Airbase by johnny cache Airbase is a collection of wireless security utilites. Included in airbase you will find an aircrack re-implementation, a distributed wep cracker (now with FPGA support), a library to help you craft/parse 802.11 packets, and various other supporting utilities. At the core of airbase is a C++ library called libairware. It does as much boring work related to 802.11 as it can. In order to inject any packets with the tools included in airbase, you will need to have LORCON installed. Operating System: Unix/Linux.
AirCrack-ng by Thomas d'Otreppe Aircrack-ng is the next generation of aircrack with lots of new features: * Better documentation (wiki, manpages) and support (Forum, trac, IRC) * More cards/drivers supported * New WEP attack: PTW * More OS and plateforms supported * Fragmentation attack * Improved cracking speed * WEP dictionnary attack * Capture with multiple cards * New tools: airtun-ng, packetforge-ng (improved arpforge) * Optimizations, other improvements and bug fixing. Operating System: Linux, Windows, Zaurus.
AirCrack-ptw by Erik Tews, Andrei Pychkine, Ralf-Philipp Weinmann A proof-of-concept tool to recover WEP keys. It should be used together with the aircrack-ng toolsuite. Operating System: Unix/Linux.
Airfart by Dave Smith et al AirFart is a wireless tool created to detect wireless devices, calculate their signal strengths, and present them to the user in an easy-to-understand fashion. It is written in C/C++ with a GTK front end. Airfart supports all wireless network cards supported by the linux-wlan-ng Prism2 driver that provide hardware signal strength information in the "raw signal" format (ssi_type 3). Airfart implements a modular n-tier architecture with the data collection at the bottom tier and a graphical user interface at the top. Operating System: All POSIX (Linux/BSD/UNIX-like OSes), Linux.
AirJack by abadd0n AirJack is a device driver (or suit of device drivers) for 802.11(a/b/g) raw frame injection and reception. It is meant as a development tool for all manor of 802.11 applications that need to access the raw protocol. Operating System: Linux.
AiroMap by Robin Lobel Wifi Mapping software for PocketPC, based on PeekPocket 1.5. Features overview: * Precise GPS Mapping algorithm (handles variable precision and loss of position data) * Export to popular formats like OziExplorer, Google Earth and Garmin/Magellan/Navigon CSV * Save/Load/Merge multiple sessions, using Airomap Log format * Open/WEP/WPA detection * Colors provide intuitive reading of encryption and strength * No more hidden networks on map: slightly autoshift identical positions * Audio signal if open networks are detected on your path * Signal graph available for any network * GPSID: no need to specifie COM port and you can use other GPSID applications simultaneously * As small as 360KB. Operating System: Pocket PC / Windows Mobile.
Airpwn by toast Airpwn is a framework for 802.11 (wireless) packet injection. Airpwn listens to incoming wireless packets, and if the data matches a pattern specified in the config files, custom content is injected "spoofed" from the wireless access point. From the perspective of the wireless client, airpwn becomes the server. Operating System: All POSIX (Linux/BSD/UNIX-like OSes), Linux
Airscanner Mobile Sniffer by Airscanner Corp. Are you tired of dragging your laptop all over campus to audit your WLAN? Simply slip Airscanner Mobile Sniffer into your pocket, and you are ready to go. Airscanner Mobile Sniffer packs the power of a full-scale sniffer into an application for portable devices. Once your Windows CE device is linked to the network, Airscanner Mobile Sniffer monitors all activity within a given segment. In addition, Airscanner Mobile Sniffer allows you to set your own filters, allowing you to monitor only the information you need. Airscanner Mobile Sniffer advantages include: * True promiscuous wireless sniffing * Works on most Pocket PC devices * Supports a broad range of wireless network cards * World class customer support for commercial licenses * Crystal-clear network analysis thanks to Ethereal format support * Logo Certified by Microsoft for Pocket PC. Airscanner Mobile Sniffer gives you the power to: * Sniff wireless packets in promiscuous mode * Decode UDP, TCP, Ethernet, DNS, and NetBios packets * Conduct network analysis on an entire WLAN segment * Customize filters for source and/or destination IP Address, UDP Port, TCP Port, or MAC * View real-time packet statistics * Save results of capture sessions * Export data to Ethereal format for further analysis on a desktop PC. Operating System: Windows Mobile 2003SE/Windows Mobile 2005 or above.
AirSnarf by The Shmoo Group Airsnarf is a simple rogue wireless access point setup utility designed to demonstrate how a rogue AP can steal usernames and passwords from public wireless hotspots. Airsnarf was developed and released to demonstrate an inherent vulnerability of public 802.11b hotspots--snarfing usernames and passwords by confusing users with DNS and HTTP redirects from a competing AP. Operating System: Linux.
AirSnarf Rogue Squadron by The Shmoo Group Airsnarf Rogue Squadron is a proof-of-concept rogue AP firmware for the Linksys WRT54G, based on the Ewrt firmware v0.3 beta 1 by Portless Networks, which is based on the Linksys 3.01.3 codebase. With this firmware you can quickly turn a Linksys WRT54G into a rogue access point that "authenticates" users and "provides" Internet access. For Linksys WRT54G Access Points.
