ivanlei/airodump-iv: A python implementation of airodump-ng

A python implementation of airodump-ng - the classic wifi sniffing tool.

airodump-iv is probably inferior in a lot of ways to airodump-ng but is being written as a learning tool. It might also be useful to python developers interested in wifi sniffing.

Currently the only feature in airodump-iv not in airodump-ng is clearly identifying the SSIDs for hidden networks (when possible).

airodump.py is being developed in ubuntu precise with an Alpha AWUS036H or D-Link DWA-123 wireless card.

For more BackTrack: http://www.backtrack-linux.org/
For more Alpha AWUS036H: https://www.google.com/search?q=Alpha+AWUS036H
For more D-Link DWA-123: http://www.dlink.co.in/products/?pid=528 TODO

airodump.py makes uses of scapy for sniffing and protocol/structure parsing

For more scapy: http://www.secdev.org/projects/scapy/
For better scapy docs: http://fossies.org/dox/scapy-2.2.0/index.html

My interest in this project was kicked off by a wifi penetration class @ Blackhat EU. Since then I've read quite a few protocol documents.

For more on the class: http://www.blackhat.com/eu-13/training/advanced-wifi-penetration-testing.html
The class basically followed this book: http://www.amazon.com/BackTrack-Wireless-Penetration-Testing-Beginners/dp/1849515581
802.11 base spec - http://standards.ieee.org/getieee802/download/802.11-2012.pdf
802.11i security spec - http://standards.ieee.org/getieee802/download/802.11i-2004.pdf
Radiotap Headers - http://www.radiotap.org/
Wireless Extensions IOCTL - less /usr/include/linux/wireless.h

Steps to run include:

Grab the code:
- git clone git://github.com/ivanlei/airodump-iv.git
- git submodule init
- git submodule update
- cd airodump-iv/airoiv
Set wireless card into monitor mode:
- sudo airmon-ng check kill
- sudo airmon-ng start wlan0
Once the card is in monitor mode:
- sudo python airodump-iv.py
To exit
- CTRL-C (... repeatedly sometimes)

Useful options include:

--iface=IFACE - Set the interface to sniff on. By default mon0.
--channel=CHANNEL - Monitor a single channel. By default it will channel-hop.
--max-channel=MAX_CHANNEL - Set maximum channel during hopping. By default queries Wireless Extensions.
--packet_count=PACKET_COUNT - Number of packets to capture. By default unlimited.
--input-file=INPUT_FILE - Read from PCAP file.
-v - Verbose mode. Does not play well with curses mode.
--no-curses - Disable the curses interface.

A Ubuntu precise Vagrantfile is included in the project. It will use puppet standalone to configure a clean wifi test environment in VirtualBox that includes airocrack-ng (from unofficial apt repo), iw tools, wireless-tools, and the contents of this repo.

After installing Vagrant and Virtualbox:

Boot the box:
- cd airodump-iv/Vagrant
- vagrant up airoiv01
- vagrant ssh airoiv01
Let the box see a usb wifi adapter. From the host:
- vboxmanage list usbhost and find the UUID of the USB device
- vboxmanage list vms and find the UUID of the vm
- vboxmanager controlvm <UUID-of-vm> usbattach <UUID-of-usb-device>

Implement channel hopping in a standards compliant manner
Fix curses mode display to not have quite so many bugs
Improve station display
Test with other wifi cards
Write unit tests
Cleanup code
World peace

Join GitHub today

README.md