WIRELESS

NUMEROUS LINKS TO WIRELESS SECURITY TOOLS

http://www.corecom.com/html/wlan_tools.html

AIRCRACK

http://www.aircrack-ng.org/doku.php

AIRCRACK IS AN 802.11 WEP AND WPA-PSK KEYS CRACKING PROGRAM THAT CAN RECOVER KEYS ONCE ENOUGH DATA PACKETS HAVE BEEN CAPTURED. IT IMPLEMENTS THE STANDARD FMS ATTACK ALONG WITH SOME OPTIMIZATIONS LIKE KOREK ATTACKS, THUS MAKING THE ATTACK MUCH FASTER COMPARED TO OTHER WEP CRACKING TOOLS. IN FACT AIRCRACK IS A SET OF TOOLS FOR AUDITING WIRELESS NETWORKS.

AIRSNORT

http://airsnort.shmoo.com/

AIRSNORT IS A WIRELESS LAN (WLAN) TOOL WHICH RECOVERS ENCRYPTION KEYS. AIRSNORT OPERATES BY PASSIVELY MONITORING TRANSMISSIONS, COMPUTING THE ENCRYPTION KEY WHEN ENOUGH PACKETS HAVE BEEN GATHERED.

AIRSNARF

http://airsnarf.shmoo.com/

AIRSNARF IS A SIMPLE ROGUE WIRELESS ACCESS POINT SETUP UTILITY DESIGNED TO DEMONSTRATE HOW A ROGUE AP CAN STEAL USERNAMES AND PASSWORDS FROM PUBLIC WIRELESS HOTSPOTS. AIRSNARF WAS DEVELOPED AND RELEASED TO DEMONSTRATE AN INHERENT VULNERABILITY OF PUBLIC 802.11B HOTSPOTS—SNARFING USERNAMES AND PASSWORDS BY CONFUSING USERS WITH DNS AND HTTP REDIRECTS FROM A COMPETING AP.

AP RADAR

http://apradar.sourceforge.net/

AP RADAR IS A LINUX/GTK+ BASED GRAPHICAL NETSTUMBLER AND WIRELESS PROFILE MANAGER. THIS PROJECT MAKES USE OF THE VERSION 14 WIRELESS EXTENSIONS IN LINUX 2.4.20 AND 2.6 TO PROVIDE ACCESS POINT SCANNING CAPABILITIES FOR MOST MODELS OF WIRELESS CARDS. IT IS MEANT TO REPLACE THE MANUAL PROCESS OF RUNNING IWCONFIG AND DHCLIENT. IT MAKES RECONFIGURING FOR DIFFERENT APS QUICK AND EASY.

BLUESNIFF

http://bluesniff.shmoo.com/bluesniff-0.1.tar.gz

A POC BLUETOOTH WAR-DRIVING UTILITY. BLUESNIFF PROVIDES A GUI FOR FINDING DISCOVERABLE AND HIDDEN BLUETOOTH DEVICES.

BLUEDIVING

http://sourceforge.net/projects/bluediving

BLUEDIVING IS A BLUETOOTH PENETRATION TESTING SUITE. IT IMPLEMENTS ATTACKS LIKE BLUEBUG, BLUESNARF, BLUESNARF++, BLUESMACK, AND HAS FEATURES SUCH AS BLUETOOTH ADDRESS SPOOFING

FAKEAP

http://www.blackalchemy.to/project/fakeap/

IF ONE ACCESS POINT IS GOOD, 53,000 MUST BE BETTER. BLACK ALCHEMY'S FAKE AP GENERATES THOUSANDS OF COUNTERFEIT 802.11B ACCESS POINTS. HIDE IN PLAIN SIGHT AMONGST FAKE AP'S CACOPHONY OF BEACON FRAMES. AS PART OF A HONEYPOT OR AS AN INSTRUMENT OF YOUR SITE SECURITY PLAN, FAKE AP CONFUSES WARDRIVERS, NETSTUMBLERS, SCRIPT KIDDIES, AND OTHER UNDESIRABLES.

