Wi-Ploit is a library of Wi-Fi exploitation tools. Supports the latest other tools e.g: Aircrack-ng etc.

Attacks:

Rogue Access Point (hostapd). Rogue Access Point (hostapd-mana). WPS attack (Reaver) * Upcoming.

A rogue access point is a wireless access point that has been installed on a secure network without explicit authorization from a local network administrator, whether added by a well-meaning employee or by a malicious attacker.

Rogue Access Point (hostapd)

Scan the networks.

Capture a handshake (can’t be used without a valid handshake, it’s necessary to verify the password)

Use WEB Interface *

Launch a FakeAP instance to imitate the original access point

Spawns a MDK3 process, which deauthenticated all users connected to the target network, so they can be lured to connect to the FakeAP and enter the WPA password.

A fake DNS server is launched in order to capture all DNS requests and redirect them to the host running the script

A captive portal is launched in order to serve a page, which prompts the user to enter their WPA password

Each submitted password is verified by the handshake captured earlier

The attack will automatically terminate, as soon as a correct password is submitted.

Rogue Access Point (hostapd-mana)

hostapd-mana is a featureful rogue wifi access point tool. It can be used for a myriad of purposes from tracking and deanonymising devices (aka Snoopy), gathering corporate credentials from devices attempting EAP (aka WPE) or attracting as many devices as possible to connect to perform MitM attacks.

Attracting as many devices as possible to connect to perform MitM attacks.

Scan the networks.

Capture a handshake (can’t be used without a valid handshake, it’s necessary to verify the password)

Use WEB Interface *

Launch a FakeAP instance to imitate the original access point AND VICTIMS AUTOMATICALLY CONNECTS TO CREATED FAKEAP

Spawns a MDK3 process, which deauthenticated all users connected to the target network, so they can be lured to connect to the FakeAP and enter the WPA password.

A fake DNS server is launched in order to capture all DNS requests and redirect them to the host running the script

A captive portal is launched in order to serve a page, which prompts the user to enter their WPA password

Each submitted password is verified by the handshake captured earlier

The attack will automatically terminate, as soon as a correct password is submitted

Requirements

Kali Linux OS or Ubuntu 18.04 OS (Also tested on Parrot Security)

You will need an external Wireless Adapters

Recommended Wireless Adapters Chipsets

Atheros: ATH9KHTC (AR9271, AR7010)

Tested: AR9271 (AWUS036NHA)

Tested: AR9271 (AWUS036NHA) Ralink: RT3070

Realtek: RTL8192CU

Installation

git clone https://github.com/Johnler/Wi-Ploit.git

cd Wi-Ploit/

chmod +x Installer

./Installer

chmod +x wiploit

Use

./wiploit

Just make sure you hit ctrl+c when you’re satisfied with the SSID scan, capture the handshake and then launch.

Wi-Ploit Version

1.b.c

b = major release

c = minor release

Credits

vk496 – developer(s) of linset deltaxflux – developer(s) of fluxion SensePost – developer(s) of hostapd-mana https://github.com/Johnler/Wi-Ploit (Johnler)

IMPORTANT THINGS TO REMEMBER

This article was written for educational purposes and pentest only.

The author can not be held responsible for damages caused by the use of these resources.

You will not misuse the information to gain unauthorized access.

First of all, this information shall only be used to expand knowledge and not for causing malicious or damaging attacks.

Just remember, Performing any hacks without written permission is illegal ..!

Read also the Disclaimer..!

All the techniques provided in the tutorials on the hackingpassion.com, YouTube channel, and on the website hackingpassion.com are meant for educational purposes only.

If you are using any of those techniques for illegal purposes, hackingpassion.com can’t be held responsible for possible lawful consequences.

My goal is to educate people and increase awareness by exposing methods used by real black-hat hackers and show how to secure systems from these hackers.

Finally

If you have any questions about this article, any feedback, suggestions if you want to share your thoughts, please feel free to do it using the below comment form.