Skip to content

Latest commit

 

History

History
546 lines (523 loc) · 24.4 KB

wireless.md

File metadata and controls

546 lines (523 loc) · 24.4 KB
Raw

Wireless Stuff

Content

3GPP

802.11

  • Wi-Fi Alliance
  • Attacks:
  • [IEEE]:
  • Tools
    • aircrack-ng: complete suite of tools to assess WiFi network security.
      • GitHub: WiFi security auditing tools suite
    • airgeddon: multi-use bash script for Linux systems to audit wireless networks.
    • airgorah: WiFi auditing software that can perform deauth attacks and passwords cracking.
    • airpwn-ng: Packet injection for wifi.
    • AngryOxide: 802.11 Attack Tool (rust).
    • apfree-wifidog: high-performance, lightweight captive portal solution.
    • bettercap: Swiss Army knife for WiFi, Bluetooth Low Energy, wireless HID hijacking.
      • GitHub: source code repository.
    • crEAP: WPA Enterprise mode EAP types analysis
    • EAP_buster: lists what EAP methods are supported by the RADIUS server.
    • eaphammer: evil twin attacks against WPA2-Enterprise networks.
    • ESP32 802.11 TX: Send arbitrary IEEE 802.11 frames with Espressif's ESP32.
    • ESP32 ESP8266 attacks: Proof of Concept of ESP32/8266 Wi-Fi vulnerabilties.
    • ESP32 Marauder: suite of WiFi/Bluetooth offensive and defensive tools for the ESP32.
    • ESP32-WiFi-Hash-Monster: store EAPOL & PMKID packets in an SD CARD.
    • esp32-wifi-penetration-tool: Exploring possibilities of ESP32 platform to attack on nearby Wi-Fi networks.
    • fern-wifi-cracker: Wireless security auditing and attack software.
    • FlyingCarpet: Cross-platform AirDrop.
    • FreeRADIUS: open source RADIUS server.
    • hostapd: user space daemon for access points.
    • hostapd-mana: SensePost's modified hostapd for wifi attacks.
      • w1f1.net: set of tools for wifi hacking using rogue access points.
    • howmanypeoplearearound: Count the number of people around you.
    • Kismet: Wi-Fi, Bluetooth, RF, and more
      • GitHub: Kismet and related tools and libraries for wireless monitoring, transmitting, and auditing.
    • iw: nl80211 based CLI configuration utility for wireless devices.
    • libwifi: an 802.11 (WiFi) Frame Generation and Parsing Library in C.
    • libwifi (nukesor): rust library for parsing IEE 802.11 frames.
    • libwifi (vanhoefm): python and scapy scripts for Wi-Fi.
    • LinkLiar: Link-Layer MAC spoofing GUI for macOS.
    • linux-router: Set Linux as router in one command.
    • modwifi: low-layer Wi-Fi attacks.
    • nearby: scans all nearby wifi networks and the devices connected to each network for Indoor positioning.
    • nexmon: The C-based Firmware Patching Framework for Broadcom/Cypress WiFi Chips.
    • openwrt: Linux operating system targeting embedded devices.
    • pawnagotchi: A2C-based “AI” powered by bettercap and running on a Raspberry Pi Zero W that learns from its surrounding WiFi environment in order to maximize the crackable WPA key material it captures/
    • pi-pwnbox-rogueap: Rogue AP based on Raspberry Pi
    • PiDense: Python script to audit wireless network security.
    • pixiewps: An offline Wi-Fi Protected Setup brute-force utility.
    • probequest: Toolkit for playing with Wi-Fi probe requests.
    • rastap: full-featured wireless router setup for Debian-based devices.
    • rogue (InfamousSYN): extensible toolkit providing penetration testers an easy-to-use platform to deploy Access Points.
    • sentrygun: Rogue AP killer
    • trackerjacker: like nmap for mapping wifi networks you're not connected to, plus device tracking.
    • websploit: an advanced MITM framework.
    • WEF: Wi-Fi Exploitation Framework.
    • wifi-arsenal: links to projects related to wifi security.
    • wifi-cracking: Crack WPA/WPA2 Wi-Fi Routers with Airodump-ng and Aircrack-ng/Hashcat.
    • wifi-deauth: deauth attac.
    • Wifi-Hacking: Cyber Security Tool For Hacking Wireless Connections Using Built-In Kali Tools.
    • WIFI-HACKING: Security Tool For Hacking Wireless Connections.
    • WiFi-Spam: Spam thousands of WiFi access points with custom SSIDs.
    • WiFiBroot: A Wireless (WPA/WPA2) Pentest/Cracking tool.
    • wifijammer: Continuously jam all wifi clients/routers.
    • wifiphisher: The Rogue Access Point Framework.
    • WiFiManager: ESP8266 WiFi Connection manager with web captive portal.
    • wifipumpkin3: Powerful framework for rogue access point attack.
    • wifite2: script for auditing wireless networks.
    • wifi-presence: Presence detection on OpenWrt routers using connect/disconnect events of WiFi clients.
    • wiphisher: The Rogue Access Point Framework.
    • wirespy: automate various wireless networks attacks.
    • wpa_supplicant: supplicant for 802.11
    • WPAxFuzz: full-featured open-source Wi-Fi fuzzer
  • esp-wifi: WIP / POC for using the ESP32-C3, ESP32-S3 and ESP32 wifi drivers in bare-metal Rust.
  • esp32-wifi-lib: ESP32 WiFi library.
  • Fz3r0 802.11_Wi-Fi Knowledge-Base: 802.11 Wi-Fi Networking Knowledge Base.
  • itlwm: Intel Wi-Fi Drivers for macOS
  • USB-WiFi: USB WiFi Adapter Information for Linux
  • wifi-pentesting-guide: WiFi Penetration Testing Guide.

