{"id":13578497,"url":"https://github.com/Ragnt/AngryOxide","last_synced_at":"2025-04-05T19:33:12.379Z","repository":{"id":202994840,"uuid":"708570580","full_name":"Ragnt/AngryOxide","owner":"Ragnt","description":"802.11 Attack Tool","archived":false,"fork":false,"pushed_at":"2025-03-28T01:43:44.000Z","size":14166,"stargazers_count":1402,"open_issues_count":7,"forks_count":78,"subscribers_count":26,"default_branch":"master","last_synced_at":"2025-03-28T19:53:56.432Z","etag":null,"topics":["802-11","aircrack","aircrack-ng","netsec","netsec-tools","penetration-testing","pentesting","security-tools","wireless-security"],"latest_commit_sha":null,"homepage":"","language":"Rust","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Ragnt.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":".github/FUNDING.yml","license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null},"funding":{"github":"Ragnt"}},"created_at":"2023-10-22T23:39:38.000Z","updated_at":"2025-03-28T08:29:46.000Z","dependencies_parsed_at":null,"dependency_job_id":"616f019f-fd33-49ba-b445-71a539742e5d","html_url":"https://github.com/Ragnt/AngryOxide","commit_stats":null,"previous_names":["ragnt/wpapwn"],"tags_count":59,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Ragnt%2FAngryOxide","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Ragnt%2FAngryOxide/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Ragnt%2FAngryOxide/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Ragnt%2FAngryOxide/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Ragnt","download_url":"https://codeload.github.com/Ragnt/AngryOxide/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247393003,"owners_count":20931802,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["802-11","aircrack","aircrack-ng","netsec","netsec-tools","penetration-testing","pentesting","security-tools","wireless-security"],"created_at":"2024-08-01T15:01:31.142Z","updated_at":"2025-04-05T19:33:12.362Z","avatar_url":"https://github.com/Ragnt.png","language":"Rust","funding_links":["https://github.com/sponsors/Ragnt"],"categories":["Rust"],"sub_categories":[],"readme":"# AngryOxide 😡\n\n![Logo](death.png)\n\n### A 802.11 Attack tool built in Rust 🦀 !\n\n[![Builds and Release](https://github.com/Ragnt/AngryOxide/actions/workflows/ci.yml/badge.svg?branch=master)](https://github.com/Ragnt/AngryOxide/actions/workflows/ci.yml) ![GitHub commit activity](https://img.shields.io/github/commit-activity/m/Ragnt/AngryOxide) [![Discord](https://img.shields.io/discord/1194365883099922643)](https://discord.gg/QsEgaFndsQ)\n\n**This tool is for research purposes only. I am not responsible for anything you do or damage you cause while using AngryOxide. Only use against networks that you have permission.**\n\nAngryOxide was developed as a way to learn Rust, netlink, kernel sockets, and WiFi exploitation all at once.\n\nYou can get information about how to use AngryOxide in the [User Guide](https://github.com/Ragnt/AngryOxide/wiki/1.-User-Guide).\n\nNOTE: This project is under HEAVY development and you can expect a very fast release cycle.\n\nThe overall goal of this tool is to provide a single-interface survey capability with advanced automated attacks that result in valid hashlines you can crack with [Hashcat](https://hashcat.net/hashcat/).\n\nThis tool is heavily inspired by [hcxdumptool](https://github.com/ZerBea/hcxdumptool) and development wouldn't have been possible without help from ZerBea.\n\nIf you have questions or any issues, you can reach me on the [AngryOxide Discord](https://discord.gg/QsEgaFndsQ)\n\n## I wanna use it!\n\nYou can download pre-compiled binaries of AngryOxide in the [releases](https://github.com/Ragnt/AngryOxide/releases/latest).\n\n```bash\ntar -xf angryoxide-linux-x86_64.tar.gz # Untar\nchmod +x install.sh # Make executable\nsudo ./install.sh # Install (as root, including zsh/bash completions)\n```\n\nYou can get information about how to use AngryOxide in the [User Guide](https://github.com/Ragnt/AngryOxide/wiki/1.-User-Guide).\n\n#### Uninstalling:\n\n```bash\nsudo ./install.sh uninstall # Uninstall\n```\n\n## Features\n\n- Active state-based attack engine used to retrieve relevent EAPOL messages from Access Points and clients.\n- Target option that accepts MAC (aabbcc..., aa:bb:cc...) and SSID \"Test_SSID\" to limit attack scope.\n- Whitelist option to protect specific networks from attacks. Useful if not using targets.\n- Auto Hunt capability to find all target channels and hop between them.\n- A Terminal-UI that presents all relevent data while still living in the terminal for easy usage over SSH.\n- A grepable \"Headless\" operation mode that simply prints status output, ready to be redirected to a log file.\n- Limits DEAUTHENTICATION frames that can cause more damage than good to the authentication sequence.\n- EAPOL 4-Way-Handshake validation using Nonce Correction, Replay Counter validation, and Temporal validation.\n- Automatically elicits PMKID from access points where available.\n- Utilizes GPSD with ability to set remote GPSD service address.\n- Ability to enable geo-fencing to force AO to only run when inside a geometric area specified by a latitude, longitude, and radius.\n- Provides pcapng files with embedded GPS using the [Kismet Format](https://www.kismetwireless.net/docs/dev/pcapng_gps/).\n- Provides a kismetdb file with all frames (with GPS) for post-processing.