30 open-source projects similar to evilsocket/bettercap, ranked by how many features they have in common. Compare stars, activity and what each one does to find the best Bettercap alternative.
Bettercap is a modular framework designed for network reconnaissance, security testing, and the execution of man-in-the-middle attacks. It functions as a comprehensive utility for surveying wired and wireless network segments, identifying connected devices, and analyzing communication protocols through real-time traffic interception and manipulation. The platform distinguishes itself through an event-driven architecture that coordinates network state changes and packet-level data through a centralized message pipeline. It provides a programmable scripting engine and an API for orchestrating s
This project is custom firmware for ESP8266 hardware that transforms the microcontroller into a wireless security audit platform. It functions as a deauthentication tool and a wireless network simulator designed for security testing and auditing. The software enables the generation of synthetic beacon frames to create multiple fake network identifiers and sends raw management frames to force devices to disconnect from wireless access points. These capabilities allow for the simulation of deceptive wireless environments and the testing of network resilience against management frame attacks. T
Zapret is a deep packet inspection bypass tool and packet manipulation framework designed to circumvent network censorship. It operates as a transparent network proxy and TCP traffic obfuscator that modifies packets to deceive network inspection systems. The project distinguishes itself through advanced desynchronization strategies, including the modification of TLS client hello handshakes and the use of fake packet injection. It utilizes a combination of TCP stream segmentation, sequence overlapping, and TTL adjustment to hide prohibited requests from firewalls while ensuring the destination
Clumsy is a Windows network fault injection tool that intercepts system-wide network traffic at the kernel level using the WinDivert driver, without requiring proxy configuration or application code changes. It captures and manipulates packets for all running applications, including localhost connections, enabling controlled testing of application behavior under degraded network conditions. The tool provides comprehensive network impairment capabilities including latency simulation, bandwidth throttling, packet loss, corruption, duplication, and reordering. Users can apply these impairments s
This project is an open-source software development kit and framework for implementing the Matter smart home standard. It provides a universal IPv6-based application layer and a cluster-based data model to ensure interoperability between diverse smart home devices and controllers. The system is distinguished by its multi-transport network abstraction, which maps Bluetooth LE, Thread, and Wi-Fi implementations to a common layer. It includes specialized tooling for secure device commissioning via QR codes and NFC, as well as a comprehensive over-the-air firmware update system for distributing s
This project is a network traffic manipulation tool and proxy designed to intercept, inspect, and modify data streams between mobile applications and their servers. It functions as a scriptable content blocker and traffic router, allowing users to apply custom rules to incoming and outgoing network requests. The tool enables users to bypass regional restrictions and subscription paywalls by injecting configuration rules that override server-side validation. It also provides capabilities for removing advertisements, tracking scripts, and promotional content from mobile applications and web ser
Responder is a man-in-the-middle framework and network protocol spoofing tool designed to intercept network name queries and impersonate requested resources. It functions as a poisoner for LLMNR, NBT-NS, and MDNS, redirecting network traffic from clients to a controlled listener. The project serves as a credential capture tool that runs rogue servers for SMB, HTTP, and LDAP to collect NTLM hashes and clear text credentials. It enables the harvesting of encrypted authentication tokens and the interception of usernames and passwords sent without encryption. Its broader capabilities include int
Evilginx2 is a man-in-the-middle phishing framework designed to proxy authentication traffic between a user and a target web service. By acting as a reverse proxy, the tool intercepts and relays web requests to capture credentials and session tokens in real time, enabling the bypass of multi-factor authentication mechanisms through session cookie hijacking. The platform distinguishes itself by integrating infrastructure orchestration with modular template-driven content injection. It automates the deployment of proxy servers, manages the lifecycle of encryption certificates, and applies conte
Ettercap is a network utility tool used for ARP spoofing, packet filtering, traffic interception, passive scanning, and DHCP hijacking. It functions as a network traffic interceptor and man-in-the-middle packet filter to monitor and manipulate live TCP/UDP connections on a local area network. The project provides specialized capabilities for traffic redirection via ARP cache poisoning, DHCP server spoofing, ICMP redirects, and switch port stealing. It also enables the emulation of rogue services and the decryption of SSH1 session streams by substituting public keys. Additional capabilities i
This project is a transparent proxy framework designed for the interception, analysis, and manipulation of secure shell traffic. By terminating client and server connections independently, it provides full visibility into encrypted sessions, allowing for the monitoring of authentication flows, file transfers, and command execution in real time. The tool distinguishes itself through a modular, plugin-based architecture that enables users to inject custom interception logic into the proxy workflow. It supports the creation of ephemeral environments and mock agents in memory, facilitating the si
