macOS
brew install bettercaplocal Homebrew formula metadata
sudo port install bettercapMacPorts ports tree · net/bettercap/Portfile · source: api.github.com
brew
Swiss army knife for network attacks and monitoring. Version 2.41.7 via Homebrew; verified 2026-05-11.
install
brew install bettercaplocal Homebrew formula metadata
sudo port install bettercapMacPorts ports tree · net/bettercap/Portfile · source: api.github.com
sudo apk add bettercapAlpine Linux edge package indexes · bettercap · source: dl-cdn.alpinelinux.org
sudo apt install bettercapDebian stable package indexes · bettercap · source: deb.debian.org
nix profile install nixpkgs#bettercapnixpkgs package indexes · pkgs/by-name/be/bettercap/package.nix · source: api.github.com
sudo pacman -S bettercapArch Linux sync databases · bettercap · source: geo.mirror.pkgbuild.com
sudo zypper install bettercapopenSUSE Tumbleweed package metadata · bettercap · source: download.opensuse.org
overview
Swiss army knife for network attacks and monitoring
history
bettercap is a Go-based network reconnaissance and attack framework packaged as a command-line tool for security researchers, red teamers, and reverse engineers. Its official description frames it as an all-in-one toolkit for Wi-Fi, Bluetooth Low Energy, HID, CAN-bus, IPv4, and IPv6 reconnaissance and MITM work.
The current public repository was created in January 2018 and hosts the Go implementation, documentation links, caplets, modules, tests, and release automation for bettercap 2.x. The project replaced the older single-purpose idea of a LAN MITM helper with a modular framework covering wireless and wired network attack surfaces.
Official release tags show the 2.x line continuing through regular maintenance and feature releases, including v2.40.0 in September 2024, v2.41.0 in January 2025, and v2.41.7 in May 2026.
bettercap became a common package-manager install for offensive-security labs because it combines sniffing, spoofing, Wi-Fi handshakes, BLE enumeration, packet/protocol proxies, and a REST/web UI under one executable. Homebrew, Debian/Ubuntu, Arch, Alpine, Nix, MacPorts, and openSUSE packaging in the input reflects that cross-platform adoption.
The GitHub repository's large star and fork counts, Docker image badge, and active release stream indicate that bettercap is used beyond macOS packaging: it is a standard tool people expect to be available in disposable lab machines, containers, and security-focused Unix environments.
Users typically run bettercap interactively or with caplets to discover hosts, inspect traffic, run spoofers, capture Wi-Fi handshakes, enumerate BLE devices, or script network experiments. Its official docs emphasize an interactive session workflow and module-driven operation rather than a single fire-and-forget scan command.
Because the tool performs real attack and monitoring functions, its practical use belongs in authorized security testing, lab networks, red-team exercises, and research settings.
bettercap is package-nerd interesting because it is one of the few security CLI packages that collapses many historically separate tools into one Go binary with modules, a web UI, REST API, caplets, and packaged defaults. It sits at the intersection of classic Unix networking tools, wireless security suites, and modern self-contained Go distribution.
For Homebrew-style package history, bettercap also illustrates how offensive-security tooling moved from language/runtime-heavy installs toward portable binaries that can be installed quickly on a laptop, container, or lab host and then extended with scripts and modules.
security posture
network interception and offensive security tool.
red risk · high confidence · escape-surveillance-offensive
Before unattended agent use, check whether the tool reads plaintext credentials, writes remote state, publishes artifacts, or shells out to plugins.
local files
These source-backed paths show where this package keeps local settings or durable credentials. Automic Vault can use them as review targets for secret scanning, migration, and command approval.
Config paths the tool may read or write during local use.
~/bettercap.envexecutables
| Command | Kind | Exposure | Note |
|---|---|---|---|
bettercap | cli | global executable |
freshness
These signals separate page generation age, package-manager activity, and upstream release comparison. Version lag is warned only when an evidence URL and comparable versions are present.
https://github.com/bettercap/bettercap
install metadata
| Package key | brew:bettercap |
|---|---|
| Version | 2.41.7 |
| Package manager | Homebrew |
| Package manager page | https://formulae.brew.sh/formula/bettercap |
| Homepage | https://www.bettercap.org/ |
| Repository | https://github.com/bettercap/bettercap |
| Upstream docs | https://www.bettercap.org/ |
| License | GPL-3.0-only |
| Source archive | https://github.com/bettercap/bettercap/archive/refs/tags/v2.41.7.tar.gz |
| Last updated | 2026-05-11T13:17:23Z |
| Pulse | updated |
| Dependencies | libusb |
| Build dependencies | go, pkgconf |
| Uses from macOS | libpcap |
| Bottle | available (on arm64_linux, arm64_sequoia, arm64_sonoma, arm64_tahoe, sonoma, x86_64_linux) |
| Homebrew post-install | not defined |
| Service | none declared |
| Caveats | bettercap requires root privileges so you will need to run `sudo bettercap`. You should be certain that you trust any software you grant root privileges. |
registry facts
| Source Database | Homebrew formula API |
|---|---|
| Tap | homebrew/core |
| Full Name | bettercap |
| Version Scheme | 0 |
| Revision | 0 |
| Head Version | HEAD |
| Bottle Stable Root URL | https://ghcr.io/v2/homebrew/core |
| Deprecated | no |
| Disabled | no |
| Keg Only | no |
| URL Keys |
|
source database matches
Matches are pulled from external package-manager indexes and kept separate from local Automic Vault package links.
bettercap 2.33.0-1+b9
Complete, modular, portable and easily extensible MITM framework
sudo apt install bettercapbettercap
nix profile install nixpkgs#bettercapbettercap 2.32.0-2build3
Complete, modular, portable and easily extensible MITM framework
sudo apt install bettercapbettercap 2.41.7-r0
The Swiss Army knife for 802.11, BLE, HID, CAN-bus, IPv4 and IPv6 networks reconnaissance and MITM attacks.
sudo apk add bettercapbettercap-doc 2.41.7-r0
The Swiss Army knife for 802.11, BLE, HID, CAN-bus, IPv4 and IPv6 networks reconnaissance and MITM attacks. (documentation)
sudo apk add bettercap-docbettercap 2.41.7-1
Swiss army knife for network attacks and monitoring
https://github.com/bettercap/bettercap
sudo pacman -S bettercapbettercap 2.41.7-1.1
Swiss army knife for network attacks and monitoring
sudo zypper install bettercapbettercap
sudo port install bettercapsource trail
This page is generated by av-web from the private package SQLite artifact built by scripts/generate-pkg-sqlite.py.
View the package source record on GitHub.