SCUTUM alternatives

Looking for an alternative tool to replace SCUTUM? During the review of SCUTUM we looked at other open source tools. Based on their category, tags, and text, these are the ones that have the best match.

Top 3

  1. CHIRON ELK (network analytics and threat detection)
  2. Anti-DDOS (configuration tool to reduce impact of DDoS)
  3. iptables (network traffic filter)

These tools are ranked as the best alternatives to SCUTUM.

Alternatives (by score)

64

CHIRON ELK

Introduction

CHIRON is a tool to provide network analytics based on the ELK stack. It is combined with Machine Learning threat detection using the Aktaion framework. Typical usage of the tool is home use and get the visibility of home internet devices. By leveraging the Aktaion framework, it helps with detection threats like ransomware, phishing, or other malicious traffic.

Project details

CHIRON ELK is written in Python.

Strengths and weaknesses

  • + The source code of this software is available
  • - No releases on GitHub available

Typical usage

  • Network analysis
  • Network security monitoring
  • Network traffic analysis
  • Threat discovery

CHIRON ELK review

64

Anti-DDOS

Introduction

This script could be useful for system and network administrators that want to learn about better defending the network against lots of network packets. The Linux kernel has a default configuration that is optimized for performance. To further secure it, changes need to be made to these kernel settings. The Anti-DDoS tool will help with setting up the configuration.

Project details

Anti-DDOS is written in shell script.

Strengths and weaknesses

  • + Very low number of dependencies
  • + The source code of this software is available
  • - No releases on GitHub available

Typical usage

  • DDoS protection
  • Network traffic filtering

Anti-DDOS review

67

iptables

Introduction

The iptables tool is the userspace command line program part of the netfilter project. Since Linux 2.4 it is the standard packet filtering engine. Among standard traffic filtering, it can be used for Network Address Translation (NAT).

Project details

iptables is written in C.

Strengths and weaknesses

  • + The source code of this software is available
  • + Well-known tool

    Typical usage

    • Network traffic filtering

    iptables review

    67

    nftables

    Introduction

    nftables is supposed to replace netfilter as the primary interface of network filtering. It is available since Linux kernel 3.13. Both netfilter and nftables have been co-authored by Patrick McHardy.

    Project details

    nftables is written in C.

    Strengths and weaknesses

    • + The source code of this software is available

      Typical usage

      • Network traffic filtering

      nftables review

      76

      vallumd

      Introduction

      This tool provides a centralized method to distribute ipset blacklists.

      Project details

      vallumd is written in C.

      Strengths and weaknesses

      • + The source code of this software is available

        vallumd review

        74

        KickThemOut

        Introduction

        Kick devices off your network by performing an ARP spoofing attack.

        Project details

        KickThemOut is written in Python.

        Strengths and weaknesses

        • + More than 500 GitHub stars
        • + The source code of this software is available

          Typical usage

          • Offensive security

          KickThemOut review

          84

          larp

          Introduction

          Larp is a tool to perform ARP poisoning on the network. It is written in Python and can be used for security assessments.

          Project details

          larp is written in Python.

          Strengths and weaknesses

          • + The source code of this software is available

            Typical usage

            • Network spoofing
            • Penetration testing

            larp review

            60

            addrwatch

            Introduction

            Similar to arpwatch, this tool addrwatch will monitor the pairing between ethernet and IP addresses.

            Main features:

            • IPv4 and IPv6 address monitoring
            • Monitoring multiple network interfaces with one daemon
            • Monitoring of VLAN tagged (802.1Q) packets
            • Output to stdout, plain text files, syslog, sqlite3, MySQL
            • IP address usage history preserving output and logging

            Project details

            85

            arping

            Introduction

            arping is similar to the 'ping' utility for testing a network and the discovery of systems. Where the 'ping' command typically uses the Internet Control Message Protocol (ICMP), arping uses the Address Resolution Protocol (ARP).

            Project details

            63

            ArpON

            Introduction

            ArpOn protects a system by running as a daemon and guard against a Man in the Middle (MitM) attack due to ARP spoofing, cache poisoning, or an ARP poison routing attack.

            The tool works by using three types of inspection to detect a related attack.

            • SARPI (Static ARP Inspection), statically configured networks (without DHCP)
            • DARPI (Dynamic ARP Inspection), dynamically configured networks (with DHCP)
            • HARPI (Hybrid ARP Inspection), statically and dynamically configured networks (with DHCP)

            Project details

            ArpON is written in C.

            Strengths and weaknesses

            • + The source code of this software is available

              ArpON review

              52

              arp-scan

              Introduction

              The arp-scan utility can be used to detect hosts on the network. As it uses ARP, it only applies to IPv4, as IPv6 uses the neighbour discovery protocol (NDP).

              Project details

              93

              Scapy

              Introduction

              Scapy can handle tasks like network scanning, tracerouting, probing, unit tests, attacks or network discovery. Due to its manipulation possibilities, Scapy can send invalid frames. It allows you also to inject custom 802.11 frames, or combine other attacking techniques.

              Project details

              Scapy is written in Python.

              Strengths and weaknesses

              • + More than 2000 GitHub stars
              • + The source code of this software is available
              • - Many provided pull requests are still open

              Typical usage

              • Network analysis
              • Security assessment

              Scapy review

              Some relevant tool missing as an alternative to SCUTUM? Please contact us with your suggestion.