Roadmap to Becoming a Black Hat Hacker (Educational Purpose Only)

Cybersecurity Roadmap

Disclaimer

This blog is for strictly educational purposes. Cybersecurity knowledge and skills can be put to ethical and unethical purposes. Black Hat Hacker is doing illegal things that may result in severe legal implications. That is why this roadmap is shared, so one can understand the learning process of hacking and cybersecurity for use responsibly.

Introduction: Black Hat vs White Hat

Black Hat Hacker is more of a choice to use your skills of cybersecurity unethically, whereas it is not a different profession altogether. Whether you become a White Hat Hacker (ethical) or a Black Hat Hacker (unethical), the actual process of learning is just the same. It depends on you.

If you are interested in the offensive side of cybersecurity—Penetration Testing, Red Teaming, Exploitation - this roadmap will guide you step by step.

Stage 1: Building Foundation

Start with a solid base in your career.

1. Networking basics

Learn the following protocols and concepts:

  • TCP/IP
  • DNS (Domain Name System)
  • ARP (Address Resolution Protocol)
  • VLANs (Virtual LAN)
  • Firewalls and Proxies

Tool to Practice: Cisco Packet Tracer (for network simulation).

2. Operating Systems

Master two major operating systems.

Linux:

Begin with Kali Linux and Parrot OS-the most popular OS for penetration testing.

Learn the Linux command, file management, permissions, and various networking tools.

Windows:

Understand Active Directory (AD), Group Policies, and Windows networking.

3. Programming and Scripting

Learn how to code the automation, exploits, and malware.

  • Python (basic scripting and automation).
  • Bash (Linux shell scripting).
  • PowerShell (Windows scripting).
  • C/C++ (for developing exploits and understanding binaries).

Phase 2: Basic Offense Security

Once you have a foundation, start learning offensive techniques:

1. Tools to Learn

  • Nmap is network scanning and reconnaissance.
  • Burp Suite-web application penetration testing.
  • Metasploit (exploitation framework).
  • Wireshark (packet analysis).

2. Offensive Methodologies

  • Reconnaissance: Information gathering about the target.
  • Exploitation: Exploit vulnerabilities to gain access.
  • Privilege Escalation: Achieve higher permissions.
  • Exfiltration: Steal and exfiltrate sensitive information.

3. Practice Venues

Get hands-on experience on these platforms:

  • TryHackMe (Beginner-Friendly).
  • Hack The Box, Intermediate.
  • VulnHub (download vulnerable machines).
  • Participate in CTF (Capture the Flag) competitions.

Phase 3: Red Team Skills (Advanced Offensive Skills)

To learn advanced offensive techniques, focus on the following areas:

1. Active Directory Attacks

Learn how to exploit Windows AD environments:

  • Techniques: Kerberoasting, Pass-the-Hash, Lateral Movement.
  • Tools: BloodHound, Responder, Mimikatz.

2. Social Engineering

Master the art of manipulating human behavior

  • Techniques: Phishing, Pretexting, Credential harvesting.
  • Tools: GoPhish, Social Engineering Toolkit (SET).

3. Exploit Development

Learn to make your own exploits.

  • Understand Buffer Overflows and Shellcoding.
  • Tools: Immunity Debugger, msfvenom.

4. Physical Security Testing

Learn how to overcome physical security:

  • Lock cracking, RFID cloning, and USB exploits.
  • Tools: Proxmark3, USB Rubber Ducky.

Phase 4: Advanced Skills

Become an advanced offensive security professional:

1. Red Teaming Frameworks

Comprehending the advanced attacks using certain frameworks

  • Cobalt Strike
  • Empire
  • Sliver

2. Cloud Testing

Delve into Cloud security and exploitation.

Target Platforms AWS, Azure etc.

Tools: Pacu, CloudSploit.

3. Malware Analysis

Understand how to analyze and reverse-engineer malware:

Tools: Ghidra, IDA Pro.

4. Avoiding Defenses

Learn how to get past security controls:

Avoid bypassing antivirus and SIEM systems.

Encrypt payloads to avoid detection.

Phase 5: Validation through Certifications

Certifications can also confirm your knowledge and skills

Beginner Level:

  • CompTIA Security+
  • Certified Ethical Hacker (CEH)

Intermediate Level:

  • eLearnSecurity Certified Professional Penetration Tester (eCPPT)
  • OSCP or Offensive Security Certified Professional.

Advanced Level:

  • OSCE Offense Security Certified Expert
  • GIAC Penetration Tester (GPEN)
  • Red Team Certified Operator-Red Team (CRTO)

Phase 6: Building Your "Portfolio" (Black Hat Perspective)

Although illegal, here is what black hat hackers do normally in order to establish themselves

  • Engage in Cyber Attacks
  • Conduct un-authorized cyber attacks and cyber-wars.
  • Collaborate with other hackers
  • Join Black Hat forums like Hellofhackers and collaborate on attacks.
  • Create and Share Tools
  • Create open-source hacking tools and share them on the dark net forums.

