30 open-source projects similar to secdev/scapy, ranked by how many features they have in common. Compare stars, activity and what each one does to find the best Scapy alternative.
Ethical-Hacking-Labs is a comprehensive cybersecurity training curriculum and lab suite designed for learning penetration testing, network analysis, and offensive security techniques. It provides a structured environment for practicing the full attack lifecycle, from initial reconnaissance and scanning to exploitation and post-compromise analysis. The project provides instructional materials and guided exercises that cover specific technical domains, including open source intelligence research and network security courseware. It includes a practical workbook for identifying system vulnerabili
Termshark is a terminal-based network packet analyzer and protocol flow inspector. It serves as a keyboard-driven interface for the tshark command-line utility, providing a terminal user interface to monitor data flow and analyze network traffic. The tool functions as a terminal interface for Wireshark, utilizing its filtering and inspection logic to analyze recorded capture files or live network interfaces. It specifically enables the reassembly and inspection of TCP and UDP flows to isolate traffic patterns and analyze network conversations by protocol. The system includes capabilities for
Impacket is a Python network protocol library and low-level implementation foundation. It provides a collection of classes for implementing and manipulating network protocols such as SMB, TCP, and UDP. The project serves as a network authentication framework for verifying user identities using passwords, hashes, and security tickets. It also functions as a network packet manipulation toolkit and security research tool for analyzing protocol behaviors and identifying vulnerabilities. The library covers the creation, parsing, and modification of raw network data to analyze communication stacks
This application is a desktop network traffic analyzer that provides real-time monitoring and forensic inspection of data packets. By interfacing directly with low-level system drivers, it captures raw network traffic from physical or virtual adapters to identify communication patterns, track bandwidth usage, and diagnose connectivity issues. The system distinguishes itself through an immediate-mode graphical interface that rebuilds the display state every frame, ensuring high responsiveness during live data updates. It maintains performance by using asynchronous message passing to decouple t
nDPI is a deep packet inspection toolkit and network protocol classifier designed to identify protocols and detect security threats through packet payload inspection. It functions as a network security monitor and a traffic analysis framework used to determine the services originating network flows. The system utilizes a modular dissector architecture and a sequence-based dissector chain to interpret network traffic. It supports custom protocol definition and protocol dissector extensions, allowing for the identification of proprietary or new network protocols. The toolkit provides capabilit
CppGuide is a curated collection of educational resources and practical guides focused on C++ server development, Linux kernel internals, concurrent programming, network protocols, and security exploitation. It provides structured learning paths for backend developers, covering everything from interview preparation to building high-performance network servers and understanding operating system fundamentals. The guide distinguishes itself by offering in-depth, hands-on tutorials that walk through real-world implementations, including building a Redis-like server from scratch, designing custom
Bettercap is a modular framework designed for network reconnaissance, security testing, and the execution of man-in-the-middle attacks. It functions as a comprehensive utility for surveying wired and wireless network segments, identifying connected devices, and analyzing communication protocols through real-time traffic interception and manipulation. The platform distinguishes itself through an event-driven architecture that coordinates network state changes and packet-level data through a centralized message pipeline. It provides a programmable scripting engine and an API for orchestrating s
BCC is an eBPF development toolkit and tracing framework used for monitoring and analyzing the Linux kernel. It functions as a performance analysis tool and debugging utility to capture system events, measure kernel latency, and provide network observability. The project distinguishes itself by providing a build system that integrates with LLVM to compile C-like code into BPF bytecode at runtime. It utilizes BPF Type Format data for relocations to maintain cross-kernel compatibility and extracts kernel headers to ensure the generated programs match the specific kernel version. The toolkit co
This project serves as a comprehensive tutorial and technical resource for developing network applications in the C programming language. It focuses on the practical application of the Berkeley socket interface, guiding users through the implementation of low-level network protocols and the management of data transmission across both connection-oriented and connectionless streams. The material distinguishes itself by covering the full lifecycle of network communication, from initializing system-level protocol stacks and resolving domain names to managing complex connection behaviors. It provi
Impacket is a collection of Python classes designed for the construction, manipulation, and analysis of low-level network packets and services. It functions as a framework for building custom network tools, providing a programmatic interface to interact with communication protocols and service architectures. The library provides primitives for managing authentication, session state, and remote procedure calls within network environments. By offering a modular class hierarchy, it allows for the assembly of network packets and the implementation of specialized communication stacks. The project
Wireshark is a network protocol analyzer and traffic inspector used for capturing and inspecting network traffic. It functions as a packet capture tool that intercepts live data from network interfaces and a TCP/IP dissector that decodes network protocol layers to translate raw binary packets into human-readable fields. The system provides capabilities for protocol stream reconstruction, grouping related packets into cohesive conversations between endpoints. It also operates as a packet file converter, allowing for the reading, modification, and conversion of network capture files across vari
Torsniff is a BitTorrent network sniffer and traffic analyzer designed to intercept and capture torrent metadata and peer traffic. It functions as a network utility that extracts information about available files and trackers from peer-to-peer networks. The tool utilizes a distributed hash table to gather metadata without relying on a central tracker. It includes a bencode data parser to decode specialized metadata formats, allowing for the extraction of file names, directory paths, and total sizes. The project covers network monitoring and data analysis through packet-level traffic inspecti
