{"id":50846947,"url":"https://github.com/aykutsp/airscope","last_synced_at":"2026-06-14T10:34:20.101Z","repository":{"id":350487332,"uuid":"1207069400","full_name":"aykutsp/airscope","owner":"aykutsp","description":"A six-tool Rust suite for 802.11 recon, analysis, and frame crafting — airmon/airodump/aireplay/airbase/airview + a unified TUI launcher. Cross-platform, pcap-first, safe-by-default.","archived":false,"fork":false,"pushed_at":"2026-04-27T04:39:51.000Z","size":308,"stargazers_count":0,"open_issues_count":8,"forks_count":0,"subscribers_count":0,"default_branch":"master","last_synced_at":"2026-06-14T10:34:16.613Z","etag":null,"topics":["80211","cli","cross-platform","monitor-mode","network-analysis","network-security","packet-analysis","packet-capture","pcap","penetration-testing","security-tools","traffic-analysis","wifi-security"],"latest_commit_sha":null,"homepage":"","language":"Rust","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/aykutsp.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2026-04-10T14:42:02.000Z","updated_at":"2026-04-24T07:56:11.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/aykutsp/airscope","commit_stats":null,"previous_names":["aykutsp/airscope"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/aykutsp/airscope","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/aykutsp%2Fairscope","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/aykutsp%2Fairscope/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/aykutsp%2Fairscope/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/aykutsp%2Fairscope/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/aykutsp","download_url":"https://codeload.github.com/aykutsp/airscope/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/aykutsp%2Fairscope/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":34318523,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-26T15:22:16.424Z","status":"online","status_checked_at":"2026-06-14T02:00:07.365Z","response_time":62,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["80211","cli","cross-platform","monitor-mode","network-analysis","network-security","packet-analysis","packet-capture","pcap","penetration-testing","security-tools","traffic-analysis","wifi-security"],"created_at":"2026-06-14T10:34:15.886Z","updated_at":"2026-06-14T10:34:20.094Z","avatar_url":"https://github.com/aykutsp.png","language":"Rust","funding_links":[],"categories":[],"sub_categories":[],"readme":"\u003ch1 align=\"center\"\u003eairscope\u003c/h1\u003e\n\n\u003cp align=\"center\"\u003e\n \u003cem\u003ea wireless suite, reimagined in rust\u003c/em\u003e\n\u003c/p\u003e\n\n\u003cp align=\"center\"\u003e\n \u003ca href=\"https://github.com/aykutsp/airscope/actions/workflows/ci.yml\"\u003e\u003cimg alt=\"ci\" src=\"https://img.shields.io/github/actions/workflow/status/aykutsp/airscope/ci.yml?branch=master\u0026style=flat-square\u0026label=ci\u0026logo=github\"\u003e\u003c/a\u003e\n \u003ca href=\"https://github.com/aykutsp/airscope/actions/workflows/audit.yml\"\u003e\u003cimg alt=\"audit\" src=\"https://img.shields.io/github/actions/workflow/status/aykutsp/airscope/audit.yml?branch=master\u0026style=flat-square\u0026label=audit\u0026logo=github\"\u003e\u003c/a\u003e\n \u003ca href=\"https://www.rust-lang.org/\"\u003e\u003cimg alt=\"rust\" src=\"https://img.shields.io/badge/rust-1.88%2B-dea584?style=flat-square\u0026logo=rust\u0026logoColor=white\"\u003e\u003c/a\u003e\n \u003cimg alt=\"platforms\" src=\"https://img.shields.io/badge/platform-linux%20%7C%20macos%20%7C%20windows-555?style=flat-square\"\u003e\n \u003cimg alt=\"unsafe\" src=\"https://img.shields.io/badge/unsafe-forbidden-success?style=flat-square\"\u003e\n \u003ca href=\"LICENSE\"\u003e\u003cimg alt=\"license\" src=\"https://img.shields.io/badge/license-MIT-yellow?style=flat-square\"\u003e\u003c/a\u003e\n \u003cimg alt=\"version\" src=\"https://img.shields.io/badge/version-0.2.0-78dce8?style=flat-square\"\u003e\n \u003cimg alt=\"status\" src=\"https://img.shields.io/badge/status-alpha-f5c06f?style=flat-square\"\u003e\n\u003c/p\u003e\n\n---\n\n**airscope** is a six-tool Rust workspace that covers the same surface\nas the classic aircrack-ng suite — monitor-mode setup, scanning,\ninjection, soft AP, and offline packet inspection — with a modern\nterminal UI, a hand-rolled 802.11 parser, and a clean cross-platform\nstory. Every tool is its own binary so you can script them\nindividually, or drive them from the unified `airscope` launcher when\nyou just want a pretty menu.