i SniffAir – An open-source wireless security framework – All things in moderation

SniffAir – An open-source wireless security framework

What is SniffAri?

SniffAir is an open-source wireless security framework which provides the ability to easily parse passively collected wireless data as well as launch sophisticated wireless attacks. SniffAir takes care of the hassle associated with managing large or multiple pcap files while thoroughly cross-examining and analyzing the traffic, looking for potential security flaws. Along with the prebuilt queries, SniffAir allows users to create custom queries for analyzing the wireless data stored in the backend SQL database. SniffAir is built on the concept of using these queries to extract data for wireless penetration test reports. The data can also be leveraged in setting up sophisticated wireless attacks included in SniffAir as modules.

SniffAir is developed by @Tyl0us and @theDarracott

Install

SniffAir was developed with Python version 2.7
Tested and supported on Kali Linux, Debian and Ubuntu.
Download SniffAir:

# git clone https://github.com/Tylous/SniffAir.git

To install run the setup.sh script

#./setup.sh

Usage

Begin
First create or load a new or existing workspace using the command workspace create workspace or workspace load workspace command. To view all existing workspaces use the workspace list command and workspace delete workspace command to delete the desired workspace:

Load data into a desired workplace from a pcap file using the command offline_capture the full path to the pcap file. To load a series of pcap files use the command offline_capture_list the full path to the file containing the list of pcap name (this file should contain the full patches to each pcap file). Use the live_capture interface name command to capture live wireless traffic using a wireless interface.

Load data into a desired workplace from a pcap file using the command offline_capture the full path to the pcap file. To load a series of pcap files use the command offline_capture_list the full path to the file containing the list of pcap name (this file should contain the full patches to each pcap file). Use the live_capture interface name command to capture live wireless traffic using a wireless interface.

>>  [demo]# offline_capture /root/sniffair/demo.pcapdump
[+] Importing /root/sniffair/demo.pcapdump
\
[+] Completed
[+] Cleaning Up Duplicates
[+] ESSIDs Observed

Modules
Modules can be used to analyze the data contained in the workspaces or perform offensive wireless attacks using the use command. For some modules additional variables may need to be set. They can be set using the set command set variable name variable value:

Leave a Reply