pshtt alternatives

Looking for a better tool, or simply want to learn about alternatives? There is typically more than one option.

Alternatives (by tag)

97

Alternative: pick

The pick tool provides a minimal password manager on the terminal for systems running macOS and Linux.

Project details

pick is written in Golang.

Strengths

  • + Very low number of dependencies
  • + The source code of this software is available

Typical usage

  • data security
  • secure storage

pick project page

96

Alternative: SpiderFoot

SpiderFoot is an open source intelligence automation tool (OSINT). It automates the process of gathering intelligence, like IP addresses, domains, and networks.

Project details

SpiderFoot is written in Python.

Strengths

  • + The source code of this software is available

Typical usage

  • information gathering

SpiderFoot project page

70

Alternative: Viper

Viper is a binary analysis and management framework for security researchers. It provides a way to organization your collection of malware samples and exploits.

Viper organizes the malware samples and exploits you found over time. It calls itself "Metasploit for malware researchers". Viper has a terminal interface to store, search and analyze files. As it is a framework, is also allows you to create your plugins.

64

Alternative: A2SV

A2SV is short for Auto Scanning to SSL Vulnerability, a security tool to scan for SSL and TLS vulnerabilities. It can be used during security assessments.

Project details

A2SV is written in Python.

Strengths

  • + The source code of this software is available

Weaknesses

  • - Full name of author is unknown

Typical usage

  • vulnerability scanning
  • vulnerability testing

A2SV project page

74

Alternative: Certificate Transparency

Google's Certificate Transparency project audits the way SSL/TLS certificates are used and its underlying cryptographic system.

HTTPS connections use cryptographic functions to provide confidentiality and integrity. It can provide features like domain validation, end-to-end encryption, and a trust chain from certificate authorities down to the end-user. Any flaws can endanger these goals, like the impersonation of a system, man-in-the-middle (MitM) attacks, and website spoofing. This project helps to find flaws and improve the overall security of our internet.

64

Alternative: cipherscan

Cipherscan is a tool to test the ordering of SSL/TLS ciphers on a given target. It tests the major versions of SSL, TLS, and any extensions of these protocols.

Project details

cipherscan is written in Python, shell script.

Strengths

  • + Screen output is colored
  • + More than 1000 GitHub stars
  • + Very low number of dependencies
  • + Supported by a large company

Typical usage

  • information gathering
  • security assessment
  • system hardening
  • web application analysis

cipherscan project page

60

Alternative: clinker

Clinker is a tool to test SSL and TLS security for Firefox. It is an addon that shows the used cipher suites, certificates, and shows related security information of the connection itself.

Requirements: Firefox

80

Alternative: Lemur

Lemur manages TLS certificate creation and the underlying process that is required. It acts as a broker between a certificate authority (CA) and the environment

With Lemur you can provide a central portal for developers and administrators to issue TLS certificates with predefined defaults.

Lemur works on CPython 3.5 and uses the Flask framework. Another component it uses is cryptography to handle the creation of the certificates.

Netflix develops on macOS and deploys on Ubuntu servers.

Project details

Lemur is written in Python.

Strengths

  • + More than 500 GitHub stars
  • + The source code of this software is available
  • + Supported by a large company

Typical usage

  • certificate management

Lemur project page

56

Alternative: MassBleed

MassBleed is a SSL vulnerability scanner to check for several known vulnerabilities and attacks like DROWN, POODLE, and ShellShock.

Project details

MassBleed is written in Perl, Python, shell script.

Strengths

  • + The source code of this software is available

Weaknesses

  • - Full name of author is unknown
  • - Unknown project license

Typical usage

  • application security
  • web application analysis

MassBleed project page

89

Alternative: mitmproxy (mitmproxy)

The mitmproxy tool allows to intercept, inspect, modify, and replay traffic flows. It may be used for pentesting, troubleshooting, or learning about SSL/TLS.

Project details

mitmproxy is written in Python.

Strengths

  • + More than 50 contributors
  • + More than 7000 GitHub stars
  • + The source code of this software is available

Typical usage

  • network analysis
  • penetration test
  • security assessment

mitmproxy project page

78

Alternative: OpenSSL

OpenSSL is an open source project and provides a toolkit for Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols.

Project details

OpenSSL is written in C.

Strengths

  • + The source code of this software is available
  • + Well-known library

Weaknesses

  • - Major vulnerabilities in the past

Typical usage

  • certificate management
  • data encryption

OpenSSL project page

96

Alternative: O-Saft

O-Saft is a security tool to show information about SSL certificates. It tests the SSL connection with the given list of ciphers and configuration.

O-Saft is the abbreviation for OWASP SSL advanced forensic tool.

Project details

O-Saft is written in Perl.

