30 open-source projects similar to ssh-mitm/ssh-mitm, ranked by how many features they have in common. Compare stars, activity and what each one does to find the best Ssh Mitm alternative.
This project is a comprehensive web application penetration testing guide and vulnerability research framework. It provides a structured methodology for identifying and exploiting security flaws through a phased approach involving reconnaissance, analysis, and exploitation. The resource is distinguished by its use of a curated methodology framework that links theoretical vulnerability patterns to real-world bug bounty reports and historical exploit examples. It includes a payload-based testing library and a reference system that maps specific vulnerability categories to recommended third-part
Evilginx2 is a man-in-the-middle phishing framework designed to proxy authentication traffic between a user and a target web service. By acting as a reverse proxy, the tool intercepts and relays web requests to capture credentials and session tokens in real time, enabling the bypass of multi-factor authentication mechanisms through session cookie hijacking. The platform distinguishes itself by integrating infrastructure orchestration with modular template-driven content injection. It automates the deployment of proxy servers, manages the lifecycle of encryption certificates, and applies conte
w3af is a web penetration testing suite and security audit framework designed to identify and exploit vulnerabilities in web applications. It functions as a vulnerability scanner that crawls targets to find injection points and a fuzzer used to discover hidden endpoints and test input validation. The project distinguishes itself by providing an intercepting HTTP proxy for capturing and modifying traffic, combined with a knowledge-base driven exploitation system. It enables the execution of security exploits to gain remote shell access and supports post-exploitation activities, such as routing
Wifiphisher is a modular security framework designed for wireless penetration testing and social engineering auditing. It functions as a platform for security professionals to assess the resilience of Wi-Fi networks by simulating unauthorized access, performing man-in-the-middle interceptions, and executing credential-harvesting scenarios. The tool distinguishes itself through its ability to combine rogue access point deployment with dynamic phishing interfaces. By forcing wireless clients to associate with deceptive infrastructure, the framework can capture network metadata and inject it int
Reqable is a cross-platform network debugging tool that functions as an HTTP/HTTPS debugging proxy, a REST API client, and a traffic replay tool. It captures, inspects, and modifies live traffic using a local MITM proxy engine, supports VPN tunnel capture for mobile devices, and provides a Python scripting sandbox for custom traffic processing. The application is available on Windows, macOS, Linux, iOS, and Android. The tool distinguishes itself by combining traffic interception with breakpoint-based request modification, allowing users to pause live HTTP traffic for manual inspection and alt
Suricata is an open-source network intrusion detection and prevention engine that analyzes live network traffic in real-time to identify and alert on malicious activity. It operates as a rule-based threat detection system, matching traffic against user-defined signatures to detect known attack patterns and policy violations, and can be placed inline to actively block malicious packets before they reach their target. The engine inspects a wide range of application-layer protocols including HTTP, DNS, TLS, SMB, and MQTT, and supports high-performance packet capture through specialized hardware a
Lando is a Docker development environment manager and local development orchestrator used to create isolated application stacks. It functions as a web development stack provisioner that coordinates web servers, databases, and runtimes to ensure consistent environment parity across different operating systems. The project distinguishes itself through recipe-based environment bootstrapping for common stacks such as LAMP, LEMP, and MEAN, as well as dedicated provisioning for CMS platforms like WordPress, Drupal, and Joomla. It further differentiates its capabilities by acting as a remote hosting
Bettercap is an extensible framework for network security testing that provides a unified interface for performing man-in-the-middle attacks, network reconnaissance, and traffic manipulation across WiFi, Bluetooth, and wired networks. It operates through a modular attack module system that loads and executes interchangeable offensive or diagnostic modules, supported by event-driven session management and multi-protocol network spoofing capabilities. The framework distinguishes itself by covering a broad range of network domains, including Bluetooth Low Energy scanning and enumeration, CAN-Bus
Ettercap is a network utility tool used for ARP spoofing, packet filtering, traffic interception, passive scanning, and DHCP hijacking. It functions as a network traffic interceptor and man-in-the-middle packet filter to monitor and manipulate live TCP/UDP connections on a local area network. The project provides specialized capabilities for traffic redirection via ARP cache poisoning, DHCP server spoofing, ICMP redirects, and switch port stealing. It also enables the emulation of rogue services and the decryption of SSH1 session streams by substituting public keys. Additional capabilities i
