


Alternative: arp-scan

arp-scan is a security tool that sends ARP packets to hosts on the local network. Any responses to the requests are displayed.

The arp-scan utility can be used to detect hosts on the network. As it uses ARP, it only applies to IPv4, as IPv6 uses the neighbour discovery protocol (NDP).


Alternative: KickThemOut

KickThemOut is a tool that can remove systems and devices from the network by performing an ARP spoofing attack.

Project details

KickThemOut is written in Python.


  • + More than 500 GitHub stars
  • + The source code of this software is available

Typical usage

  • offensive security

KickThemOut project page


Alternative: larp

Larp is a tool to perform ARP poisoning on the network. It is written in Python and can be used for security assessments.

Project details

larp is written in Python.


  • + The source code of this software is available

larp project page


Alternative: Scapy

Scapy is an interactive packet manipulation program. It is able to forge or decode packets of a wide number of protocols and send and capture them.

Scapy can handle tasks like network scanning, tracerouting, probing, unit tests, attacks or network discovery. Due to its manipulation possibilities, Scapy can send invalid frames. It allows you also to inject custom 802.11 frames, or combine other attacking techniques.

According to the description of the author, Scapy can replace hping, most of of nmap, arpspoof, arp-sk, arping, tcpdump, tethereal, and p0f.

Project details

Scapy is written in Python.


  • + More than 1000 GitHub stars
  • + The source code of this software is available


  • - Many provided pull requests are still open

Typical usage

  • network analysis
  • security assessment

Scapy project page