{"id":21526189,"url":"https://github.com/esser50k/eviltwinframework","last_synced_at":"2025-04-06T20:13:07.206Z","repository":{"id":46044668,"uuid":"70102994","full_name":"Esser50K/EvilTwinFramework","owner":"Esser50K","description":"A framework for pentesters that facilitates evil twin attacks as well as exploiting other wifi vulnerabilities","archived":false,"fork":false,"pushed_at":"2024-08-01T17:30:34.000Z","size":36537,"stargazers_count":258,"open_issues_count":7,"forks_count":53,"subscribers_count":19,"default_branch":"master","last_synced_at":"2024-08-03T04:05:12.841Z","etag":null,"topics":["evil-twin","framework","hacking","pentesters","security","toolkit"],"latest_commit_sha":null,"homepage":null,"language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Esser50K.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE.md","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2016-10-05T22:03:36.000Z","updated_at":"2024-08-01T17:30:38.000Z","dependencies_parsed_at":"2024-11-03T03:32:28.731Z","dependency_job_id":"809f5725-c931-40fe-89a4-031a5b38b302","html_url":"https://github.com/Esser50K/EvilTwinFramework","commit_stats":null,"previous_names":["esser420/eviltwinframework"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Esser50K%2FEvilTwinFramework","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Esser50K%2FEvilTwinFramework/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Esser50K%2FEvilTwinFramework/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Esser50K%2FEvilTwinFramework/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Esser50K","download_url":"https://codeload.github.com/Esser50K/EvilTwinFramework/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247543593,"owners_count":20955865,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["evil-twin","framework","hacking","pentesters","security","toolkit"],"created_at":"2024-11-24T01:42:39.877Z","updated_at":"2025-04-06T20:13:07.179Z","avatar_url":"https://github.com/Esser50K.png","language":"Python","readme":"# EvilTwinFramework\nA framework for pentesters that facilitates evil twin attacks as well as exploiting other wifi vulnerabilities\n\nIt uses \u003cb\u003ehostapd-wpe\u003c/b\u003e to create the access point, so it is highly configurable.\n\nIt uses \u003cb\u003ednsmasq\u003c/b\u003e to run the dhcp and dns services.\n\nIt uses \u003cb\u003eapache\u003c/b\u003e with help of dnsmasq to launch spoofed webpages as well as captive portals!\n\nPacket sending and receiving is all done via \u003cb\u003eScapy!\u003c/b\u003e\n\n# Youtube Tutorials\n\nI did a couple of video tutorials on the framework. Some basic use cases and a couple of actual demos.\n\nTutorial Playlist: https://www.youtube.com/watch?v=3HE4aVFF2Dc\u0026list=PLwkyhOBmFMuo9sTQeVSh8IxDjtwsbYlQk\n\nNew Youtube channel with more engineering endeavors: https://www.youtube.com/@esser50k\n\n# Motivation\n\nThe \u003cb\u003eEvil Twin Framework\u003c/b\u003e is meant to replace all existing Wi-Fi hacking tools by integrating all features necessary for Wi-Fi penetration testing in one framework. The 3 core features needed are:\n\n\u003cb\u003ePacket Sniffing\u003c/b\u003e\n\n\u003cb\u003ePacket Injection\u003c/b\u003e\n\n\u003cb\u003eAccess Point Creation\u003c/b\u003e\n\nAll Wi-Fi attacks can be implemented with one or a combination of these core features. By having this platform it will always be possible to contribute with new Wi-Fi attacks that depend on these features.\n\n# Features\n\n\u003cb\u003eAll Forms of Evil Twin AP\u003c/b\u003e\n\nThe Evil Twin Framework, with the help of hostapd can mimick any type of Wi-Fi Network. And by using the hostapd-wpe patch it is easy to get WPA-EAP credentials.\n\nOne can configure it as a catch-all honeypot to find out the encryption type of a network that was probed for.\n\nOne can even create a karma attack and mimick many networks with different ssids on the same Wi-Fi card (as long as it supports ap-mesh mode). This can be done manually, if you want different encryption types for different networks, or automatically. The automation works by sniffing for popular probe requests and then creating the most popular one according to how many virtual access points you Wi-Fi card supports.\n\n\u003cb\u003eHandshake and Credential Logging\u003c/b\u003e\n\nAs said before, with the help of hostapd-wpe WPA-EAP credential sniffing is easy!\n\nYou can also spoof DNS with dnsmasq and even create captive-portals to force browsers to your webpage!\n\nYou can sniff for WPA-Handshakes and even Half-WPA-Handshakes for ap-less password cracking!\n\n\u003cb\u003eIntegrated Man-In-The-Middle\u003c/b\u003e\n\nAn Evil-Twin is nothing without a proper MITM arsenal!\n\nThe framework uses the mitmproxy library (https://mitmproxy.org/) to create a local proxy capable of custom Level3 packet manipulation! Some fun ones have already been implemented such as beef hook injection into someones webpage, download content replacement with other files (idea stolen from the Wi-Fi Pumpkin Project: https://github.com/P0cL4bs/WiFi-Pumpkin/). And my favorite: .exe file infection with PEInjector. PEInjector does a great job by seemlessly injecting a payload into an exe file without changing its size while at the same time obfuscating the payload to pass AV software.