April 14, 2015

Wireless Penetration Tests are one of my favourite subjects. It allows a Penetration Tester to dismantle s0-called security in 90% of all times whilst sitting in the car park outside the company being tested. Attack vectors against Wireless Networks are plentiful and unlike with Web App Pentesting or large scale Network Pentesting, no expensive tools are needed. When it comes to software, Kali Linux once again is the choice. However, whilst Kali has a lot of good Wifi Pentesting tools, it doesn’t come with a very cool script called PwnSTAR. This script is basically all a Wifi Pentester needed to launch Cracking, Evil Twin and other MITM attacks against the tested network. Due to its open source code, it’s very customizable and adaptable.

Some features:

  • Honeypot
  • WPA handshake capture and cracking
  • Sniffing
  • web server with dnsspoof
  • Karmetasploit
  • Browser_autopwn

As always, only use this script against your own Wifi Network or if you have the written permission of the customer undergoing a Pentest engagement with you.