\n\n```\n ▞▞▞ airscope ▞▞▞\n ─────────────────────────────────────────\n ▶ airmon monitor-mode manager\n airodump real-time 802.11 scanner\n aireplay frame builder + injector\n airbase beacon / soft AP generator\n airview offline pcap browser\n ─────────────────────────────────────────\n [↑/↓] navigate [↵] launch [q] quit\n```\n\n---\n\n## screenshot\n\n`airodump` running live against a Windows Wi-Fi adapter. The fuzzy\nmatcher resolved `Wi-Fi` to the right Npcap device, the linktype\nturned out to be Ethernet (the stock managed-mode driver strips the\n802.11 headers), and the TUI surfaces a sticky `⚠ heads up` banner\nthat explains the situation in plain English instead of leaving the\ntables silently empty.\n\n\u003cp align=\"center\"\u003e\n \u003cimg src=\"assets/screenshots/airodump-managed-mode-warning.png\" alt=\"airodump TUI showing the managed-mode heads-up banner on Windows\" width=\"900\"\u003e\n\u003c/p\u003e\n\n\u003e The same scanner running on a Linux monitor-mode interface looks\n\u003e identical, just without the warning bar — and with the AP / station\n\u003e tables actually filling up.\n\n---\n\n## requirements\n\nThere are **two build modes** with two different requirements profiles.\nPick the one that matches what you want to do:\n\n### default build — no radio, no SDK\n\nEverything in the suite that doesn't touch a physical Wi-Fi card\nworks here: the 802.11 parser, frame builders, pcap file replay,\npcap writer, the TUI launcher, and `airview`. This is also what CI\nuses.\n\n| thing you need | how to get it |\n|--------------------|---------------|\n| **Rust ≥ 1.88** | install via [rustup.rs](https://rustup.rs) |\n| **git** | any recent version |\n| a terminal with 256-colour + unicode | Windows Terminal / iTerm2 / Alacritty / any modern emulator |\n\nThat's it. `cargo build --release` will produce every binary with\nzero extra dependencies, and `airodump --read samples/demo-01.pcap`\nwill run on any OS.\n\n### live-capture build — reading packets off a real radio\n\nThe moment you want `airodump -i wlan0`, `aireplay` to actually\ninject, or `airbase` to hit the air, you need a packet-capture\nlibrary for your OS. Rebuild with the `live` feature after\ninstalling the right native package.\n\n| platform | native dep | monitor mode? |\n|--------------------|-----------------------------------------------------------|--------------------------|\n| **Linux** | `libpcap-dev` (apt) / `libpcap-devel` (dnf) / `libpcap` (pacman) | ✅ supported drivers |\n| **macOS** | `brew install libpcap` | ⚠️ via Wireless Diagnostics |\n| **Windows (MSVC)** | [Npcap runtime](https://npcap.com) + Npcap SDK | ⚠️ driver-dependent |\n| **Windows (mingw)**| Npcap runtime + SDK + one rename trick (see below) | ⚠️ driver-dependent |\n\nThen:\n\n```bash\n# linux\nsudo apt install libpcap-dev\ncargo build --release --features \"\\\n airscope-airodump/live \\\n airscope-airmon/live \\\n airscope-aireplay/live \\\n airscope-airbase/live\"\nsudo ./target/release/airmon start wlan0 --channel 6\nsudo ./target/release/airodump -i wlan0\n```\n\n```powershell\n# windows (msvc)\n# 1. install Npcap runtime from https://npcap.com\n# (tick \"install in WinPcap API-compatible mode\")\n# 2. download the Npcap SDK zip and extract to C:\\npcap-sdk\n$env:LIB = \"C:\\npcap-sdk\\Lib\\x64;$env:LIB\"\ncargo build --release --features \"airscope-airodump/live airscope-aireplay/live airscope-airbase/live\"\n.