Wi-Fi audits are the order of the day, it is essential to check the wireless security of our router, since, on many occasions, the Wi-Fi routers of our operators are poorly configured at the factory, and therefore, are vulnerable to different types of attacks. Currently, there are a large number of tools to carry out this type of audits, and we can even use operating systems that are oriented to this type of audits, to have all the tools you need pre-installed. In addition, you can have some tools on your Android or iOS mobile.
Essential tools to be able to audit Wi-Fi networks
Wi-Fi network scanner
They can be installed on both Android / iOS mobiles and computers. It is one of the easiest tools to install and learn to use. Since they allow you to have a complete overview of all the wireless access points that are close to you. You will access the most important details, signal level, type of encryption used, and the MAC address of the AP.
You can take advantage of stumblers by running into networks using weak security protocols, such as WEP or the older version of the well-known WPA. If there are APs with hidden or unset SSIDs, some stumblers may reveal them. If you use this tool at the corporate level, you can find out about people who might be wanting the internal network. For Windows operating systems, the best Wi-Fi network scanner is Acrylic Wi-Fi, and also Acrylic Wi-Fi professional with more display options and even has the possibility of making your own scripts.
This class of tools is much more practical to use on mobiles, mainly due to their practicality and mobility. Wherever you go, you can count on a tool that scans Wi-Fi networks installed on your mobile, and have the information you need at the moment. An alternative for Android devices is called WiFi Analyzer, it is completely free and shows information of the nearby access points of both the 2.4 GHz and 5 GHz bands if found.
If you need to save the displayed information, you can export it in XML format so that you can adapt it to your needs later, or simply share that same file by email. It has graphics detailing the signal level, its history, and its level of use. It has a built-in signal meter that allows you to find APs close to your location.
If you have any of the iOS mobile options, you can download and try Network Analyzer Pro. It is not free, but it has a variety of features that makes it quite complete, as is the case with the Android app.
Tools that show other wireless network details
The importance of these tools lies in the fact that they reveal how a compromised or stolen device can contain a lot of sensitive information, as well as various documents or files. It also highlights how important it is to use 802.1x type authentication where users have individual access credentials for the Wi-Fi network, especially in the corporate environment or in places where this connectivity is offered as a service or facility.
WirelessKeyView is a tool that can support you. It is free and lists all the WEP, WPA, and WPA2 keys that were stored on your Windows computer at some point.
On the other hand, Aircrack-ng is an open-source suite of tools for cracking WEP and WPA / WPA2 keys and is starting to be updated for WPA3 networks. It is compatible with Windows, Mac OS X, Linux, and OpenBSD. In addition, you can view access points that are close to you, including those with hidden or unavailable SSIDs. It also has sniffer functions that capture packets, inject and reproduce traffic, and, of course, it is capable of cracking access passwords, depending on whether enough packets have been captured for it (in the case of WEP), or if you have captured the handshake in the case of WPA / WPA2.
Unlike wireless network scanners, sniffers go one step further by capturing information about APs, which is used to analyze packets that are transmitted over the wireless network. The traffic information captured can be imported into other tools that we may have, such as an aircraft-ng type cracker.
There are sniffers that can analyze the packets that travel through the network and/or encrypt them. Also, other types of sniffers report only certain types of network traffic, as well as those that are designed to reveal passwords that are in plain text.
Kismet is a very complete free and open-source solution with complete documentation. It has functions of stumbler, sniffer of packages, and even has an intrusion detection system. The latter can run on Windows 10 using the WSL framework, Mac OS X, Linux, and BSD. View the access points, their SSIDs, and those that do not have it or are hidden, they cannot hide from this tool.
As we mentioned, it manages to capture the packets, which you can later import into other well-known tools such as Wireshark, TCPdump, and others. So far and as an exception if you use Windows, Kismet only works with CACE AirPcap Wi-Fi adapters. This is so due to the limitations of the operating system itself. However, it does support a large number of adapters on Mac OS X and Linux.
If you want to go to the next level, we recommend CommView Wi-Fi. It is one of the most popular and complete solutions that we can find. Although it is not a free tool, you can test all its features with a 30-day trial. One of its strengths is that it has a dedicated module for VoIP, which allows a detailed analysis that includes SIP-type recordings and reproductions and H.323-type voice communications.
With this solution, packets can be decrypted using WEP or WPA / WPA2-PSK keys and are decoded down to the lowest instance. It has wide support of more than 100 protocols and its tree-like structure gives you the complete panorama of each captured packet, displaying the protocols applied to each layer and its headers. It is quite wide and highly extensible.
Kali Linux: the star of the hacking world
It is not possible to stop recommending the hacking oriented operating system. Kali Linux is quite popular and not only allows you to perform a common Linux-type installation on a computer, but you can also transfer it to a boot disk. In addition, you can run it on any other computer as a virtual one using VMWare, Virtual Box, and others.
Among the large number of computer forensic tools it contains, you can find some oriented to perform pen-testing on Wi-Fi networks. We can highlight that Kismet (already mentioned above) and Aircrack-ng are included. This operating system is completely free, in addition, the tools that we have suggested, have a high level of support on their website. You have at your disposal all the necessary documentation to start from scratch. Some of the star tools for auditing Wi-Fi networks are:
- Reaver: hack into a network that has the PIN type WPS activated, so if your Wi-Fi network has WPS activated we recommend deactivating it.
- FreeRadius-WPE performs man-in-the-middle attacks when performing 802.1x authentication
- Wi-Fi Honey creates a kind of honeycomb (honey pot) that attracts people who want to connect to an access point. Therefore, it creates fake APs to capture the traffic they generate and carry out man-in-the-middle attacks.
WiFiSlax: the best for Wi-Fi networks in Spain
Another Linux-based distribution that we cannot forget for Wi-Fi audits is WiFiSlax, a fundamental distribution that has more tools for Wi-Fi networks than Kali Linux, so if you are going to focus specifically on Wi-Fi wireless networks- Fi, better use WiFiSlax which is also totally free.
Remember that you don’t need to hack into other people’s Wi-Fi networks to test your skills. You can experiment with your group of friends or if you are alone, you can try your own network. Getting started in the world of hacking opens the doors to the knowledge that you can take advantage of to achieve your personal satisfaction.