|
THC RUT v1.2.5
|
|
Hits: 35 |
|
Date added: 09/03/2005 |
|
thc-rut (aRe yoU There, pronouced as root) is your first knife on foreign network. It gathers informations from local and remote networks. It offers a wide range of network discovery tools: arp lookup on an IP range, spoofed DHCP request, RARP, BOOTP, ICMP-ping, ICMP address mask request, OS fingerprintings, high-speed host discovery, ... The tool is capable of discovering a Class B network within 10 minutes. |
|
|
|
|
|
|
Snr v0.98
|
|
Hits: 10 |
|
Date added: 09/11/2005 |
|
Helps network administrator to collect signal/noice-rate statistics from Lucent Wireless AccessPoint devices via SNMP, store it into MySQL database and view summary graphs via CGI-module. |
|
|
|
|
|
|
Raw Glue AP v0.1
|
|
Hits: 33 |
|
Date added: 12/15/2006 |
|
A program that catches wireless stations searching for preferred ESSIDs.
It aims at creating/injecting probe responses, authentication responses, association responses to wireless stations wanting to associate themselves to access points.
This tool catches probe requests, send back appropriate probe responses and then tries to catch authentication and association requests. This is a kind of Glue AP which purpose is to catch clients that are actively scanning for any ESSID. This method could be implemented in a Wireless IPS tool.
Any ESSID with both Null ESSID and pre-configured ESSID (which are usually preferred wireless networks in Wireless Zero Configuration) will be caught.
All this stuff is done in monitor mode and uses raw injection which seems to be a required if this method may be implemented in a Wireless IDS (that usually perform detection in monitor mode). |
|
|
|
|
|
|
Raw Fake AP v0.2
|
|
Hits: 45 |
|
Date added: 12/19/2006 |
|
Aprogram that emulates IEEE 802.11 access points thanks to wireless raw injection.
It aims at creating/injecting both beacon and probe response frames in order to emulate valid IEEE 802.11 access points.
Infamous tools like Black Alchemy's Fake AP are using ifconfig/iwconfig to change wireless settings like BSSID, ESSID, channel and txpower. But unfortunately when using master mode, some IEEE 802.11 fields are mastered by the driver like the BSS timestamp, sequence number and (some) tagged parameters; and thus cannot be easily forged. E.g., an ESSID change (thanks to iwconfig) resets the BSS timestamp (thanks to Joshua Wright for this hint) giving the opportunity to any wireless IDS to catch a Fake AP easily.
This tool is able to fool both passive scanners (e.g. Kismet) and active scanners (e.g. XP SP2 WZC, NetStumbler) with some limitations (see below) . It can be used to disturb any (newbie) wardriver with some efficiency hiding real wireless networks (of course, this should be further enhanced thanks to a wider tool sending data, control and management frames in order to simulate a set of wireless networks). |
|
|
|
|
|
|
Raw Covert v0.1
|
|
Hits: 18 |
|
Date added: 12/16/2006 |
|
A program that initiates a covert channel over IEEE 802.11 networks thanks to wireless raw injection.
It aims at encoding a covert channel in valid ACK frames in the RA address field. Using ACK frames has the advantage to be quite stealthy as they are considered harmless and thus are generally not analyzed by Wireless IDS. This kind of encoding is quite trivial, but should be extended using encryption...
Covert channel principles can be extended to encode anything between the lines in the IEEE 802.11 protocol (but not necessarily) and to achieve a reliable communication (shell, file transfer...). |
|
|
|