To be recognized by other Black Hat hackers.

Warning: These activities contain great dangers including imprisonment or fines as well as lifetime legal impact. These knowledge roadmap sharings only serve the reason that the world calls human being use potential skills they gain from ethical ends.

Your Current Skills and Next Steps

According to your existing knowledge:

Current Skills:

  • Basics of Python and HTML.
  • Familiarity with Kali Linux and basic Linux commands.
  • Basics of Networking.
  • Completed CS50 Introduction to Cyber Security course.
  • Understanding basics in C++ and bash scripting.

Next Steps

  • Focus on learning Networking Concepts (TCP/IP, DNS, ARP).
  • Build strong skills in Linux Command Line and Python Scripting.
  • Start practicing on TryHackMe and VulnHub.
  • Learn tools such as Nmap, Burp Suite, and Wireshark. Work step-by-step on this roadmap.

Conclusion: Making the Right Choice

Hacking is a skill very powerful and can be good or bad. While the harm is caused by Black Hat Hackers, White Hat Hackers protect individuals, companies, and governments from cyber threats. Use this roadmap to master the art of hacking but choose the ethical path. The cybersecurity industry has great opportunities for ethical hackers, and you can make a positive impact while earning a respectable career. Remember, knowledge is power and with power comes responsibility-so choose wisely!


Search For Subdomains And Hidden Files Full Tools Collection


Wireless Attacking Tools

General WiFi Information

Noteworthy Tools of Different Categories

  • Aircrack-ng - WiFi security auditing tools suite
  • airgeddon - This is a multi-use bash script for Linux systems to audit wireless networks
  • karma - KARMA Attacks Radioed Machines Automatically (KARMA)
  • kismet - Wireless network detector, sniffer, and intrusion detection system
  • mdk3_6.1 - A fork and modification of the original MDK3
  • pyrit - The famous WPA precomputed cracker, Migrated from Google
  • Scapy - Python-based interactive packet manipulation program & library
  • waidps - Wireless Auditing, Intrusion Detection & Prevention System
  • WiFi-Pumpkin - Framework for Rogue Wi-Fi Access Point Attack
  • Wireless-ids - Ability to detect suspicious activity such as (WEP/WPA/WPS) attack by sniffing the air for wireless packets
  • zarp - Network attack tool centered around the exploitation of local networks

Attack/PenTesting​

Denial of Service​

  • 80211mgmtDoS - 802.11 DoS Attacks based on unprotected Management frames
  • airodump_mod - Improved version of airodump-ng with ability to kick-off a stations from AP
  • android_packetspammer - Packetspammer sends unencrypted broadcast packets down a mac80211 wireless interface that should be set for Monitor mode
  • apflood - Flood area with fake essids
  • dw - Small tool for sending 802.11 disassociation and deauthentication packets to specific clients.
  • hwk - Hwk is a collection of packet crafting/network flooding tools
  • JamWiFi - A GUI, easy to use WiFi network jammer for Mac OS X
  • Mass-deauth-attack - A program that does Deauthentication Attack on every nearby wireless device
  • Mass-deauth - A script for 802.11 mass-deauthentication
  • mdk3_6.1 - A fork and modification of the original MDK3
  • modwifi - Advanced Wi-Fi Attacks Using Commodity Hardware
  • netattack - Python script that allows you to scan your local area for WiFi Networks and perform deauthentification attacks
  • Scapy-deauth - Scapy based wifi Deauth
  • ska - Framework for sniffing ieee80211 packets and generating deauth packets and sending raw packets.
  • wificurse - WiFi DoS attack tool created for educational purposes only. It works only in Linux and requires wireless card drivers capable of injecting packets in wireless networks
  • WifiDeauth - A lightweight Wi-Fi auto deauthentication attack tool (libtins/C++)
  • wifijammer - Continuously jam all wifi clients/routers
  • WiFi-Rifle - Creating a wireless rifle de-authentication gun, which utilized a yagi antenna and a Raspberry Pi
  • wirelessjammer - Continuously jam all wifi clients and access points within range
  • zizzania - Automated DeAuth attack

