Awesome

Curated WiFi Arsenal

This project is based on the great work of 0x90/wifi-arsenal. I needed to go through the whole list of over 500 wifi-related projects listed there. I found the following limitations:

• by using submodules the project links are often not up-to-date, they are commit links
• the list lacks a categorization of projects
• there is no description of projects so that you have to click every bad-named project to evaluate usefullness

As I had to go through all the projects anyway I tried to fix this limitations and created a csv file which can be transformed into a README.md easily (shell-script inlcuded). And here it is. I hope it will help somebody. The categorization is not always easy/accurate (going through 500 projects was exhausting, concentration was gone eventually!). Please feel free to fix or add things and submit a pull request!

Keep track of changes made in the original 0x90/wifi-arsenal repo and were not added here yet.

Table of Contents

• General WiFi Information
• Noteworthy Tools of Different Categories
• Attack/PenTesting
  • Denial of Service
  • Encryption Attack
    • WEP/WPA/WPA2
    • WPS
    • Others
  • Injection
  • Rogue AP/Fake AP/ MITM
  • Sniffing
  • Wardriving
  • Miscellaneous Attacking Tools
• Information Gathering
• Defense/Detection
• Libraries/General Purpose Tools
• Visualization
• Localisation
• Configuration/setup
• Monitoring
• Miscellaneous/not sorted :)

TOC created by gh-md-toc

General WiFi Information

• 802.11 frames - A starter guide to learn wireless sniffer traces
• 80211 Pocket Reference Guide - Cheat Sheet for 802.11
• 802.11p-wireless-regdb - Wireless regulatory database for CRDA
• 802.11 Wireless Networks: The Definitive Guide - Partly open chapters of O‘Reilly 802.11 book
• Armory - The 802.11 Hacking Repo (Meta Information, Link collection)
• Awesome-wifi-security - A collection of awesome resources related to 802.11 security, tools and other things
• Call-for-wpa3 - Call for WPA3 - what's wrong with WPA2 security and how to fix it
• Known manufacturer MAC list -
• Wikipedia - IEEE802.11 site of Wikipedia

Noteworthy Tools of Different Categories

• Aircrack-ng - WiFi security auditing tools suite
• airgeddon - This is a multi-use bash script for Linux systems to audit wireless networks
• bettercap - bettercap is the Swiss Army knife for WiFi, Bluetooth Low Energy, wireless HID hijacking and Ethernet networks reconnaissance and MITM attacks
• Fern-wifi-cracker - Crack and recover WEP/WPA/WPS keys and also run other network based attacks on wireless or ethernet based networks
• karma - KARMA Attacks Radioed Machines Automatically (KARMA)
• kismet - Wireless network detector, sniffer, and intrusion detection system
• mdk3_6.1 - A fork and modification of the original MDK3
• Pwnagotchi - Pwnagotchi is an A2C-based “AI” powered by bettercap and running on a Raspberry Pi Zero W that learns from its surrounding WiFi environment in order to maximize the crackable WPA key material it captures (either through passive sniffing or by performing deauthentication and association attacks)
• pyrit - The famous WPA precomputed cracker, Migrated from Google
• Scapy - Python-based interactive packet manipulation program & library
• waidps - Wireless Auditing, Intrusion Detection & Prevention System
• Wifipumpkin3 - Powerful framework for rogue access point attack.
• WiFi-Pumpkin - Framework for Rogue Wi-Fi Access Point Attack
• Wireless-ids - Ability to detect suspicious activity such as (WEP/WPA/WPS) attack by sniffing the air for wireless packets
• zarp - Network attack tool centered around the exploitation of local networks

Attack/PenTesting

Denial of Service

• 80211mgmtDoS - 802.11 DoS Attacks based on unprotected Management frames
• airodump_mod - Improved version of airodump-ng with ability to kick-off a stations from AP
• android_packetspammer - Packetspammer sends unencrypted broadcast packets down a mac80211 wireless interface that should be set for Monitor mode
• apflood - Flood area with fake essids
• Curfew - 802.11w-2009 Auditor And Deauthentication Frame Spammer.
• dw - Small tool for sending 802.11 disassociation and deauthentication packets to specific clients.
• hwk - Hwk is a collection of packet crafting/network flooding tools
• JamWiFi - A GUI, easy to use WiFi network jammer for Mac OS X
• Mass-deauth-attack - A program that does Deauthentication Attack on every nearby wireless device
• Mass-deauth - A script for 802.11 mass-deauthentication
• mdk3_6.1 - A fork and modification of the original MDK3
• mdk4 - MDK4
• modwifi - Advanced Wi-Fi Attacks Using Commodity Hardware
• netattack - Python script that allows you to scan your local area for WiFi Networks and perform deauthentification attacks
• Scapy-deauth - Scapy based wifi Deauth
• ska - Framework for sniffing ieee80211 packets and generating deauth packets and sending raw packets.
• widowmaker - Widowmaker is an 802.11 DOS tool that exploits the Beacon time interval to outpace wireless access points. This (in theory) allows an attacker to deny service to a wireless access point by providing fake mac addresses to clients that are looking to authenticate with the legitimate access point
• wificurse - WiFi DoS attack tool created for educational purposes only. It works only in Linux and requires wireless card drivers capable of injecting packets in wireless networks
• WifiDeauth - A lightweight Wi-Fi auto deauthentication attack tool (libtins/C++)
• wifijammer - Continuously jam all wifi clients/routers
• WiFiJammer.py - Wireless Jammer to Disconnect Nearby Access-Points and Stations
• wifikicker - A tool to kick devices out of your network and enjoy all the bandwidth for yourself. It allows you to select specific or all devices and ARP spoofs them off your local area network
• wifikills - A python program to kick people off of wifi
• WiFi-Rifle - Creating a wireless rifle de-authentication gun, which utilized a yagi antenna and a Raspberry Pi
• wirelessjammer - Continuously jam all wifi clients and access points within range
• zizzania - Automated DeAuth attack