RAW GLUE AP

http://rfakeap.tuxfamily.org/#Raw_Glue_AP

A PROOF-OF-CONCEPT TOOL THAT TRIES TO CATCH WIRELESS STATIONS THAT ARE SEARCHING FOR PREFERRED SSIDS THANKS TO WIRELESS RAW INJECTION AND MONITOR MODE.

RAW COVERT

http://rfakeap.tuxfamily.org/#Raw_Covert

A PROOF-OF-CONCEPT TOOL THAT USES ACK FRAMES TO INITIATE A COVERT CHANNEL THANKS TO WIRELESS RAW INJECTION AND MONITOR MODE.

PYTHON RAW COVERT

http://rfakeap.tuxfamily.org/#Python_Raw_Covert

AN IMPROVED VERSION OF RAW COVERT IN PYTHON WITH TUNNEL MODE.

WIFI ADVANCED STEALTH PATCHES

http://rfakeap.tuxfamily.org/#WiFi_Advanced_Stealth_Patches

SOME PROOF-OF-CONCEPT PATCHES FOR MADWIFI-NG TO IMPLEMENT STEALTH AT LOW-COST BY TWEAKING THE 802.11 MAC LAYER.

WELLENREITER

http://packetstormsecurity.org/wireless/Wellenreiter-v1.9.tar.gz

WELLENREITER IS A WIRELESS NETWORK DISCOVERY AND AUDITING TOOL. IT CAN DISCOVER NETWORKS (BSS/IBSS), AND DETECTS ESSID BROADCASTING OR NON-BROADCASTING NETWORKS AND THEIR WEP CAPABILITIES AND THE MANUFACTURER AUTOMATICALLY.

KARMA

http://theta44.org/karma/index.html

KARMA IS A SET OF TOOLS FOR ASSESSING THE SECURITY OF WIRELESS CLIENTS AT MULTIPLE LAYERS. WIRELESS SNIFFING TOOLS DISCOVER CLIENTS AND THEIR PREFERRED/TRUSTED NETWORKS BY PASSIVELY LISTENING FOR 802.11 PROBE REQUEST FRAMES. FROM THERE, INDIVIDUAL CLIENTS CAN BE TARGETED BY CREATING A ROGUE AP FOR ONE OF THEIR PROBED NETWORKS (WHICH THEY MAY JOIN AUTOMATICALLY) OR USING A CUSTOM DRIVER THAT RESPONDS TO PROBES AND ASSOCIATION REQUESTS FOR ANY SSID. HIGHER-LEVEL FAKE SERVICES CAN THEN CAPTURE CREDENTIALS OR EXPLOIT CLIENT-SIDE VULNERABILITIES ON THE HOST.

WEPATTACK

http://wepattack.sourceforge.net/

WEPATTACK IS A WLAN OPEN SOURCE LINUX TOOL FOR BREAKING 802.11 WEP KEYS. THIS TOOL IS BASED ON AN ACTIVE DICTIONARY ATTACK THAT TESTS MILLIONS OF WORDS TO FIND THE RIGHT KEY. ONLY ONE PACKET IS REQUIRED TO START AN ATTACK.

WEPCRACK

http://wepcrack.sourceforge.net/

WEPCRACK IS AN OPEN SOURCE TOOL FOR BREAKING 802.11 WEP SECRET KEYS. THIS TOOL IS AN IMPLEMENTATION OF THE ATTACK DESCRIBED BY FLUHRER, MANTIN, AND SHAMIR IN THE PAPER "WEAKNESSES IN THE KEY SCHEDULING ALGORITHM OF RC4"

COWPATTY

http://www.churchofwifi.org/FileLib/9-cowpatty-4.0.zip

BRUTE-FORCE DICTIONARY ATTACK AGAINST WPA-PSK.

