SSH MITM alternatives

Looking for an alternative tool to replace SSH MITM? During the review of SSH MITM we looked at other open source tools. Based on their category, tags, and text, these are the ones that have the best match.

Top 3

  1. mitmproxy (TLS/SSL traffic interception)
  2. Seth (MitM tool for RDP connections)
  3. ArpON (MitM defense tool)

These tools are ranked as the best alternatives to SSH MITM.

Alternatives (by score)

78

mitmproxy (mitmproxy)

Introduction

The mitmproxy tool allows to intercept, inspect, modify, and replay traffic flows. It may be used for pentesting, troubleshooting, or learning about SSL/TLS.

Project details

mitmproxy is written in Python.

Strengths and weaknesses

  • + More than 200 contributors
  • + More than 10000 GitHub stars
  • + The source code of this software is available

    Typical usage

    • Network analysis
    • Penetration testing
    • Security assessment

    mitmproxy review

    64

    Seth

    Introduction

    Seth is a security tool to perform a man-in-the-middle (MitM) attack and extract clear text credentials from RDP connections.

    Project details

    Seth is written in Python, shell script.

    Strengths and weaknesses

    • + The source code of this software is available

      Typical usage

      • Penetration testing
      • Security assessment

      Seth review

      63

      ArpON

      Introduction

      ArpOn protects a system by running as a daemon and guard against a Man in the Middle (MitM) attack due to ARP spoofing, cache poisoning, or an ARP poison routing attack.

      The tool works by using three types of inspection to detect a related attack.

      • SARPI (Static ARP Inspection), statically configured networks (without DHCP)
      • DARPI (Dynamic ARP Inspection), dynamically configured networks (with DHCP)
      • HARPI (Hybrid ARP Inspection), statically and dynamically configured networks (with DHCP)

      Project details

      ArpON is written in C.

      Strengths and weaknesses

      • + The source code of this software is available

        ArpON review

        100

        BetterCAP

        Introduction

        BetterCAP is often used by those who perform penetration testing and security assessments. This tool and framework is in particular useful for attempting man-in-the-middle attacks (MitM).

        Project details

        BetterCAP is written in Golang.

        Strengths and weaknesses

        • + More than 25 contributors
        • + More than 2000 GitHub stars
        • + The source code of this software is available

          Typical usage

          • Bypassing security measures
          • Penetration testing
          • Security assessment

          BetterCAP review

          63

          DNSChef

          Introduction

          DNSChef is a DNS proxy that can be used terminate or intercept traffic for DNS traffic. This might be useful during a penetration test or when researching malware and manipulate the actual DNS responses.

          Project details

          60

          Nili

          Introduction

          This tool performs multiple types of scanning and attacks, which can be useful during penetration tests and security assignments.

          Project details

          Nili is written in Python.

          Strengths and weaknesses

          • + The source code of this software is available

            Typical usage

            • Network scanning
            • Penetration testing
            • Security assessment

            Nili review

            60

            sslcaudit

            Introduction

            Sslcaudit is a tool that focuses on the niche of testing SSL/TLS clients.

            Project details

            sslcaudit is written in Python.

            Strengths and weaknesses

            • + The source code of this software is available

              Typical usage

              • Security assessment
              • Software testing

              sslcaudit review

              97

              SSLsplit

              Introduction

              SSLsplit is a tool for man-in-the-middle attacks against SSL/TLS encrypted network connections. Connections are transparently intercepted through a network address translation engine and redirected to SSLsplit. SSLsplit terminates SSL/TLS and initiates a new SSL/TLS connection to the original destination address, while logging all data transmitted. SSLsplit is intended to be useful for network forensics and penetration testing.

              SSLsplit supports plain TCP, plain SSL, HTTP and HTTPS connections over both IPv4 and IPv6. For SSL and HTTPS connections, SSLsplit generates and signs forged X509v3 certificates on-the-fly, based on the original server certificate subject DN and subjectAltName extension. SSLsplit fully supports Server Name Indication (SNI) and is able to work with RSA, DSA and ECDSA keys and DHE and ECDHE cipher suites. Depending on the version of OpenSSL, SSLsplit supports SSL 3.0, TLS 1.0, TLS 1.1 and TLS 1.2, and optionally SSL 2.0 as well. SSLsplit can also use existing certificates of which the private key is available, instead of generating forged ones. SSLsplit supports NULL-prefix CN certificates and can deny OCSP requests in a generic way. For HTTP and HTTPS connections, SSLsplit removes response headers for HPKP in order to prevent public key pinning, for HSTS to allow the user to accept untrusted certificates, and Alternate Protocols to prevent switching to QUIC/SPDY. As an experimental feature, SSLsplit supports STARTTLS mechanisms in a generic manner.

              Project details

              SSLsplit is written in C.

              Strengths and weaknesses

              • + The source code of this software is available

                Typical usage

                • Learning
                • Network analysis
                • Penetration testing
                • Security assessment

                SSLsplit review

                60

                ssh-audit

                Introduction

                The ssh-audit tool is of great help when scanning SSH servers to discover possible improvements. It is written in Python and with a simple 'git clone' it can already be started. You typically would use a tool like this to improve your own SSH configurations or as part of a security assignment.

                Project details

                ssh-audit is written in Python.

                Strengths and weaknesses

                • + The source code is easy to read and understand
                • + Tool is easy to use
                • + More than 2000 GitHub stars
                • + Very low number of dependencies
                • + The source code of this software is available

                  Typical usage

                  • Application security
                  • Penetration testing
                  • Security assessment

                  ssh-audit review

                  60

                  SSHsec

                  Introduction

                  SSHsec scans a system running the SSH protocol and retrieves its configuration, host keys, and Diffie-Hellman groups.

                  Project details

                  SSHsec is written in Python.

                  Strengths and weaknesses

                  • + The source code of this software is available

                    Typical usage

                    • Information gathering
                    • Penetration testing
                    • Security assessment

                    SSHsec review

                    Some relevant tool missing as an alternative to SSH MITM? Please contact us with your suggestion.