Wireless Security Auditing - Fern Wifi Cracker

Fern Wifi Cracker is a Wireless security auditing and attack software program written using the Python Programming Language and the Python Qt GUI library, the program is able to crack and recover WEP/WPA/WPS keys and also run other network based attacks on wireless or ethernet based networks

Fern Wifi Cracker Features:

ºWEP Cracking with Fragmentation,Chop-Chop, Caffe-Latte, Hirte, ARP Request Replay or ºWPS attack
ºWPA/WPA2 Cracking with Dictionary or WPS based attacks
ºAutomatic saving of key in database on successful crack
ºAutomatic Access Point Attack System
ºSession Hijacking (Passive and Ethernet Modes)
ºAccess Point MAC Address Geo Location Tracking
ºInternal MITM Engine
ºBruteforce Attacks (HTTP,HTTPS,TELNET,FTP)
ºUpdate Support>

Operating System Supported

The Software runs on any Linux machine with the programs prerequisites, But the program has been tested on the following Linux based operating systems:

ºUbuntu KDE/GNOME
ºBackTrack Linux
ºBackBox Linux

Prerequisites

The Program requires the following to run properly:
The following dependencies can be installed using the Debian package installer command on Debian based systems using “apt-get install program” or otherwise downloaded and installed manually

ºAircrack-NG
ºPython-Scapy
ºPython Qt4
ºPython
ºSubversion
ºXterm
ºReaver (for WPS Attacks)
ºMacchanger

Downlaod Fern Wifi Cracker

Read More

Wi-Fi network scanner - inSSIDer

The free inSSIDer software utility for Windows, iOS, and Android is one of the most useful and easy-to-interpret wireless networking tools I’ve encountered. InSSIDer displays information about the wireless networks in proximity to you, including an access point’s MAC address, encryption type, signal strength, and channel. InSSIDer is a great tool for wireless networking novices, because it has an easy-to-understand interface and includes an abundance of help and tutorials. Experienced Wi-Fi professionals may find the software a bit too light and might be more interested in a more robust program such as WiFiBuilder or Wireshark. But home power users looking to tweak their networks and those managing smaller business Wi-Fi networks would benefit by getting acquainted with inSSIDer.

What’s great about inSSIDer is that you can use it for several real-world purposes for your wireless network. For instance, say you are trying to find the best location to place an access point or router. Position the device and then fire up inSSIDER to see what  signal strength the software reports. This is really useful if you are trying to setup a Wi-Fi network in a place with lots of thick walls, glass or mirrors or multiple levels.

You can also use inSSIDer to tweak your wireless channel. In the U.S, there are 11 wi-fi channels. The channels recommended to set access points on are 1, 6, and 11, because they don’t overlap. So if you see many wireless networks in your area using channel 11 for example, by using inSSIDer you can change your access point or router to operate on channel 6 to tweak performance.


Yes, it may be lightweight for those who deploy wireless networks professionally. But anyone managing a home or small business wireless network will certainly benefit from the information inSSIDer provides. It earns a 4.5 out of 5 star rating and is easily a PCMag Editors’ Choice for networking utilities.

Download inSSIDer

Read More

Automatic Bluetooth Spoofing - Spooftooph

Spooftooph is designed to automate spoofing or cloning Bluetooth device Name, Class, and Address. Cloning this information effectively allows Bluetooth device to hide in plain site. Bluetooth scanning software will only list one of the devices if more than one device in range shares the same device information when the devices are in Discoverable Mode (specificaly the same Address).

Features

ºClone and log Bluetooth device information
ºGenerate a random new Bluetooth profile
ºChange Bluetooth profile every X seconds
ºSpecify device information for Bluetooth interface
ºSelect device to clone from scan log


Automatic Bluetooth Spoofing: Spooftooph

Spooftooph is designed to automate spoofing or cloning Bluetooth device Name, Class, and Address. Cloning this information effectively allows Bluetooth device to hide in plain site. Bluetooth scanning software will only list one of the devices if more than one device in range shares the same device information when the devices are in Discoverable Mode (specificaly the same Address).

