mitmproxy alternatives

Looking for a better tool, or simply want to learn about alternatives? There is typically more than one option.

Alternatives (by tag)

63

Alternative: ArpON

ArpON is a host-based tool to improve the security of the Address Resolution Protocol (ARP).

ArpOn protects a system by running as a daemon and guard against a Man in the Middle (MitM) attack due to ARP spoofing, cache poisoning, or an ARP poison routing attack.

The tool works by using three types of inspection to detect a related attack.

  • SARPI (Static ARP Inspection), statically configured networks (without DHCP)
  • DARPI (Dynamic ARP Inspection), dynamically configured networks (with DHCP)
  • HARPI (Hybrid ARP Inspection), statically and dynamically configured networks (with DHCP)

Project details

ArpON is written in C.

Strengths

  • + The source code of this software is available

ArpON project page

100

Alternative: BetterCAP

BetterCAP is a complete, modular, portable and easily extensible MitM tool and framework. It is maintained well and appreciated by many.

Project details

BetterCAP is written in Ruby.

Strengths

  • + More than 25 contributors
  • + More than 2000 GitHub stars
  • + The source code of this software is available

Typical usage

  • bypassing security measures
  • penetration test
  • security assessment

BetterCAP project page

63

Alternative: DNSChef

DNSChef is a highly configurable DNS proxy for penetration testers and malware analysts

85

Alternative: Nili

Nili is a security tool with a wide range of goals, including network scanning, MitM attacks, protocol reverse engineering and application fuzzing.

Project details

Nili is written in Python.

Strengths

  • + The source code of this software is available

Typical usage

  • network scanning
  • penetration test
  • security assessment

Nili project page

64

Alternative: Seth

Seth is a security tool to perform a man-in-the-middle (MitM) attack and extract clear text credentials from RDP connections.

Project details

Seth is written in Python, shell script.

Strengths

  • + The source code of this software is available

Typical usage

  • penetration test
  • security assessment

Seth project page

60

Alternative: sslcaudit

The sslcaudit project helps with automated testing of SSL/TLS clients for resistance against MITM attacks.

This project focuses on the niche of testing SSL/TLS clients.

Project details

sslcaudit is written in Python.

Strengths

  • + The source code of this software is available

Typical usage

  • security assessment
  • software testing

sslcaudit project page

78

Alternative: SSLsplit

SSLsplit is a security tool to perform transparent SSL/TLS interception by using a so-called man-in-the-middle (MitM) attack.

SSLsplit is a tool for man-in-the-middle attacks against SSL/TLS encrypted network connections. Connections are transparently intercepted through a network address translation engine and redirected to SSLsplit. SSLsplit terminates SSL/TLS and initiates a new SSL/TLS connection to the original destination address, while logging all data transmitted. SSLsplit is intended to be useful for network forensics and penetration testing.

SSLsplit supports plain TCP, plain SSL, HTTP and HTTPS connections over both IPv4 and IPv6. For SSL and HTTPS connections, SSLsplit generates and signs forged X509v3 certificates on-the-fly, based on the original server certificate subject DN and subjectAltName extension. SSLsplit fully supports Server Name Indication (SNI) and is able to work with RSA, DSA and ECDSA keys and DHE and ECDHE cipher suites. Depending on the version of OpenSSL, SSLsplit supports SSL 3.0, TLS 1.0, TLS 1.1 and TLS 1.2, and optionally SSL 2.0 as well. SSLsplit can also use existing certificates of which the private key is available, instead of generating forged ones. SSLsplit supports NULL-prefix CN certificates and can deny OCSP requests in a generic way. For HTTP and HTTPS connections, SSLsplit removes response headers for HPKP in order to prevent public key pinning, for HSTS to allow the user to accept untrusted certificates, and Alternate Protocols to prevent switching to QUIC/SPDY. As an experimental feature, SSLsplit supports STARTTLS mechanisms in a generic manner.

