wifibang: wifi attacks suite
wifibang is a set of security tools which perform the main kinds of wifi attacks. Its most important feature is the user-friendly CLI which encourages users to use the script on mobile devices (like a smartphone, may be associated with a raspberry).
The script is based on five items: (in order of importance)
- minimal input
- exception management
It is not easy to insert long commands or several parameters on a mobile device, so the wifibang CLI was inspired from SET (social engineering toolkit) CLI: NO cryptic parameters are required.
All you have to do is insert a number or type [y/n]:
Exception management restores the initial situation when an error occurs. It avoids the user to exit the script and restore the environment before trying the attack again (ex: restore the NIC).
The script must be fast. Complex (and slow) function should be rewritten. (Occam’s razor)
The bash wasn’t designed for big modular applications. The most important problem with Bash is the absence of a complete return function that returns a string. This prevents the creation of complete modular application because it’s complex, and not elegant, to pass arguments (strings) between functions with more than one “echo”. My solution is the main script file where I put the functions which must communicate between each other, while in external files I put the independent functions which do not return anything (apart from the exit status). The external scripts are called from main, with relative parameters.
You could add additional modules which must be independent from each other. External script changes must not affect the others scripts.
Maybe the use cases diagram of the project will clarify the idea: (EVIL TWIN AP ATTACK AND SNIFFER ARE NOT YET IMPLEMENTED)
It’s simple to add new attack modules:
- write them into an external file
- create a new item in switch case
- make it executable (sudo chmod +x <module_name>)
Remember the policy of the main file and relative functions (see above)
Portability is guaranteed by bash.
It’s also essential to use the least number of non-built-in Linux utilities. This provides a thin application, which does not require the installation of tens of packages before running.
- catch handshake and sniffing (based on airodump-ng and aireplay-ng)
- process handshake (based on aircrack-ng) (note)
- jammer (based on aireplay-ng)
- router login form attack (based on THC-hydra)
- sniffing (NOT YET IMPLEMENTED::airodump-ng or tcpdump)
- evil twin AP attack (NOT YET IMPLEMENTED::hostapd)
- DNS spoofing (NOT YET IMPLEMENTED::DNS spoof)
- clients port scanning (NOT YET IMPLEMENTED::NMAP)
- clients vulnerability assessment (NOT YET IMPLEMENTED::openVAS)
- clients exploitation (NOT YET IMPLEMENTED::metasploit)
note I prefer this one instead hashcat because it’s already included into the aircrack-ng suite (5° point). I know hashcat it’s faster, but this script isn’t supposed to process long wordlists (there are GPUs for this task). This script was created to process short wordlists on the fly with mobile devices.
git clone https://github.com/Leviathan36/wifibang.git
chmod +x setup
Copyright (C) 2018 Leviathan36