Encryption Attack

WEP/WPA/WPA2

• Eicrog - WEP key generator for predictable key weaknesses
• huawei_wifi - Wifi utilities for finding Huawei routers' default key
• Aircrack-ng - WiFi security auditing tools suite
• AircrackPy - Un simple modulo de automatización de crackeo de WPAKEY en Windows, además utiliza Google forms.
• airmode - AirMode is a GUI that can help you to use the Aircrack framework
• Airvengers - A GUI to pentest wifi Network, based on Aircrack-ng tools
• asleap - Recovers weak LEAP password. Pronounced asleep.
• autokwaker - Creating an auto cracker for 802.11 networks
• CapBreaker - Management tool for WPA hash cracking with a distributable software including WebUI.
• cenarius - Cenarius tool for crack Wi-Fi , crack wpa-psk , crack wpa2-psk , crack wep , crack wps pin and crack hidden AP . cenarius psk crack
• cherry - Distributed WPA/WPA2 cracker
• Cowpatty - Offline dictionary attack against WPA/WPA2 networks using PSK-based authentication (e.g. WPA-Personal)
• deauth_dot11decrypt - It sends deauth packet to all stations for getting keys in 4-way handshakes from stations already connected to an AP. When it detected 4-way handshakes between a station and an AP, it stops sending deauth packet to that station.
• dot11decrypt - An 802.11 WEP/WPA2 on-the-fly decrypter.
• Easy-HCX - Bash script using hcxdumptool, hcxtools and hashcat to collect WPA2 handshakes and/or PMKIDs, convert them to hashcat format and perform dictionary attacks to crack their passwords.
• Fern-wifi-cracker - Crack and recover WEP/WPA/WPS keys and also run other network based attacks on wireless or ethernet based networks
• HandShaker - Detect, capture, crack WPA/2 handshakes, WEP Keys and geotag with Android GPS
• hcxtools - Solution for capturing wlan traffic and conversion to hashcat formats (recommended by hashcat) and to John the Ripper
• Invasit-network - Automatizated bash script to invade WPA2 networks with wordlist method
• KeyGrab - Grabs and saves handshakes from WPA/WPA2 encrypted networks. Written for Kali Linux
• kismet-deauth-wpa2-handshake-plugin - Python plugin for Kismet to perform deauthentication to collect WPA2 handshakes
• krackattack-all-zero-tk-key - works with clients that install the all-zero TK in a KraCK attack!
• KrackAttack - An application that exposes and aims to raise awareness about Wi-Fi key reinstallation attacks
• krackattacks - KRACK attacks
• Krackattacks-pineapple - WPA2 Key reinstallation attack (KRACK) on the WiFi Pineapples
• krackattacks-poc-zerokey - Proof-of-concept of the KRACK attack against Linux and Android
• Krackattacks-scripts - KRACK attack scripts
• Krackattacks-Test-Vulnerability - Code for testing krackattacks
• KRACK - crack all zero tk
• krack - Proof of concept implementation of key reinstallation attack on WPA2 protected WiFi networks
• krackinfo - Vendor Response Matrix for KRACK WPA2 (Key Reinstallation Attack)
• krack-poc - Proof of concept for Krack attack using channel-based MitM
• KRACK-toolkit - Work in progress toolkit for KRACK attack
• marfil - Assess WiFi network security. It allows to split the work of performing long running dictionary attacks among many computers
• peapwn - Proof-of-concept implementation of the Apple relay attack in Python
• PINEAPPLE - Wifi Pineapple scripts
• piwifipineapple - script to automate the entire process on setting the raspberry pi up as a malicious hot spot for educational purposes
• Pmkid-extractor - Extract PMKIDs from a wifi capture to a hashcat-compatible format
• pyDot11 - Encrypt and Decrypt 802.11 on-the-fly
• pyrcrack - Python Aircrack-ng
• pyrit - The famous WPA precomputed cracker, Migrated from Google
• pythonAir - Flask/aircrack
• Thesis - "Master's Thesis: ""Identifying Software and Protocol Vulnerabilities in WPA2 Implementations through Fuzzing"" "
• uploadwpa - This module will upload a wpa handshake from a single capture file to an online hash cracker site
• WiFi-autopwner - Script to automate searching and auditing Wi-Fi networks with weak security
• WiFiBroot - A WiFi Pentest Cracking tool for WPA/WPA2 (Handshake, PMKID, Cracking, EAPOL, Deauthentication)
• Wifi-bruteforcer-fsecurify - Android application to brute force WiFi passwords without requiring a rooted device
• Wifi-cracker - Wifi Cracker is a great tool to use if you have forgotten your wifi password and need to figure it out. This application works well with WEP, WPA, WPA-PSK security types.
• wificracking - Crack WPA/WPA2 Wi-Fi Routers with Airodump-ng and Aircrack-ng/Hashcat
• Wifi-hacker - Shell Script For Attacking Wireless Connections Using Built-In Kali Tools. Supports All Securities (WEP, WPS, WPA, WPA2)
• wifite2 - Python script for auditing wireless networks
• wifite - An automated wireless attack tool
• Wifite-mod-pixiewps - Wifite with PixieWPS support
• Wifite-openwrt - Wifite for the WiFi Pineapple NANO + TETRA (Chaos Calmer - openWrt)
• Wireless_peeker - Tool to crack wireless encryption (WPA / WPA2) base on C99
• wpa2-enterprise-attack - Through these scripts it is possible to create Rogue or Fake Access Points and carry out an authentication downgrade attack against WPA and WPA2-Enterprise networks, obtaining passwords in hash format or cleartext (if GTC downgrade is successful).
• WPA2-HalfHandshake-Crack - Capture enough of a handshake with a user from a fake AP to crack a WPA2 network without knowing the passphrase of the actual AP
• wpa2hc - Quick script to automate converting WPA .cap files for Hashcat .hccap files.
• WPA2-KRACK - WPA2 KRACK
• wpa2own - Use hashcat to crack WPA2 PSK (Pre-Shared Key) passwords!
• Wpa-autopwn - WPA/WPA2 autopwn script that parses captured handshakes and sends them to the Crackq
• Wpa-bruteforcer - Attacking WPA/WPA encrypted access point without client.
• wpacrack - Open-source distributed Wifi-Protected Access (WPA) cracker
• WPA_DECRYPTION_MPI - WPA/WPA2 for cluster processing
• wpakey - monitor mode WPA1/WPA2 online password bruteforcer

