Open-source alternatives to Ettercap

This firmware transforms an ESP32 device into a portable penetration testing platform by combining an embedded JavaScript runtime with multi-protocol wireless attack capabilities, USB and Bluetooth HID emulation, and a menu-driven user interface. It is designed as a unified system that integrates persistent storage, hardware abstraction for external radio modules, a serial command protocol for headless operation, and a web-based remote desktop that streams the device screen and relays button inputs for remote control. The custom JavaScript scripting environment enables users to write and run

Zapret is a deep packet inspection bypass tool and packet manipulation framework designed to circumvent network censorship. It operates as a transparent network proxy and TCP traffic obfuscator that modifies packets to deceive network inspection systems. The project distinguishes itself through advanced desynchronization strategies, including the modification of TLS client hello handshakes and the use of fake packet injection. It utilizes a combination of TCP stream segmentation, sequence overlapping, and TTL adjustment to hide prohibited requests from firewalls while ensuring the destination

This project is a censorship circumvention utility designed to maintain connectivity to restricted online services by evading deep packet inspection. It functions as a network traffic redirection service that manipulates packet headers at the transport layer to bypass regional network filters and censorship systems. The tool distinguishes itself by providing granular control over traffic management, allowing users to define specific lists of domains and IP addresses for targeted interception. By applying custom bypass strategies only to these designated hosts, the utility ensures that the rem

Maskphish is a comprehensive security toolkit that integrates capabilities for digital forensics, network vulnerability scanning, open-source intelligence, penetration testing, and social engineering. It functions as a multi-purpose framework for automating reconnaissance and executing security audits across diverse network environments. The project features a specialized phishing and social engineering toolkit used for cloning websites, masking URLs, and deploying deceptive pages to capture user credentials. It also includes a remote access Trojan builder for generating platform-specific exe

Evilginx2 is a man-in-the-middle phishing framework designed to proxy authentication traffic between a user and a target web service. By acting as a reverse proxy, the tool intercepts and relays web requests to capture credentials and session tokens in real time, enabling the bypass of multi-factor authentication mechanisms through session cookie hijacking. The platform distinguishes itself by integrating infrastructure orchestration with modular template-driven content injection. It automates the deployment of proxy servers, manages the lifecycle of encryption certificates, and applies conte

Bettercap is an extensible framework for network security testing that provides a unified interface for performing man-in-the-middle attacks, network reconnaissance, and traffic manipulation across WiFi, Bluetooth, and wired networks. It operates through a modular attack module system that loads and executes interchangeable offensive or diagnostic modules, supported by event-driven session management and multi-protocol network spoofing capabilities. The framework distinguishes itself by covering a broad range of network domains, including Bluetooth Low Energy scanning and enumeration, CAN-Bus

Bettercap is a modular framework designed for network reconnaissance, security testing, and the execution of man-in-the-middle attacks. It functions as a comprehensive utility for surveying wired and wireless network segments, identifying connected devices, and analyzing communication protocols through real-time traffic interception and manipulation. The platform distinguishes itself through an event-driven architecture that coordinates network state changes and packet-level data through a centralized message pipeline. It provides a programmable scripting engine and an API for orchestrating s

fsociety is a penetration testing framework and security tool orchestrator designed to conduct full security audits. It functions as a wrapper that integrates external security binaries into a unified, menu-driven interface, providing a centralized system for command-line parameter mapping and execution. The project distinguishes itself by organizing specialized utilities into domain-specific collections for structured navigation. It automates the transition between different phases of an audit by chaining reconnaissance and exploitation tools through sequential workflow automation. The fram

Yakit is a comprehensive cybersecurity all-in-one platform designed for security assessments. It integrates a suite of core tools including an HTTP interception proxy for real-time traffic modification, an out-of-band interaction detector for verifying remote command execution via TCP, DNSLog, and ICMP, and a reverse shell manager for controlling remote server connections. The platform is distinguished by its dedicated security scripting environment, which allows for the development and execution of custom logic and plugins using a specialized high-performance language. It further extends fun

