Projects

WPA/WPA2/IEEE 802.1X Supplicant

wpa_supplicant is a WPA Supplicant for Linux, BSD, and Windows with support for WPA and WPA2 (IEEE 802.11i / RSN). It is suitable for both desktop/laptop computers and embedded systems. Supplicant is the IEEE 802.1X/WPA component that is used in the client stations. It implements key negotiation ... [More] with a WPA Authenticator and it controls the roaming and IEEE 802.11 authentication/association of the wlan driver. wpa_supplicant is designed to be a "daemon" program that runs in the background and acts as the backend component controlling the wireless connection. wpa_supplicant supports separate frontend programs and a text-based frontend (wpa_cli) and a GUI (wpa_gui) are included with wpa_supplicant. [Less]

Aircrack-NG

Aircrack-ng is an 802.11 WEP and WPA-PSK keys cracking program that can recover keys once enough data packets have been captured. It implements the standard FMS attack along with some optimizations like KoreK attacks, thus making the attack much faster compared to other WEP cracking tools. In fact ... [More] aircrack is a set of tools for auditing wireless networks. [Less]

KisMAC

KisMAC is a free stumbler application for MacOS X that puts your card into monitor mode. Unlike most other applications for OS X it has the ability to run completely invisibly and send no probe requests. KisMAC supports several third party PCMCIA/PCCards cards with Orinoco and PrismII chipsets, as ... [More] well as Cisco Aironet cards. AirPort and AirPort Extreme cards are supported in full passive mode, as well as Prism2 and Ralink USB devices. [Less]

ConnMan

wepbuster

WEPBuster 1.0if something's insecure in your wifihood... This small utility was written for information security professional to aid in conducting Wireless Security Assessment. The script executes various programs included in the aircrack-ng suite - a set of tools for auditing wireless ... [More] networks, in order to obtain the WEP encryption key of a wireless access point. WEPBuster also has a wordlist generator which can be used in creating "dictionary" files for WPA Pre-Shared Key cracking and for other related tasks. aircrack-ng can be obtained from http://www.aircrack-ng.org Features: Cracks all access points within the range in one go!! Supports: WEP Cracking: - Mac address filtering bypass (via mac spoofing) - Auto reveal hidden SSID - Client-less Access Point injection (fragmentation, -p0841) - Shared Key Authentication - whitelist (crack only APs included in the list) - blacklist (do not crack AP if it's included in the list) Wordlist Generator: - generate all combinations of a given set - generate all unique combinations of a given set - apply filters to each generated word - apply filters to an input file or a wordlist - apply filters from another wordlist - merge two wordlists and apply filters to each generated word USAGE: perl wepbuster [channel(s)] perl wepbuster [sort | connect] [hostname/ip address] perl wepbuster permute [OPTIONS] or perl wepbuster --help | --man for list of all supported options. REQUIREMENTS: - aircrack-ng 1.0 - perl installation with standard libraries (threading support) - perl modules (http://search.cpan.org) - Term::ReadKey - Expect.pm - Getopt::Long - File::Slurp - Number::Range - Algorithm::Permute - Pod::Usage - macchanger (www.alobbs.com/macchanger) - miscellaneous unix programs - ifconfig, iwconfig, rm, pkill, stty, cp, touch, mv, route, ping, dhclient, netstat WEP CRACKING PROCESS: When invoked without any arguments, the program initially builds a list of all WEP-enabled access points within the range using airodump-ng(1) on each non-overlapping channel of the country specified. (US 1, 6, 11 and EU 1, 5, 9, 13). If there's any, associated stations are also saved for use in mac address spoofing when dealing with access points with hidden SSIDs or those with mac address filtering enabled. Once done scanning, the automated WEP cracking begins. The script will go through the list and attempt to crack each access point listed. A white list (known_ap.txt) and black list (bad_ap.txt) text files on the current working directory are consulted to know if a particular access point is to be skipped or not. The first step in the actual WEP cracking is to associate the cracking station using aireplay-ng(1) to the target access point. Shared-key authentication (SKA) is also done automatically. If the SSID is unknown or hidden , association will not be possible hence, the script will use aireplay-ng to launch deauthentication attacks in order to reveal the ssid. Once associated, the script will use aireplay-ng(1) to launch an arp-replay attack against the access point. When a particular period has elapsed and the IV count did not increase significantly, fragmentation attack will be launched. If fragmentation attack was successful (keystream was found), the script will use packetforge-ng(1) in order to build an arp packet to be used in arp-replay attack. If unsuccessful, fragmentation attack will be stopped and rebroadcast attack (-p0841) will be tried next. If all goes well, wepbuster should display the IV counts as they increase. When enough IVs are collected, the script will launch aircrack-ng(1) and will try to crack the WEP encryption key using the collected data packet dumps. If successful, the WEP key will be saved into the text file "owned.txt" in the current working directory. This entire process is repeated until all the access points included in the initial list are processed. WORDLIST GENERATOR: The key to a successful bruteforce attack is to have a good dictionary file. It is a known fact that at this point, one cannot just create a dictionary file by generating all the possible combinations of all the character sets and expect to make it useable upon completion, if at all. Building a dictionary file for bruteforce password guessing is a tricky exercise. People came up with various ideas such as crawling a website in order to extract unique words from it, word association using data mining, "leetifying", case switching (e.g., lower to upper), mutation, etc. WEPBuster is capable of generating all combinations of a given set and at the same time apply filters to each generated word in order to make the resulting word list size significantly smaller. [Less]

linksyskeygen

A C# utility to create/reproduce wep keys for a given passphrase, adapted from the c code in the linksys router source code.

rc4sim

An visual simulator that let's you see every step of the RC4 encryption algorithm, the weaknesses found by Fluhrer,Mantin and Shamir and how these can be used to crack wep.

wepscript

This ruby script implements the basic wep decryption sequence, freeing the user from having to manually type all the *-ng commands and passing all the parameters such as the long BSSID, etc. As stated by the aircrack-ng documentation, it should be used, of course, for educational or security ... [More] assessment purposes only. This script only works in Linux, and has only been tested under Ubuntu. [Less]

wepkey

Find the passcode of the AP using packets if the AP uses only WEP

aircrackGui

A simple gui for aircrack suite written in c++ wxWidgets. -Arp replay -Chop-chop -Fragmentation -Dictionary -Wpa dict -Dict plugins