Jump to content

Python script for detecting attacks (WIDS)


NullNull
 Share

Recommended Posts

Description

Wireless IDS is an open source tool written in Python and work on Linux environment. This tool may be useful to those penetration testers, trainers and for those who interest and want to know more about wireless hacking..WIDs will sniff your surrounding air traffic for suspicious activities such as WEP/WPA/WPS attacking packets. It do the following
  • Detect mass deauthentication sent to client / access point which unreasonable amount indicate possible WPA attack for handshakes.
  • Continual sending data to access point using broadcast MAC address which indicate a possibility of WEP attacks
  • Unreasonable amount of communication between wireless client and access point using EAP authentication which indicate the possibility of WPS bruteforce attack by Reaver / WPSCrack
  • Detection of changes in connection to anther access point which may have the possibility of connection to Rogue AP (User needs to assess the situation whether similar AP name)

Newly Added Features !!!

  • Display similar Access Point's name (SSID) which could have the possibility of WiFi 'Evil Twins'.
  • Display of probing SSID by wireless devices
  • Detection of Korek Chopchop packets sent by Aircrack-NG (WEP attacks)
  • Detection of Fragmentation PRGA packets sent by Aircrack-NG (WEP attacks)
  • Detection of possible WPA Downgrade attack by MDK3
  • Detection of possible Michael Shutdown exploitation (TKIP) by MDK3
  • Detection of Beacon flooding by MDK3
  • Detection of possible Authentication DoS by MDK3
  • Detection of possible association flooding
  • Detection of WPA Migration Attack by Aircrack-NG (WPA Attack)
  • Allow logging of events to file.
  • Allow disabling of displaying of probing devices
  • Wireless devices / Access point's manufacturer Identification basing on the MAC OUI database.

Pictures

02+-+Installation.png

Links

Edited by KiatoGS
Link to comment
Share on other sites

  • 1 month later...

I really wanted tshark until I found that tcpdump could give me what I wanted, too. It doesn't do full header decoding, but it gives some basics.

tcpdump -y ieee802_11_radio -i wlan0

Also, maybe remote capture over ssh would work for you:

http://ask.wireshark.org/questions/23609/remote-capture-via-ssh-and-pipe

Edited by wifi-stuff
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...