WPS

• autoreaver - Automatically exported from code.google.com/p/auto-reaver
• bully - New implementation of the WPS brute force attack, written in C
• greaver - GUI for Reaver, WPS brute force tool
• HT-WPS-Breaker - HT-WPS Breaker (High Touch WPS Breaker)
• Krack-wps - attack networks with wps to corrupt their security using dictionary type pixywpa v3.0
• OneShot - Run WPS PIN attacks (Pixie Dust, online bruteforce, PIN prediction) without monitor mode with the wpa_supplicant
• Penetrators-wps - Experimental tool that is capable of attacking multiple WPS-enabled wireless access points in real time.
• phpreaver - A command line PHP script which uses the reaver WPS pin cracker to test multiple AP's with multiple WiFi adapters.
• Pixiewps-android - Pixiewps is a tool written in C used to bruteforce offline the WPS pin exploiting the low or non-existing entropy of some APs (pixie dust attack).
• pixiewps - An offline WPS brute-force utility
• PSKracker - An all-in-one WPA/WPS toolkit
• pyxiewps_WPShack-Python - Wireless attack tool written in python that uses reaver, pixiewps and aircrack to retrieve the WPS pin of any vulnerable AP in seconds
• Reaver-ui - Hacky UI to wrap around reaver-wps
• Reaver-webui - Simple WebUI to crack wireless networks using reaver
• Reaver-wps-fork-t6x - Community forked version which includes various bug fixes, new features and additional attack method (such as the offline Pixie Dust attack)
• Reaver-wps - Brute force attack against Wifi Protected Setup
• wpscrack - Continuation of wpscrack originally written by Stefan Viehböck
• wpseyes - Tool for bruteforce Wi-Fi WPS
• wps - WPS related utilities
• WPSIG - Simple tool (written in Python) that does information gathering using WPS information elements.
• wpsoffline - PoC for routers vulnerable with WPS and deficiencies in their PRNG state
• Wps-scripts - WPS hacking scripts
• Wps-Ultimate-Cracker - This script will help help you to get the most of router in morocco by using pixiewps , reaver , aircrack-ng ,wifite

Others

• apbleed - Allows you to use existing heartbleed tools to test the RADIUS server
• eapmd5pass - An implementation of an offline dictionary attack against the EAP-MD5 protocol. This utility can be used to audit passwords used for EAP-MD5 networks from wireless packet captures, or by manually specifying the challenge, response and associated authentication information.
• haircrack - Automated aircrack/reaver/pyrit (An interface for aircrack/reaver/pyrit written in python. The interface itself may never get finished.)
• IKECrack - IKE/IPSec authentication crack tool. This tool is designed to bruteforce or dictionary attack the key/password used with Pre-Shared-Key [PSK] IKE authentication.
• Krackattacks-test-ap-ft - This script tests if APs are affected by CVE-2017-13082 (KRACK attack)
• PCAP-CRACKER - A python script file to decrypt encrypted IEE (802.11) Radio .pcap files captured via Wireshark for extraction and analyse
• wavecrack - Wavestone's web interface for password cracking with hashcat
• WifiBF - This is a wifi Brute Force. script undetectable and secure!
• wifite2-docker - Docker of Wifite2
• wifite2mod - This repo is a complete re-write of wifite, a Python script for auditing wireless networks
• wifite2-RPi3-nexmon - Wifite2 for Raspberry Pi 3
• wifiteintaller -
• Wpe-parse - This is a simple parsing script to convert output from hostapd-wpe (which makes John the Ripper-formatted logs) to Hashcat format.

Injection

• Aggr-inject - Remote frame injection PoC by exploiting a standard compliant A-MPDU aggregation vulnerability in 802.11n networks.
• Aircrack-db - A list of wireless cards tested with the dual-card injection test and in the field
• airown - Packet injection tool
• Airpwn-ng - New and improved version of airpwn
• Iitis-generator - Software for distributed statistical evaluation of IEEE 802.11 wireless networks using Linux mac80211 packet injection facility
• libfcap - Library for manipulate 802.11 frame in monitor mode
• libmoep - Allows for frame injection on monitor mode devices with per-frame radiotap options such as TX rate / MCS index and RTS/CTS protection
• Lorcon-examples - Various examples and patches for LORCON
• lorcon - A common injection and control library for wireless packet crafting
• lrc - Fast Wi-Fi hijacker in C, based on AirPwn ideas and LORCON
• moepdefend - Example monitoring/injection tool based on libmoep
• packetinjector - Packet analyzer and injector, written in JavaScript
• packetvector - 802.11 management packet injection tool based on packetspammer
• pylorcon2 - Pure Python wrapper for the LORCON library.
• wifitap - WiFi injection tool through tun/tap device
• wiwo - Wiwo is a distributed 802.11 monitoring and injecting system that was designed to be simple and scalable
• wperf - 802.11 frame injection/reception tool for Linux mac80211 stack

