Skip to content
The Swiss Army knife for 802.11, BLE and Ethernet networks reconnaissance and MITM attacks.
Branch: master
Clone or download
Latest commit 6785650 Mar 24, 2019
Type Name Latest commit message Commit time
Failed to load latest commit information.
caplets fix: caplet code is loaded entirely and comments are only skipped whi… Mar 24, 2019
core misc: v2.20 is near Mar 24, 2019
firewall revert ! Oct 28, 2018
log refact: refactored to use islazy and updated deps Oct 10, 2018
modules misc: small fix or general refactoring i did not bother commenting Mar 23, 2019
packets misc: small fix or general refactoring i did not bother commenting Mar 21, 2019
session fix: clear handler caused issues on some terminals, fixed by using os… Mar 22, 2019
vendor fix: fixed a bug in the gatt library which prevented ble.recon/ble.en… Mar 13, 2019
.gitignore misc: small fix or general refactoring i did not bother commenting Mar 1, 2019
Dockerfile Fixed certificate issues Mar 22, 2019
Makefile misc: small fix or general refactoring i did not bother commenting Mar 1, 2019
bettercap.service fix: fixed bettercap.service file to use the from the eval a… Sep 27, 2018
main.go misc: small fix or general refactoring i did not bother commenting Mar 9, 2019


Release Software License Travis Go Report Card Code Coverage

bettercap is a powerful, easily extensible and portable framework written in Go which aims to offer to security researchers, red teamers and reverse engineers an easy to use, all-in-one solution with all the features they might possibly need for performing reconnaissance and attacking WiFi networks, Bluetooth Low Energy devices, wireless HID devices and Ethernet networks.

Main Features

  • WiFi networks scanning, deauthentication attack, clientless PMKID association attack and automatic WPA/WPA2 client handshakes capture.
  • Bluetooth Low Energy devices scanning, characteristics enumeration, reading and writing.
  • 2.4Ghz wireless devices scanning and MouseJacking attacks with over-the-air HID frames injection (with DuckyScript support).
  • Passive and active IP network hosts probing and recon.
  • ARP, DNS and DHCPv6 spoofers for MITM attacks on IP based networks.
  • Proxies at packet level, TCP level and HTTP/HTTPS application level fully scriptable with easy to implement javascript plugins.
  • A powerful network sniffer for credentials harvesting which can also be used as a network protocol fuzzer.
  • A very fast port scanner.
  • A powerful REST API with support for asynchronous events notification on websocket to orchestrate your attacks easily.
  • More!

About the 1.x Legacy Version

While the first version (up to 1.6.2) of bettercap was implemented in Ruby and only offered basic MITM, sniffing and proxying capabilities, the 2.x is a complete reimplementation using the Go programming language.

This ground-up rewrite offered several advantages:

  • bettercap can now be distributed as a single binary with very few dependencies, for basically any OS and any architecture.
  • 1.x proxies, altough highly optimized and event based, used to bottleneck the entire network when performing a MITM attack, while the new version adds almost no overhead.
  • Due to such performance and functional limitations, most of the features that the 2.x version is offering were simply impossible to implement properly (read as: without killing the entire network ... or your computer).

For this reason, any version prior to 2.x is considered deprecated and any type of support has been dropped in favor of the new implementation. An archived copy of the legacy documentation is available here, however it is strongly suggested to upgrade.

Documentation and Examples

The project is documented here.


bettercap is made with ♥ by the dev team and it's released under the GPL 3 license.

You can’t perform that action at this time.