Encryption Attack​

WEP/WPA/WPA2​

  • Eicrog - WEP key generator for predictable key weaknesses
  • huawei_wifi - Wifi utilities for finding Huawei routers' default key
  • Aircrack-ng - WiFi security auditing tools suite
  • airmode - AirMode is a GUI that can help you to use the Aircrack framework
  • airoscriptng - Airoscript-ng python complete implementation
  • Airvengers - A GUI to pentest wifi Network, based on Aircrack-ng tools
  • asleap - Recovers weak LEAP password. Pronounced asleep.
  • autokwaker - Creating an auto cracker for 802.11 networks
  • cenarius - Cenarius tool for crack Wi-Fi , crack wpa-psk , crack wpa2-psk , crack wep , crack wps pin and crack hidden AP . cenarius psk crack
  • cherry - Distributed WPA/WPA2 cracker
  • Cowpatty - Offline dictionary attack against WPA/WPA2 networks using PSK-based authentication (e.g. WPA-Personal)
  • dot11decrypt - An 802.11 WEP/WPA2 on-the-fly decrypter.
  • Fern-wifi-cracker - Crack and recover WEP/WPA/WPS keys and also run other network based attacks on wireless or ethernet based networks
  • HandShaker - Detect, capture, crack WPA/2 handshakes, WEP Keys and geotag with Android GPS
  • hcxtools - Solution for capturing wlan traffic and conversion to hashcat formats (recommended by hashcat) and to John the Ripper
  • kismet-deauth-wpa2-handshake-plugin - Python plugin for Kismet to perform deauthentication to collect WPA2 handshakes
  • marfil - Assess WiFi network security. It allows to split the work of performing long running dictionary attacks among many computers
  • peapwn - Proof-of-concept implementation of the Apple relay attack in Python
  • pyrcrack - Python Aircrack-ng
  • pyrit - The famous WPA precomputed cracker, Migrated from Google
  • pythonAir - Flask/aircrack
  • uploadwpa - This module will upload a wpa handshake from a single capture file to an online hash cracker site
  • WiFi-autopwner - Script to automate searching and auditing Wi-Fi networks with weak security
  • Wifi-bruteforcer-fsecurify - Android application to brute force WiFi passwords without requiring a rooted device
  • wificracking - Crack WPA/WPA2 Wi-Fi Routers with Airodump-ng and Aircrack-ng/Hashcat
  • Wifi-hacker - Shell Script For Attacking Wireless Connections Using Built-In Kali Tools. Supports All Securities (WEP, WPS, WPA, WPA2)
  • wifite2 - Python script for auditing wireless networks
  • wifite - An automated wireless attack tool
  • Wifite-mod-pixiewps - Wifite with PixieWPS support
  • Wifite-openwrt - Wifite for the WiFi Pineapple NANO + TETRA (Chaos Calmer - openWrt)
  • wlandecrypter - Dictionary attack (spanish)
  • WPA2-HalfHandshake-Crack - Capture enough of a handshake with a user from a fake AP to crack a WPA2 network without knowing the passphrase of the actual AP
  • wpa2hc - Quick script to automate converting WPA .cap files for Hashcat .hccap files.
  • Wpa-autopwn - WPA/WPA2 autopwn script that parses captured handshakes and sends them to the Crackq
  • Wpa-bruteforcer - Attacking WPA/WPA encrypted access point without client.
  • wpacrack - Open-source distributed Wifi-Protected Access (WPA) cracker
  • WPA_DECRYPTION_MPI - WPA/WPA2 for cluster processing
  • WPAdiz - Bruteforce - New method for generate dictionaries (Wireless)

WPS​

  • autoreaver - Automatically exported from code.google.com/p/auto-reaver
  • bully - New implementation of the WPS brute force attack, written in C
  • greaver - GUI for Reaver, WPS brute force tool
  • HT-WPS-Breaker - HT-WPS Breaker (High Touch WPS Breaker)
  • Penetrators-wps - Experimental tool that is capable of attacking multiple WPS-enabled wireless access points in real time.
  • phpreaver - A command line PHP script which uses the reaver WPS pin cracker to test multiple AP's with multiple WiFi adapters.
  • Pixiewps-android - Pixiewps is a tool written in C used to bruteforce offline the WPS pin exploiting the low or non-existing entropy of some APs (pixie dust attack).
  • pixiewps - An offline WPS brute-force utility
  • pyReaver - WPS attack tool written in Python
  • pyxiewps_WPShack-Python - Wireless attack tool written in python that uses reaver, pixiewps and aircrack to retrieve the WPS pin of any vulnerable AP in seconds
  • reaver_reattempt - Change the Mac address of the wifi connection as well as the emulated one created by airmon-ng in an attempt to avoid being locked out of routers for repeated WPS attack attempts
  • Reaver-ui - Hacky UI to wrap around reaver-wps
  • Reaver-webui - Simple WebUI to crack wireless networks using reaver
  • Reaver-wps-fork-t6x - Community forked version which includes various bug fixes, new features and additional attack method (such as the offline Pixie Dust attack)
  • Reaver-wps - Brute force attack against Wifi Protected Setup
  • wpscrack - Continuation of wpscrack originally written by Stefan Viehböck
  • wps - WPS related utilities
  • WPSIG - Simple tool (written in Python) that does information gathering using WPS information elements.
  • wpsoffline - PoC for routers vulnerable with WPS and deficiencies in their PRNG state
  • Wps-scripts - WPS hacking scripts
  • Wps-Ultimate-Cracker - This script will help help you to get the most of router in morocco by using pixiewps , reaver , aircrack-ng ,wifite

