Wireless Hacking

Wifi Hacking

• aircrack-ng - A complete suite of tools to assess WiFi network security

  • https://www.aircrack-ng.org/

  • airgraph-ng is a tool to create a graph ouf of the txt file created by airodump with its -w option. The graph shows the relationships between the clients and the access points.

• airgeddon - a menu driven 3rd party tools wrapper to audit wireless networks with many features.

• bully - Bully is a new implementation of the WPS brute force attack, written in C. It is conceptually identical to other programs, in that it exploits the (now well known) design flaw in the WPS specification.

• cowpatty - If you are auditing WPA-PSK or WPA2-PSK networks, you can use this tool to identify weak passphrases that were used to generate the PMK.

• eaphammer - This package contains a toolkit for performing targeted evil twin attacks against WPA2-Enterprise networks

• kismet Kismet is a wireless network and device detector, sniffer, wardriving tool, and WIDS (wireless intrusion detection) framework.

• mdk4 - A Wi-Fi testing tool from E7mer, ASPj of k2wrlz, it uses the osdep library from the aircrack-ng project to inject frames on several operating systems.

• c41n - Automated rogue access point setup tool.

  • https://hakin9.org/c41n-an-automated-rogue-access-point-setup-tool/

• Training

  • https://tryhackme.com/room/wifihacking101

Bluetooth

• bluelog - Bluelog is a Bluetooth scanner designed to tell you how many discoverable devices there are in an area as quickly as possible. It is intended to be used as a site survey tool, identifying the number of possible Bluetooth targets there are in the surrounding environment.

• blueranger - Use the Bluetooth interface to scan for the specified remote address.

• bluesnarfer - A bluetooth bluesnarfing Utility

• bluez - This package contains tools and system daemons for using Bluetooth devices. BlueZ is the official Linux Bluetooth protocol stack.

• btscanner - btscanner is a tool designed specifically to extract as much information as possible from a Bluetooth device without the requirement to pair.

• crackle - crackle exploits a flaw in the BLE pairing process that allows an attacker to guess or very quickly brute force the TK (Temporary Key). With the TK and other data collected from the pairing process, the STK (Short Term Key) and later the LTK (Long Term Key) can be collected.

• redfang - a small proof-of-concept application to find non discoveredable bluetooth devices. This is done by brute forcing the last six (6) bytes of the bluetooth address of the device and doing a read_remote_name().

• spooftooph - Spooftooph is designed to automate spoofing or cloning Bluetooth device Name, Class, and Address.

Rogue Access Point

• https://github.com/P0cL4bs/wifipumpkin3 - Powerful framework for rogue access point attack.