bettercap

02 февраля 2019 в Sniffing & Spoofing

Описание пакета Bettercap

Bettercap - это швейцарский армейский нож для сетевых атак и мониторинга. Это инструмент сетевой безопасности для захвата, анализа и MITM-атак.

Инструменты, включенные в пакет bettercap

bettercap - швейцарский армейский нож для сетевых атак и мониторинга.

root@kali:~# bettercap -h
      Usage of bettercap:
        -autostart string
              Comma separated list of modules to auto start. (default "events.stream, net.recon")
        -caplet string
              Read commands from this file and execute them in the interactive session.
        -cpu-profile file
              Write cpu profile file.
        -debug
              Print debug messages.
        -env-file string
              Load environment variables from this file if found, set to empty to disable environment persistence.
        -eval string
              Run one or more commands separated by ; in the interactive session, used to set variables via command line.
        -iface string
              Network interface to bind to, if empty the default interface will be auto selected.
        -mem-profile file
              Write memory profile to file.
        -no-colors
              Disable output color effects.
        -no-history
              Disable interactive session history file.
        -silent
              Suppress all logs which are not errors.

Пример использования bettercap

Сканирование системы в тихом режиме (-Q) и вывод в формате cronjob (–cronjob):

root@kali:~# bettercap
      bettercap v2.11 (type 'help' for a list of commands)
      
      172.16.10.0/24 > 172.16.10.212  » [12:34:15] [endpoint.new] endpoint 172.16.10.254 detected as 00:50:56:01:33:70 (VMware, Inc.).
      172.16.10.0/24 > 172.16.10.212  » help
      
                 help MODULE : List available commands or show module specific help if no module name is provided.
                      active : Show information about active modules.
                        quit : Close the session and exit.
               sleep SECONDS : Sleep for the given amount of seconds.
                    get NAME : Get the value of variable NAME, use * alone for all, or NAME* as a wildcard.
              set NAME VALUE : Set the VALUE of variable NAME.
        read VARIABLE PROMPT : Show a PROMPT to ask the user for input that will be saved inside VARIABLE.
                       clear : Clear the screen.
              include CAPLET : Load and run this caplet in the current session.
                   ! COMMAND : Execute a shell command and print its output.
              alias MAC NAME : Assign an alias to a given endpoint given its MAC address.
      
      Modules
      
            any.proxy > not running
             api.rest > not running
            arp.spoof > not running
            ble.recon > not running
              caplets > not running
          dhcp6.spoof > not running
            dns.spoof > not running
        events.stream > running
                  gps > not running
           http.proxy > not running
          http.server > not running
          https.proxy > not running
          mac.changer > not running
         mysql.server > not running
            net.probe > not running
            net.recon > running
            net.sniff > not running
         packet.proxy > not running
             syn.scan > not running
            tcp.proxy > not running
               ticker > not running
               update > not running
                 wifi > not running
                  wol > not running
      
      172.16.10.0/24 > 172.16.10.212  » net.show
      
      +-----------------+--------------------+----------+-------------------------+---------+---------+------------+
      |       IP        |        MAC         |  Name    |         Vendor          | Sent    | Recvd  | Last Seen  |
      +-----------------+--------------------+----------+-------------------------+---------+---------+------------+
      | 172.16.10.212   | 00:b0:52:af:4a:50  | eth0     | Atheros Communications  | 0 B     | 0 B     | 12:34:15   |
      | 172.16.10.2     | 00:50:56:13:37:0a  | gateway  | VMware, Inc.            | 49 kB   | 20 kB   | 12:34:15   |
      |                 |                    |          |                         |         |         |            |
      | 172.16.10.254   | 00:50:56:01:33:70  |          | VMware, Inc.            | 2.4 kB  | 2.4 kB  | 12:35:15   |
      +-----------------+--------------------+----------+-------------------------+---------+---------+------------+
      
      ↑ 0 B / ↓ 3.2 MB / 11354 pkts / 0 errs