TOOLS_SUITE
NETWORK_ATTACKS
ACTIVE22 modulesPython

HERMES

Home network intelligence and control toolkit.

Twenty-two Python modules for LAN reconnaissance, MITM, traffic analysis, device control, and WiFi attack surface. ARP spoof with automatic tcpdump capture, DNS query extraction from pcap, HTTP response injection, RTSP camera discovery, MQTT IoT manipulation, UPnP NAT traversal, BLE scanning, and 802.11 deauth/PMKID/handshake capture/evil twin attacks. All commands require root (raw socket access). Scapy for packet crafting, nmap for port scanning, tcpdump for capture.

scroll to access

Kill_Chain_Position

Reconnaissance
Initial_Access
Execution
Persistence
Privilege_Escalation
Lateral_Movement
Collection
Command_& Control
Exfiltration

Capabilities

What it can do.

ARP scan + mDNS + SSDP

Multi-protocol device discovery with concurrent ARP, mDNS PTR, and UPnP M-SEARCH; merged inventory with MAC OUI vendor lookup

ARP spoof MITM + capture

Bidirectional ARP poisoning with automatic IP forwarding toggle; spawning tcpdump subprocess for full pcap; graceful ARP restore on exit

DNS query analysis

DNS request extraction from live sniff or saved pcap via scapy rdpcap; per-device query summary with domain categorization

HTTP sniffing + injection

Passive HTTP host/URL/UA logging + TLS SNI extraction; active response injection: BeEF hook, keylogger, redirect

Device control (iptables/tc)

Block/unblock devices via iptables DROP rules; bandwidth limit via tc qdisc; full reset to restore connectivity

MQTT IoT enumeration + injection

MQTT broker scan, topic enumeration, live message listening, and arbitrary topic publish for IoT device control

BLE scan + GATT read/write

Bluetooth Low Energy device discovery via bleak; service/characteristic enumeration; read values and write to writable characteristics

WiFi attack suite

802.11 deauth injection, WPA2 PMKID capture, 4-way handshake capture, rogue AP with captive portal, evil twin detection via BSSID comparison

Architecture

How it's built.

Python 3.11+ with 7 runtime deps: scapy (packet crafting/sniffing), typer (CLI), rich (terminal output), python-nmap (nmap wrapper with XML parsing), bleak (BLE), paho-mqtt (MQTT), requests (HTTP). Thirty-two Typer CLI subcommands organized into discovery, MITM, traffic analysis, device control, HTTP injection, RTSP, MQTT, UPnP, BLE, RF, and WiFi groups. Core utilities: iface.py auto-detects IP/MAC/gateway/subnet from /proc/net/route; vendor.py looks up MAC OUI from /usr/share/ieee-data/oui.txt with embedded fallback table; logger.py outputs structured JSON logs. All commands require sudo (raw socket access) with explicit RuntimeError if socket fails with EPERM. ARP restore in mitm.py always executes via try/finally.

Engagement_Types

Where it fits.

Internal network penetration testingIoT security assessmentWiFi security auditData exfiltration simulation

Also_In_The_Suite

Secure_Channel

Authorized engagements only.

All work requires a signed scope document. Initial contact is encrypted. Response within 48h.

INITIALIZE_CONTACT