Wi-Foo Logo
 

Recon and Attack tools
DISCLAIMER

Here is the list of tools we commonly use in pentesting wireless networks or just wardriving for fun and no profit. All these tools are covered in the book in sufficient details. Some of them may become obsolete at the time the book hits the shelf and so are not possible to find anywhere anymore, so they are located on our site. The reason for it is the dialectic approach we endorse: to understand things as they are now, you are ought to know where did they come from and how did they develop. Besides, you may find the snippets of code from these tools to be useful for your own projects.

As to the code, everything on our list is Open Source and is distributed under GPL, BSD or similar licenses. Close Source tools are not included on purpose, even though they may be mentioned in the book where appropriate. This work is not commercial, does not favour particular vendors, and has only became possible due to the work and collaboration within the Open Source community. We are profoundly grateful to the authors of the listed tools for the feats of wonder they performed to make "theoretical" wireless security practical.

If you think we have missed on something that should be included in that list please e-mail authors at wifoo@arhont.com

Wireless Network Discovery, Mapping and Traffic Analysis - the "classical" wardriving tools for discovering wireless LANs, positioning them on the map, sniffing, logging and analyzing packets in the air.

AirFart Local mirror v 0.2.1
AirTraf Local mirror v 1.1
Aphunter Local mirror v
APradar Local mirror v 0.52
BSD-airtools (dstumbler) Local mirror v 0.2
Classic Stumbler (mac) Local mirror v 1.7
Gtkskan Local mirror v 0.2
HermesAP monitor patch Local mirror v
iStumbler (mac) Local mirror v 96
KisMAC (mac) Local mirror v R65
Kismet Local mirror v 2005-08-R1
Kismet Log Viewer Local mirror v 0.9.7
Kismet parse Local mirror v 0.2
MacStumbler (mac) Local mirror v 075b
Mognet Local mirror v 1.16
Perlskan Local mirror v 0.1
Prismdump Local mirror v 20001122
Prismstumbler Local mirror v 0.7.3
Prismsnort Local mirror v 2.0
SSIDsniff Local mirror v 0.42
THC-Wardrive Local mirror v 2.3
WaveStumbler Local mirror v 1.2.0
Wellenreiter Local mirror v 1.9
Wellenreiter for OPIE not mirrored v 1.0RC2
Wi-Find
Local mirror v 0.2.1
WifiScanner Local mirror v1.0.2
Wispy-Tools Local mirror v 2006-01-R1
Wistumbler Local mirror v
Wlan-scan Local mirror v 0.0.1
     
Client evaluation tools - utilities to check security state of wireless clients.
Airsnarf Rogue Squadron
Local mirror
v 0.1
Hotspotter Local mirror v 0.4
Probemapper Local mirror v 0.5
Karma Tools Local mirror v 0.4
Wlan-webauth Not mirrored
     
RF signal strength monitoring - utilities for monitoring the signal strengh of the WLAN you are associated to.
Wavemon Local mirror v 0.4.0b
Wireless Power Meter Local mirror v 0.00
Wscan Local mirror v 1.00
Wscan (familiar/linux/ipaq)
Local mirror
v 1.00
Wscan (BSD) Local mirror v 2.00experimental
XnetworkStrength Local mirror v 0.4.2
     
Wireless-specific encryption cracking - tools for gaining access to protected wireless networks. At the moment include WEP crackers, WEP-encrypted traffic injectors and practical implementations of attacks against certain 802.1x types.
Airsnort Local mirror v 0.2.7e
Aircrack Local mirror v 2.41
Asleap Local mirror v 1.4
BSD-airtools (dwepcrack) Local mirror v 0.2
coWPArty Local mirror v 2.0
Leap Local mirror v
anwrap (Leapcrack) Local mirror v 0.1
LucentRegCrypto Local mirror v 0.3
THC-LEAPcracker Local mirror v 0.1
weplab Local mirror v 0.1.5
WEP_Tools Local mirror v
WepAttack Local mirror v 0.1.3
WepDecrypt Local mirror v 0.7
WEPcrack Local mirror v 0.1.0
WEPWedgie Local mirror v 0.1.0
Wnet (reinj) Local mirror v
WPA Cracker Local mirror v 0.1
     
Wireless custom frame generation - these allow layer two attacks on wireless LANs including a variety of man-in-the-middle attacks and unstoppable denial of service.
AirJack26 Local mirror v 0.1a
AirJack Local mirror v 0.6.6b
chopchop Local mirror v 0.1
Dissassociate Local mirror v
FakeAP Local mirror v 0.3.2
FakeAP BSD Local mirror v 0.3.1
FataJack Local mirror v
File2Air Local mirror v 0.1
Libradiate Local mirror v 0.02
Libwlan Local mirror v 0.1
Omerta Local mirror v
Wifitap Local mirror v 0.2.0
Void11 Local mirror v 0.2.0
Wnet (dinject) Local mirror v
     
Miscellaneous - difficult-to-categorise software that comes handy in wireless penetration testing.
Applewepkey Local mirror v
Airpwn Local mirror v 0.50c
Airsnarf Local mirror v 0.2
Auditor Security Collection not mirrored v 200605-02
AP-utils Local mirror v 1.5
ApHopper Local mirror v 0.3
APTools Local mirror v 0.1.0
DMZS-carte Local mirror v 0.9rc1
Ethereal/Tetheral not mirrored v 0.10.14
Ettercap Local mirror v NG-0.7.3
Gpsd Local mirror v 2.31
Gpsdrive Local mirror v 2.10pre2
Orinoco MM Patch not mirrored v
Macfld.pl Local mirror v
Morinoco Patch Local mirror v 14.2
Packetyzer not mirrored v 4.03
Wifi2eth Local mirror v 0.10