AirSnort by The Shmoo Group AirSnort is a wireless LAN (WLAN) tool which recovers encryption keys. AirSnort operates by passively monitoring transmissions, computing the encryption key when enough packets have been gathered. AirSnort requires approximately 5-10 million encrypted packets to be gathered. Once enough packets have been gathered, AirSnort can guess the encryption password in under a second. Operating System: Linux/Windows.
AirTraf by Elixar, Inc. AirTraf 1.0 is a wireless sniffer that can detect and determine exactly what is being transmitted over 802.11 wireless networks. This open-source program tracks and identifies legitimate and rogue access points, keeps performance statistics on a by-user and by-protocol basis, measures the signal strength of network components, and more. Developed as an open source program, AirTraf is available in a stand-alone Linux package. Operating System: Linux.
anwrap by Brian Barto, Ron Sweeney Dictionary Attack Tool against LEAP. anwrap is a wrapper for ancontrol that serves as a dictionary attack tool against LEAP enabled Cisco Wireless Networks. It traverses a user list and password list attempting authentication and logging the results to a file. Perl script.
AP Hopper by Matthew Davidson, Jeffrey Strube AP Hopper is a program that automatically hops between access points of different wireless networks. It checks for DHCP and Internet Access on all the networks found. It logs successful and unsuccessful attempts. Operating System: All POSIX (Linux/BSD/UNIX-like OSes), Linux.
AP Radar by Don Park Network Stumbler and Wireless Configuration client. AP Radar is a Linux/GTK+ based graphical netstumbler and wireless profile manager. This project makes use of the version 14 wireless extensions in linux 2.4.20 and 2.6 to provide access point scanning capabilities for most models of wireless cards. It is meant to replace the manual process of running iwconfig and dhclient. It makes reconfiguring for different APs quick and easy. Operating System: Linux.
APhunter by Jim Carter Access Point Hunter. It can find and automatically connect to whatever wireless network is within range. It can be used for site surveys, writing the results in a file. Perl script.
APSniff by Frederic Bret-Mounet Wireless (802.11) Access Point Sniffer. It enables you to list all access points broadcasting beacon signals at your location. This is not a finished product. It was only tested on DWL-650 & Linksys and requires you to manually change the SSID to blank before running it. Operating System: Windows 2000, Windows NT, Windows XP.
APTools by Kirby Kuehl APTools is a 802.11b rogue access point detection tool that is able to locate access points over the "wired" network. Operating System: Win32/Unix.
asleap by Joshua Wright This tool is released as a proof-of-concept to demonstrate weaknesses in the LEAP and PPTP protocols. LEAP is the Lightweight Extensible Authentication Protocol, intellectual property of Cisco Systems, Inc. LEAP is a security mechanism available only on Cisco access points to perform authentication of end-users and access points. LEAP is written as a standard EAP-type, but is not compliant with the 802.1X specification since the access point modifies packets in transit, instead of simply passing them to a authentication server (e.g. RADIUS). PPTP is a Microsoft invention for deploying virual private networks (VPN). PPTP uses a tunneling method to transfer PPP frames over an insecure network such as a wireless LAN. RFC 2637 documents the operation and functionality of the PPTP protocol. Operating System: Linux (and limited support for Windows).
BSD-AirTools by Dachb0den Labs BSD-airtools is a package that provides a complete toolset for wireless 802.11b auditing. Namely, it currently contains a bsd-based wep cracking application, called dweputils (as well as kernel patches for NetBSD, OpenBSD, and FreeBSD). It also contains a curses based ap detection application similar to netstumbler (dstumbler) that can be used to detect wireless access points and connected nodes, view signal to noise graphs, and interactively scroll through scanned ap's and view statistics for each. It also includes a couple other tools to provide a complete toolset for making use of all 14 of the prism2 debug modes as well as do basic analysis of the hardware-based link-layer protocols provided by prism2's monitor debug mode. Operating System: BSD (FreeBSD/OpenBSD/NetBSD/others).
Cain & Abel by Massimiliano Montoro Cain's Wireless Scanner detects Wireless Local Area Networks (WLANs) using 802.11x. Unlike other wireless applications it does not use the Windows NDIS User Mode I/O Protocol (NDISUIO) but the Winpcap Packet Driver to control the wireless network card. Access points and ah-hoc networks are enumerated using 802.11 OIDs from Windows DDK at intervals of five seconds and WLANs parameters (MAC address, SSID, Vendor, WEP Encryption, Channels.... ) are displayed in the scanner list. The active scanner opens the wireless network adapter using the Winpcap protocol driver then it uses the "PacketRequest" function of the same driver to communicate with the wireless network card. This API can be used from the Windows User Mode to perform a query/set operation on an internal variable of the network card driver. The passive scanner requires the AirPcap adapter from CACE Technologies which enables the raw capture of 802.11 frames by mean of its AirPcap drivers. The scanner recognize wireless Access Points (upper list) and clients (lower list) decoding 802.11b/g packets that travels on the air in a completely passive way. The "Channel Hopping" feature changes the frequency of the adapter every second and let you discover wireless networks on different channels. When the "Dump WEP IVs" checkbox is checked, Cain collects unique WEP initialization vectors (IVs) in the "dump.ivs" file placed in the program's directory. WEP IVs are needed for cracking WEP encryption keys used in wireless protected networks. The WEP IVs dump is compatible with those created by Aircrack and Aircrack-ng softwares. It can be opened immediately, using the "Analyze", button or saved for later analysis. Cain also includes a WEP Cracker, a Wireless Zero Configuration Password Dumper, and a 802.11 Capture Files Decoder. Operating System: Microsoft Windows NT/2000/XP/2003.