Others​

  • apbleed - Allows you to use existing heartbleed tools to test the RADIUS server
  • eapmd5pass - An implementation of an offline dictionary attack against the EAP-MD5 protocol. This utility can be used to audit passwords used for EAP-MD5 networks from wireless packet captures, or by manually specifying the challenge, response and associated authentication information.
  • haircrack - Automated aircrack/reaver/pyrit (An interface for aircrack/reaver/pyrit written in python. The interface itself may never get finished.)
  • IKECrack - IKE/IPSec authentication crack tool. This tool is designed to bruteforce or dictionary attack the key/password used with Pre-Shared-Key [PSK] IKE authentication.
  • Wpe-parse - This is a simple parsing script to convert output from hostapd-wpe (which makes John the Ripper-formatted logs) to Hashcat format.

Injection​

  • Aggr-inject - Remote frame injection PoC by exploiting a standard compliant A-MPDU aggregation vulnerability in 802.11n networks.
  • Aircrack-db - A list of wireless cards tested with the dual-card injection test and in the field
  • airown - Packet injection tool
  • airpwn - A generic packet injection tool for 802.11 networks.
  • Airpwn-ng - New and improved version of airpwn
  • Iitis-generator - Software for distributed statistical evaluation of IEEE 802.11 wireless networks using Linux mac80211 packet injection facility
  • libfcap - Library for manipulate 802.11 frame in monitor mode
  • libmoep - Allows for frame injection on monitor mode devices with per-frame radiotap options such as TX rate / MCS index and RTS/CTS protection
  • Lorcon-examples - Various examples and patches for LORCON
  • lorcon - A common injection and control library for wireless packet crafting
  • lrc - Fast Wi-Fi hijacker in C, based on AirPwn ideas and LORCON
  • moepdefend - Example monitoring/injection tool based on libmoep
  • packetinjector - Packet analyzer and injector, written in JavaScript
  • packetvector - 802.11 management packet injection tool based on packetspammer
  • pylorcon2 - Pure Python wrapper for the LORCON library.
  • wifitap - WiFi injection tool through tun/tap device
  • wiwo - Wiwo is a distributed 802.11 monitoring and injecting system that was designed to be simple and scalable
  • wperf - 802.11 frame injection/reception tool for Linux mac80211 stack

Rogue AP/Fake AP/ MITM​

  • Aerial - Multi-mode wireless LAN Based on a Software Access point for Kali Linux.
  • AIRBASE-NG-SSLSTRIP-AIRSTRIP- - AIRBASE-NG + SSLSTRIP = AIRSTRIP
  • cupid - Patch for hostapd and wpa_supplicant to attempt to exploit heartbleed on EAP-PEAP/TLS/TTLS connections
  • FakeAP - Create fake AP in Kali with 1 command
  • fakeaps - Fake Access Points using Atheros wireless cards in Linux
  • fluxion - Fluxion is the future of MITM WPA attacks
  • FuzzAP - A python script for obfuscating wireless networks
  • Hostapd-karma - DigiNinja patches to hostapd for rogue access points.
  • Hostapd-wpe-extended - Modification and tools for using hostapd for rogue AP attacks impersonating WPA-Enterprise networks to steal user credentials
  • Hostapd-wpe - Modified hostapd to facilitate AP impersonation attacks
  • karma - KARMA Attacks Radioed Machines Automatically (KARMA)
  • mana - Our mana toolkit for wifi rogue AP attacks and MitM
  • mitmAP - A python program to create a fake AP and sniff data
  • Mitm-helper-wifi - Make it easy and straight-forward to configure a Ubuntu virtual machine to act as a WiFi access point (AP)
  • Mitm-rogue-WiFi-AP - MITM Attack Example Code with Rogue Wi-Fi AP
  • openrtls -
  • Platform-hostapd - Wireless access point for experimental-platform.
  • PwnSTAR - PwnSTAR (Pwn SofT-Ap scRipt) - for all your fake-AP needs
  • rogue_ap - RogueAP_hostapd.py is a script designed to create a Rogue Access Point
  • rogueap - Start a rogue access point with no effort, with support for hostapd, airbase, sslstrip, sslsplit, tcpdump builtin
  • rogueDetect -
  • RogueSploit - Powerfull Wi-Fi trap
  • Rspoof - Wifi Automated Fake HotSpot Hijacking with aicrack-ng, airbase, ssl-strip, and dns spoof in Python
  • Scapy-fakeap - Fake wireless Access Point (AP) implementation using Python and Scapy
  • snifflab - Scripts to create your own MITM'ing, packet sniffing WiFi access point
  • startools - To use a RasPi to do an Evil Twin attack and capture 802.1x RADIUS creds
  • wifi_honey - Setting up four fake access points, each with a different type of encryption, None, WEP, WPA and WPA2 and the seeing which of the four the client connects to
  • wifiphisher - Automated victim-customized phishing attacks against Wi-Fi clients
  • WiFi-Pumpkin - Framework for Rogue Wi-Fi Access Point Attack
  • wifisoftap -
  • Wifi_Trojans - Collection of wireless based bind and reverse connect shells for penetration testers

