Wi-Fi Tools

June 8, 2011, by | Start Discussion

 This section in itself may look incomplete, to have full flavor read Tech Gyan.There are many Wireless Testing tools in the wild for the different OS flavors right from Windows, Unix to Smart Phone OS.  Unix based tools remain the most popular among them.

Unix

Backtrack which is a Unix distribution for Ethical vulnerability assessment & penetration testing (VA&PT) has an impressive collection of tools for reconnaissance, vulnerability assessment, cracking keys & passwords, penetration testing etc. 
To name a few:

1. Kismet – Kismet is a powerful analyzer for analyzing the wireless traffic at a glance. 

 
 
The following features are supported by Kismet:
  • 802.11b, 802.11g, 802.11a, 802.11n sniffing
  • Standard PCAP file logging (Wireshark, Tcpdump, etc)
  • Client/Server modular architecture
  • SSID detection (including hidden SSID’s)
  • Distributed remote sniffing with Kismet drones
  • XML logging for integration with other tools
  • Linux, OSX, Windows, and BSD support (devices and drivers permitting)

Figure 1. Kismet showing the Network List & Details. [1]

2. Air Crack – It assists in cracking WEP & WPA-PSK and recovers the keys being used. It contains tools like Air Decap& Air Replay (802.11 packet injection utility), Airodump (used to capture 802.11 packets) etc. thus making it a suite containing tools and utilities for auditing of wireless networks. 

3. Airsnort– It recovers encryption keys. 

4. CowPatty– It is used to audit WPA-PSK keys 

5. FakeAP – Used to generate spoofed/ counterfeit 802.11 b access points 

6. Karma – KARMA once again is a popular suite of tools used for Wireless Auditing. It can discover the clients and the wireless networks as per client preference. Rogue AP’s can be created to capture client credentials or exploit the vulnerabilities on the client side. 

7. GerixWiFi Cracker– Once again a very good GUI based tool comes pre-installed in BackTrack 4. It can be used for WEP & WPA cracking, to create Fake AP’s etc. 

There are lots more. For more details on BackTrack refer to – http://www.backtrack-linux.org/
Figure 2. Gerix, a GUI based security tool
 

Windows

NetStumbler: 

NetStumbler also known as Network Stumbler is an excellent Windows based tool for Wi-Fi reconnaissance. 
Usage of NetSumbler:
  • Ward-riving
  • Identifying SSID’s 
  • Identifying rogue Access Points (AP)
  • Assistance in determining the location of the AP’s
  • Determining signal strength etc. 

 

Figure 3. NetStumbler [2]

Wi-Fi Scanning using Smartphone

Classically for War Driving the following items were needed:
  • Laptop with Wi-Fi card
  • GPS Module for mapping the location of the Access Points
What you need today is only a Smart Phone! 
 
There are quite a few Wi-Fi Scanning / War Driving applications for all breeds of Smart Phones. They not only detect the Wi-Fi network but help in disclosing the SSID’s, type of encryption, channels, signal strength and mapping the position of the access points on Maps giving the approximate real time location of AP’s. 
 
WiGLEWifi War driving: 
 
This is a FREE application available on Android Market and is a good to have. It not only lists the Wi-Fi network in range along with SSID’s but also discloses the encryption and authentication protocol being used. It also plots the approximate location of the Access Point on a map.
Figure 4. WIGLE WiFi, Android Based Utulity [3]
 
The details like channel used, signal strength, latitude & longitude etc. are also captured.     
The other commonly used tools for Android platform are:
  • Wardrive
  • WiFi Buddy etc.
 
Then there is MiniStumbler which is called the little brother of NetStumbler for Pocket PC’s (Windows) platform. 
 
Figure 5. MiniStumbler Windows utility [4]
 
 
MiniStumbler helps in:
  • Detecting SSID’s 
  • MAC Address of the AP / Wireless router
  • Encryption type
  • Channel & signal strength
  • Plots co-ordinates if a GPS device is attached / present on the handheld etc. 
 
Similarly there are tools / utilities available for other mobile platforms as well. 

References:

  1. http://www.wirelessdefence.org/Contents/kismetMain.htm
  2. http://www.networkuptime.com
  3. http://www.androidapplicationspro.com/wigle_wifi-wigle_net-1_12-download.html
  4. http://flylib.com/books/en/1.323.1.17/1/


Information Security Consultant with KPMG. Specializing in Infrastructure & Network Security. BE - Electronics, ME - Telecommunication.

Leave a Reply