Man-In-The-Middle Network Tools

Bettercap v2.0 – The State Of The Art Network Attack And Monitoring Framework

bettercap is the Swiss army knife for network attacks and monitoring.

How to Install
A precompiled version is available for each release, alternatively you can use the latest version of the source code from this repository in order to build your own binary.
Make sure you have a correctly configured Go >= 1.8 environment, that $GOPATH/bin is in $PATH and the libpcap-dev package installed for your system, then:

$ go get github.com/bettercap/bettercap

This command will download bettercap, install its dependencies, compile it and move the bettercap executable to $GOPATH/bin.
Now you can use sudo bettercap -h to show the basic command line options and just sudo bettercap to start an interactive session on your default network interface, otherwise you can load a caplet from the dedicated repository.

Update
In order to update to an unstable but bleeding edge release from this repository, run the command below:

$ go get -u github.com/bettercap/bettercap

Interactive Mode

The basic command line arguments ( bettercap -h ) are:

argument description
-caplet FILENAME Read commands from this file and execute them in the interactive session.
-eval COMMANDS Run one or more commands separated by ; in the interactive session, used to set variables via command line.
-iface INTERFACE Network interface to bind to, if empty the default interface will be auto selected (accepts interface name, ip or mac address).
-no-history Disable the interactive session history file ~/.bettercap.history.
-env-file FILENAME Load environment variables from this file if found, set to empty to disable environment persistance. (default ~/bettercap.env)
-cpu-profile FILENAME Write cpu profile file (used for debugging and benchmarking).
-mem-profile FILENAME Write memory profile to file (used for debugging and benchmarking).
-silent Suppress all logs which are not errors.
-debug Enable debug messages.

If no -caplet option is specified, bettercap will start in interactive mode, allowing you to start and stop modules manually, change options and apply new firewall rules on the fly.
To get a grasp of what you can do, type help and the general help menu will be shown, you can also have module specific help by using help module-name (for instance try with help net.recon), to see which modules are running and their configuration at any time, you can use the active command.
To print all variables and their values instead, you can use get * or get variable-name to get a single variable (try with get gateway.address), to set a new value you can simply set variable-name new-value (a value of "" will clear the variable contents), on a typical session variables look like this.

192.168.1.0/24 > 192.168.1.17  » get *


                        $: '{by}{fw}{cidr} {fb}> {env.iface.ipv4} {reset} {bold}» {reset}'

         api.rest.address: '<interface address>'
     api.rest.certificate: '~/.bcap-api.rest.certificate.pem'
             api.rest.key: '~/.bcap-api.rest.key.pem'
        api.rest.password: ''
            api.rest.port: '8083'
        api.rest.username: ''

        arp.spoof.targets: '<entire subnet>'

      dhcp6.spoof.address: '<interface address>'
      dhcp6.spoof.domains: 'microsoft.com, goole.com, facebook.com, apple.com, twitter.com'

        dns.spoof.address: '<interface address>'
            dns.spoof.all: 'false'
        dns.spoof.domains: '*'

     events.stream.filter: ''

          gateway.address: '192.168.1.1'
              gateway.mac: 'de:ad:be:ef:de:ad'

                http.port: '80'
       http.proxy.address: '<interface address>'
          http.proxy.port: '8080'
        http.proxy.script: ''
      http.server.address: '<interface address>'
         http.server.path: '.'
         http.server.port: '80'

               https.port: '443'
      https.proxy.address: '<interface address>'
  https.proxy.certificate: '~/.bettercap-ca.cert.pem'
          https.proxy.key: '~/.bettercap-ca.key.pem'
         https.proxy.port: '8083'
       https.proxy.script: ''

              iface.index: '6'
               iface.ipv4: '192.168.1.17'
               iface.ipv6: 'fe80::dddd:dddd:ffff:ffff'
                iface.mac: 'de:ad:be:ef:de:ad'
               iface.name: 'enx18ffffffff'

                log.debug: 'false'
               log.silent: 'false'

      mac.changer.address: '<random mac>'
        mac.changer.iface: '<interface name>'

       net.probe.throttle: '10'
         net.sniff.filter: 'not arp'
          net.sniff.local: 'false'
         net.sniff.output: ''
         net.sniff.regexp: ''
         net.sniff.source: ''
        net.sniff.verbose: 'true'

          ticker.commands: 'clear; net.show'
            ticker.period: '1'

       wifi.recon.channel: ''

Basic Commands

command description
help / help MODULE List available commands or show module specific help if no module name is provided.
active Show information about active modules.
quit / q Close the session and exit.
sleep SECONDS Sleep for the given amount of seconds.
get VARIABLE Get the value of VARIABLE, use * for all.
set VARIABLE VALUE Set the value of VARIABLE to VALUE.
clear Clear the screen .
include CAPLET Load and run this caplet in the current session.
!COMMAND Execute a shell command and print its output.
alias MAC NAME Assign an alias to a given endpoint given its MAC address (will be persistent on file and used for the net.show command.

Documentation and Examples
The project is documented in this wiki.