updated docs

content/_index.md

@@ -5,7 +5,7 @@
 <img src="/logo.png" width="250px" style="margin-bottom:10px"/>
 <b>ベッターキャップ！</b>
 
-The Swiss Army knife for [WiFi](/modules/wifi/), [Bluetooth Low Energy](/modules/ble/), wireless [HID hijacking](/modules/hid/) and [IPv4 and IPv6](/modules/ethernet) networks reconnaissance and MITM attacks.
+The Swiss Army knife for [WiFi](/modules/wifi/), [Bluetooth Low Energy](/modules/ble/), wireless [HID hijacking](/modules/hid/), [CAN-bus](/modules/canbus/) and [IPv4 and IPv6](/modules/ethernet) networks reconnaissance and MITM attacks.
 
 Read the [project introduction](/intro/) to get an idea of what bettercap can do for you, [install](/installation/) it, [RTFM](/usage/) and start **hacking all the things!!!**
 
@@ -31,6 +31,4 @@ Follow @bettercap
 </div>
 </p>
 
-</center>
-
-<a class="twitter-timeline" data-dnt="true" data-theme="light" data-link-color="#599a3e" href="https://twitter.com/bettercap">Tweets by @bettercap</a>
+</center>

content/installation/_index.md

@@ -24,14 +24,10 @@ In order to be able to use bettercap, you'll need the following dependencies on
 
 BetterCAP is containerized using [Alpine Linux](https://alpinelinux.org/) -  a security-oriented, lightweight Linux distribution based on musl libc and busybox. The resulting Docker image is relatively small and easy to manage the dependencies. Since it is using a multi-stage build, **a Docker version greater than 17.05 is required**.
 
-To pull latest stable version of the image:
+To pull latest version of the image:
 
     docker pull bettercap/bettercap
 
-To pull latest source code build of the image:
-
-    docker pull bettercap/dev
-
 To run:
 
     docker run -it --privileged --net=host bettercap/bettercap -h

content/intro/_index.md

@@ -5,7 +5,7 @@ weight: 1
 draft: false
 ---
 
-bettercap is a powerful, easily extensible and portable framework written in Go which aims to offer to security researchers, red teamers and reverse engineers an **easy to use**, **all-in-one solution** with all the features they might possibly need for performing reconnaissance and attacking [WiFi](/modules/wifi/) networks, [Bluetooth Low Energy](/modules/ble/) devices, wireless [HID](/modules/hid/) devices and [IPv4/IPv6](/modules/ethernet) networks.
+bettercap is a powerful, easily extensible and portable framework written in Go which aims to offer to security researchers, red teamers and reverse engineers an **easy to use**, **all-in-one solution** with all the features they might possibly need for performing reconnaissance and attacking [WiFi](/modules/wifi/) networks, [Bluetooth Low Energy](/modules/ble/) devices, wireless [HID](/modules/hid/) devices, [CAN-bus](/modules/canbus/) and [IPv4/IPv6](/modules/ethernet) networks.
 
 ## Main Features
 
@@ -17,6 +17,7 @@ bettercap is a powerful, easily extensible and portable framework written in Go
 * **Proxies at packet level, TCP level and HTTP/HTTPS** application level fully scriptable with easy to implement **javascript plugins**.
 * A powerful **network sniffer** for **credentials harvesting** which can also be used as a **network protocol fuzzer**.
 * A very fast port scanner.
+* CAN-bus support for reading, injecting, **fuzzing**, loading custom DBC and builtin OBD2 PIDs parser.
 * A powerful [REST API](/modules/core/api.rest/) with support for asynchronous events notification on websocket to orchestrate your attacks easily.
 * An easy to use [web user interface](/usage/#web-ui).
 * [More!](/modules/)

content/modules/_index.md

@@ -7,4 +7,4 @@ draft: false
 
 Session modules are organized in the following categories:
 