Bettercap is a modular framework designed for network reconnaissance, security testing, and the execution of man-in-the-middle attacks. It functions as a comprehensive utility for surveying wired and wireless network segments, identifying connected devices, and analyzing communication protocols through real-time traffic interception and manipulation. The platform distinguishes itself through an event-driven architecture that coordinates network state changes and packet-level data through a centralized message pipeline. It provides a programmable scripting engine and an API for orchestrating s
Proxyee is a Java-based network proxy library designed for building custom proxy servers that support traffic interception, inspection, and modification. It functions as a programmable framework for handling HTTP, HTTPS, and WebSocket traffic, providing the necessary tools to analyze and alter request and response data in real time. The project distinguishes itself through its man-in-the-middle capabilities, which include dynamic certificate generation to facilitate the decryption and re-encryption of secure traffic streams. This allows for granular control over network communications, suppor
Responder is a man-in-the-middle framework and network protocol spoofing tool designed to intercept network name queries and impersonate requested resources. It functions as a poisoner for LLMNR, NBT-NS, and MDNS, redirecting network traffic from clients to a controlled listener. The project serves as a credential capture tool that runs rogue servers for SMB, HTTP, and LDAP to collect NTLM hashes and clear text credentials. It enables the harvesting of encrypted authentication tokens and the interception of usernames and passwords sent without encryption. Its broader capabilities include int
fsociety is a penetration testing framework and security tool orchestrator designed to conduct full security audits. It functions as a wrapper that integrates external security binaries into a unified, menu-driven interface, providing a centralized system for command-line parameter mapping and execution. The project distinguishes itself by organizing specialized utilities into domain-specific collections for structured navigation. It automates the transition between different phases of an audit by chaining reconnaissance and exploitation tools through sequential workflow automation. The fram
This firmware transforms an ESP32 device into a portable penetration testing platform by combining an embedded JavaScript runtime with multi-protocol wireless attack capabilities, USB and Bluetooth HID emulation, and a menu-driven user interface. It is designed as a unified system that integrates persistent storage, hardware abstraction for external radio modules, a serial command protocol for headless operation, and a web-based remote desktop that streams the device screen and relays button inputs for remote control. The custom JavaScript scripting environment enables users to write and run
Tuya-Convert is a firmware flashing utility for IoT devices that exploits the over-the-air (OTA) update process to install custom firmware, bypass Tuya cloud dependencies, and enable local or open-source control. It automatically backs up the device’s original firmware before overwriting, allowing easy restoration. The tool achieves this by creating a spoofed Wi-Fi access point that the target device connects to, intercepting the OTA communication between the device and the Tuya cloud, then substituting a custom firmware binary during the transfer. It emulates the Tuya cloud protocol’s respon
Yakit is a comprehensive cybersecurity all-in-one platform designed for security assessments. It integrates a suite of core tools including an HTTP interception proxy for real-time traffic modification, an out-of-band interaction detector for verifying remote command execution via TCP, DNSLog, and ICMP, and a reverse shell manager for controlling remote server connections. The platform is distinguished by its dedicated security scripting environment, which allows for the development and execution of custom logic and plugins using a specialized high-performance language. It further extends fun
This project is a network traffic manipulation tool and proxy designed to intercept, inspect, and modify data streams between mobile applications and their servers. It functions as a scriptable content blocker and traffic router, allowing users to apply custom rules to incoming and outgoing network requests. The tool enables users to bypass regional restrictions and subscription paywalls by injecting configuration rules that override server-side validation. It also provides capabilities for removing advertisements, tracking scripts, and promotional content from mobile applications and web ser
This project is an Android RPA framework designed for automating user interfaces and system tasks on rooted Android devices using Python and ADB. It provides a suite of tools for rooted device management, allowing for programmatic control of system settings, application lifecycles, and shell command execution via a remote API. The framework distinguishes itself through a combination of dynamic instrumentation and AI integration. It can inject scripts into running processes to hook Java interfaces and modifies application behavior in real time. Additionally, it supports large language model in
Whistle is an HTTP debugging proxy that captures, inspects, and modifies traffic through a web-based management interface. It operates as a man-in-the-middle proxy, intercepting HTTP, HTTPS, HTTP/2, WebSocket, and TCP traffic between clients and servers, and provides a plugin-based architecture that extends core functionality with custom rules, UI panels, and protocol handlers at runtime. The project distinguishes itself through a combination of capabilities that go beyond basic traffic inspection. It supports server-side headless operation on Linux, allowing it to intercept traffic for appli
