Medusa vs sslstrip

Medusa

Medusa is a cross-platform C2 agent compatible with Python 2.7 and 3.8, compatible with Mythic (by MythicAgents)

Suggest topics

Source Code

Suggest alternative

Edit details

sslstrip

A tool for exploiting Moxie Marlinspike's SSL "stripping" attack. (by moxie0)

Suggest topics

Source Code

thoughtcrime.org

Suggest alternative

Edit details

InfluxDB - Power Real-Time Data Analytics at Scale

Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.

www.influxdata.com

featured

SaaSHub - Software Alternatives and Reviews

SaaSHub helps you find the best software and product alternatives

www.saashub.com

featured

Medusa		sslstrip
	Project
3	Mentions	7
158	Stars	1,857
0.6%	Growth	-
4.4	Activity	0.0
about 1 year ago	Latest Commit	almost 3 years ago
Python	Language	Python
-	License	GNU General Public License v3.0 only

The number of mentions indicates the total number of mentions that we've tracked plus the number of user suggested alternatives.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.

Medusa

Posts with mentions or reviews of Medusa. We have used some of these posts to build our list of alternatives and similar projects. The last one was on 2022-02-27.

Some information and advice about DDoS, from someone who was there during #opPayback
51 projects | /r/anonymous | 27 Feb 2022
List of resources
29 projects | /r/HackForUkraine | 27 Feb 2022
Medusa - a cross-platform C2 agent compatible with Python 2.7 and 3.8, compatible with Mythic
1 project | /r/purpleteamsec | 19 Jul 2021

sslstrip

Posts with mentions or reviews of sslstrip. We have used some of these posts to build our list of alternatives and similar projects. The last one was on 2022-02-27.

Some information and advice about DDoS, from someone who was there during #opPayback
51 projects | /r/anonymous | 27 Feb 2022
List of resources
29 projects | /r/HackForUkraine | 27 Feb 2022
Is there a tool to control bandwidth for debugging purposes?
5 projects | /r/JetsonNano | 5 Jan 2022

Another option might be to try something like sslstrip to strip off the TLS layer so you can point your tools at the stripped-off/non-TLS endpoint. Probably non-trivial to get this old code working on any system though, let alone a Jetson: https://github.com/moxie0/sslstrip
Awesome Penetration Testing
124 projects | dev.to | 6 Oct 2021

sslstrip - Demonstration of the HTTPS stripping attacks.
Tracking One Year of Malicious Tor Exit Relay Activities (Part II)
1 project | news.ycombinator.com | 10 May 2021

Yeah. And for anyone unaware, this technique, SSL stripping, was made well-known (and arguably pioneered?) by Moxie Marlinspike of Signal with his tool sslstrip back in 2011: https://github.com/moxie0/sslstrip. I believe that's what he was most famous for before Signal.
MITM (Man-In-The-Middle) Attacks and Prevention
1 project | dev.to | 23 Mar 2021

Once the connection has been intercepted, the attacker can use a tool such as sslstrip to disable all HTTPS redirects and change https:// links to unencrypted http://.
Qualcuno mi sa spiegare perché il sito del SENATO non utilizza il protocollo https? (rendendolo di fatto "insicuro")
1 project | /r/ItalyInformatica | 19 Jan 2021

E' possibile, per quanto molto meno facile. https://github.com/moxie0/sslstrip per esempio. Ci sono anche altre tecniche che si basano sulla manipolazione delle richieste di DNS e cose simili. Sicuramente molto piu' facile da notare e ordini di grandezza piu' complesso di HTTP, che è assolutamente triviale.

What are some alternatives?

When comparing Medusa and sslstrip you can also consider the following projects:

social-analyzer - API, CLI, and Web App for analyzing and finding a person's profile in 1000 social media \ websites

mitmproxy - An interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers.

CMSeeK - CMS Detection and Exploitation suite - Scan WordPress, Joomla, Drupal and over 180 other CMSs

toxiproxy - :alarm_clock: :fire: A TCP proxy to simulate network and system conditions for chaos and resiliency testing

LinkedInt - LinkedIn Recon Tool

EvilOSX - An evil RAT (Remote Administration Tool) for macOS / OS X.

venom - venom - C2 shellcode generator/compiler/handler

SQLMap - Automatic SQL injection and database takeover tool

Mythic - A collaborative, multi-platform, red teaming framework

lynis - Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional.

shad0w - A post exploitation framework designed to operate covertly on heavily monitored environments

RustScan - 🤖 The Modern Port Scanner 🤖

Medusa vs social-analyzer sslstrip vs mitmproxy Medusa vs CMSeeK sslstrip vs toxiproxy Medusa vs LinkedInt sslstrip vs EvilOSX Medusa vs venom sslstrip vs SQLMap Medusa vs Mythic sslstrip vs lynis Medusa vs shad0w sslstrip vs RustScan

Compare Medusa vs sslstrip and see what are their differences.

Medusa

sslstrip

Medusa

sslstrip

What are some alternatives?