evillimiter-ng 2.3.1

Monitors, analyzes and limits the bandwidth of devices on the local network (Next Generation).

Evil Limiter Next Generation

A tool to monitor, analyze and limit the bandwidth (upload/download) of devices on your local network without physical or administrative access.

evillimiter-ng employs ARP spoofing and traffic shaping to throttle the bandwidth of hosts on the network.

Requirements

• Linux distribution
• Python 3 or greater

Possibly missing python packages will be installed during the installation process.

Installation

git clone https://github.com/KevinCrrl/evillimiter-ng.git
cd evillimiter-ng

# Arch-based systems (or using the AUR: https://aur.archlinux.org/packages/evillimiter-ng)
cd pkgbuild
makepkg -si

# Other GNU/Linux distros using a virtual env
python -m build
python -m installer dist/*.whl

# or

pip install .

Quick Start Example

After installation, you can start using the tool with the following basic workflow.

1. Start the program and specify your network interface:

evillimiter-ng -i wlan0

2. Scan the network for connected hosts:

scan

3. Limit bandwidth of a device (example: device ID 3 to 200kbit):

limit 3 200kbit

Example of a single-use command in the shell

# Scan the network, list hosts, block everyone for 20 seconds, and then restore connection.
echo "scan && hosts && block all && sleep 20 && free all && exit" | evillimiter-ng

Command-Line Arguments

Argument	Explanation
-h	Displays help message listing all command-line arguments
-i [Interface Name]	Specifies network interface (resolved if not specified)
-g [Gateway IP Address]	Specifies gateway IP address (resolved if not specified)
-m [Gateway MAC Address]	Specifies gateway MAC address (resolved if not specified)
-n [Netmask Address]	Specifies netmask (resolved if not specified)
-f	Flushes current iptables and tc configuration. Ensures that packets are dealt with correctly.

evillimiter-ng Commands

Command	Explanation
scan (--range [IP Range]) (--intensity [(1,2,3)])	Scans your network for online hosts. One of the first things to do after start. --range lets you specify a custom IP range. --intensity lets you specify the scan intensity / speed (1 = quick, 2 = normal (standard), 3 = intense). Example: scan --range 192.168.178.1-192.168.178.40 --intensity 1 or just scan.
hosts	Displays all scanned hosts and basic information.
limit [ID1,ID2,...] [Rate] (--upload) (--download)	Limits bandwidth of host(s) associated with specified ID.
block [ID1,ID2,...] (--upload) (--download)	Blocks internet connection of host(s).
free [ID1,ID2,...]	Removes bandwidth restrictions.
add [IP] (--mac [MAC])	Adds custom host manually.
monitor [ID1,ID2,...] (--interval [time in ms])	Monitor bandwidth usage of host(s).
analyze [ID1,ID2,...] (--duration [time in s])	Analyze traffic usage.
watch	Shows current watch status.
watch add [ID1,ID2,...]	Adds host(s) to watchlist.
watch remove [ID1,ID2,...]	Removes host(s) from watchlist.
watch set [Attribute] [Value]	Changes watch settings.
clear	Clears terminal window.
quit	Quits the application.
sleep	Waits for seconds.
?, help	Displays command help.

Restrictions

• Limits IPv4 connections only, since ARP spoofing requires ARP packets which exist only in IPv4 networks.

Legal Disclaimer

Please read the full legal disclaimer here:

LEGAL.md

License

Copyright (c) 2026 by KevinCrrl.

Licensed under the GPLv2 License.

For a detailed list of original authors, dependencies, and their respective licenses, see the CREDITS file.