Übersicht Wardriver & WLAN Hacking Tools (englisch)

#1 *** Windows ***


Netstumbler/Ministumbler:
This Software is the famoust in the War'Xing Scene. It Displays SSID,
Channel. WEP-Options and much more.
It supports to work with a GPS, so after the Scan its easy to create
a MAP. So its very useful for another
time to find the Access Points. Intereseting is also the Ministumbler
for Handhelds like Compaq IPAQ.
» http://www.netstumbler.com

Stumbverter:
StumbVerter is a standalone application which allows you to import
Network Stumbler's summary files into Microsoft's MapPoint 2002 maps.
The logged WAPs will be shown with small icons, their colour
and shape relating to WEP mode and signal strength.
As the AP icons are created as MapPoint pushpins, the balloons contain
other information, such as MAC address, signal strength, mode, etc.
» http://www.sonar-security.com

AiroPeek:
AiroPeek, a comprehensive packet analyzer for IEEE 802.11 wireless LANs,
is designed to identify and solve wireless network anomalies. It quickly
isolates security problems, fully decodes all 802.11 WLAN protocols,
and analyzes wireless network performance with accurate identification
of signal strength, channel and data rates. AiroPeek incorporates all
of the network troubleshooting expertise familiar to users of our
award-winning EtherPeek.
» http://www.wildpackets.com/products/airopeek/

Etherpeek:
EtherPeek NX is the first protocol analyzer to offer both expert
diagnostics and frame decoding in real time, during capture. EtherPeek NX
has been carefully designed to help IT Professionals analyze and diagnose
increasingly diverse volumes of network data, providing precise,
contemporary analysis of the problems facing today's networks.
» http://www.wildpackets.com/products/etherpeek/


*** PocketPC ***

CEniffer:
When connected to an ethernet network the computers talk to each other
in packets. These packets are bite size envelopes of data. CEniffer reads
these packets and displays what each contains. i.e. the To and from address,
Protocol or format of the packet and the actual data being sent by the
computer in the packet. It uses Windows CE v3.0, and virtually any network
card, including ethernet and wireless cards.
» http://www.epiphan.com/products_ceniffer.html

Mini-Stumbler:
Software to find out WLAN's on PocketPC/Ipaq.
» http://www.netstumbler.com


*** Macintosh ***

MacStumbler:
MacStumbler is a utility to display information about nearby 802.11b
and 802.11g wireless access points. It is mainly designed to be a tool
to help find access points while traveling, or to diagnose wireless
network problems. Additionally, MacStumbler can be used for "wardriving",
which involves co-ordinating with a GPS unit while traveling around to help
produce a map of all access points in a given area.
» http://www.macstumbler.com

KisMAC:
KisMAC is a stumbler application for Mac OS X that puts your card into
monitor mode. Unlike most other applications for OS X, it is completely
invisible and sends no probe requests.
» http://www.binaervarianz.de/projekte/programmieren/kismac/

Viha MacOS X Wireless Tools:
Viha is a project developing a suite of wireless auditing tools for MacOS X.
So far, the only components developed are a custom AirPort driver for monitor
mode packet capture, a framework for driver access and 802.11 packet
deconstruction, and a command-line wireless network stumbler. Because OS X
before 10.2 (Jaguar) doesn't allow us to dynamically unload/load the Apple
AirPort driver, we require OS X 10.2 for now.
» http://www.dopesquad.net/security/


*** Linux ***

ssidsniff:
A nifty tool to use when looking to discover access points and save captured
traffic. Comes with a configure script and supports Cisco Aironet and random
prism2 based cards. Kudos to AC for the USR card.
» http://www.bastard.net/~Ekos/wifi/

Kismit:
Kismet is an 802.11 wireless network sniffer - this is different from a normal
network sniffer (such as Ethereal or tcpdump) because it separates and identifies
different wireless networks in the area. Kismet works with any 802.11b wireless
card which is capable of reporting raw packets (rfmon support), which include
any prism2 based card (Linksys, D-Link, Rangelan, etc), Cisco Aironet cards,
and Orinoco based cards. Kismet also supports the WSP100 802.11b remote sensor
by Network Chemistry and is able to monitor 802.11a networks with cards which
use the ar5k chipset.
» http://www.kismetwireless.net

AP-Utils:
Wireless Access Point Utilites for Unix - it's a set of utilites to configure and
monitor Wireless Access Points under Unix using SNMP protocol. Utilites knownly
compiles by GCC and IBM C compiler and run under Linux, FreeBSD, NetBSD, MacOS-X,
AIX, QNX, OpenBSD.
Utilites writen by Roman Festchook and released under the terms GNU General
Public License version 2.0. A copy of the file is included with this distribution
package.
» http://ap-utils.polesye.net/

