diff --git a/README.md b/README.md
index f53e2c1..3e25a1f 100644
--- a/README.md
+++ b/README.md
@@ -154,6 +154,7 @@ A collection of delicious docker recipes.
 - [x] iptables
 - [x] routersploit
 - [x] snort :beetle:
+- [x] sslsplit
 - [x] webgoat
 
 ## Proxy
diff --git a/sslsplit/Dockerfile b/sslsplit/Dockerfile
new file mode 100644
index 0000000..1497c5a
--- /dev/null
+++ b/sslsplit/Dockerfile
@@ -0,0 +1,37 @@
+#
+# Dockerfile for sslsplit
+#
+
+FROM alpine
+MAINTAINER kev <noreply@easypi.info>
+
+ENV SSLSPLIT_VERSION 0.5.0
+
+RUN set -xe \
+    && apk add --no-cache build-base \
+                          curl \
+                          fts \
+                          fts-dev \
+                          libevent \
+                          libevent-dev \
+                          linux-headers \
+                          openssl \
+                          openssl-dev \
+                          tar \
+    && mkdir sslsplit \
+    && cd sslsplit \
+    && curl -sSL https://github.com/droe/sslsplit/archive/${SSLSPLIT_VERSION}.tar.gz | tar xz --strip 1 \
+    && sed -i '/^LIBS/s/$/ -lfts/' GNUmakefile \
+    && make install \
+    && cd .. \
+    && rm -rf sslsplit \
+    && apk del build-base \
+               curl \
+               fts-dev \
+               libevent-dev \
+               linux-headers \
+               openssl-dev \
+               tar
+
+ENTRYPOINT ["sslsplit", "-D"]
+CMD ["-h"]
diff --git a/sslsplit/README.md b/sslsplit/README.md
new file mode 100644
index 0000000..289988a
--- /dev/null
+++ b/sslsplit/README.md
@@ -0,0 +1,43 @@
+sslsplit
+========
+
+[SSLsplit][1] is a tool for man-in-the-middle attacks against SSL/TLS encrypted
+network connections.
+
+## docker-compose.yml
+
+```yaml
+sslsplit:
+  image: vimagick/sslsplit
+  command:
+    -k key/ca.key -c key/ca.crt -P
+    -l log/cnn.log -S log
+    tcp 0.0.0.0 8080
+    ssl 0.0.0.0 8443
+  net: host
+  volumes:
+    - ./data:/data
+  working_dir: /data
+  restart: unless-stopped
+```
+
+## up and running
+
+```bash
+$ mkdir -p data/{key,log}
+$ openssl req -x509 -newkey rsa:2048 -nodes -keyout data/key/ca.key -out data/key/ca.crt -days 365 -subj '/CN=EasyPi'
+$ docker-compose up -d
+```
+
+```
+sysctl -w net.ipv4.ip_forward=1
+iptables -t nat -F
+iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-ports 8080
+iptables -t nat -A PREROUTING -p tcp --dport 443 -j REDIRECT --to-ports 8443
+```
+
+## read more
+
+- <https://blog.heckel.xyz/2013/08/04/use-sslsplit-to-transparently-sniff-tls-ssl-connections/>
+
+[1]: <http://www.roe.ch/SSLsplit>
diff --git a/sslsplit/arm/Dockerfile b/sslsplit/arm/Dockerfile
new file mode 100644
index 0000000..9307c0b
--- /dev/null
+++ b/sslsplit/arm/Dockerfile
@@ -0,0 +1,37 @@
+#
+# Dockerfile for sslsplit-arm
+#
+
+FROM easypi/alpine-arm
+MAINTAINER EasyPi Software Foundation
+
+ENV SSLSPLIT_VERSION 0.5.0
+
+RUN set -xe \
+    && apk add --no-cache build-base \
+                          curl \
+                          fts \
+                          fts-dev \
+                          libevent \
+                          libevent-dev \
+                          linux-headers \
+                          openssl \
+                          openssl-dev \
+                          tar \
+    && mkdir sslsplit \
+    && cd sslsplit \
+    && curl -sSL https://github.com/droe/sslsplit/archive/${SSLSPLIT_VERSION}.tar.gz | tar xz --strip 1 \
+    && sed -i '/^LIBS/s/$/ -lfts/' GNUmakefile \
+    && make install \
+    && cd .. \
+    && rm -rf sslsplit \
+    && apk del build-base \
+               curl \
+               fts-dev \
+               libevent-dev \
+               linux-headers \
+               openssl-dev \
+               tar
+
+ENTRYPOINT ["sslsplit", "-D"]
+CMD ["-h"]
diff --git a/sslsplit/arm/docker-compose.yml b/sslsplit/arm/docker-compose.yml
new file mode 100644
index 0000000..bba0c4a
--- /dev/null
+++ b/sslsplit/arm/docker-compose.yml
@@ -0,0 +1,12 @@
+sslsplit:
+  image: easypi/sslsplit-arm
+  command:
+    -k key/ca.key -c key/ca.crt -P
+    -l log/cnn.log -S log
+    tcp 0.0.0.0 8080
+    ssl 0.0.0.0 8443
+  net: host
+  volumes:
+    - ./data:/data
+  working_dir: /data
+  restart: unless-stopped
diff --git a/sslsplit/data/key/ca.crt b/sslsplit/data/key/ca.crt
new file mode 100644
index 0000000..e69de29
diff --git a/sslsplit/data/key/ca.key b/sslsplit/data/key/ca.key
new file mode 100644
index 0000000..e69de29
diff --git a/sslsplit/data/log/cnn.log b/sslsplit/data/log/cnn.log
new file mode 100644
index 0000000..e69de29
diff --git a/sslsplit/docker-compose.yml b/sslsplit/docker-compose.yml
new file mode 100644
index 0000000..caa16ec
--- /dev/null
+++ b/sslsplit/docker-compose.yml
@@ -0,0 +1,12 @@
+sslsplit:
+  image: vimagick/sslsplit
+  command:
+    -k key/ca.key -c key/ca.crt -P
+    -l log/cnn.log -S log
+    tcp 0.0.0.0 8080
+    ssl 0.0.0.0 8443
+  net: host
+  volumes:
+    - ./data:/data
+  working_dir: /data
+  restart: unless-stopped