Henry Dalziel | Pentesting Tools | March 18, 2013
With our much hyped and anticipated wireless cracking course tomorrow, March Tuesday 19th, we thought it would be useful to create a wifi-cracking list of tools.
Update! We are no longer offering the wifi hacking course described in this post. There are however a ton of free wifi hacking courses here (our course directory)
Our free 15-minute demonstration with our expert instructor Jonathan Walker will teach viewers a simple step-by-step process on how to exploit, crack, and secure wireless networks (Jonathan also taught our nmap course). Here is the link to register for this wifi cracking tutorial – it’s free. We should just quickly mention here that although Jonathan will be teaching attack and hacking methodologies, the main purpose, as everything Concise Courses does, is to educate and facilitate prevention through knowledge and experience.
We have set out three learning objectives for Tuesday’s wireless cracking tutorial – they are:
1. How to exploit wireless networks using multiple attack methodologies
2. Learn the different methods to gain access to secured wireless networks
3. How to secure your wireless network using multiple layers of security
The class will give you an open forum to ask questions, and get an insight into the art of exploiting, cracking, and securing wireless networks. And, if you like what you learn, ask Jonathan about his 90-minute live online class that starts on March 23rd.
So, back to the main purpose of this post: our list of wifi cracking, scanning and monitoring tools! (Worth quickly mentioning that we have two other popular lists we created: pentesting Firefox addons and the ‘best Linux Pentesting distributions’)
This list is the most popular or perhaps – best known security tools – for wireless hacking. If you disagree add a comment below!
Aircrack-ng: Aircrack-ng is an absolute must for all serious penetration testers and security professionals. The suite of tools includes 802.11 WEP and WPA-PSK key cracking programs that are able to capture wireless packets and crack passwords once enough information (data/ packets) have been captured. YouTube is a big favourite of aircrack-ng, with there being close to 4,500 thousand wifi cracking tutorials using aircrack!
Airjack: Airjack is a 802.11 packet injection tool. This wireless cracking tools is particularly useful in being able to inject forged deauthentication packets, a feature which is a must to execute and learn about how to defend denial-of-service and Man-in-the-Middle attacks. This tool is often used by hackers to inject deauthentication packets that results in bringing down networks.
AirSnort: AirSnort is a useful tool. This program is able to obtain WEP encryption keys by remaining in monitor mode and capturing packets.
Cain & Able: Another YouTube favourite. This program (which we believe hails from Italy) is a classic and must have for all pentesters and security professionals. Eric Reed, well known Certified Ethical Hacker instructor, demonstrated its’ use on a Hacker Hotshot episode a couple of weeks back. Simply called Cain by many, this tool is programmed to intercept network traffic. With the acquired information Cain is able to discover passwords by brute-force and cryptanalysis attack methods. Cain can also record VoIP conversations, recover wireless network keys, and analyze routing protocols. Bottom line, if you are serious about learning and educating yourself with wireless security then Cain is your friend.
Ettercap: Ettercap is used for man-in-the-middle attacks by initiating the attack by sniffing for live connections, and filter intercepted packets. This program was recently updated and we think it has been included on Kali Linux.
Firesheep: This Firefox addon caused quite a stir when it was released since it perfectly demonstrated just how insecure online sessions can be for those uneducated with basic internet (network) security. The addon allows the hacker to capture SSL session cookies sent over any unencrypted wireless network (like an open wifi network). Many websites initiate a session with their clients by forcing SSL login, but subsequently all traffic is sent over the network unencrypted – perfect for Firesheep and its’ effective side-jacking capabilities.
IKECrack: We are not too familiar with this cracking tool but we have included it because it just sounds very interesting! This tool seems to be an open source IPsec VPN authentication tool which uses brute force attack processes to capture Internet Key Exchange (IKE) packets. The purpose of this security tool is to discover valid VPN user identities and secret key combinations. Clearly once this have been obtained then the discovered credentials can be used by a hacker to gain unauthorized access to a VPN.
KARMA: This tool starts by being on monitor mode and sits there trying to work out SSID names and BSSID names. Once it has determined the SSID the tool will pretend to be that access point – rather similar to a MITM attack. If you are interested in this tool then you should also take a look at Hotspotter.
Kismet: Another classic, Kismet adopts an intrusion detection policy to wireless security, and is used to detect and analyze access points within radio range of the network on which it is installed.
NetStumbler: A great tool for those that prefer using windows. NetStumbler can activate any WiFi-enabled Windows laptop into an 802.11 network detector. Several addons can be used with NetStumbler to hack and crack wireless networks.
Wireshark: No list would be complete without WireShark. Basically WireShark monitors every single byte of data that is transmitted over a network. This tool is particularly useful for penetration testers or network administrators that want to understand what is happening on the networks that they are securing.
Other tools worth mentioning are Hotspotter, APsniff, APhunter, KNSGEM, HermesAP, OpenAP, Cowpatty and ASLeap.
Have we missed out a tool – or is our description slightly-off? Let us know in the comments below! Also – reminder – if you are interested in wireless cracking and securing your personal or business network then you must attend our demonstration this Tuesday. If you miss it don’t worry – it will be recorded and on the same URL here. The demonstration, and the actual course which starts a week later, will teach 20 students how to exploit the vulnerabilities in IEEE 802.11(WiFi) standards, gain access and secure virtually any wireless network.