You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Cheatsheets/bettercap-cheatsheet.md

2.4 KiB

🕵️‍♀️ Bettercap Cheatsheet 🕵️

Bettercap is an indispensable tool for network reconnaissance, sniffing, and executing Man-In-The-Middle (MITM) attacks on local networks.


Table of Contents

  1. 🔍 Network Reconnaissance
  2. 🥷 ARP Spoofing
  3. 📡 Network Sniffing
  4. 🕸 Web Proxy
  5. 🚦 TLS Proxy
  6. 🌀 DNS Spoofing
  7. 💻 HTTPS & HSTS Bypass
  8. 📌 Miscellaneous Commands

🔍 Network Reconnaissance

  • net.probe on 👀

  • Initiate an ARP scan to discover live hosts on the network.

  • net.show 📡

  • Display detected devices on the network, complete with IPs, MAC addresses, and other details.

  • net.recon on/off 🕵️‍♂️

  • Enable/disable passive network traffic analysis to discover hosts.


🥷 ARP Spoofing

  • set arp.spoof.targets [IP]

  • Designate a target IP for ARP cache poisoning to reroute its traffic.

  • arp.spoof on/off 💥

  • Engage/disengage ARP spoofing against the chosen target.

  • set arp.spoof.internal true 🔁

  • Poison ARP caches for all connections between internal hosts on the LAN.


📡 Network Sniffing

  • net.sniff on/off ▶️⏸️

  • Begin/halt packet capture to log network traffic.


🕸 Web Proxy

  • set proxy.port [PORT] 🤖

  • Assign the listening port for the proxy server.

  • proxy on/off 🎚️🛑

  • Activate/deactivate the proxy server to intercept and manipulate HTTP requests.


🚦 TLS Proxy

  • tls.proxy on/off 🔓🔒

  • Enable/disable the TLS proxy. This intercepts and decrypts HTTPS traffic by mimicking certificate validation.


🌀 DNS Spoofing

  • set dns.spoof.domains [DOMAIN] 🌐

  • Select a domain for DNS hijacking.

  • dns.spoof on 🥷

  • Activate DNS response spoofing for the specified domain.


💻 HTTPS & HSTS Bypass

  • hstshijack.load 🛡️

  • Load the module to overcome HSTS, a web security protocol, useful for exploiting HTTPS sites.


📌 Miscellaneous Commands

  • events.clear 🧹

  • Wipe out all recorded network events.

  • set [OPTION] [VALUE] ⚙️

  • Adjust configuration options to suit your needs.

  • help

  • Display the help menu with an overview of commands.