Search the Community

Aircrack-ng is an 802.11 WEP and WPA-PSK keys cracking program that can recover keys once enough data packets have been captured. aircrack-ng is an 802.11 WEP and WPA/WPA2-PSK key cracking program. It can recover the WEP key once enough encrypted packets have been captured with airodump-ng. This part of the aircrack-ng suite determines the WEP key using two fundamental methods. The first method is via the PTW approach (Pyshkin, Tews, Weinmann). The main advantage of the PTW approach is that very few data packets are required to crack the WEP key. The second method is the FMS/KoreK method. The FMS/KoreK method incorporates various statistical attacks to discover the WEP key and uses these in combination with brute force. Additionally, the program offers a dictionary method for determining the WEP key. For cracking WPA/WPA2 pre-shared keys, a wordlist (file or stdin) or an airolib-ng has to be used. Aircrack-ng version 1.7 releases. Changelog Airdecap-ng: Endianness fixes Airdecap-ng: Output PCAP as little endian Airodump-ng: Fixed blank encryption field when APs have TKIP (and/or CCMP) with WPA2 Airodump-ng: Updated encryption filter (-t/–encrypt) for WPA3 and OWE Airodump-ng: Fixed out-of-order timestamp captures Airodump-ng: Ignore NULL PMKID Airodump-ng: Fixed dropping management frames with zeroed timestamp Airodump-ng: Fixed sorting where sometimes it started with a different field Airodump-ng: Allow setting colors only in AP selection mode Airodump-ng: Fix crash on 4K Linux console Airodump-ng: Fixed issue where existing clients not linked to an AP become hidden when hitting ‘o’ Airodump-ng: Allow use of WiFi 6E 6GHz frequencies Airodump-ng: Look for oui.txt in /usr/share/hwdata Airgraph-ng: Fixed graphviz package conflict Airgraph-ng: Fixed downloading OUI with python3 Airgraph-ng: Ensure support/ directory is created when installing Aircrack-ng: Fixed static compilation Aircrack-ng: Fix handshake replay counter logic Aircrack-ng: Handle timeout when parsing EAPOL Aircrack-ng: Fixed WEP display Aircrack-ng: Fixed spurious EXIT messages Aircrack-ng: Improved handshake selection by fixing EAPOL timing and clearing state Aircrack-ng: Ignore NULL PMKID Aircrack-ng: Added Apple M1 detection Aireplay-ng: In test mode, detect tampering of sequence number by firmware/driver Aireplay-ng: Fixed incorrectly rewritten loops affecting fragmentation attack, and in some cases, SKA fake auth Aireplay-ng: Fixed a bunch of instances where packets had their duration updated instead of the sequence number Airmon-ng: Fix avahi killing Airmon-ng: rewrite service stopping entirely Airmon-ng: Codestyle fixes and code cleanup Airmon-ng: Added a few Raspberry Pi hardware revisions Airmon-ng: Fixes for 8812au driver Airmon-ng: Fix iwlwifi firmware formatting Airmon-ng: Remove broken KVM detection Airmon-ng: Show regdomain in verbose mode Airmon-ng: Updated Raspberry Pi hardware revisions Airmon-ng: Document frequency usage Airmon-ng: Add a sleep to help predictable names due to udev sometimes renaming interface Airmon-ng: Added warning for broken radiotap headers in kernel 5.15 to 5.15.4 Airmon-ng: shellcheck fixes Airmon-ng: support systemctl as some systems don’t support ‘service’ anymore Airmon-ng: Fixes for pciutils 3.8, backward compatible Airbase-ng: use enum for frame type/subtype Airbase-ng: remove a few IE in association responses Besside-ng: Support and detect all channels in 5GHz in Auto-Channel mode OSdep: Search additional IE for channel information OSdep: Android macro fixes Patches: Add missing patches that were on [Hidden Content] but not in repo Patches: Updated freeradius-wpe patch for v3.2.0 Patches: Updated hostapd-wpe patch for v2.10 Patches: Added docker containers to test WPE patches Autotools: make dist now creates VERSION file Autotools: Added maintainer mode Autotools: Initial support for Link Time Optimization (LTO) builds Integration tests: Added a new test, and improved some existing ones Airgraph-ng: switch airodump-join to Python 3 Manpages: Fixes (typos, tools name, etc.) and improvements README: Updated dependencies and their installation on various distros in README.md and INSTALLING README: Fixed typos and spelling in README.md and INSTALLING Packages: Packages on PackageCloud now support any distro using .deb and .rpm, however, it requires reinstalling repo (BREAKING CHANGE) General: Fix compilation with LibreSSL 3.5 General: Fix issues reported by Infer General: Updated buildbots General: Add Linux uclibc support