Sniffing​

  • Airodump-iv - A python implementation of airodump-ng
  • Airodump-logger - Logging clients with airodump-ng
  • Airport-sniffer - Very simple Wi-Fi sniffer and dump parser for built-in macbook AirPort Extreme card. Only native MacOS tools used.
  • airtraf - Wireless 802.11 network sniffer and analyzer
  • darm - Intelligent network sniffer for the masses
  • datasamalen - Pick up wifi-probe requests
  • DeSniffer - 802.11 wireless sniffer
  • dot11sniffer - Sniffs 802.11 traffic and counts the number of active wireless devices in an area
  • eap_detect - A simple script using the python library Scapy to detect the 802.1X authentication mechanism
  • handshakeharvest -
  • liber80211 - 802.11 monitor mode for Android without root
  • libpcap-80211-c - Sniffs on a RFMON-enabled device for a beacon when compiled, linked and loaded
  • mac80211-user - Intercept 80211 data frame and put it into userspace
  • milicone - Investigating interaction with wireless communication traffic
  • Mr-nosy - Liked to know about everything that was going on
  • mupe - MUltiPath Estimator - Create statistical analysis of 802.11 Radiotap sniffs
  • Naive-project -
  • Native-WiFi-API-Beacon-Sniffer - Tool that dumps beacon frames to a pcap file. Works on Windows Vista or Later with any Wireless Card
  • oculus - Lightweight tool to collect traces from wifi
  • ofxSniffer - Wrapper for the libtins library. Libtins can be used to sniff network packages, or to generate network pacakages yourself.
  • phystats - Gather & plot ieee80211 counters from Linux debugfs
  • probecap - A quick and dirty utility to capture and store WiFi probes.
  • probemon - Monitors 802.11 probe packets sent from roaming mobile devices. Developed using PyLorcon2.
  • probesniffer - A tool for sniffing unencrypted wireless probe requests from devices
  • rifsniff - Remote Interface Sniffer
  • ScapyGELFtoGraylog2 - Sniff some 802.11 packages and send the date and MAC with GELF UDP to Graylog2
  • Scapy-wireless-scanner - Simple wireless scanner built using Scapy Library
  • SSIDentity - Passive sniffing of 802.11 probe requests, stored in a central database.
  • TCP-SeqNum - Means to sniff 802.11 traffic and obtain TCP session info using netfiter_queue. Use that data to construct a packet in scappy.
  • wallofshame - Multi protocol sniffer, created for ChaosConstruction conference HackSpace
  • Watcher - Canari framework based Maltego transform pack that allows you to perform wireless sniffing within Maltego
  • WiFi-802.11-Demo-Sniffer - This 802.11 sniffer written in Python provides a useful tool to raise awareness at the amount of data phones release for anyone to read.
  • Wifi-harvester - For collecting probed SSID name by wireless devices, Access point detail and connected clients.
  • wifijamMac - Allows you to select one or more nearby wireless networks, thereupon presenting a list of clients which are currently active on the network(s)
  • Wifimon - Wi-fi 802.11 Beacon Frame sniffer
  • Wifi-scan - Short python script scans for probe requests from whitelisted WiFi clients
  • wifispy - Sniff Wifi traffic, log device addresses
  • Wireless-info - Obtain information about wireless interfaces from MAC80211 stack
  • Wireless-radar - DF and other tools to explore a 2.4GHz environment
  • Wireless-Sniffer - A 802.11 wireless sniffer tool (c-based)

Wardriving​

  • MappingWirelessNetworks - Code, data, and (possibly) schematics for recording wireless network data around a city
  • WAPMap - Parse Kismet .netxml output and then return a CSV file that can be uploaded to Google Maps Engine to map WEP or OPEN networks
  • warcarrier - An NCURSES-based, all-in-one instrument panel for professional Wardriving
  • WifiScanAndMap - A Linux Python application to create maps of 802.11 networks

