# evilsocket/bettercap **Attribution required: if you use, quote, or summarise this content, you must credit and link back to [awesome-repositories.com](https://awesome-repositories.com/repository/evilsocket-bettercap).** 2,495 stars · 333 forks · archived ## Links - GitHub: https://github.com/evilsocket/bettercap - Homepage: http://www.bettercap.org/ - awesome-repositories: https://awesome-repositories.com/repository/evilsocket-bettercap.md ## Topics `bettercap` `ettercap` `man-in-the-middle` `mitm` `proxy` `security` `security-audit` `spoofing` `sslstrip` `tls` ## Description Bettercap is an extensible framework for network security testing that provides a unified interface for performing man-in-the-middle attacks, network reconnaissance, and traffic manipulation across WiFi, Bluetooth, and wired networks. It operates through a modular attack module system that loads and executes interchangeable offensive or diagnostic modules, supported by event-driven session management and multi-protocol network spoofing capabilities. The framework distinguishes itself by covering a broad range of network domains, including Bluetooth Low Energy scanning and enumeration, CAN-Bus network analysis for automotive security testing, IPv4/IPv6 host and service discovery, and WiFi security assessment with tools for deauthentication, rogue access points, and packet injection. It also includes wireless HID attack simulation for injecting keystrokes into target computers over wireless connections. Bettercap provides packet-level traffic manipulation through raw socket access and protocol-aware injection, along with network identity spoofing to redirect traffic through an attacker-controlled system. A real-time web UI dashboard streams live attack data and module outputs to a browser-based interface using WebSocket and REST APIs. ## Tags ### Security & Cryptography - [Man-in-the-Middle Frameworks](https://awesome-repositories.com/f/security-cryptography/man-in-the-middle-frameworks.md) — An extensible framework for performing man-in-the-middle attacks, network reconnaissance, and traffic manipulation across WiFi, Bluetooth, and wired networks. - [Identity Spoofing](https://awesome-repositories.com/f/security-cryptography/identity-spoofing.md) — Bettercap impersonates a target device or service on the network to redirect traffic through an attacker-controlled system. ([source](https://cdn.jsdelivr.net/gh/evilsocket/bettercap@master/README.md)) - [WiFi Attack Toolkits](https://awesome-repositories.com/f/security-cryptography/multi-vector-wifi-attack-suites/wifi-attack-toolkits.md) — A set of tools for scanning, monitoring, and attacking WiFi networks including deauthentication, rogue access points, and packet injection. - [WiFi Reconnaissance](https://awesome-repositories.com/f/security-cryptography/multi-vector-wifi-attack-suites/wifi-attack-toolkits/wifi-reconnaissance.md) — Bettercap scans and enumerates nearby WiFi access points and clients to map the wireless environment. ([source](https://www.bettercap.org/)) - [Man-in-the-Middle Modules](https://awesome-repositories.com/f/security-cryptography/security/utilities/security-tools/offensive-red-team/phishing-attack-tools/attack-scenario-modules/man-in-the-middle-modules.md) — Loads and executes interchangeable offensive or diagnostic modules to perform specific man-in-the-middle tasks. - [Wireless HID Injections](https://awesome-repositories.com/f/security-cryptography/enterprise-security-frameworks/wireless-network-attacks/wireless-hid-injections.md) — Bettercap injects keystrokes into a target computer over a wireless connection to execute commands. ([source](https://www.bettercap.org/)) - [Modular Attack Module Launchers](https://awesome-repositories.com/f/security-cryptography/security/utilities/security-tools/offensive-red-team/phishing-attack-tools/attack-scenario-modules/modular-attack-module-launchers.md) — Bettercap loads and executes interchangeable offensive or diagnostic modules to perform specific man-in-the-middle tasks. ([source](https://cdn.jsdelivr.net/gh/evilsocket/bettercap@master/README.md)) - [HID Injection