\\target\\release\\airodump.exe -i \"Wi-Fi\"\n```\n\n```bash\n# windows (mingw / git-bash)\n# same Npcap runtime install, then:\ncp /c/npcap-sdk/Lib/x64/wpcap.lib /c/npcap-sdk/Lib/x64/libwpcap.a\n# the committed .cargo/config.toml already points rustflags at\n# C:/npcap-sdk/Lib/x64 — adjust if your SDK lives elsewhere\ncargo build --release --features \"airscope-airodump/live airscope-aireplay/live airscope-airbase/live\"\n./target/release/airodump.exe -i \"Wi-Fi\"\n```\n\nWhen the feature is not enabled, live-capture code paths return a\nlong, actionable error pointing at [`docs/INSTALL.md`](docs/INSTALL.md)\ninstead of a cryptic one — that's not a bug, it's how the default\nbuild stays portable.\n\n\u003e Full step-by-step (capabilities instead of sudo on Linux, macOS\n\u003e Sniffer mode, Windows driver notes, troubleshooting) is in\n\u003e [`docs/INSTALL.md`](docs/INSTALL.md).\n\n---\n\n## quick start\n\n```bash\n# clone and build\ngit clone https://github.com/aykutsp/airscope.git\ncd airscope\ncargo build --release\n\n# try it with the checked-in sample pcap - no radio required\n./target/release/airodump --no-tui --read samples/demo-01.pcap --duration 1 --rate 100\n\n# or the offline browser\n./target/release/airview samples/demo-01.pcap\n\n# or the launcher\n./target/release/airscope\n\n# find capture targets without touching the live backend\n./target/release/airodump --list-interfaces\n./target/release/airmon list --json\n```\n\n---\n\n## the tools at a glance\n\n| binary | one line | replaces | needs a radio? |\n|------------|-------------------------------------------------------|--------------------------|-----------------------------|\n| `airmon` | monitor-mode manager + interface inventory | `airmon-ng` | only for `start`/`stop` |\n| `airodump` | real-time 802.11 scanner with TUI + pcap replay | `airodump-ng` | live **or** `.pcap` replay |\n| `aireplay` | frame crafter + inspector + injector | `aireplay-ng` | only to inject on air |\n| `airbase` | beacon / soft-AP broadcaster | `airbase-ng` | only to transmit on air |\n| `airview` | offline pcap browser with 802.11 decoder | mini `tshark` / Wireshark | no |\n| `airscope` | unified launcher TUI across the five tools above | *(no equivalent)* | no |\n\nEvery tool is its own binary, so you can script them individually,\npipe them, package them, or drop the launcher without losing any\nfunctionality.\n\n---\n\n## the tools in detail\n\n### `airmon` — monitor-mode manager\n\nAirscope's equivalent of **airmon-ng**. Does three things:\n\n1. **lists every network interface** the OS reports, with a best-effort\n wireless/loopback/ethernet tag. Uses `if-addrs` under the hood so\n this works on Linux, macOS, and Windows *without* libpcap or Npcap.\n2. **switches a radio into monitor mode** (and back into managed mode)\n on Linux by wrapping `ip link` + `iw`. That's a deliberate scope\n choice: reimplementing those tools' driver-quirk handling would\n buy nothing.\n3. **reports the current mode** of an interface — a quick sanity\n check before you start a scanner.\n\n```bash\nairmon list # machine-friendly table\nairmon list --json # same info as JSON for scripting\nsudo airmon start wlan0 # drop into monitor mode\nsudo airmon start wlan0 -c 6 # ... and lock to channel 6\nairmon status wlan0 # what am I in right now?\nsudo airmon stop wlan0 # back to managed\n```\n\n**Different from `airmon-ng`:**\n- Single static Rust binary, no bash wrapper over `lsusb`/`lsmod`.\n- `list` works on every OS, always — even when the `live` feature\n is off and libpcap isn't installed.\n- Native `--json` output so you can pipe it into `jq`, Ansible, or\n a dashboard.\n- On Linux, queries both `if-addrs` *and* `/sys/class/net/\u003cdev\u003e/wireless`\n so cfg80211 cards show up with `kind=wifi` even when they're not\n currently up.\n\n---\n\n### `airodump` — the scanner\n\nThe showpiece of the suite. Drop-in mental model for **airodump-ng**,\nbut with a modern ratatui TUI, offline pcap replay as a first-class\nmode, a headless JSON output, and a pcap writer.