How to track any MAC-address Geographical Location using Backtrack5R3. This trick is helful in finding lost devices. This trick is helful in finding lost devices. Open Application Backtrack Explonitation Tools Wireless explonation Tools WLAN Exploitation and Open Fern-Wifi-Cracker.

• Fern Wifi Cracker is a Wireless security auditing and attack software program written using the Python Programming Language and the Python Qt GUI library, the program is able to crack and recover WEP/WPA/WPS keys and also run other network based attacks on wireless or ethernet based networks.
• Automatic Access Point Attack System. Session Hijacking (Passive and Ethernet Modes)6. Access Point MAC Address Geo Location Tracking. Internal MITM Engine. Bruteforce Attacks (HTTP,HTTPS,TELNET,FTP)9. Installation on Debian Package supported systems. Fern- Wifi- Cracker.
• Fern Wifi Cracker is a Wireless security auditing and attack software program written using the Python Programming Language and the Python Qt GUI library, the program is able to crack and recover WEP/WPA/WPS keys and also run other network based attacks on wireless or ethernet based networks. The Software runs on any Linux machine with prerequisites installed, and it has been tested on Ubuntu.

802.11 Wireless Tools

aircrack-ng

aircrack-ng is an 802.11 WEP and WPA/WPA2-PSK key cracking program.It can recover the WEP key once enough encrypted packets have been captured with airodump-ng. This part of the aircrack-ng suite determinesthe WEP key using two fundamental methods. The first method is via thePTW approach (Pyshkin, Tews, Weinmann). The main advantage of the PTWapproach is that very few data packets are required to crack the WEPkey. The second method is the FMS/KoreK method. The FMS/KoreK methodincorporates various statistical attacks to discover the WEP key anduses these in combination with brute forcing.

Additionally, the program offers a dictionary method for determiningthe WEP key. For cracking WPA/WPA2 pre-shared keys, a wordlist (file orstdin) or an airolib-ng has to be used.

asleap

Actively recover LEAP/PPTP passwords

bully

Bully is a new implementation of the WPS brute force attack, written in C. It is conceptually identical to other programs, in that it exploits the (now well known) design flaw in the WPS specification. It has several advantages over the original reaver code. These include fewer dependencies, improved memory and cpu performance, correct handling of endianness, and a more robust set of options. It runs on Linux, and was specifically developed to run on embedded Linux systems (OpenWrt, etc) regardless of architecture.

Bully provides several improvements in the detection and handling of anomalous scenarios. It has been tested against access points from numerous vendors, and with differing configurations, with much success.

cowpatty

Implementation of an offline dictionary attack against WPA/WPA2 networks using PSK-based authentication (e.g. WPA-Personal). Many enterprise networks deploy PSK-based authentication mechanisms for WPA/WPA2 since it is much easier than establishing the necessary RADIUS, supplicant and certificate authority architecture needed for WPA-Enterprise authentication. Cowpatty can implement an accelerated attack if a precomputed PMK file is available for the SSID that is being assessed.

eapmd5pass

EAP-MD5 is a legacy authentication mechanism that does not provide sufficient protection for user authentication credentials. Users who authenticate using EAP-MD5 subject themselves to an offline dictionary attack vulnerability. This tool reads from a live network interface in monitor-mode, or from a stored libpcap capture file, and extracts the portions of the EAP-MD5 authentication exchange. Once the challenge and response portions have been collected from this exchange, eapmd5pass will mount an offline dictionary attack against the user’s password.

fern-wifi-cracker

Fern Wifi Cracker is a Wireless security auditing and attack software program written using the Python Programming Language and the Python Qt GUI library, the program is able to crack and recover WEP/WPA/WPS keys and also run other network based attacks on wireless or ethernet based networks.

Fern Wifi Cracker currently supports the following features:

• WEP Cracking with Fragmentation,Chop-Chop, Caffe-Latte, Hirte, ARP Request Replay or WPS attack

• WPA/WPA2 Cracking with Dictionary or WPS based attacks

• Automatic saving of key in database on successful crack

• Automatic Access Point Attack System

• Session Hijacking (Passive and Ethernet Modes)

• Access Point MAC Address Geo Location Tracking

• Internal MITM Engine

• Bruteforce Attacks (HTTP,HTTPS,TELNET,FTP)

• Update Support

genkeys

Generates lookup file for asleap

genpmk

WPA-PSK precomputation attack

giskismet

GISKismet is a wireless recon visualization tool to represent data gathered using Kismet in a flexible manner. GISKismet stores the information in a database so that the user can generate graphs using SQL. GISKismet currently uses SQLite for the database and GoogleEarth / KML files for graphing.

kismet

Kismet is an 802.11 layer2 wireless network detector, sniffer, and intrusion detection system. Kismet will work with any wireless card which supports raw monitoring (rfmon) mode, and (with appropriate hardware) can sniff 802.11b, 802.11a, 802.11g, and 802.11n traffic. Kismet also supports plugins which allow sniffing other media such as DECT.

