Below we describe a collection of cost-free tools that can be used both as attack tools and as audit tools.
· AirJack (http://802.11ninja.net/airjack/) is a collection of wireless card drivers and related programs. It includes a program called
monkey_jack that automates the MITM attack.
Wlan_jack is a DoS tool that accepts a target source and BSSID to send continuous deauthenticate frames to a single client or an entire network (broadcast address).
Essid_jack sends a disassociate frame to a target client in order to force the client to reassociate with the network, thereby giving up the network SSID.
- AirSnort (www.airsnort.shmoo.com ) can break WEP by passively monitoring transmissions and computing the encryption key when enough packets have been gathered.
- Ethereal (www.ethereal.com ) is a LAN analyzer, including wireless. One can interactively browse the capture data, viewing summary and detail information for all observed wireless traffic.
- FakeAP (ww.blackalchemy.to/project/fakeap) can generate thousands of counterfeit 802.11b access points.
- HostAP (www.hostap.epitest.fi) converts a station that is based on Intersil’s Prism2/2.5/3 chipset to function as an access point.
- Kismet (www.kismetwireless.net) is a wireless sniffer and monitor. It passively monitors wireless traffic and dissects frames to identify SSIDs, MAC addresses, channels and connection speeds.
- Netstumbler (www.netstumbler.com) is a wireless access point identifier running on Windows. It listens for SSIDs and sends beacons as probes searching for access points.
- Prismstumbler (prismstumbler.sourceforge.net/) can find wireless networks. It constantly switches channels and monitors frames received.
- The Hacker’s Choice organization (www.thc.org) has LEAP Cracker Tool suite that contains tools to break Cisco LEAP. It also has tools for spoofing authentication challenge-packets from an AP. The WarDrive is a tool for mapping a city for wireless networks with a GPS device.
- StumbVerter (www.sonar-security.com/sv.html) is a tool that reads NetStumbler’s collected data files and presents street maps showing the logged WAPs as icons, whose color and shape indicating WEP mode and signal strength.
- Wellenreiter (http://www.wellenreiter.net/) is a WLAN discovery tool. It uses brute force to identify low traffic access points while hiding the real MAC address of the card it uses. It is integrated with GPS.
- WEPcrack (www.wepcrack.sourceforge.net) cracks 802.11 WEP encryption keys using weaknesses of RC4 key scheduling.