\n\nTwo sources:\n- `-i \u003ciface\u003e` — live capture on a monitor-mode radio.\n- `-r \u003cfile.pcap\u003e` — replay any `.pcap` file at any speed.\n\nThree output modes:\n- **TUI** (default): banner, live counters (BCN/DATA/PRB/DEAU/BADFCS),\n AP table with real signal bars and the ENC column, and a station\n table that follows whichever AP you've highlighted.\n- **`--no-tui --format table`**: airodump-ng style one-shot snapshot,\n great for CI.\n- **`--no-tui --format json`**: machine-readable; pipe straight into\n `jq` or a dashboard backend.\n\n```bash\nairodump --list-interfaces # pick your capture target first\nsudo airodump -i wlan0 # live scan (Linux, monitor mode)\nairodump -r samples/demo-01.pcap # offline replay - works on any OS\nairodump -r demo.pcap --rate 10 # 10x playback speed\nairodump -i wlan0 --write out.pcap # record while you watch\nairodump -r demo.pcap --no-tui --format json | jq '.access_points[0]'\n```\n\n**Different from `airodump-ng`:**\n- **Modern TUI** with signal bars, sticky warnings, and a station\n pane that reacts to the currently-selected AP.\n- **Offline replay is a first-class mode.** You can demo, test, and\n teach the tool without a radio — `samples/demo-01.pcap` ships in\n the repo.\n- **Fuzzy interface matching**: on Windows you can pass `-i \"Wi-Fi\"`\n and airodump will resolve it to the correct `\\Device\\NPF_{GUID}`\n via pcap's description list. No more copying and pasting 36-char\n identifiers.\n- **Linktype-aware warnings**: if the backend hands us cooked\n Ethernet frames (the default on Windows without a monitor-mode\n driver), a yellow banner appears **inside the TUI** explaining\n exactly why the tables are empty and what to do.\n- **`--write` is byte-perfect libpcap.** The output file re-imports\n cleanly into airodump, airview, tshark, or Wireshark.\n- **`--format json`** ships native; no XML, no CSV round-trips.\n\n---\n\n### `aireplay` — the frame crafter + injector\n\nEquivalent to **aireplay-ng** in scope, but split into explicit\nsubcommands and **dry-run by default**. A one-liner produces a hex\ndump of the frame; injection only happens when you pass `--interface`.\nThat makes the tool safe to use in docs, CI, and classrooms without\nany risk of accidentally transmitting on a real radio.\n\nSubcommands:\n- `deauth` — build an 802.11 deauthentication frame targeting a\n specific client (or broadcast) under a given BSSID and reason code.\n- `probe` — build an 802.11 probe request for a given SSID (or a\n wildcard). Source MAC defaults to a random locally-administered one.\n- `inspect` — take a hex-encoded frame and print the decoded fields.\n Useful when you just got a dump from tshark and want to know what\n it is without loading Wireshark.\n\n```bash\n# dry-run: craft the frame, print it, don't transmit\naireplay deauth --client ff:ff:ff:ff:ff:ff --bssid AA:BB:CC:DD:EE:FF\n\n# actually transmit on a monitor-mode interface\nsudo aireplay -i wlan0 -c 10 --delay-ms 50 \\\n deauth --client 11:22:33:44:55:66 --bssid AA:BB:CC:DD:EE:FF\n\n# probe for a specific SSID\naireplay probe --ssid \"CoffeeShop_5G\"\n\n# decode a frame you got from somewhere else\naireplay inspect c0003a01ffffffffffffaabbccddeeffaabbccddeeff00000100\n```\n\n**Different from `aireplay-ng`:**\n- **Dry-run by default.** No surprises: nothing goes on the air\n unless you pass `--interface`.\n- **`inspect` is new.** aireplay-ng has no equivalent — for\n introspection you'd have to reach for Wireshark. Here, every\n subcommand has a symmetric decoder.\n- **Explicit subcommands** instead of flag-soup.\n- All reason codes are named Rust enums, so `--reason 7` is\n validated, not silently truncated.\n\n---\n\n### `airbase` — the beacon / soft-AP generator\n\nEquivalent to the `--essids` mode of **airbase-ng**: broadcast\nbeacons for one or many SSIDs at the standard 100 TU interval with\ndeterministic BSSIDs per SSID (same `--ssid` list → same frames\nevery run). Ideal for lab work, SSID tests, and client-behaviour\nexperiments.