Strengths

  • + The source code of this software is available

Typical usage

  • information gathering
  • penetration test
  • security assessment
  • vulnerability scanning
  • web application analysis

O-Saft project page

60

Alternative: sslcaudit

The sslcaudit project helps with automated testing of SSL/TLS clients for resistance against MITM attacks.

This project focuses on the niche of testing SSL/TLS clients.

Project details

sslcaudit is written in Python.

Strengths

  • + The source code of this software is available

Typical usage

  • security assessment
  • software testing

sslcaudit project page

67

Alternative: SSLMap

SSLMap is a TLS/SSL cipher suite scanner. It provides a way to detect weak ciphers enabled on SSL endpoints and can be used during security assessments.

SSLMap uses its own SSL engine to avoid any dependencies or limitations with pre-installed libraries.

78

Alternative: SSLsplit

SSLsplit is a security tool to perform transparent SSL/TLS interception by using a so-called man-in-the-middle (MitM) attack.

SSLsplit is a tool for man-in-the-middle attacks against SSL/TLS encrypted network connections. Connections are transparently intercepted through a network address translation engine and redirected to SSLsplit. SSLsplit terminates SSL/TLS and initiates a new SSL/TLS connection to the original destination address, while logging all data transmitted. SSLsplit is intended to be useful for network forensics and penetration testing.

SSLsplit supports plain TCP, plain SSL, HTTP and HTTPS connections over both IPv4 and IPv6. For SSL and HTTPS connections, SSLsplit generates and signs forged X509v3 certificates on-the-fly, based on the original server certificate subject DN and subjectAltName extension. SSLsplit fully supports Server Name Indication (SNI) and is able to work with RSA, DSA and ECDSA keys and DHE and ECDHE cipher suites. Depending on the version of OpenSSL, SSLsplit supports SSL 3.0, TLS 1.0, TLS 1.1 and TLS 1.2, and optionally SSL 2.0 as well. SSLsplit can also use existing certificates of which the private key is available, instead of generating forged ones. SSLsplit supports NULL-prefix CN certificates and can deny OCSP requests in a generic way. For HTTP and HTTPS connections, SSLsplit removes response headers for HPKP in order to prevent public key pinning, for HSTS to allow the user to accept untrusted certificates, and Alternate Protocols to prevent switching to QUIC/SPDY. As an experimental feature, SSLsplit supports STARTTLS mechanisms in a generic manner.

Project details

SSLsplit is written in C.

Strengths

  • + The source code of this software is available

Typical usage

  • learning
  • network analysis
  • penetration test
  • security assessment

SSLsplit project page

85

Alternative: SSLyze

SSLyze provides a library for scanning services that use SSL/TLS for encrypted communications. It can be used to test their implementation.

97

Alternative: testssl.sh

testssl.sh is a command line tool which checks a system on any port for the support of TLS/SSL ciphers, protocols, as well as some cryptographic flaws.

Key features of testssl.sh include:

  • Clear output: you can tell easily whether anything is good or bad
  • Ease of installation: It works for Linux, Darwin, FreeBSD, NetBSD and MSYS2/Cygwin out of the box: no need to install or configure something, no gems, CPAN, pip or the like.
  • Flexibility: You can test any SSL/TLS enabled and STARTTLS service, not only webservers at port 443
  • Toolbox: Several command line options help you to run YOUR test and configure YOUR output
  • Reliability: features are tested thoroughly
  • Verbosity: If a particular check cannot be performed because of a missing capability on your client side, you'll get a warning
  • Privacy: It's only you who sees the result, not a third party
  • Freedom: It's 100% open source. You can look at the code, see what's going on and you can change it.

Project details

testssl.sh is written in shell script.

Strengths

  • + Used language is shell script
  • + The source code of this software is available

Typical usage

  • application testing
  • configuration audit

testssl.sh project page

60

Alternative: tlsenum

The CLI tool tlsenum attempts to enumerate what TLS cipher suites a server supports and then list them in order of priority.

This tool works by sending out sending out TLS ClientHello messages. Any ServerHello responses from the server are parsed. It assumes that the server is the one which decides the preferred cipher suite, giving an idea on the available ciphers.

Project details

tlsenum is written in Python.

Strengths

  • + The source code of this software is available

Typical usage

  • information gathering
  • security assessment
  • system hardening

tlsenum project page

60

Alternative: ZGrap

ZGrap is a TLS banner grabber and written in Go. It works together with the ZMap utility.

ZGrab is a stateful application-layer scanner. It works together with ZMap and is also part of the ZMap project. ZGrab is written in Go and supports multiple protocols, including:

  • BACNET
  • HTTP
  • HTTPS
  • FTP
  • IMAP
  • POP3
  • Modbus
  • Siemens S7
  • SMTP
  • SSH
  • Telnet
  • Tridium Fox

Project details

ZGrap is written in Golang.

Strengths

  • + The source code of this software is available

Typical usage

  • penetration test
  • security assessment
  • vulnerability scanning

ZGrap project page