chopchop by KoreK WEP cracker which uses the AP to decipher packets. Easiest one are ARP's. Takes 10-20s. Included within patches for wlan-ng to inject packets in monitor mode (I'll try to do hostap for the next release). That's about it. Bits and pieces are missing here and there (only decodes IP/ARP traffic), but it's pretty complete. Operating System: Various.
ClassicStumbler by alksoft ClassicStumbler scans for and displays information about all the wireless access points in range. It will display your signal strength, noise strength, signal to noise ratio, what channel your access point is on, if other access points are interfering with yours, and whether or not those access points are providing encrypted, unencrypted, computer-to-computer, or infrastructure type networks. Operating System: AirPort capable Mac.
CommView for WiFi by TamoSoft CommView for WiFi is a powerful wireless network monitor and analyzer for 802.11 a/b/g networks. Loaded with many user-friendly features, CommView for WiFi combines performance and flexibility with an ease of use unmatched in the industry. CommView for WiFi captures every packet on the air to display important information such as the list of access points and stations, per-node and per-channel statistics, signal strength, a list of packets and network connections, protocol distribution charts, etc. By providing this information, CommView for WiFi can help you view and examine packets, pinpoint network problems, perform site surveys, and troubleshoot software and hardware. Packets can be decrypted utilizing user-defined WEP or WPA-PSK keys and are decoded down to the lowest layer. With over 70 supported protocols, this network analyzer allows you to see every detail of a captured packet using a convenient tree-like structure to display protocol layers and packet headers. Additionally, the product provides an open interface for plugging in custom decoding modules. A WEP and WPA key retrieval add-ons are available subject to terms and conditions. Operating System: Windows 2000/XP/2003/Vista.
CoWPAtty WPA Cracker by Joshua Wright coWPAtty is designed to audit the pre-shared key (PSK) selection for WPA networks based on the TKIP protocol. Supply a libpcap file that includes the TKIP four-way handshake to mount an offline dictionary attack with a supplied wordlist. Operating System: Unix/Linux.
DMZS-Carte by DMZ Services, Inc. Perl script uses the text output of netstumbler and generates IDW overlay images on top of terraserver satellite maps. Perl script.
Driftnet by Chris Lightfoot Inspired by EtherPEG, Driftnet is a program which listens to network traffic and picks out images from TCP streams it observes. Fun to run on a host which sees lots of web traffic. In an experimental enhancement, driftnet now picks out MPEG audio streams from network traffic and tries to play them. can also now use driftnet with Jamie Zawinski's webcollage, so that it can run as a screen saver. Operating System: Unix/Linux.
EtherPEG by Sam Bushell, Peter Bierman, Stuart Cheshire EtherPEG is a free program for the Macintosh that shows you all the JPEGs (and GIFs) going by on your network. EtherPEG works by capturing unencrypted TCP packets off your local network, collecting packets into groups based on TCP connection (determined from source IP address, destination IP address, source TCP port and destination TCP port), reassembling those packets into order based on TCP sequence number, and then scanning the resulting data for byte sequences that suggest the presence of JPEG or GIF data. EtherPEG works with any TCP/IP network, including Ethernet networks and wireless networks like AirPort, as long as the data is not encrypted. If the data is encrypted using IPSEC, or Virtual Private Network (VPN) products like PGPNet, or Web Browser SSL encryption, then third-parties cannot view your data. Operating System: Macintosh.
FakeAP by Black Alchemy Enterprises If one access point is good, 53,000 must be better. Black Alchemy's Fake AP generates thousands of counterfeit 802.11b access points. Hide in plain sight amongst Fake AP's cacophony of beacon frames. As part of a honeypot or as an instrument of your site security plan, Fake AP confuses Wardrivers, NetStumblers, Script Kiddies, and other undesirables. Operating System: Linux/BSD.
gpsd by Remco Treffkorn gpsd is a daemon that listens to a GPS or Loran receiver and translates the positional data into a simplified format that can be more easily used by other programs, like chart plotters. The package comes with a sample client that plots the location of the currently visible GPS satellites (if available) and a speedometer. It can also use DGPS/ip. Operating System: POSIX.
GpsDrive by Fritz Ganter Gpsdrive is a map-based navigation system. It displays your position on a zoomable map provided from a NMEA-capable GPS receiver. The maps are autoselected for the best resolution, depending of your position, and the displayed image can be zoomed. Maps can be downloaded from the Internet with one mouse click. The program provides information about speed, direction, bearing, arrival time, actual position, and target position. Speech output is also available. Operating System: POSIX :: Linux.
