Ettercap

Ettercap is a suite for man in the middle attacks on LAN. It features sniffing of live connections, content filtering on the fly and many other interesting tricks.

It supports active and passive dissection of many protocols (even ciphered ones) and includes many feature for network and host analysis. All this feature are integrated with a easy-to-use and pleasureful ncurses/gtk interfaces.

Platform： Windows/Linux/BSD/MacOS；License：GNU General Public License v2
Reference：https://ettercap.sourceforge.net/

Easy-Creds

The easy-creds script is a bash script that leverages ettercap and other tools to obtain credentials during penetration testing.

Menu driven, it allows you to easily attack with basic arp spoofing, oneway arp spoofing and DHCP spoofing and the setup of a Fake AP.

In addition it has an SSLStrip log file parser that leverages a definition file to give you the compromised credentials and the site they have come from.

Platform：Linux；License：GNU General Public License v2
Reference：https://code.google.com/p/easy-creds/

Aircrack-ng

Aircrack-ng is an 802.11 WEP and WPA-PSK keys cracking program that can recover keys once enough data packets have been captured. It implements the standard FMS attack along with some optimizations like KoreK attacks, as well as the all-new PTW attack, thus making the attack much faster compared to other WEP cracking tools. In fact, Aircrack-ng is a set of tools for auditing wireless networks.

Platform：Windows/Linux ；License： GNU General Public License v2
Reference：https://www.aircrack-ng.org/

Aircrax

Easy to use wizard-like GUI tool to recover WEP/WPA keys using the aircrack-ng suite. Written in C# using Mono, GTK#, and the Funkit library.

Platform：Windows/Linux；License：GNU General Public License v3
Reference：https://sourceforge.net/projects/aircrax/

Argus

Argus, the network Audit Record Generation and Utilization System. The Argus Project is focused on developing network activity audit strategies and prototype technology to support Network Operations, Performance and Security Management. If you look at packets to solve problems, or you need to know what is going on in your network, right now or way back then, you should find Argus a useful tool.

Platform：Windows/Linux；License： GNU General Public License v2
Reference： https://www.qosient.com/argus/

Open AudIT

Open-AudIT is an application to tell you exactly what is on your network, how it is configured and when it changes. Open-AudIT will run on Windows and Linux systems. Essentially, Open-AudIT is a database of information, that can be queried via a web interface. Data about the network is inserted via a Bash Script (Linux) or VBScript (Windows). The entire application is written in php, bash and vbscript. These are all 'scripting' languages - no compiling and human readable source code. Making changes and customisations is both quick and easy.

Platform：Windows/Linux ；License：GNU General Public License v2
Reference：https://www.open-audit.org/

Wireshark

Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education. Originally named Ethereal, in May 2006 the project was renamed Wireshark due to trademark issues.

Wireshark is cross-platform, using the GTK+ widget toolkit to implement its user interface, and using pcap to capture packets; it runs on various Unix-like operating systems including Linux, Mac OS X, BSD, and Solaris, and on Microsoft Windows. There is also a terminal-based (non-GUI) version for Linux called TShark. Wireshark, and the other programs distributed with it such as TShark, are free software, released under the terms of the GNU General Public License.

Platform：Windows/Linux；License： GNU General Public License v3
Reference：https://www.wireshark.org/

Mitmjws

Mitmjws is a basic script to automate man-in-the-middle attacks. The script calls airbase, ettercap, sslstripper and driftnet, requires aircrack-ng with experimental software. So, before test this program, you need install all dependence tools and libraries. This project's source code are released under GNU General Public License v3 (GPLv3).
Platform: Windows/Linux/BSD/Mac OS;License: GNU General Public License v3
Reference: https://code.google.com/p/mitmjws/

Middler

The Middler is a Man in the Middle tool to demonstrate protocol middling attacks. Led by Jay Beale, the project involves a team of authors including InGuardians agents Justin Searle and Matt Carpenter. The Middler is intended to man in the middle, or "middle" for short, every protocol for which we can create code.

In our first alpha release, we released a core built by Matt and Jay, with introductory plug-ins by Justin and InGuardians agent Tom Liston. It runs on Linux and Mac OS X, with most of the code functional on Windows. The current codebase is in the beta state, with a full release coming soon, with better documentation (see the wiki), easier installation, and even more plug-ins, at least if Justin has his way!

Platform: Windows/Linux/BSD/Mac OS;License: GNU General Public License v2

Reference: https://code.google.com/p/middler/

IPpon-mitm

Software updates apply patches or introduce new features to an application. In most cases, the update procedure is conducted in an insecure manner, exposing the updater to execution of malicious code or to manipulation of application data such as anti-virus signatures. This tool uses several techniques of update-exploitation attacks which leverages a man-in-the-middle technique, to build and inject a fake update reply or hijack an on-going update session.

Platform: Windows/Linux/BSD/Mac OS;License: GNU General Public License v2

Reference: https://code.google.com/p/aimject/

AIMject

Man in the middle on AIM. Aimject facilitates man-in-the-middle attacks against AOL Instant Messenger's OSCAR protocol via a simple GTK interface. The features are: (1) sign-on/off detection; (2) message interception/decoding; (3) message injection into arbitrary conversations; (4) synchronization of AIM sequence numbers and fnac ids; (5) cloning of font styles/screenname formatting to avoid detection; (6) selective muting of conversation participants; (7) integrated ARP/DNS spoofing.

Platform: Windows/Linux/BSD/Mac OS;License: GNU General Public License v2

Reference: https://code.google.com/p/aimject/

Andiparos

Andiparos is a fork of the famous Paros Proxy. It is an open source web application security assessment tool that gives penetration testers the ability to spider websites, analyze content, intercept and modify requests, etc. The advantage of Andiparos is mainly the support of Client Certificates on Smartcards. Moreover it has several small interface enhancements, making the life easier for penetration testers...

Platform: Java

License: GNU General Public License v2

Reference: https://code.google.com/p/andiparos/

Paros

A Java based HTTP/HTTPS proxy for assessing web application vulnerability. It supports editing/viewing HTTP messages on-the-fly. Other featuers include spiders, client certificate, proxy-chaining, intelligent scanning for XSS and SQL injections etc. "Paros" for people who need to evaluate the security of their web applications. It is free of charge and completely written in Java. Through Paros's proxy nature, all HTTP and HTTPS data between server and client, including cookies and form fields, can be intercepted and modified.

Platform: Java;License: GNU Lesser General Public License v2.1

Reference: https://www.parosproxy.org/

PktAnon

PKtAnon performs network trace anonymization. It is highly configurable and uses anonymization profiles. Anonymization profiles allow for mapping of arbitrary anonymization primitives to protocol attributes, thus providing high flexibility and easy usability. A huge number of anonymization primitives and network protocols are supported and ready to use for online and offline anonymization.

Deep Network Analyzer

DNA is an open, flexible and extensible deep network analyzer software server and software architecture for gathering and analyzing network packets, network sessions and applications protocols, passively off enterprise class networks.