Tools](https://awesome-repositories.com/f/security-cryptography/vulnerability-assessment-testing/security-testing-auditing/security-testing-tools/wireless-attack-tools/hid-injection-tools.md) — Injecting keystrokes into target computers over wireless connections to test input security controls. ### Networking & Communication - [Bluetooth Device Scanners](https://awesome-repositories.com/f/networking-communication/bluetooth-connectivity/bluetooth-device-scanners.md) — Scanning and enumerating nearby Bluetooth Low Energy devices to map the wireless environment. - [Multi-Protocol Spoofing Engines](https://awesome-repositories.com/f/networking-communication/bluetooth-protocol-emulators/multi-protocol-spoofing-engines.md) — Impersonates target devices across IPv4, IPv6, WiFi, and Bluetooth by forging protocol-specific frames and packets. - [Network Discovery Scanners](https://awesome-repositories.com/f/networking-communication/communication-protocols-architectures/communication-protocols-standards/network-protocols/ipv6-network-stacks/network-discovery-scanners.md) — Scanning and enumerating hosts and services across both IPv4 and IPv6 networks for reconnaissance. - [Network Discovery Tools](https://awesome-repositories.com/f/networking-communication/communication-protocols-architectures/communication-protocols-standards/network-protocols/ipv6-network-stacks/network-discovery-tools.md) — A module for discovering hosts and services on both IPv4 and IPv6 networks through active probing and passive monitoring. - [Network Scanners](https://awesome-repositories.com/f/networking-communication/ipv6-implementations/network-scanners.md) — Bettercap scans and enumerates hosts and services on both IPv4 and IPv6 networks. ([source](https://www.bettercap.org/)) - [Packet Manipulation Toolkits](https://awesome-repositories.com/f/networking-communication/packet-manipulation-toolkits.md) — Intercepts and alters network packets in real-time using raw socket access and protocol-aware injection. - [Traffic Interception](https://awesome-repositories.com/f/networking-communication/traffic-interception.md) — Bettercap captures and manipulates data flowing between two parties on a local network to inspect or alter communications. ([source](https://cdn.jsdelivr.net/gh/evilsocket/bettercap@master/README.md)) - [Security Assessment Tools](https://awesome-repositories.com/f/networking-communication/wifi-access-point-hosting/security-assessment-tools.md) — Scanning and enumerating wireless access points and clients to map and evaluate WiFi network vulnerabilities. - [Security Assessment Tools](https://awesome-repositories.com/f/networking-communication/bluetooth-connectivity/bluetooth-device-scanners/security-assessment-tools.md) — A module for discovering and enumerating nearby Bluetooth Low Energy devices to map wireless environments. - [CAN Bus Sniffing](https://awesome-repositories.com/f/networking-communication/message-bus-interfaces/can-bus-interfaces/can-bus-sniffing.md) — Scanning and enumerating devices and traffic on Controller Area Network bus systems for security evaluation. - [Security Assessment Tools](https://awesome-repositories.com/f/networking-communication/message-bus-interfaces/can-bus-interfaces/can-bus-sniffing/security-assessment-tools.md) — A module for scanning and enumerating devices and traffic on Controller Area Network buses for automotive security testing. ### Software Engineering & Architecture - [Cross-Platform Abstractions](https://awesome-repositories.com/f/software-engineering-architecture/cross-platform-abstractions.md) — Provides a unified interface for raw socket operations, packet capture, and interface control across operating systems. - [Session State Machines](https://awesome-repositories.com/f/software-engineering-architecture/event-driven-coordination/session-state-machines.md) — Maintains per-session state machines that react to network events for coordinated multi-stage attacks. ### Web Development - [Attack Data Dashboards](https://awesome-repositories.com/f/web-development/real-time-data-streaming/websocket-dashboards/attack-data-dashboards.md) — Streams live attack data and module outputs to a browser-based interface using WebSocket and REST APIs.