Kismet identifies networks by passively collecting packets and detecting standard named networks, detecting (and given time, decloaking) hidden networks, and infering the presence of nonbeaconing networks via data traffic.

Kismet supports logging to the wtapfile packet format (readable by tcpdump and ethereal) and saves detected network information as plaintext,CSV, and XML. kismet is capable of using any GPS supported by gpsd andlogs and plots network data.

mdk3

MDK is a proof-of-concept tool to exploit common IEEE 802.11 protocol weaknesses.

wifiarp

Wifi injection ARP answering tool based on Wifitap

wifidns

Wifi injection DNS answering tool based on Wifitap

wifi-honey

This script creates five monitor mode interfaces, four are used as APs and the fifth is used for airodump-ng. To make things easier, rather than having five windows all this is done in a screen session which allows you to switch between screens to see what is going on. All sessions are labelled so you know which is which.

wifiping

Wifi injection based answering tool based on Wifitap

wifitap

Wifitap is a proof of concept for communication over WiFi networks using traffic injection.

Wifitap allows any application do send and receive IP packets using 802.11 traffic capture and injection over a WiFi network simply configuring wj0, which means :

• setting an IP address consistent with target network address range

• routing desired traffic through it

In particular, it’s a cheap method for arbitrary packets injection in 802.11 frames without specific library.

In addition, it will allow one to get rid of any limitation set at access point level, such as bypassing inter-client communications prevention systems (e.g. Cisco PSPF) or reaching multiple SSID handled by the same access point.

wifite

An automated wireless attack tool. To attack multiple WEP, WPA, and WPS encrypted networks in a row. This tool is customizable to be automated with only a few arguments. Wifite aims to be the “set it and forget it” wireless auditing tool.

Features

• sorts targets by signal strength (in dB); cracks closest access points first

• automatically de-authenticates clients of hidden networks to reveal SSIDs

• numerous filters to specify exactly what to attack (wep/wpa/both, above certain signal strengths, channels, etc)

• customizable settings (timeouts, packets/sec, etc)

• “anonymous” feature; changes MAC to a random address before attacking, then changes back when attacks are complete

• all captured WPA handshakes are backed up to wifite.py’s current directory

• smart WPA de-authentication; cycles between all clients and broadcast deauths

• stop any attack with Ctrl+C, with options to continue, move onto next target, skip to cracking, or exit

• displays session summary at exit; shows any cracked keys

• all passwords saved to cracked.txt

• built-in updater: ./wifite.py -upgrade

Bluetooth Tools

bluelog

Bluelog is a simple Bluetooth scanner that is designed to essentiallydo just one thing, log all the discoverable devices in the area. It isintended to be used as a site survey tool, identifying the number ofpossible Bluetooth targets there are in the surrounding environment.

bluemaho

BlueMaho is GUI-shell (interface) for suite of tools for testing security of bluetooth devices. It is freeware, opensource, written on python, uses wxPyhon. It can be used for testing BT-devices for known vulnerabilities and major thing to do – testing to find unknown vulns. Also it can form nice statistics.

Features:

• scan for devices, show advanced info, SDP records, vendor etc

• track devices – show where and how much times device was seen, its name changes

• loop scan – it can scan all time, showing you online devices

• alerts with sound if new device found

• on_new_device – you can specify what command should it run when it founds new device

• it can use separate dongles – one for scaning (loop scan) and one for running tools or exploits

• send files

• change name, class, mode, BD_ADDR of local HCI devices

• save results in database

• form nice statistics (uniq devices by day/hour, vendors, services etc)

• test remote device for known vulnerabilities (see exploits for more details)

• test remote device for unknown vulnerabilities (see tools for more details)

• themes! you can customize it

blueranger

BlueRanger is a simple Bash script which uses Link Quality to locate Bluetooth device radios. It sends l2cap (Bluetooth) pings to create a connection between Bluetooth interfaces, since most devices allow pings without any authentication or authorization. The higher the link quality, the closer the device (in theory).