lscript is a wireless network pentesting framework and keyboard-driven command console. It functions as a security tool orchestrator for installing and managing reconnaissance frameworks, alongside an automation toolkit for executing wireless attacks. The project distinguishes itself through a keyboard-driven interface that maps specific keystrokes to complex security scripts and system-level shell operations. This allows for the automation of wireless reconnaissance, handshake capture, and password recovery workflows without manual command typing. The system covers wireless adapter manageme
Tuya-Convert is a firmware flashing utility for IoT devices that exploits the over-the-air (OTA) update process to install custom firmware, bypass Tuya cloud dependencies, and enable local or open-source control. It automatically backs up the device’s original firmware before overwriting, allowing easy restoration. The tool achieves this by creating a spoofed Wi-Fi access point that the target device connects to, intercepting the OTA communication between the device and the Tuya cloud, then substituting a custom firmware binary during the transfer. It emulates the Tuya cloud protocol’s respon
Yakit is a comprehensive cybersecurity all-in-one platform designed for security assessments. It integrates a suite of core tools including an HTTP interception proxy for real-time traffic modification, an out-of-band interaction detector for verifying remote command execution via TCP, DNSLog, and ICMP, and a reverse shell manager for controlling remote server connections. The platform is distinguished by its dedicated security scripting environment, which allows for the development and execution of custom logic and plugins using a specialized high-performance language. It further extends fun
This firmware transforms an ESP32 device into a portable penetration testing platform by combining an embedded JavaScript runtime with multi-protocol wireless attack capabilities, USB and Bluetooth HID emulation, and a menu-driven user interface. It is designed as a unified system that integrates persistent storage, hardware abstraction for external radio modules, a serial command protocol for headless operation, and a web-based remote desktop that streams the device screen and relays button inputs for remote control. The custom JavaScript scripting environment enables users to write and run
Headroom is an AI gateway proxy and token optimizer designed to reduce the cost and latency of large language model interactions. It functions as an intermediary that intercepts traffic between clients and providers to apply context compression, request routing, and format translation. The system differentiates itself through a Model Context Protocol server implementation that delivers compression and retrieval tools to compatible AI hosts. It employs a content-aware compression pipeline and tiered importance scoring to trim redundant data from logs and tool outputs while preserving essential
Shadowsocks-android is a secure tunneling application and SOCKS5 proxy client for Android. It routes device network traffic through a Shadowsocks proxy server to encrypt data, mask the user's internet origin, and bypass network restrictions. The client functions as an Android VPN service, creating a virtual network interface to intercept and redirect all outgoing device traffic. It supports the integration of external binary plugins to extend tunnel capabilities with custom transport protocols and traffic obfuscation methods. The project manages network routing through a local SOCKS5 server
Proxyee is a Java-based network proxy library designed for building custom proxy servers that support traffic interception, inspection, and modification. It functions as a programmable framework for handling HTTP, HTTPS, and WebSocket traffic, providing the necessary tools to analyze and alter request and response data in real time. The project distinguishes itself through its man-in-the-middle capabilities, which include dynamic certificate generation to facilitate the decryption and re-encryption of secure traffic streams. This allows for granular control over network communications, suppor
Impacket is a Python network protocol library and packet crafting framework used for constructing, modifying, and sending raw network packets. It functions as a network protocol manipulation toolkit that allows for the implementation of communication protocols through structured object models. The project provides a Windows network security toolkit specifically designed for interacting with Active Directory and SMB services. It enables network security testing and auditing of Windows environments by executing authentication sequences using passwords, hashes, tickets, or security keys. The li
fsociety is a penetration testing framework and security tool orchestrator designed to conduct full security audits. It functions as a wrapper that integrates external security binaries into a unified, menu-driven interface, providing a centralized system for command-line parameter mapping and execution. The project distinguishes itself by organizing specialized utilities into domain-specific collections for structured navigation. It automates the transition between different phases of an audit by chaining reconnaissance and exploitation tools through sequential workflow automation. The fram
Wifiphisher is a modular security framework designed for wireless penetration testing and social engineering auditing. It functions as a platform for security professionals to assess the resilience of Wi-Fi networks by simulating unauthorized access, performing man-in-the-middle interceptions, and executing credential-harvesting scenarios. The tool distinguishes itself through its ability to combine rogue access point deployment with dynamic phishing interfaces. By forcing wireless clients to associate with deceptive infrastructure, the framework can capture network metadata and inject it int
