Skip to content
No description, website, or topics provided.
Branch: master
Clone or download
Latest commit 344f2f5 Aug 14, 2015
Type Name Latest commit message Commit time
Failed to load latest commit information.
Core fixed interface AP config #4 Aug 7, 2015
rsc first commit v0.6.3 Jul 26, 2015

3vilTwinAttacker v0.6.3

Framework for EvilTwin Attacks Tool Home Supported Python versions Linux OS Release MIT License


  • Python-scapy
  • Python-nmap (optional)
  • BeautifulSoup
  • aircrack-ng
  • DHCP-server

How to install on Ubuntu or Kali

$ git clone
$ cd 3vilTwinAttacker
$ sudo chmod +x
$ sudo ./ --install

install DHCP in Debian-based

$ sudo apt-get install isc-dhcp-server
Kali linux
$ echo "deb wheezy main " >> /etc/apt/sources.list
$ apt-get update && apt-get install isc-dhcp-server

install DHCP in redhat-based

$ sudo yum install dhcp
Blackarch or Arch Assault and Arch Linux
$ sudo pacman -S dhcp


  • Ettercap: Start ettercap attack in host connected AP fake Capturing login credentials.

  • Driftnet: The driftnet sniffs and decodes any JPEG TCP sessions, then displays in an window.


  • Deauth Attack: kill all devices connected in AP (wireless network) or the attacker can Also put the Mac-address in the Client field, Then only one client disconnects the access point.

  • Probe Request: Probe request capture the clients trying to connect to AP,Probe requests can be sent by anyone with a legitimate Media Access Control (MAC) address, as association to the network is not required at this stage.

  • Mac Changer: you can now easily spoof the MAC address. With a few clicks, users will be able to change their MAC addresses.

  • DHCP Starvation Attack: this module DHCP Starvation can be classified as a Denial of Service attack. is an attack that works by broadcasting vast numbers of DHCP requests with spoofed MAC addresses simultaneously.

  • Windows Update Attack: this module is an attack DNS spoof que generate an update the page fake Windows, causing the victim to download a fake file update.

  • ARP Posion Attack: change tables ARPspoof the target and redirect all request tcp to ip attacker.

  • DNS Spoof Attack: this module DNS spoofing is the making change in hostname ip-address table, this table tells the route will be that DNS address for that particular IP address, thus changing the address of this table we can redirect wherever we want.

You can’t perform that action at this time.