Rogue AP/Fake AP/ MITM

• Aerial - Multi-mode wireless LAN Based on a Software Access point for Kali Linux.
• AIRBASE-NG-SSLSTRIP-AIRSTRIP- - AIRBASE-NG + SSLSTRIP = AIRSTRIP
• cupid - Patch for hostapd and wpa_supplicant to attempt to exploit heartbleed on EAP-PEAP/TLS/TTLS connections
• eaphammer - Targeted evil twin attacks against WPA2-Enterprise networks. Indirect wireless pivots using hostile portal attacks.
• FakeAP - Create fake AP in Kali with 1 command
• FakeAP - Fake access point using dns spoof and ssl stripping
• fakeaps - Fake Access Points using Atheros wireless cards in Linux
• fluxion - Fluxion is the future of MITM WPA attacks
• FuzzAP - A python script for obfuscating wireless networks
• Hostapd-karma - DigiNinja patches to hostapd for rogue access points.
• hostapd-mana - A featureful rogue access point first presented at Defcon 22 by Dominic White (@singe) & Ian de Villiers @ sensepost (research@sensepost.com)
• Hostapd-wpe-extended - Modification and tools for using hostapd for rogue AP attacks impersonating WPA-Enterprise networks to steal user credentials
• Hostapd-wpe - Modified hostapd to facilitate AP impersonation attacks
• jfap - A simple 802.11 fake access point that supports open auth
• karma - KARMA Attacks Radioed Machines Automatically (KARMA)
• mana - Our mana toolkit for wifi rogue AP attacks and MitM
• mitmAP - A python program to create a fake AP and sniff data
• Mitm-helper-wifi - Make it easy and straight-forward to configure a Ubuntu virtual machine to act as a WiFi access point (AP)
• Mitm-rogue-WiFi-AP - MITM Attack Example Code with Rogue Wi-Fi AP
• openrtls -
• Platform-hostapd - Wireless access point for experimental-platform.
• PwnSTAR - PwnSTAR (Pwn SofT-Ap scRipt) - for all your fake-AP needs
• pyfi - Easy wireless access point fabricator
• refluxion - Refluxion -- MITM WPA attacks tool
• rogueap - Start a rogue access point with no effort, with support for hostapd, airbase, sslstrip, sslsplit, tcpdump builtin
• rogueDetect -
• roguehostapd - Hostapd fork including Wi-Fi attacks and providing Python bindings with ctypes
• rogue - An extensible toolkit providing penetration testers an easy-to-use platform to deploy Access Points during penetration testing and red team engagements
• RogueSploit - Powerfull Wi-Fi trap
• Rspoof - Wifi Automated Fake HotSpot Hijacking with aicrack-ng, airbase, ssl-strip, and dns spoof in Python
• Scapy-fakeap - Fake wireless Access Point (AP) implementation using Python and Scapy
• snifflab - Scripts to create your own MITM'ing, packet sniffing WiFi access point
• startools - To use a RasPi to do an Evil Twin attack and capture 802.1x RADIUS creds
• wifi_honey - Setting up four fake access points, each with a different type of encryption, None, WEP, WPA and WPA2 and the seeing which of the four the client connects to
• wifimitm - Wi-Fi Machine-in-the-Middle: Automation of MitM Attack on Wi-Fi Networks
• wifiphisher - Automated victim-customized phishing attacks against Wi-Fi clients
• Wifipumpkin3 - Powerful framework for rogue access point attack.
• WiFi-Pumpkin - Framework for Rogue Wi-Fi Access Point Attack
• wifisoftap -
• Wifi_Trojans - Collection of wireless based bind and reverse connect shells for penetration testers

Sniffing

• Airodump-iv - A python implementation of airodump-ng
• Airodump-logger - Logging clients with airodump-ng
• Airport-sniffer - Very simple Wi-Fi sniffer and dump parser for built-in macbook AirPort Extreme card. Only native MacOS tools used.
• airpydump - Analyze Wireless Packets on the fly. Currently supporting three working Modes (Reader, Live, Stealth)
• airtraf - Wireless 802.11 network sniffer and analyzer
• bettercap - bettercap is the Swiss Army knife for WiFi, Bluetooth Low Energy, wireless HID hijacking and Ethernet networks reconnaissance and MITM attacks
• darm - Intelligent network sniffer for the masses
• datasamalen - Pick up wifi-probe requests
• DeSniffer - 802.11 wireless sniffer
• dot11sniffer - Sniffs 802.11 traffic and counts the number of active wireless devices in an area
• eap_detect - A simple script using the python library Scapy to detect the 802.1X authentication mechanism
• easy-bettercap - simple way to use bettercap
• geoprobe - geoprobe is a tool to sniff, collect and geolocate 802.11 ProbeRequests using WiGLE API.
• handshakeharvest -
• liber80211 - 802.11 monitor mode for Android without root
• libpcap-80211-c - Sniffs on a RFMON-enabled device for a beacon when compiled, linked and loaded
• mac80211-user - Intercept 80211 data frame and put it into userspace
• milicone - Investigating interaction with wireless communication traffic
• Mr-nosy - Liked to know about everything that was going on
• mupe - MUltiPath Estimator - Create statistical analysis of 802.11 Radiotap sniffs
• nabui - Not Another Bettercap UI
• Naive-project -
• Native-WiFi-API-Beacon-Sniffer - Tool that dumps beacon frames to a pcap file. Works on Windows Vista or Later with any Wireless Card
• ninjaberry - Ninjaberry: Raspberry Pi UI for @bettercap
• oculus - Lightweight tool to collect traces from wifi
• ofxSniffer - Wrapper for the libtins library. Libtins can be used to sniff network packages, or to generate network pacakages yourself.
• Peanuts - Peanuts is a free and open source wifi tracking tool. Based on the SensePosts Snoopy-NG project that is now closed.
• Phalloc-sniffer - With the ever increasing dependance on wireless solutions, it sometimes is useful to know the devices around you. This software aims to help know the MAC addresses of the devices that are leaving any sort of trace on the airwaves.
• phystats - Gather & plot ieee80211 counters from Linux debugfs
• probecap - A quick and dirty utility to capture and store WiFi probes.
• probehunter - Probe Request sniffer + Wigle
• probemon - Monitors 802.11 probe packets sent from roaming mobile devices. Developed using PyLorcon2.
• proberequest - Toolkit for Playing with Wi-Fi Probe Requests https://probequest.readthedocs.io/en/…
• probesniffer - A tool for sniffing unencrypted wireless probe requests from devices
• rifsniff - Remote Interface Sniffer
• ScapyGELFtoGraylog2 - Sniff some 802.11 packages and send the date and MAC with GELF UDP to Graylog2
• Scapy-wireless-scanner - Simple wireless scanner built using Scapy Library
• SSIDentity - Passive sniffing of 802.11 probe requests, stored in a central database.
• TCP-SeqNum - Means to sniff 802.11 traffic and obtain TCP session info using netfiter_queue. Use that data to construct a packet in scappy.
• wallofshame - Multi protocol sniffer, created for ChaosConstruction conference HackSpace
• Wall-of-Shame - A framework for capturing user credentials and sensitive device information.
• Watcher - Canari framework based Maltego transform pack that allows you to perform wireless sniffing within Maltego
• WiFi-802.11-Demo-Sniffer - This 802.11 sniffer written in Python provides a useful tool to raise awareness at the amount of data phones release for anyone to read.
• Wifi-harvester - For collecting probed SSID name by wireless devices, Access point detail and connected clients.
• wifijamMac - Allows you to select one or more nearby wireless networks, thereupon presenting a list of clients which are currently active on the network(s)
• Wifimon - Wi-fi 802.11 Beacon Frame sniffer
• Wifi-scan - Short python script scans for probe requests from whitelisted WiFi clients
• wifispy - Sniff Wifi traffic, log device addresses
• Wireless-info - Obtain information about wireless interfaces from MAC80211 stack
• Wireless-radar - DF and other tools to explore a 2.4GHz environment
• Wireless-Sniffer - A 802.11 wireless sniffer tool (c-based)
• wpasnff - This script allows you to decrypt and sniff packets for a specific WPA2 network based on BSSID you passed in input.

