90N45 D3v DBmonster Save

With dBmonster, you are able to scan for nearby WiFi devices and track them through the signal strength (dBm) of their sent packets. Therefore, you can identify the exact location of nearby WiFi devices (use a directional WiFi antenna for the best results) or find out in which direction your (self made) antenna works the best (antenna radiation patterns).In addition, there are features such as tracking the signal strength of packet types that are often abused in WiFi attacks (ex. Deauthentication Frames) to determine the location of someone attacking your network.You can also check for devices that are sending Probe Requests for an unusual long time. You will then be notified when dBmonster detects that a stalker’s device is following you (inspiration: Matt Edmondson’s BlackHat article).All in all, it's a multitool for tracking and locating nearby devices via their activities in the radio frequency range.

Table of contents

• Features on Linux and MacOS
• Short preview
• Installation
• Has been successfully tested on...
• Troubleshooting for MacOS
• Working on...
• Additional information

Features on Linux and MacOS

Short preview (Advanced 802.11 Frame Tracking)

https://user-images.githubusercontent.com/79598596/208249552-48a56e68-9764-4f45-8aca-ba64a1a048c1.mov

Installation

git clone https://github.com/90N45-d3v/dBmonster
cd dBmonster

# Install required tools (On MacOS without sudo)
sudo python requirements.py

# Start dBmonster
sudo python dBmonster.py

* ⚠️ Due to a bug in matplotlib with Python 3.11, the plot window needs to be resized to work. Till now, please use Python ≤ 3.10 for smooth usage

Has been successfully tested on...

* should work on any MacOS or Debian based system and with every WiFi card that supports monitor-mode

Troubleshooting for MacOS

Normally, you can only enable monitor-mode on the internal wifi card from MacOS with the airport utility from Apple. Somehow, wireshark (or here TShark) can enable it too on MacOS. Cool, but because of the MacOS system and Wireshark’s workaround, there are many issues running dBmonster on MacOS. After some time, it could freeze and/or you have to stop dBmonster/TShark manually from the CLI with the ps command. If you want to run it anyway, here are some helpful tips:

Kill dBmonster, if you can't stop it over the GUI

Look if there are any processes, named dBmonster, tshark or python:

sudo ps -U root

Now kill them with the following command:

sudo kill <PID OF PROCESS>

Stop monitor-mode, if it's enabled after running dBmonster

sudo airport <WiFi INTERFACE NAME> sniff

Press control + c after a few seconds

* Please contact me on twitter, if you have anymore problems

Working on...

• RSSI at MAC Address Lookup if device is nearby
• SDR support for advanced operations
• Capture signal strength data for offline graphs
• Generate multiple graphs in one coordinate system
• MAC address assembler - Associate multiple random MAC addresses because of their similar dBm signal
• PCAP File Analytics - Classify detected devices and calculate the average signal strength
• @Hak5 WiFi Coconut Mode - Transfer sniffed traffic in realtime to dBmonster (Need tester... Contact me on Twitter)

Additional information

• If the tracked WiFi device is out of range or doesn't send any packets, the graph stops plotting till there is new data. So don't panic ;)
• dBmonster wasn't tested on all systems... If there are any errors or something is going wrong, contact me. (Of course you can also contact me if you liked my project!)