ska - Framework for sniffing ieee80211 packets and generating deauth packets and sending raw packets.
wificurse - WiFi DoS attack tool created for educational purposes only. It works only in Linux and requires wireless card drivers capable of injecting packets in wireless networks
WifiDeauth - A lightweight Wi-Fi auto deauthentication attack tool (libtins/C++)
wifijammer - Continuously jam all wifi clients/routers
WiFi-Rifle - Creating a wireless rifle de-authentication gun, which utilized a yagi antenna and a Raspberry Pi
wirelessjammer - Continuously jam all wifi clients and access points within range
WPA2-HalfHandshake-Crack - Capture enough of a handshake with a user from a fake AP to crack a WPA2 network without knowing the passphrase of the actual AP
wpa2hc - Quick script to automate converting WPA .cap files for Hashcat .hccap files.
Wpa-autopwn - WPA/WPA2 autopwn script that parses captured handshakes and sends them to the Crackq
Wpa-bruteforcer - Attacking WPA/WPA encrypted access point without client.
Penetrators-wps - Experimental tool that is capable of attacking multiple WPS-enabled wireless access points in real time.
phpreaver - A command line PHP script which uses the reaver WPS pin cracker to test multiple AP's with multiple WiFi adapters.
Pixiewps-android - Pixiewps is a tool written in C used to bruteforce offline the WPS pin exploiting the low or non-existing entropy of some APs (pixie dust attack).
pyxiewps_WPShack-Python - Wireless attack tool written in python that uses reaver, pixiewps and aircrack to retrieve the WPS pin of any vulnerable AP in seconds
reaver_reattempt - Change the Mac address of the wifi connection as well as the emulated one created by airmon-ng in an attempt to avoid being locked out of routers for repeated WPS attack attempts
Reaver-webui - Simple WebUI to crack wireless networks using reaver
Reaver-wps-fork-t6x - Community forked version which includes various bug fixes, new features and additional attack method (such as the offline Pixie Dust attack)
Reaver-wps - Brute force attack against Wifi Protected Setup
wpscrack - Continuation of wpscrack originally written by Stefan Viehböck
Wps-Ultimate-Cracker - This script will help help you to get the most of router in morocco by using pixiewps , reaver , aircrack-ng ,wifite
Others
apbleed - Allows you to use existing heartbleed tools to test the RADIUS server
eapmd5pass - An implementation of an offline dictionary attack against the EAP-MD5 protocol. This utility can be used to audit passwords used for EAP-MD5 networks from wireless packet captures, or by manually specifying the challenge, response and associated authentication information.
haircrack - Automated aircrack/reaver/pyrit (An interface for aircrack/reaver/pyrit written in python. The interface itself may never get finished.)
IKECrack - IKE/IPSec authentication crack tool. This tool is designed to bruteforce or dictionary attack the key/password used with Pre-Shared-Key [PSK] IKE authentication.
Wpe-parse - This is a simple parsing script to convert output from hostapd-wpe (which makes John the Ripper-formatted logs) to Hashcat format.
Injection
Aggr-inject - Remote frame injection PoC by exploiting a standard compliant A-MPDU aggregation vulnerability in 802.11n networks.
Aircrack-db - A list of wireless cards tested with the dual-card injection test and in the field
Rspoof - Wifi Automated Fake HotSpot Hijacking with aicrack-ng, airbase, ssl-strip, and dns spoof in Python
Scapy-fakeap - Fake wireless Access Point (AP) implementation using Python and Scapy
snifflab - Scripts to create your own MITM'ing, packet sniffing WiFi access point
startools - To use a RasPi to do an Evil Twin attack and capture 802.1x RADIUS creds
wifi_honey - Setting up four fake access points, each with a different type of encryption, None, WEP, WPA and WPA2 and the seeing which of the four the client connects to
wifiphisher - Automated victim-customized phishing attacks against Wi-Fi clients
WiFi-Pumpkin - Framework for Rogue Wi-Fi Access Point Attack
SSIDentity - Passive sniffing of 802.11 probe requests, stored in a central database.
TCP-SeqNum - Means to sniff 802.11 traffic and obtain TCP session info using netfiter_queue. Use that data to construct a packet in scappy.
wallofshame - Multi protocol sniffer, created for ChaosConstruction conference HackSpace
Watcher - Canari framework based Maltego transform pack that allows you to perform wireless sniffing within Maltego
WiFi-802.11-Demo-Sniffer - This 802.11 sniffer written in Python provides a useful tool to raise awareness at the amount of data phones release for anyone to read.
Wifi-harvester - For collecting probed SSID name by wireless devices, Access point detail and connected clients.
wifijamMac - Allows you to select one or more nearby wireless networks, thereupon presenting a list of clients which are currently active on the network(s)
wtf - Wireless Test Framework. Collection of test suites for validating various wifi functionality on various wifi devices.
zarp - Network attack tool centered around the exploitation of local networks
Information Gathering
3WiFi Database - Collect data from Router Scan log reports, search for access points, obtain its geolocation coordinates, and display it on world map
access_points - Scan your WiFi and get access point information and signal quality
Accumulation-rssi - Linux utility for accumulation of WiFi RSSI to text file. Using nl80211, Managed mode. Useful for experiments with WiFi (example, localization)
airscan - Wi-Fi scanning utility for the Nintendo DS
basiciw - Retrieve information such as ESSID or signal quality from wireless cards (Python module)
Get-rssi - Linux utility for getting RSSI WiFi of APs to text file. Using Monitor mode, libpcap.
