Ettercap
Ettercap Ettercap is the classic MITM tool with ARP spoofing modules for poisoning caches and intercepting traffic, enabling DNS redirection or session hijacks in LAN tests. Compile its C code, target hosts via CLI with -M arp, and script plugins for custom DNS responses. Open-source from ettercap, it's the ARP artisan for pentesters crafting network illusions.
Explore →Bettercap
Bettercap Bettercap is the modern Swiss Army knife for ARP/DNS spoofing, with modules for cache poisoning and response forging to redirect traffic or inject payloads in real-time sessions. Run its Go binary with caplets for automated attacks, capturing creds via HTTP proxies. Open-source from bettercap, it's the spoofing sorcerer for ethical hackers templating MITM chains.
Explore →dsniff
dsniff dsniff's arpspoof and dnsspoof tools poison ARP tables and forge DNS replies for traffic rerouting, capturing unencrypted sessions in classic network attacks. Compile from C source, run arpspoof -i eth0 for gateways, chaining with urlsnarf for creds. Open-source from Dug Song, it's the dsniff duo for pentesters replaying old-school spoofing tricks.
Explore →Yersinia
Yersinia Yersinia is the layer 2 fuzzer with ARP spoofing attacks for cache overflows or gratuitous replies, testing switch resilience and enabling MITM in switched nets. Launch its C GTK app, select interfaces, and replay packets for spoof floods. Open-source from yersinia, it's the L2 lancer for network warriors probing ARP weaknesses.
Explore →Scapy
Scapy Scapy's ARP/DNS layers let you craft spoofed packets for cache poisoning or reply forgery, scripting send/receive loops for dynamic MITM in custom scenarios. Import in Python, build Ether/ARP frames, and sniff responses for validation. Open-source from secdev, it's the packet playwright for scripters staging spoof operas.
Explore →dnschef
dnschef dnschef is the DNS proxy spoofer that intercepts queries and forges responses for domain hijacks or traffic redirection in testing setups. Run its Python server with --fake for custom A records, chaining with ARP for full MITM. Open-source from iphelix, it's the DNS deceiver for pentesters templating resolution tricks.
Explore →arpspoof
arpspoof arpspoof from dsniff suite sends gratuitous ARP replies to poison caches, redirecting traffic for sniffing or injection in simple LAN attacks. Compile from C, run -t target -r for bidirectional spoofs, capturing with tcpdump. Open-source from Dug Song, it's the ARP anvil for quick MITM hammers.
Explore →mitmproxy
mitmproxy mitmproxy's ARP spoofing addon enables transparent interception with DNS resolution overrides for full traffic control in scripted sessions. Install via pip, configure --set arp_spoof=true, and manipulate flows with Python addons. Open-source from mitmproxy, it's the proxy poisoner for advanced network puppeteers.
Explore →dnsspoof
dnsspoof dnsspoof from dsniff listens for queries and injects forged replies from host files, spoofing resolutions for phishing or traffic diversion in tests. Run with -i interface and hosts.txt, logging queries for analysis. Open-source from Dug Song, it's the DNS doppelganger for pentesters mimicking malicious resolvers.
Explore →arpoison