Project details

SSLsplit is written in C.

Strengths

  • + The source code of this software is available

Typical usage

  • learning
  • network analysis
  • penetration test
  • security assessment

SSLsplit project page

64

Alternative: A2SV

A2SV is short for Auto Scanning to SSL Vulnerability, a security tool to scan for SSL and TLS vulnerabilities. It can be used during security assessments.

Project details

A2SV is written in Python.

Strengths

  • + The source code of this software is available

Weaknesses

  • - Full name of author is unknown

Typical usage

  • vulnerability scanning
  • vulnerability testing

A2SV project page

74

Alternative: Certificate Transparency

Google's Certificate Transparency project audits the way SSL/TLS certificates are used and its underlying cryptographic system.

HTTPS connections use cryptographic functions to provide confidentiality and integrity. It can provide features like domain validation, end-to-end encryption, and a trust chain from certificate authorities down to the end-user. Any flaws can endanger these goals, like the impersonation of a system, man-in-the-middle (MitM) attacks, and website spoofing. This project helps to find flaws and improve the overall security of our internet.

64

Alternative: cipherscan

Cipherscan is a tool to test the ordering of SSL/TLS ciphers on a given target. It tests the major versions of SSL, TLS, and any extensions of these protocols.

Project details

cipherscan is written in Python, shell script.

Strengths

  • + Screen output is colored
  • + More than 1000 GitHub stars
  • + Very low number of dependencies
  • + Supported by a large company

Typical usage

  • information gathering
  • security assessment
  • system hardening
  • web application analysis

cipherscan project page

60

Alternative: clinker

Clinker is a tool to test SSL and TLS security for Firefox. It is an addon that shows the used cipher suites, certificates, and shows related security information of the connection itself.

Requirements: Firefox

80

Alternative: Lemur

Lemur manages TLS certificate creation and the underlying process that is required. It acts as a broker between a certificate authority (CA) and the environment

With Lemur you can provide a central portal for developers and administrators to issue TLS certificates with predefined defaults.

Lemur works on CPython 3.5 and uses the Flask framework. Another component it uses is cryptography to handle the creation of the certificates.

Netflix develops on macOS and deploys on Ubuntu servers.

Project details

Lemur is written in Python.

Strengths

  • + More than 500 GitHub stars
  • + The source code of this software is available
  • + Supported by a large company

Typical usage

  • certificate management

Lemur project page

56

Alternative: MassBleed

MassBleed is a SSL vulnerability scanner to check for several known vulnerabilities and attacks like DROWN, POODLE, and ShellShock.

Project details

MassBleed is written in Perl, Python, shell script.

Strengths

  • + The source code of this software is available

Weaknesses

  • - Full name of author is unknown
  • - Unknown project license

Typical usage

  • application security
  • web application analysis

MassBleed project page

78

Alternative: OpenSSL

OpenSSL is an open source project and provides a toolkit for Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols.

Project details

OpenSSL is written in C.

Strengths

  • + The source code of this software is available
  • + Well-known library

Weaknesses

  • - Major vulnerabilities in the past

Typical usage

  • certificate management
  • data encryption

OpenSSL project page

97

Alternative: O-Saft

O-Saft is a security tool to show information about SSL certificates. It tests the SSL connection with the given list of ciphers and configuration.

O-Saft is the abbreviation for OWASP SSL advanced forensic tool.

Project details

O-Saft is written in Perl.

Strengths

  • + The source code of this software is available

Typical usage

  • information gathering
  • penetration test
  • security assessment
  • vulnerability scanning
  • web application analysis

O-Saft project page

85

Alternative: pshtt

pshtt is a security tool to scan domains for the usage of HTTPS and applying best practices in their web configuration.

pshtt was developed to push organizations, including government departments, to adopt HTTPS across the enterprise. pshtt is a collaboration between GSA's 18F and the DHS National Cybersecurity Assessments and Technical Services team.

