Wireless Hacking — part1


Infernal- Wireless This is automated wireless hacking tool
##Infernal-Wireless v2.6
Release 2.6.11
##Features added and improved:
* Menu to retrieve logs are added
##Infernal-Wireless v2.6
Release 2.6.10
##Features added and improved:
* Added BeeF XSS framework Integration
* Added HTTP Traffic View within tool
* Improved Infenral Wireless Attack
* Visual View of some of the panel improved
* Improved Basic Authentication during Social engineering assessment over

wireless network

Infernal-Wireless v2.6
This tool is created to aid the penetration testers in assessing wireless security. Author is not responsible for misuse. Please read instructions thoroughly.Usage: python InfernalWireless.py (from the same folder where your code exists) For any comments and suggestions please email on

##BUG Fixes:
1. Non ASCII SSID Name used to crash the software.
It is fixed now
2. Warnings on the background is suppressed
3. New Experimental Section is added but under

Release Notes:
1. Better User Interface
2. More Network device controls
3. Better SSL Strip Control
4. User / Access Point Deauthentication with auto channel detection of AP
5. Extra Wireless Scanner to detect Probe Requests, wireless Network scan and connections
to AP detection
6. airgraph-ng suite is better implemented
7. WPA2 Hacking UI is changed for better control over the attack
8. WPA2 Enterprise Hacking UI is changed for better control over the attack
9. Custome Fake Access Point is implemented.Freenet AP is deleted now.
10. Check for software updates
11. Wiki page with video links to attacks tutorials
12. Folder are more structured
13. Check for prerequisites automatically Coming Soon:
* Parsing t-shark log files for gathering creds and more
* More attacks.

Expected bugs:
* Wireless card might not be supported
* Might crash on Windows
* Freeze
* A lot of work to be done, but this tool is still being developed.

More at:

RogueSploit A Powerfull WiFi Social Trap
RogueSploit is an open source automated script made to create a Fake Acces
Point, with dhcpd server, dns spoofing, host redirection, browser_autopwn1 or
autopwn2 or beef+mitmf.
* BeEF; [DONE]
* Add BDFProxy;
* Add SEToolkit;
* Use hostapd as FakeAP;
* Add some features;


What you need:
* Aircrack-ng Suite
* Dhcpd server
* Metasploit Framework
* Browser Exploitation Framework
* dnsmasq
* GNU / Linux based Operating Sistem
* External Wireless Interface like TP-Link TLWN722N
* Zenity
* Hostapd
* Social Engineer Toolkit
* MITMF [https://github.com/byt3bl33d3r/MITMf]

RogueSploit is intended to be used for legal security purposes only, and you should only use it to protect hosts you own or have permission to test. Any other use is not the responsibility of the developer. Be sure that you understand and are complying with the RogueSploit licenses
and laws in your area. In other words, don’t be stupid, don’t be an asshole, and use this tool responsibly and legally.

More at: https://github.com/B4ckP0r7/RogueSploit

Wifijammer Continuously Jam All Wifi Clients/Routers
Continuously jam all wifi clients and access points within range. The effectiveness of this script is constrained by your wireless card. Alfa cards seem to effectively jam within about a block radius with heavy access point saturation. Granularity is given in the options for more effective targeting.

Requires: python 2.7, python-scapy, a wireless card capable of injection

This will find the most powerful wireless interface and turn on monitor mode. If a monitor mode interface is already up it will use the first one it finds instead. It will then start sequentially hopping channels 1 per second from channel 1 to 11 identifyingall access points and clients connected to those access points. On the first pass through all the wireless channels it is only identifying targets. After that the 1sec per channel time limit is eliminated and channels are hopped as soon as the deauth packets finish sending. Note that it will still add clients and APs as it finds them after the first pass through.

Upon hopping to a new channel it will identify targets that are on that channel and send 1 deauth packet to the client from the AP, 1 deauth to the AP from the client, and 1 deauth to the AP destined for the broadcast address to deauth all clients connected to the AP. Many APs ignore deauths to broadcast addresses.

python wifijammer.py -a 00:0E:DA:DE:24:8E -c 2

Deauthenticate all devices with which 00:0E:DA:DE:24:8E communicates and skips channel hopping by setting the channel to the target AP’s channel (2 in this case). This would mainly be an access point’s MAC so all clients associated with that AP would be deauthenticated, but you can also put a client MAC here to target that one client and any other devices that communicate with it.


python wifijammer.py -c 1 -p 5 -t .00001 -s DL:3D:8D:JJ:39:52 -d — world

* -c, Set the monitor mode interface to only listen and deauth clients or APs on channel 1.
* -p, Send 5 packets to the client from the AP and 5 packets to the AP from the client along with 5
packets to the broadcast address of the AP.
* -t, Set a time interval of .00001 seconds between sending each deauth (try this if you get a scapy error like ‘no buffer space’).
* -s, Do not deauth the MAC DL:3D:8D:JJ:39:52.Ignoring a certain MAC address is handy in case you want to tempt people to join your access point in cases of wanting to use LANs.py or a Pineapple on them.
* -d, Do not send deauths to access points’ broadcast address; this will speed up the deauths to the
clients that are found.
* — world, Set the max channel to 13. In N. America the max channel standard is 11, but the rest of
the world uses 13 channels so use this option if you’re not in N. America.

