Certainly, an open-source offensive security toolkit, has been developed to capture extensive network traffic across various protocols in bit-flip and typosquatting scenarios.
The tool includes built-in support for protocols such as DNS, HTTP(S), IMAP(S), and SMTP(S). Its main purpose is to simplify the process of capturing requests that devices send to unintended domains. By listening on multiple ports and protocols, Certainly is able to hold new incoming sessions and generate valid TLS certificates on the fly, allowing it to capture requests that were previously inaccessible. This unique approach of always saying ‘yes, that’s correct’ to every incoming request sets Certainly apart from other tools in the market.
According to Fredrik STÖK Alexandersson, the co-creator of Certainly, the tool was designed with full customization and ease of deployment in mind. Users can have a basic setup up and running within minutes, making it a convenient option for security professionals. Certainly is constantly being improved, with future releases expected to include support for more protocols, client certificate validation testing similar to certmitm, and advanced on-the-fly injection of resources like JavaScript and JSON responses.
The open-source nature of Certainly, under the FOSS MIT license, ensures that it remains accessible to a wide range of users. It can be freely downloaded from GitHub, allowing security researchers and professionals to leverage its capabilities for their offensive security testing needs.
As the cybersecurity landscape continues to evolve, tools like Certainly play a crucial role in helping security professionals stay ahead of potential threats and vulnerabilities. By providing a way to capture and analyze network traffic in diverse scenarios, Certainly empowers users to identify and address security issues before they can be exploited by malicious actors.
In conclusion, Certainly represents a valuable addition to the toolkit of any security professional looking to enhance their offensive security capabilities. With its unique features, easy deployment, and ongoing development, Certainly is poised to make a significant impact in the field of cybersecurity. Its open-source nature ensures that it remains accessible to all, further contributing to the collective efforts to enhance cybersecurity practices worldwide.