IndoorPositionr - Indoor positioning using Android to provide the surrounding Access Points signals and guess the position
Isniff-GPS - Passive sniffing tool for capturing and visualising WiFi location data disclosed by iOS devices
rssi - Indoor localisation using RSSI. RSSI is received signal strength indicator in IEEE 802.11 beacon packet to announce the presence of WiFi
whoishere - WIFI Client Detection - Identify people by assigning a name to a device performing a wireless probe request.
Wifi-Dumper - Dump the wifi profiles and cleartext passwords of the connected access points on the Windows machine
Wifi-monitor - Prints the IPs on your local network that're sending the most packets ack = 802.11 control frame acknowledgement or …
badkarma - BadKarma is a simple python script used to detect and disrupt rouge access points/honeypots using the karma attack such as the wifi pineapple
EvilAP_Defender - Protect your Wireless Network from Evil Access Points
waidps - Wireless Auditing, Intrusion Detection & Prevention System
Wave - 802.11 IDS, visualizer, and analytics platform for the web
Wireless-forensics-framework - Automated Wireless Penetration Testing and Carrying out Wireless Forensics in Python
Wireless-ids - Ability to detect suspicious activity such as (WEP/WPA/WPS) attack by sniffing the air for wireless packets
wmd - Simple solution for the detection and location of Rogue Access Points.
wraith - Wireless Reconnaissance And Intelligent Target Harvesting
wspy - Python tool to create a wireless ids it detects which clients are connected to a network to allow the creation of usage patterns of a netowrk by the clients
Libraries/General Purpose Tools
80211p_raw - Raw socket utilities for 802.11p transmission
80211_raw - Sender and receiver for WiFi (IEEE802.11) network with raw sockets
banjax - Library for low-level programming of IEEE 802.11 wireless network interfaces on the GNU/Linux operating system
pcap2xml - Convert 802.11 Packet Traces to XML and SQLITE Format
PCS - Set of Python modules and objects that make building network protocol code easier for the protocol developer
Probr-core - The core-component for generic WiFi tracking: remote device management, packet capturing, packet storage
py80211 - Suite of libraries for parsing 802.11 packets as well as managing wireless cards and working with 802.11 information
PyRIC - PyRIC (is a Linux only) library providing wireless developers and pentesters the ability to identify, enumerate and manipulate their system's wireless cards programmatically in Python.
python3-wifi - Python WiFi is a Python module that provides read and write access to a wireless network card's capabilities using the Linux Wireless Extensions.
Python-radiotap - Tiny lib for parsing radiotap/802.11 headers in python
python-wifi - Python WiFi is a Python module that provides read and write access to a wireless network card's capabilities using the Linux Wireless Extensions.
Qca-swiss-army-knife - Hosts a set of utilities that we use to debug / help with our driver development
Radioparse - A WiFi protocol parser that can be used with radiotap packets and node-pcap
Scapy - Python-based interactive packet manipulation program & library
Wifi-scan - A nl80211 C/C++ library for monitoring signal strength of WiFi networks
create_ap - This script creates a NATed or Bridged WiFi Access Point.
disable-802.11b-snmp - A tool to set 802.11 protocols on thousands of Access Points with SNMP.
Do-wifi - Command line tool for scanning and connecting to wifi networks in Linux.
full_permissive_unlock_ath - This kernel patch enable all 2GHZ & 5GHZ channels (without restriction) for ath9k & ath5k forced to use buildin world regulatory
FWAP - Minimal, very lightweight access point implementation
hostapd - Python script to make using and configuring hostapd easier
hostapd - User space daemon for access point and authentication servers
Hostapd-mana - Hostapd-mana for the 6.th gen. Wifi Pineapple, and OpenWRT
hostapd-mana-openwrt - Hostapd-mana - build-files, and installation-files for OpenWRT
Wifi-ap - Library wrapper around hostapd and dnsmasq and their respective configuration files that allows for programmatically creating access points in Debian-based Linux environments
Wifi-frequency-hacker - A modified frequency regulatory domain configuration that doesn't limit you.
WirelessConfig - A 802.1x Python wireless configuration tool with Cocoa wrappers
Monitoring
como - CoMo is a passive monitoring system that supports arbitrary real time traffic queries
horst - Lightweight IEEE802.11 wireless LAN analyzer with a text interface. Its basic function is similar to tcpdump, Wireshark or Kismet, but it's much smaller and shows different, aggregated information which is not easily available from other tools.
Ap-notify - An example of using the Linux kernel netlink protocol, specifically nl80211 via libnl/libnl-genl, to catch stations associating/disassociating with an 802.11 AP
ath9k-4w-patch - Resources for increasing power of ath9k devices, such as TP-link WN722N
Ath9k-nav - Linux kernel module to poll the NAV register on Atheros 9k series WLAN cards.
bunny - Bunny is a wireless. meshing, darknet that uses 802.11 to hide its communications
Connect-wifi - Dmenu based application for Linux that connects to the strongest open wireless network
Cover-channel - Userland code for creating a covert channel in wireless broadcast medium
disassociatedWiFi - DisassociatedWiFi creates a virtual network interface (using the Linux TUN/TAP device driver) which sends and receives ethernet frames over an 802.11 (WiFi) interface, that has been placed in monitor mode, and supports packet injection.
FFT_eval - Aid open source spectrum analyzer development for Qualcomm/Atheros AR92xx and AR93xx based chipsets
Frame-randomizer - Capture and randomize 802.11 Association Request frames
react80211 - Solution for mitigating the performance impairments of CSMA/CA protocols in multi-hop topologies based on the dynamic adaptation of the contention process experienced by nodes in a wireless network