This project is a standalone utility that enables one-click video downloading from WeChat Channels by intercepting the network traffic of the WeChat desktop client. It operates as a local HTTP proxy positioned between the desktop app and the internet, capturing video streams and adding a download button directly into the app's built-in media player interface. What distinguishes this tool is its use of real‑time network‑layer augmentation rather than modifying the desktop client itself. It patches HTTP responses as they pass through the proxy to inject interactive download controls, and on the
This project is a curated collection of frameworks, libraries, and toolsets designed for social engineering and public data gathering. It aggregates specialized software and educational materials used to perform human-centric attacks during professional security engagements. The directory provides resources for gathering and visualizing open source intelligence to identify sensitive information leaks. It also includes a collection of methods and software for executing phishing campaigns to harvest credentials and session cookies. The repository further covers educational materials focused on
Nishang is a PowerShell-based offensive security framework designed for red teaming and penetration testing on Windows targets. It functions as a post-exploitation toolkit and payload generator to automate attacks and manage remote targets. The project provides specialized capabilities for bypassing security controls, such as disabling the Antimalware Scan Interface and employing in-memory execution to avoid disk-based detection. It includes a variety of stealthy command and control mechanisms, utilizing non-standard channels like DNS TXT records, ICMP traffic, and webmail for communication a
This project is a comprehensive API security audit checklist and vulnerability audit framework. It provides a structured guide of security countermeasures for designing, testing, and deploying secure APIs across various protocols. The framework includes specialized guides for securing OAuth 2.0 authorization flows, implementing zero trust networking for service-to-service communication, and protecting GraphQL endpoints from resource exhaustion and information leakage. It also provides standards for integrating static analysis, dynamic scanning, and secret detection into CI/CD delivery pipelin
EmDash is an open-source content management system built on Astro that combines a visual admin panel with a plugin-driven architecture and server-side rendering. It provides a complete content management system with structured content modeling, a rich text editor using Portable Text format, and a TypeScript API for type-safe content queries. The system supports authentication through passkeys, OAuth 2.1, and external providers, with role-based access control and fine-grained permission scopes. What distinguishes EmDash is its plugin development framework, which supports both native plugins ru
P4wnP1 is a hardware-based USB HID attack platform and peripheral emulator. It functions as a tool for emulating USB keyboards and mice to execute automated keystroke payloads, as well as a WiFi-enabled remote access tool that provides a wireless bridge for network relay and SSH access. The project is distinguished by its ability to establish covert bidirectional communication channels and remote shells using raw HID reports, specifically to bridge air-gapped systems. It further enables wireless network interception and the routing of network traffic over WiFi to facilitate man-in-the-middle
RuneLite is an open-source game client for OldSchool RuneScape. It serves as a community-driven alternative to the official software, functioning as a modified client that allows for deep customization and feature extension. The project provides a programmable game plugin system that enables the development and injection of custom tools directly into the running game environment. This framework allows for the creation of interface enhancements and the integration of custom logic to modify client behavior. The system also includes a game cache data manager for reading and manipulating local a
This project is a collection of management interfaces and platforms for network-connected hardware. It functions as a firmware extension platform, a network storage operating system manager, and a network routing administrator. The system enables the installation of open-source plugins and third-party add-ons to expand device capabilities. It provides a management interface for network attached storage, allowing for remote file management and peer-to-peer media streaming. Broad capabilities cover network routing configuration through policy-based routing and dynamic DNS, as well as firmware
Lynis is an automated security auditing and system hardening framework designed for UNIX-based operating systems. It functions as a command-line utility that inspects local system configurations to identify security vulnerabilities, configuration weaknesses, and compliance gaps. By executing a series of modular tests, the tool generates actionable reports and remediation suggestions to assist in strengthening system defenses. The project distinguishes itself through a highly modular architecture that relies on shell-script-based execution and native system inspection. Users can define custom
This project provides a comprehensive, modular framework for auditing and hardening personal digital and physical security. It functions as a structured, platform-agnostic knowledge base that breaks down complex security standards into granular, actionable tasks. By utilizing a static documentation architecture, the project ensures that its guidance remains accessible and transparent, allowing users to track their security posture incrementally through a persistent, manual progress-tracking system. The project distinguishes itself by bridging the gap between digital cybersecurity and physical