Wardriving

• Auto-Besside-Capturer - Capture WPA handshakes, using besside-ng. Auto upload to http://wpa-sec.stanev.org for cracking the password.
• MappingWirelessNetworks - Code, data, and (possibly) schematics for recording wireless network data around a city
• WAPMap - Parse Kismet .netxml output and then return a CSV file that can be uploaded to Google Maps Engine to map WEP or OPEN networks
• warcarrier - An NCURSES-based, all-in-one instrument panel for professional Wardriving
• WifiScanAndMap - A Linux Python application to create maps of 802.11 networks

Miscellaneous Attacking Tools

• 80211scrambler - Small collection of tools in Verilog for working
• airgeddon - This is a multi-use bash script for Linux systems to audit wireless networks
• airodump_mar_attack - Maroviher attack
• AirPirate - Android 802.11 pentesting tool
• airxploit - Wireless discovery and exploitation framework written in Python
• anubis - Captive wifi hotspot bypass tool for Linux
• AtEar - Wireless Hacking, WiFi Security, Vulnerability Analyzer, Pentestration
• beaconLeak - beaconLeak is an open source tool developed as a proof of concept of the beacon stuffing method as a covert channel. This channel allows command and control or data exfiltration using the wireless network card without association or authentication.
• BoopSuite - A Suite of Tools written in Python for wireless auditing and security testing.
• chap2aleap - Work with asleap+genk
• CloudCrackInstaller - Script which installs Crunch, Pyrit and Cowpatty on a running Amazon EC2 Cluster GPU Instance to crack WPA and WPA2 keys.
• Crippled - WPA/WPA2 Belkin.XXXX, Belkin_XXXXXX, belkin.xxx and belkin.xxxx router default key generator.
• eapeak - Analysis Suite For EAP Enabled Wireless Networks
• Easy-creds - Leverages tools for stealing credentials during a pen test
• evilportals - Evil Portals for the WiFi Pineapple
• FakeAuth - FakeAuthentication Network Attack framework written in python3, and made with poison
• FruityWiFi - Wireless network auditing tool
• hashcatch - Capture handshakes of nearby WiFi networks automatically
• Hijacker - Aircrack, Airodump, Aireplay, MDK3 and Reaver GUI Application for Android
• killosx - Use the Apple CoreText exploit (CVE-2012-3716) and launch an AP to affect all devices within wifi range
• KisMac2 - Free, open source wireless stumbling and security tool for Mac OS X
• LANs.py - Inject code, jam wifi, and spy on wifi users
• ManaToolkit - Mana Toolkit - Module for the WiFi Pineapples.
• Noon - Noon - The Swiss knife of wireless auditing.
• Null-packet-wifi-promt - Simple script to prompt responses from wireless devices with a known MAC address
• pinecone - Pinecone is a WLAN networks auditing tool, suitable for red team usage. It is extensible via modules, and it is designed to be run in Debian-based operating systems. Pinecone is specially oriented to be used with a Raspberry Pi, as a portable wireless auditing box.
• PiWAT - Wireless Attack Toolkit
• probequest - Toolkit for Playing with Wi-Fi Probe Requests
• Pwnagotchi - Pwnagotchi is an A2C-based “AI” powered by bettercap and running on a Raspberry Pi Zero W that learns from its surrounding WiFi environment in order to maximize the crackable WPA key material it captures (either through passive sniffing or by performing deauthentication and association attacks)
• Python-wireless-attacks - Wireless Attacks in Python (Based on blog series)
• scapy-dot11-toolkit - receive and send 802.11 management frames through python-scapy
• Sly-fi - Wifi pwnage automation
• smoothie - Web based wireless auditory tools
• WHAT-PRO - 802.11 Exploitation Tool for use with Kali 2. More tools available than WHAT or WHAT Pi
• Wi-door - Wi-Fi Backdoors
• WIDSTT - Wireless Intrusion Detection Systems Testing Tool – test your WIDS by performing attacks
• wifibang - wifibang is a set of security tools which perform the main kinds of wifi attacks. Its most important feature is the user-friendly CLI which encourages users to use the script on mobile devices (like a smartphone, maybe associated with a raspberry).
• wifiBuddy - So the plan is to connect a RaspberryPi, a little Display (maybe even touch) and 2 wifi antennas – one for sniffing onw for attacking
• wifi-default-password - Bash script that tries all the default passwords for a particular wifi access point
• WiFiHunter - A WiFi Penetration Toolkit
• wifimonster - Wifi sniffing and hijacking tool
• Wifi-pentesting-guide - WiFi Penetration Testing Guide
• wifuzz - Access Point 802.11 stack fuzzer
• wifuzzit - A 802.11 wireless fuzzer
• WirelessMayhem - Wireless Mayhem is a python framework developed to automate wireless discovery and exploitation.
• wirespy - Framework designed to automate various wireless networks attacks (the project was presented on Pentester Academy TV's toolbox in 2017)
• wombat - An experimental Wi-Fi tracking system aiming at improving user awereness toward physical tracking technologies and at experimenting new privacy-preserving mechanisms.
• wtf - Wireless Test Framework. Collection of test suites for validating various wifi functionality on various wifi devices.
• zarp - Network attack tool centered around the exploitation of local networks

