April 14, 2015

Wireless Penetration Tests are one of my favourite subjects. It allows a Penetration Tester to dismantle s0-called security in 90% of all times whilst sitting in the car park outside the company being tested. Attack vectors against Wireless Networks are plentiful and unlike with Web App Pentesting or large scale Network Pentesting, no expensive tools are needed. When it comes to software, Kali Linux once again is the choice. However, whilst Kali has a lot of good Wifi Pentesting tools, it doesn’t come with a very cool script called PwnSTAR. This script is basically all a Wifi Pentester needed to launch Cracking, Evil Twin and other MITM attacks against the tested network. Due to its open source code, it’s very customizable and adaptable.

Some features:

  • Honeypot
  • WPA handshake capture and cracking
  • Sniffing
  • web server with dnsspoof
  • Karmetasploit
  • Browser_autopwn

As always, only use this script against your own Wifi Network or if you have the written permission of the customer undergoing a Pentest engagement with you.



Wireless Penetration Testing Tools

Author: Martin Voelk
November 27, 2014

Wireless Networks are probably one of the easiest entry points into IT along with the traditional weaknesses of human security. In recent Wireless Penetration Tests we were able to get hold of sensitive business information such as usernames and passwords in 98% of all assessments. Even a strong WPA encrypted WLAN doesn’t prevent Man-in-the middle attacks.

For those of you who would like to try MITM yourself, all you need is a Google Nexus tablet (rooted) or an Android phone along with the following Apps.

  • zANTI
  • dSploit
  • Intercepter

Those 3 tools offer anything you need for Man-in-the-Middle testing.