Bluetooth

  • bluetooth.com
  • Attacks:
  • Awesome bluetooth security: useful references for anyone working with Bluetooth BR/EDR/LE or Mesh security.
  • BLE Security Attack Defence: Unveiling zero day vulnerabilities and security flaws in modern Bluetooth LE stacks.
  • IntelBluetoothFirmware: Intel Bluetooth Firmware for macOS
  • Stacks:
    • bluez: Bluetooth protocol stack for Linux
    • BTStack: Dual-mode Bluetooth stack, with small memory footprint
    • NimBLE: open-source Bluetooth Low Energy (BLE) stack
  • Tools
    • Android nRF-Connect: nRF Connect for Mobile is an application designed for Bluetooth Low Energy developers.
    • apple_bleee: what an attacker get from Apple devices if they sniff Bluetooth traffic.
    • AppleJuice: Apple BLE proximity pairing message spoofing
    • ble-fuzzing: Stateful Black-Box Fuzzing of BLE Devices Using Automata Learning
    • bleak: cross platform Bluetooth Low Energy Client for Python using asyncio
    • BLEUnlock: Lock/unlock your Mac with Bluetooth LE.
    • bluepy: Python interface to Bluetooth LE on Linux.
    • bluer: Official BlueZ Bindings for Rust.
    • bluesnooze: Bluetooth Low Energy (BLE) snooping tool.
    • bluetility: A Bluetooth Low Energy browser, an open-source alternative to LightBlue for OS X.
    • bluing: intelligence gathering tool for hacking Bluetooth.
    • BTLE: Bluetooth Low Energy (BLE) packet sniffer and transmitter for both standard and non standard (raw bit) based on Software Defined Radio (SDR).
    • btlejack: Bluetooth Low Energy Swiss-army knife.
    • btlejuice: Bluetooth Smart (LE) Man-in-the-Middle framework
    • btleplug: Rust Cross-Platform Host-Side Bluetooth LE Access Library.
    • crackle: Crack and decrypt BLE encryption.
    • ESP32 bluetooth classic sniffer: Active Bluetooth BR/EDR Sniffer/Injector as cheap as any ESP32 board can get.
    • gattacker: BLE (Bluetooth Low Energy) security assessment
    • gattlib: Library to access GATT information from BLE (Bluetooth Low Energy) devices.
    • ice9-bluetooth-sniffer: Wireshark Bluetooth sniffer for HackRF, BladeRF, and USRP.
    • injectable-firmware: Custom firmware for nrf52840-dongle to eversdrop and attack BLE communications.
    • internalblue: About Bluetooth experimentation framework for Broadcom and Cypress chips.
    • Injectable firmware: Custom firmware for nrf52840-dongle.
    • LOGITacker: Enumerate and test Logitech wireless input devices for vulnerabilities
    • nRF sniffer: Bluetooth LE sniffer from nordic.
    • Sniffle: A sniffer for Bluetooth 5 and 4.x LE

IoT

linux

  • Linux Wireless wiki: Documentation for the Linux wireless (IEEE-802.11) subsystem.
  • Realtek drivers:
    • RTL88x2BU: Linux Driver for USB WiFi Adapters that are based on the RTL8812BU and RTL8822BU Chipset.

Microcontrollers Vendors

Misc

Radio Controllers

SDR and SDP

  • Hardware
    • BladeRF: 2x2 MIMO, 47MHz to 6GHz frequency range
      • GitHub: bladeRF USB 3.0 Superspeed Software Defined Radio Source Code.
    • HackRF One: oftware Defined Radio peripheral capable of transmission or reception of radio signals from 1 MHz to 6 GHz.
      • GitHub: low cost software radio platform.
    • LimeSDR: low cost, open source, apps-enabled software defined radio (SDR).
  • Libraries
    • FISSURE: RF and reverse engineering framework for everyone.
    • GNU Radio: development toolkit that provides signal processing blocks to implement software radios.
      • GitHub: the Free and Open Software Radio Ecosystem.
    • LiquidSDR: free and open-source signal processing library for software-defined radios.
      • liquid-dsp: digital signal processing library for software-defined radios.
    • OpenOFDM: Sythesizable, modular Verilog implementation of 802.11 OFDM decoder.
  • Theory
    • dspguide: The Scientist and Engineer's Guide to Digital Signal Processing.
    • pysdr: A Guide to SDR and DSP using Python.
    • rtl-sdr: RTL-SDR (RTL2832U) and software defined radio news and projects.
    • sdre: Software-Defined Radio for Engineers.
  • Tools

Z-Wave