bettercap
Network attack and monitoring framework
TLDR
SYNOPSIS
bettercap [options]
DESCRIPTION
bettercap is the Swiss Army knife for WiFi, Bluetooth Low Energy, wireless HID hijacking, CAN-bus, and IPv4/IPv6 network reconnaissance and MITM attacks. Written in Go, it provides man-in-the-middle attacks, network reconnaissance, packet sniffing, credential harvesting, and a REST API and web UI through a modular architecture.The tool is designed for security research, penetration testing, and network analysis. It must be run as root.
PARAMETERS
-iface name
Network interface to bind to; if empty the default interface is auto-selected-caplet file
Read commands from this file and run them in the interactive session-eval code
Run one or more commands (separated by ;) in the interactive session-autostart modules
Comma-separated list of modules to auto-start-script file
Load a session script-gateway-override ip
Use the provided IP address instead of the detected default gateway-env-file file
Load environment variables from this file-caplets-path dir
Alternative base path for caplets-no-history
Disable the interactive session history file-no-colors
Disable output color effects-debug
Print debug messages-silent
Suppress all logs which are not errors-version
Print the version and exit
MODULES
net.recon
Network reconnaissancenet.probe
Active host discoveryarp.spoof
ARP spoofing attacksdns.spoof
DNS spoofinghttp.proxy
HTTP transparent proxyhttps.proxy
HTTPS transparent proxywifi
WiFi attacks and monitoringble
Bluetooth Low Energy attackspacket.proxy
Raw packet manipulation
INTERACTIVE COMMANDS
> set arp.spoof.targets 192.168.1.0/24
> arp.spoof on
# HTTP proxy with SSL stripping
> set http.proxy.sslstrip true
> http.proxy on
# Network scan
> net.probe on
> net.show
CAPLETS
Scripts for automation:
net.probe on
sleep 10
net.show
CAVEATS
Requires root privileges. Illegal without authorization. Can disrupt network traffic. Detection by IDS/IPS systems. WiFi attacks require monitor mode capable adapter. Use only in authorized security assessments.
HISTORY
bettercap was created by Simone Margaritelli (evilsocket) in 2016 as a modern replacement for ettercap, rewritten in Go for better performance.
SEE ALSO
ettercap(8), arpspoof(8), nmap(1), aircrack-ng(1), wireshark(1)