Information Gathering

• 3WiFi Database - Collect data from Router Scan log reports, search for access points, obtain its geolocation coordinates, and display it on world map
• access_points - Scan your WiFi and get access point information and signal quality
• Accumulation-rssi - Linux utility for accumulation of WiFi RSSI to text file. Using nl80211, Managed mode. Useful for experiments with WiFi (example, localization)
• airscan - Wi-Fi scanning utility for the Nintendo DS
• basiciw - Retrieve information such as ESSID or signal quality from wireless cards (Python module)
• Get-rssi - Linux utility for getting RSSI WiFi of APs to text file. Using Monitor mode, libpcap.
• IndoorPositionr - Indoor positioning using Android to provide the surrounding Access Points signals and guess the position
• Isniff-GPS - Passive sniffing tool for capturing and visualising WiFi location data disclosed by iOS devices
• rssi - Indoor localisation using RSSI. RSSI is received signal strength indicator in IEEE 802.11 beacon packet to announce the presence of WiFi
• whoishere - WIFI Client Detection - Identify people by assigning a name to a device performing a wireless probe request.
• Wifi-Dumper - Dump the wifi profiles and cleartext passwords of the connected access points on the Windows machine
• Wifi-monitor - Prints the IPs on your local network that're sending the most packets ack = 802.11 control frame acknowledgement or …
• WIG - Tools for 802.11 information gathering.
• wraith - Wireless Reconnaissance And Intelligent Target Harvesting

Defense/Detection

• badkarma - BadKarma is a simple python script used to detect and disrupt rouge access points/honeypots using the karma attack such as the wifi pineapple
• eaphammer - Targeted evil twin attacks against WPA2-Enterprise networks. Indirect wireless pivots using hostile portal attacks
• eewids - Easily Expandable Wireless Intrusion Detection System
• etd - The Evil Twin Detector monitors for devices that are trying to spoof your existing wireless access points, if any are found a notification is sent by email and/or syslog over UDP.
• EvilAP_Defender - Protect your Wireless Network from Evil Access Points
• huntpineapples - WiFi Pineapple hunter from DC23
• kismetclient - A Python client for the Kismet server protocol
• kismet - Wireless network detector, sniffer, and intrusion detection system
• kismon - A GUI client for kismet
• KRACKDetection - Used to detect if the current version of wpa_supplicant is vulnerable to the KRACK attack. Developed using Debian 9.2
• krackdetector - Detect and prevent KRACK attacks in your network
• KrackPlus - with KrackPlus users can scan their devices to determine whether they are vulnerable to key reinstallation attacks, or attack those devices
• nzyme - Nzyme collects 802.11 management frames directly from the air and sends them to a Graylog (Open Source log management) setup for WiFi IDS, monitoring, and incident response. It only needs a JVM and a WiFi adapter that supports monitor mode.
• Openwips-ng - Open source and modular Wireless IPS (Intrusion Prevention System)
• PiDense - Monitor illegal wireless network activities. (Fake Access Points)
• PiFinger - Searches for wifi-pineapple traces and calculate wireless network security score
• PiKarma - Detects wireless network attacks performed by KARMA module (fake AP). Starts deauthentication attack (for fake access points)
• PiSavar - Detects activities of PineAP module and starts deauthentication attack (for fake access points - WiFi Pineapple Activities Detection)
• Python-kismet - Python threaded listener to Kismet broadcasts
• RogueDetection - Rogue Access Point Detection and WIDS
• waidps - Wireless Auditing, Intrusion Detection & Prevention System
• Wave - 802.11 IDS, visualizer, and analytics platform for the web
• Wids-wips - Wireless intrusion detection and prevention system written in C and using kismet server as backend
• Wifi Miner Detector - Detecting malicious WiFi with mining cryptocurrency
• Wireless-forensics-framework - Automated Wireless Penetration Testing and Carrying out Wireless Forensics in Python
• Wireless-ids - Ability to detect suspicious activity such as (WEP/WPA/WPS) attack by sniffing the air for wireless packets
• wmd - Simple solution for the detection and location of Rogue Access Points.
• wspy - Python tool to create a wireless ids it detects which clients are connected to a network to allow the creation of usage patterns of a netowrk by the clients

Libraries/General Purpose Tools

• 80211p_raw - Raw socket utilities for 802.11p transmission
• 80211_raw - Sender and receiver for WiFi (IEEE802.11) network with raw sockets
• banjax - Library for low-level programming of IEEE 802.11 wireless network interfaces on the GNU/Linux operating system
• dot11anonymizer - Anonymizes 802.11 Layer 2 information found in capture files (BSSID, SSID, AP name, etc.)
• dot11er - Some tools for playing with IEEE802.11
• Frame-utils.js - A collection of utilities for processing streams of 80211 frames and radiotap headers.
• Gopacket-80211 - Extra gopacket layers for Radiotap and 802.11 (has been integrated in Gopacket)
• itamae - 802.11 radiotap and MPDU parser
• Libairpcap-nl - Implementation of AirPcap library, targetting the NL80211 protocol.
• libuwifi - C library for parsing, generating and analyzing Wifi (WLAN 802.11) frames in userspace and related functions
• packetEssentials - An essential set of modules for working with the Scapy Library in Python
• packetparser - IEEE 802.11 packetparser
• pcap2xml - Convert 802.11 Packet Traces to XML and SQLITE Format
• PCS - Set of Python modules and objects that make building network protocol code easier for the protocol developer
• Probr-core - The core-component for generic WiFi tracking: remote device management, packet capturing, packet storage
• py80211 - Suite of libraries for parsing 802.11 packets as well as managing wireless cards and working with 802.11 information
• PyRIC - PyRIC (is a Linux only) library providing wireless developers and pentesters the ability to identify, enumerate and manipulate their system's wireless cards programmatically in Python.
• python3-wifi - Python WiFi is a Python module that provides read and write access to a wireless network card's capabilities using the Linux Wireless Extensions.
• Python-radiotap - Tiny lib for parsing radiotap/802.11 headers in python
• python-wifi - Python WiFi is a Python module that provides read and write access to a wireless network card's capabilities using the Linux Wireless Extensions.
• Qca-swiss-army-knife - Hosts a set of utilities that we use to debug / help with our driver development
• Radioparse - A WiFi protocol parser that can be used with radiotap packets and node-pcap
• Scapy - Python-based interactive packet manipulation program & library
• Wifi-scan - A nl80211 C/C++ library for monitoring signal strength of WiFi networks
• wifi-scripts - Misc scripts and tools for WiFi
• wireless - Dead simple, cross-platform Python library to connect to wireless networks

Visualization

• airview - A python web application compliment to py80211 which allows you to visualize the airwaves around you with your web browser.
• Sparrow-wifi - Next-Gen GUI-based WiFi and Bluetooth Analyzer for Linux
• speccy - Visualization tool for ath spectral scan
• Wifi-contour - A contour mapping program of wireless 802.11 signal strength
• Wifi-heatmap - Generate heatmaps of wifi coverage with Python
• wifiscanvisualizer - Wi-Fi Scan Visualizer by Pentester Academy
• Wifi-Signal-Plotter - A Python script for graphing and comparing the WiFi signal strengths between WiFi adaptors in Windows or Linux.
• wifivis - Visualize some mit wifi access point data
• wipi - Visualize the WiFi packages that are floating around us all the time.
• Wlan-stats - Tool chain using tshark to pull data from pcaps, further process them in python, and graph the output in R.