Tuya-Convert is a firmware flashing utility for IoT devices that exploits the over-the-air (OTA) update process to install custom firmware, bypass Tuya cloud dependencies, and enable local or open-source control. It automatically backs up the device’s original firmware before overwriting, allowing easy restoration. The tool achieves this by creating a spoofed Wi-Fi access point that the target device connects to, intercepting the OTA communication between the device and the Tuya cloud, then substituting a custom firmware binary during the transfer. It emulates the Tuya cloud protocol’s respon

Proxyman is a cross-platform HTTP debugging proxy that captures, inspects, and modifies HTTP, HTTPS, and WebSocket traffic. It functions as a man-in-the-middle proxy, decrypting SSL/TLS traffic to allow real-time inspection and modification of encrypted requests and responses. The tool is designed for debugging web and mobile applications, with capabilities for API mocking and simulation, scriptable traffic modification, and team collaboration on network logs. What distinguishes Proxyman is its deep integration with mobile and cross-platform development workflows. It provides automated certif

Wifiphisher is a modular security framework designed for wireless penetration testing and social engineering auditing. It functions as a platform for security professionals to assess the resilience of Wi-Fi networks by simulating unauthorized access, performing man-in-the-middle interceptions, and executing credential-harvesting scenarios. The tool distinguishes itself through its ability to combine rogue access point deployment with dynamic phishing interfaces. By forcing wireless clients to associate with deceptive infrastructure, the framework can capture network metadata and inject it int

This project is a network traffic manipulation tool and proxy designed to intercept, inspect, and modify data streams between mobile applications and their servers. It functions as a scriptable content blocker and traffic router, allowing users to apply custom rules to incoming and outgoing network requests. The tool enables users to bypass regional restrictions and subscription paywalls by injecting configuration rules that override server-side validation. It also provides capabilities for removing advertisements, tracking scripts, and promotional content from mobile applications and web ser

Res-downloader is a network proxy utility designed to intercept, analyze, and extract multimedia assets from web traffic. It functions as a gateway that captures video, audio, and image files directly from data streams for local storage and offline access. The tool employs man-in-the-middle interception to decrypt and inspect network packets, allowing it to identify media resources through pattern matching and content type filtering. It integrates proxy-based routing to manage outgoing requests, enabling the retrieval of content that may be subject to regional restrictions or network-level ac

This project is a proxy server designed to intercept and modify HTTP and HTTPS traffic for Netease Cloud Music. It functions as network middleware to restore playback for songs and albums restricted by geographic regions and to unlock premium account features, such as high-fidelity audio. The server utilizes header-based privilege injection to spoof premium status and employs conditional content redirection to route requests for unavailable media to alternative source providers. It also incorporates upstream proxy routing and IP parameters to bypass regional access restrictions. Additional c

Telepresence is a hybrid development environment and network proxy for Kubernetes. It provides a system for running workloads on a local machine while maintaining active connectivity to a remote cluster environment. The project functions as a traffic interceptor and network bridge, establishing a two-way tunnel between a local workstation and a remote cluster. This allows for the redirection of traffic from a remote Kubernetes service to a local process, enabling real-time debugging and testing of code without the need to redeploy containers. Its capabilities cover remote cluster connectivit

Netch is a multi-protocol proxy client and network traffic interceptor designed to route internet traffic through VPN and proxy tunnels. It functions as a connection manager that tunnels outbound data to modify network paths and bypass network restrictions. The project supports a wide range of tunneling protocols, including Socks5, Shadowsocks, WireGuard, Trojan, VMess, and VLESS. It distinguishes itself by offering the ability to distribute established proxy connections to other devices on a local network and by providing UDP FullCone NAT support to maintain stable peer-to-peer connectivity

