wireless.md

title	description
Wireless	Discover tools and resources for exploiting Wi-Fi, bluetooth, RFID, and more.

Wireless

Discover tools and resources for exploiting Wi-Fi, bluetooth, RFID, and more.

Bluetooth

• bettercap - Swiss army knife for WiFi, Bluetooth, HID, and ethernet network.
• BLE Scanner 4.0 iOS Android - Scanner Utility for Bluetooth Low Energy, iBeacon and Eddystone devices.
• BLE-Beacon-Scanner - Scan for BLE Beacons (iBeacon and Eddystone)
• BLESuite - Python package that provides an easier way to test Bluetooth Low Energy (BLE) device.
• Bluefruit LE Sniffer - Passively capture data exchanges between two BLE devices, pushing the data into Wireshark, where you can visualize things on a packet level.
• Bluelog - Linux bluetooth scanner
• BlueScanner - Windows tool to locate bluetooth devices and get to know its features.
• BSS - Bluetooth Stack Smasher
• BTcrack - Bluetooth PIN and Link-key cracker.
• BtleJuice - BtleJuice Bluetooth Smart (LE) Man-in-the-Middle framework.
• Btmon - Arduino bluetooth monitoring tool.
• Btscanner - Scans for new devices and retrieves any information requested.
• Crackle - Crack and decrypt BLE encryption.
• Ellisys Bluetooth Explorer - All-In-One Wideband BR/EDR and Low Energy sniffer with concurrent capture of Wi-Fi 2x2 802.11 a/b/g/n, 2.4 GHz spectrum, HCI (USB, UART, SPI), WCI-2, logic signals, generic I2C/UART/SPI/SWD, and Audio I2S.
• hcitool - Bluetooth host controller CLI tool for sending HCI commands on MacOS and Linux.
• Sweyntooth - Captures a family of 18 vulnerabilities across different Bluetooth Low Energy (BLE) software development kits (SDKs) of six major system-on-a-chip (SoC) vendors.

Cellular

• Crocodile Hunter - A tool to hunt fake eNodeBs, also known commonly as hailstorm, stingray, cell site simulators, or IMSI catchers.
• Kalibrate - Scan for GSM base stations in a given frequency band and can use those GSM base stations to calculate the local oscillator frequency offset.

DECT

• gr-dect2 - Real-time DECT voice channel decoding by Gnuradio. It allows to listen to a voice when encryption isn't applied.
• re-DECTed - Tools for playing with DECT.

NFC

• ACR122U USB NFC Reader - Contactless smart card reader/writer developed based on 13.56 MHz Contactless (RFID) Technology
• Keysy - Backup up to four RFID access credentials into a small keyfob form factor.
• libnfc - Platform independent Near Field Communication (NFC) library.
• MFCUK - MiFare Classic Universal toolKit.
• MFOC - Mifare Classic Offline Cracker.
• NFCGate - Android application meant to capture, analyze, or modify NFC traffic.
• NFC Smart Card Info - Android App. Shows Java Card applet installed on a contact-less Smart Card and tag info.
• NFC Tag Cloner - Android App. Clone NFC tags to another tag or to your phone
• NFC TagInfo - Android App. The “Swiss Army knife” for NFC! Value checker, content viewer and analysis tool.
• pcscd - PC/SC Smart Card Daemon. A resource manager that coordinates communications with smart card readers and smart cards and cryptographic tokens that are connected to the system.

RFID

• ICopyX - Hardware to rapidly and easily clone RFID tags like an expert.
• Proxmark - RFID swiss-army tool, allowing for both high and low level interactions with the vast majority of RFID tags and systems world-wide
• RFIDOt - Python RFID / NFC library & tools.
• Wiegotcha - Long Range RFID Thief.

