rogueAP Detector is an open source tool to detect Wi-Fi Rogue Access Points, covering the most commonly known attacks. This tool is a modular framework composed of Scanners, Detectors and Actuators, which are responsible for scanning for available APs, apply a set of heuristics to detect them, and apply a defensive mechanism.
Scanners: Methods to scan the network Detectors: Set of passive detectors to identify RogueAP types Actuators: Set of active detectors to identify RogueAP types
./rogueAP_detector.py
Options:
-i interface -> interface to monitor the network
-im interface -> interface for active mode
-p profile -> name of the profile to load
-s scan_type -> name of scanning type (iwlist, scapy)
-h hive_mode -> creates an AP (configured in profiles/rogueAP.txt)
-d deauth -> deauthenticates users from target AP
-wifi_attacks_detect -> detects deauthentication and pmkid attacks
-a active_mode -> activates random probe requests
Examples:
Scan for RAPs without a profile - (iwlist mode) ./rogueAP_detector.py -i iface -s iwlist Scan for RAPs using a profile - (iwlist mode) ./rogueAP_detector.py -i iface -s iwlist -p example_profile.txt Scan for RAPs using a profile - (scapy mode) ./rogueAP_detector.py -i iface -s scapy -p example_profile.txt Scan for RAPs with karma detect active mode enabled - (iwlist mode) ./rogueAP_detector.py -i iface1 -im iface2 -s iwlist -a Scan for RAPs using a profile and karma detect active mode enabled - (iwlist mode) ./rogueAP_detector.py -i iface1 -im iface2 -s iwlist -p profile.txt -a Create a RAP ./rogueAP_detector.py -im iface -h Deauthenticate defensive mechanism mode ./rogueAP_detector.py -im iface -d Deauthentication and PMKID attacks detection ./rogueAP_detector.py -im iface -wifi_attacks_detect
Detecting Evil Twin, Multi-Channel, Different Encryption and Recently Created Rogue APs:
Validate Free WiFis and Detecting Karma Attacks:
PMKID Attack Detection:
PMKID and Deauthentication Attacks Detection:
python2.7
scapy
wireless-tools
iw
To install the dependencies, run: ./dependencies.sh