Hitchhiker by Kasuei Consultant Group This speedy freespot tracer helps you to connect your Pocket PC to the wireless Internet. Simply click "Connect" and it will try all nearby public access points. Hitchhiker will handle all settings for you and perform complicated tests to ensure you can connect to the Internet in no time. Operating System: Pocket PC, WM2003/SE and WM5 (with compatible WiFi device and .NET Compact Framework 2.0).
Hotspotter by Max Moser, Joshua Wright Hotspotter was written to exploit this weakness in the Windows XP operating system. Hotspotter passively monitors the network for probe request frames to identify the preferred networks of Windows XP clients, and will compare it to a supplied list of common hotspot network names. If the probed network name matches a common hotspot name, Hotspotter will act as an access point to allow the client to authenticate and associate. Once associated, Hotspotter can be configured to run a command, possibly a script to kick off a DHCP daemon and other scanning against the new victim. Operating System: Unix/Linux.
iStumbler by Alf Watt iStumbler is a free, open source tool for finding wireless networks and devices with your AirPort equipped Macintosh. iStumbler combines a compact user interface with a real time graph of signal strength and complete debugging information such as network type, name and mac address. Real-time visual feedback of signal strength and encryption allows you to quickly find open networks, perform site surveys or just have a look at your wireless neighborhood. Operating System: MacOS.
KARMA by Dino A. Dai Zovi, Shane Macaulay KARMA is a set of tools for assessing the security of wireless clients at multiple layers. Wireless sniffing tools discover clients and their preferred/trusted networks by passively listening for 802.11 Probe Request frames. From there, individual clients can be targetted by creating a Rogue AP for one of their probed networks (which they may join automatically) or using a custom driver that responds to probes and association requests for any SSID. Higher-level fake services can then capture credentials or exploit client-side vulnerabilities on the host. KARMA includes patches for the Linux MADWifi driver to allow the creation of an 802.11 Access Point that responds to any probed SSID. So if a client looks for 'linksys', it is 'linksys' to them (even while it may be 'tmobile' to someone else). Operating in this fashion has revealed vulnerabilities in how Windows XP and MacOS X look for networks, so clients may join even if their preferred networks list is empty. Operating System: Linux/FreeBSD.
KisMAC by Michael Rossberg et al KisMAC is a free stumbler application for MacOS X, that puts your card into the monitor mode. Unlike most other applications for OS X we are completely invisible and send no probe requests. KisMAC supports third party PCMCIA cards with Orinoco and PrismII chipsets, as well as Cisco Aironet cards. This program is not intended for people, who have not much knowledge about WiFi, but for professional users. Operating System: Mac OS X.
Kismet by Mike Kershaw Kismet is an 802.11 layer2 wireless network detector, sniffer, and intrusion detection system. Kismet will work with any wireless card which support raw monitoring (rfmon) mode, and can sniff 802.11b, 802.11a, and 802.11g traffic. Kismet is fully passive and undetectable when in operation. Kismet automatically tracks all networks in range and is able to detect (or infer) hidden networks, attack attempts, find rogue access points, and find unauthorised users. Operating System: POSIX/Linux/BSD/MacOSX/Win32 (Cygwin).
KNSGEM by Jeff Barney KNSGEM converts Wi-Fi survey logs produced by NetStumbler, Kismet, and WiFi Hopper to color coded 3D coverage maps/plots for displaying in Google Earth. Operating System: MS Windows.
LibRadiate by The Packetfactory A toolkit for 802.11 frame capturing, creation and injection. Radiate is a small C library designed read, build and write 802.11 frames. Operating System: Linux.
LORCON: Loss Of Radio CONnectivity by Joshua Wright, dragorn LORCON (Loss of Radio Connectivity) is everything libradiate could have been and more. Project goals: a generic library for injecting 802.11 frames, capable of injection via multiple driver frameworks, without forcing modification of the application code. This tool can be used to throw an extremely large number of wireless packets at different wireless cards. Hackers use this technique, called fuzzing, to see if they can cause programs to fail, or perhaps even run unauthorized software when they are bombarded with unexpected data. Using tools like LORCON, one can discover wireless device driver flaws, including flaws that allow for take over a laptop by exploiting a bug in an 802.11 wireless driver. Operating System: Unix/Linux.
MacStumbler by Korben MacStumbler is a utility to display information about nearby 802.11b and 802.11g wireless access points. It is mainly designed to be a tool to help find access points while traveling, or to diagnose wireless network problems. Additionally, MacStumbler can be used for "wardriving", which involves co-ordinating with a GPS unit while traveling around to help produce a map of all access points in a given area. MacStumbler requires an Apple Airport Card and MacOS 10.1 or greater. MacStumbler doesn't currently support any kind of PCMCIA or USB wireless device. Operating System: MacOS 10.1 or greater.
