Tool overview
Current version of the tool: v1.12.0
Python environment: support Python v3.5+
EAPHammer can perform Evil Twin attack tests against WPA2-Enterprise enterprise networks, and researchers can use it for full-range wireless network security assessments. Therefore, the tool provides an easy-to-use user interface that researchers can use to perform powerful wireless penetration testing with minimal manual configuration interaction.
Quick Start Guide (Kali)
First, use the following command to clone the EAPHammer source code from the project’s GitHub repository to the local:
git clone https://github.com/s0lst1c3/eaphammer.git
Next, run the kali-setup file to complete the installation process of EAPHammer. The following commands will automatically complete the installation of dependent components and the compilation of the project source code:
./kali-setup
After completing the project installation, we can use the following commands to perform an Evil Twin credential theft attack test on a WPA/2-EAP network:
Generate certificate
./eaphammer --cert-wizard
Launch an attack
./eaphammer -i wlan0 --channel 4 --auth wpa-eap --essid CorpWifi --creds
Features
1. Steal RADIUS credentials from WPA-EAP and WPA2-EAP networks.
2. Launch attacks against malicious websites to steal advertising credentials.
3. Perform portal attacks.
4. Integrated built-in response program.
5. Support open network and WPA-EAP/WPA2-EAP.
6. Most attacks can be done automatically.
7. No manual configuration is required during installation.
8. The latest version of hostapd (2.8) is used.
9. Support Evil Twin and Karma attacks.
10. Generate a PowerShell attack payload.
11. In response to malicious portal attacks, an HTTP server is integrated.
12. Support SSID hiding.
13. Support the use of hcxtools to perform automatic PMKID attacks on PSK networks.
14. A blasting attack can be performed against a single ESSID.
EAP methods supported by the tool
The current version of EAPHammer supports the following EAP methods:
EAP-PEAP/MSCHAPv2
EAP-PEAP/GTC
EAP-PEAP/MD5
EAP-TTLS/PAP
EAP-TTLS/MSCHAP
EAP-TTLS/MSCHAPv2
EAP-TTLS/MSCHAPv2 (no EAP)
EAP-TTLS/CHAP
EAP-TTLS/MD5
EAP-TTLS/GTC
EAP-MD5
OWE
EAPHammer currently supports rogue AP attacks against OWE and OWE-Transition mode networks.
PMF
EAPHammer currently supports 802.11w, Loud Karma attacks, and Known Beacon attacks.
GTC downgrade attack
EAPHammer can automatically try to perform GTC downgrade attacks against connected clients and try to capture plaintext credentials.
Project address: https://github.com/s0lst1c3/eaphammer
Reviews
There are no reviews yet.