General: Compilation fixes on macOS with the Apple M1 CPU General: Removed TravisCI and AppVeyor General: Use Github Actions for CI (Linux, Win, macOS, code style, and PVS-Studio) General: Added vscode devcontainer and documentation General: Fix warnings from PVS-Studio and build with pedantic (See PR2174) General: Shell script fixes thanks to shellcheck General: Fixes for GCC 10 and 11 General: Fixed cross-compilation General: Code refactoring, deduplication, cleanup, and misc code improvements General: Coverity Scan fixes, which includes memory leaks, race conditions, division by 0, and other issues General: PVS Studio improvements,fixes and updates General: Code formatting/style fixes General: Various fixes and improvements (code, CI, integration tests, coverity) General: Update bug reporting template and update the process [hide][Hidden Content]]

Offensive Wifi Toolkit (owt) This tool compiles some necessary tools for wifi auditing in a Unix bash script with a user-friendly interface. The goal of owt is to have the smallest file size possible while still functioning at maximum proficiency. [hide][Hidden Content]]

nmap (“Network Mapper“) is an open-source tool for network exploration and security auditing. It was designed to rapidly scan large networks, although it works fine to scan single hosts. nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics. While nmap is commonly used for security audits, many systems and network administrators find it useful for routine tasks such as network inventory, managing service upgrade schedules, and monitoring host or service uptime. The output from nmap is a list of scanned targets, with supplemental information on each depending on the options used. Key among that information is the “interesting ports table”. That table lists the port number and protocol, service name, and state. The state is either open, filtered, closed, or unfiltered. Open means that an application on the target machine is listening for connections/packets on that port. Filtered means that a firewall, filter, or other network obstacle is blocking the port so that nmap cannot tell whether it is open or closed. Closed ports have no application listening on them, though they could open up at any time. Ports are classified as unfiltered. when they are responsive to nmap’s probes, but nmap cannot determine whether they are open or closed. nmap reports the state combinations open|filtered and closed|filtered when it cannot determine which of the two states describe a port. The port table may also include software version details when version detection has been requested. When an IP protocol scan is requested (-sO), nmap provides information on supported IP protocols rather than listening ports. In addition to the interesting ports table, nmap can provide further information on targets, including reverse DNS names, operating system guesses, device types, and MAC addresses. Changelog Nmap 7.92: [Windows] Upgraded Npcap (our Windows raw packet capturing and transmission driver) from version 1.00 to the latest version 1.50. You can read about the dozens of performance improvements, bug fixes and feature enhancements at [Hidden Content]. [Windows] Thanks to the Npcap 1.50 upgrade, Nmap now works on the Windows ARM architecture so you can run it on lightweight and power-efficient tablets like the Microsoft Surface Pro X and Samsung Galaxy Book Go. More ARM devices are on the way along with the upcoming Windows 11 release. See the Npcap on ARM announcement at [Hidden Content]. [Windows] Updated our Windows builds to Visual Studio 2019, Windows 10 SDK, and the UCRT. This prevents Nmap from working on Windows Vista and earlier, but they can still use older versions of Nmap on their ancient operating system. New Nmap option –unique will prevent Nmap from scanning the same IP address twice, which can happen when different names resolve to the same address. [Daniel Miller] [NSE][GH#1691] TLS 1.3 now supported by most scripts for which it is relevant, such as ssl-enum-ciphers. Some functions like ssl tunnel connections and certificate parsing will require OpenSSL 1.1.1 or later to fully support TLS 1.3. [Daniel Miller] [NSE] Added 3 NSE scripts, from 4 authors, bringing the total up to 604! They are all listed at [Hidden Content], and the summaries are below: [GH#2201] nbns-interfaces queries NetBIOS name service (NBNS) to gather IP addresses of the target’s network interfaces [Andrey Zhukov] [GH#711] openflow-info gathers preferred and supported