Certainly: Open-source offensive security toolkit

Certainly is an open-source offensive security toolkit designed to capture extensive traffic across various network protocols in bit-flip and typosquatting scenarios.

open-source offensive security

Built-in protocols: DNS, HTTP(S), IMAP(S), SMTP(S).

“The reason why we created Certainly was to simplify the process of capturing and collecting requests that devices send to domains they where not intended to. By listening on multiple ports and protocols and leveraging a unique approach that certainly holds a new incoming session and, if needed, generates a valid TLS certificate on the fly. So, by saying ‘yes, that’s correct’ to every incoming request, we can capture requests that earlier weren’t possible. Another design feature of the tool was the ability for full customization and ease of deployment, which allows a user to have a basic setup up and running within minutes,” Fredrik STÖK Alexandersson, the co-creator of Certainly, told Help Net Security.

The tool that is FOSS MIT is in constant development, and future releases will allow for more protocols, client certificate validation testing similar to certmitm, and more advanced on-the-fly injection of resources like JavaScript and JSON responses.

Certainly is available for free on GitHub.

Must read:

OPIS OPIS


Don't miss