[hunt3r972]

Hello guys, a new tool has been published and I would like to share it with you. This tool called Wireless IDS master is a Snort like tool for WIFI. If you want to know what this python script can do, just go to the officiel syworks website: http://syworks.blogspot.fr/2014/01/wirel...ystem.html

Copied from source website:

- Detect mass deauthentication sent to client / access point which unreasonable amount indicate possible WPA attack for handshakes.
- Continual sending data to access point using broadcast MAC address which indicate a possibility of WEP attacks
- Unreasonable amount of communication between wireless client and access point using EAP authentication which indicate the possibility of WPS bruteforce attack by Reaver / WPSCrack
- Detection of changes in connection to anther access point which may have the possibility of connection to Rogue AP (User needs to assess the situation whether similar AP name)
- Display similar Access Point's name (SSID) which could have the possibility of WiFi 'Evil Twins'.
- Display of probing SSID by wireless devices
- Detection of Korek Chopchop packets sent by Aircrack-NG (WEP attacks) - Detection of Fragmentation PRGA packets sent by Aircrack-NG (WEP attacks)
- Detection of possible WPA Downgrade attack by MDK3
- Detection of possible Michael Shutdown exploitation (TKIP) by MDK3
- Detection of Beacon flooding by MDK3
- Detection of possible Authentication DoS by MDK3
- Detection of possible association flooding
- Detection of WPA Migration Attack by Aircrack-NG (WPA Attack)
- Allow logging of events to file.
- Allow disabling of displaying of probing devices
- Wireless devices / Access point's manufacturer Identification basing on the MAC OUI database.

If you want to try it go to this link and download the files: https://github.com/SYWorks/wireless-ids

Then turn on monitoring mode: airmon-ng start <wireless interface>
Make the script executable: chmod +x wids.py
Start it with: ./wids.py -i mon0
Other options are available typing: ./wids.py -h

[hunt3r972]

Hello guys, a new tool has been published and I would like to share it with you. This tool called Wireless IDS master is a Snort like tool for WIFI. If you want to know what this python script can do, just go to the officiel syworks website: http://syworks.blogspot.fr/2014/01/wirel...ystem.html

Copied from source website:

- Detect mass deauthentication sent to client / access point which unreasonable amount indicate possible WPA attack for handshakes.
- Continual sending data to access point using broadcast MAC address which indicate a possibility of WEP attacks
- Unreasonable amount of communication between wireless client and access point using EAP authentication which indicate the possibility of WPS bruteforce attack by Reaver / WPSCrack
- Detection of changes in connection to anther access point which may have the possibility of connection to Rogue AP (User needs to assess the situation whether similar AP name)
- Display similar Access Point's name (SSID) which could have the possibility of WiFi 'Evil Twins'.
- Display of probing SSID by wireless devices
- Detection of Korek Chopchop packets sent by Aircrack-NG (WEP attacks) - Detection of Fragmentation PRGA packets sent by Aircrack-NG (WEP attacks)
- Detection of possible WPA Downgrade attack by MDK3
- Detection of possible Michael Shutdown exploitation (TKIP) by MDK3
- Detection of Beacon flooding by MDK3
- Detection of possible Authentication DoS by MDK3
- Detection of possible association flooding
- Detection of WPA Migration Attack by Aircrack-NG (WPA Attack)
- Allow logging of events to file.
- Allow disabling of displaying of probing devices
- Wireless devices / Access point's manufacturer Identification basing on the MAC OUI database.

If you want to try it go to this link and download the files: https://github.com/SYWorks/wireless-ids

Then turn on monitoring mode: airmon-ng start <wireless interface>
Make the script executable: chmod +x wids.py
Start it with: ./wids.py -i mon0
Other options are available typing: ./wids.py -h

[commander]

Thanks for sharing this hunt3r972...

[commander]

Thanks for sharing this hunt3r972...

[unnamed]

Interesting one, thanks.

[lapower]

Interesting, thanks for sharing!

[RaccoonCity_mybb_import13707]

Nice share, thanks.~