|
Raw Fake AP v0.2
|
|
Hits: 45 |
|
Date added: 12/19/2006 |
|
Aprogram that emulates IEEE 802.11 access points thanks to wireless raw injection.
It aims at creating/injecting both beacon and probe response frames in order to emulate valid IEEE 802.11 access points.
Infamous tools like Black Alchemy's Fake AP are using ifconfig/iwconfig to change wireless settings like BSSID, ESSID, channel and txpower. But unfortunately when using master mode, some IEEE 802.11 fields are mastered by the driver like the BSS timestamp, sequence number and (some) tagged parameters; and thus cannot be easily forged. E.g., an ESSID change (thanks to iwconfig) resets the BSS timestamp (thanks to Joshua Wright for this hint) giving the opportunity to any wireless IDS to catch a Fake AP easily.
This tool is able to fool both passive scanners (e.g. Kismet) and active scanners (e.g. XP SP2 WZC, NetStumbler) with some limitations (see below) . It can be used to disturb any (newbie) wardriver with some efficiency hiding real wireless networks (of course, this should be further enhanced thanks to a wider tool sending data, control and management frames in order to simulate a set of wireless networks). |
|
|
|
|
|
|
Mognet v1.16
|
|
Hits: 44 |
|
Date added: 01/07/2006 |
|
Mognet is a free, open source wireless ethernet sniffer/analyzer written in Java. It is licensed under the GNU General Public License. It was designed with handheld devices like the iPaq in mind, but will run just as well on a desktop or laptop. |
|
|
|
|
|
|
Kismet
|
|
Hits: 43 |
|
Date added: 07/21/2005 |
|
Kismet is an 802.11 layer2 wireless network detector, sniffer, and intrusion detection system. Kismet will work with any wireless card which supports raw monitoring (rfmon) mode, and can sniff 802.11b, 802.11a, and 802.11g traffic.
Kismet identifies networks by passively collecting packets and detecting standard named networks, detecting (and given time, decloaking) hidden networks, and infering the presence of nonbeaconing networks via data traffic. |
|
|
|
|
|
|
Wellenreiter v1.9
|
|
Hits: 42 |
|
Date added: 09/08/2005 |
|
Wellenreiter is a wireless network discovery and auditing tool. Prism2, Lucent, and Cisco based cards are supported. It is the easiest to use Linux scanning tool. No card configuration has to be done anymore. The whole look and feel is pretty self-explaining. It can discover networks (BSS/IBSS), and detects ESSID broadcasting or non-broadcasting networks and their WEP capabilities and the manufacturer automatically. DHCP and ARP traffic are decoded and displayed to give you further information about the networks. An ethereal/tcpdump-compatible dumpfile and an Application savefile will be automaticly created. Using a supported GPS device and the gpsd you can track the location of the discovered networks. NO!, hosap drivers actualy don't work in the perl version.
The project has started to move from perl to C++. Currently there are two flavours of Wellenreiter available. One is the perl/gtk based Version, with all the described functionality. The second one is the Wellenreiter II C++ based flavour. This runs on Handhelds (Zaurus/Ipaq/etc.) within the Opie environment and on X11. |
|
|
|
|
|
Asleap
|
|
Hits: 39 |
|
Date added: 08/28/2005 |
|
Recovers weak LEAP passwords. Can read live from any wireless interface in RFMON mode. Can monitor a single channel, or perform channel hopping to look for targets. This tool is released as a proof-of-concept to demonstrate a weakness in the LEAP protocol. LEAP is the Lightweight Extensible Authentication Protocol, intellectual property of Cisco Systems, Inc. LEAP is a security mechanism available only on Cisco access points to perform authentication of end-users and access points. LEAP is written as a standard EAP-type, but is not compliant with the 802.1X specification since the access point modifies packets in transit, instead of simply passing them to a authentication server (e.g. RADIUS). |
|
|
|
