The Evil Twin with Deauth, Sniffer, Captive, Beacon flood on ESP8266Designed by Razor in Poland
What is it? If you have ever played with pen testing you probably know what an Evil Twin is. Still not heard of it? "An evil twin is a fraudulent Wi-Fi access point that appears to be legitimate bu...Read More…
If you have ever played with pen testing you probably know what an Evil Twin is. Still not heard of it?
"An evil twin is a fraudulent Wi-Fi access point that appears to be legitimate but is set up to eavesdrop on wireless communications." [WIKI]
Attracthor is a fully working EvilTwin that you can run against your network to see if you are vulnerable for attack.
The main purpose of AttracThor is to obtain a target AP WiFi password. This can be done with a single AttracThor or a distributed approach by placing a few AttracThors around your Lab.
Here is the list of implemented features, tested and pwning:
|Anti Channel Hopping||Yes||Follow target AP Channel|
|Anti SSID change||Yes||Follow target AP SSID|
|Password validation||Yes||Immediately/Every reboot|
|DNS Server||Yes||Part of Captive + Logging|
|Deep view||Yes||Number of STA's connected, Captive viewers, totals|
|Web Configuration||Yes||Simple config panel|
|Monitoring||Yes||Additional binary included to listen updates over WiFi or WEB|
|Remote reboot||Yes||To reboot remotely via WWW|
|Firmware Upgrade option||Yes||Via WEB page|
|Hackable||Yes||This is ESP8266, you can plugin and hack as you want|
|- All of this is on a pocket size device.|
|- AttracThor is built on ESP8266 Wemos D1 Pro board with external antenna.|
|- The case is 3d Printed in PLA.|
It is a device that I need when I play with pen-testing my lab.
There is nothing like this on the market to purchase. Most of the devices I've seen just perform deauth - which is a tiny part of the whole process. Running this attack on Raspberry PI is messy, and having this in a 5V small version allows you to use this as a throwie, and without the hassle of setting up OS and configuring.
You can run it on power bank, on solar power, or you can buy a Wemos D1 Battery shield.
It has a built in protocol (over WiFi) that sends out status for each of your deployed AttracThors in WiFi Range. Thanks to which you don't have to look at them. All you do is sit at home or in your car and listen to the updates as they come in on your terminal via WiFi.
You can use it as a throwie, or run it from a drone - the sky is the limit.
I don't want to host separate pages so I will keep Tindie up-to-date with upgrades, and reply to your feedback.
If we find we need a community, we can go for that later on.
New binaries will be also posted here (links).
AttracThor Sister MD5: bc063ea52ad8275435cf1b524b72a4e7
AttracThor 1.2 release MD5 (ATTRACTHOR.1_2.bin.zip) = 8fcf04114901fefaa6edc237b486aea5
This is to be used only for testing and educational purposes against your own devices! I don't take responsibility for what you do with it.
Please check the legal regulations for your country to make sure you don't violate any laws.
New software version in testing (1.2) including:
Anti Channel Hopping - It happens that new AP's like to do channel hopping to find less congested channel. AttracThor will identify this behavior and follow AP channel.
Added Beacon Mist - When this is enabled, Attracthor will broadcast 16 additional beacons all over, to flood the list of available WiFi networks - even more enhancing to join our ET. Whichever you click, you will land on our captive portal.
Deauth is now an option in setup screen
Extended auto-reboot time to 24hrs
AttracThor Sister now available for oldskewl N900 ;-)
Few additions to the firmware including:
Better differentiations between Visitors and AP Clients (STA's) connected.
Added the last visitor time, so it helps to determine when he was connected to your AttracThor
Changed the DHCP lease time to help out refreshing internal ESP counters on the list of connected devices.
Manual uploaded Link: https://gofile.io/d/h7suX8
EvilTwin AttracThor sister binary uploaded MD5: bc063ea52ad8275435cf1b524b72a4e7 Link: https://gofile.io/d/dqTaAu
|Shipping Rate||Ships From||First item||Additional items|
Poczta Polska: Standard Ground Rate
We recognize our top users by making them a Tindarian. Tindarians have access to secret & unreleased features.
We look for the most active & best members of the Tindie community, and invite them to join. There isn't a selection process or form to fill out. The only way to become a Tindarian is by being a nice & active member of the Tindie community!