Wi-Ploit Wi-Fi Exploit Tool - 4 min read

Wi-Ploit is a library of Wi-Fi exploitation tools. Supports the latest other tools e.g: Aircrack-ng etc.


Attacks:

  1. Rogue Access Point (hostapd).
  2. Rogue Access Point (hostapd-mana).
  3. WPS attack (Reaver) * Upcoming.

rogue access point is a wireless access point that has been installed on a secure network without explicit authorization from a local network administrator, whether added by a well-meaning employee or by a malicious attacker.


Wi-Ploit is a library of Wi-Fi exploitation tools. Supports the latest other tools e.g: Aircrack-ng etc.  black-hat hackers I ♥ open source.

Rogue Access Point (hostapd)

  • Scan the networks.
  • Capture a handshake (can’t be used without a valid handshake, it’s necessary to verify the password)
  • Use WEB Interface *
  • Launch a FakeAP instance to imitate the original access point
  • Spawns a MDK3 process, which deauthenticated all users connected to the target network, so they can be lured to connect to the FakeAP and enter the WPA password.
  • A fake DNS server is launched in order to capture all DNS requests and redirect them to the host running the script
  • A captive portal is launched in order to serve a page, which prompts the user to enter their WPA password
  • Each submitted password is verified by the handshake captured earlier
  • The attack will automatically terminate, as soon as a correct password is submitted.

Rogue Access Point (hostapd-mana)

hostapd-mana is a featureful rogue wifi access point tool. It can be used for a myriad of purposes from tracking and deanonymising devices (aka Snoopy), gathering corporate credentials from devices attempting EAP (aka WPE) or attracting as many devices as possible to connect to perform MitM attacks.


Attracting as many devices as possible to connect to perform MitM attacks.

  • Scan the networks.
  • Capture a handshake (can’t be used without a valid handshake, it’s necessary to verify the password)
  • Use WEB Interface *
  • Launch a FakeAP instance to imitate the original access point AND VICTIMS AUTOMATICALLY CONNECTS TO CREATED FAKEAP
  • Spawns a MDK3 process, which deauthenticated all users connected to the target network, so they can be lured to connect to the FakeAP and enter the WPA password.
  • A fake DNS server is launched in order to capture all DNS requests and redirect them to the host running the script
  • A captive portal is launched in order to serve a page, which prompts the user to enter their WPA password
  • Each submitted password is verified by the handshake captured earlier
  • The attack will automatically terminate, as soon as a correct password is submitted

Wi-Ploit is a library of Wi-Fi exploitation tools. Supports the latest other tools e.g: Aircrack-ng etc.  black-hat hackers I ♥ open source.

Requirements

  • Kali Linux OS or Ubuntu 18.04 OS (Also tested on Parrot Security)
  • You will need an external Wireless Adapters

Recommended Wireless Adapters Chipsets

  • Atheros: ATH9KHTC (AR9271, AR7010)
    Tested: AR9271 (AWUS036NHA)
  • Ralink: RT3070
  • Realtek: RTL8192CU

Atheros: ATH9KHTC (AR9271, AR7010)
Tested: AR9271 (AWUS036NHA)
Ralink: RT3070
Realtek: RTL8192CU

Installation

git clone https://github.com/Johnler/Wi-Ploit.git
cd Wi-Ploit/
chmod +x Installer
./Installer
chmod +x wiploit

Use

./wiploit

Just make sure you hit ctrl+c when you’re satisfied with the SSID scan, capture the handshake and then launch.


Wi-Ploit

Wi-Ploit Version

1.b.c
b = major release
c = minor release


Credits

  1. vk496 – developer(s) of linset
  2. deltaxflux – developer(s) of fluxion
  3. SensePost – developer(s) of hostapd-mana
  4. https://github.com/Johnler/Wi-Ploit (Johnler)

IMPORTANT THINGS TO REMEMBER

  • This article was written for educational purposes and pentest only.
  • The author can not be held responsible for damages caused by the use of these resources.
  • You will not misuse the information to gain unauthorized access.
  • First of all, this information shall only be used to expand knowledge and not for causing malicious or damaging attacks.
  • Just remember, Performing any hacks without written permission is illegal ..!

Read also the Disclaimer..!


Finally

If you have any questions about this article, any feedback, suggestions if you want to share your thoughts, please feel free to do it using the below comment form.