# Install bettercap with Homebrew, apk, apt, MacPorts, Nix, pacman, zypper

Swiss army knife for network attacks and monitoring. Version 2.41.7 via Homebrew; verified 2026-05-11.

## Install

```sh
sudo av install brew:bettercap
```

Additional install commands:

### macOS

- Homebrew (100%):

```sh
brew install bettercap
```

  Evidence: local Homebrew formula metadata

- MacPorts (94%):

```sh
sudo port install bettercap
```

  Evidence: MacPorts ports tree: net/bettercap/Portfile from https://api.github.com/repos/macports/macports-ports/git/trees/master?recursive=1

### Linux

- apk (92%):

```sh
sudo apk add bettercap
```

  Evidence: Alpine Linux edge package indexes: bettercap from https://dl-cdn.alpinelinux.org/alpine/edge/testing/x86_64/APKINDEX.tar.gz

- Debian apt (92%):

```sh
sudo apt install bettercap
```

  Evidence: Debian stable package indexes: bettercap from https://deb.debian.org/debian/dists/stable/main/binary-amd64/Packages.xz

- Nix (92%):

```sh
nix profile install nixpkgs#bettercap
```

  Evidence: nixpkgs package indexes: pkgs/by-name/be/bettercap/package.nix from https://api.github.com/repos/NixOS/nixpkgs/git/trees/master?recursive=1

- pacman (92%):

```sh
sudo pacman -S bettercap
```

  Evidence: Arch Linux sync databases: bettercap from https://geo.mirror.pkgbuild.com/extra/os/x86_64/extra.db.tar.gz

- zypper (92%):

```sh
sudo zypper install bettercap
```

  Evidence: openSUSE Tumbleweed package metadata: bettercap from https://download.opensuse.org/tumbleweed/repo/oss/repodata/be8d3611d25469107f32075a1697e69ec57a2b850b42348a658cc671ad5ec2b50760d02c3e59524d50da9a11d5be799bdaffba2e166e8ca8858512e3c0bd665d-primary.xml.zst

## Package facts

- **Package key:** brew:bettercap
- **Package manager:** Homebrew
- **Package manager page:** <https://formulae.brew.sh/formula/bettercap>
- **Version:** 2.41.7
- **Source summary:** Swiss army knife for network attacks and monitoring
- **Homepage:** <https://www.bettercap.org/>
- **Repository:** <https://github.com/bettercap/bettercap>
- **Upstream docs:** <https://www.bettercap.org/>
- **License:** GPL-3.0-only
- **Source archive:** <https://github.com/bettercap/bettercap/archive/refs/tags/v2.41.7.tar.gz>
- **Last updated:** 2026-05-11T13:17:23Z
- **Generated:** 2026-07-08T07:18:31+00:00

## Executables

- bettercap (cli)
- bettercap (alias)

## Dependencies

- libusb

## Build dependencies

- go
- pkgconf

## Uses from macOS

- libpcap

## Install behavior

- Post-install hook: not defined
- Caveats: bettercap requires root privileges so you will need to run `sudo bettercap`. You should be certain that you trust any software you grant root privileges.
- Bottle: available on arm64_linux, arm64_sequoia, arm64_sonoma, arm64_tahoe, sonoma, x86_64_linux

## Freshness

- Page generated: 2026-07-08
- Package-manager version: 2.41.7
- Package-manager updated: 2026-05-11
- Local data: ok
- Upstream repository: https://github.com/bettercap/bettercap
- Upstream latest detected: v2.41.7 (current)
## Project history and usage

bettercap is a Go-based network reconnaissance and attack framework packaged as a command-line tool for security researchers, red teamers, and reverse engineers. Its official description frames it as an all-in-one toolkit for Wi-Fi, Bluetooth Low Energy, HID, CAN-bus, IPv4, and IPv6 reconnaissance and MITM work.

### Project history

The current public repository was created in January 2018 and hosts the Go implementation, documentation links, caplets, modules, tests, and release automation for bettercap 2.x. The project replaced the older single-purpose idea of a LAN MITM helper with a modular framework covering wireless and wired network attack surfaces.

Official release tags show the 2.x line continuing through regular maintenance and feature releases, including v2.40.0 in September 2024, v2.41.0 in January 2025, and v2.41.7 in May 2026.