\n- Wraps all output files in a gzipped tarball.\n- Bash autocompletions for easy interface selection provided.\n\n## Attacks\n\nWill by default attack ALL access points in range, unless atleast one target is supplied, at which point the tool will only transmit against defined targets. (But will still passively collect on other access points).\n\n- Attempts authentication/association sequence to produce EAPOL Message 1 (PMKID Collection)\n- Attempts to retrieve hidden SSID's with direct probe requests.\n- Utilizes Anonymous Reassociation to force Access Points to deauthenticate their own clients (MFP Bypass)\n- Will attempt to send Channel Switch Announcement to send clients to adjacent channels.\n- Attempts to downgrade RSN modes to WPA2-CCMP (Probe Response Injection via RogueM2)\n- Attempts to collect EAPOL M2 from stations based solely on Probe Requests (RogueM2)\n- Attempts to disassociate clients using WiFi 6e codes that prevent blacklisting\n- All attacks can be manually disabled.\n\nAll of these attacks are rate-controlled both to prevent erroneous EAPOL timer resets and to maintain some level of operational security.\n\n## Help\n\n```\n❯ angryoxide --help\nDoes awesome things... with wifi.\n\nUsage: angryoxide [OPTIONS] --interface \u003cINTERFACE\u003e\n\nOptions:\n -i, --interface \u003cINTERFACE\u003e Interface to use\n -c, --channel \u003cCHANNEL\u003e Optional - Channel to scan. Will use \"-c 1,6,11\" if none specified\n -b, --band \u003c2 | 5 | 6 | 60\u003e Optional - Entire band to scan - will include all channels interface can support\n -o, --output \u003cOutput Filename\u003e Optional - Output filename\n -h, --help Print help\n -V, --version Print version\n\nTargeting:\n -t, --target-entry \u003cTarget MAC/SSID\u003e\n Optional - Target (MAC or SSID) to attack - will attack everything if none specified\n -w, --whitelist-entry \u003cWhiteList MAC/SSID\u003e\n Optional - Whitelist (MAC or SSID) to NOT attack\n --targetlist \u003cTargets File\u003e\n Optional - File to load target entries from\n --whitelist \u003cWhitelist File\u003e\n Optional - File to load whitelist entries from\n\nAdvanced Options:\n -r, --rate \u003cAttack Rate\u003e Optional - Attack rate (1, 2, 3 || 3 is most aggressive) [default: 2]\n --combine Optional - Combine all hc22000 files into one large file for bulk processing\n --noactive Optional - Disable Active Monitor mode\n --rogue \u003cMAC Address\u003e Optional - Tx MAC for rogue-based attacks - will randomize if excluded\n --gpsd \u003cGPSD Host:Port\u003e Optional - Alter default HOST:Port for GPSD connection [default: 127.0.0.1:2947]\n --autohunt Optional - AO will auto-hunt all channels then lock in on the ones targets are on\n --headless Optional - Set the tool to headless mode without a UI. (useful with --autoexit)\n --autoexit Optional - AO will auto-exit when all targets have a valid hashline\n --notransmit Optional - Do not transmit - passive only\n --notar Optional - Do not tar output files\n --disablemouse Optional - Disable mouse capture (scroll wheel)\n --dwell \u003cDwell Time (seconds)\u003e Optional - Adjust channel hop dwell time [default: 2]\n\nGeofencing:\n --geofence\n Optional - Enable geofencing using a specified latlng and distance\n --center \u003cCENTER\u003e\n Lat,Lng for geofencing (required if geofence is enabled)\n --distance \u003cDISTANCE\u003e\n Distance in meters from the center (required if geofence is enabled)\n --geofence-timeout \u003cGEOFENCE_TIMEOUT\u003e\n Timeout to disable geofence if GPS is lost. (default 300 seconds) [default: 300]\n\nAttacks:\n --disable-deauth Optional - Do NOT send deauthentication attacks\n --disable-pmkid Optional - Do NOT attempt to associate for PMKID\n --disable-anon Optional - Do NOT send anonymous reassociation attacks\n --disable-csa Optional - Do NOT send Channel Switch Announcment attacks\n --disable-disassoc Optional - Do NOT send disassociation attacks\n --disable-roguem2 Optional - Do NOT attempt rogue M2 collection\n```\n\n## Building from source\n\nIf you want to build from source instead of using precompiled binaries, these are the basic instructions:\n\n```\n# Install Rust\ncurl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh\n\n# Clone this repo\ngit clone --recurse-submodules https://github.com/Ragnt/AngryOxide.git\n\n# Build/Install\ncd AngryOxide\nmake\nsudo make install\n```\n\nThis will build from source, install into /usr/bin/angryoxide, and install the bash completions for you.\n\n### Cross compiling:\n\nI use [cross](https://github.com/cross-rs/cross) to cross compile to embedded architectures.\n\nHere is MIPS (mips-unknown-linux-musl) as an example.\n\n```\n# make sure you have the nightly installed\nrustup install nightly\n\n# dynamically linked \u0026 soft-float\ncross build +nightly --target mips-unknown-linux-musl --release -Zbuild-std\n```\n\n\n### Completions script:\n\nThese make using AngryOxide with bash and zsh a bit more fluid, automatically finding your wireless interfaces for you and showing you the arguments in a tab-completable way.\n\n## Screenshots!\n\n![Access Points Page](screenshots/ap_tab.png)\n![Handshakes Page](screenshots/handshakes_tab.png)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FRagnt%2FAngryOxide","html_url":"https://awesome.ecosyste.ms/projects/github.com%2FRagnt%2FAngryOxide","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FRagnt%2FAngryOxide/lists"}