Miscellaneous Attacking Tools​

  • 80211scrambler - Small collection of tools in Verilog for working
  • airgeddon - This is a multi-use bash script for Linux systems to audit wireless networks
  • airodump_mar_attack - Maroviher attack
  • AirPirate - Android 802.11 pentesting tool
  • airspf - AirSpoof/Airpwn ??
  • airxploit - Wireless discovery and exploitation framework written in Python
  • AtEar - Wireless Hacking, WiFi Security, Vulnerability Analyzer, Pentestration
  • BoopSuite - A Suite of Tools written in Python for wireless auditing and security testing.
  • chap2aleap - Work with asleap+genk
  • CloudCrackInstaller - Script which installs Crunch, Pyrit and Cowpatty on a running Amazon EC2 Cluster GPU Instance to crack WPA and WPA2 keys.
  • Crippled - WPA/WPA2 Belkin.XXXX, Belkin_XXXXXX, belkin.xxx and belkin.xxxx router default key generator.
  • eapeak - Analysis Suite For EAP Enabled Wireless Networks
  • Easy-creds - Leverages tools for stealing credentials during a pen test
  • FruityWiFi - Wireless network auditing tool
  • Hijacker - Aircrack, Airodump, Aireplay, MDK3 and Reaver GUI Application for Android
  • killosx - Use the Apple CoreText exploit (CVE-2012-3716) and launch an AP to affect all devices within wifi range
  • LANs.py - Inject code, jam wifi, and spy on wifi users
  • Null-packet-wifi-promt - Simple script to prompt responses from wireless devices with a known MAC address
  • PiWAT - Wireless Attack Toolkit
  • Python-wireless-attacks - Wireless Attacks in Python (Based on blog series)
  • Secpi - Python based script for wifi pentesting on the RasPi
  • Sly-fi - Wifi pwnage automation
  • smoothie - Web based wireless auditory tools
  • WHAT-PRO - 802.11 Exploitation Tool for use with Kali 2. More tools available than WHAT or WHAT Pi
  • Wi-door - Wi-Fi Backdoors
  • WIDSTT - Wireless Intrusion Detection Systems Testing Tool – test your WIDS by performing attacks
  • WifiAttack -
  • wifi-default-password - Bash script that tries all the default passwords for a particular wifi access point
  • wifimonster - Wifi sniffing and hijacking tool
  • wifuzz - Access Point 802.11 stack fuzzer
  • wifuzzit - A 802.11 wireless fuzzer
  • wtf - Wireless Test Framework. Collection of test suites for validating various wifi functionality on various wifi devices.
  • zarp - Network attack tool centered around the exploitation of local networks

Information Gathering​

  • 3WiFi Database - Collect data from Router Scan log reports, search for access points, obtain its geolocation coordinates, and display it on world map
  • access_points - Scan your WiFi and get access point information and signal quality
  • Accumulation-rssi - Linux utility for accumulation of WiFi RSSI to text file. Using nl80211, Managed mode. Useful for experiments with WiFi (example, localization)
  • airscan - Wi-Fi scanning utility for the Nintendo DS
  • basiciw - Retrieve information such as ESSID or signal quality from wireless cards (Python module)
  • Get-rssi - Linux utility for getting RSSI WiFi of APs to text file. Using Monitor mode, libpcap.
  • IndoorPositionr - Indoor positioning using Android to provide the surrounding Access Points signals and guess the position
  • Isniff-GPS - Passive sniffing tool for capturing and visualising WiFi location data disclosed by iOS devices
  • rssi - Indoor localisation using RSSI. RSSI is received signal strength indicator in IEEE 802.11 beacon packet to announce the presence of WiFi
  • whoishere - WIFI Client Detection - Identify people by assigning a name to a device performing a wireless probe request.
  • Wifi-Dumper - Dump the wifi profiles and cleartext passwords of the connected access points on the Windows machine
  • Wifi-monitor - Prints the IPs on your local network that're sending the most packets ack = 802.11 control frame acknowledgement or …
  • WIG - Tools for 802.11 information gathering.

Defence/Detection​

  • badkarma - BadKarma is a simple python script used to detect and disrupt rouge access points/honeypots using the karma attack such as the wifi pineapple
  • EvilAP_Defender - Protect your Wireless Network from Evil Access Points
  • huntpineapples - WiFi Pineapple hunter from DC23
  • KisMac2 - Free, open source wireless stumbling and security tool for Mac OS X
  • kismetclient - A Python client for the Kismet server protocol
  • kismet - Wireless network detector, sniffer, and intrusion detection system
  • kismon - A GUI client for kismet
  • Openwips-ng - Open source and modular Wireless IPS (Intrusion Prevention System)
  • Python-kismet - Python threaded listener to Kismet broadcasts
  • RogueDetection - Rogue Access Point Detection and WIDS
  • waidps - Wireless Auditing, Intrusion Detection & Prevention System
  • Wave - 802.11 IDS, visualizer, and analytics platform for the web
  • Wireless-forensics-framework - Automated Wireless Penetration Testing and Carrying out Wireless Forensics in Python
  • Wireless-ids - Ability to detect suspicious activity such as (WEP/WPA/WPS) attack by sniffing the air for wireless packets
  • wmd - Simple solution for the detection and location of Rogue Access Points.
  • wraith - Wireless Reconnaissance And Intelligent Target Harvesting
  • wspy - Python tool to create a wireless ids it detects which clients are connected to a network to allow the creation of usage patterns of a netowrk by the clients