-{{% children depth="999" %}}
+{{% children depth="1000" %}}

content/modules/canbus/_index.md

@@ -0,0 +1,121 @@
+---
+title: "CAN-bus"
+date: 2023-09-17T11:00:28+01:00
+draft: false
+weight: 5
+---
+
+This module supports scanning, injecting and fuzzing CAN-bus frames via socketcan compatible adapters.
+
+### Commands
+
+#### `can.recon on`
+
+Start CAN-bus discovery.
+
+#### `can.recon off`
+
+Stop CAN-bus discovery.
+
+#### `can.clear`
+
+Clear everything collected by the discovery module.
+
+#### `can.show`
+
+Show a list of detected CAN devices.
+
+#### `can.dbc.load NAME`
+
+Load a DBC file from the list of available ones or from disk.
+
+#### `can.inject FRAME_EXPRESSION`
+
+Parse FRAME_EXPRESSION as 'id#data' and inject it as a CAN frame.
+
+#### `can.fuzz ID_OR_NODE_NAME OPTIONAL_SIZE`
+
+If an hexadecimal frame ID is specified, create a randomized version of it and inject it. If a node name is specified, a random message for the given node will be instead used.
+
+### Parameters
+
+| Parameter | Default | Description |
+|-----------|---------|-------------|
+| `can.device` | `can0` | CAN-bus device. |
+| `can.dump` |  | Load CAN traffic from this candump log file. |
+| `can.dump.inject` | `false` | Write CAN traffic read form the candump log file to the selected can.device. |
+| `can.filter` |  | Optional boolean expression to select frames to report. |
+| `can.parse.obd2` | `false` | Enable built in OBD2 PID parsing. |
+| `can.transport` | `can` | Network type, can be 'can' for SocketCAN or 'udp'. |
+
+### Examples
+
+#### Read, write and fuzz raw frames
+
+The very basic of CAN-bus functionalities. Set your device and enable the module to start reading raw frames:
+
+```
+set can.device /dev/can0
+
+can.recon on
+```
+
+You can also load and **replay** a dump previously captured with candump:
+
+```
+set can.dump obd2-candump-2023-11-22_031813.log
+
+can.recon on
+```
+
+Inject raw frames as `id#hex-data`:
+
+```
+can.inject 0#aabbccddee
+```
+
+Or generate random ones for fuzzing with `can.fuzz id size`:
+
+```
+can.fuzz ff 8
+```
+
+And show a list of the detected ECUs:
+
+```
+can.show
+```
+
+#### Load your own DBC files, decode traffic and fuzz with them
+
+You can also use CAN-bus database files that describe a specific protocol, in which case bettercap will use it to automatically parse every frame on the bus ([css-electronics](https://www.csselectronics.com/pages/obd2-dbc-file) and [comma.ai](https://github.com/commaai/opendbc) have some very good ones):
+
+```
+set can.device /dev/can0
+
+can.dbc.load css-electronics/obd2-pack-v5/obd2-dbc/CSS-Electronics-11-bit-OBD2-v2.2.dbc
+
+can.recon on
+```
+
+When running with a DBC, you'll also be able to use use it for fuzzing. For instance, to generate a specific message given its id, with randomized content:
+
+```
+can.fuzz 12
+```
+
+To instead pick a random message from a specific ECU and generate its contents randomly:
+
+```
+can.fuzz ECU_name
+```
+
+#### Decode OBD2 PIDs with builtin decoder
+
+Alternatively to using a DBC, if you work with OBD2 standard PIDs, you can just enable the builtin PID parser:
+
+```
+set can.device /dev/can0
+set can.parse.obd2 true
+can.recon on
+```

content/modules/core/graph/_index.md

@@ -0,0 +1,39 @@
+---
+title: "graph"
+date: 2023-09-17T11:00:21+01:00
+draft: false
+weight: 0
+---
+
+A module to build a graph of WiFi and LAN nodes.
+
+### Commands
+
+#### `graph on`
+
+Start the graph module.
+
+#### `graph off` 
+
+Stop the graph module.
+
+#### `graph.to_dot MAC?` 
+
+Generate a dot graph file from the current graph (filtering by an optional MAC).
+
+#### `graph.to_json MAC?` 
+
+Generate a JSON file from the current graph (filtering by an optional MAC).
+
+### Parameters
+
+| parameter | default | description |
+|-----------|---------|-------------|
+| `graph.disconnected` | `false` | Include disconnected edges in the output graph. |
+| `graph.dot.layout` | `neato` | Layout for dot output. |
+| `graph.dot.name` | `bettergraph` | Graph name in the dot output. |
+| `graph.dot.output` | `bettergraph.dot` | File name for dot output. |
+| `graph.json.output` | `bettergraph.json` | File name for JSON output. |
+| `graph.path` | `/usr/local/share/bettercap/graph` | Base path for the graph database. |
+| `graph.privacy` | `false` | Obfuscate mac addresses. |
+

content/modules/core/ui/_index.md

@@ -9,17 +9,13 @@ A module to manage bettercap's UI updates and installed version.
 
