The drivers supported by every tool have been listed after the tool name. The nomenclature used for naming the drivers is:
HostAP (H), Wlan-ng (W), Prism54 (P), Madwifi (M), Hermes/Orinoco (O),
Ralink (R), RealTek (RT), Cisco Aironet (A), Intel Centrino (C)... If a specific tool supports almost all drivers, it is listed as all and if it is based on LORCON (multi-driver library) it appears as (L).
If a tool simply requires to have a driver that support monitor mode, it is denoted by (RFMON).
The drivers and wireless chipset relationships is listed under the "Drivers (Linux)" section below.
|
|
| Drivers (Linux) |
| Host AP | Jouni Malinen | Host AP driver for Intersil Prism2/2.5/3, hostapd, and WPA Supplicant |
| Wlan-ng | AbsoluteValue Sys | Complete, standards based, wireless LAN system for Prism cards |
| AirJack | M. Lynn, R. Baird | Driver for 802.11(a/b/g) raw frame injection (essid_jack, wlan_jack...) |
| MADwifi-ng | Michael Renzmann | Multiband Atheros driver for WiFi cards |
| Prism54 | Luis R. Rodriguez | Linux driver for the 802.11g Prism (GT, Duette, Indigo) chipsets |
| IPW2100 | James Ketrenos | Intel Pro/Wireless 2100 Centrino (b) |
| IPW2200 | James Ketrenos | Intel Pro/Wireless 2200 BG Centrino (a/b/g, ipw2200 and ipw2915) |
| IPW3495 | Zhu Yi | Intel Pro/Wireless 3495 ABG adapter (a/b/g) (injection patch) |
| Intel 4965AGN | Intel | Intel WiFi 4965AGN adapter (a/b/g/n) - iwlwifi |
| orinoco_cs | David Gibson | Lucent/Agere, Prism2 & Symbol Spectrum24 chipsets (CVS) |
| Hermes AP | Hunz | AP (BSS master) mode with Hermes/Orinoco cards under Linux |
| Broadcom 43xx | BerliOS | Broadcom 43xx Linux wireless driver (specification) |
| RTL8180 | Andrea Merello | Linux drivers for Realtek's WiFi cards |
| RT2x00 | Mark Wallis | Linux drivers for Ralink rt2400, rt2500, rt61 & rt73 chipsets (rt73/2570 enhanced) |
| airo_cs | Cisco | Linux drivers for Cisco Aironet chipsets |
| Zydas (SF) | Mayne | Linux driver for the ZyDAS ZD1211(b) 802.11a/b/g USB WLAN chip |
|
|
LORCON |
| LORCON (Loss Of Radio CONnectivity)
is a Linux-based wireless library for packet injection. Specifically,
it is a generic library for injecting 802.11 frames, capable of
injection via multiple driver frameworks, without forcing modification
of the application code. It has been developed by dragorn (Mike Kershaw)
and Joshua Wright.
LORCON has been ported to Ruby (ruby-lorcon) by H D Moore, and to Python (pylorcon) by Tom Wambold. |
|
| Suites (Multi-tool distributions) |
| Airbase | Johny Cache | Collection of wireless tools: WEP cracking, traffic injection, libraries (libairware)...
jc-aircrack, jc-wepcrack, pcap-wepcrypt, prism-strip, simple-replay, pcap2air |
| WToolkit (Win) | Toolcrypt | Multiple Windows wireless tools:
eth2wep, wanalyse, wdecrypt, wdump, wdupiv, wfilter, wgetkey, wmerge |
| aircrack (all) | Christophe Devine | 802.11 sniffer and WEP key cracker for Win & Lx: (Version 2.41)
aireplay, airodump, aircrack, 802ether... (Original homepage is offline) |
| aircrack-ng (all) | | Set of tools for auditing wireless networks (Forums) |
| aircrack-ptw (all) | | WEP cracking improvements based on Klein's paper (PTW: Pychkine, Tews and Weinmann) |
|
| Traffic capture, network identification & analysis |
| Kismet (all) | Mike Kershaw | 802.11 layer2 wireless network detector, sniffer, and IDS (gpsmap) (blog) |
| Kismet-newcore (all) | Mike Kershaw | Kismet rewritten... + doomcube |
| Kismet for Windows | Josh Wright | Kismet for Windows useful to monitor WRT54G drones |
| gkismet | Anton Solovyev | A GUI Kismet client (Gnome/Gtk perl based) |
| Netstumbler (Win) | Peter K. Lee | A Wireless 802.11(b) Network Analyzer (stumbler.net) |
| AirTraf (W, A) | Marius Milner | Windows tool to detect WLANs 802.11b/a/g
(original) |
| Wellenreiter (H, A) | Remote Exploit | Wireless network discovery and auditing tool |