\n\nYou can easily contribute and/or make your own custom MITM packet manipulation and add it to the framework. More information will be in the wiki.\n\n\u003cb\u003eWi-Fi Reconossaince\u003c/b\u003e\n\nThe framework is able to sniff for access points, probe requests and responses and associating them to Wi-Fi clients. You can also log all of this information.\n\n\u003cb\u003ePacket Injection\u003c/b\u003e\n\nPacket Sniffing and Injection is all done via Scapy. This makes it possible to contribute with any feature that involves packet sniffing and custom packet assembly and injection.\n\nFor now the only packet injection feature is deauthentication packets since it is a nice thing to have when trying to catch WPA-Handshakes.\n\n\u003cb\u003eSpawners\u003c/b\u003e\n\nSpawners are a great and easy way to use your custom tools in conjunction with the framework. Some tools have already been added since they make a lot of sense: Ettercap, Beef, MITMFramework and SSLStrip.\n\nYou can easily add your own, more information will be in the wiki.\n\n# Installation\n\nClone the project and run the setup file:\n\n\u003e ./setup\n\nOne of the MITM Plugins relies on peinjector service, this has to be installed manually following the instructions of the project.\n\n\u003e https://github.com/JonDoNym/peinjector\n\n# Usage\n\nFirst enter the ETF Console interface as root:\n\n\u003e ./etfconsole\n\nFor now there only is a console interface that is very easy to use and has tab completion!\nThe whole thing will work according to the etf.conf file.\nYou can view and change all configurations via de console, just type:\n\n\u003e config \\\u003cpress double tab\u003e\n\nto list the modules available for configuration.\nWhile working on the console type:\n\n\u003e listargs\n\nto view the available parameters (here you can check if configurations are OK), then type:\n\n\u003e set \\\u003cparameter\u003e \\\u003cvalue\u003e\n\nto change it.\n\nIf a parameter is (dict) it means it is another configurable module within.\n\nTo start an access point make sure you have it configured correctly, type:\n\n\u003e config airhost\n\ncheck if everything is OK (use listargs)\n\n\u003e config aplauncher\n\ncheck if everything is OK (use listargs)\n\n\u003e config dnsmasqhandler\n\ncheck if everything is OK and start the access point\n\n\u003e start airhost\n\nYou can also configure an access point by copying one that is nearby.\nStart scanning:\n\n\u003e config airscanner\n\ncheck if everything is OK (use listargs)\n\n\u003e start airscanner\n\n... wait ...\n\n\u003e show sniffed_aps\n\nThis lists the sniffed access points with their ids\n\n\u003e copy ap \\\u003cid\u003e\n\nOR\n\n\u003e show sniffed_probes\n\n\u003e copy probe \\\u003cid\u003e\n\nThen start the fake access point\n\n\u003e start airhost\n\n\nYou can deauthenticate others from their network while running the acces point.\nTo add access points or clients to be deauthenticated type:\n\n\u003e show sniffed_aps\n\n\u003e add aps \\\u003cfilter_string\u003e\n\nThe filter_string follows an easy syntax, it goes:\n\n\\\u003cfilter_keyword\u003e \\\u003cfilter_args\u003e\n\nThe args can be any of the column names listed in the table.\nThe filter keywords are 'where' for inclusive filtering or 'only' for exclusive filtering, examples:\n\nThis will add the access point whose id is 5 to the deauthentication list (this is adding a single and specific AP):\n\n\u003e add aps where id = 5\n\nThis will add the access point whose ssid is 'StarbucksWifi' to the deauthentication list:\n\n\u003e add aps where ssid = StarbucksWifi\n\nThis will add the access point whose encryption type has 'wpa' OR 'opn' to the deauthentication list:\n\n\u003e add aps where crypto = wpa, crypto = opn\n\nThis will add the access point whose ssid id 'freewifi' AND is on channel 6 to the deauthentication list:\n\n\u003e add aps only ssid = freewifi, channel = 6\n\nYou can use the same interface for injecting packets while running the fake access point.\nYou can check and set configurations with:\n\n\u003e config airinjector\n\n\u003e listargs\n\nAfter all that run the Injector (which by default performs Deauthentication attack):\n\n\u003e start airinjector\n\nSame can be done when deleting from the deauth list with the 'del' command.\nThe 'show' command can also be followed by a filter string\n\n\nContributors can program Plugins in python either for the airscanner or airhost or airdeauthor.\nContributors can also code MITM scripts for mitmproxy.\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fesser50k%2Feviltwinframework","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fesser50k%2Feviltwinframework","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fesser50k%2Feviltwinframework/lists"}