Wireless Auditing, Intrusion Detection & Prevention System

WAIDPS is an open source
wireless swissknife written in Python and work on Linux environment. This is a
multipurpose tools designed for audit (penetration testing) networks, detect
wireless intrusion (WEP/WPA/WPS attacks) and also intrusion prevention
(stopping station from associating to access point). Apart from these, it will
harvest all WiFi information in the surrounding and store in databases. This
will be useful when it comes to auditing a network if the access point is ‘MAC
filtered’ or ‘hidden SSID’ and there isn’t any existing client at that moment.


WAIDS may be useful to
penetration testers, wireless trainers, law enforcement agencies and those who
is interested to know more about wireless auditing and protection. The
primarily purpose for this script is to detect intrusion. Once wireless detect
is found, it display on screen and also log to file on the attack. Additional
features are added to current script where previous WIDS does not have are :

save the attack packets into a file

interactive mode
where users are allow to perform many functions

allow user to
analyse captured packets

load previously
saved pcap file or any other pcap file to be examine


detection threshold (sensitivity of IDS in detection)

At present, WAIDS is able to
detect the following wireless attacks and will subsequently add other detection
found in the previous WIDS.

Association /
Authentication flooding

Detect mass
deauthentication which may indicate a possible WPA attack for handshake

Detect possible
WEP attack using the ARP request replay method

Detect possible
WEP attack using chopchop method

Detect possible
WPS pin bruteforce attack by Reaver, Bully, etc.

Detection of

Detection of
Rogue Access Point

The whole structure of the
Wireless Auditing, Intrusion Detection & Prevention System will comprise of

Harvesting WiFi Information         [Done]

Intrusion Detection                         [Partially Done]

Intrusion Prevention                       [Partially Done]

Auditing (Testing network)            [Coming Soon]

Other additional item
include analyzing of packets, display of captured dump, display network
barchart and much more.

Tutorial & Source

Ehacking Staff
With more than 50 global partners, we are proud to count the world’s leading cybersecurity training provider. EH Academy is the brainchild of Ehacking, which has been involved in the field of training since the past Five years and continues to help in creating professional IT experts.

Most Popular

What Makes ICS/OT Infrastructure Vulnerable?

Infrastructure security for operational technologies (OT) and industrial control systems (ICS) varies from IT security in several ways, with the inverse confidentiality, integrity, and...

Everything You Must Know About IT/OT Convergence

What is an Operational Technology (OT)? Operational technology (OT) is a technology that primarily monitors and controls physical operations. It can automate and control machines,...

Understand the OT Security and Its Importance

This article discusses OT security and why it is essential for protecting industrial systems from cyberattacks. We will also discuss common control objectives that can...

What is Deepfake, and how does it Affect Cybersecurity?

Producing deepfake is easy. It is hard to detect. They operate with a description of reality rather than reality itself (e.g., a video). Any...