Convert Figma logo to code with AI

s0lst1c3 logoeaphammer

Targeted evil twin attacks against WPA2-Enterprise networks. Indirect wireless pivots using hostile portal attacks.

2,126
307
2,126
32
View on GitHub

Top Related Projects

wifiphisher's avatar

wifiphisher

13,190

The Rogue Access Point Framework

P0cL4bs's avatar

WiFi-Pumpkin-deprecated

3,086

DEPRECATED, wifipumpkin3 -> https://github.com/P0cL4bs/wifipumpkin3

FluxionNetwork's avatar

fluxion

4,960

Fluxion is a remake of linset by vk496 with enhanced functionality.

v1s1t0r1sh3r3's avatar

airgeddon

6,450

This is a multi-use bash script for Linux systems to audit wireless networks.

Quick Overview

EAPHammer is a toolkit for performing targeted evil twin attacks against WPA2-Enterprise networks. It is designed to be used in penetration testing and red team engagements. EAPHammer automates the process of setting up rogue access points and conducting man-in-the-middle attacks against enterprise wireless networks.

Pros

  • Automates complex attack scenarios against WPA2-Enterprise networks
  • Supports various EAP types, including PEAP, EAP-TLS, and EAP-TTLS
  • Includes features like hostile portal attacks and captive portal attacks
  • Actively maintained and regularly updated

Cons

  • Can be used maliciously if not handled responsibly
  • Requires advanced knowledge of wireless network security
  • May be detected by some intrusion detection systems
  • Legal and ethical considerations must be taken into account before use

Getting Started

  1. Clone the repository:

    git clone https://github.com/s0lst1c3/eaphammer.git

  2. Change to the eaphammer directory:

    cd eaphammer

  3. Run the setup script:

    ./kali-setup

  4. Use the tool (example for a basic evil twin attack):

    sudo ./eaphammer --interface wlan0 --essid "Target SSID" --channel 1 --auth wpa-eap --creds

Note: Always ensure you have proper authorization before using this tool. Unauthorized use may be illegal and unethical.

Competitor Comparisons

wifiphisher logo

wifiphisher

13,190

The Rogue Access Point Framework

Pros of Wifiphisher

  • More user-friendly with a graphical interface option
  • Supports a wider range of attack scenarios and phishing templates
  • Active development with frequent updates and community contributions

Cons of Wifiphisher

  • Less focused on enterprise networks and EAP-based attacks
  • May require more setup and dependencies for advanced features
  • Not as specialized in bypassing specific enterprise Wi-Fi security measures

Code Comparison

EAPHammer (Evil Twin setup):

def configure_hostapd(self, interface):
    hostapd_conf = self.create_hostapd_conf()
    subprocess.call(['hostapd', '-B', hostapd_conf])

Wifiphisher (Evil Twin setup):

def start(self):
    self.network_manager.start()
    self.template_manager.start()
    self.phishinghttp.start()
    self.deauthentication.start()

EAPHammer focuses more on configuring specific hostapd settings for enterprise networks, while Wifiphisher takes a broader approach with multiple components for different attack vectors.

P0cL4bs logo

WiFi-Pumpkin-deprecated

3,086

DEPRECATED, wifipumpkin3 -> https://github.com/P0cL4bs/wifipumpkin3

Pros of WiFi-Pumpkin-deprecated

  • More comprehensive suite of tools for wireless network attacks and monitoring
  • User-friendly graphical interface for easier operation
  • Supports a wider range of attack vectors and plugins

Cons of WiFi-Pumpkin-deprecated

  • No longer actively maintained, potentially leading to security vulnerabilities
  • May have compatibility issues with newer systems and hardware
  • Less focused on specific EAP-based attacks compared to eaphammer

Code Comparison

WiFi-Pumpkin-deprecated:

class PumpkinProxy(ProxyPlugins):
    def __init__(self,parent=None,**kwargs):
        super(PumpkinProxy,self).__init__(parent)
        self.setObjectName(self.__class__.__name__)

eaphammer:

class EAPHammer:
    def __init__(self):
        self.conf = None
        self.args = None
        self.iface = None

Both projects use class-based structures, but WiFi-Pumpkin-deprecated appears to have a more complex inheritance model, while eaphammer has a simpler, more focused approach. This reflects the broader scope of WiFi-Pumpkin-deprecated compared to the specialized nature of eaphammer.

FluxionNetwork logo

fluxion

4,960

Fluxion is a remake of linset by vk496 with enhanced functionality.