MiniStumbler by Marius Milner MiniStumbler is a tool for Windows CE that allows you to detect Wireless Local Area Networks (WLANs) using 802.11b, 802.11a and 802.11g. It has many uses: * Verify that your network is set up the way you intended. * Find locations with poor coverage in your WLAN. * Detect other networks that may be causing interference on your network. * Detect unauthorized "rogue" access points in your workplace. * Help aim directional antennas for long-haul WLAN links. * Use it recreationally for WarDriving. Operating System: Windows CE.
Mognet by Sean Whalen Mognet is a simple, lightweight 802.11b sniffer written in Java and available under the GPL. It features realtime capture output, support for all 802.11b generic and frame-specific headers, easy display of frame contents in hex or ascii, text mode capture for GUI-less devices, and loading/saving capture sessions in libpcap format. Mognet requires a Java Development Kit 1.3 or higher, and a working C compiler for native code compilation. Your wireless card must support monitor mode, which most (but not all) do. Operating System: Java.
Musatcha Advanced WiFi Mapping Engine by Brad Isbell This is a freeware client to WiGLE.net. It also acts as a Kismet client that can log (so you can effectively wardrive with a Linksys wap54g or wrt54g running kismet). It supports NMEA GPS units (or you can get GPS data from Netstumbler.) GPSd is in the works. Operating System: Windows.
Net::MAC::Vendor by Brian d Foy The Institute of Electrical and Electronics Engineers (IEEE) assigns an Organizational Unique Identifier (OUI) to manufacturers of network interfaces. Each interface has a Media Access Control (MAC) address of six bytes. The first three bytes are the OUI. This perl module allows you to take a MAC address and turn it into the OUI and vendor information. You can, for instance, scan a network, collect MAC addresses, and turn those addresses into vendors. With vendor information, you can often guess at what what you are looking at (e.g. an Apple product). You can use this as a module as its individual functions, or call it as a script with a list of MAC addresses as arguments. The module can figure it out. This module tries to persitently cache with DBM::Deep the OUI information so it can avoid using the network. If it cannot load DBM::Deep, it uses a normal hash (which is lost when the process finishes). You can preload this cache with the load_cache() function. So far, the module looks in the current working directory for a file named mac_oui.db to find the cache. The author works on a way to let the user set that location. Perl Module.
NetChaser by Michael A. Waldron Find WiFi hotspots with your Palm Tungsten C Handheld Computer. Operating System: PalmOS.
NetStumbler by Marius Milner NetStumbler is a tool for Windows that allows you to detect Wireless Local Area Networks (WLANs) using 802.11b, 802.11a and 802.11g. It has many uses: * Verify that your network is set up the way you intended. * Find locations with poor coverage in your WLAN. * Detect other networks that may be causing interference on your network. * Detect unauthorized "rogue" access points in your workplace. * Help aim directional antennas for long-haul WLAN links. * Use it recreationally for WarDriving. Operating System: Windows.
Omerta by Mike D. Schiffman Disassociates all 802.11 network connections within range on the same channel as the card in the machine. Built on top of libradiate. Source code.
Packetyzer by Network Chemistry Packetyzer provides a free Windows user interface for the well known Ethereal packet capture and dissection library. Ethereal is used by network professionals around the world for troubleshooting, analysis, software and protocol development, and education. It has all of the standard features expected in a protocol analyzer, and several features not otherwise available. Network Chemistry has taken advantage of its open source license to add a Windows front end to extend its use. Packetyzer supports all protocols which are supported by Ethereal. Packetyzer is distributed under the GNU Public License. Includes support for 802.11 Wireless LAN Analysis and 802.1x authentication. Operating System: Windows.
Pong by MobileAccess A Tool to check the vulnerability of your Wireless Lan AccessPoint. In case your AccessPoint is running a vulnerable Firmware, you get access to all relevant details such as admin password, WEP keys, allowed MAC-Addresses and some more. Operating System: Windows.
PrismStumbler by Jan Fernquist Prismstumbler is a wireless LAN (WLAN) which scans for beaconframes from accesspoints. Prismstumbler operates by constantly switching channels an monitors any frames recived on the currently selected channel. Operating System: All POSIX (Linux/BSD/UNIX-like OSes), Linux.
Scapy by Philippe Biondi Scapy is a powerful interactive packet manipulation program. It is able to forge or decode packets of a wide number of protocols, send them on the wire, capture them, match requests and replies, and much more. It can easily handle most classical tasks like scanning, tracerouting, probing, unit tests, attacks or network discovery (it can replace hping, 85% of nmap, arpspoof, arp-sk, arping, tcpdump, tethereal, p0f, etc.). It also performs very well at a lot of other specific tasks that most other tools can't handle, like sending invalid frames, injecting your own 802.11 frames, combining technics (VLAN hopping+ARP cache poisoning, VOIP decoding on WEP encrypted channel, ...), etc. Operating System: runs natively on Linux, and on most Unixes with libpcap, libdnet and their respective Python wrapper (see scapy's portability page).
SMAC by KLC Consulting SMAC is an easy-to-use Windows MAC Address Modifying Utility which allows users to change MAC address for almost any Network Interface Card (NIC) on the Windows 2000, XP, and 2003 Server systems, regardless of whether the manufactures allow this option or not. SMAC does not change the hardware burned-in MAC addresses. It is not necessary. SMAC changes the "software based" MAC addresses on the Windows 2000, XP, and 2003 Server systems, and the new MAC addresses you change will sustain from reboots. Operating System: Windows.