Libraries/General Purpose Tools​

  • 80211p_raw - Raw socket utilities for 802.11p transmission
  • 80211_raw - Sender and receiver for WiFi (IEEE802.11) network with raw sockets
  • banjax - Library for low-level programming of IEEE 802.11 wireless network interfaces on the GNU/Linux operating system
  • dot11er - Some tools for playing with IEEE802.11
  • Frame-utils.js - A collection of utilities for processing streams of 80211 frames and radiotap headers.
  • Gopacket-80211 - Extra gopacket layers for Radiotap and 802.11 (has been integrated in Gopacket)
  • itamae - 802.11 radiotap and MPDU parser
  • Libairpcap-nl - Implementation of AirPcap library, targetting the NL80211 protocol.
  • libuwifi - C library for parsing, generating and analyzing Wifi (WLAN 802.11) frames in userspace and related functions
  • packetparser - IEEE 802.11 packetparser
  • pcap2xml - Convert 802.11 Packet Traces to XML and SQLITE Format
  • PCS - Set of Python modules and objects that make building network protocol code easier for the protocol developer
  • Probr-core - The core-component for generic WiFi tracking: remote device management, packet capturing, packet storage
  • py80211 - Suite of libraries for parsing 802.11 packets as well as managing wireless cards and working with 802.11 information
  • PyRIC - PyRIC (is a Linux only) library providing wireless developers and pentesters the ability to identify, enumerate and manipulate their system's wireless cards programmatically in Python.
  • python3-wifi - Python WiFi is a Python module that provides read and write access to a wireless network card's capabilities using the Linux Wireless Extensions.
  • Python-radiotap - Tiny lib for parsing radiotap/802.11 headers in python
  • python-wifi - Python WiFi is a Python module that provides read and write access to a wireless network card's capabilities using the Linux Wireless Extensions.
  • Qca-swiss-army-knife - Hosts a set of utilities that we use to debug / help with our driver development
  • Radioparse - A WiFi protocol parser that can be used with radiotap packets and node-pcap
  • Scapy - Python-based interactive packet manipulation program & library
  • Wifi-scan - A nl80211 C/C++ library for monitoring signal strength of WiFi networks
  • wifi-scripts - Misc scripts and tools for WiFi
  • wireless - Dead simple, cross-platform Python library to connect to wireless networks

Visualization​

  • airview - A python web application compliment to py80211 which allows you to visualize the airwaves around you with your web browser.
  • speccy - Visualization tool for ath spectral scan
  • Wifi-contour - A contour mapping program of wireless 802.11 signal strength
  • Wifi-heatmap - Generate heatmaps of wifi coverage with Python
  • wifiscanvisualizer - Wi-Fi Scan Visualizer by Pentester Academy
  • Wifi-Signal-Plotter - A Python script for graphing and comparing the WiFi signal strengths between WiFi adaptors in Windows or Linux.
  • wifivis - Visualize some mit wifi access point data
  • wipi - Visualize the WiFi packages that are floating around us all the time.
  • Wlan-stats - Tool chain using tshark to pull data from pcaps, further process them in python, and graph the output in R.

Localisation​

  • Find-lf - Track the location of every Wi-Fi device ( 
    📱
     ) in your house using Raspberry Pis and FIND
  • geowifi - This is a Geographic WiFi Positioning program written under the Linux.(it is also a WiFi Positioning API written for C language
  • GrapplingHook - Open Source 802.11 Direction Finder
  • gtaiad - Indoor Wi-Fi navigation prototype using triangulation
  • Openwifimap-api - OpenWiFiMap database and its api
  • Python Wi-Fi Positioning System - Python Wi-Fi Positioning System - Wi-Fi geolocation script using the Google Geolocation API
  • pyWPSLocation - Using Python for localization using Google Geolocation API (GGAPI) and WiFi Positioning System (WPS)
  • whereami - Uses WiFi signals 
    📶
     and machine learning to predict where you are
  • Wifi-geolocation - Get your latitude/longitude via wifi access points
  • Wifi-localization - Wifi Localization using a map and reference
  • Wifi-locator - Determines physical location of station judging from 802.11 beacons' BSSID/Signal/Noise/Quality information.
  • Wi-finder - Wi-Fi hotspot finder
  • Wlan-pos - Location fingerprinting and triangulation engine for WLAN (IEEE802.11,aka WiFi) environment.

