Herramientas - Wi-Fi

Una amplia variedad de herramientas Wi-Fi son enunciadas a continuacion, en general estas herramientas realizan las siguientes funciones:

• Wireless network discovery
• Wireless network mapping
• Wireless network traffic analysis
• Wireless network RF signal strength monitoring
• Wireless network encryption cracking
• Wireless network custom frame generation
• Dictionary or brute force attacks against wireless networks
• Denial of Service (DoS) attacks against

- Herramientas para las plataformas múltiples:
. Aircrack-ng is a WEP and WPA-PSK key cracking program for use on 802.11 networks. The primary purpose for the program is to recover a lost or unknown key once enough data is captured.

- Herramientas para plataforma Windows:
. KNSGEM II is a program that takes the survey logs produced by NetStumbler, Kismet, or WiFiHopper and compiles the data with data google earth to provide colorized 3D coverage maps.
. NetStumbler is a Wi-Fi tool for Windows that allows you to detect Wireless Local Area Networks (WLANs) using 802.11b, 802.11a and 802.11g.
. OmniPeek is the next generation version of commercial wireless analysis software from wildpackets which combines the legacy applications AiroPeek and EtherPeek.
. Stumbverter is a standalone application which allows you to import Network Stumbler's summary files into Microsoft's MapPoint 2004 maps. The logged WAPs will be shown with small icons, their colour and shape relating to WEP mode and signal strength.
. Lucent/Orinoco Registry Encryption/Decryption. Lucent Orinoco Client Manager stores WEP keys in the Windows registry under a certain encryption/obfuscation. This wi-fi tool can be used to encrypt WEP keys into a registry value or to decrypt registry values into WEP keys
. WiFi Hopper is a windows network discovery and connection client. WiFi Hopper can assist auditors with Site Surveys, Connection parameter testing, and Network Discovery. Filters allow you to easily limit the details displayed, as well as what kinds and configurations of equipment will be tested.
. APTools is a utility that queries ARP Tables and Content-Addressable Memory (CAM) for MAC Address ranges associated with 802.11b Access Points. It will also utilize Cisco Discovery Protocol (CDP) if available. If an Access Point that is web managed is identified, the security configuration of the Access Point is audited via HTML parsing.