More at: https://github.com/DanMcInerney/wifijammer

WiFiPhisher Automated victimcustomized phishing attacks against Wi-Fi clients
Wifiphisher is a security tool that mounts automated victim-customized phishing attacks against WiFi clients in order to obtain credentials or infect the victims with malwares. It is primarily a social engineering attack that unlike other methods it does not include any brute forcing. It is an easy way for obtaining credentials from captive portals and third party login pages (e.g. in social networks) or WPA/WPA2 pre-shared keys.

Wifiphisher works on Kali Linux and is licensed under the GPL license.

How it works
After achieving a man-in-the-middle position using the Evil Twin attack, Wifiphisher
redirects all HTTP requests to an attacker-controlled phishing page.

From the victim’s perspective, the attack makes use in three phases:

1. Victim is being deauthenticated from her access point. Wifiphisher continuously jams all of the target access point’s wifi devices within range by forging “Deauthenticate” or “Disassociate” packets to disrupt existing associations.

2. Victim joins a rogue access point. Wifiphisher sniffs the area and copies the target access point’s settings. It then creates a rogue wireless access point that is modeled by the target.
It also sets up a NAT/DHCP server and forwards the right ports. Consequently, because
of the jamming, clients will eventually start connecting to the rogue access point.After this phase, the victim is MiTMed.

3. Victim is being served a realistic speciallycustomized phishing page. Wifiphisher employs
a minimal web server that responds to HTTP & HTTPS requests. As soon as the victim requests a page from the Internet, wifiphisher will respond with a realistic fake page that asks for credentials or serves malwares. This page will be specifically crafted for the victim.For example, a router config-looking page will contain logos of the victim’s vendor. The tool supports community-built templates for different phishing scenarios.

Following are the requirements for getting the most out of Wifiphisher:

* Kali Linux. Although people have made Wifiphisher work on other distros, Kali Linux is the officially supported distribution, thus all new features are primarily tested on this platform.

* One wireless network adapter that supports AP mode. Drivers should support netlink.

* One wireless network adapter that supports Monitor mode and is capable of injection. Again, drivers should support netlink. If a second wireless network adapter is not available, you may run the tool with the — nojamming option. This will turn off the de-authentication attack though.

More at: https://github.com/wifiphisher/wifiphisher

FruityWifi Wireless network auditing tool
FruityWifi is an open source tool to audit wireless networks. It allows the user to deploy advanced attacks by directly using the web interface or by sending messages to it.

Initially the application was created to be used with the Raspberry-Pi, but it can be installed on any Debian based system.

FruityWifi v2.0 has many upgrades. A new interface, new modules, Realtek chipsets support, Mobile Broadband (3G/4G) support, a new control panel, and more.

Now it is possible to use FruityWifi combining multiple networks and setups:

* Ethernet Ethernet,
* Ethernet 3G/4G,
* Ethernet Wifi,
* Wifi Wifi,
* Wifi 3G/4G, etc.

Within the new options on the control panel we can change the AP mode between Hostapd or
irmon-ng allowing to use more chipsets like Realtek.

It is possible customize each one of the network interfaces which allows the user to keep the current setup or change it completely.

FruityWifi is based on modules making it more flexible.These modules can be installed from the control panel to provide FruityWifi with new functionalities.

Within the available modules you can find URLsnarf, DNSspoof, Kismet, mdk3, ngrep, nmap, Squid3 y SSLstrip (code injection functionality), Captive Portal,AutoSSH, Meterpreter, Tcpdump and more.

AutoSSH allows the user to create a reverse ssh connection,restarting it in case that the connection has been closed or dropped. It is useful to keep a permanent connection with FruityWifi.

Meterpreter is an outstanding tool to gather information from a compromised host, manipulate system processes and/or kill them, and more. This module allows FruityWifi to compromise more hosts and use them to access more devices and networks.

Nessus is a vulnerability scanner. With this module it is possible to scan hosts from FruityWifi without using the Nessus interface. We can discover the vulnerabilities present on each of the hosts to understand the attack surface and compromise them.The main function of Tcpdump is to analyze network traffic. With this module we can intercept the traffic passing through the device, filter it and/or store it for post analysis.

Among the new features FruityWifi now supports Mobile Broadband (3G/4G). We can use this module to connect a 3G/4G dongle and give internet access to FruityWifi without the need of Wifi or Ethernet.

Ettercap is a tool able to capture network traffic and perform different attacks. With this module we can perform MITM attacks using ARP poisoning.

More at:


Universal Radio Hacker Investigate wireless protocols like a boss
The Universal Radio Hacker is a software for investigating unknown wireless protocols.
Features include

* hardware interfaces for common Software Defined Radios
* easy demodulation of signals
* assigning participants to keep overview of your data
* customizable decodings to crack even sophisticated encodings like CC1101 data whitening
* assign labels to reveal the logic of the protocol
* fuzzing component to find security leaks
* modulation support to inject the data back into the system

Check out the wiki for more information and supported devices.
Like to see things in action? Watch URH on YouTube!

More at: https://github.com/jopohl/urh

Originally published at https://learncybersec.blogspot.com.



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store