Detecting vulnerabilities in the WLAN with Wifislax
Overview
Many analysis programs, such as the Angry IP scanner, Etherape, Iptraf, the Net Activity Viewer, Wireshark, and Zenmap are available in the Wifislax | Network Tools menu to give you an overview of your a network.
These tools not only graphically visualize the local network but also provide the first indications of malicious or unusual traffic. With the well-known sniffing tool Ettercap, you can also record data transmissions, including insecure passwords on the internal network.
The Hping3, Mdk3, and Yersinia programs reveal weak spots in firewalls, clients, servers or routers using data flooding technologies. Yersinia also exploits known vulnerabilities in different network protocols to detect configuration deficits.
Applications such as Medusa and Hydra are dedicated to securing passwords and authentication mechanisms. Using dictionary attacks, these tools try to decrypt passwords, although Medusa primarily concentrates on the WLAN router. However, most programs from this group only work if you switch the computer's WLAN card to the monitor mode. You can do this at the command line with the command airmon-ng
: Without any parameters, it shows the WLAN card's current status. Then – if the WLAN adapter is not yet in monitor mode – enter the command airmon-ng start <Adapter>
(Figure 3).
You will also find tools that use a dictionary attack in the Decrypters menu. The menu assigns the tools to country-specific groups and also takes special hardware into account. For example, special scripts are available for providers Alice and Vodafone; they target the routers supplied by these providers, sounding them out for security vulnerabilities. The scripts that examine WLAN routers from manufacturers such as D-Link or TP-Link for gaps in the authentication are more neutral in their approach.
Additionally, other tools work independently of manufacturer and device. You can find these tools in the Suite aircrack-ng, Wireless, and Wpa submenus. The Aircrack suite offers extensive opportunities for sniffing data traffic on a WLAN; it can also extract WEP, WPA, and WPA2 keys from the WLAN using brute-force and dictionary attacks. Also, tools in the Aircrack suite can decrypt data streams that have been "secured" using a WEP or WPA key, provided that the associated key is known.
The Wireless and Wpa menus group offer additional analysis tools, which are again a mixture of command-based programs and tools with a graphical user interface. The focus of these utilities is also in finding and testing WLAN networks.
Lesser-known software, such as Wifi Metropolis, Minidwep-gtk (Figure 4), and GOYscript, are included, as well as the standard WLAN sniffer Kismet. The Wpa menu also includes several programs for recording WPA handshakes, such as Autohs GUI, coWPAtty, or HandShaker.
Many newer devices are integrated using WPS (WiFi Protected Setup) without cumbersome key acquisition on a WLAN. Authentication is usually performed using a PIN. This method has serious security vulnerabilities. Wifislax developers implemented their own Wpa wps submenu in order to detect the weak points on the WLAN. The Wpa wps submenu contains software that is suitable for detecting WPS-enabled devices on the WLAN, testing existing keys, and also generating PIN codes.
Additional Software
Wifislax may focus on network security, but it also provides several applications for data reconstruction. These include the programs Testdisk and Qphotorec programs in the System | Repair & Recover Tools menus. For forensic tasks under Wifislax | Forensics, you will also find some useful programs such as Dumpzilla and Grampus, which can be use for extracting metadata for forensic tasks.
If you are missing an application, you can install it using the package management system. Wifislax uses Slackware package management and – in the form of Gslapt – also provides a graphical interface for software installation that is strongly reminiscent of Synaptic under System | Wifislax packets administrator. You will also find a converter that allows you to convert third-party packages to the XZM package format used by Slackware (Figure 5).
Conclusions
Wifislax offers a good selection of testing tools, which you can use to track security vulnerabilities quickly for virtually all common WLAN security application scenarios. In addition, the Wifislax distribution is also capable of data reconstruction. The cumbersome installation wizard and the incomplete localization of certain programs are both areas for improvement.
Infos
« Previous 1 2
Buy this article as PDF
(incl. VAT)
Buy Linux Magazine
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters
Support Our Work
Linux Magazine content is made possible with support from readers like you. Please consider contributing when you’ve found an article to be beneficial.
![Learn More](https://www.linux-magazine.com/var/linux_magazin/storage/images/media/linux-magazine-eng-us/images/misc/learn-more/834592-1-eng-US/Learn-More_medium.png)
News
-
NVIDIA Released Driver for Upcoming NVIDIA 560 GPU for Linux
Not only has NVIDIA released the driver for its upcoming CPU series, it's the first release that defaults to using open-source GPU kernel modules.
-
OpenMandriva Lx 24.07 Released
If you’re into rolling release Linux distributions, OpenMandriva ROME has a new snapshot with a new kernel.
-
Kernel 6.10 Available for General Usage
Linus Torvalds has released the 6.10 kernel and it includes significant performance increases for Intel Core hybrid systems and more.
-
TUXEDO Computers Releases InfinityBook Pro 14 Gen9 Laptop
Sporting either AMD or Intel CPUs, the TUXEDO InfinityBook Pro 14 is an extremely compact, lightweight, sturdy powerhouse.
-
Google Extends Support for Linux Kernels Used for Android
Because the LTS Linux kernel releases are so important to Android, Google has decided to extend the support period beyond that offered by the kernel development team.
-
Linux Mint 22 Stable Delayed
If you're anxious about getting your hands on the stable release of Linux Mint 22, it looks as if you're going to have to wait a bit longer.
-
Nitrux 3.5.1 Available for Install
The latest version of the immutable, systemd-free distribution includes an updated kernel and NVIDIA driver.
-
Debian 12.6 Released with Plenty of Bug Fixes and Updates
The sixth update to Debian "Bookworm" is all about security mitigations and making adjustments for some "serious problems."
-
Canonical Offers 12-Year LTS for Open Source Docker Images
Canonical is expanding its LTS offering to reach beyond the DEB packages with a new distro-less Docker image.
-
Plasma Desktop 6.1 Released with Several Enhancements
If you're a fan of Plasma Desktop, you should be excited about this new point release.