Spooftooph has several options for Bluetooth device information modification:

Option 1: Continuously scan an area for Bluetooth devices. Make a selection on which device in the list to clone. This option also allows for logging of the scanned devices.

Option 2: Randomly generate and assign valid Bluetooth interface information. The class and address are randomly generated and the name is derived from a list of the top 100 most common names in US and the type of device. For example if the randomly generated class is a phone, SpoofTooph might generate the name “Bob’s Phone”.

Option 3: Specify the name, class, and address a user wishes for the Bluetooth interface to have.

Option 4: Read in the log of previous scans and select a device to clone. Users can also manually add Bluetooth profiles to these log files.

Option 5: Incognito mode. Scan for and clone new devices at user assigned intervals.

This tool is heavily based on bdaddr (by Marcel Holtmann) and hciconfig (by Qualcomm Incorporated, Maxim Krasnyansky, and Marcel Holtmann) from BlueZ.



Usage

To modify the Bluetooth adapter, spooftooth must be run with root privileges. Spooftooph offers five modes of usage:

1) Specify NAME, CLASS and ADDR.

spooftooph -i hci0 -n new_name -a 00:11:22:33:44:55 -c 0x1c010c

2) Randomly generate NAME, CLASS and ADDR.

spooftooph -i hci0 -R

3) Scan for devices in range and select device to clone. Optionally dump the device information in a specified log file.

spooftooph -i hci0 -s -w file.csv

4) Load in device info from log file and specify device info to clone.

spooftooph -i hci0 -r file.csv

5) Clone a random devices info in range every X seconds.


spooftooph -i hci0 -t 10

Download Spooftooph

Read More

Wireless Network Monitoring Tool - Kismet

Kismet is a network detector, packet sniffer, and intrusion detection system for 802.11 wireless LANs. Kismet will work with any wireless card which supports raw monitoring mode, and can sniff 802.11a, 802.11b, 802.11g, and 802.11n traffic. The program runs under Linux, FreeBSD, NetBSD, OpenBSD, and Mac OS X. The client can also run on Microsoft Windows, although, aside from external drones (see below), there’s only one supported wireless hardware available as packet source.


Wireless Network Monitoring Tool

ºEthereal/Tcpdump compatible data logging
ºAirsnort compatible weak-iv packet logging
ºNetwork IP range detection
ºBuilt-in channel hopping and multicard split channel hopping
ºHidden network SSID decloaking
ºGraphical mapping of networks
ºClient/Server architecture allows multiple clients to view a single
ºKismet server simultaneously
ºManufacturer and model identification of access points and clients
ºDetection of known default access point configurations
ºRuntime decoding of WEP packets for known networks
ºNamed pipe output for integration with other tools, such as a layer3 IDS like Snort
ºMultiplexing of multiple simultaneous capture sources on a single Kismet instance
ºDistributed remote drone sniffing
ºXML output
ºOver 20 supported card types

Kismet differs from other wireless network detectors in working passively. Namely, without sending any loggable packets, it is able to detect the presence of both wireless access points and wireless clients, and to associate them with each other. It is also the most widely used and up to date open source wireless monitoring tool.

An explanation of the headings displayed in Kismet. Kismet also includes basic wireless IDS features such as detecting active wireless sniffing programs including NetStumbler, as well as a number of wireless network attacks.

Kismet features the ability to log all sniffed packets and save them in a tcpdump/Wireshark or Airsnort compatible file format. Kismet can also capture “Per-Packet Information” headers. Kismet also features the ability to detect default or “not configured” networks, probe requests, and determine what level of wireless encryption is used on a given access point.

