Maltrail is a malicious traffic detection system, utilizing publicly available (black)lists containing malicious and/or generally suspicious trails, along with static trails compiled from various AV reports and custom user-defined lists. The tool monitors the network and sounds an alarm if a package appears suspicious.
Maltrail has its own approach to malicious network traffic detection, which can either be used as a dedicated or complementary solution to other IDS/IPS solutions.
This is free and open source software.
Key Features
- Supports a wide range of blacklists (feeds).
- Trails for malicious entities are manually included from a wide variety of sources.
- Based on the Traffic -> Sensor <-> Server <-> Client architecture. The sensor sniffs packets, the server collects alarms from the sensor.
- Cross between a network intrusion detection system and a malware scanner. It loads signatures and compares them with the inspected IP packets. If there’s a match, the administrator is alerted on the dashboard.
- Uses (optional) advanced heuristic mechanisms that can help in discovery of unknown threats (e.g. new malware).
- 3rd party integrations:
- FreeBSD Port.
- OPNSense Gateway Plugin.
- D4 Project.
- BlackArch Linux.
- GScan 1.
- MalwareWorld 1
- oisd | domain blocklist.
- NextDNS.
- NoTracking.
- mobileAudit.
- Mobile-Security-Framework-MobSF.
Website: github.com/stamparm/maltrail
Support: Demo, FAQ
Developer: Maltrail developers
License: MIT License
Maltrail is written in Python. Learn Python with our recommended free books and free tutorials.
Related Software
| Network Intrusion Detection Systems | |
|---|---|
| Snort | Intrusion detection/prevention with real-time traffic analysis/packet logging |
| Suricata | High performance Network IDS, IPS and Network Security Monitoring engine |
| Zeek | (formerly Bro) Powerful network analysis framework |
| Mailtrail | Lightweight malicious traffic detection system |
| Security Onion | Platform built by defenders for defenders |
| Kismet | Wireless intrusion detection, wireless network and device detector, and more |
| psad | Intrusion detection and log analysis with iptables |
| Sagan | Multi-threads, high performance log analysis engine |
Read our verdict in the software roundup.
| Anti-Malware Tools | |
|---|---|
| ClamAV | Antivirus engine for detecting trojans, viruses, malware and other threats |
| YARA | Pattern matching swiss knife for malware researchers |
| Maltrail | Malicious traffic detection system |
| ClamTk | Graphical frontend for ClamAV |
| LMD | Malware scanner focusing on threats faced in shared hosted environments |
| phpMussel | PHP-based anti-virus anti-trojan anti-malware solution |
| libredefender | Antivirus program using libclamav |
| Raspirus | Lightweight signature-based malware scanner |
| FastFinder | Fast suspicious file finder |
| Rootkit Hunter | Scans for rootkits, backdoors and possible local exploits |
| Unhide | Forensic tool to find hidden processes and TCP/UDP ports |
| Hostsblock | Malware-blocking cronscript |
| chkrootkit | Locally checks for signs of a rootkit |
| Lenspect | Lightweight security threat scanner |
Read our verdict in the software roundup.
 Explore our comprehensive directory of recommended free and open source software. Our carefully curated collection spans every major software category.This directory is part of our ongoing series of informative articles for Linux enthusiasts. It features hundreds of detailed reviews, along with open source alternatives to proprietary solutions from major corporations such as Google, Microsoft, Apple, Adobe, IBM, Cisco, Oracle, and Autodesk. You’ll also find interesting projects to try, hardware coverage, free programming books and tutorials, and much more. Discovered a useful open source Linux program that we haven’t covered yet? Let us know by completing this form. |