ASLEAP

http://asleap.sourceforge.net/

ASLEEP IS A TOOL DESIGNED TO RECOVER WEAK LEAP (CISCO'S LIGHTWEIGHT EXTENSIBLE AUTHENTICATION PROTOCOL) AND PPTP PASSWORDS, ASLEAP CAN PERFORM: THE NEW VERSION OF ASLEAP HAS A BUNCH OF INTERESTING FEATURES:

  • RECOVERS WEAK LEAP PASSWORDS (DUH).
  • CAN READ LIVE FROM ANY WIRELESS INTERFACE IN RFMON MODE.
  • CAN MONITOR A SINGLE CHANNEL, OR PERFORM CHANNEL HOPPING TO LOOK FOR TARGETS.
  • WILL ACTIVELY DEAUTHENTICATE USERS ON LEAP NETWORKS, FORCING THEM TO REAUTHENTICATE. THIS MAKES THE CAPTURE OF LEAP PASSWORDS VERY FAST.
  • WILL ONLY DEAUTH USERS WHO HAVE NOT ALREADY BEEN SEEN, DOESN'T WASTE TIME ON USERS WHO ARE NOT RUNNING LEAP.
  • CAN READ FROM STORED LIBPCAP FILES, OR AIROPEEK NX FILES (1.X OR 2.X FILES).
  • USES A DYNAMIC DATABASE TABLE AND INDEX TO MAKE LOOKUPS ON LARGE FILES VERY FAST. REDUCES THE WORST-CASE SEARCH TIME TO .0015% AS OPPOSED TO LOOKUPS IN A FLAT FILE.
  • CAN WRITE JUST THE LEAP EXCHANGE INFORMATION TO A LIBPCAP FILE. THIS COULD BE USED TO CAPTURE LEAP CREDENTIALS WITH A DEVICE SHORT ON DISK SPACE (LIKE AN IPAQ), AND THEN PROCESS THE LEAP CREDENTIALS STORED IN THE LIBPCAP FILE ON A SYSTEM WITH MORE STORAGE RESOURCES.

WIFITAP

http://sid.rstack.org/index.php/Wifitap_EN#Wifitap_source_code

THIS PROGRAM IS A PROOF OF CONCEPT TOOL ALLOWING WIFI COMMUNICATIONS USING TRAFFIC INJECTION.

YOU'LL NEED:

PYTHON 2.2
PSYCO PYTHON OPTIMIZER (OPTIONAL)
PHILIPPE BIONDI'S SCAPY
INJECTION READY WIRELESS ADAPTER

CAR WHISPERER

http://trifinite.org/trifinite_stuff_carwhisperer.html

CAR WHISPERER IS A TOOL THAT CAN BE USED TO EAVESDROP ON AND BROADCAST AUDIO TO A BLUETOOTH HEADSET OR HANDS-FREE DEVICE. IT ACCOMPLISHES THIS BY RELYING ON THE WELL-KNOWN AND STATIC NATURE OF THE PIN CODES THAT THESE TYPES OF DEVICES USE.

BLOOOVER

http://trifinite.org/trifinite_stuff_blooover.html

BLOOOVER IS A PROOF-OF-CONCEPT TOOL THAT CAN BE USED TO EXPLOIT CELLULAR PHONES THAT ARE VULNERABLE TO THE BLUESNARF AND BLUEBUG ATTACKS.

BLUEPRINT

http://trifinite.org/trifinite_stuff_blueprinting.html

BLUEPRINT IS A TOOL THAT CAN BE USED TO IDENTIFY THE MAKE AND MODEL OF A PARTICULAR BLUETOOTH DEVICE REMOTELY.

BT AUDIT

http://trifinite.org/trifinite_stuff_btaudit.html

BT AUDIT IS A SUITE OF TOOLS USED TO SCAN L2CAP PSMS AND RFCOMM CHANNELS ON A REMOTE BLUETOOTH DEVICE.