protocol versions from OpenFlow devices [Jay Smith, Mak Kolybabi] port-states prints a list of ports that were found in each state, including states that were summarized as “Not shown: X closed ports” [Daniel Miller] Several changes to UDP payloads to improve accuracy: [GH#2269] Fix an issue with -sU where payload data went out-of-scope before it was used, causing corrupted payloads to be sent. [Mariusz Ziulek] Nmap’s retransmission limits were preventing some UDP payloads from being tried with -sU and -PU. Now, Nmap sends each payload for a particular port at the same time without delay. [Daniel Miller] New UDP payloads: [GH#1279] TS3INIT1 for UDP 3389 [colcrunch] [GH#1895] DTLS for UDP 3391 (RD Gateway) [Arnim Rupp] [NSE][GH#2208][GH#2203] SMB2 dialect handling has been redesigned. Visible changes include: Notable improvement in speed of script smb-protocols and others Some SMB scripts are no longer using a hardcoded dialect, improving target interoperability Dialect names are aligned with Microsoft, such as 3.0.2, instead of 3.02 [nnposter] [GH#2350] Upgraded OpenSSL to version 1.1.1k. This addresses some CVE’s which don’t affect Nmap in a material way. Details: [Hidden Content] Removed support for the ancient WinPcap library since we already include our own Npcap library ([Hidden Content]) supporting the same API. WinPcap was abandoned years ago and it’s official download page says that “WE RECOMMEND USING Npcap INSTEAD” for security, stability, compatibility, and support reasons. [GH#2257] Fix an issue in addrset matching that was causing all targets to be excluded if the –excludefile listed a CIDR range that contains an earlier, smaller CIDR range. [Daniel Miller] Upgrade the Windows NSIS installer to use the latest NSIS 3 (version 3.07) instead of the previous NSIS 2 generation. Setting –host-timeout=0 will disable the host timeout, which is set by -T5 to 15 minutes. Earlier versions of Nmap require the user to specify a very long timeout instead. Improvements to Nmap’s XML output: If a host times out, the XML <host> element will have the attribute timedout=”true” and the host’s timing info (srtt etc.) will still be printed. The “extrareasons” element now includes a list of port numbers for each “ignored” state. The “All X ports” and “Not shown:” lines in normal output have been changed slightly to provide more detail. [Daniel Miller] [NSE][GH#2237] Prevent the ssl-* NSE scripts from probing ports that were excluded from version scan, usually 9100-9107, since JetDirect will print anything sent to these ports. [Daniel Miller] [GH#2206] Nmap no longer produces cryptic message “Failed to convert source address to presentation format” when unable to find useable route to the target. [nnposter] [Ncat][GH#2202] Use safety-checked versions of FD_* macros to abort early if number of connections exceeds FD_SETSIZE. [Pavel Zhukov] [Ncat] Connections proxied via SOCKS4/SOCKS5 were intermittently dropping server data sent right after the connection got established, such as port banners. [Sami Pönkänen] [Ncat][GH#2149] Fixed a bug in proxy connect mode which would close the connection as soon as it was opened in Nmap 7.90 and 7.91. [NSE][GH#2175] Fixed NSE so it will not consolidate all port script output for targets which share an IP (e.g. HTTP vhosts) under one target. [Daniel Miller] [Zenmap][GH#2157] Fixed an issue where a failure to execute Nmap would result in a Zenmap crash with “TypeError: coercing to Unicode” exception. Nmap no longer considers an ICMP Host Unreachable as confirmation that a target is down, in accordance with RFC 1122 which says these errors may be transient. Instead, the probe will be destroyed and other probes used to determine aliveness. [Daniel Miller] [Ncat][GH#2154] Ncat no longer crashes when used with Unix domain sockets. [Ncat][GH#2167][GH#2168] Ncat is now again generating certificates with the duration of one year. Due to a bug, recent versions of Ncat were using only one minute. [Tobias Girstmair] [NSE][GH#2281] URL/percent-encoding is now using uppercase hex digits to align with RFC 3986, section 2.1, and to improve compatibility with some real-world web servers. [nnposter] [NSE][GH#2174] Script hostmap-crtsh got improved in several ways. The most visible are that certificate SANs are properly split apart and that identities that are syntactically incorrect to be hostnames are now ignored. [Michel Le Bihan, nnposter] [NSE] Loading of a Nikto database failed if the file was referenced relative to the Nmap directory [nnposter] [GH#2199] Updated Nmap’s NPSL license to rewrite a poorly-worded clause abiyt “proprietary software companies”. The new license version 0.93 is still available from [Hidden Content]. As described on that page, we are also still offering Nmap 7.90, 7.91, and 7.92 under the previous Nmap 7.80 license. Finally, we still offer the Nmap OEM program for companies who want a non-copyleft license allowing them to redistribute Nmap with their products at [Hidden Content]. [NSE] Script smb2-vuln-uptime no longer reports false positives when the target does not provide its boot time. [nnposter] [NSE][GH#2197] Client packets composed by the DHCP library will now contain option 51 (IP address lease time) only when requested. [nnposter] [NSE][GH#2192] XML decoding in library citrixxml no longer crashes when encountering a character reference with codepoint greater than 255. (These references are now left unmodified.) [nnposter] [NSE] Script mysql-audit now defaults to the bundled mysql-cis.audit for the audit rule base. [nnposter] [NSE][GH#1473] It is now possible to control whether the SNMP library uses v1 (default) or v2c by setting script argument snmp.version. [nnposter] [hide][Hidden Content]]

Aircrack-ng is an 802.11 WEP and WPA-PSK keys cracking program that can recover keys once enough data packets have been captured. aircrack-ng is an 802.11 WEP and WPA/WPA2-PSK key cracking program. It can recover the WEP key once enough encrypted packets have been captured with airodump-ng. This part of the aircrack-ng suite determines the WEP key using two fundamental methods. The first method is via the PTW approach (Pyshkin, Tews, Weinmann). The main advantage of the PTW approach is that very few data packets are required to crack the WEP key. The second method is the FMS/KoreK method. The FMS/KoreK method incorporates various statistical attacks to discover the WEP key and uses these in combination with brute force. Additionally, the program offers a dictionary method for determining the WEP key. For cracking WPA/WPA2 pre-shared keys, a wordlist (file or stdin) or an airolib-ng has to be used. Aircrack-ng version 1.6 releases. Changelog This release brings a ton of improvements. Along with bug fixes for a lot of tools, we have huge improvements under the hood thanks to code cleanup, deduplication, and reorganization of the source code. Build system has been updated (and improved) and now requires autotools 1.14 or higher. Visible changes and improvements: Airodump-ng now calculates rates for 802.11n/ac AP instead of being limited to 54Mbit WPA3 and OWE detection in Airodump-ng Basic UTF8 support in Airodump-ng PMKID detection in Airodump-ng Signal level is now correctly displayed when reading PCAP with Airodump-ng Airodump-ng can now read PCAP files in realtime Airmon-ng detects a few more network managers and handles the case when avahi keep getting restarted A lot of bug fixes in Aircrack-ng Airdecap-ng can decrypt both directions when WDS is used Other notable changes: WPE patches updates for HostAPd and freeradius Integration tests: Capture and injection tests for airodump-ng, aireplay-ng, airbase-ng, and others Python 3 support for scripts, while still compatible with Python 2 Added security policy [HIDE][Hidden Content]]

Introduction Airgeddon is a multi-use bash script for WiFi network security auditing on Linux systems. This multi-purpose WiFi hacking tool has very rich features which supports multiple methods for WiFi hacking including multiple WPS hacking modes, all-in-one WEP attack, handshake file capturing, Evil Twin attacks, Pixie Dust attacks, and so much more (see features below). Features: Monitor-managed: interface mode switcher. Multiple configurable options, multilang support, auto update, HTTP proxy auto detection for updates, and so much more. WPA/WPA2 personal networks Handshake file capturing. Cleaning and optimizing Handshake captured files Evil Twin attacks [Rogue AP]: Integrated sniffing, sslstrip2, BeEF with Hostapd + DHCP + DoS + Ettercap + Sslstrip + BeEF; WiFi password capturing through captive portal with DNS blackhole; optional MAC spoofing. WPS cracking: WPS scanning, Pixie Dust attacks, Brute-force PIN attacks [Bully, Reaver], WPS PINs attacks. WEP All-in-One attack: combining different techniques: Chop-Chop, Caffe Latte, ARP Replay, Hirte, Fragmentation, Fake association, etc. DoS over wireless networks using different methods [DOS Pursuit Mode]. Comptaibility: Many Linux distros, iptables/nftables. [HIDE][Hidden Content]]