Cosmopolitan is a cross-platform C runtime library and build framework that enables the creation of single-file, self-contained executables. By providing a unified set of system headers and a specialized compiler toolchain, it allows developers to write low-level systems code that executes natively across multiple operating systems without requiring recompilation for each target environment. The project utilizes a polyglot binary format and a system call shimming layer to intercept and translate kernel requests, effectively bypassing standard library dependencies. This approach consolidates a
Betwixt is a system-wide network monitor and web debugging proxy that captures network requests from any installed application. It functions as an HTTPS traffic inspector, routing operating system and command line interface traffic through a local proxy for analysis. The tool utilizes a Chrome DevTools compatible interface to render captured traffic, allowing for the inspection of requests and responses from non-browser sources. It performs man-in-the-middle HTTPS decryption by generating a trusted root certificate to inspect encrypted communication between clients and servers. The project c
Ladder is a web proxy server and HTTP response modifier designed to circumvent bot protections, CORS restrictions, and paywalls. It functions by intercepting traffic to modify HTML, CSS, and JavaScript via regular expressions and altering HTTP headers to reveal restricted content. The project distinguishes itself through its ability to bypass anti-scraping mechanisms and specialized bot detection, such as Cloudflare, by integrating with external challenge-solving services. It also enables client identity emulation by spoofing user agents and network identifiers to masquerade as different brow
ByeDPIAndroid is a deep packet inspection bypass tool for Android that functions as a local SOCKS5 proxy. It modifies TCP packets to evade network censorship and bypass regional internet restrictions on mobile devices. The project operates as a network traffic obfuscator and TCP packet fragmenter. It splits network data into smaller pieces and hides the nature of internet requests to prevent automated blocking and traffic shaping by internet service providers. The system covers a range of capabilities including host-based traffic interception and dynamic packet modification. It utilizes non-
This project is an Android RPA framework designed for automating user interfaces and system tasks on rooted Android devices using Python and ADB. It provides a suite of tools for rooted device management, allowing for programmatic control of system settings, application lifecycles, and shell command execution via a remote API. The framework distinguishes itself through a combination of dynamic instrumentation and AI integration. It can inject scripts into running processes to hook Java interfaces and modifies application behavior in real time. Additionally, it supports large language model in
dae is a high-performance Linux network tool that functions as an eBPF transparent proxy. It intercepts and redirects packets at the kernel level to route internet traffic based on domains, IP addresses, and process names. The project distinguishes itself by modifying TLS handshakes to simulate browser signatures, which prevents server-side detection of proxy traffic. It also implements a full-cone network address translation gateway to maintain stable bidirectional connections and utilizes a latency-based node selector to automatically route traffic through the fastest available proxy nodes.
This repository is a curated collection of official Dart packages and Flutter plugins maintained by the framework creators. It serves as a centralized source of modular code libraries and verified extensions designed to provide standardized access to native device hardware and operating system APIs. The collection provides cross-platform UI component libraries that ensure consistent interface elements and widgets across different operating systems. These official plugins integrate standard features into applications through a set of maintained libraries. The project covers a broad range of c
Impacket is a Python network protocol library and low-level implementation foundation. It provides a collection of classes for implementing and manipulating network protocols such as SMB, TCP, and UDP. The project serves as a network authentication framework for verifying user identities using passwords, hashes, and security tickets. It also functions as a network packet manipulation toolkit and security research tool for analyzing protocol behaviors and identifying vulnerabilities. The library covers the creation, parsing, and modification of raw network data to analyze communication stacks
Hetty is an HTTP intercepting proxy and web security research toolkit used to capture, inspect, and modify traffic between a browser and a server. It functions as an HTTP request editor for creating and replaying manual requests to test server behavior and as a project-based traffic logger that isolates network logs across different security research engagements. The tool provides a request-response interception loop that pauses outgoing requests and incoming responses in transit, allowing for manual editing or cancellation. It includes a manual request replay engine to construct and transmit
This project provides an iOS app ad-blocking ruleset, consisting of network traffic filter lists and proxy-based content filters. It functions as a collection of rewrite rules and scripts designed to intercept and modify network requests to remove advertisements from mobile applications. The system utilizes HTTP response modification scripts to alter the bodies of network responses. Beyond ad blocking, these scripts enable in-app content translation, such as providing translated song lyrics within music applications. The ruleset employs a pattern-matching engine using regular expressions and