In order to find as many networks as possible, kismet supports channel hopping. This means that it constantly changes from channel to channel non-sequentially, in a user-defined sequence with a default value that leaves big holes between channels (for example, 1-6-11-2-7-12-3-8-13-4-9-14-5-10). The advantage with this method is that it will capture more packets because adjacent channels overlap.


Kismet also supports logging of the geographical coordinates of the network if the input from a GPS receiver is additionally available.

Download Kismet

Read More

Wireless and Wired Network Interceptor - the Interceptor

The Interceptor is a wireless wired network tap. Basically, a network tap is a way to listen in to network traffic as it flows past. I haven’t done extensive research but all the ones I found when looking passed the copy of the traffic onto a specified wired interface which was then plugged into a machine to allow a user to monitor the traffic. The problem with this is that you have to be able to route the data from that wired port to your monitoring machine either through a direct cable or through an existing network. The direct cable method means your monitor has to be near by the location you want to tap, the network routing means you have to somehow encapsulate the data to get it across the network without it being affected on route.

The Interceptor does away with the wired monitor port and instead spits out the traffic over wireless meaning the listener can be anywhere they can make a wireless connection to the device. As the data is encrypted (actually, double encrypted, see how it works) the person placing the tap doesn’t have to worry about unauthorized users seeing the traffic.


What Hardware Is Required


This project has been built and tested on a Fon+ but should in theory work on any device which will run OpenWrt and has at least a pair of wired interfaces and a wireless one.


Wireless and Wired Network Interceptor: the Interceptor


This isn’t intended to be a permanent, in-situ device. It is designed for short term trouble shooting or information gathering on low usage networks, as such, it will work well between a printer and a switch but not between a switch and a router. Here are some possible situations for use:

ºPenetration testing – If you can gain physical access to a targets office drop the device between the office printer and switch then sit in the carpark and collect a copy of all documents printed. Or, get an appointment to see a boss and when he leaves the room to get you a drink, drop it on his computer. The relative low cost of the Fon+ means the device can almost be considered disposable and if branded with the right stickers most users wouldn’t think about an extra small box on the network.

ºTroubleshooting – For sys-admins who want to monitor an area of network from the comfort of their desks, just put it in place and fire up your wireless.


ºIDS – If you want to see what traffic is being generated from a PC without interfering with the PC simply add the Interceptor and sit back and watch. As the traffic is cloned to a virtual interface on your monitoring machine you can use any existing tools to scan the data.

Install Notes

There are two sets of install notes, a basic set and a detailed walk-through set. The basic set is the standard set of notes that comes with most packages, the detailed set is a full walk through from flashing the Fon+, installing dependencies, installing Interceptor, starting up and monitoring traffic and finally shutting it down. Most people should find the basic set sufficient but the detailed set are useful if you have any problems.


Limitations

Wireless and Wired Network InterceptorThe main limitation is bandwidth, the wired network can get up to 100Mb/s but the top speed of the wireless is 54Mb/s, add on to that the overhead of encryption and that rate drops down further. This is why the Interceptor won’t work well on high traffic parts of the network.

From tests I’ve done, under high load the network seems to stay up and stable but not all traffic ends up on the monitor interface. I haven’t done any research to find out where the traffic is being dropped, it could be DaemonLogger, the AP or at the VPN. This is good as it means the device doesn’t affect the smooth running of the network but obviously means you may miss some important data. Be aware of this when working with the device.

The software has no fail safe in case of problems. If the hardware or software fails the network connection being tapped will probably be lost. Don’t use the Interceptor in situations where uptime is critical without knowing what you are doing.

Download the Interceptor

Read More

Rogue Wi-Fi - Access Point Attack WiFi-Pumpkin

WiFi-Pumpkin is security tool that provide the Rogue access point to Man-In-The-Middle and network attacks. purporting to provide wireless Internet services, but snooping on the traffic. can be used to capture of credentials of unsuspecting users by either snooping the communication by phishing.