AEROSOL

http://www.remoteassessment.com/archive/wireless/aerosol-0.65.zip

AEROSOL IS AN ACTIVE 802.11 NETWORK DISCOVERY TOOL FOR WINDOWS THAT MAKES USE OF WINPCAP. IT SUPPORTS PRISM2, ATMEL USB, AND ORINOCO WIRELESS INTERFACES FOR DISCOVERING 802.11 NETWORKS.

AIRFART

http://airfart.sourceforge.net/

AIRFART IS A WIRELESS TOOL CREATED TO DETECT WIRELESS DEVICES, CALCULATE THEIR SIGNAL STRENGTHS, AND PRESENT THEM TO THE USER IN AN EASY-TO-UNDERSTAND FASHION. IT IS WRITTEN IN C/C++ WITH A GTK FRONT END. AIRFART SUPPORTS ALL WIRELESS NETWORK CARDS SUPPORTED BY THE LINUX-WLAN-NG PRISM2 DRIVER THAT PROVIDE HARDWARE SIGNAL STRENGTH INFORMATION IN THE "RAW SIGNAL" FORMAT (SSI_TYPE 3). AIRFART IMPLEMENTS A MODULAR N-TIER ARCHITECTURE WITH THE DATA COLLECTION AT THE BOTTOM TIER AND A GRAPHICAL USER INTERFACE AT THE TOP.

AIRJACK

http://sourceforge.net/projects/airjack/

AIRJACK IS A DEVICE DRIVER (OR SUIT OF DEVICE DRIVERS) FOR 802.11(A/B/G) RAW FRAME INJECTION AND RECEPTION. IT IS MENT AS A DEVELOPMENT TOOL FOR ALL MANOR OF 802.11 APPLICATIONS THAT NEED TO ACCESS THE RAW PROTOCOL.

ANWRAP

http://www.securiteam.com/tools/6O00P2060I.html

ANWRAP IS A PERL SCRIPT THAT AUTOMATES DICTIONARY ATTACKS AGAINST WIRELESS NETWORKS UTILIZING CISCO'S LEAP AUTHENTICATION MECHANISM.

NETSTUMBLER

http://www.netstumbler.com/downloads/

NETSTUMBLER IS AN ACTIVE 802.11 DISCOVERY TOOL FOR WINDOWS.

AP HOPPER

http://aphopper.sourceforge.net/

AP HOPPER CONSISTS OF A SINGLE PROGRAM CALLED HOPPER THAT LOOKS FOR OPEN 802.11 NETWORKS IN THE VICINITY. ONCE IT FINDS ONE IT WILL CONNECT TO IT AND ATTEMPT TO GET A DHCP ADDRESS. IF IT CAN, IT THEN ATTEMPTS TO CONNECT TO WWW.GOOGLE.COM:80 TO DETERMINE IF IT CAN REACH THE INTERNET FROM THE OPEN AP.

REDFANG

http://www.net-security.org/software.php?id=519

REDFANG IS A TOOL THAT BRUTE-FORCES BLUETOOTH BD ADDRESSES IN ORDER TO COMMUNICATE WITH DEVICES IN NON-DISCOVERABLE MODE.

OMERTA

http://www.securityfocus.com/archive/89/326248

OMERTA IS A TOOL FOR LINUX THAT USES PACKETFACTORY'S RADIATE 802.11 FRAME INJECTION LIBRARY. IT WILL AUTMATICALLY SEND DISASSOCIATION FRAMES TO ALL DEVICES ON THE SAME CHANNEL AS THE CARD IN THE MACHINE OMERTA IS RUNNING ON.
THE REASON CODE USED IN EACH FRAME IS 0X01 - UNSPECIFIED.

HOTSPOTTER

http://www.remote-exploit.org/index.php/Hotspotter_main

HOTSPOTTER IS A FREE OPEN SOURCE TOOL THAT WILL PASSIVELY MONITOR PROBE REQUESTS FROM WINDOWS XP CLIENTS AND COMPARES THEM TO COMMON "HOTSPOT" SSID NAMES. IF THERE IS A MATCH WITH THE CLIENT'S REQUEST, THE ROGUE CLIENT WILL ACT AS AN AP WITH THE SAME SSID. ONCE ASSOCIATED TO THE ROGUE AP THE HACKER CAN ASSIGN AN IP VIA DHCP OR RUN OTHER SCANNING TOOLS AGAINST THE VICTIM.