\n\n```bash\n# dry-run - build and print the frames, don't touch a radio\nairbase -s FreeWiFi -s CoffeeShop -c 6\n\n# actually transmit on Linux monitor mode\nsudo airbase -i wlan0mon -s FreeWiFi -s CoffeeShop -c 6\n\n# advertise as WEP (Privacy bit set in the capability field)\nsudo airbase -i wlan0mon -s Retro -c 1 --privacy\n\n# run for exactly 30 seconds then stop cleanly\nsudo airbase -i wlan0mon -s Lab -c 6 --duration 30\n```\n\n**Different from `airbase-ng`:**\n- **Deterministic BSSIDs.** A fixed `--ssid` list always produces\n the same BSSIDs, which makes regression tests and demo videos\n reproducible.\n- **Dry-run first.** Running without `-i` is fine; it prints the\n first crafted frame as hex and describes every SSID that would\n be broadcast.\n- **Ctrl-C / `--duration` are clean**: airbase prints the total\n frame count on exit so you know exactly what landed on the air.\n- **No full rogue-AP stack.** By design: `airbase` is a beacon\n generator, not a hostapd replacement. If you need DHCP + HTTP +\n a captive portal, wire airbase's beacons to a user-mode AP.\n\n---\n\n### `airview` — the offline pcap browser\n\nThink of this as a **mini Wireshark scoped to 802.11**. A single\nbinary that opens any `.pcap` / `.pcapng` file, walks the frames,\nand shows you a table + a decoded detail pane with a hex+ASCII dump.\nNo Qt, no Lua, no 200 MB install.\n\n```bash\nairview samples/demo-01.pcap # interactive TUI\nairview --dump samples/demo-01.pcap # text summary\nairview --filter beacon samples/demo-01.pcap # only beacons\nairview --filter deauth samples/wireshark-dump.pcap\n```\n\nSupported kind filters: `beacon`, `probe_req`, `probe_resp`, `probe`,\n`auth`, `deauth`, `assoc`, `data`, `ctrl`, `any`.\n\nIn the TUI:\n- `↑ / ↓` / `j / k` — walk through frames\n- `g` / `G` — jump to the first / last frame\n- `q` / `Esc` — quit\n\n**Different from `tshark` / Wireshark:**\n- Zero GUI dependency. Single static Rust binary you can drop on\n any host.\n- 802.11-aware by default: radiotap is stripped, management-frame\n IEs (SSID, DS param set, RSN, vendor WPA1) are decoded for the\n detail pane.\n- No dissector plugin system — if the decode isn't in `wifi/src/frame.rs`\n the field doesn't show up. That's the trade-off for a ~1 MB binary\n you can `scp` to an embedded box.\n\n---\n\n### `airscope` — the unified launcher\n\nThere's no aircrack-ng equivalent for this one. It's a small ratatui\npicker that lists the five tools above, shows each one's description\nand a canonical example invocation, and `exec`s the binary you\nselect. Nothing magic — if you don't want the launcher, every tool\nis still its own CLI.\n\n```bash\nairscope # pick a tool from the menu, press Enter\n```\n\nKeybindings: `↑/↓` to navigate, `Enter` or `Space` to launch, `q` to\nquit. The launcher leaves the alternate screen before spawning the\nchild so the child's TUI takes over cleanly.\n\n---\n\n## cross-platform matrix\n\n| feature | Linux | macOS | Windows |\n|--------------------------------|:-----:|:-----:|:-------:|\n| Build with `cargo build` | ✅ | ✅ | ✅ |\n| Pcap file replay (`airodump --read`) | ✅ | ✅ | ✅ |\n| Offline browser (`airview`) | ✅ | ✅ | ✅ |\n| Frame crafting (`aireplay` dry run) | ✅ | ✅ | ✅ |\n| `airscope` launcher TUI | ✅ | ✅ | ✅ |\n| Live capture (`--features live`) | ✅ | ⚠️ | ⚠️ |\n| Monitor mode toggle (`airmon start`) | ✅ | ❌ | ❌ |\n| Frame injection (`aireplay`, `airbase`) | ✅ | ❌ | ⚠️ |\n\nLegend — ✅ works out of the box · ⚠️ works with vendor-supplied capture\ndrivers (Npcap on Windows; monitor mode on macOS requires\n`Wireless Diagnostics` / SDK cards) · ❌ not supported by the OS\nkernel / driver stack.\n\nThe default build needs nothing beyond `rustc`. Live capture pulls in\n`libpcap` (Linux), `Npcap` (Windows), or the stock BPF device (macOS)\nbehind the opt-in `live` Cargo feature, so the basic tree still\nbuilds on a machine with no SDK installed.