PCredz is a network credential extraction tool and traffic analyzer designed to intercept passwords, hashes, and tokens from IPv4 and IPv6 traffic. It functions as both a real-time monitor for live network interfaces and a parser for saved packet capture files. The tool identifies sensitive information, including credit card numbers and authentication tokens, using protocol-aware parsing. It further acts as a password hash recovery utility by normalizing captured authentication hashes into specific syntaxes compatible with external recovery software. Capabilities include real-time traffic in
Impacket is a Python network protocol library and packet crafting framework used for constructing, modifying, and sending raw network packets. It functions as a network protocol manipulation toolkit that allows for the implementation of communication protocols through structured object models. The project provides a Windows network security toolkit specifically designed for interacting with Active Directory and SMB services. It enables network security testing and auditing of Windows environments by executing authentication sequences using passwords, hashes, tickets, or security keys. The li
GoReplay is a network traffic recording and replay tool used to capture live HTTP and binary protocol requests. It functions as a traffic shadowing proxy that duplicates incoming network requests to test environments and a utility for recording traffic to local or cloud storage for later analysis and playback. The system is capable of processing non-textual data formats, such as Thrift and Protocol Buffers, allowing for the capture and replay of specialized application-to-application communication. The tool supports live traffic capture and asynchronous duplication to validate infrastructure
Moloch is a full packet capture system and network forensics platform designed for large scale network traffic recording and indexing. It functions as a distributed packet indexer that stores raw data in PCAP format for deep packet analysis and security investigations. The system distinguishes itself through a decentralized architecture that distributes capture and viewing components across multiple nodes to handle high volumes of network traffic. It utilizes a web-based management interface for browsing network sessions and provides a programmable API for exporting captured traffic and metad
Dshell is a network forensic analysis framework and traffic processor designed for the deep packet inspection of IPv4 and IPv6 traffic. It functions as an extensible forensic plugin system that captures, inspects, and analyzes network data to identify security anomalies and reconstruct communication streams. The system utilizes a plugin-based processing engine that allows for custom plugin development and plugin chaining. This modular architecture enables the creation of specialized analysis pipelines where network data is passed through a sequence of processing units for multi-step analysis.
Aircrack-ng is a wireless security auditing suite used for monitoring, attacking, testing, and cracking wireless network encryption keys and passwords. It functions as an 802.11 packet analysis tool, a wireless frame injection tool, and a network mapper to identify vulnerabilities and active clients within a wireless environment. The suite includes a dedicated WPA/WPA2 password cracker that recovers network keys by analyzing captured handshakes through dictionary and brute-force attacks. It enables the construction and transmission of fabricated 802.11 packets to trigger specific network resp
Suricata is an open-source network intrusion detection and prevention engine that analyzes live network traffic in real-time to identify and alert on malicious activity. It operates as a rule-based threat detection system, matching traffic against user-defined signatures to detect known attack patterns and policy violations, and can be placed inline to actively block malicious packets before they reach their target. The engine inspects a wide range of application-layer protocols including HTTP, DNS, TLS, SMB, and MQTT, and supports high-performance packet capture through specialized hardware a
Mitmproxy is an interactive, programmable network proxy engine designed for traffic analysis and protocol manipulation. It functions as a gateway that intercepts, inspects, and modifies network traffic in real-time, supporting HTTP, HTTPS, WebSocket, DNS, and generic TCP or UDP streams. By acting as a trusted certificate authority, the proxy can dynamically generate and sign certificates to decrypt and analyze secure TLS-encrypted connections. The project distinguishes itself through a highly extensible, event-driven architecture that allows users to automate traffic transformation using cust
ntopng is a web-based network traffic monitoring tool and flow data aggregator. It functions as a network security monitor, an SNMP network management system, and an industrial protocol analyzer for OT and SCADA environments. The system provides specialized inspection for industrial protocols such as Modbus, DNP3, and IEC 60870. It distinguishes itself through behavioral threat detection, encrypted traffic analysis via handshake fingerprinting, and the ability to identify hardware and operating systems using DHCP and MAC address patterns. Its broader capabilities include real-time traffic an
This project is a service mesh platform designed to manage, secure, and observe service-to-service communication within Kubernetes clusters. It functions as a control plane that orchestrates transparent sidecar proxies, which intercept and manage network traffic to provide reliable connectivity for microservices. By automating the injection of these proxies, the platform ensures that infrastructure-level policies are applied consistently across all workloads without requiring manual configuration changes. The platform distinguishes itself through its focus on zero-trust security and cross-clu
This project is an open source discovery resource that provides curated lists of reusable code and libraries to help developers find technical solutions for specific tasks. It utilizes a category-based indexing system to organize diverse software tools by their functional capabilities. The repository is structured as a collection of markdown-based documentation and static content, serving as a directory for manual discovery and reference. The directory covers a wide range of capability areas, including cross-platform application development, cybersecurity tool creation, network protocol impl
CAN DBC to C (and CSV, JSON and XML) compiler using the mpc parser combinator library
Software for the CAN bus simulator on the Rasperry Pi
Converting Can (Controller Area Network) Database Formats .arxml .dbc .dbf .kcd ...
Linux-CAN / SocketCAN user space applications
OBD-II serial module for reading engine data