knockknock VS tosh

Compare knockknock vs tosh and see what are their differences.

knockknock

A simple, secure, and stealthy port knocking implementation that does not use libpcap or bind to a socket interface. (by moxie0)
Suggest topics
Source Code
thoughtcrime.org
Suggest alternative
Edit details

tosh

Imagine your SSH server only listens on an IPv6 address, and where the last 6 digits are changing every 30 seconds as a TOTP code... (by mikroskeem)
Ipv6 Totp tosh SSH security-by-obscurity moving-target-defense Ctf
Source Code
Suggest alternative
Edit details
InfluxDB - Power Real-Time Data Analytics at Scale
Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
www.influxdata.com
featured
SaaSHub - Software Alternatives and Reviews
SaaSHub helps you find the best software and product alternatives
www.saashub.com
featured
knockknock tosh
3 1
504 411
- -
0.0 2.6
over 5 years ago almost 3 years ago
Python Rust
GNU General Public License v3.0 only MIT License
The number of mentions indicates the total number of mentions that we've tracked plus the number of user suggested alternatives.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.

knockknock

Posts with mentions or reviews of knockknock. We have used some of these posts to build our list of alternatives and similar projects. The last one was on 2024-04-01.
  • Xzbot: Notes, honeypot, and exploit demo for the xz backdoor (CVE-2024-3094)
    6 projects | news.ycombinator.com | 1 Apr 2024
    It's old and there are probably friendlier options out there now, but

    https://github.com/moxie0/knockknock/blob/master/INSTALL

  • Ssh brute force attack with fail2ban.
    2 projects | /r/linuxadmin | 19 May 2023
  • SSH server that changes listen address every 30 seconds based on TOTP
    2 projects | news.ycombinator.com | 22 May 2021
    > Or is completely firewalled off from the world, and only accessible once you've authenticated yourself to your VPN. Or only reachable once you first authenticate (public/private keys, two factor crypto key auth, etc) to a bastion host, and then reach the system from the bastion.

    There's a lot of attack surface in there. Port-knocking is supposed to be a way to reduce attack surface. It's a belt-and-suspenders approach to the reality that even fully patched openssh has exploitable bugs.

    Using this tool, a MITM with an openssh 0day can just follow you in. KnockKnock [0] and tools like it do not suffer from this defect. This tool is conceptually similar to KnockKnock, using OTP instead of a monotonic counter. Using OTP opens it up to replay attacks.

    https://github.com/moxie0/knockknock

tosh

Posts with mentions or reviews of tosh. We have used some of these posts to build our list of alternatives and similar projects. The last one was on 2021-05-22.

What are some alternatives?

When comparing knockknock and tosh you can also consider the following projects:

place-ipv6-server - A recreation of ziad87s "very stupid thing" (rip). Now in v2: Electric Boogaloo

tosh vs place-ipv6-server