\n\n---\n\n## comparison with aircrack-ng\n\n| airscope binary | closest aircrack-ng tool | what airscope does differently |\n|-----------------|--------------------------|---------------------------------|\n| `airmon` | `airmon-ng` | Same mental model, but a single static binary. No shell-script wrapper over `lsusb`; interface discovery goes through `pcap::Device::list` so it agrees with what the rest of the suite sees. |\n| `airodump` | `airodump-ng` | Modern ratatui TUI with real signal bars and a station table that follows the highlighted AP. Offline pcap replay is a first-class mode, so you can demo, test, and teach the tool without a radio. Headless `--format json` pipes straight into jq / dashboards. `--write` round-trips to a standard libpcap file. |\n| `aireplay` | `aireplay-ng` | Split into `deauth`, `probe`, and `inspect` subcommands. Dry-run by default — frames are printed as hex and only transmitted when you pass `--interface`, which makes the tool safe to use in CI and docs. `inspect` parses a hex frame back into decoded fields, which aireplay-ng does not. |\n| `airbase` | `airbase-ng` | Pure honeypot-beacon generator with deterministic BSSIDs per SSID so the same `--ssid` list gives the same frames every run. Stops cleanly on Ctrl-C or `--duration`. |\n| `airview` | `tshark` / `wireshark` (for 802.11) | Ultra-lean offline pcap browser scoped to 802.11. Tagged IEs are decoded for management bodies; the detail pane is a real hex+ASCII dump. One binary, no Qt, no Lua. |\n| `airscope` | *(no equivalent)* | Unified launcher TUI that lists every tool, shows a description and an example invocation, and spawns the binary when you press `Enter`. |\n| | `aircrack-ng` | **Not implemented.** airscope is a visibility + analysis suite, not a key recovery tool. WEP / WPA-PSK cracking lives outside this project on purpose — see [`docs/SECURITY.md`](docs/SECURITY.md). |\n\n### what airscope brings on top of aircrack-ng\n\n- **Memory-safe end to end.** The 802.11 parser is hand-rolled in safe\n Rust. No `strcpy`, no manual buffer walks, and every frame test runs\n under the standard `cargo test` sanitisers.\n- **Pcap-first workflow.** Every tool can work on a `.pcap` file. You\n don't need a radio to learn the codebase, run the tests, or ship\n bug reports.\n- **Deterministic frame builders.** `wifi::builder::build_*` is pure\n CPU code, so unit tests can build a beacon, round-trip it through\n the parser, and assert on SSID / encryption without any I/O.\n- **Single-process TUI.** ratatui + crossterm mean the scanner and the\n launcher render the same on every platform, without ncurses\n quirks.\n- **Feature-gated native deps.** libpcap / Npcap are *optional*. The\n default build is portable; the power-user build pulls in the live\n backend with one extra flag.\n- **Designed for CI.** `--no-tui`, `--format json`, `--duration N`,\n `--read file.pcap` — every tool has a scriptable, terminal-free\n path so the whole suite runs as part of a test job.\n- **`airview` replaces a minimal wireshark.** For the 802.11\n workflows covered by airscope, `airview` is enough on its own — no\n need to install a 200 MB GUI.\n\n---\n\n## at the parser level\n\nThere are a lot of 802.11 parsing crates on crates.io. I chose to\nwrite one from scratch because:\n\n1. I wanted the frame format to be readable inside this repository,\n not through five layers of macros in a dependency.\n2. The hand-rolled code is ~500 lines of safe Rust. That's\n auditable in an afternoon.\n3. Keeping it in-tree means `cargo test` exercises the parser, the\n builders, and the pcap layer together — the round-trip tests\n catch regressions nobody would notice in isolation.\n\nWhat the parser understands today:\n\n- Frame control, To-DS / From-DS, all four address fields, sequence\n and fragment numbers.\n- Management subtypes: beacon, probe request, probe response, auth,\n deauth, (dis)association, action.\n- Fixed prelude for beacons / probe responses (timestamp, beacon\n interval, capabilities).\n- Tagged IEs: SSID (0), supported rates (1), DS parameter set (3),\n RSN (48), vendor-specific WPA1 (221).