bettercap
by bettercap
Bettercap is a versatile and extensible framework for network reconnaissance and man-in-the-middle attacks across WiFi, BLE, HID, CAN-bus, and IP networks.
The Swiss Army knife for 802.11, BLE, HID, CAN-bus, IPv4 and IPv6 networks reconnaissance and MITM attacks.
Primary Use Case
Bettercap is primarily used by security researchers, red teamers, and reverse engineers to perform comprehensive network reconnaissance and execute MITM attacks on various wireless and wired protocols. It enables detailed scanning, sniffing, and exploitation of network devices and protocols to identify vulnerabilities and test network security defenses.
- WiFi network scanning, deauthentication attacks, and automatic WPA/WPA2/WPA3 handshake capture
- Bluetooth Low Energy device scanning and characteristics enumeration
- 2.4GHz wireless HID device scanning and MouseJacking attacks with DuckyScript support
- CAN-bus and DBC frame decoding, injection, and fuzzing
- ARP, DNS, NDP, and DHCPv6 spoofing for MITM on IPv4 and IPv6 networks
- Packet-level, TCP-level, and HTTP/HTTPS proxies with javascript plugin scripting
- Network sniffer for credential harvesting and protocol fuzzing
- Fast port scanning and a REST API with websocket event notifications
Installation
- Visit the official Bettercap website or GitHub repository for the latest release
- Download the precompiled binary suitable for your OS from the GitHub releases page
- Alternatively, install via Docker using: docker pull bettercap/bettercap
- For building from source, ensure Go is installed and run: go install github.com/bettercap/bettercap@latest
- Run bettercap with appropriate privileges (usually root or administrator) to access network interfaces
Usage
>_ bettercap -iface wlan0Start Bettercap on the wlan0 interface for wireless network attacks and reconnaissance
>_ net.probe onEnable active network host probing to discover devices on the network
>_ wifi.recon onStart scanning for WiFi networks and clients
>_ wifi.deauth <target>Perform a deauthentication attack against a specified WiFi client or network
>_ ble.recon onScan for Bluetooth Low Energy devices nearby
>_ canbus.sniff onStart sniffing CAN-bus traffic
>_ arp.spoof onEnable ARP spoofing for man-in-the-middle attacks on IPv4 networks
>_ http.proxy onActivate HTTP proxy for intercepting and modifying HTTP traffic
>_ api.rest onEnable the REST API for remote control and automation
- Integrate Bettercap with Metasploit for automated exploitation workflows during red team engagements.
- Leverage Bettercap's scripting and REST API capabilities to automate network reconnaissance and MITM attack simulations in purple team exercises.
- Use Bettercap in controlled environments to train blue teams on detecting and responding to MITM and wireless attacks.
- Deploy Bettercap modules in lab environments to continuously test and validate wireless and CAN-bus network defenses.
- Combine Bettercap with SIEM tools to enhance detection of anomalous network activities and credential harvesting attempts.
Docs Take 2 Hours. AI Takes 10 Seconds.
Ask anything about bettercap. Installation? Config? Troubleshooting? Get answers trained on real docs and GitHub issues—not generic ChatGPT fluff.
3 free chats per tool • Instant responses • No credit card
Related Tools
v2ray-core
v2fly/v2ray-core
A platform for building proxies to bypass network restrictions.
sniffnet
GyulyVGC/sniffnet
Comfortably monitor your Internet traffic 🕵️♂️
algo
trailofbits/algo
Set up a personal VPN in the cloud
setup-ipsec-vpn
hwdsl2/setup-ipsec-vpn
Scripts to build your own IPsec VPN server, with IPsec/L2TP, Cisco IPsec and IKEv2
cilium
cilium/cilium
eBPF-based Networking, Security, and Observability
netbird
netbirdio/netbird
Connect your devices into a secure WireGuard®-based overlay network with SSO, MFA and granular access controls.