Installation

 git clone https://github.com/P0cL4bs/WiFi-Pumpkin.git
 cd WiFi-Pumpkin
 chmod +x installer.sh

 ./installer.sh --install


Features

º Rouge Wi-Fi Access Point
º Deauth Clients AP
º Probe Request Monitor
º DHCP Starvation Attack
º Crendentials Monitor
º Windows Update Attack
º Templates phishing
º Partial bypass HSTS
º Dump credentials phishing
º Support airodump scan
º Support mkd3 deauth
º beef hook support
º Report Logs html
º Mac Changer
º ARP Posion
º DNS Spoof

Plugins

º net-creds
º dns2proxy
º sslstrip

     Download WiFi-Pumpkin

Read More

Xiaopan OS - Pentesting Distribution for Wireless Security Enthusiasts

Xiaopan OS is an easy to use software package for beginners and experts that includes a number of advanced tools to penetrate wireless networks. Based on the Tiny Core Linux (TCL) operating system (OS), it has a slick graphical user interface (GUI) requiring no need for typing Linux commands. Xiaopan OS is Windows, Mac and Linux compatible and users can simply install and boot this ~70mb OS through a USB pen drive or in a virtual machine (VM) environment.

Alternatives

There are a number of professional operating systems that have been developed specifically for pentesting and security auditing which all are based on Linux. These include Kali, BackTrack and WiFiway. What sets Xiaopan OS apart from its competitors is that it Xiaopan OS is simple to use and just works, depending on a number of variables and providing you have all the right hardware of course.

Tools

Xiaopan OS includes a number of tools to hack WiFi Protected Setup (WPS), WiFI Protected Access (WPA) and Wireless Equivalent Privacy (WEP) encrypted networks:

• Reaver: newly developed application with the ability to brute force crack WPS (WPA / WPA2) pins.
• Inflator: this is the GUI version of command line reaver.
• Aircrack-ng: the major backbone of many other Xiaopan tools including FeedingBottle (FB) and Minidwep with the ability to attack WPA networks through a dictionary attack and WEP networks through collecting and injecting packets.
• FeedingBottle: so easy a baby could use it! FB is essentially the Aircrack-ng GUI and was created by Beini.
• Minidwep: is similar to FB but has a better and similar GUI that is even easier to use than FB. The added advantage of Minidwep is that you can also run Reaver and Inflator from here as well.
• Xfe: this is a simple file manager similar to say windows explorer

Download Xiaopan OS

Read More

Aircrack-ng 1.2 RC 3 - WEP and WPA-PSK Keys Cracking Program

Aircrack-ng is an 802.11 WEP and WPA-PSK keys cracking program that can recover keys once enough data packets have been captured. It implements the standard FMS attack along with some optimizations like KoreK attacks, as well as the PTW attack, thus making the attack much faster compared to other WEP cracking tools.

Third release candidate and hopefully this should be the last one. It contains a ton of bug fixes, code cleanup, improvements and compilation fixes everywhere. Some features were added: AppArmor profiles, better FreeBSD support, including an airmon-ng for FreeBSD.

Aircrack-ng Changelog

Version 1.2-rc3 (changes from aircrack-ng 1.2-rc2) - Released 21 Nov 2015:

• Airodump-ng: Prevent sending signal to init which caused the system to reboot/shutdown.
• Airbase-ng: Allow to use a user-specified ANonce instead of a randomized one when doing the 4-way handshake
• Aircrack-ng: Fixed compilation warnings.
• Aircrack-ng: Removed redundant NULL check and fixed typo in another one.
• Aircrack-ng: Workaround for segfault when compiling aircrack-ng with clang and gcrypt and running a check.
• Airmon-ng: Created version for FreeBSD.
• Airmon-ng: Prevent passing invalid values as channel.
• Airmon-ng: Handle udev renaming interfaces.
• Airmon-ng: Better handling of rfkill.
• Airmon-ng: Updated OUI URL.
• Airmon-ng: Fix VM detection.
• Airmon-ng: Make lsusb optional if there doesn't seem to be a usb bus. Improve pci detection slightly.
• Airmon-ng: Various cleanup and fixes (including wording and typos).
• Airmon-ng: Display iw errors.
• Airmon-ng: Improved handling of non-monitor interfaces.
• Airmon-ng: Fixed error when running 'check kill'.
• Airdrop-ng: Display error instead of stack trace.
• Airmon-ng: Fixed bashism.
• Airdecap-ng: Allow specifying output file names.
• Airtun-ng: Added missing parameter to help screen.
• Besside-ng-crawler: Removed reference to darkircop.org (non-existent subdomain).
• Airgraph-ng: Display error when no graph type is specified.
• Airgraph-ng: Fixed make install.
• Manpages: Fixed, updated and improved airodump-ng, airmon-ng, aircrack-ng, airbase-ng and aireplay-ng manpages.
• Aircrack-ng GUI: Fixes issues with wordlists selection.
• OSdep: Add missing RADIOTAP_SUPPORT_OVERRIDES check.
• OSdep: Fix possible infinite loop.
• OSdep: Use a default MTU of 1500 (Linux only).
• OSdep: Fixed compilation on OSX.
• AppArmor: Improved and added profiles.
• General: Fixed warnings reported by clang.
• General: Updated TravisCI configuration file
• General: Fixed typos in various tools.
• General: Fixed clang warning about 'gcry_thread_cbs()' being deprecated with gcrypt > 1.6.0.
• General: Fixed compilation on cygwin due to undefined reference to GUID_DEVCLASS_NET
• General: Fixed compilation with musl libc.
• General: Improved testing and added test cases (make check).
• General: Improved mutexes handling in various tools.
• General: Fixed memory leaks, use afer free, null termination and return values in various tools and OSdep.
• General: Fixed compilation on FreeBSD.
• General: Various fixes and improvements to README (wording, compilation, etc).
• General: Updated copyrights in help screen.

Download Aircrack-ng 1.2 RC 3

Read More

Infernal-Twin - This Is Evil Twin Attack Automated (Wireless Hacking)

This tool is created to aid the penetration testers in assessing wireless security. Author is not responsible for misuse. Please read instructions thoroughly.

Usage

sudo python InfernalWireless.py

How to install

$ sudo apt-get install apache2
$ sudo apt-get install mysql-server libapache2-mod-auth-mysql php5-mysql

$ sudo apt-get install python-scapy 
$ sudo apt-get install python-wxtools
$ sudo apt-get install python-mysqldb

$ sudo apt-get install aircrack-ng

$ git clone https://github.com/entropy1337/infernal-twin.git
$ cd infernal-twin


$ python db_connect_creds.py 
dbconnect.conf doesn't exists or creds are incorrect
*************** creating DB config file ************
Enter the DB username: root
Enter the password: *************
trying to connect
username root

FAQ:

I have a problem with connecting to the Database
Solution:
(Thanks to @lightos for this fix)
There seem to be few issues with Database connectivity. The solution is to create a new user on the database and use that user for launching the tool. Follow the following steps.

1. Delete dbconnect.conf file from the Infernalwireless folder
   
2. Run the following command from your mysql console.
   mysql> use mysql;
   mysql> CREATE USER 'root2'@'localhost' IDENTIFIED BY 'enter the new password here';
   mysql> GRANT ALL PRIVILEGES ON \*.\* TO 'root2'@'localhost' WITH GRANT OPTION;
   
3. Try to run the tool again.
   

Release Notes:

New Features:

• GUI Wireless security assessment SUIT
  
• Impelemented
  
• WPA2 hacking
  
• WEP Hacking
  
• WPA2 Enterprise hacking
  
• Wireless Social Engineering
  
• SSL Strip
  
• Report generation
  
• PDF Report
  
• HTML Report
  
• Note taking function
  
• Data is saved into Database
  
• Network mapping
  
• MiTM
  
• Probe Request
  

Changes:

• Improved compatibility
  
• Report improvement
  
• Better NAT Rules
  

Bug Fixes:

• Wireless Evil Access Point traffic redirect
• Fixed WPA2 Cracking
• Fixed Infernal Wireless
• Fixed Free AP
• Check for requirements
• DB implementation via config file
• Improved Catch and error
• Check for requirements
• Works with Kali 2

Coming Soon:

• Parsing t-shark log files for gathering creds and more
  
• More attacks.
  

