Hackmanit develops a number of unique open source tools for security analysis in various areas. The Hackmanit team emphasizes a high level of integration: The tools can be integrated directly into your company test scenarios and thereby (semi-)automatically detect new threats. For example, WS-Attacker can be used to continuously scan your web services for vulnerabilities. More tools for the analysis of TLS, Single Sign-On, and Web applications are currently under development.

TLS-Attacker is a Java-based framework for analyzing TLS libraries. It is able to send arbitrary protocol messages in an arbitrary order to the TLS peer, and define their modifications using a provided interface. This gives the developer an opportunity to easily define a custom TLS protocol flow and test it against his TLS library.

In addition, TLS-Attacker supports various known cryptographic attacks and their evaluations. This means you can simple check whether your server is vulnerable to padding oracle, invalid curve, or Bleichenbacher attacks. It has already allowed us to find vulnerabilities in major TLS libraries, including OpenSSL, Botan, or MatrixSSL.

To the project page