View Issue Details

IDProjectCategoryView StatusLast Update
0000266Kali Linux[All Projects] New Tool Requestspublic2018-01-29 15:15
ReporterDarkSnake-KobraAssigned To 
Status newResolutionreopened 
Product Version 
Target VersionFixed in Version 
Summary0000266: subterfuge
DescriptionTool request for subterfuge in future or current edition of Kali.



2013-04-14 22:59

reporter   ~0000371

Walk into Starbucks, plop down a laptop, click start, watch the credentials roll in. Enter Subterfuge, a Framework to take the arcane art of Man-in-the-Middle Attack and make it as simple as point and shoot. A beautiful, easy to use interface which produces a more transparent and effective attack is what sets Subterfuge apart from other attack tools. Subterfuge demonstrates vulnerabilities in the ARP Protocol by harvesting credentials that go across the network, and even exploiting machines through race conditions. Now walk into a corporation…

A rapidly-expanding portion of today’s Internet strives to increase personal efficiency by turning tedious or complex processes into a framework which provides instantaneous results. On the contrary, much of the information security community still finds itself performing manual, complicated tasks to administer and protect their computer networks. Given the increase in automated hacking tools, it is surprising that a simplistic, “push-button” tool has not been created for information security professionals to validate their networks’ ability to protect against a Man-In-The-Middle attack. Subterfuge is a small but devastatingly effective credential-harvesting program which exploits a vulnerability in the Address Resolution Protocol. It does this in a way that a non-technical user would have the ability, at the push of a button, to harvest all of the usernames and passwords of victims on their connected network, thus equipping information and network security professionals with a “push-button” security validation tool. This tool has also been tested in kali.
ARP MITM, Credential Harvesting, Code Injection, TunnelBlock

This is just some of the things Subterfuge can do



2013-09-27 22:14

administrator   ~0000911

The main problem with this, other than it being slow, is that it only works with Django 1.3.1 and the current Debian version is 1.4.5 so there would be a very large number of security issues introduced to the system, which I'm not going to do.
If the developer updates the code to work with at least the current Debian version of Django, feel free to re-open this request. The developer's bug tracker is here:


2013-11-28 20:13

reporter   ~0001103

New release according to developers which should resolve this issue.


2013-12-15 03:10

reporter   ~0001207

I am one of the developers of Subterfuge and its newest version; Public Release 1.0 has been uploaded to the Google Code site. It has been completely overhauled with an emphasis on speed and stability. It uses the current versions of the packages in the Debian repos (including Django), and is now in .deb form! I didn't want to reopen my issue (0000439) since it had already been classified as a "duplicate".

Please download the newest version here:

The file is much smaller now since we moved away from using SVN and we no longer have the stand-alone installer. We were very fortunate to have Subterfuge included in BT5r3 and would be honored if you would include the tool into Kali as well.


2013-12-28 12:29

reporter   ~0001242

thank you r00t0v3rr1d3 , hope kali dev team get it soon ,


2014-03-01 15:48

reporter   ~0001586

@Kali Dev Team:

Would it be possible to get an update on the request to add Subterfuge to Kali Linux? I am worried that this "Issue" has fallen to the bottom of the pile over time and might not be getting a second look because its status is "Closed -> feedback". I would be happy to create a new "Issue", but my last one was closed and categorized as a duplicate.

Thank you for your time.


2014-04-04 12:21

reporter   ~0001665

I tested subterfuge 1.0-1 on Kali 1.0.6, and it works quite well as a mitm + sslstrip solution. It works better than ettercap and A LOT better than arpspoof, really.
I couldn't get the code injection to work, however (used mitmproxy for that).


2014-04-04 14:36

administrator   ~0001666

We can't package .deb files. Upstream needs to provide this as a tarball.

Issue History

Date Modified Username Field Change
2013-04-14 22:13 DarkSnake-Kobra New Issue
2013-04-14 22:59 DarkSnake-Kobra Note Added: 0000371
2013-09-27 22:14 dookie Note Added: 0000911
2013-09-27 22:14 dookie Status new => closed
2013-09-27 22:14 dookie Assigned To => dookie
2013-09-27 22:14 dookie Resolution open => won't fix
2013-11-28 20:13 DarkSnake-Kobra Note Added: 0001103
2013-11-28 20:13 DarkSnake-Kobra Status closed => feedback
2013-11-28 20:13 DarkSnake-Kobra Resolution won't fix => reopened
2013-12-15 03:10 r00t0v3rr1d3 Note Added: 0001207
2013-12-28 12:29 saberzaid Note Added: 0001242
2014-03-01 15:48 r00t0v3rr1d3 Note Added: 0001586
2014-04-04 12:21 Spike Note Added: 0001665
2014-04-04 14:36 dookie Note Added: 0001666
2014-05-12 17:16 xploitx Issue cloned: 0001227
2018-01-29 15:15 g0tmi1k Assigned To dookie =>
2018-01-29 15:15 g0tmi1k Status feedback => new