SSIDsniff by Kostas Evangelinos A curses based tool that allows identification, classification and data capturing of wireless networks. The interface is inspired by the unix top(1) utility. Comes with a configure script and supports Cisco Aironet and random prism2 based cards. Operating System: Linux.
StreetStumbler by kg4ixs Mapping program for Windows. StreetStumbler was designed from the ground up to be able to use both full and summary EXPORTS of NetStumbler logs. Please consult NetStumbler on how to Export files. Operating System: Windows.
StumbVerter by Michael Puchol, Sonar Security StumbVerter is a standalone application which allows you to import Network Stumbler's summary files into Microsoft's MapPoint 2004 maps. The logged WAPs will be shown with small icons, their colour and shape relating to WEP mode and signal strength. As the AP icons are created as MapPoint pushpins, the balloons contain other information, such as MAC address, signal strength, mode, etc. This balloon can also be used to write down useful information about the AP, notes, etc. Operating System: Windows.
THC LEAPcracker by The Hacker's Choice The THC LEAP Cracker Tool suite contains tools to break the NTChallengeResponse encryption technique e.g. used by Cisco Wireless LEAP Authentication. Also tools for spoofing challenge-packets from Access Points are included, so you are able to perform dictionary attacks against all users. Operating System: Unix/Linux.
void11 by Reyk Floeter A free implementation of some basic 802.11b attacks. This tool consists of the tools "deauth" and "auth". deauth (Network DOS) (flood wireless networks with deauthentication packets and spoofed BSSID; authenticated stations will drop their network connections). auth (Accesspoint DOS) (flood accesspoints with authentication packets and random stations addresses; some accesspoints will deny any service after some flooding). Operating System: Linux.
WarGlue by WarGlue Team This is a multiplatform general utility suite for use with existing network stumbling software, such as Kismet or NetStumbler. The program will convert between multiple output logs, including the popular wi-scan format, between platforms. Operating System: 32-bit MS Windows (NT/2000/XP), All 32-bit MS Windows (95/98/NT/2000/XP), All BSD Platforms (FreeBSD/NetBSD/OpenBSD/Apple Mac OS X), All POSIX (Linux/BSD/UNIX-like OSes), FreeBSD, Linux, OS X, Win2K, WinXP.
WarLinux by Fred A new linux distribution for Wardrivers. It is available on disk and bootable CD. Its main intended use is for systems administrators that want to audit and evaluate their wireless network installations. Should be handy for wardriving also. Operating System: All POSIX (Linux/BSD/UNIX-like OSes), Linux.
Wavelan Tools / 802.11 Network Discovery Tools by Cyrus Durgin et al 802.11 network tools - allow for detection of networks and services initially using wireless extensions for linux and raw 802.11 frames. Initial support is for the wavelan/orinoco card and plan support for aironet cards. Operating System: All POSIX (Linux/BSD/UNIX-like OSes), Linux.
WaveMon by Jan Morgenstern WaveMon is a ncurses-based monitor for wireless devices. It allows you to watch the signal and noise levels, packet statistics, device configuration, and network parameters of your wireless network hardware. It has currently only been tested with the Lucent Orinoco series of cards, although it should work (with varying features) with all devices supported by the wireless kernel extensions written by Jean Tourrilhes. Operating System: POSIX :: Linux.
WaveStumbler by Patrik WaveStumbler is console based 802.11 network mapper for Linux. It reports the basic AP stuff like channel, WEP, ESSID, MAC etc. It has support for Hermes based cards (Compaq, Lucent/Agere, ... ) It still in development but tends to be stable. It consist of a patch against the kernel driver, orinoco.cs which makes it possible to send the scan command to the driver via the /proc/hermes/ethX/cmds file. The answer is then sent back via a netlink socket. WaveStumbler listens to this socket and displays the output data on the console. The patch should be applied agains linux-2.4.17. It patches the whole linux/drivers/wireless to version 2.4.18-pre7 + the apscan code in orinoco.c. This is a 100% experimental patch, but it seems to work quite good with a Orinoco Silver Card, so feel free to try it out. Operating System: Linux.
WebStumbler by Frank Echanique WebStumbler is a simple application for turning NetStumbler summary files into HTML files. Operating System: Windows.
WellenReiter by Michael Lauer et al Wellenreiter is a wireless network discovery and auditing tool. Prism2, Lucent, and Cisco based cards are supported. It is the easiest to use Linux scanning tool. No card configuration has to be done anymore. The whole look and feel is pretty self-explaining. It can discover networks (BSS/IBSS), and detects ESSID broadcasting or non-broadcasting networks and their WEP capabilities and the manufacturer automatically. DHCP and ARP traffic are decoded and displayed to give you further information about the networks. An ethereal/tcpdump-compatible dumpfile and an Application savefile will be automaticly created. Using a supported GPS device and the gpsd you can track the location of the discovered networks. Operating System: Linux.
