WAIDPS is an open source
wireless swissknife written in Python and work on Linux environment. This is a
multipurpose tools designed for audit (penetration testing) networks, detect
wireless intrusion (WEP/WPA/WPS attacks) and also intrusion prevention
(stopping station from associating to access point). Apart from these, it will
harvest all WiFi information in the surrounding and store in databases. This
will be useful when it comes to auditing a network if the access point is ‘MAC
filtered’ or ‘hidden SSID’ and there isn’t any existing client at that moment.
wireless swissknife written in Python and work on Linux environment. This is a
multipurpose tools designed for audit (penetration testing) networks, detect
wireless intrusion (WEP/WPA/WPS attacks) and also intrusion prevention
(stopping station from associating to access point). Apart from these, it will
harvest all WiFi information in the surrounding and store in databases. This
will be useful when it comes to auditing a network if the access point is ‘MAC
filtered’ or ‘hidden SSID’ and there isn’t any existing client at that moment.
WAIDS may be useful to
penetration testers, wireless trainers, law enforcement agencies and those who
is interested to know more about wireless auditing and protection. The
primarily purpose for this script is to detect intrusion. Once wireless detect
is found, it display on screen and also log to file on the attack. Additional
features are added to current script where previous WIDS does not have are :
·
automatically
save the attack packets into a file
automatically
save the attack packets into a file
·
interactive mode
where users are allow to perform many functions
interactive mode
where users are allow to perform many functions
·
allow user to
analyse captured packets
allow user to
analyse captured packets
·
load previously
saved pcap file or any other pcap file to be examine
load previously
saved pcap file or any other pcap file to be examine
·
customizing
filters
customizing
filters
·
customize
detection threshold (sensitivity of IDS in detection)
customize
detection threshold (sensitivity of IDS in detection)
At present, WAIDS is able to
detect the following wireless attacks and will subsequently add other detection
found in the previous WIDS.
·
Association /
Authentication flooding
Association /
Authentication flooding
·
Detect mass
deauthentication which may indicate a possible WPA attack for handshake
Detect mass
deauthentication which may indicate a possible WPA attack for handshake
·
Detect possible
WEP attack using the ARP request replay method
Detect possible
WEP attack using the ARP request replay method
·
Detect possible
WEP attack using chopchop method
Detect possible
WEP attack using chopchop method
·
Detect possible
WPS pin bruteforce attack by Reaver, Bully, etc.
Detect possible
WPS pin bruteforce attack by Reaver, Bully, etc.
·
Detection of
Evil-Twin
Detection of
Evil-Twin
·
Detection of
Rogue Access Point
Detection of
Rogue Access Point
The whole structure of the
Wireless Auditing, Intrusion Detection & Prevention System will comprise of
Wireless Auditing, Intrusion Detection & Prevention System will comprise of
Harvesting WiFi Information [Done]
Intrusion Detection [Partially Done]
Intrusion Prevention [Partially Done]
Auditing (Testing network) [Coming Soon]
Other additional item
include analyzing of packets, display of captured dump, display network
barchart and much more.