Pros of Fluxion

  • User-friendly interface with a more intuitive workflow
  • Supports a wider range of attack vectors and wireless protocols
  • More frequent updates and active community support

Cons of Fluxion

  • May require more system resources due to its graphical interface
  • Less focused on enterprise environments compared to EAPHammer
  • Potentially less stable in some scenarios due to its broader feature set

Code Comparison

EAPHammer:

def set_hostapd_options(self):
    self.hostapd_options = {
        'interface': self.interface,
        'driver': self.driver,
        'ssid': self.essid,
        'hw_mode': self.hw_mode,
        'channel': self.channel,
    }

Fluxion:

function startDeauthService() {
    if [ "$FLUXIONDeauthMethod" = "mdk4" ]; then
        xterm $FLUXIONHoldXterm -title "Deauthenticating all clients on $APTargetSSID" -e \
        mdk4 $WIInterface d -c $APTargetChannel -b $APTargetMAC -s 200 &
    elif [ "$FLUXIONDeauthMethod" = "aireplay" ]; then
        xterm $FLUXIONHoldXterm -title "Deauthenticating all clients on $APTargetSSID" -e \
        aireplay-ng --deauth 0 -a $APTargetMAC $WIInterface &
    fi
}
v1s1t0r1sh3r3 logo

airgeddon

6,450

This is a multi-use bash script for Linux systems to audit wireless networks.

Pros of airgeddon

  • More comprehensive suite of wireless auditing tools
  • Active development with frequent updates
  • User-friendly interface with menu-driven options

Cons of airgeddon

  • Larger codebase, potentially more complex to maintain
  • May require more system resources due to its extensive features
  • Steeper learning curve for new users

Code Comparison

airgeddon:

function language_strings() {
    arr_languages=(ENGLISH SPANISH FRENCH GERMAN ITALIAN POLISH PORTUGUESE)
    arr_languages_text=("English" "Español" "Français" "Deutsch" "Italiano" "Polski" "Português")
}

eaphammer:

def set_interface_mode(interface, mode):
    subprocess.call(['ifconfig', interface, 'down'])
    subprocess.call(['iwconfig', interface, 'mode', mode])
    subprocess.call(['ifconfig', interface, 'up'])

The airgeddon code snippet shows a function for handling multiple languages, demonstrating its focus on internationalization. The eaphammer code snippet illustrates a more straightforward approach to setting interface modes, reflecting its targeted functionality.

Convert Figma logo designs to code with AI

Visual Copilot

Introducing Visual Copilot: A new AI model to turn Figma designs to high quality code using your components.

Try Visual Copilot

README

logo

by Gabriel Ryan (s0lst1c3)

Foo

Current release: v1.14.0

Supports Python 3.9+.

Overview

EAPHammer is a toolkit for performing targeted evil twin attacks against WPA2-Enterprise networks. It is designed to be used in full scope wireless assessments and red team engagements. As such, focus is placed on providing an easy-to-use interface that can be leveraged to execute powerful wireless attacks with minimal manual configuration. To illustrate just how fast this tool is, our Quick Start section provides an example of how to execute a credential stealing evil twin attack against a WPA/2-EAP network in just commands.

Disclaimer

EAPHammer (the "Software") and associated documentation is provided “AS IS”. The Developer makes no other warranties, express or implied, and hereby disclaims all implied warranties, including any warranty of merchantability and warranty of fitness for a particular purpose. Any actions or activities related to the use of the Software are the sole responsibility of the end user. The Developer will not be held responsible in the event that any criminal charges are brought against any individuals using or misusing the Software. It is up to the end user to use the Software in an authorized manner and to ensure that their use complies with all applicable laws and regulations.

Quick Start Guide - Kali

Begin by cloning the eaphammer repo using the following command:

git clone https://github.com/s0lst1c3/eaphammer.git

Next run the kali-setup file as shown below to complete the eaphammer setup process. This will install dependencies and compile the project:

./kali-setup

To setup and execute a credential stealing evil twin attack against a WPA/2-EAP network:

# generate certificates
./eaphammer --cert-wizard

# launch attack
./eaphammer -i wlan0 --channel 4 --auth wpa-eap --essid CorpWifi --creds

Quick Start Guide - Parot OS (Security)

Begin by cloning the eaphammer repo using the following command:

git clone https://github.com/s0lst1c3/eaphammer.git

Next run the parot-setup file as shown below to complete the eaphammer setup process. This will install dependencies and compile the project:

./parot-setup

To setup and execute a credential stealing evil twin attack against a WPA/2-EAP network:

# generate certificates
./eaphammer --cert-wizard

# launch attack
./eaphammer -i wlan0 --channel 4 --auth wpa-eap --essid CorpWifi --creds

Usage and Setup Instructions

For complete usage and setup instructions, please refer to the project's wiki page:

Features

  • Steal RADIUS credentials from WPA-EAP and WPA2-EAP networks.
  • Perform hostile portal attacks to steal AD creds and perform indirect wireless pivots
  • Perform captive portal attacks
  • Built-in Responder integration
  • Support for Open networks and WPA-EAP/WPA2-EAP
  • No manual configuration necessary for most attacks.
  • No manual configuration necessary for installation and setup process
  • Leverages latest version of hostapd (2.8)
  • Support for evil twin and karma attacks
  • Generate timed Powershell payloads for indirect wireless pivots
  • Integrated HTTP server for Hostile Portal attacks
  • Support for SSID cloaking
  • Fast and automated PMKID attacks against PSK networks using hcxtools
  • Password spraying across multiple usernames against a single ESSID

New (as of Version 1.14.0)(latest):

Added support for ESSID Stripping attacks. Fixed many, many bugs.

Captive Portal with Keylogging, Payload Delivery, and Integrated Website Cloaner (added in version 1.13.5):

EAPHammer now has a modular captive portal with keylogging and payload delivery capabilities, as well as an integrated website cloaner for easily creating portal modules.

WPA/2-PSK handshake captures (added as for version 1.7.0)

EAPHammer now supports WPA/2-PSK along with WPA handshake captures.

OWE (added as of Version 1.5.0):

EAPHammer now supports rogue AP attacks against OWE and OWE-Transition mode networks.

PMF (added as of Version 1.4.0)

EAPHammer now supports 802.11w (Protected Management Frames), Loud Karma attacks, and Known Beacon attacks (documentation coming soon).

GTC Downgrade Attacks

EAPHammer will now automatically attempt a GTC Downgrade attack against connected clients in an attempt to capture plaintext credentials (see: https://www.youtube.com/watch?v=-uqTqJwTFyU&feature=youtu.be&t=22m34s).

Improved Certificate Handling

EAPHammer's Cert Wizard has been expanded to provide users with the ability to create, import, and manage SSL certificates in a highly flexible manner. Cert Wizard's previous functionality has been preserved as Cert Wizard's Interactive Mode, which uses the same syntax as previous versions. See XIV - Cert Wizard for additional details.

TLS / SSL Backwards Compatibility

EAPHammer now uses a local build of libssl that exists independently of the systemwide install. This local version is compiled with support for SSLv3, allowing EAPHammer to be used against legacy clients without compromising the integrity of the attacker's operating system.

Supported EAP Methods

EAPHammer supports the following EAP methods:

  • EAP-PEAP/MSCHAPv2
  • EAP-PEAP/GTC
  • EAP-PEAP/MD5
  • EAP-TTLS/PAP
  • EAP-TTLS/MSCHAP
  • EAP-TTLS/MSCHAPv2
  • EAP-TTLS/MSCHAPv2 (no EAP)
  • EAP-TTLS/CHAP
  • EAP-TTLS/MD5
  • EAP-TTLS/GTC
  • EAP-MD5

802.11a and 802.11n Support

EAPHammer now supports attacks against 802.11a and 802.11n networks. This includes the ability to create access points that support the following features:

  • Both 2.4 GHz and 5 GHz channel support
  • Full MIMO support (multiple input, multiple output)
  • Frame aggregation
  • Support for 40 MHz channel widths using channel bonding
  • High Throughput Mode
  • Short Guard Interval (Short GI)
  • Modulation & coding scheme (MCS)
  • RIFS
  • HT power management

Contributing

Contributions are encouraged and more than welcome. Please attempt to adhere to the provided issue and feature request templates.

Versioning

We use SemVer for versioning (or at least make an effort to). For the versions available, see https://github.com/s0lst1c3/eaphammer/releases.

License

This project is licensed under the GNU Public License 3.0 - see the LICENSE.md file for details.

Acknowledgments

This tool either builds upon, is inspired by, or directly incorporates nearly fifteen years of prior research and development from the following awesome people:

  • Brad Antoniewicz
  • Joshua Wright
  • Robin Wood
  • Dino Dai Zovi
  • Shane Macauly
  • Domanic White
  • Ian de Villiers
  • Michael Kruger
  • Moxie Marlinspike
  • David Hulton
  • Josh Hoover
  • James Snodgrass
  • Adam Toscher
  • George Chatzisofroniou
  • Mathy Vanhoef
  • Raúl Calvo Laorden

For a complete description of what each of these people has contributed to the current wireless security landscape and this tool, please see:

EAPHammer leverages a modified version of hostapd-wpe (shoutout to Brad Anton for creating the original), dnsmasq, asleap, hcxpcaptool and hcxdumptool for PMKID attacks, Responder, and Python 3.5+.

Finally, huge shoutout to the SpecterOps crew for supporting this project and being a constant source of inspiration.