Use a Bluetooth Class 1 adapter for long range location detection. Switch to a Class 3 adapter for more precise short range locating. The recision and accuracy depend on the build quality of the Bluetooth adapter, interference, and response from the remote device. Fluctuations may occur even when neither device is in motion.

bluesnarfer

A Bluetooth bluesnarfing Utility.

btscanner

btscanner is a tool designed specifically to extract as much information as possible from a Bluetooth device without the requirement topair. A detailed information screen extracts HCI and SDP information,and maintains an open connection to monitor the RSSI and link quality.btscanner is based on the BlueZ Bluetooth stack, which is included withrecent Linux kernels, and the BlueZ toolset. btscanner also contains acomplete listing of the IEEE OUI numbers and class lookup tables. Usingthe information gathered from these sources it is possible to make educated guesses as to the host device type.

redfang

RedFang is a small proof-of-concept application to find non discoverable Bluetooth devices. This is done by brute forcing the last six (6) bytes of the Bluetooth address of the device and doing a read_remote_name().

spooftooph

Spooftooph is designed to automate spoofing or cloning Bluetooth device information. Make a Bluetooth device hide in plain site.

Features:

• Clone and log Bluetooth device information

• Generate a random new Bluetooth profile

• Change Bluetooth profile every X seconds

• Specify device information for Bluetooth interface

• Select device to clone from scan log

Other Wireless Tools

zbassocflood

Transmit a flood of associate requests to a target network.

zbdsniff

Decode plaintext key ZigBee delivery from a capture file. Willprocess libpcap or Daintree SNA capture files.

zbdump

A tcpdump-like tool for ZigBee/IEEE 802.15.4 networks

zbfind

zbfind provides a GTK-based GUI to the user which displays the results of a zbstumbler-like functionality. zbfind sends beacon requests as it cycles through channels and listens for a response, adding the response to a table as well as displaying signal strength on a gauge widget.

zbgoodfind

Search a binary file to identify the encryption key for a givenSNA or libpcap IEEE 802.15.4 encrypted packet

zbreplay

Replay ZigBee/802.15.4 network traffic from libpcap or Daintree files

zbstumbler

Transmit beacon request frames to the broadcast address whilechannel hopping to identify ZC/ZR devices.

RFID / NFC Tools

NFC Tools

mfcuk

Toolkit containing samples and various tools based on and around libnfc and crapto1, with emphasis on Mifare Classic NXP/Philips RFID cards. Special emphasis of the toolkit is on the following:

• mifare classic weakness demonstration/exploitation

• demonstrate use of libnfc (and ACR122 readers)

• demonstrate use of Crapto1 implementation to confirm internal workings and to verify theoretical/practical weaknesses/attacks

mfoc

MFOC is an open source implementation of “offline nested” attack by Nethemba.This program allow to recover authentication keys from MIFARE Classic card.Please note MFOC is able to recover keys from target only if it have a known key: default one (hardcoded in MFOC) or custom one (user provided using command line).

mfterm

A terminal interface for working with Mifare tags.

The program is used as an interactive shell to read and write Mifaretags using libnfc and a libnfc compatible reader or to simply manipulate Mifare data dumps from files.

mifare-classic-format

nfc-list

nfc-list is a utility for listing any available tags like ISO14443-A,FeliCa, Jewel or ISO14443-B (according to the device capabilities). Itmay detect several tags at once thanks to a mechanism called anti-collision but all types of tags don’t support anti-collision and there issome physical limitation of the number of tags the reader can discover.

This tool displays all available information at selection time.

nfc-mfclassic

nfc-mfclassic is a MIFARE Classic tool that allow to read or write DUMPfile using MIFARE keys provided in KEYS file.

RFIDiot ACG

RFIDiot FROSCH

RFIDiot PCSC

A collection of tools and libraries for exploring RFID technology, writtenin Python.

