Fluxion – Automated EvilAP Attack Tool


Fluxion is an automated EvilAP attack tool for carrying out MiTM attacks on WPA Wireless networks written in a mix of Bash and Python.

Fluxion - Automated EvilAP Attack Tool

Fluxion is heavily based off Linset the Evil Twin Attack Bash Script, with some improvements and bug-fixes.


How it Works

  • Scan the networks.
  • Capture a handshake (can’t be used without a valid handshake, it’s necessary to verify the password)
  • Use WEB Interface *
  • Launch a FakeAP instance to imitate the original access point
  • Spawns a MDK3 process, which deauthenticates all users connected to the target network, so they can be lured to connect to the FakeAP and enter the WPA password.
  • A fake DNS server is launched in order to capture all DNS requests and redirect them to the host running the script
  • A captive portal is launched in order to serve a page, which prompts the user to enter their WPA password
  • Each submitted password is verified by the handshake captured earlier
  • The attack will automatically terminate, as soon as a correct password is submitted

Dependencies

  1. Aircrack : 1:1.2-0~rc4-0parrot0
  2. Lighttpd : 1.439-1
  3. Hostapd : 1:2.3-2.3

You can download Fluxion here:

– Latest Stable: fluxion-0.22.zip
– Pre-release: fluxion-0.23.zip

Or read more here.

Posted in: Hacking Tools, Networking Hacking, Password Cracking, Wireless Hacking

,


Latest Posts:


zBang - Privileged Account Threat Detection Tool zBang – Privileged Account Threat Detection Tool
zBang is a risk assessment tool for Privileged Account Threat Detection on a scanned network, organizations & red teams can use it to identify attack vectors
Memhunter - Automated Memory Resident Malware Detection Memhunter – Automated Memory Resident Malware Detection
Memhunter is an Automated Memory Resident Malware Detection tool for the hunting of memory resident malware at scale, improving threat hunter analysis process.
Sandcastle - AWS S3 Bucket Enumeration Tool Sandcastle – AWS S3 Bucket Enumeration Tool
Sandcastle is an Amazon AWS S3 Bucket Enumeration Tool, formerly known as bucketCrawler. The script takes a target's name as the stem argument (e.g. shopify).
Astra - API Automated Security Testing For REST Astra – API Automated Security Testing For REST
Astra is a Python-based tool for API Automated Security Testing, REST API penetration testing is complex due to continuous changes in existing APIs.
Judas DNS - Nameserver DNS Poisoning Attack Tool Judas DNS – Nameserver DNS Poisoning Attack Tool
Judas DNS is a Nameserver DNS Poisoning Attack Tool which functions as a DNS proxy server built to be deployed in place of a taken over nameserver to perform targeted exploitation.
dsniff Download - Tools for Network Auditing & Password Sniffing dsniff Download – Tools for Network Auditing & Password Sniffing
Dsniff download is a collection of tools for network auditing & penetration testing. Dsniff, filesnarf, mailsnarf, msgsnarf, URLsnarf, and WebSpy passively monitor a network


Comments are closed.