WEPCrack:
While Airsnort has captured the media attention, WEPCrack was the first publically
available code that demonstrated the above attack. We released code and announced
to bugtraq on Aug 12, 2001. Airsnort released code about a week later, but had a
much more useable and complete implementation for both collection and cracking.
Adam Stubblefield and AT&T had the first publically announced verification of the
attack, but did not release their source code for public review and use.WEPCrack
is an open source tool for breaking 802.11 WEP secret keys. This tool
is is an implementation of the attack described by Fluhrer, Mantin, and Shamir
in the paper "Weaknesses in the Key Scheduling Algorithm of RC4"
» http://wepcrack.sourceforge.net

AirSnort:
AirSnort is a wireless LAN (WLAN) tool which recovers encryption keys. AirSnort
operates by passively monitoring transmissions, computing the encryption key
when enough packets have been gathered.
802.11b, using the Wired Equivalent Protocol (WEP), is crippled with numerous
security flaws. Most damning of these is the weakness described in " Weaknesses
in the Key Scheduling Algorithm of RC4 " by Scott Fluhrer, Itsik Mantin and Adi
Shamir. Adam Stubblefield was the first to implement this attack, but he has
not made his software public. AirSnort, along with WEPCrack, which was released
about the same time as AirSnort, are the first publicly available implementaions
of this attack.
» http://airsnort.shmoo.com

FakeAP:
Black Alchemy's Fake AP generates thousands of counterfeit 802.11b access points.
Hide in plain sight amongst Fake AP's cacophony of beacon frames. As part of a
honeypot or as an instrument of your site security plan, Fake AP confuses
Wardrivers, NetStumblers, Script kiddies, and other undesirables.
» http://www.blackalchemy.to/Projects/fakeap/fake-ap.html


Wireless Security Auditor:
WSA is an IBM research prototype of an 802.11 wireless LAN security auditor, running
on Linux on an iPAQ PDA. WSA automatically audits a wireless network for proper
security configuration, to help network administrators close any vulnerabilities
before the hackers try to break in. While there are other 802.11 network analyzers
out there (wlandump, ethereal, Sniffer), these tools are aimed at protocol experts
who want to capture wireless packets for detailed analysis.
» http://researchweb.watson.ibm.com/gsal/wsa/

THC-WarDrive:
THC-WarDrive is a tool for mapping your city for wavelan networks with a GPS device
while you are driving a car or walking through the streets. It is effective and
flexible, a "must-download" for all wavelan nerds.
» http://www.thehackerschoice.com/

THC-Rut:
RUT (aRe yoU There, pronouced as 'root') is your first knife on foreign network.
It gathers informations from local and remote networks. It offers a wide range of
network discovery tools: arp lookup on an IP range, spoofed DHCP request, RARP,
BOOTP, ICMP-ping, ICMP address mask request, OS fingerprintings, high-speed host
discovery etc..
» http://www.thehackerschoice.com/

PrismStumbler:
Prismstumbler is a wireless LAN (WLAN) which scans for beaconframes from
accesspoints. Prismstumbler operates by constantly switching channels an
monitors any frames recived on the currently selected channel.
» http://prismstumbler.sourceforge.net/

WarLinux:
A new linux distribution for Wardrivers. It is available on disk and bootable
CD. It's main intended use is for systems administrators that want to audit
and evaluate thier wireless network installations. Should be handy for
wardriving also.
» http://sourceforge.net/projects/warlinux

Wellenreiter
Wellenreiter is a wireless network discovery and auditing tool. Prism2, Lucent,
and Cisco based cards are supported. It is the easiest to use Linux scanning
tool. No card configuration has to be done anymore. The whole look and feel
is pretty self-explaining. It can discover networks (BSS/IBSS), and detects
ESSID broadcasting or non-broadcasting networks and their WEP capabilities
and the manufacturer automatically.
» http://www.remote-exploit.org

WaveStumbler:
WaveStumbler is console based 802.11 network mapper for Linux. It
reports the basic AP stuff like channel, WEP, ESSID, MAC etc. It has support
for Hermes based cards (Compaq, Lucent/Agere, ... ) It still in development
but tends to be stable.
» http://www.cqure.net/tools08.html

Wavemon:
Wavemon allows you to watch signal and noise levels, packet statistics, device
configuration and network parameters of your wireless network hardware. It has
currently only been tested with the Lucent Orinoco series of cards, although it
*should* work (though with varying features) with all devices supported by the
wireless kernel extensions by Jean Tourrilhes
» http://packages.debian.org/unstable/net/wavemon.html

AirTraf:
AirTraf is a package with many features. It is enabled to operate as a standard
real-time data gathering tool for solving location specific problems, as well
as operating as a long-term data gathering tool for your wireless networked
organization.
» http://airtraf.sourceforge.net/index.php

AirJack:
A free (as in both speach and beer!) 802.11(a/b/g/*) device driver API, and
802.11 development environment. Current developments version have full station,
adhoc, and AP modes of operations, while still supporting raw (802.11 headers a
nd all) traffic injection and reception. Also, current development versions
contain an OS abstraction layer as well as bus and hardware abstraction layers.
» http://802.11ninja.net/

Quelle http://www.wireless-bern.ch