Author Topic: airgeddon, a multi-use bash script for Linux systems to audit wireless networks  (Read 13183 times)

v1s1t0r

  • Newbie
  • *
  • Posts: 6
  • v1s1t0r
    • View Profile
    • airgeddon
Hi, I'm developing a tool for wireless pentesting. Is GPL and 100% compatible with Backbox Linux. It has many features: DoS, Handshake capturing, WEP cracking, WPA/WPA2 cracking, WPS cracking, 5 different Evil Twin attacks, is on 7 languages, etc...

This is the link of the project: https://github.com/v1s1t0r1sh3r3/airgeddon

It's highly maintained. Very low issue ratio. It has a good wiki on Github for all documentation (requirements, compatibility, docker support, etc).

It's already included in other pentesting Linux distros like BlackArch, Wifislax, Parrot (soon), ArchStrike repositories, etc. Could be very nice to have it included in Backbox repositories if you like it.

Give it a try! Thank you.



ostendali

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 581
    • View Profile
Hi v1s1t0r,
thanks for letting us know about your new tool and its development schedule for the feature maintenance/update (which is very good point).

we will run an evaluation using our community users and later on do the same with BB team.

We will then be able to see if to integrate your tool into BB repos.

in the meantime, if you can tell us with your words, what would the difference between this tool of yours and existent wireless audit tools that are present in BB and many other security distro that you mentioned. What are the features that the existent tools doesn't have and so on. This will help us to simplify the process and maybe do a quick evaluation for the integration of your tool.

thanks



v1s1t0r

  • Newbie
  • *
  • Posts: 6
  • v1s1t0r
    • View Profile
    • airgeddon
Hi, I think airgeddon is very interesting because it has in only one application a lot of features. I always call it as a "wireless swiss knife". I'll put the entire list of features:

  • Interface mode switcher (Monitor-Managed) keeping selection even on interface name changing
  • DoS over wireless networks using different methods
  • Assisted Handshake file capturing
  • Cleaning and optimizing Handshake captured files
  • Offline password decrypting on WPA/WPA2 captured files (dictionary, bruteforce and rule based)
  • Evil Twin Only Rogue/Fake AP version to sniff using external sniffer (Hostapd + DHCP + DoS)
  • Evil Twin Simple integrated sniffing (Hostapd + DHCP + DoS + Ettercap)
  • Evil Twin Integrated sniffing, sslstrip (Hostapd + DHCP + DoS + Ettercap + Sslstrip)
  • Evil Twin Integrated sniffing, sslstrip2 and BeEF browser exploitation framework (Hostapd + DHCP + DoS + Bettercap + BeEF)
  • Evil Twin Captive portal with "DNS blackhole" to capture wifi passwords (Hostapd + DHCP + DoS + Dnsspoff + Lighttpd)
  • Optional MAC spoofing for all Evil Twin attacks
  • WPS scanning (wash). Self parameterization to avoid "bad fcs" problem
  • WPS Custom PIN association (bully and reaver)
  • WPS Pixie Dust attacks (bully and reaver)
  • WPS Bruteforce PIN attacks (bully and reaver)
  • WPS Parameterizable timeouts
  • Known WPS PINs attack (bully and reaver), based on online PIN database with auto-update
  • WPS Integration of the most common PIN generation algorithms
  • WEP All-in-One attack (combining different techniques: Chop-Chop, Caffe Latte, ARP Replay, Hirte, Fragmentation, Fake association, etc.)
  • Compatibility with many Linux distributions (see Requirements section)
  • Easy targeting and selection in every section
  • Drag and drop files on console window for entering file paths
  • Dynamic screen resolution detection and windows auto-sizing for optimal viewing
  • Controlled Exit. Cleaning tasks and temp files. Option to keep monitor mode if desired
  • Multilanguage support and autodetect OS language feature (see Supported Languages section)
  • Help hints in every zone/menu for easy use
  • Auto-update. Script checks for newer version if possible
  • Docker container for easy and quick deployment
  • Http proxy auto detection for updates

To be honest, I think the most of that features (not all) are existing in other tools or scripts... but airgeddon is compatible with more than 14 different Linux distributions and concentrate all of them in only one tool and to be used in a very simple way. I think there is no other tool making Evil Twin integrating Bettercap+BeEF which could be probably an exclusive feature.