WepAttack by Dominik Blunk, Alain Girardet WepAttack is a WLAN open source Linux tool for breaking 802.11 WEP keys. This tool is based on an active dictionary attack that tests millions of words to find the right key. Only one packet is required to start an attack. Operating System: Linux.
WEPCrack by Anton Rager, Paul Danckaert WEPCrack is a tool that cracks 802.11 WEP encryption keys using the latest discovered weakness of RC4 key scheduling. Operating System: All POSIX (Linux/BSD/UNIX-like OSes), Linux.
Weplab by Jose Ignacio Sanchez Weplab is a tool to review the security of WEP encryption in wireless networks from an educational point of view. Several attacks are available so it can be measured the efectiveness and minimun requirements of each one. Operating System: All POSIX (Linux/BSD/UNIX-like OSes), Linux.
WEPWedgie by Anton Rager WEPWedgie is a toolkit for determining 802.11 WEP keystreams and injecting traffic with known keystreams. The toolkit also includes logic for firewall rule mapping, pingscanning, and portscanning via the injection channel and a cellular modem. The program consists of two main programs. (1) prgasnarf: looks for shared-key-auth sequences to derive a IV and PRGA - this can later be used as a packet keystream with the same IV. (2) wepwedgie: injects frames encoded with IV/PRGA from prgasnarf to a user specified target and internet helper. The internet helper is a host that you own that will be monitoring the results from the injected traffic via the internet. Operating System: Unix/Linux.
WEP_Tools (wep_crack/wep_decrypt) by Tim Newsham This package contains two tools, one for cracking WEP keys and one for decrypting WEP packets. Wep_crack: Given a pcap file containing a packet capture of WEP packets, this program will attempt to find the key used in encryption. This is done by searching the key space using keys generated from dictionary words, or by exhaustively searching through the key generation seeds. Keys are validated by decrypting a number of packets and verifying their CRC. If the CRC validates for all packets, there is a high probability that the proper key was used. Wep_decrypt is a program for decrypting captured 802.11 traffic that is protect with WEP traffic. It reads in a pcap capture file, such as that generated by prismdump, and outputs another pcap capture file with decrypted packets. By default it will read from stdin and ouput to stdout. The key to decrypt with can be specified as a string of hex characters, optionally seperated by spaces or colons, or as a text string. If a text string is specified, the actual keying material will be generated by the string in the (ad hoc) standard fashion used by many drivers. Operating System: Unix/Linux.
Wi-Find by Eric Olinger Wi-find is a wirelesss network detection tool that is written in C and is aiming for flexibility and clean easy to understand code. It currently only suports prism2 based cards using the wlan-ng drive (the hostap might work also) but the support is there to add more cards. Features: * Passive detection of 802.11b networks (SSID Extraction from Managenment and Data packets, WEP detection). * Easily extendable interface for adding new cards. * GPS Logging supports any NMEA compatibly unit. Operating System: Linux.
wicrawl by Aaron Peterson, Jason Spence, Peter Kacherginsky, Brian Johnson A modular and thorough Wi-Fi access point scanner/auditor with a simple and flexible plugin architecture. The goal is to automate the tedious task of scanning Wi-Fi access points for interesting information, so we don't have to manually check each access point. This can be a useful tool for penetration testers looking to "crawl" through massive numbers of APs looking for interesting data. Plugins will be everything from DHCP and nmap to aircrack or hooks to move a motorized directional antenna around. New plugins can be written in any language. Wicrawl is able to use multiple cards, and eventually will be able to use multiple computers. Some features: * Passive detection of Access Points. * Support for multiple cards. * Simple plugin interface with multiple Plugins. * Profiles to manage card scheduling and wicrawl usage. * Support for multiple interfaces. * Reporting and summary output in HTML, XML or Text. * Traffic packet logging in pcap format. Operating System: Linux.
WiFi Hopper by Divya Thakur WiFi Hopper is a WLAN utility that combines the features of a Network Discovery and Site Survey tool with a Connection Manager. Sporting a comprehensive arsenal of network details, filters, RSSI graphing and built-in GPS support, WiFi Hopper is invaluable for identification and advanced characterization of neighboring wireless devices. Additionally, WiFi Hopper can connect to unsecured, WEP, WPA-PSK and WPA2-PSK networks directly from within the application. With editable network profiles and dedicated Connection Manager execution mode, WiFi Hopper can be used as a significantly more transparent replacement for Windows and manufacturer-provided wireless clients. WiFi Hopper encompasses a feature set aimed for a wide variety of audiences including Wireless Network Administrators, Security Professionals, Programmers, QA Engineers and Power Users. WiFi Hopper can be used to track unsecured wireless networks that may be compromising network security. Additionally, WiFi Hopper makes it easy to look to unauthorized access points involved in an attack or simply causing interference. For programmers and QA engineers, WiFi Hopper is the ideal, Windows-NDIS based, testing tool. With WiFi Hoppers connectivity features, functionality of WLAN drivers and hardware can be independently verified. Operating System: 32-bit Windows Vista, Windows 2003, Windows XP SP2 and Windows 2000 SP4.