SDR

• Airspy - State of the art SDR hardware for HF and VHF.
• bladeRF Micro 20.0 - Next-generation 2x2 MIMO, 47MHz to 6GHz frequency range, off-the-shelf USB 3.0 Software Defined Radio (SDR)
• gqrx - Software defined radio receiver powered by GNU Radio and Qt.
• gr-fosphor - GNURadio block for spectrum visualization using GPU.
• inspectrum - Analysing captured signals, primarily from software-defined radio receivers.
• LimeSDR - A low cost, open source, apps-enabled (more on that later) software defined radio (SDR) platform that can be used to support just about any type of wireless communication standard.
• Multimon-NG - Successor of multimon. Decodes various digital transmission modes.
• rtl_fm - Set of scripts that acts as a wrapper for rtl_fm and a few helper scripts for making listening to radio signals with SDR easy.
• USRP B210 - A fully integrated, single-board, Universal Software Radio Peripheral (USRP™) platform with continuous frequency coverage from 70 MHz – 6 GHz.

Wi-Fi

• AirCheck G3 Pro - Hardware-enabled site survey solution for Wi-Fi 6/6E networks.
• Aircrack-NG - A complete suite of tools assess WiFi network security.
• Airpwn - Packet injection for wifi; simplified.
• Airstrike - Automatically grab and crack WPA-2 handshakes with distributed client-server architecture.
• Alfa Card - The Atheros chipset supports all 6 WiFi modes. Best success rate of various injection attacks using this Wi-Fi adaptor.
• AWSY - Are.We.Secure.Yet Framework aims to test the wifi security of a location, attempting to locate individual devices.
• Beacongraph - Graph visualization of wireless client and access point relationships.
• bettercap - Swiss army knife for WiFi, Bluetooth, HID, and ethernet network.
• Chanalyzer - A powerful dual-band spectrum analyzer that measures Wi-Fi and non-Wi-Fi activity in both the 2.4 GHz and 5 GHz bands.
• coWPAtty - WPA2-PSK Cracking
• cpscam - Bypass captive portals by impersonating inactive users.
• dBmonster - Track WiFi Devices With Their Recieved Signal Strength.
• Ekahau HeatMapper - Perform wireless network analysis, optimization, and simulation with high-definition visual Wi-Fi heatmaps that take the guesswork out of network coverage and performance.
• FruityWiFi - FruityWiFi is a wireless network auditing tool.
• Giskismet - Wireless recon visualization tool.
• iSniff-GPS - Passive sniffing tool for capturing and visualising WiFi location data disclosed by iOS devices.
• inSSIDer - Helps to remove that frustration by showing you exactly how your network is configured, how neighboring Wi-Fi networks are impacting yours, and gives suggestions for fast, secure Wi-Fi.
• Kismapping - A WiFi heatmapping tool which consumes Kismet output and produces a heatmap.
• Kismet - A sniffer, WIDS, and wardriving tool for Wi-Fi, Bluetooth, Zigbee, RF, and more.
• KRACK - Scripts to test if clients or access points (APs) are affected by the KRACK attack against WPA2.
• Kr00k - Allows to decrypt some WPA2 CCMP data in vulnerable devices (Access Point or Clients).
• MDK4 - MDK is a proof-of-concept tool to exploit common IEEE 802.11 protocol weaknesses.
• Netsh - CLI utility that allows you to display or modify the network configuration of a computer that is currently running.
• PixieWPS - An offline Wi-Fi Protected Setup brute-force utility.
• Reaver - Brute force attack against Wi-Fi Protected Setups (WPS)
• r00kie-kr00kie - This is a PoC exploit for the CVE-2019-15126 kr00k vulnerability.
• SniffAir - Wireless security framework which provides the ability to easily parse passively collected wireless data as well as launch sophisticated wireless attacks.
• tonic - Provides a reliable process for troubleshooting Wi-Fi devices (endpoints) on-site.
• Wifi Analyzer - Turns your android phone into a Wi-Fi analyzer! Shows the Wi-Fi channels around you.
• Wifiphisher - The Rogue Access Point Framework
• Wifite2 - Rewrite of the popular wireless network auditor, wifite.
• WiGLE - All the networks. Found by Everyone. Wi-fi wardrving database.
• WirelessKeyView - Recovers all wireless network security keys/passwords (WEP/WPA) stored in your computer.

Zigbee

• Killerbee - IEEE 802.15.4/ZigBee Security Research Toolkit

Z-Wave

• Killerzee - Tools for Attacking and Evaluating Z-Wave Networks