### Adoption history

bettercap became a common package-manager install for offensive-security labs because it combines sniffing, spoofing, Wi-Fi handshakes, BLE enumeration, packet/protocol proxies, and a REST/web UI under one executable. Homebrew, Debian/Ubuntu, Arch, Alpine, Nix, MacPorts, and openSUSE packaging in the input reflects that cross-platform adoption.

The GitHub repository's large star and fork counts, Docker image badge, and active release stream indicate that bettercap is used beyond macOS packaging: it is a standard tool people expect to be available in disposable lab machines, containers, and security-focused Unix environments.

### How it is used

Users typically run bettercap interactively or with caplets to discover hosts, inspect traffic, run spoofers, capture Wi-Fi handshakes, enumerate BLE devices, or script network experiments. Its official docs emphasize an interactive session workflow and module-driven operation rather than a single fire-and-forget scan command.

Because the tool performs real attack and monitoring functions, its practical use belongs in authorized security testing, lab networks, red-team exercises, and research settings.

### Why package nerds care

bettercap is package-nerd interesting because it is one of the few security CLI packages that collapses many historically separate tools into one Go binary with modules, a web UI, REST API, caplets, and packaged defaults. It sits at the intersection of classic Unix networking tools, wireless security suites, and modern self-contained Go distribution.

For Homebrew-style package history, bettercap also illustrates how offensive-security tooling moved from language/runtime-heavy installs toward portable binaries that can be installed quickly on a laptop, container, or lab host and then extended with scripts and modules.

### Timeline

- 2018: Current bettercap/bettercap GitHub repository created for the Go-based 2.x project.
- 2024: v2.40.0 released, showing the mature 2.x line still receiving updates.
- 2025: v2.41.0 released.
- 2026: v2.41.7 published in May, with repository activity continuing in June.

### Related projects

- Related tools include Wireshark and tcpdump for packet inspection, aircrack-ng for Wi-Fi security workflows, mitmproxy for programmable proxying, nmap for network discovery, and ettercap as an older MITM-oriented tool whose niche bettercap partly modernized.

### Sources

- <https://api.github.com/repos/bettercap/bettercap>
- <https://api.github.com/repos/bettercap/bettercap/releases>
- <https://raw.githubusercontent.com/bettercap/bettercap/master/README.md>
- source_facts.package-manager


## Security Notes

network interception and offensive security tool.

- **Geiger risk:** red / high
- network interception and offensive security tool


## Configuration and credential file locations

These source-backed paths show where this package keeps local settings or durable credentials. Automic Vault can use them as review targets for secret scanning, migration, and command approval.


## Configuration files

- Unix: ~/bettercap.env
## Source Database Details

- **Source Database:** Homebrew formula API
- **Tap:** homebrew/core
- **Full Name:** bettercap
- **Version Scheme:** 0
- **Revision:** 0
- **Head Version:** HEAD
- **Bottle Stable Root URL:** <https://ghcr.io/v2/homebrew/core>
- **Deprecated:** no
- **Disabled:** no
- **Keg Only:** no
- **URL Keys:** head, stable