\n- RSN / WPA cipher suites: CCMP, GCMP, TKIP, WEP.\n- RSN AKMs: PSK, EAP, FT-PSK, FT-EAP, SAE, OWE.\n\nWhat it doesn't do *yet* (see [`docs/TODO.md`](docs/TODO.md)):\nHT/VHT/HE operation elements, full action-frame decoding, encrypted\npayload handling. These are additive, not structural changes.\n\n---\n\n## layout\n\n```\nairscope/\n├── core/ shared types: MAC, channel, encryption, errors, OUI\n├── wifi/ 802.11 parser, radiotap, frame builders, pcap wrapper\n├── ui/ shared ratatui widgets (theme, banner, signal bar)\n├── airmon/ monitor-mode manager binary\n├── airodump/ scanner binary\n├── aireplay/ crafter + injector binary\n├── airbase/ beacon / rogue AP binary\n├── airview/ offline pcap browser binary\n├── airscope/ unified launcher binary\n├── samples/ demo pcap + README\n└── docs/ architecture notes, security note, TODO\n```\n\nThe split is deliberately hand-shaped rather than nest-everything-in\n`apps/crates/`: each tool is a first-class directory you can `cd`\ninto and grep. Shared code lives next to the binaries that use it,\nnot two levels deeper.\n\nSee [`docs/ARCHITECTURE.md`](docs/ARCHITECTURE.md) for the data-flow\ndiagrams and the reasoning behind the `live` feature split.\n\n---\n\n## responsible use\n\nairscope lets you passively observe 802.11 traffic, craft management\nframes, and — on Linux with a supported card — transmit those frames\non a real radio. That last bit is what makes it a security tool, and\nit's what makes it something you should think about before you run it.\n\nRun it on networks you own, under engagements you're authorised to\nperform, or in an RF-isolated lab. airscope does not contain any key\nrecovery code, dictionary attacks, or EAPOL replay tooling — it's a\nvisibility suite. The deauth builder exists because deauth is also\nthe test harness you use when validating your own AP's roaming\nbehaviour. Full note in [`docs/SECURITY.md`](docs/SECURITY.md).\n\n---\n\n## development\n\nEvery common task is exposed through [`cargo xtask`][xtask] (no\nextra install) and through [`just`](https://just.systems/) as a\nshorter alias.\n\n```bash\n# the canonical \"is everything healthy\" check - same as CI\ncargo xtask ci # or: just ci\n\n# release builds for the host target\ncargo xtask dist # or: just dist\n\n# regenerate the sample pcap after a frame-builder change\ncargo xtask sample # or: just sample\n\n# emit shell completions into dist/completions/ (all shells)\ncargo xtask completions --shell all\n\n# emit man pages into dist/man/\ncargo xtask manpages\n\n# criterion benchmarks for the 802.11 parser\ncargo bench -p airscope-wifi # HTML report: target/criterion/report/\n\n# live capture on linux\nsudo apt install libpcap-dev\ncargo build --workspace --features \"airscope-airodump/live airscope-airmon/live\"\n```\n\n### what CI actually runs\n\n| job | matrix | purpose |\n|-----|--------|---------|\n| `cargo check / clippy / test (no live)` | ubuntu, macos, windows | fmt + `clippy -D warnings` + test + sample-pcap smoke test |\n| `linux + live capture feature` | ubuntu | `libpcap-dev` install + clippy + build with `--features live` |\n| `MSRV (1.88)` | ubuntu | guards the pinned minimum Rust version |\n| `benchmarks compile` | ubuntu | catches regressions in the criterion harness |\n| `cargo audit` | ubuntu | security advisory check on every push + weekly cron |\n| `cargo deny` | ubuntu | license + duplicate-version + source gate |\n\nEvery main-branch push must be green across all of those. Release\nartefacts (`.tar.gz` for Linux/macOS, `.zip` for Windows) are\npublished automatically when a `v*` tag is pushed.\n\n[xtask]: https://github.com/matklad/cargo-xtask\n\n---\n\n## license\n\n[MIT](LICENSE) © Aykut Supurtulu. Contributions welcome — open an\nissue before a large PR so we can agree on direction first.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Faykutsp%2Fairscope","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Faykutsp%2Fairscope","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Faykutsp%2Fairscope/lists"}