GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → chinarulezzz → refluxion

chinarulezzz / refluxion

Licence: GPL-3.0 license
Refluxion -- MITM WPA attacks tool

Programming Languages

HTML
75241 projects
javascript
184084 projects - #8 most used programming language
CSS
56736 projects
shell
77523 projects
python
139335 projects - #7 most used programming language
AGS Script
88 projects
PHP
23972 projects - #3 most used programming language

Labels

attackmitmwificaptive-portalwpawpa2-crackerwpa2hacking-toolmitm-attackswpa2-handshakecaptiveportalwifi-hackingmitm-framework

Projects that are alternatives of or similar to refluxion

Bettercap
The Swiss Army knife for 802.11, BLE, IPv4 and IPv6 networks reconnaissance and MITM attacks.
Stars: ✭ 10,735 (+42840%)
Mutual labels:  mitm, wifi, wpa2
Wifi-Cracker
Wifi Cracking
Stars: ✭ 128 (+412%)
Mutual labels:  wpa, wpa2-cracker, wifi-hacking
WPA2-FritzBox-Pswd-Wordlist-Generator
This Script will produce all of the WPA2 Passwords used by various Router companies aswell as Fritzbox. All of these Passwords will be 16 Numbers in length. So it could get a bit large.
Stars: ✭ 22 (-12%)
Mutual labels:  wpa, wpa2, wpa2-handshake
Auto-Besside-Capturer
Capture WPA handshakes, using besside-ng. Auto upload to http://wpa-sec.stanev.org for cracking the password.
Stars: ✭ 28 (+12%)
Mutual labels:  wifi, wpa2, wpa2-handshake
Deautherdroid
Additional android app for SpaceHunn's ESP8266 DeAuther.
Stars: ✭ 93 (+272%)
Mutual labels:  attack, wifi
kismet-deauth-wpa2-handshake-plugin
Python plugin for Kismet to perform deauthentication to collect WPA2 handshakes
Stars: ✭ 63 (+152%)
Mutual labels:  wpa2, wpa2-handshake
Active Directory Exploitation Cheat Sheet
A cheat sheet that contains common enumeration and attack methods for Windows Active Directory.
Stars: ✭ 1,392 (+5468%)
Mutual labels:  attack, hacking-tool
vietnamese-password-dicts
Tổng hợp danh sách mật khẩu wifi tiếng Việt sử dụng cho aircrack-ng
Stars: ✭ 40 (+60%)
Mutual labels:  wifi, wpa
Mhddos
Best DDoS Attack Script Python3, Cyber Attack With 36 Method
Stars: ✭ 55 (+120%)
Mutual labels:  attack, hacking-tool
Wifiphisher
Wifiphisher is a rogue Access Point framework for conducting red team engagements or Wi-Fi security testing. Using Wifiphisher, penetration testers can easily achieve a man-in-the-middle position against wireless clients by performing targeted Wi-Fi association attacks. Wifiphisher can be further used to mount victim-customized web phishing attacks against the connected clients in order to capture credentials (e.g. from third party login pages or WPA/WPA2 Pre-Shared Keys) or infect the victim stations with malwares.
Stars: ✭ 10,333 (+41232%)
Mutual labels:  attack, wifi
awesome-ddos-tools
Collection of several DDos tools.
Stars: ✭ 75 (+200%)
Mutual labels:  attack, hacking-tool
Wifi Spam
✉️📡 Spam thousands of WiFi access points with custom SSIDs
Stars: ✭ 92 (+268%)
Mutual labels:  attack, wifi
Esp8266 deauther
Affordable WiFi hacking platform for testing and learning
Stars: ✭ 9,312 (+37148%)
Mutual labels:  attack, wifi
wifi-pentesting-guide
WiFi Penetration Testing Guide
Stars: ✭ 105 (+320%)
Mutual labels:  wifi, wifi-hacking
Ska
Simple Karma Attack
Stars: ✭ 55 (+120%)
Mutual labels:  attack, wifi
Instahack
Best Tool For instagram bruteforce hacking Tool By EvilDevil
Stars: ✭ 139 (+456%)
Mutual labels:  attack, hacking-tool
wifimitm
Wi-Fi Machine-in-the-Middle: Automation of MitM Attack on Wi-Fi Networks
Stars: ✭ 49 (+96%)
Mutual labels:  wpa, wpa2
WPCracker
WordPress pentest tool
Stars: ✭ 34 (+36%)
Mutual labels:  attack, hacking-tool
Physics Command
Physics platform is a tool for hardware systems (e.g: raspberryPi 3B ). It retrieves data passing through the network and sends it to a control panel. It works the same way as a botnet by receiving remote commands. (you can imagine that as a black box)
Stars: ✭ 23 (-8%)
Mutual labels:  attack, mitm
Wi Pwn
ESP8266 Deauther ​with a material design WebUI 📶
Stars: ✭ 839 (+3256%)
Mutual labels:  attack, wifi
View All Similar Projects ➔

Fuxion logo

Fork

Please note that this is a fork. The original project is here.