WiFiFoFum by Malcolm Hall WiFiFoFum is a 802.11 scanner designed for PDAs running PocketPC 2003. It scans all 802.11 access points in range and offers a list and a radar to view. It also offers GPS features to record the location of the access points. The list can be saved to file. Operating System: PocketPC 2003 / Windows Mobile.
WifiScanner by Jérôme Poggi WifiScanner is a tool that has been designed to discover wireless node (i.e access point and wireless clients). It is distributed under the GPL License. It works with CISCO cards and prism cards with a hostap driver or wlan-ng driver. An Intrusion Detection System is integrated to detect anomaly like MAC usurpation. Operating System: Linux.
Wifitap by Cédric Blancher This Python script is a proof of concept tool allowing WiFi communication using traffic injection. Wifitap allows direct communication with an associated station to a given access point directly, meaning: * not being associated ourselves; * not being handled by access point. Wifitap allows any application to send and receive IP packets using 802.11 traffic capture and injection over a WiFi network simply configuring wj0, which means: * setting an IP address consistent with the target network address range; * routing desired traffic through it. In particular, it's a cheap method for arbitrary packet injection in 802.11 frames without the need for a specific library. In addition, Wifitap will allow you to get rid of any limitation set at access point level, such as bypassing inter-client communications prevention systems (e.g. Cisco PSPF) or reaching multiple SSID handled by the same access point. Wifitap can easily be modified to be used as a framework for simple tasks such as injecting answers to captured frames. Operating System: Unix/Linux.
WinDump by Loris Degioanni et al WinDump is the porting to the Windows platform of tcpdump, the most used network sniffer/analyzer for UNIX. WinDump is fully compatible with tcpdump and can be used to watch and diagnose network traffic according to various complex rules. It can run under Windows 95/98/ME, and under Windows NT/2000/XP. WinDump uses a libpcap-compatible library for Windows, WinPcap, which is freely downloadable from the WinPcap site. WinDump is free and is released under a BSD-style licence. Operating System: Windows.
WirelessMon by PassMark Software WirelessMon is a software tool that allows users to monitor the status of wireless WiFi adapter(s) and gather information about nearby wireless access points and hot spots in real time. WirelessMon can log the information it collects into a file, while also providing comprehensive graphing of signal level and real time IP and 802.11 WiFi statistics. Features: * Verify 802.11 network configuration is correct * Test WiFi hardware and device drivers are functioning correctly * Check signal levels from your local WiFi network and nearby networks * Help locate sources of interference to your network * Scan for hot spots in your local area (wardriving) * Create signal strength maps of an area * GPS support for logging and mapping signal strength * Correctly locate your wireless antenna (especially important for directional antennas) * Verify the security settings for local access points * Measure network speed & throughput and view available data rates * Help check Wifi network coverage and range. Operating System: Windows 2000(SP4), XP, 2003, Vista.
Wireshark (previously Ethereal) by Gerald Combs et al Wireshark (previously known as Ethereal) is a free network protocol analyzer for Unix and Windows. It allows you to examine data from a live network or from a capture file on disk. You can interactively browse the capture data, viewing summary and detail information for each packet. Wireshark has several powerful features, including a rich display filter language and the ability to view the reconstructed stream of a TCP session. Live data can be read from Ethernet, FDDI, PPP, Token-Ring, IEEE 802.11, Classical IP over ATM, and loopback interfaces (at least on some platforms; not all of those types are supported on all platforms). Due to a trademark dispute in 2006, Wireshark is the new name of the Ethereal project. Operating System: runs on all popular computing platforms, including Unix, Linux, and Windows. Wireshark & Ethereal Network Protocol Analyzer Toolkit Wireshark & Ethereal Network Protocol Analyzer Toolkit
WiStumbler by Isao Seki Network stumbler for WaveLAN/IEEE wireless networking of NetBSD. Operating System: NetBSD.
WLAN Web Authentication Script by Craig Heffner This is a quick perl script to redirect a wireless client to a fake a login page for a WLAN. This is much stealthier than implementing a rouge AP in conjunction with layer 1/2 attacks against the WAP. It uses tethereal to listen for IP addresses being assigned to a new wireless client via DHCP, then runs dnsa-ng to redirect DNS queries from the new client to the specified IP. Tested on linux 2.6, with Prisim 2.5 (HostAP drivers) and Atheros (Madwifi drivers) wireless cards. Perl script.
WPA Cracker by Takehiro Takahashi WPA Cracker is a dictionary/brute-force attacker against WiFi Protected Access (WPA). WPA takes two forms; WPA Enterprise Mode and WPA PSK (Pre-Shared Key) Mode. WPA Cracker takes advantage of an inherently vulnerable characteristics of the PSK implementation to provide users an insight that the security must be deployed properly. Operating System: Linux.
wscan by Portland State University wscan is a X-11/visual 802.11 wireless signal-strength display tool (version 2.0 includes AP scanning mode). You can download a tar archive for it that allows you to build it on Linux or FreeBSD. There's also an ipkg/package for linux/ipaqs running familiar. Operating System: Linux/FreeBSD.
