WiFi or wireless penetration testing is
an important aspect of any security audit project, organizations are
facing serious threats from their insecure WiFi network. A
compromised wifi puts the entire network at risks. Consider the
recent
darkhotel attack, where the top business executives were the
target and the attacker were targeting them by hacking into the
insecure hotel WiFI network. The moral of the story is that, “the
organizations should include a WiFi penetration testing process in
their regular security procedure”.
There is the little difference between
a network vulnerability assessment tool and WiFi vulnerability scanners, so here is the quick list of the tools that could be very
useful while performing WiFi penetration testing.
Aircrack-ng
Aircrack-ng is an 802.11 WEP and
WPA-PSK keys cracking program that can recover keys once enough data
packets have been captured. It implements the standard FMS attack
along with some optimizations like KoreK attacks, as well as the
all-new PTW attack, thus making the attack much faster compared to
other WEP cracking tools. In fact, Aircrack-ng is a set of tools for
auditing wireless networks.
Kismet
Kismet is an 802.11 layer2 wireless
network detector, sniffer, and intrusion detection system. Kismet
will work with any wireless card which supports raw monitoring
(rfmon) mode, and (with appropriate hardware) can sniff 802.11b,
802.11a, 802.11g, and 802.11n traffic. Kismet also supports plugins
which allow sniffing other media such as DECT.
Netstumbler
Netstumbler is the best known Windows
tool for finding open wireless access points (“
wardriving“).
They also distribute a WinCE version for PDAs and such named
MiniStumbler. The tool is currently free but Windows-only and no
source code is provided. It uses a more active approach to finding
WAPs than passive sniffers such as Kismet or KisMAC.
InSSIDer
inSSIDer is a wireless network scanner
for Windows, OS X, and Android. It was designed to overcome
limitations of NetStumbler, namely not working well on 64-bit Windows
and Windows Vista. inSSIDer can find open wireless access points,
track signal strength over time, and save logs with GPS records.
KisMAC
This popular wireless stumbler for Mac
OS X offers many of the features of its namesake Kismet, though the
codebase is entirely different. Unlike console-based Kismet,
KisMAC
offers a pretty GUI and was around before Kismet was ported to OS X.
It also offers mapping, Pcap-format import and logging, and even some
decryption and deauthentication attacks.
Bonus Tools
Kali Linux the
successor of backtrack linux has most of the tools configured already
but if you need to configure the additional tools then it could be
done easily. Beyond the tools mentioned above, we have some important
and relevant tools that should be mentioned, so here we go:
Reaver-WPS
Reaver performs a
brute force attack against an access point’s WiFi Protected Setup pin
number. Once the WPS pin is found, the WPA PSK can be recovered and
alternately the AP’s wireless settings can be reconfigured.
Fern WiFi Cracker
Fern wifi cracker
is a wireless security auditing application that is written in python
and uses python-qt4. This application uses the aircrack-ng suite of
tools.
If your favorite
tool is not given above, then let us know with a reason to add it to
the list 🙂
