EAPHammer: an Evil Twin attack test tool for WPA2 enterprise network environment

Category: Tag:

Tool overview

Current version of the tool: v1.12.0

Python environment: support Python v3.5+

EAPHammer can perform Evil Twin attack tests against WPA2-Enterprise enterprise networks, and researchers can use it for full-range wireless network security assessments. Therefore, the tool provides an easy-to-use user interface that researchers can use to perform powerful wireless penetration testing with minimal manual configuration interaction.

Quick Start Guide (Kali)
First, use the following command to clone the EAPHammer source code from the project’s GitHub repository to the local:

git clone https://github.com/s0lst1c3/eaphammer.git

Next, run the kali-setup file to complete the installation process of EAPHammer. The following commands will automatically complete the installation of dependent components and the compilation of the project source code:

./kali-setup

After completing the project installation, we can use the following commands to perform an Evil Twin credential theft attack test on a WPA/2-EAP network:

Generate certificate

./eaphammer --cert-wizard

Launch an attack

./eaphammer -i wlan0 --channel 4 --auth wpa-eap --essid CorpWifi --creds

Features

1. Steal RADIUS credentials from WPA-EAP and WPA2-EAP networks.

2. Launch attacks against malicious websites to steal advertising credentials.

3. Perform portal attacks.

4. Integrated built-in response program.

5. Support open network and WPA-EAP/WPA2-EAP.

6. Most attacks can be done automatically.

7. No manual configuration is required during installation.

8. The latest version of hostapd (2.8) is used.

9. Support Evil Twin and Karma attacks.

10. Generate a PowerShell attack payload.

11. In response to malicious portal attacks, an HTTP server is integrated.

12. Support SSID hiding.

13. Support the use of hcxtools to perform automatic PMKID attacks on PSK networks.

14. A blasting attack can be performed against a single ESSID.

EAP methods supported by the tool
The current version of EAPHammer supports the following EAP methods:

EAP-PEAP/MSCHAPv2

EAP-PEAP/GTC

EAP-PEAP/MD5

EAP-TTLS/PAP

EAP-TTLS/MSCHAP

EAP-TTLS/MSCHAPv2

EAP-TTLS/MSCHAPv2 (no EAP)

EAP-TTLS/CHAP

EAP-TTLS/MD5

EAP-TTLS/GTC

EAP-MD5

OWE

EAPHammer currently supports rogue AP attacks against OWE and OWE-Transition mode networks.

PMF

EAPHammer currently supports 802.11w, Loud Karma attacks, and Known Beacon attacks.

GTC downgrade attack
EAPHammer can automatically try to perform GTC downgrade attacks against connected clients and try to capture plaintext credentials.

Project address: https://github.com/s0lst1c3/eaphammer

 

Reviews

There are no reviews yet.

Be the first to review “EAPHammer: an Evil Twin attack test tool for WPA2 enterprise network environment”

Your email address will not be published. Required fields are marked *