Notes

  • pshtt is pronounced as "pushed"
  • Data can be stored as CSV or JSON

Project details

pshtt is written in Python.

Strengths

  • + The source code of this software is available

Typical usage

  • security assessment
  • web application analysis

pshtt project page

67

Alternative: SSLMap

SSLMap is a TLS/SSL cipher suite scanner. It provides a way to detect weak ciphers enabled on SSL endpoints and can be used during security assessments.

SSLMap uses its own SSL engine to avoid any dependencies or limitations with pre-installed libraries.

85

Alternative: SSLyze

SSLyze provides a library for scanning services that use SSL/TLS for encrypted communications. It can be used to test their implementation.

97

Alternative: testssl.sh

testssl.sh is a command line tool which checks a system on any port for the support of TLS/SSL ciphers, protocols, as well as some cryptographic flaws.

Key features of testssl.sh include:

  • Clear output: you can tell easily whether anything is good or bad
  • Ease of installation: It works for Linux, Darwin, FreeBSD, NetBSD and MSYS2/Cygwin out of the box: no need to install or configure something, no gems, CPAN, pip or the like.
  • Flexibility: You can test any SSL/TLS enabled and STARTTLS service, not only webservers at port 443
  • Toolbox: Several command line options help you to run YOUR test and configure YOUR output
  • Reliability: features are tested thoroughly
  • Verbosity: If a particular check cannot be performed because of a missing capability on your client side, you'll get a warning
  • Privacy: It's only you who sees the result, not a third party
  • Freedom: It's 100% open source. You can look at the code, see what's going on and you can change it.

Project details

testssl.sh is written in shell script.

Strengths

  • + Used language is shell script
  • + The source code of this software is available

Typical usage

  • application testing
  • configuration audit

testssl.sh project page

60

Alternative: tlsenum

The CLI tool tlsenum attempts to enumerate what TLS cipher suites a server supports and then list them in order of priority.

This tool works by sending out sending out TLS ClientHello messages. Any ServerHello responses from the server are parsed. It assumes that the server is the one which decides the preferred cipher suite, giving an idea on the available ciphers.

Project details

tlsenum is written in Python.

Strengths

  • + The source code of this software is available

Typical usage

  • information gathering
  • security assessment
  • system hardening

tlsenum project page

60

Alternative: ZGrab

ZGrab is a TLS banner grabber and written in Go. It works together with the ZMap utility.

ZGrab is a stateful application-layer scanner. It works together with ZMap and is also part of the ZMap project. ZGrab is written in Go and supports multiple protocols, including:

  • BACNET
  • HTTP
  • HTTPS
  • FTP
  • IMAP
  • POP3
  • Modbus
  • Siemens S7
  • SMTP
  • SSH
  • Telnet
  • Tridium Fox

Project details

ZGrab is written in Golang.

Strengths

  • + The source code of this software is available

Typical usage

  • penetration test
  • security assessment
  • vulnerability scanning

ZGrab project page

64

Alternative: Maltrail

Maltrail monitors for traffic on the network that might indicate system compromise or other bad behavior. It is great for intrusion detection and monitoring.

Project details

Maltrail is written in Python.

Strengths

  • + The source code of this software is available

Weaknesses

  • - More than 10 contributors
  • - More than 2000 GitHub stars

Typical usage

  • intrusion detection
  • network analysis
  • security monitoring

Maltrail project page

93

Alternative: ntopng

ntopng is the successor of the original ntop utility. It shows network usage by capturing traffic and provide insights on the usage.

The ntopng replaced the older ntop utility. It now focuses on high-speed traffic analysis and flow collection. Typically this is useful for analysis of network traffic and troubleshooting of overused network links.

Project details

ntopng is written in C++.

Strengths

  • + The source code of this software is available

Typical usage

  • network analysis
  • troubleshooting

ntopng project page