- Herramientas para plataforma Unix:
. Aircrack is a unix static WEP and WPA-PSK key cracking utility. Aircrack isn't under development anymore, and has been replaced by Aircrack-ng. Although functional, you probably want to get aircrack-ng unless you have a specific reason to use aircrack.
. Aircrack-ptw was a proof of concept software release showcasing the performance gains you can receive by implementing a new cracking algorithm. The focus of this toolset is on the WEP security algorithm. Aircrack-ptw is implemented in Aircrack-ng, which is a much more robust and complete package.
. AirSnort is a wireless LAN (WLAN) tool which cracks encryption keys on 802.11b WEP networks. AirSnort operates by passively monitoring transmissions, computing the encryption key when enough packets have been gathered.
. CoWPAtty is a program that utilized look up tables to optmize brute force key cracking for shortest time. The hash tables provides include 100,000 dictionary and common key words with the top 1000 most common WiFi SSIDs. The focus for cracking is on the WPA1 and WPA2 protocols. If you need to crack a WEP key, try Aircrack-ng.
. Karma is a set of wireless client assessment tools compiled into a single package release. The intent of the package is to indentify and take advantage of methods operating systems use to connect to access points. Although no exploit codes are provided with the code release, the suite has been tested with multiple exploit releases.
. Kismet is an 802.11 Layer 2 wireless network detector, sniffer, and Intrusion Detection System. Kismet will work with any wireless card which supports raw monitoring (rfmon) mode, and can sniff 802.11b, 802.11a, and 802.11g traffic.
. Wellenreiter, by Max Moser, is a GTK/Perl program that makes the discovery and auditing of 802.11b Wi-Fi wireless networks much easier. All three major wireless cards (Prism2, Lucent, and Cisco) are supported.
. Airsnarf is a simple rogue wireless access point setup utility designed to demonstrate how a rogue AP can steal usernames and passwords from public Wi-Fi hotspots. Airsnarf was developed and released to demonstrate an inherent vulnerability of public 802.11b hotspots--snarfing usernames and passwords by confusing users with DNS and HTTP redirects from a competing AP.
. Hotspotter passively monitors Wi-Fi networks for probe request frames to identify the preferred networks of Windows XP clients, and will compare it to a supplied list of common hotspot network names. If the probed network name matches a common hotspot name, Hotspotter will act as an access point to allow the client to authenticate and associate.
. BSD-Airtools is a package that provides a complete toolset for wireless 802.11b auditing. Namely, it currently contains a bsd-based wep cracking application, called dweputils (as well as kernel patches for NetBSD, OpenBSD, and FreeBSD).
. WaveStumbler is console based 802.11 network mapper for Linux.
. WEPCrack is a tool that cracks 802.11 WEP encryption keys by exploiting the weaknesses of RC4 key scheduling.
. AirFart is a wireless tool created to detect Wi-Fi devices, calculate their signal strengths, and present them to the user in an easy-to-understand fashion. It is written in C/C++ with a GTK front end. Airfart supports all wireless network cards supported by the linux-wlan-ng Prism2 driver that provide hardware signal strength information in the "raw signal" format (ssi_type 3).
. AirTraf is one of the first wireless 802.11(b) network analyzers. With the growth of interest in wireless networks, network administrators of today are faced with a challenge. The challenge is to effectively deploy numerous access points within their organization to provide wireless coverage for all users, and at the same time make sure that everyone who is granted access is able to operate in a fast, robust network environment.
. AP Hunter (Access Point Hunter) can find and automatically connect to whatever wireless network is within range. AP Hunter can be used for site surveys, writing the results in a file.
. AP Radar (Access Point Radar) is a Linux/GTK+ based graphical netstumbler and wireless profile manager. This project makes use of the version 14 wireless extensions in linux 2.4.20 and 2.6 to provide access point scanning capabilities for most models of wireless cards.
. Mognet is a simple, lightweight 802.11b sniffer written in Java and available under the GPL. It features realtime capture output, support for all 802.11b generic and frame-specific headers, easy display of frame contents in hex or ascii, text mode capture for GUI-less devices, and loading/saving capture sessions in libpcap format.
. PrismStumbler is a wireless LAN (WLAN) discovery tool which scans for beaconframes from accesspoints. Prismstumbler operates by constantly switching channels and monitors any frames recived on the currently selected channel.
. THC WarDrive is a tool for mapping your city for wavelan networks with a GPS device while you are driving a car or walking through the streets. It is effective and flexible, a "must-download" for all wavelan nerds.
. Wi-find is a wirelesss network detection tool that is written in C and is aiming for flexibility and clean easy to understand code. Wi-find currently only supports Prism2 based cards using the wlan-ng drive.
. Wifi-Scanner is a tool that has been designed to discover wireless nodes (i.e access point and wireless clients). It is distributed under the GPL License. WiFi-Scanner will work with Cisco cards and prism cards with the hostap driver or wlan-ng driver.
. WaveMon is a ncurses-based monitor for wireless devices. It allows you to watch the signal and noise levels, packet statistics, device configuration, and network parameters of your wireless network hardware.
. WPM (Wireless Power Meter) is intended to give you a nice signal strength meter for analyzing your wireless connection, and facilitate setting up point-to-point links.
. Asleap exploits weaknesses in Cisco's LEAP protocol.
. anwrap.pl is a wrapper for ancontrol that serves as a Dictionary attack tool against LEAP enabled Cisco Wireless Networks. anwrap traverses a user list and password list attempting authentication and logging the results to a file. anrwap really wrecks havoc on RADIUS calls to NT networks that have lockout policies in place, you have been warned.
. WEPWedgie is a toolkit for determining 802.11 WEP keystreams and injecting traffic with known keystreams. The toolkit also includes logic for firewall rule mapping, pingscanning, and portscanning via the injection channel and a cellular modem.
. AirJack is a device driver (or suite of device drivers) for 802.11(a/b/g) raw frame injection and reception. It is meant as a development tool for all manor of 802.11 applications that need to access the raw protocol.
. Fake AP. Black Alchemy's Fake AP generates thousands of counterfeit 802.11b access points. Hide in plain sight amongst Fake AP's cacophony of beacon frames. As part of a honeypot or as an instrument of your site security plan, Fake AP confuses Wardrivers, NetStumblers, Script Kiddies, and other undesirables.
. Macfld tool utilizes the Linux wireless extensions to generate and set random MAC addresses on a Cisco or patched Lucent (drivers) NIC, eventually filling up the association ID table on a wireless bridge.
. Wireless Access point Utilities for Unix is a set of wi-fi utilities to configure and monitor Wireless Access Points under Unix using SNMP protocol. Wireless Access Point Utilities compiles by GCC and IBM C compiler and runs under Linux, FreeBSD, NetBSD, MacOS-X, AIX, QNX, OpenBSD.
. AP Hopper is a program that automatically hops between access points of different wireless networks. It checks for DHCP and Internet Access on all the networks found. It logs successful and unsuccessful attempts.
. APTools is a utility that queries ARP Tables and Content-Addressable Memory (CAM) for MAC Address ranges associated with 802.11b Access Points. It will also utilize Cisco Discovery Protocol (CDP) if available. If an Access Point that is web managed is identified, the security configuration of the Access Point is audited via HTML parsing.
. Gpsd is a daemon that listens to a GPS or Loran receiver and translates the positional data into a simplified format that can be more easily used by other programs, like chart plotters. The package comes with a sample client that plots the location of the currently visible GPS satellites (if available) and a speedometer. It can also use DGPS/ip.
. GpsDrive is a car (bike, ship, plane) navigation system. GpsDrive displays your position provided from your NMEA capable GPS receiver on a zoomable map, the map file is autoselected depending of the position and prefered scale. Speech output is supported if the "festival" software is running. The maps are autoselected for best resolution depending of your position and can be downloaded from Internet.
. Airpwn is a tool for generic packet injection on an 802.11 network. airpwn requires two 802.11b interfaces, one for listening, and another for injecting. It uses a config file with multiple config sections to respond to specific data packets with arbitrary content.
. Wifitap allows users to connect to wifi networks using traffic injection. The concept is the same as most "man-in-the-middle" or "monkey-in-the-middle" attacks. For WifiTap to work, another system must have an association with an access point that the WifiTap system wants to pass traffic through.

- Herramientas para plataforma Mac OS:
. MacStumbler is a utility to display information about nearby 802.11b and 802.11g wireless access points. It is mainly designed to be a tool to help find access points while traveling, or to diagnose wireless network problems.
. KisMAC is a free stumbler application for MacOS X, that puts your card into the monitor mode. Unlike most other applications for OS X we are completely invisible and send no probe requests. KisMAC supports third party PCMCIA cards with Orinoco and PrismII chipsets, as well as Cisco Aironet cards.
. Kismet is an 802.11 Layer 2 wireless network detector, sniffer, and Intrusion Detection System. Kismet will work with any wireless card which supports raw monitoring (rfmon) mode, and can sniff 802.11b, 802.11a, and 802.11g traffic.
Fuente: www.tech-faq.com