Current version of the tool: v1.12.0
Python environment: support Python v3.5+
EAPHammer can perform Evil Twin attack tests against WPA2-Enterprise enterprise networks, and researchers can use it for full-range wireless network security assessments. Therefore, the tool provides an easy-to-use user interface that researchers can use to perform powerful wireless penetration testing with minimal manual configuration interaction.
Quick Start Guide (Kali)
First, use the following command to clone the EAPHammer source code from the project’s GitHub repository to the local:
git clone https://github.com/s0lst1c3/eaphammer.git
Next, run the kali-setup file to complete the installation process of EAPHammer. The following commands will automatically complete the installation of dependent components and the compilation of the project source code:
After completing the project installation, we can use the following commands to perform an Evil Twin credential theft attack test on a WPA/2-EAP network:
Launch an attack
./eaphammer -i wlan0 --channel 4 --auth wpa-eap --essid CorpWifi --creds
1. Steal RADIUS credentials from WPA-EAP and WPA2-EAP networks.
2. Launch attacks against malicious websites to steal advertising credentials.
3. Perform portal attacks.
4. Integrated built-in response program.
5. Support open network and WPA-EAP/WPA2-EAP.
6. Most attacks can be done automatically.
7. No manual configuration is required during installation.
8. The latest version of hostapd (2.8) is used.
9. Support Evil Twin and Karma attacks.
10. Generate a PowerShell attack payload.
11. In response to malicious portal attacks, an HTTP server is integrated.
12. Support SSID hiding.
13. Support the use of hcxtools to perform automatic PMKID attacks on PSK networks.
14. A blasting attack can be performed against a single ESSID.
EAP methods supported by the tool
The current version of EAPHammer supports the following EAP methods:
EAP-TTLS/MSCHAPv2 (no EAP)
EAPHammer currently supports rogue AP attacks against OWE and OWE-Transition mode networks.
EAPHammer currently supports 802.11w, Loud Karma attacks, and Known Beacon attacks.
GTC downgrade attack
EAPHammer can automatically try to perform GTC downgrade attacks against connected clients and try to capture plaintext credentials.
Project address: https://github.com/s0lst1c3/eaphammer