ChAP.py

Script that tries to select the EMV Payment Systems Directory on all inserted cards.

bruteforce.py

Try random numbers to login to sector 0

cardselect.py

Select card and display ID

copytag.py

Read all sectors from a standard tag and write them back to a blank

Fern Wifi Cracker With Geographical Location Mac Address Tracker Real-time

demotag.py

Test IAIK TUG DemoTag

eeprom.py

Display reader’s eeprom settings

fdxbnum.py

Generate / decode FDX-B EM4x05 compliant IDs

formatmifare1kvalue.py

Format value blocks on a mifare standard tag

froschtest.py

Test frosch HTRM112 reader

hidprox.py

Show HID Prox card type and site/id code

hitag2brute.py

Brute Force hitag2 password

hitag2reset.py

Reset hitag2 password

isotype.py

Determine ISO tag type

jcopmifare.py

Fern Wifi Cracker With Geographical Location Mac Address Tracker Download

Test program for mifare emulation on JCOP

jcopsetatrhist.py

Set ATR History bytes on JCOP cards

jcoptool.py

JCOP card toolkit

lfxtype.py

Select card and display tag type

loginall.py

Attempt to login to each sector with transport keys

mifarekeys.py

Calculate 3DES key for Mifare access on JCOP cards

mrpkey.py

Calculate 3DES key for Machine Readable Passport

multiselect.py

Continuously select card and display ID

nfcid.py

Python code for Identifying NFC cards

pn532emulate.py

Switch NXP PN532 reader chip into TAG emulation mode

pn532mitm.py

NXP PN532 Man-In-The_Middle – log conversations between TAG and external reader

q5reset.py

Reset q5 tag

readlfx.py

Read all sectors from a LFX reader

readmifare1k.py

Read all sectors from a mifare standard tag

readmifaresimple.py

Read all sectors from a mifare tag

readmifareultra.py

Read all sectors from a Ultralight tag

readtag.py

Read all sectors from a standard tag

rfidiot-cli.py

CLI for rfidiot

send_apdu.py

Python code for Sending raw APDU commands

sod.py

Try to find X509 data in EF.SOD

transit.py

Generate / decode FDI Matalec Transit 500 and Transit 999 UIDs

unique.py

Generate EM4x02 and/or UNIQUE compliant IDs

writelfx.py

Read and then write all sectors from a LFX reader

Fern Wifi Cracker With Geographical Location Mac Address Tracker Google

writemifare1k.py

Write all blocks on a mifare standard tag

Check http://rfidiot.org/ for more information and examples

Software Defined Radio

gnuradio-companion

A graphical tool for creating signal flow graphs and generating flow-graph source code.

gqrx

Gqrx is a software defined radio receiver powered by the GNU Radio SDR framework and the Qt graphical toolkit. Gqrx supports many of the SDR hardware available, including Funcube Dongles, rtl-sdr, HackRF and USRP devices.

Currently it works on Linux and Mac and supports the following devices:. Funcube Dongle Pro and Pro+ RTL2832U-based DVB-T dongles (rtlsdr via USB and TCP) OsmoSDR USRP HackRF Jawbreaker Nuand bladeRF any other device supported by the gr-osmosdr library

The latest stable version of Gqrx is 2.2, it is available for Linux, FreeBSD and Mac and it offers the following features:

• Discover devices attached to the computer.

• Process I/Q data from the supported devices.

• Change frequency, gain and apply various corrections (frequency, I/Q balance).

• AM, SSB, FM-N and FM-W (mono and stereo) demodulators.

• Special FM mode for NOAA APT.

• Variable band pass filter.

• AGC, squelch and noise blankers.

• FFT plot and waterfall.

• Record and playback audio to / from WAV file.

• Spectrum analyzer mode where all signal processing is disabled.

gr-scan

gr-scan is a program written in C++, and built upon GNU Radio, rtl-sdr, and the OsmoSDR Source Block. It is intended to scan a range of frequencies and print a list of discovered signals. It should work with any device that works with that block, including Realtek RTL2832U devices. This software was developed using a Compro U620F, which uses an E4000 tuner

modes_gui

Part of gr-air-modes

gr-air-modes implements a software-defined radio receiver for Mode Stransponder signals, including ADS-B reports from equipped aircraft.

rtl_adsb

A simple ADS-B decoder

rtl_fm

A simple narrow band FM demodulator for RTL2832 based DVB-T receivers

rtl_sdr

An I/Q recorder for RTL2832 based DVB-T receivers

rtlsdr-scanner

A cross platform Python frequency scanning GUI for USB TV dongles, using the OsmoSDR rtl-sdr library.In other words a cheap, simple Spectrum Analyser.The scanner attempts to overcome the tuner’s frequency response by averaging scans from both the positive and negative frequency offets of the baseband data.

rtl_tcp

An I/Q spectrum server for RTL2832 based DVB-T receivers

rtl_test

A benchmark tool for RTL2832 based DVB-T receivers

Noise proves nothing. Often a hen who has merely laid an egg cacklesas if she laid an asteroid.

— Mark Twain