On the other hand, the feedback of the users is very good because airgeddon is showing help tips along all the menues. That tips changes depending of the visited menu. This feature is "teaching" to the users and they reported this feature is nice because it seems they learn while "play hacking".

Other strong point about airgeddon is a "robust" application. Most of scripts which are using 3rd party tools are developed in a "if works is ok" style. In airgeddon, the code is organized, clear. We use https://github.com/koalaman/shellcheck application to verify every warning. Everything is validated. We try to control every possible error. Maybe is not perfect but you'll see is quite difficult "break it". We capture traps for CTRL+C, CTRL+Z, even if you close the terminal window suddenly, the trap is captured to revert the monitor mode of your card to try to avoid the problem of letting you isolated without internet access.

Anyway, all of this are words and words... the best method to balance is: Try it yourself!  :P



v1s1t0r

  • Newbie
  • *
  • Posts: 6
  • v1s1t0r
    • View Profile
    • airgeddon
Hello, more than a year passed since I put the post. airgeddon has grown a lot since I put the post with many new interesting features. Here are some of them:

- Full 5ghz support. All attacks available for this band.
- Some new languages added (Italian, Polish, German, Turkish, etc)
- DoS pursuit mode feature to avoid victim AP channel hopping
- Extended cards compatibility. Now airmon non compatible cards can be used
and many more...

Now working one WPA/WPA2 enterprise attacks for future version.

I downloaded new backbox 5.2. Everything tested and it's fully supported.

Regards.



ostendali

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 581
    • View Profile
Hello, more than a year passed since I put the post. airgeddon has grown a lot since I put the post with many new interesting features. Here are some of them:

- Full 5ghz support. All attacks available for this band.
- Some new languages added (Italian, Polish, German, Turkish, etc)
- DoS pursuit mode feature to avoid victim AP channel hopping
- Extended cards compatibility. Now airmon non compatible cards can be used
and many more...

Now working one WPA/WPA2 enterprise attacks for future version.

I downloaded new backbox 5.2. Everything tested and it's fully supported.

Regards.
Thanks for the follow up and exhaustive information about this tool.

May I ask you if you have launchpad account and if you can package the tool in your repo?



v1s1t0r

  • Newbie
  • *
  • Posts: 6
  • v1s1t0r
    • View Profile
    • airgeddon
No, sorry, I don't have launchpad account. Anyway, all the source code and needed info is on my github repo. There is a detailed wiki showing all the needed info: https://github.com/v1s1t0r1sh3r3/airgeddon/wiki

Yes, we can do a package and add it to the repo if needed. I guess that should be a ".deb" package. We are already packaging binaries for Kali and Arch. You can find them at our github. To perform a good .deb package I think is needed to have available all the dependencies at the repositories in order to do a good dependency check on .deb installation. Is all available at backbox repositories? Probably almost all packages will be available. Anyway the best option could be to add the tool directly to your repositories to be able to install it just using apt. It's a bash script and that should be easy to do in the same way it is already included at BlackArch or at Parrot Security repositories. What do you say? If you are interested send me a private message, mail or contact me on IRC.

Regards.



ostendali

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 581
    • View Profile
No, sorry, I don't have launchpad account. Anyway, all the source code and needed info is on my github repo. There is a detailed wiki showing all the needed info: https://github.com/v1s1t0r1sh3r3/airgeddon/wiki

Yes, we can do a package and add it to the repo if needed. I guess that should be a ".deb" package. We are already packaging binaries for Kali and Arch. You can find them at our github. To perform a good .deb package I think is needed to have available all the dependencies at the repositories in order to do a good dependency check on .deb installation. Is all available at backbox repositories? Probably almost all packages will be available. Anyway the best option could be to add the tool directly to your repositories to be able to install it just using apt. It's a bash script and that should be easy to do in the same way it is already included at BlackArch or at Parrot Security repositories. What do you say? If you are interested send me a private message, mail or contact me on IRC.