 ### Commands
 
-#### `ui.version` 
+#### `ui.on`
 
-Print the currently installed UI version.
-
-#### `ui.update`
-
-Download the latest available version of the UI and install it.
+Activates the weui.
 
 ### Parameters
 
 | parameter | default | description |
 |-----------|---------|-------------|
-| `ui.basepath` | `/usr/local/share/bettercap/` | UI base installation path. |
-| `ui.tmpfile` | `/tmp/ui.zip` | Temporary file to use while downloading UI updates. |
+| `ui.address` | `127.0.0.1` | Address to bind the web ui to. |
+| `ui.port` | `8080` | Port to bind the web ui server to. |

content/modules/ethernet/_index.md

@@ -2,7 +2,7 @@
 title: "IPv4 / IPv6"
 date: 2019-02-25T11:10:07+01:00
 draft: false
-weight: 5
+weight: 6
 ---
 
 These modules offer reconnaissance, active probing (mDNS, NBNS, UPnP and WSD) of hosts, sniffing / credentials harvesting, port scanning, spoofing (MITM) and a few basic servers for IPv4 and IPv6 based networks:

content/modules/ethernet/spoofers/ndp.spoof/_index.md

@@ -24,4 +24,5 @@ Stop NDP spoofer.
 | `ndp.spoof.neighbour` | `fe80::1` | Neighbour IPv6 address to spoof, clear to disable NA. |
 | `ndp.spoof.prefix` | `d00d::` | IPv6 prefix for router advertisements spoofing, clear to disable RA. |
 | `ndp.spoof.prefix.length` | `64` | IPv6 prefix length for router advertisements. |
-| `ndp.spoof.targets` | | Comma separated list of IPv6 victim addresses. |
+| `ndp.spoof.targets` | | Comma separated list of IPv6 victim addresses. |
+| `ndp.spoof.router_lifetime` |  `10` |  Router lifetime for router advertisements in seconds. |

content/modules/utils/_index.md

@@ -2,7 +2,7 @@
 title: "Utils"
 date: 2019-02-25T11:37:35+01:00
 draft: false
-weight: 8
+weight: 7
 ---
 
 Various utility modules:

content/modules/utils/gps/_index.md

@@ -21,6 +21,10 @@ Stop acquiring from the GPS hardware.
 
 Show the last coordinates returned by the GPS hardware.
 
+#### `gps.set LAT LON`
+
+Manually set GPS location.
+
 ### Parameters
 
 | parameter | default | description |

content/modules/wifi/_index.md

@@ -12,6 +12,7 @@ The WiFi modules use a WiFi interface supporting monitor mode and packet injecti
 - perform [RSN PMKID based](https://www.evilsocket.net/2019/02/13/Pwning-WiFi-networks-with-bettercap-and-the-PMKID-client-less-attack/) clientless attacks on vulnerable access points 
 - *automatically sniff and save key material* either from complete WPA/WPA2 handshakes or PMKID packets.
 - send spoofed management beacons to create fake access points or fake client probes.
+- perform authentication wordlist attacks.
 
 {{% notice note %}}
 The interface only needs to support monitor mode and packet injection, it'll be bettercap itself to switch it to the right mode, just make sure there aren't other processes using the same wifi interface.
@@ -33,6 +34,14 @@ Start 802.11 wireless base stations discovery and handshakes/PMKID capture.
 
 Stop 802.11 wireless base stations discovery.
 
+#### `wifi.bruteforce on`
+
+Attempts to bruteforce WiFi authentication (see **bruteforce** specific parameters).
+
+#### `wifi.bruteforce off`
+
+Stop previously started bruteforcing.
+
 #### `wifi.clear`
 
 Clear all access points collected by the WiFi discovery module.
@@ -105,6 +114,17 @@ Inject fake management beacons in order to create a rogue access point ( require
 | `wifi.ap.channel` | `1` | Channel of the fake access point. |
 | `wifi.ap.encryption` | `true` | If true, the fake access point will use WPA2, otherwise it'll result as an open AP. |
 
+#### Bruteforce specific parameters
+
+| Parameter | Default | Description |
+|-----------|---------|-------------|
+| `wifi.bruteforce.stop_at_first` | `true` | Stop bruteforcing after the first successful attempt. |
+| `wifi.bruteforce.target` |  | One or more comma separated targets to bruteforce as ESSID or BSSID. Leave empty to bruteforce all visibile access points. |
+| `wifi.bruteforce.timeout` | `15` | Timeout in seconds for each association attempt. |
+| `wifi.bruteforce.wide` | `false` | Attempt a password for each access point before moving to the next one. |
+| `wifi.bruteforce.wordlist` | `/usr/share/dict/words` | Wordlist file to use for bruteforcing. |
+| `wifi.bruteforce.workers` | `1` | How many parallel workers. WARNING: Some routers will ban multiple concurrent attempts. |
+
 ### Examples
 
