Skip to content

Automated script for network attacks detection and network mapping detection

Notifications You must be signed in to change notification settings

panosdimitrellos/WiFi-NID

Repository files navigation

WiFi-NID

wifinid-small

About

WiFi-NID is a powerful Network Intrusion Detection tool written in Bash designed to detect various types of attacks in WiFi networks and networks in general. With WiFi-NID, you can capture live traffic and analyze captured files to identify potential security threats. This README provides an overview of the tool's features and instructions on how to use them effectively. WiFi-NID offers an innovative approach to detecting malicious activity in WiFi networks, by focusing on WiFi specific attack features to identify attacks that originate from the 802.11 layer. As WiFi-NID operates at the edge of the WiFi network, it can be easily integrated as an add-on security mechanism and may be complementary to general IDS solutions that do not focus at the WiFi layer. For more details about the tool, please refer to this paper: https://ieeexplore.ieee.org/document/10218077.

Update:

I extended my initial implementation to increase the efficiency of detection using mathematical and statistical techniques in detect_deauthentication_attacks.py. This approach can also be applied to detect Disassociation Attacks, Authentication DoS, and Fake AP Beacon Flooding. More details can be found in the related journal paper here: https://www.itu.int/pub/S-JNL-VOL5.ISSUE1-2024-A07

Table of contents

Installation

To install WiFi-NID, follow these steps:

  1. Clone the repository: git clone https://github.com/panosdimitrellos/WiFi-NID.git
  2. Change to the project directory: cd WiFi-NID
  3. Install the required dependencies: bash install_required_packages.sh
  4. Ensure that the pcap file you want to analyze is in the same directory as the tool.

Installation on Windows

WiFI-NID is written in Bash, so to run it on Windows you can use a Unix-like environment. Here is some popular options for Unix-like enviroments you could install and run the script.

Note: Make sure the WiFI-NID has the execute permission. You can set the permission using chmod +x wifinid.sh.

Usage

Open a terminal and navigate to the WiFi-NID project directory.

  1. Run the script: bash wifinid.sh
  2. You will be presented with a menu. Select the appropriate options as instructed.
  3. Depending on your selection, you may need to provide the pcap file to analyze or choose the type of attack to detect.
  4. WiFi-NID will generate a detailed report based on the analysis of the pcap file and display it in the terminal.
  5. Analyze already captured pcap files or capture live traffic and start analyzing them.

Supported features

Detection of Wireless Network Attacks

Using this option we can detect:

  • Deauthentication Attacks - from tools like aireplay-ng, mdk3 and mdk4.
  • Disassociation Attacks - from tools like mdk3 and mdk4.
  • Authentication DoSs - from tools like mdk3 and mdk4.
  • Fake AP Beacon Flood - from tools like mdk3 and mdk4.
  • WPS Bruteforce Attacks - from tools like reaver and bully.

image

Detection of Network Attacks

Using this option we can detect:

  • ARP Poisoning - from tools like arpspoof and ettercap.
  • ICMP Flood - from tools like fping and hping.
  • VLAN Hopping - from tools like frogger and yersinia (future work).

image

Detection of Network Port Scanning

Using this option we can detect:

  • TCP SYN Scan or Stealth Scan - from tools like nmap.
  • TCP Xmass Scan - from tools like nmap.
  • TCP Null Scan - from tools like nmap.
  • TCP FIN Scan - from tools like nmap.
  • TCP Connect() Scan - from tools like nmap.
  • UDP Port Scan - from tools like nmap.

image

Detection of Host Discovery

Using this option we can detect:

  • ARP Scanning - from tools like arp-scan.
  • IP Protocol Scan - from tools like nmap.
  • ICMP Ping Sweeps - from tools like nmap.
  • TCP Ping Sweeps - from tools like nmap.
  • UDP Ping Sweeps - from tools like nmap.

image

Detection of Unauthorized Login Attempts

This is an ongoing future work on WiFi-NID.

Using this option we can detect:

  • SSH Unauthorized Login Attempts
  • FTP Unauthorized Login Attempts
  • RDP Unauthorized Login Attempts

image

Examples

Here is an example of using WiFi-NID:

  • Analyzing a captured pcap file (LAB.pcapng) for Deauthentication attacks:

image ... image

Contributing

Contributions to WiFi-NID are welcome! If you have any improvements, bug fixes, or new features to propose, please submit a pull request

License

Nothing for now.

Contact

email: [email protected]

About

Automated script for network attacks detection and network mapping detection

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published