Introduction

bettercap is a powerful, easily extensible and portable framework written in Go which aims to offer to security researchers, red teamers and reverse engineers an easy to use, all-in-one solution with all the features they might possibly need for performing reconnaissance and attacking WiFi networks, Bluetooth Low Energy devices, wireless HID devices and Ethernet networks.

Main Features

  • WiFi networks scanning, deauthentication attack, clientless PMKID association attack and automatic WPA/WPA2 client handshakes capture.
  • Bluetooth Low Energy devices scanning, characteristics enumeration, reading and writing.
  • 2.4Ghz wireless devices scanning and MouseJacking attacks with over-the-air HID frames injection (with DuckyScript support).
  • Passive and active IP network hosts probing and recon.
  • ARP, DNS and DHCPv6 spoofers for MITM attacks on IP based networks.
  • Proxies at packet level, TCP level and HTTP/HTTPS application level fully scriptable with easy to implement javascript plugins.
  • A powerful network sniffer for credentials harvesting which can also be used as a network protocol fuzzer.
  • A very fast port scanner.
  • A powerful REST API with support for asynchronous events notification on websocket to orchestrate your attacks easily.
  • More!

About the 1.x Legacy Version

While the first version (up to 1.6.2) of bettercap was implemented in Ruby and only offered basic MITM, sniffing and proxying capabilities, the 2.x is a complete reimplementation using the Go programming language.

This ground-up rewrite offered several advantages:

  • bettercap can now be distributed as a single binary with very few dependencies, for basically any OS and any architecture.
  • 1.x proxies, altough highly optimized and event based, used to bottleneck the entire network when performing a MITM attack, while the new version adds almost no overhead.
  • Due to such performance and functional limitations, most of the features that the 2.x version is offering were simply impossible to implement properly (read as: without killing the entire network … or your computer).

For this reason, any version prior to 2.x is considered deprecated and any type of support has been dropped in favor of the new implementation. An archived copy of the legacy documentation is available here, however it is strongly suggested to upgrade.