WEPWEDGIE

http://sourceforge.net/projects/wepwedgie/

WEPWEDGIE IS A TOOLKIT FOR DETERMINING 802.11 WEP KEYSTREAMS AND INJECTING TRAFFIC WITH KNOWN KEYSTREAMS. THE TOOLKIT ALSO INCLUDES LOGIC FOR FIREWALL RULE MAPPING, PINGSCANNING, AND PORTSCANNING VIA THE INJECTION CHANNEL AND A CELLULAR MODEM

AIRPWN

http://sourceforge.net/projects/airpwn

AIRPWN IS A TOOL FOR GENERIC PACKET INJECTION ON AN 802.11 NETWORK.

FATA-JACK

http://www.wi-foo.com/soft/attack/fata_jack.c

FATA-JACK IS AN 802.11 CLIENT DOS TOOL FOR LINUX THAT UTILIZIES THE AIRJACK DRIVER FOR FRAME INJECTION AND IS ACTUALLY A MODIFIED VERSION OF WLAN_JACK. MOST TOOLS OF THIS TYPE UTILIZE DEAUTHENTICATION OR DISASSOCIATION FRAMES TO DISCONNECT WIRELESS STATIONS FROM A NETWORK. HOWEVER, FATA-JACK UTILIZIES AN ALTERNATE METHOD OF SENDING AUTHENTICATION FRAMES WITH AN INVALID AUTHENTICATION ALGORITHM NUMBER OF 2.
THIS ALLOWS AN ATTACKER TO SPOOF A CLIENT TO THE AP WHEN SENDING THE INVALID AUTHENTICATION FRAME AND CAUSES THE AP TO INFORM THE STATION THAT IT'S AUTHENTICATION HAS FAILED.

WIFI2ETH.C

http://www.securityfocus.com/archive/101/349566/2004-01-13/2004-01-19/0

SCRIPT TO CONVERT RAW 802.11 (RFMON) CAPTURE FILE TO STANDARD LIBPCAP

MOGNET

http://node99.org/projects/mognet/

AN 802.11B PROTOCOL ANALYZER IN JAVA

WEPOFF

http://www.ptsecurity.ru/download/wepoff.tar.gz

WEP0FF IS NEW TOOL TO CRACK WEP-KEY WITHOUT ACCESS TO AP BY MOUNT FAKE ACCESS POINT ATTACK AGAINST WEP-BASED WIRELESS CLIENTS. IT USES COMBINATION OF FRAGMENTATION AND EVIL TWIN ATTACKS TO GENERATE TRAFFIC WHICH CAN BE USED FOR KOREK-STYLE WEP-KEY RECOVERY. THIS TOOL CAN BE USED TO MOUNT FAKE ACCESS POINT ATTACK AGAINST WEP-BASED WIRELESS CLIENTS.

SSIDSNIFF

http://www.bastard.net/~kos/wifi/

A curses based tool that allows identification, classification and data capturing of wireless networks. The interface is inspired by the unix top utility. Currently it works under Linux.

WIDZV1.5

http://www.loud-fat-bloke.co.uk/tools.html

IT NOW DETECTS:

- ROGUE APS
- MONKEY/HACKER JACKS
- NULL PROBES
- NULL ASSOCIATIONS
- BADMAC CONTROLLED BY A MAC BLACK LIST
- BAD SIDS CONTROLLED BY A ESSID BLACK LIST
- FLOODS
- AND RUNS ANY CUSTOM SCRIPT IN THE SCRIPT DIRECTOR

Unless otherwise stated, the content of this page is licensed under Creative Commons Attribution-ShareAlike 3.0 License