Configuration/setup​

  • 802.11p-iw - Wireless configuration tool (UNIX)
  • agentapd - Agent of WiFi hardware
  • AirLibre - Python API For UBNT AirOS Devices
  • Atheros-AR9271 - Kernel Extension for AR9271 chipset (Wireless USB Card)
  • AtherosROMKit - Atheros ROM modding and recovery kit
  • cac - A Centralized Adaptive Control algorithm that optimises the performance of IEEE 802.11 WLANs
  • captiveportal - A captive portal that can be used on most linux distributions.
  • cloudap - AP Manager in Cloud,AP Hardware on your side
  • connme - Client for Hostapd
  • crda - Central Regulatory Domain Agent
  • create_ap - This script creates a NATed or Bridged WiFi Access Point.
  • disable-802.11b-snmp - A tool to set 802.11 protocols on thousands of Access Points with SNMP.
  • Do-wifi - Command line tool for scanning and connecting to wifi networks in Linux.
  • full_permissive_unlock_ath - This kernel patch enable all 2GHZ & 5GHZ channels (without restriction) for ath9k & ath5k forced to use buildin world regulatory
  • FWAP - Minimal, very lightweight access point implementation
  • hostapd - Python script to make using and configuring hostapd easier
  • hostapd - User space daemon for access point and authentication servers
  • Hostapd-mana - Hostapd-mana for the 6.th gen. Wifi Pineapple, and OpenWRT
  • hostapd-mana-openwrt - Hostapd-mana - build-files, and installation-files for OpenWRT
  • Hostapd-with-WebID - WebID integrated hostapd
  • Hostapd-wpe-openwrt - Hostapd-wpe (Wireless Pwnage Edition) packages for OpenWRT Barrier Breaker 14.07
  • hotspotd - Simple daemon to create a wifi hotspot on Linux
  • IEEE802.11-complete - IEEE802.11 protocol, including PHY, MAC, and rate adaptation approaches upon GNURadio/USRP software-defined radio platform
  • Linux-wifi-tools - A set of Linux command line tools for managing and troubleshooting wifi
  • monmob - Set of tools to provide monitor mode and raw frame injection for devices using broadcom chipsets bcm4325, bcm4329 and bcm4330
  • nexmon - The C-based Firmware Patching Framework for Broadcom/Cypress WiFi Chips that enables Monitor Mode, Frame Injection and much more
  • PyWiWi - Python Windows Wifi
  • reghack - Replaces the regulatory domain rules in the driver binaries with less restrictive ones
  • RegMon - RegMon is a Atheros WiFi card register monitoring tool for Linux OpenWrt
  • remoteapd - Remote NL80211-Extent driver for Hostapd 2.0
  • resfi - Framework supporting creation of RRM functionality in residential WiFi deployments
  • rollmac - Automated WiFi limit evasion
  • RT73-USB-Wireless- - Patched version of RT73USBWireless for Yosemite
  • RTL8188-hostapd - Hostapd for Realtek RTL8188
  • Wifi-ap - Library wrapper around hostapd and dnsmasq and their respective configuration files that allows for programmatically creating access points in Debian-based Linux environments
  • Wifi-frequency-hacker - A modified frequency regulatory domain configuration that doesn't limit you.
  • Wifi-pentesting - Wifi Penetration Testing of Home Network
  • WirelessConfig - A 802.1x Python wireless configuration tool with Cocoa wrappers

Monitoring​

  • como - CoMo is a passive monitoring system that supports arbitrary real time traffic queries
  • horst - Lightweight IEEE802.11 wireless LAN analyzer with a text interface. Its basic function is similar to tcpdump, Wireshark or Kismet, but it's much smaller and shows different, aggregated information which is not easily available from other tools.
  • scapybase - 802.11 monitor AP based on scapy
  • Scapy-survey - 802.11 signal strength logger using Scapy
  • sigmon - Modular WiFi/RF Monitoring and Analysis Implementation
  • Uniband-installer - Wireless monitoring framework to help using kismet dumpcap and horst (installation files)
  • Wifi-linux - Simple python script to monitor access point signal strength.
  • Wifi-monitor -
  • Wifi-monitor - Python, py_libpcap, handover
  • WiPy - Sends the WiFi signal strength from multiple clients to a central server. Built for Arch Linux ARM running on Raspberry pi 2
  • WLAN-Monitoring - Monitor our vicinity to monitor wireless devices and traffic
  • wmon - A Wireless Network Monitor with advanced measurement capabilities.