Localisation

• Find-lf - Track the location of every Wi-Fi device (📱) in your house using Raspberry Pis and FIND
• geowifi - This is a Geographic WiFi Positioning program written under the Linux.(it is also a WiFi Positioning API written for C language
• GrapplingHook - Open Source 802.11 Direction Finder
• gtaiad - Indoor Wi-Fi navigation prototype using triangulation
• Openwifimap-api - OpenWiFiMap database and its api
• Python Wi-Fi Positioning System - Python Wi-Fi Positioning System - Wi-Fi geolocation script using the Google Geolocation API
• whereami - Uses WiFi signals 📶 and machine learning to predict where you are
• Wifi-geolocation - Get your latitude/longitude via wifi access points
• Wifi-localization - Wifi Localization using a map and reference
• Wifi-locator - Determines physical location of station judging from 802.11 beacons' BSSID/Signal/Noise/Quality information.
• Wi-finder - Wi-Fi hotspot finder
• Wlan-pos - Location fingerprinting and triangulation engine for WLAN (IEEE802.11,aka WiFi) environment.

Configuration/setup

• 802.11p-iw - Wireless configuration tool (UNIX)
• agentapd - Agent of WiFi hardware
• AirLibre - Python API For UBNT AirOS Devices
• AtherosROMKit - Atheros ROM modding and recovery kit
• cac - A Centralized Adaptive Control algorithm that optimises the performance of IEEE 802.11 WLANs
• captiveportal - A captive portal that can be used on most linux distributions.
• cloudap - AP Manager in Cloud,AP Hardware on your side
• connme - Client for Hostapd
• crda - Central Regulatory Domain Agent
• create_ap - This script creates a NATed or Bridged WiFi Access Point.
• disable-802.11b-snmp - A tool to set 802.11 protocols on thousands of Access Points with SNMP.
• full_permissive_unlock_ath - This kernel patch enable all 2GHZ & 5GHZ channels (without restriction) for ath9k & ath5k forced to use buildin world regulatory
• FWAP - Minimal, very lightweight access point implementation
• hostapd - Python script to make using and configuring hostapd easier
• hostapd - User space daemon for access point and authentication servers
• hostapd-mana-openwrt - Hostapd-mana - build-files, and installation-files for OpenWRT
• Hostapd-with-WebID - WebID integrated hostapd
• Hostapd-wpe-openwrt - Hostapd-wpe (Wireless Pwnage Edition) packages for OpenWRT Barrier Breaker 14.07
• hotspotd - Simple daemon to create a wifi hotspot on Linux
• IEEE802.11-complete - IEEE802.11 protocol, including PHY, MAC, and rate adaptation approaches upon GNURadio/USRP software-defined radio platform
• Linux-wifi-tools - A set of Linux command line tools for managing and troubleshooting wifi
• monmob - Set of tools to provide monitor mode and raw frame injection for devices using broadcom chipsets bcm4325, bcm4329 and bcm4330
• nexmon - The C-based Firmware Patching Framework for Broadcom/Cypress WiFi Chips that enables Monitor Mode, Frame Injection and much more
• PyWiWi - Python Windows Wifi
• reghack - Replaces the regulatory domain rules in the driver binaries with less restrictive ones
• RegMon - RegMon is a Atheros WiFi card register monitoring tool for Linux OpenWrt
• remoteapd - Remote NL80211-Extent driver for Hostapd 2.0
• resfi - Framework supporting creation of RRM functionality in residential WiFi deployments
• rollmac - Automated WiFi limit evasion
• RT73-USB-Wireless- - Patched version of RT73USBWireless for Yosemite
• RTL8188-hostapd - Hostapd for Realtek RTL8188
• Wifi-ap - Library wrapper around hostapd and dnsmasq and their respective configuration files that allows for programmatically creating access points in Debian-based Linux environments
• Wifi-configurator - Utility for command line configuration of hostapd
• Wifi-frequency-hacker - A modified frequency regulatory domain configuration that doesn't limit you.
• Wifi-txpower-unlocker - A bash script that generates a modified regulatory.bin to unlock the maximum WiFi TX power (on 2.4 Ghz) of the region BO
• WirelessConfig - A 802.1x Python wireless configuration tool with Cocoa wrappers

Monitoring

• como - CoMo is a passive monitoring system that supports arbitrary real time traffic queries
• horst - Lightweight IEEE802.11 wireless LAN analyzer with a text interface. Its basic function is similar to tcpdump, Wireshark or Kismet, but it's much smaller and shows different, aggregated information which is not easily available from other tools.
• scapybase - 802.11 monitor AP based on scapy
• Scapy-survey - 802.11 signal strength logger using Scapy
• sigmon - Modular WiFi/RF Monitoring and Analysis Implementation
• Wifi-linux - Simple python script to monitor access point signal strength.
• WiFiStat - Python tool to assess WiFi connection throughput and latency
• WiPy - Sends the WiFi signal strength from multiple clients to a central server. Built for Arch Linux ARM running on Raspberry pi 2
• WLAN-Monitoring - Monitor our vicinity to monitor wireless devices and traffic
• wmon - A Wireless Network Monitor with advanced measurement capabilities.