## Other Package-Manager Records

- Debian apt - bettercap - 2.33.0-1+b9: normalized package name match | Debian stable package indexes: bettercap from https://deb.debian.org/debian/dists/stable/main/binary-amd64/Packages.xz | Complete, modular, portable and easily extensible MITM framework | https://www.bettercap.org
- Nix - bettercap: normalized package name match | nixpkgs package indexes: pkgs/by-name/be/bettercap/package.nix from https://api.github.com/repos/NixOS/nixpkgs/git/trees/master?recursive=1
- Ubuntu apt - bettercap - 2.32.0-2build3: normalized package name match | Ubuntu 24.04 LTS package indexes: bettercap from https://archive.ubuntu.com/ubuntu/dists/noble/universe/binary-amd64/Packages.gz | Complete, modular, portable and easily extensible MITM framework | https://www.bettercap.org
- apk - bettercap - 2.41.7-r0: normalized package name match | Alpine Linux edge package indexes: bettercap from https://dl-cdn.alpinelinux.org/alpine/edge/testing/x86_64/APKINDEX.tar.gz | The Swiss Army knife for 802.11, BLE, HID, CAN-bus, IPv4 and IPv6 networks reconnaissance and MITM attacks. | https://www.bettercap.org/
- apk - bettercap-doc - 2.41.7-r0: normalized package name match | Alpine Linux edge package indexes: bettercap-doc from https://dl-cdn.alpinelinux.org/alpine/edge/testing/x86_64/APKINDEX.tar.gz | The Swiss Army knife for 802.11, BLE, HID, CAN-bus, IPv4 and IPv6 networks reconnaissance and MITM attacks. (documentation) | https://www.bettercap.org/
- pacman - bettercap - 2.41.7-1: normalized package name match | Arch Linux sync databases: bettercap from https://geo.mirror.pkgbuild.com/extra/os/x86_64/extra.db.tar.gz | Swiss army knife for network attacks and monitoring | https://github.com/bettercap/bettercap
- zypper - bettercap - 2.41.7-1.1: normalized package name match | openSUSE Tumbleweed package metadata: bettercap from https://download.opensuse.org/tumbleweed/repo/oss/repodata/be8d3611d25469107f32075a1697e69ec57a2b850b42348a658cc671ad5ec2b50760d02c3e59524d50da9a11d5be799bdaffba2e166e8ca8858512e3c0bd665d-primary.xml.zst | Swiss army knife for network attacks and monitoring | https://www.bettercap.org/
- MacPorts - bettercap: normalized package name match | MacPorts ports tree: net/bettercap/Portfile from https://api.github.com/repos/macports/macports-ports/git/trees/master?recursive=1


## Related links

- [Secret-risk packages](https://www.automicvault.com/pkg/secret-risk-packages/) - Has protected-tool coverage, approval-gate, or non-low Geiger security signals.
- [Terminal utility packages](https://www.automicvault.com/pkg/terminal-utilities/) - Matched terminal and command-line workflow metadata.
- [Networking and protocol packages](https://www.automicvault.com/pkg/networking-protocol-tools/) - Matched network, protocol, or remote-service metadata.
- [Security and crypto packages](https://www.automicvault.com/pkg/security-crypto-tools/) - Matched security, identity, cryptography, password, signing, or certificate metadata.
- [go](https://www.automicvault.com/pkg/brew/go/) - Build dependency declared by Homebrew.
- [pkgconf](https://www.automicvault.com/pkg/brew/pkgconf/) - Build dependency declared by Homebrew.
- [aide](https://www.automicvault.com/pkg/brew/aide/) - Shares av.db curated category or tags: cli, monitoring, security.
- [arpoison](https://www.automicvault.com/pkg/brew/arpoison/) - Shares av.db curated category or tags: cli, network-security, security.
- [ettercap](https://www.automicvault.com/pkg/brew/ettercap/) - Shares av.db curated category or tags: cli, network-security, security.
- [fragroute](https://www.automicvault.com/pkg/brew/fragroute/) - Shares av.db curated category or tags: cli, network-security, security.
- [kekkai](https://www.automicvault.com/pkg/brew/kekkai/) - Shares av.db curated category or tags: cli, monitoring, security.
- [killswitch](https://www.automicvault.com/pkg/brew/killswitch/) - Shares av.db curated category or tags: cli, network-security, security.
- [logcheck](https://www.automicvault.com/pkg/brew/logcheck/) - Shares av.db curated category or tags: cli, monitoring, security.
- [openssh](https://www.automicvault.com/pkg/brew/openssh/) - Shares av.db curated category or tags: cli, network-security, security.
- [suricata](https://www.automicvault.com/pkg/brew/suricata/) - Security-sensitive metadata or terminology overlaps. Shared terms: cli, monitoring, network, network-security, security.
- [zeek](https://www.automicvault.com/pkg/brew/zeek/) - Security-sensitive metadata or terminology overlaps. Shared terms: cli, monitoring, network, network-security, security.

## Combined YAML source

View the package source record on GitHub. [combined/bettercap.yml](https://github.com/automic-vault/db/blob/main/combined/bettercap.yml)


## Sources

- Nucleus package database
- Geiger risk classifier
- package-page enrichment
- curated configuration and credential file locations
- curated package history
- package version freshness
- av.db category and tag curation
- package relationship graph
- external package-manager database matches
- cross-ecosystem install command graph