Differences:

  • Allows to deauthenticate (by "Handshake Snooper" or "Captive Portal" attack) specifiс client of the Access Point

    Sometimes it's necessary to not disconnecting all clients from the AP, but only one (the most vulnerable from the point of view of Social Engineering).

    Also, see this patch. I think this will come in handy: it adds manufacturer column to the client list.

    Something like this:

 BSSID              STATION            PWR   Rate    Lost    Frames  Notes  Manufacturer                    Probes
 XX:XX:XX:XX:XX:XX  XX:XX:XX:XX:XX:XX  -54    0 - 0e     0        1         Hon Hai Precision Ind. Co.,Ltd. XXX,XXXXX,XXXXXX
 XX:XX:XX:XX:XX:XX  XX:XX:XX:XX:XX:XX  -38    0 - 0e   155       43         Liteon Technology Corporation

TODO

  • Add 'deauth specific client' option to deauth-ng.py (5GHz networks):

    • Added to 'Captive Portal' but need to test (done, need to test)

    • Also, need to add to 'Handshake Snooper'.

  • Add pmkid support as alternative to 'Handshake Snooper';

  • Add more phishing pretexts;

Now, about fluxion...

Fluxion is the future of MITM WPA attacks

Fluxion is a security auditing and social-engineering research tool. It is a remake of linset by vk496 with (hopefully) fewer bugs and more functionality. The script attempts to retrieve the WPA/WPA2 key from a target access point by means of a social engineering (phishing) attack. It's compatible with the latest release of Kali (rolling). Fluxion's attacks' setup is mostly manual, but experimental auto-mode handles some of the attacks' setup parameters. Read the FAQ before requesting issues.

If you need quick help, fluxion is also available on gitter. You can talk with us on Gitter or on Discord.

Injection

If your network card supports 5GHz networks, you must check if your card supports also injection attacks.

You will need this in future.

Installation

Read here before you do the following steps.
Download the latest revision

git clone [email protected]:FluxionNetwork/fluxion.git

# Or if you prefer https 

git clone https://www.github.com/FluxionNetwork/fluxion.git

Switch to tool's directory

cd fluxion

Run fluxion (missing dependencies will be auto-installed)

./fluxion.sh

Fluxion is also available in arch

cd bin/arch
makepkg

or using the blackarch repo

pacman -S fluxion

📜 Changelog

Fluxion gets weekly updates with new features, improvements, and bugfixes. Be sure to check out the changelog here.

:octocat: How to contribute

All contributions are welcome! Code, documentation, graphics, or even design suggestions are welcome; use GitHub to its fullest. Submit pull requests, contribute tutorials or other wiki content -- whatever you have to offer, it'll be appreciated but please follow the style guide.

📖 How it works

  • Scan for a target wireless network.

  • Launch the Handshake Snooper attack.

  • Capture a handshake (necessary for password verification).

  • Launch Captive Portal attack.

  • Spawns a rogue (fake) AP, imitating the original access point.

  • Spawns a DNS server, redirecting all requests to the attacker's host running the captive portal.

  • Spawns a web server, serving the captive portal which prompts users for their WPA/WPA2 key.

  • Spawns a jammer, deauthenticating all clients from original AP and luring them to the rogue AP.

  • All authentication attempts at the captive portal are checked against the handshake file captured earlier.

  • The attack will automatically terminate once a correct key has been submitted.

  • The key will be logged and clients will be allowed to reconnect to the target access point.

  • For a guide to the Captive Portal attack, read the Captive Portal attack guide

Requirements

A Linux-based operating system. We recommend Kali Linux 2018.4. An external wifi card is recommended.

Related work

For development, I use vim and tmux. Here are my dotfiles

:octocat: Credits

  1. l3op - contributor
  2. dlinkproto - contributor
  3. vk496 - developer of linset
  4. Derv82 - @Wifite/2
  5. Princeofguilty - @webpages and @buteforce
  6. Photos for wiki @http://www.kalitutorials.net
  7. Ons Ali @wallpaper
  8. PappleTec @sites
  9. MPX4132 - Fluxion V3

Disclaimer

  • Authors do not own the logos under the /attacks/Captive Portal/sites/ directory. Copyright Disclaimer Under Section 107 of the Copyright Act 1976, allowance is made for "fair use" for purposes such as criticism, comment, news reporting, teaching, scholarship, and research.

  • The usage of Fluxion for attacking infrastructures without prior mutual consent could be considered an illegal activity and is highly discouraged by its authors/developers. It is the end user's responsibility to obey all applicable local, state and federal laws. Authors assume no liability and are not responsible for any misuse or damage caused by this program.

Note

  • Beware of sites pretending to be related with the Fluxion Project. These may be delivering malware.

  • Fluxion DOES NOT WORK on Linux Subsystem For Windows 10, because the subsystem doesn't allow access to network interfaces. Any Issue regarding the same would be Closed Immediately

Links

Fluxion website: https://fluxionnetwork.github.io/fluxion/
Discord: https://discordapp.com/invite/G43gptk
Gitter: https://gitter.im/FluxionNetwork/Lobby

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].