30 open-source projects similar to jtesta/ssh-mitm, ranked by how many features they have in common. Compare stars, activity and what each one does to find the best Ssh Mitm alternative.
PETEP (PEnetration TEsting Proxy) is an open-source Java application for traffic analysis & modification using TCP/UDP proxies. PETEP is a useful tool for performing penetration tests of applications with various application protocols. ⚡
Evilgrade is a modular framework that allows the user to take advantage of poor upgrade implementations by injecting fake updates.
Secure multithreaded packet sniffer
An engine to make Tor network your default gateway
Morpheus - Automating Ettercap TCP/IP (MITM-hijacking Tool)
DNSChef - DNS proxy for Penetration Testers and Malware Analysts
RustScan is a high-speed TCP network scanner written in Rust, designed for security reconnaissance and network mapping. It functions as an automated port discovery engine that identifies open ports on remote hosts using IPv6 addresses, CIDR ranges, or bulk input files. The tool is built for rapid surface area discovery, utilizing parallel port processing and OS-aware performance optimizations to identify active services. It allows for scan precision tuning through adjustable connection timeout thresholds and concurrent request controls to balance speed and accuracy. The system integrates wit
Responder is a man-in-the-middle framework and network protocol spoofing tool designed to intercept network name queries and impersonate requested resources. It functions as a poisoner for LLMNR, NBT-NS, and MDNS, redirecting network traffic from clients to a controlled listener. The project serves as a credential capture tool that runs rogue servers for SMB, HTTP, and LDAP to collect NTLM hashes and clear text credentials. It enables the harvesting of encrypted authentication tokens and the interception of usernames and passwords sent without encryption. Its broader capabilities include int
Amass is a network attack surface mapper and reconnaissance framework designed to discover and map the external, internet-facing infrastructure of a target organization. It functions as an open source intelligence tool that identifies public network boundaries and locates hidden or forgotten subdomains to define an organization's total reachable footprint. The project utilizes passive-source data aggregation from external APIs and public databases alongside active DNS brute-forcing and recursive subdomain expansion. It employs a graph-based asset mapping system to visualize the relationships
Reqable is a cross-platform network debugging tool that functions as an HTTP/HTTPS debugging proxy, a REST API client, and a traffic replay tool. It captures, inspects, and modifies live traffic using a local MITM proxy engine, supports VPN tunnel capture for mobile devices, and provides a Python scripting sandbox for custom traffic processing. The application is available on Windows, macOS, Linux, iOS, and Android. The tool distinguishes itself by combining traffic interception with breakpoint-based request modification, allowing users to pause live HTTP traffic for manual inspection and alt
Rayhunter is an IMSI catcher detection tool and cellular network monitor designed to identify cell-site simulators and fake base stations. It functions as an SDR signal analyzer that tracks tower connectivity, logs GPS locations, and monitors for network downgrades or disabled encryption on mobile hardware. The system distinguishes itself through heuristic-based traffic analysis used to detect suspicious identity requests, malformed system information, and the use of null ciphers. It includes a remote device management interface consisting of a REST API and web dashboard for controlling detec
ntopng is a web-based network traffic monitoring tool and flow data aggregator. It functions as a network security monitor, an SNMP network management system, and an industrial protocol analyzer for OT and SCADA environments. The system provides specialized inspection for industrial protocols such as Modbus, DNP3, and IEC 60870. It distinguishes itself through behavioral threat detection, encrypted traffic analysis via handshake fingerprinting, and the ability to identify hardware and operating systems using DHCP and MAC address patterns. Its broader capabilities include real-time traffic an
Inveigh is a cross-platform .NET IPv4/IPv6 machine-in-the-middle tool for penetration testers.
Invoke-TheHash contains PowerShell functions for performing pass the hash WMI and SMB tasks. WMI and SMB connections are accessed through the .NET TCPClient. Authentication is performed by passing an NTLM hash into the NTLMv2 authentication protocol. Local administrator privilege is not required…
PCredz is a network credential extraction tool and traffic analyzer designed to intercept passwords, hashes, and tokens from IPv4 and IPv6 traffic. It functions as both a real-time monitor for live network interfaces and a parser for saved packet capture files. The tool identifies sensitive information, including credit card numbers and authentication tokens, using protocol-aware parsing. It further acts as a password hash recovery utility by normalizing captured authentication hashes into specific syntaxes compatible with external recovery software. Capabilities include real-time traffic in
Responder is a network penetration testing tool that intercepts and spoofs link-local name resolution queries, including LLMNR, NBT-NS, and mDNS, to redirect traffic to an attacker-controlled host. It hosts rogue protocol servers for over 15 protocols, capturing authentication credentials during challenge-response handshakes, and stores captured hashes and cleartext credentials in a SQLite database for structured offline analysis. The tool distinguishes itself through its ability to relay captured NTLM authentication challenges to target services for lateral movement without cracking the hash
Uptime Kuma is a self-hosted monitoring platform designed to track the availability and performance of network services and websites. It functions as a centralized dashboard that executes asynchronous health checks on a scheduled interval, providing real-time visibility into infrastructure health and service uptime. The platform distinguishes itself through a dedicated notification engine that dispatches alerts across multiple third-party messaging services, alongside a public status page generator that allows users to communicate service health and historical metrics via custom domains. Its
Title: TorCrawl.py Description: A Python script designed for anonymous web scraping via the Tor network. Author: MikeMeliz -->
sslstrip is a MITM tool that implements Moxie Marlinspike's SSL stripping attacks.