 Run bettercap using `eth0` as the main interface but start the wifi module on `wlan0` instead:
@@ -148,3 +168,13 @@ Will send management beacons as the fake access point "Banana" with BSSID `DE:AD
 > set wifi.ap.encryption false
 > wifi.recon on; wifi.ap
 ```
+
+Bruteforce using a wordlist:
+
+```
+> set wifi.interface en0
+> set wifi.bruteforce.target TargetRouter
+> set wifi.bruteforce.wordlist /path/to/your/wordlist.txt
+> set wifi.bruteforce.stop_at_first true
+> wifi.bruteforce on
+```

content/usage/webui/_index.md

@@ -9,35 +9,7 @@ draft: false
 The easiest way to start playing with bettercap is using its official [web user interface](https://github.com/bettercap/ui), in order to install it make sure you have the [latest version of bettercap](https://github.com/bettercap/bettercap/releases), then:
 
 ```sh
-sudo bettercap -eval "caplets.update; ui.update; q"
+sudo bettercap -eval "ui on"
 ```
 
-{{% notice warning %}}
-Only run `caplets.update` the first time as every time the entire system caplets folder is replaced with the downloaded contents from github, overwriting your changes, such as the credentials, with default values. You can either backup your changes and restore them later in the system folder, or simply copy the changed caplet files in bettercap's working directory, in which case they'll be loaded before the ones installed system wide.
-{{% /notice %}}
-
-This will download and update your caplets and web ui from the latest github releases.
-
-#### Local UI
-
-If you want both bettercap and the web ui running on your computer, you'll want to use the `http-ui` caplet which will start the `api.rest` and `http.server` modules on `127.0.0.1`. 
-
-Edit the default credentials in `/usr/local/share/bettercap/caplets/http-ui.cap` and then start the ui with:
-
-```sh
-sudo bettercap -caplet http-ui
-```
-
-Open your browser to `http://127.0.0.1/` and login using the credentials you configured in the previous step.
-
-#### Remote UI
-
-If instead you're running bettercap on another host, say on a RaspberryPI or another machine with a different IP address, you want to use the `https-ui` caplet in order for the connection to the UI and the api to be protected by TLS. The caplet will bind the modules on `0.0.0.0` and generate a self signed certificate you can then allow in your browser.
-
-Edit the default credentials in `/usr/local/share/bettercap/caplets/https-ui.cap` and then start the ui with:
-
-```sh
-sudo bettercap -caplet https-ui
-```
-
-Open your browser to `https://<ip of the machine>/` and login using the credentials you configured in the previous step.
+You can customize the UI (and REST API) settings, use `help ui` and `help api.rest` for more. 

docs/404.html

@@ -9,15 +9,15 @@
   <title>404 Page not found</title>
 
 
-    <link href="/css/nucleus.css?1721000863" rel="stylesheet">
-    <link href="/css/fontawesome-all.min.css?1721000863" rel="stylesheet">
-    <link href="/css/hybrid.css?1721000863" rel="stylesheet">
-    <link href="/css/featherlight.min.css?1721000863" rel="stylesheet">
-    <link href="/css/perfect-scrollbar.min.css?1721000863" rel="stylesheet">
-    <link href="/css/theme.css?1721000863" rel="stylesheet">
-    <link href="/css/hugo-theme.css?1721000863" rel="stylesheet">
+    <link href="/css/nucleus.css?1726565315" rel="stylesheet">
+    <link href="/css/fontawesome-all.min.css?1726565315" rel="stylesheet">
+    <link href="/css/hybrid.css?1726565315" rel="stylesheet">
+    <link href="/css/featherlight.min.css?1726565315" rel="stylesheet">
+    <link href="/css/perfect-scrollbar.min.css?1726565315" rel="stylesheet">
+    <link href="/css/theme.css?1726565315" rel="stylesheet">
+    <link href="/css/hugo-theme.css?1726565315" rel="stylesheet">
 
-      <link href="/css/theme-green.css?1721000863" rel="stylesheet">
+      <link href="/css/theme-green.css?1726565315" rel="stylesheet">
 
 <style>
     :root #header + #content > #left > #rlblock_left {