Wi-Ploit Wi-Fi Exploit Tool

Wi-Ploit

Wi-Ploit is a library of Wi-Fi exploitation tools. Supports the latest other tools e.g: Aircrack-ng etc.


Attacks:

  1. Rogue Access Point (hostapd).
  2. Rogue Access Point (hostapd-mana).
  3. WPS attack (Reaver) * Upcoming.

rogue access point is a wireless access point that has been installed on a secure network without explicit authorization from a local network administrator, whether added by a well-meaning employee or by a malicious attacker.


Wi-Ploit is a library of Wi-Fi exploitation tools. Supports the latest other tools e.g: Aircrack-ng etc.  black-hat hackers I ♥ open source.

Rogue Access Point (hostapd)

  • Scan the networks.
  • Capture a handshake (can’t be used without a valid handshake, it’s necessary to verify the password)
  • Use WEB Interface *
  • Launch a FakeAP instance to imitate the original access point
  • Spawns a MDK3 process, which deauthenticated all users connected to the target network, so they can be lured to connect to the FakeAP and enter the WPA password.
  • A fake DNS server is launched in order to capture all DNS requests and redirect them to the host running the script
  • A captive portal is launched in order to serve a page, which prompts the user to enter their WPA password
  • Each submitted password is verified by the handshake captured earlier
  • The attack will automatically terminate, as soon as a correct password is submitted.

Rogue Access Point (hostapd-mana)

hostapd-mana is a featureful rogue wifi access point tool. It can be used for a myriad of purposes from tracking and deanonymising devices (aka Snoopy), gathering corporate credentials from devices attempting EAP (aka WPE) or attracting as many devices as possible to connect to perform MitM attacks.


Attracting as many devices as possible to connect to perform MitM attacks.

  • Scan the networks.
  • Capture a handshake (can’t be used without a valid handshake, it’s necessary to verify the password)
  • Use WEB Interface *
  • Launch a FakeAP instance to imitate the original access point AND VICTIMS AUTOMATICALLY CONNECTS TO CREATED FAKEAP
  • Spawns a MDK3 process, which deauthenticated all users connected to the target network, so they can be lured to connect to the FakeAP and enter the WPA password.
  • A fake DNS server is launched in order to capture all DNS requests and redirect them to the host running the script
  • A captive portal is launched in order to serve a page, which prompts the user to enter their WPA password
  • Each submitted password is verified by the handshake captured earlier
  • The attack will automatically terminate, as soon as a correct password is submitted

Wi-Ploit is a library of Wi-Fi exploitation tools. Supports the latest other tools e.g: Aircrack-ng etc.  black-hat hackers I ♥ open source.

Requirements

  • Kali Linux OS or Ubuntu 18.04 OS (Also tested on Parrot Security)
  • You will need an external Wireless Adapters

Recommended Wireless Adapters Chipsets

  • Atheros: ATH9KHTC (AR9271, AR7010)
    Tested: AR9271 (AWUS036NHA)
  • Ralink: RT3070
  • Realtek: RTL8192CU

Atheros: ATH9KHTC (AR9271, AR7010)
Tested: AR9271 (AWUS036NHA)
Ralink: RT3070
Realtek: RTL8192CU

Installation

git clone https://github.com/Johnler/Wi-Ploit.git
cd Wi-Ploit/
chmod +x Installer
./Installer
chmod +x wiploit

Use

./wiploit

Just make sure you hit ctrl+c when you’re satisfied with the SSID scan, capture the handshake and then launch.


Wi-Ploit

Wi-Ploit Version

1.b.c
b = major release
c = minor release


Credits

  1. vk496 – developer(s) of linset
  2. deltaxflux – developer(s) of fluxion
  3. SensePost – developer(s) of hostapd-mana
  4. https://github.com/Johnler/Wi-Ploit (Johnler)

IMPORTANT THINGS TO REMEMBER

  • This article was written for educational purposes and pentest only.
  • The author can not be held responsible for damages caused by the use of these resources.
  • You will not misuse the information to gain unauthorized access.
  • First of all, this information shall only be used to expand knowledge and not for causing malicious or damaging attacks.
  • Just remember, Performing any hacks without written permission is illegal ..!

Read also the Disclaimer..!


All the techniques provided in the tutorials on the hackingpassion.com, YouTube channel, and on the website hackingpassion.com are meant for educational purposes only.

If you are using any of those techniques for illegal purposes, hackingpassion.com can’t be held responsible for possible lawful consequences.

My goal is to educate people and increase awareness by exposing methods used by real black-hat hackers and show how to secure systems from these hackers.


Finally

If you have any questions about this article, any feedback, suggestions if you want to share your thoughts, please feel free to do it using the below comment form.

Bulls Eye
My name is Jolanda de Koff and on the internet, I'm also known as Bulls Eye. Ethical Hacker, Penetration tester, Researcher, Programmer, Self Learner, and forever n00b. Not necessarily in that order. Like to make my own hacking tools and I sometimes share them with you. "You can create art & beauty with a computer and Hacking is not a hobby but a way of life ..." I ♥ open-source and Linux"
error: Content is protected !!