Miscellaneous/not sorted :)

• 80211ping - Linux command-line tool to ping 802.11 stations (e.g. any WiFi device)
• acs - Automatic Channel Selection utility
• Airfree-wt - Wireless Security Toolkit
• Ap-notify - An example of using the Linux kernel netlink protocol, specifically nl80211 via libnl/libnl-genl, to catch stations associating/disassociating with an 802.11 AP
• ath9k-4w-patch - Resources for increasing power of ath9k devices, such as TP-link WN722N
• Ath9k-nav - Linux kernel module to poll the NAV register on Atheros 9k series WLAN cards.
• bunny - Bunny is a wireless. meshing, darknet that uses 802.11 to hide its communications
• captiv8 - Captive Portal Evasion Tool
• Chura-Liya - A wireless interactive shell which utilizes 802.11 Management Frames to establish communication between two devices
• CODEX - Its like airgeddon but better!
• Connect-wifi - Dmenu based application for Linux that connects to the strongest open wireless network
• Cover-channel - Userland code for creating a covert channel in wireless broadcast medium
• disassociatedWiFi - DisassociatedWiFi creates a virtual network interface (using the Linux TUN/TAP device driver) which sends and receives ethernet frames over an 802.11 (WiFi) interface, that has been placed in monitor mode, and supports packet injection.
• FFT_eval - Aid open source spectrum analyzer development for Qualcomm/Atheros AR92xx and AR93xx based chipsets
• Frame-randomizer - Capture and randomize 802.11 Association Request frames
• FreeWifi - How to get free wifi
• Haiku-wifi - Turn your wireless router's extra radios into a public billboard!
• kismet2earth - Set of utilities that convert from Kismet logs to Google Earth .kml format
• kismeth2earth - Parsing Kismet logs to get collected data from wireless networks and generate a Google Earth map
• Kismet-to-KML - Converts kismet gps log files into kml files
• Mac-analyzer - Collects cross layer stats from ath9k
• Madwifi-be - Modified version of the madwifi driver allowing update of WME parameters for the BE access category
• Madwifi-hopping - Modified version of the Madwifi WLAN driver, that employs power-hopping for packet transmission
• make-a-new-mac80211-to-wirelessAP -
• netxml2kml - Converts netxml files from Kismet Newcore into KML or KMZ files for Google Earth
• openwifi - open-source IEEE802.11/Wi-Fi baseband chip/FPGA design
• Osx-wificleaner - Cleans out open wireless connections from OSX machine
• Osx-wifi-scan - Hacky wifi signal scanner for osx
• P4wnP1 - WiFi covert channel - Client agent (experimental Proof of Concept)
• parsecaps - Parse wpa.cap generated from besside-ng and create individual .caps for each network with a captured handshake.
• pcap80211analyzer - Not-so-smart 802.11 frame pcapng analyzer
• Probr-analysis - Analysis components for the probr WiFi tracking system
• py_DD_WRT_Remote_Mac_Adder - Python Script to remotely update mac filterlists of DD-WRT routers with wl or atheros wifi drivers
• pykismetkml - Python script designed to export .gps and .xml files (in < Kismet RC1) to .kml files and .netxml files to .kml files in => Kismet RC2
• pykismetstats - Pykismetstats parses NetXML file generated by kismet and write statistics to CSV file.
• PyScapy - This is a package of using scapy.
• react80211 - Solution for mitigating the performance impairments of CSMA/CA protocols in multi-hop topologies based on the dynamic adaptation of the contention process experienced by nodes in a wireless network
• Rollmac - Automated WiFi limit evasion
• Scapy-rssi - Example of how to read RSSI values from wifi packaged using Scapy
• setbssid - Modify the MAC80211 layer in Linux Kernel
• skybluetero - 802.11b/g packet airtime consumption analyzer GUI for Linux
• sniffmypackets - Canari package for pcap file analysis within Maltego
• Snoopy-ng - Snoopy v2.0 - modular digital terrestrial tracking framework
• spectrum.py -
• Tools-Airgeddon - Tools Install Airgeddon Full
• VX - It might be fun to play tricks on somebody trying to crack your WEP protected router
• Wbc-utils - Couple of hacked together utils for use with the wifibroadcast system by befinitiv
• wi5-aggregation - Implementing and testing 802.11 frame aggregation (A-MPDU)
• WiFi-Analyzer - Analyzer 802.11 networks - android app [to refactor]
• wifi_based_population_estimator - This is a piece of glueware that sticks up different components from hardware detection to real-time web display.
• Wifi-beeper - Linux command-line tool to make WLAN frames audible
• wifidec - Repository for scriptz playing around with decoding elements of the Wifi stack (mainly Radiotap and 802.11 frames)
• wifi_decode - Wireless Key Dumper for Windows
• Wifidog-gateway - Repository for the wifidog-gateway captive portal designed for embedded systems
• Wifi-dump-analysis - Processing wireless traces from binary files written and read in custom format.
• wifi_dump_parser-v3 - Is the modified parser for the new data set collected using Wifi-dump
• wifi_dump-tmpfs - Dumps wifi data
• Wifiexplorer-sensor - WiFi Explorer Pro allows you to connect to a remote platform (e.g. Raspberry Pi) and perform a passive Wi-Fi scan using a capable Wi-Fi adapter. When a remote sensor is used, the scan results are sent back to WiFi Explorer Pro for its visualization.
• wifi - [unmaintained] WiFi tools for linux http://pypi.python.org/pypi/wifi
• Wifi-mac-tracking - "Code and datasets for the paper entitled ""Non-cooperative 802.11 MAC layer fingerprinting and tracking of mobile devices"". "
• wifirxpower - Linux-based WiFi RX Power Grapher
• wifiScanMap - An other wifi mapping tool
• WiFi-scheduling - This project evaluates the efficiency and overhead of wireless network scheduling
• wifi_statistics - Linux kernel module to gather wifi statistics from peer and non-peer STAs
• wifitracker - Raspberry Pi Wifi Tracking API
• WifiTrafficAnalyzer -
• wifresti - Find your wireless network password in Windows , Linux and Mac OS
• wime - Wifi password recover tool for Windows, Linux, Mac.
• win32wifi - Python Windows Wifi
• wireless_half-mini - MacOS Airport Half Mini (WiFi and Bluetooth)
• WIRELESSINFO - Extract Important Data From Cisco Wireless Controllers
• wireless_RSSI -
• Wireless-tools - Wireless tools for Node.js
• wit - Command-line wifi manager for linux
• wobs - Detects near-by devices such as cell phones, tablets, and laptops. Does this through 802.11, Bluetooth, cell phone protocols, etc…