Bowser is a browser detection library that parses user-agent strings to identify a browser's name, version, rendering engine, and operating system. It functions as a user-agent parser and version constraint checker, extracting structured browser and platform details from raw user-agent strings without external dependencies. The library distinguishes itself by integrating User-Agent Client Hints alongside traditional user-agent data for more accurate browser identification in modern environments. It provides cross-platform browser detection that works consistently across desktop and mobile ope

r0capture is a tool for intercepting network traffic from Android applications. It serves as a traffic interceptor, packet sniffer, and client certificate exporter used to analyze application-layer communication on Android devices. The project provides mechanisms to bypass SSL pinning and certificate validation, allowing the decryption of encrypted traffic without modifying device trust stores. It also enables the extraction of client-side certificates from application memory for saving to local device storage. Captured network data is serialized into PCAP files to support offline protocol a

This project is a shell-based installation suite designed to set up the software toolchain required for artificial intelligence software development. It provides a standardized collection of programming languages, libraries, and system utilities to prepare a local machine for a software engineering bootcamp. The suite utilizes automated shell scripts to handle dependency-driven installations and system configuration. It includes cross-platform setup guides and OS-detection branching to apply the correct binary versions and installation paths across different hardware. The toolchain is organi

Clumsy is a Windows network fault injection tool that intercepts system-wide network traffic at the kernel level using the WinDivert driver, without requiring proxy configuration or application code changes. It captures and manipulates packets for all running applications, including localhost connections, enabling controlled testing of application behavior under degraded network conditions. The tool provides comprehensive network impairment capabilities including latency simulation, bandwidth throttling, packet loss, corruption, duplication, and reordering. Users can apply these impairments s

Ladon is an internal network penetration scanner and vulnerability assessment tool designed to identify high-risk security flaws and assets across network segments. It operates as a fileless security scanner, executing its engine and modules directly in memory to avoid leaving a disk footprint on target systems. The project is distinguished by its integration as a plugin for command beacons, specifically within the Cobalt Strike framework. This allows for memory-resident network discovery and vulnerability detection. It further supports stealth operations through payload and script obfuscatio

ufw-docker is a network security tool and firewall manager designed to enforce UFW security policies on Docker container traffic. It functions as a Linux firewall orchestrator that modifies routing and filter rules to prevent container traffic from bypassing system firewall policies via iptables. The tool provides capabilities for isolated port exposure, allowing specific ports or protocols to be opened for containers without exposing them on the host machine. It also manages network subnet security for IPv4 and IPv6 through automatic detection and custom CIDR ranges. The system includes aut

Proxypin is a cross-platform HTTP and HTTPS proxy debugger designed to capture, inspect, and modify network traffic. It functions as a man-in-the-middle interceptor, allowing developers to analyze application data flows and validate network communication during development and testing. The tool distinguishes itself through its focus on mobile and remote device integration, utilizing QR-code-based configuration synchronization to simplify the setup of proxy settings and security certificates. It includes an event-driven scripting engine that enables programmatic manipulation of requests and re

Nishang is a PowerShell-based offensive security framework designed for red teaming and penetration testing on Windows targets. It functions as a post-exploitation toolkit and payload generator to automate attacks and manage remote targets. The project provides specialized capabilities for bypassing security controls, such as disabling the Antimalware Scan Interface and employing in-memory execution to avoid disk-based detection. It includes a variety of stealthy command and control mechanisms, utilizing non-standard channels like DNS TXT records, ICMP traffic, and webmail for communication a

P4wnP1 is a hardware-based USB HID attack platform and peripheral emulator. It functions as a tool for emulating USB keyboards and mice to execute automated keystroke payloads, as well as a WiFi-enabled remote access tool that provides a wireless bridge for network relay and SSH access. The project is distinguished by its ability to establish covert bidirectional communication channels and remote shells using raw HID reports, specifically to bridge air-gapped systems. It further enables wireless network interception and the routing of network traffic over WiFi to facilitate man-in-the-middle

Toxiproxy is a framework designed for chaos engineering and network resilience testing. It functions as a programmable TCP proxy that intercepts and routes data streams between clients and servers, allowing developers to simulate unstable network conditions such as latency, bandwidth throttling, and connection failures. The tool provides a control plane that enables the dynamic manipulation of network conditions on active connections in real time. By integrating into automated test suites, it allows for the programmatic injection of faults to validate how distributed systems and microservices