Regards.
one of the problem we may encounter is that your tool using several other tools, so lots of requirements to build up one single tool.

at higl level seeing that this tool relies on several other products some which are already in BackBox may influence our decision in including this tool. A tool that have dependency on several other tools cannot enable the author to take a decision about the continuity of support and development simply because you don't have control on the 3rd party tools. This is where BackBox distinguishes itself from the other security distros i.e. Kali likes etc. we don't just throw in like a bin any new coming tools if they don't satisfy requirements. Some of those 3rd party tools are also in dissatisfaction of BB requirements. Although we are always excited and welcome new tools, we'd like to verify their genuineness and utility which is part of main requirements we have.

These are just my thoughts and some of our community staff/users will take a look and give better feedback on your tool. In the meantime your feedback is welcome of course.



v1s1t0r

  • Newbie
  • *
  • Posts: 6
  • v1s1t0r
    • View Profile
    • airgeddon
Great, let me know if finally are interested to include it. I can put some examples about how other Linux distributions created their packages:

BlackArch: https://github.com/BlackArch/blackarch/blob/master/packages/airgeddon/PKGBUILD
Parrot Security: https://dev.parrotsec.org/parrot/airgeddon
ArchStrike: https://github.com/ArchStrike/ArchStrike/blob/master/archstrike/airgeddon-git/PKGBUILD

There you can see the dependency packages and how they change the var "auto_update=1" to "auto_update=0" in order to let the airgeddon updates to the respository itself. Thank you and regards.



ostendali

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 581
    • View Profile
again, let me go back to original question I have had asked.

from what I see it relays on aircrack suite and BackBox already comes with aircrack suite, what is so special that your tool does that aircrack doesn't beside being collection of other tools, in terms of functionality?

it is a duplicate to me and we don't include dupes in BackBox. We will be choosing either your tool or aircrack and given the size of aircrack project I don't think it is the case for us to opt for this tool.

We are not really interested in the facts that other distros have included your tool.

Essentially what is that your tool do better than wifi-tools that we already have in BackBox?

The feedback/answer for the last question should come from you and it shouldn't be us studying your tool so if you want to help us, pls provide brief feedback.

I am still waiting for some feedback from the community users as well so we will see by then.



v1s1t0r

  • Newbie
  • *
  • Posts: 6
  • v1s1t0r
    • View Profile
    • airgeddon
Hi, airgeddon combines aircrack and other tools to automatize processes that doing manually could get some time to the user. For example, it can create 5 types of evil twin attacks on which you should set up a lot of different stuff like interface config, access point, DoS, DHCP, routes and in some cases a captive portal web or a sniffer!, and then everything is dismantled easily just clicking a button. Another interesting feature is the own pin db for wps attacks and the integration of some known pin generation algorithms to automatize wps attacks. The wep "all-in-one" attack will save you a lot of time launching all the possible stuff over the AP and collecting quickly the enough data to crack it instead of trying manually each attack one by one until find the attack that works for your concrete case. The DoS pursuit mode is a unique feature non present in other tools, with that, using a secondary interface a lot of time can be saved too avoiding the channel hopping of a target AP. The same for the almost developed (they are at 80%) enterprise attacks, helping the user parsing the logs to get quickly the captured hashes, etc.

There are so many other "more standard" features on which you are going to save only how to launch a couple of commands but a good point is that everything is integrated in a very robust framework on which everything is validated and on which you are going to be informed about all the events.

So if I should summarize what is this this tool for, I can say that definitely is a real time saver for pentesters.

Cheers.