Expected bugs:

• Wireless card might not be supported
  
• Windodw might crash
  
• Freeze
  
• A lot of work to be done, but this tool is still being developed.
  

Download Infernal-Twin

Read More

FruityWifi v2.2 - Wireless Network Auditing Tool

FruityWifi is an open source tool to audit wireless networks. It allows the user to deploy advanced attacks by directly using the web interface or by sending messages to it.

Initialy the application was created to be used with the Raspberry-Pi, but it can be installed on any Debian based system.

FruityWifi v2.0 has many upgrades. A new interface, new modules, Realtek chipsets support, Mobile Broadband (3G/4G) support, a new control panel, and more.

A more flexible control panel. Now it is possible to use FruityWifi combining multiple networks and setups:

- Ethernet ⇔ Ethernet,

- Ethernet ⇔ 3G/4G,

- Ethernet ⇔ Wifi,

- Wifi ⇔ Wifi,

- Wifi ⇔ 3G/4G, etc.

Within the new options on the control panel we can change the AP mode between Hostapd or Airmon-ng allowing to use more chipsets like Realtek.

It is possible customize each one of the network interfaces which allows the user to keep the current setup or change it completely.

Changelog

v2.2

• Wireless service has been replaced by AP module
• Mobile support has been added
• Bootstrap support has been added
• Token auth has been added
• minor fix

v2.1

• Hostapd Mana support has been added
• Phishing service has been replaced by phishing module
• Karma service has been replaced by karma module
• Sudo has been implemented (replacement for danger)
• Logs path can be changed
• Squid dependencies have been removed from FruityWifi installer
• Phishing dependencies have been removed from FruityWifi installer
• New AP options available: hostapd, hostapd-mana, hostapd-karma, airmon-ng
• Domain name can be changed from config panel
• New install options have been added to install-FruityWifi.sh
• Install/Remove have been updated

Download FruityWifi

Read More

Wifresti - Find your wireless network password from Windows, Linux and Mac OS

Find your wireless network password from Windows , Linux and Mac OS.

Wifresti is a simple Wi-Fi password recovery tool , compatible with Windows , and Unix systems (Linux , Mac OS).

Features

• Recover Wifi password on Windows
• Recover Wifi password on Unix

Requirements

• An operating system (tested on Ubuntu, Windows 10,8,7)
• Python 2.7

Instalation

sudo su
git clone https://github.com/LionSec/wifresti.git && cp wifresti/wifresti.py /usr/bin/wifresti && chmod +x /usr/bin/wifresti
sudo wifresti

Download Wifresti

Read More

Passgen - Random Character Generator Crunch to Crack WPA/WPA2

Passgen is an alternative for the random character generator crunch which attempts to solve cracking WPA/WPA2 keys by randomizing the output opposed to generating a list like so, (aaaaaaaa, aaaaaaab, aaaaaac, etc).

Example usuage with aircrack-ng

python passgen.py -l | sudo aircrack-ng --bssid 00:11:22:33:44:55 -w- WiFi.cap)

Argument switches are as followed:

-l lowercase ascii
-l1 lowercase ascii + digits(0-9)
-U uppercase ascii
-U1 uppercase ascii + digits
-lU lowercase + uppercase ascii
-lU1 lowercase + uppercase ascii + digits
-C [char] [length] custom character set + length

Download Passgen

Read More