Automic VaultAutomic Vault

brew

Install arpoison with Homebrew, Nix

UNIX arp cache update utility. Version 0.7 via Homebrew; verified from local package data.

install

Additional install commands

macOS

Homebrewverified · 100%
brew install arpoison

local Homebrew formula metadata

Linux

Nixverified · 92%
nix profile install nixpkgs#arpoison

nixpkgs package indexes · pkgs/by-name/ar/arpoison/package.nix · source: api.github.com

overview

Package summary

UNIX arp cache update utility

Commands and aliases

  • arpoison

history

Project history and usage

arpoison is Steve Buer's small Unix ARP cache update utility. Its official site describes it tersely as a Unix ARP cache update utility and distributes a 0.7 source archive; the bundled manual page describes a command that constructs ARP request or reply packets with user-specified hardware and protocol addresses.

Project history

The official upstream surface is old-school: a static homepage, a tarball, a dependency note for libnet, and contact information. The 0.7 archive includes source, a README, a Makefile, a GPL license file, and an arpoison.8 manual page dated January 2003. No official HTTP source-control repository was found on the project homepage.

arpoison belongs to the early-2000s packet-construction utility era, when small C programs built on libnet were common tools for network labs and security testing. Its source and manual are focused on one task: generating custom ARP traffic rather than providing a broader scanning, discovery, or intrusion framework.

Adoption history

arpoison's adoption is necessarily narrow. It is useful to administrators, students, and security testers who need controlled ARP cache manipulation on a local network, but it is not a general-purpose network inventory tool or a modern maintained platform.

The package's continued value is mostly archival and practical: when a user needs a tiny utility that emits hand-crafted ARP packets, the package manager can still provide it without requiring a checkout from a live development project.

How it is used

The bundled README says the program sends a custom ARP reply packet with chosen hardware and protocol address information, relying on ARP's stateless behavior. The manual page documents options for interface, destination IP, source IP, target MAC, source MAC, ARP request mode, packet count, and delay between packets.

In practice, arpoison is used for controlled ARP cache updates and ARP poisoning experiments on local networks. Because it sends forged link-layer traffic, it is a privileged and security-sensitive command rather than a normal user productivity tool.

Why package nerds care

arpoison is significant mostly as a compact preservation package: one executable, one C source tree, one man page, and an official tarball. It is the sort of security utility where a package database should preserve the real upstream homepage and avoid promoting unrelated mirrors as official repositories.

Its metadata is also a reminder that old security tools often predate today's expectation of GitHub, release feeds, CI, and signed source releases. For this package, the conservative answer is source-backed history plus a null repository.

Timeline

  • 2003-01: The bundled manual page is dated January 2003.
  • 0.7: The official homepage distributes arpoison-0.7.tar.gz.

Related projects

  • libnet is the packet-construction library required by the official homepage and README.
  • arping and arp-scan live in the same ARP-tool neighborhood, but arpoison is specifically about crafted ARP cache update packets.

security posture

Risk level: green

narrow executable package without higher-risk signals.

Risk classifier

green risk · low confidence · appliance

Why

  • narrow executable package without higher-risk signals

Signals

  • metadata:no-higher-risk-signals

Install behavior

  • No Homebrew post-install hook is recorded in formula metadata.
  • Homebrew bottle metadata is available for 13 platform targets.
  • Installs with 1 runtime dependencies.

Recommended review

Before unattended agent use, check whether the tool reads plaintext credentials, writes remote state, publishes artifacts, or shells out to plugins.

executables

Installed executables

CommandKindExposureNote
arpoisoncliglobal executable

freshness

Version and freshness

These signals separate page generation age, package-manager activity, and upstream release comparison. Version lag is warned only when an evidence URL and comparable versions are present.

page generated2026-07-08
manager version0.7
manager updated
local dataok
upstreamnot checked
latest detectednot detected

http://www.arpoison.net/

  • infoNo package-manager update timestamp was available.low confidence
  • infoRelease/tag comparison is only available for GitHub repositories.http://www.arpoison.net/none confidence

install metadata

Package metadata

Package keybrew:arpoison
Version0.7
Package managerHomebrew
Package manager pagehttps://formulae.brew.sh/formula/arpoison
Homepagehttp://www.arpoison.net/
Upstream docshttp://www.arpoison.net/
LicenseGPL-2.0-only
Source archivehttps://dev.gentoo.org/~jsmolic/distfiles/arpoison-0.7.tar.gz
Dependencieslibnet
Bottleavailable (on arm64_big_sur, arm64_linux, arm64_monterey, arm64_sequoia, arm64_sonoma, arm64_tahoe, arm64_ventura, big_sur, catalina, monterey, sonoma, ventura, x86_64_linux)
Homebrew post-installnot defined
Servicenone declared

registry facts

Source database details

Source DatabaseHomebrew formula API
Taphomebrew/core
Full Namearpoison
Version Scheme0
Revision1
Bottle Stable Root URLhttps://ghcr.io/v2/homebrew/core
Deprecatedno
Disabledno
Keg Onlyno
URL Keys
  • stable

source database matches

Other package-manager records

Matches are pulled from external package-manager indexes and kept separate from local Automic Vault package links.

Nix95%

arpoison

nix profile install nixpkgs#arpoison
  • normalized package name match
  • Matched by: Arpoison
nixpkgs package indexes · api.github.com · nixpkgs package indexes: pkgs/by-name/ar/arpoison/package.nix from https://api.github.com/repos/NixOS/nixpkgs/git/trees/master?recursive=1

source trail

Generated from repository data

This page is generated by av-web from the private package SQLite artifact built by scripts/generate-pkg-sqlite.py.

Used sources

  • Geiger risk classifier
  • Nucleus package database
  • av.db category and tag curation
  • cross-ecosystem install command graph
  • curated package history
  • external package-manager database matches
  • package relationship graph
  • package version freshness
  • package-page enrichment