| THC Wardrive (W) | THC | Tool for mapping wireless networks with a GPS |
| WifiScanner (H, W) | HSC | Tool for wireless nodes discovery |
| WiCrawl (all) | Midnight RL | AP auditing tool (Plug-ins) |
| Ferret | Errata Security | Wireless hotspot information leakage and correlation tool (Hamster/Sidejacking) |
| WiFiZoo | Hernan | Wireless passive sniffer and correlation tool |
| FreeRADIUS-WPE | J. Wright, B. Antoniewicz | FreeRADIUS - Wireless Pwnage Edition |
| MoocherHunter | ThinkSECURE | Tool to physically hunt down and geo-locate wireless moochers, hackers and other unauthorized users. |
|
| Traffic injection |
| void11 (H) | Reyk Floeter | Implementation of some basic DoS 802.11b attacks (gvoid11, GUI) |
| airpwn (all, old:H) | Bryan Burns (toast) | Generic packet injection on an 802.11 network (DefCon 12). Now, based on LORCON! |
| airpwn (Windows) | Joshua Wright | Generic packet injection on an 802.11 network (ShmooCon 07). Now, based on LORCON! |
| file2air (L) | Joshua Wright | A tool to inject packets into an 802.11 networks |
| rcovert (P, M) | Laurent Butti | Initiates a covert channel over 802.11 nets (raw injection) |
| Wireshark patch (all) | Asier Martínez | Wi-Fi frame injection patch for Wireshark |
| MDK3 (R) | Pedro Larbig | Multi-purpose tool for common unauthenticated attacks (& MDK2) |
| Zulu (R) | mccoyd | Comand line wireless frame injector |
|
| WEP |
| WEPCrack (RFMON) | Anton T. Rager | An open source tool for breaking 802.11 WEP secret keys
(original) |
| AirSnort (RFMON) | Snax | AirSnort is a WLAN tool which recovers encryption keys (Forums) |
| WepLab (RFMON) | J. I. Sánchez Martín | Tool to teach how WEP works, its vulnerbilities and to break WEP keys |
| WepAttack | D. Blunk, A. Girardet | WLAN open source Linux tool for breaking 802.11 WEP keys |
| WEPWedgie (airjack) | Anton Rager | Tool for determining WEP keystreams and injecting traffic |
| chopchop (W) | KoreK | WEP attacks (inverse adaptive chosen plaintext attack, inductive) |
| afrag (R) | Pedro Larbig | Implementation of the Fragmentation Attack (rt2570) |
| WepOff (usage) | S. Gordeychik | Fake AP frag. attack tool against WEP-based wireless clients. |
|
| EAP, WPA, WPA2... |
| asleap (RFMON) | Joshua Wright | Weak (Cisco) LEAP password recovery tool (MS-CHAPv2). PPTP too. |
| coWPAtty | Joshua Wright | Offline WPA PSK Dictionary Attack Tool |
| wpa_attack | T. Takahashi | WPA Passive Dictionary Attack Overview |
| WPA supplicant | Jouni Malinen | Linux WPA/WPA2/IEEE 802.1X Supplicant |
| Open1X | Group | Open Source Implementation of IEEE 802.1X |
| GRC's password generator | Steve Gibson | WEP & WPA GRC's Ultra High Security Password Generator |
| WPA-PSK Key Generator | Kurtm | WPA pre-shared key generator (Warewolf Labs) |
| SecureW2 (Win) | Alfa & Ariss | The powerful open source EAP-TTLS Client for Windows (& PocketPC) |
|
| WIDS (open-source) |
| AirSnare | Digital Matrix | Windows wireless intrusion detection for unfriendly MAC & DHCP requests |
| APTools | Kirby Kuehl | 802.11b Rogue Access Point Detection |
| Snort-Wireless | Andrew Lockhart | Wireless extensions for Snort |
| WIDZ | Mark Osborne | Wireless Intrusion Detection System, an IDS for 802.11 (Wi-Fi Honeypot) |
|
| Access Points (MITM) |
| ap-utils | Bryan Burns | Wireless Access Point utilities for Unix (using the SNMP protocol) |
| AirSnarf (H) | The Shmoo Group | A rogue AP setup utility |
| Airsnarf Rogue Squadron | The Shmoo Group | A rogue AP implementation for the Linksys WRT54G |
| FakeAP (H) | Black Alchemy Ent. | 802.11b access points counterfeit generator |
| rfakeap (P, M) | Laurent Butti | Emulates IEEE 802.11 APs (wireless raw injection) |
| WKnock | Laurent Oudot | WiFi AP (802.11) knocking tool |
|
| Clients (MITM) |
