Ettercap/ettercap

Features

• Man-in-the-Middle Frameworks - Intercepts and manipulates live network traffic between two hosts to monitor data or inject custom payloads.
• ARP Cache Poisoning - Intercepts and manipulates traffic by poisoning ARP caches to perform man-in-the-middle attacks.
• DHCP Poisoners - Acts as a rogue DHCP server to inject manipulated gateway addresses and redirect client traffic.
• Live Connection Captures - Captures live TCP/UDP connections to monitor and analyze data exchange between hosts on a local area network.
• Network Stream Injections - The tool enables inserting forged packets or modifying existing payloads in live connections while maintaining correct sequence numbers and checksums.
• Network Topology Mapping - Discovers gateways, routers, and host relationships by analyzing packet headers and TTL values on a local network.
• OS Fingerprinting - Identifies operating systems and services by analyzing TCP/IP header fields like TTL and window size from observed traffic.
• Interface-Level Packet Filtering - Filters network payloads in real time using custom scripts to modify or drop packets based on specific criteria.
• MITM Payload Filtering - Modifies or drops network payloads in real time using custom scripts and sequence number recalculation.
• Scriptable Packet Filters - Provides a domain-specific language to define rules for modifying or dropping network packet payloads in real time.
• Traffic Interceptors - Captures and analyzes live TCP/UDP connections to monitor data exchange between hosts on a LAN.
• Traffic Manipulation Tools - Filters and modifies packet payloads in real time using scripts to alter data flowing between a client and server.
• Operating System Detection - Detects the operating system and active services by analyzing TCP/IP header fields like TTL and window size.
• Passive LAN Scanners - Identifies active hosts, open ports, and operating systems by sniffing traffic without sending probes.
• Passive LAN Scanning - Identifies hosts, operating systems, and ports by sniffing packets without sending any probe traffic.
• Passive Network Reconnaissance - Identifies active hosts, operating systems, and open ports by sniffing existing traffic without sending probe packets.
• Subnet Host Discovery - Identifies responding devices on a local network by sending ARP requests and compiling a list of active hosts.
• Gateway and Router Identification - Recognizes network gateways through non-local IP traffic and routers via ICMP TTL-exceeded or redirect messages.
• Layer-2 Traffic Sniffing - Forwards traffic between two network interfaces to perform stealthy sniffing and content filtration at the physical layer.
• Network Protocol Analysis - Analyzes and decodes packet sequences to understand the structure of network communications and detect anomalies.
• Packet Sequencing - Maintains a map of TCP sequence and acknowledgment numbers to inject or modify data without dropping connections.
• TCP Port Scanners - Determines open TCP and UDP ports on a host by monitoring for SYN+ACK packets or outgoing UDP traffic.
• Traffic Redirection Tools - Sends spoofed ICMP redirect messages to force clients to route internet-bound traffic through a specific interface.
• Switch Port Stealing - Floods switched networks with ARP packets to redirect traffic from victim ports to a target interface.
• Transparent Layer 2 Bridges - Intercepts and relays traffic between two physical network interfaces to remain transparent while sniffing or filtering data.
• Rogue Network Services - Impersonates network infrastructure such as DHCP servers or SSH public key exchanges to hijack client configurations and sessions.
• Traffic Analysis Engines - Suite for traffic capture and man-in-the-middle analysis.

Star history