Flint – Web-based Firewall Rule Scanner

Use Netsparker


Flint examines firewalls, quickly computes the effect of all the configuration rules, and then spots problems so you can:

  • CLEAN UP RUSTY CONFIGURATIONS that are crudded up with rules that can’t match traffic.
  • ERADICATE LATENT SECURITY PROBLEMS lurking in overly-permissive rules
  • SANITY CHECK CHANGES to see if new rules create problems.

Flint is absolutely free. There’s no catch. You can download the source from the git repository. This isn’t the “play at home” version; it’s their second product, and they want to do it open source.

Why You Need Flint

You have multiple firewalls protecting internal networks from the Internet and controlling access to customer data. Your business changes, and so do your firewalls, and not always at the same time. Firewalls can get out of step with policies.

Everybody makes mistakes. To understand a firewall configuration, you have to read hundreds of configuration lines, and then you have to think like a firewall does. People aren’t good at thinking like firewalls. So most firewalls are riddled with subtle mistakes. Some of those mistakes can be expensive:

  • INSECURE SERVICES might be allowed through the firewall, preventing it from blocking attacks.
  • LAX CONTROLS ON DMZs may expose staging and test servers.
  • FIREWALL MANAGEMENT PORTS may be exposed to untrusted networks.
  • REDUNDANT FIREWALL RULES may be complicating your configuration and slowing you down.

You can download Flint here:

VMWare Virtual Machine – FlintVM-current.zip
OVF Virtual Machine – FlintVM-current.ovf.zip
Source – flint-current.tgz

Or read more here.

Posted in: Countermeasures, Networking Hacking, Security Software

, , , ,


Latest Posts:


CloudFrunt - Identify Misconfigured CloudFront Domains CloudFrunt – Identify Misconfigured CloudFront Domains
CloudFrunt is a Python-based tool for identifying misconfigured CloudFront domains, it uses DNS and looks for CNAMEs which may be allowed to be associated with CloudFront distributions.
Airbash - Fully Automated WPA PSK Handshake Capture Script Airbash – Fully Automated WPA PSK Handshake Capture Script
Airbash is a POSIX-compliant, fully automated WPA PSK handshake capture script aimed at penetration testing, it is compatible with Bash and Android Shell.
XXEinjector - Automatic XXE Injection Tool For Exploitation XXEinjector – Automatic XXE Injection Tool For Exploitation
XXEinjector is an XXE Injection Tool that automates retrieving files using direct and out of band methods. Directory listing only works in Java applications.
Yahoo! Fined 35 Million USD For Late Disclosure Of Hack Yahoo! Fined 35 Million USD For Late Disclosure Of Hack
Ah Yahoo! in trouble again, this time the news is Yahoo! fined for 35 million USD by the SEC for the 2 year delayed disclosure of the massive hack, we actually reported on the incident in 2016 when it became public.
Drupwn - Drupal Enumeration Tool & Security Scanner Drupwn – Drupal Enumeration Tool & Security Scanner
Drupwn is a Python-based Drupal Enumeration Tool that also includes an exploit mode, which can check for and exploit relevant CVEs.
MyEtherWallet DNS Hack Causes 17 Million USD User Loss MyEtherWallet DNS Hack Causes 17 Million USD User Loss
Big news in the crypto scene this week was that the MyEtherWallet DNS Hack that occured managed to collect about $17 Million USD worth of Ethereum in just a few hours.


One Response to Flint – Web-based Firewall Rule Scanner

  1. Winter March 30, 2010 at 6:04 pm #

    FlintVM-current.ovf.zip doesn’t appear to be a ovf file and doesn’t appear to have a ovf file in the archive.

    Am I missing something?