whatisgithub

What is mitmf?

byt3bl33d3r/mitmf — explained in plain English

Analysis updated 2026-05-18

3,639PythonAudience · ops devopsComplexity · 4/5Setup · hard

In one sentence

An unmaintained Python framework for Man-In-The-Middle network attacks, now superseded by Bettercap.

Mindmap

mindmap
  root((MITMf))
    What it does
      MITM attacks
      Traffic interception
      Packet manipulation
    Tech stack
      Python
      Scapy
      Linux
    Use cases
      Pentesting
      Credential capture
      Traffic injection
    Audience
      Security professionals

Code map

Detail Auto

An interactive map of this repo's files and how they connect — its source is parsed live in your browser. Click Visualize to build it.

filefunction / class

What do people build with it?

USE CASE 1

Perform authorized ARP spoofing and traffic interception during a penetration test.

USE CASE 2

Capture legacy protocol credentials like FTP or Telnet on a test network.

USE CASE 3

Write a custom Scapy filter to inspect or modify intercepted packets live.

USE CASE 4

Combine spoofing, injection, and Responder plugins in a single security assessment.

What is it built with?

PythonScapyLinux

How does it compare?

byt3bl33d3r/mitmfgaubert/gmvaultlucasjinreal/tensorflow_poems
Stars3,6393,6393,638
LanguagePythonPythonPython
Setup difficultyhardeasymoderate
Complexity4/52/53/5
Audienceops devopsgeneralresearcher

Figures from each repo's GitHub metadata at analysis time.

How do you get it running?

Difficulty · hard Time to first run · 1h+

Requires Python 2.7 on Linux, the project is unmaintained and the README recommends Bettercap instead.

So what is it?

MITMf is a Python framework built for performing Man-In-The-Middle attacks and related network attacks on a local network, meant for security professionals doing authorized penetration testing rather than casual users. The README states plainly that the project is no longer being updated and recommends people use Bettercap instead, since it is more actively maintained and covers similar ground. MITMf itself was originally created to modernize this space when older tools like Ettercap and Mallory had significant gaps, and it was rewritten to be modular, so new attack techniques can be added as plugins. At its core, MITMf runs its own SMB, HTTP, and DNS servers alongside a modified SSLStrip proxy, which lets various plugins intercept and adjust network traffic, including a partial way to work around HSTS protections. Version 0.9.8 added active packet filtering and manipulation, letting a user write small Python scripts using the Scapy library to inspect and modify any intercepted packet type on the fly, without restarting the tool. It automatically captures credentials from a range of older, unencrypted protocols like FTP, IRC, Telnet, and SNMP using a bundled tool called Net-Creds, and integrates with Responder for poisoning name resolution protocols like LLMNR and NBT-NS. The framework ships with a long list of plugins covering different attack techniques: ARP, ICMP, DHCP, and DNS based traffic redirection through a Spoof plugin, HTML or JavaScript injection into pages a target views, a captive portal for redirecting all traffic to a chosen page, session hijacking, browser plugin enumeration, and even backdooring files sent over HTTP. Plugins are combined by passing multiple command line flags at once, for example running ARP spoofing together with content injection and Responder in a single command. This tool requires Python 2.7 and Linux, runs entirely from the command line, and is aimed squarely at people already familiar with network security testing rather than beginners.

Copy-paste prompts

Prompt 1
Explain what the Spoof plugin in MITMf does and how ARP poisoning works in this tool.
Prompt 2
Show me the MITMf command to run ARP spoofing with the Responder plugin on a test network.
Prompt 3
Write a simple Scapy filter script compatible with MITMf's packet filtering feature.
Prompt 4
Explain why this project's README recommends using Bettercap instead of MITMf today.

Frequently asked questions

What is mitmf?

An unmaintained Python framework for Man-In-The-Middle network attacks, now superseded by Bettercap.

What language is mitmf written in?

Mainly Python. The stack also includes Python, Scapy, Linux.

How hard is mitmf to set up?

Setup difficulty is rated hard, with roughly 1h+ to a first successful run.

Who is mitmf for?

Mainly ops devops.

Open on GitHub → Ask about another repo

This repo across BitVibe Labs

Verify against the repo before relying on details.