Perform authorized ARP spoofing and traffic interception during a penetration test.
Capture legacy protocol credentials like FTP or Telnet on a test network.
Write a custom Scapy filter to inspect or modify intercepted packets live.
Combine spoofing, injection, and Responder plugins in a single security assessment.
| byt3bl33d3r/mitmf | gaubert/gmvault | lucasjinreal/tensorflow_poems | |
|---|---|---|---|
| Stars | 3,639 | 3,639 | 3,638 |
| Language | Python | Python | Python |
| Setup difficulty | hard | easy | moderate |
| Complexity | 4/5 | 2/5 | 3/5 |
| Audience | ops devops | general | researcher |
Figures from each repo's GitHub metadata at analysis time.
Requires Python 2.7 on Linux, the project is unmaintained and the README recommends Bettercap instead.
MITMf is a Python framework built for performing Man-In-The-Middle attacks and related network attacks on a local network, meant for security professionals doing authorized penetration testing rather than casual users. The README states plainly that the project is no longer being updated and recommends people use Bettercap instead, since it is more actively maintained and covers similar ground. MITMf itself was originally created to modernize this space when older tools like Ettercap and Mallory had significant gaps, and it was rewritten to be modular, so new attack techniques can be added as plugins. At its core, MITMf runs its own SMB, HTTP, and DNS servers alongside a modified SSLStrip proxy, which lets various plugins intercept and adjust network traffic, including a partial way to work around HSTS protections. Version 0.9.8 added active packet filtering and manipulation, letting a user write small Python scripts using the Scapy library to inspect and modify any intercepted packet type on the fly, without restarting the tool. It automatically captures credentials from a range of older, unencrypted protocols like FTP, IRC, Telnet, and SNMP using a bundled tool called Net-Creds, and integrates with Responder for poisoning name resolution protocols like LLMNR and NBT-NS. The framework ships with a long list of plugins covering different attack techniques: ARP, ICMP, DHCP, and DNS based traffic redirection through a Spoof plugin, HTML or JavaScript injection into pages a target views, a captive portal for redirecting all traffic to a chosen page, session hijacking, browser plugin enumeration, and even backdooring files sent over HTTP. Plugins are combined by passing multiple command line flags at once, for example running ARP spoofing together with content injection and Responder in a single command. This tool requires Python 2.7 and Linux, runs entirely from the command line, and is aimed squarely at people already familiar with network security testing rather than beginners.
An unmaintained Python framework for Man-In-The-Middle network attacks, now superseded by Bettercap.
Mainly Python. The stack also includes Python, Scapy, Linux.
Setup difficulty is rated hard, with roughly 1h+ to a first successful run.
Mainly ops devops.
This repo across BitVibe Labs
Verify against the repo before relying on details.