Xplico alternatives

This tool can be of a great use to see what sensitive data leaks onto the network. This may be a public network or your own private network.

The ntopng replaced the older ntop utility. It now focuses on high-speed traffic analysis and flow collection. Typically this is useful for analysis of network traffic and troubleshooting of overused network links.

Bleach is a library for Django that can sanitize HTML by escaping and stripping harmful content. It provides a filter for untrusted content and disarms potential unwanted scripts from the input. This may be useful to apply to data that is transmitted via HTML forms or otherwise.

CHIRON is a tool to provide network analytics based on the ELK stack. It is combined with Machine Learning threat detection using the Aktaion framework. Typical usage of the tool is home use and get the visibility of home internet devices. By leveraging the Aktaion framework, it helps with detection threats like ransomware, phishing, or other malicious traffic.

Trawler can simplify the work that is related to collecting phishing information like reports. It can process the information and use the information for follow-up steps.

Socat is a tool to share data between systems. It can leverage an existing connection, or set up a new channel between two systems. This can be useful to relay traffic, do a quick data transfer, or test other systems. Another option is to use it on the local system to add an encrypted channel.

Malware regularly uses USB sticks to infect victims. This solution can convert documents with potentially harmful code into disarmed data formats. This converted data is then stored on a trusted device.

Metagoofil will perform a search in Google based on the given domain name. Any public documents will be downloaded and analyzed. For this task it uses libraries like Hachoir, PdfMiner, and others. Useful details include username, software versions, hostnames, etc.

File types: pdf, doc, xls, ppt, docx, pptx, xlsx

Swap memory is similar to active memory and may contain sensitive details.

Examples of sensitive data artifacts:

• Login accounts and passwords
• GPG keys
• Master keys of password managers
• Email addresses
• WiFi SSID details and keys
• Samba credentials
• Other authentication details

Scapy can handle tasks like network scanning, tracerouting, probing, unit tests, attacks or network discovery. Due to its manipulation possibilities, Scapy can send invalid frames. It allows you also to inject custom 802.11 frames, or combine other attacking techniques.

Wireshark is a mature project with many users all over the world. Its library is stable and can be used by both graphical as text-based interfaces. With many books and even conferences around the subject, this tool is a safe bet to have in your toolbox.

PyREBox is short for Python scriptable Reverse Engineering Sandbox. It provides dynamic analysis and debugging capabilities of a running QEMU virtual machine. The primary usage is the analysis of running processes to perform reverse engineering. PyREBox can change parts of the running system by changing data in memory or within processor registers.

Analysis of source code helps to find programming flaws including those that can lead to software vulnerabilities. Graudit helps to uncover these by searching through the files and discover possible flaws. The tool supports languages like ASP, C, Perl, PHP, Python, and others.