| Hotspotter | Remote Exploit | Automatic wireless client penetration |
| KARMA (M, H) | Dino D. Zovi | Wireless Client Security Assessment Tools (auto net selection) |
| rglueap (P, M) | Laurent Butti | Catches wireless stations searching for preferred ESSIDs |
| WiFiTAP (P, M, H, W, R, RT) | Cedric Blancher | Direct comm. with an associated station to an AP directly |
| Probemapper (P) | ThinkSECURE | Tool to detect and inspect probe requests |
| Karmetasploit (all) | H D Moore | KARMA + Metasploit 3 == Karmetasploit |
| airbase-ng | aircrack-ng | Multiple client-based WiFi attack (suite) |
| Jasager (FON) | R. Wood | Karma on the FON (OpenWRT) |
|
| VPNs or Captive Portals |
| Wireless heartbeat | | Wireless authentication access control system (Captive portal) |
| Wicap | Brian Caswell | Wireless authentication captive portal |
| SLAN | | Secure LAN, VPN solution between client and service provider |
| Chillispot | Jens Jakobsen | Open source captive portal or wireless LAN access point controller |
| NoCatAuth | Schuyler Erle | Open source captive portal (Perl & C) |
| WiFiDog | Ile sans fil | A captive portal suite |
|
| Linux kernel |
| WiFi kernel stack | James Ketrenos | Open source 802.11 network stack for the Linux kernel |
| WiFi stack | Devicescape | Linux kernel alternative wireless GPL stack |
| WiFi softmac | SIP Solutions | Linux kernel software MAC layer |
| NdisWrapper | | Linux LKM to load and run Ndis (Windows network driver API) drivers |
| DriverLoader | Linuxant | Compatibility-wrapper for Windows NDIS drivers to run on Linux |
|
| Configuration |
| Wireless Assistant | | Linux scanning WiFi client tool (similar to Windows WZC) (NetGo) |
| Network Manager | Red Hat | Linux GUI network configuration utility |
| MAC changer | Alvaro Lopez Ortega | A GNU/Linux utility for viewing/manipulating the MAC address of NICs |
| SimpleMAC (Win) | Dukelupus | Windows MAC address modifying utility |
| SMAC (Win) | KLC Consulting, Inc. | Windows MAC address modifying utility ($$) |
| Macsift (Win) | Nathan True | Free command-line MAC changing utility for Windows XP |
|
| PDAs |
| WiFiFoFum2 | Aspecto Software | WiFi scanner and war driving software for Pocket PC |
| Ministumbler | Peter K. Lee | A Wireless 802.11(b) Network Analyzer for PDAs |
| Pocket Warrior | | Wi-Fi Surveying tool for the Pocket PC |
|
| Radio Frequency (RF) |
| WiSPY-Tools | Mike Kershaw | Open-source tools for supporting the Wi-Spy USB device |
| Wi-Spy software | Metageek | Windows tools for supporting the Wi-Spy USB device |
|
| (Online) WiFi power calculators |
| Wireless Calculator | Zytrax | Complete Javascript WiFi system calculator |
| Wireless utilities | Electro-comm Dist. | Interactive Wireless Network Design Analysis Utilities |
| Communications utilities | CSG | Communications Converters and Calculators |
| 802.11n WLAN Coverage Estimator | Airtight Networks | 802.11n signal estimation and layout calculator |
|
| WiFi-related tools |
| WPA-PSK lookup tables | Church of Wifi | Church of Wifi WPA-PSK Rainbow Tables |
| Rainbowtables | Shmoo | Precomputed rainbow tables (password hashes) - torrent - |
| Rainbowcrack-online | | Commercial pre-generated hash tables |
| CrypTool | TUD, DB | Free tool to apply and analyze cryptographic mechanisms |
Libro de criptografia  | Jorge Ramió | Libro Electronico de Seguridad Informatica y Criptografia |
|
| Live CDs |
| BackTrack | Remote-Exploit | Slackware-based Live CD |
| SkyRidr | Nico Darrow | WiFi FreeFall Toolkit (Auditor CD-based) |
| WiFiSlax | SeguridadWireless | Wireless Auditing Live CD (BT-based) - Spanish |
| WiFiWay | SeguridadWireless | Wireless Auditing Live CD |
| Russix | Russ & Steve | Wireless Auditing Live CD |
| Russix | Russ & Steve | Wireless Auditing Live CD |
| OSWA-Assistant | ThinkSECURE | Wireless Auditing Live CD |
