{"id":13826716,"url":"https://github.com/gisdev01/security-ssid-abi","last_synced_at":"2025-07-09T01:31:13.810Z","repository":{"id":17723370,"uuid":"82582262","full_name":"GISDev01/security-ssid-abi","owner":"GISDev01","description":"Sniff wifi probes from nearby devices (passive monitoring only) and logs to a Django App/DB (with GUI) and also into an InfluxDB time-series database (Using pcap or airmon-ng)","archived":false,"fork":false,"pushed_at":"2022-11-20T16:05:27.000Z","size":18218,"stargazers_count":29,"open_issues_count":0,"forks_count":5,"subscribers_count":8,"default_branch":"main","last_synced_at":"2024-08-05T09:15:39.424Z","etag":null,"topics":["arp","django","influxdb","nearby-devices","passive","pcap","python","python3","scapy","ssid","wifi","wifi-interface","wigle"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/GISDev01.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"security_ssid/__init__.py","support":null}},"created_at":"2017-02-20T17:07:44.000Z","updated_at":"2024-07-09T18:08:05.000Z","dependencies_parsed_at":"2022-08-27T02:49:53.209Z","dependency_job_id":null,"html_url":"https://github.com/GISDev01/security-ssid-abi","commit_stats":null,"previous_names":[],"tags_count":1,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/GISDev01%2Fsecurity-ssid-abi","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/GISDev01%2Fsecurity-ssid-abi/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/GISDev01%2Fsecurity-ssid-abi/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/GISDev01%2Fsecurity-ssid-abi/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/GISDev01","download_url":"https://codeload.github.com/GISDev01/security-ssid-abi/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":225476383,"owners_count":17480215,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["arp","django","influxdb","nearby-devices","passive","pcap","python","python3","scapy","ssid","wifi","wifi-interface","wigle"],"created_at":"2024-08-04T09:01:43.099Z","updated_at":"2024-11-20T05:31:01.368Z","avatar_url":"https://github.com/GISDev01.png","language":"Python","funding_links":[],"categories":["\u003ca id=\"7bf0f5839fb2827fdc1b93ae6ac7f53d\"\u003e\u003c/a\u003e工具"],"sub_categories":["\u003ca id=\"32739127f0c38d61b14448c66a797098\"\u003e\u003c/a\u003e嗅探\u0026\u0026Sniff"],"readme":"Security SSID ABI (SSID WiFi Listener)\n==========\n\nUsing a monitor-mode 2.4Ghz receiver, this Django app displays data that is catalogued from passively sniffing on SSID probes, ARPs, and MDNS (Bonjour) packets that are being broadcast by nearby wireless devices.\n\nSome devices transmit ARPs, which sometimes contain MAC addresses (BSSIDs) of previously joined WiFi networks, as described in [[1]][ars].  This system captures these ARPs and displays them.\n\nComponents\n----------\n\n2 major components and further python modules:\n\n* main.py uses [Scapy](http://www.secdev.org/projects/scapy/) to extract data from a live capture (via airmon-ng) or pcap file, and inserts this data into 2 databases: Client Summary and Access Point summary data is loaded into a SQLite or Postgres DB (managed by Django), which is the data that is displayed in the Django web app.\n\n Beyond the summary Client Data, all 802.11 (aka Dot11) packet summaries are loaded into a second database: InfluxDB 1.8.\n\n* A Django web app provides an interface to view and analyse the data.\nThis includes views of:\n\n1. All detected devices and the SSIDs / BSSIDs each has probed\n1. A view by network\n1. A view showing a breakdown of the most popular device manufacturers, based on client MAC address Ethernet OUIs\n\n* ./location_utils/wloc.py provides a _QueryBSSID()_ function which looks up a given BSSID (AP MAC address) on Apple's WiFi location service. It will return the coordinates of the MAC queried for and usually an additional 400 nearby BSSIDs and their coordinates.\n\n* ./location_utils/wigle_lib.py provides a _getLocation()_ function for querying a given SSID on the wigle.net database and returns GPS coordinates. Note: It must be configured with a valid username and password set in the settings.py file. Please respect the wigle.net ToS in using this module. This project-specific library has been created to work with the new Wigle API (V2: https://api.wigle.net/swagger#/Network_search_and_information_tools). Big thanks to the Wigle team for their great support and allowing this project to use their data.\n\n*** Instructions\n------------\nInstall Anaconda 3 for Linux: https://www.anaconda.com/products/individual#linux\n\n```\ngit clone git@github.com:GISDev01/security-ssid-abi.git\ncd security-ssid-abi\nconda env create -f environment.yml\nsource activate securityssidabi38\n\n# Initialize the initial Django DB\n./manage.py migrate --run-syncdb \n./manage.py createsuperuser\n# Create creds to log in to the /admin Web GUI endpoint)\n\n# Start the web interface by running \n# (change 127.0.0.1 to any IP for the Django web server to listen on)\n./manage.py runserver 127.0.0.1:8000\n\n```\n\n# To sniff traffic\n```\nsudo apt install aircrack-ng -y \u0026\u0026 sudo apt install git -y \u0026\u0026 sudo apt install libpq-dev\n# We can only run the sniffer as root, because it opens a raw socket (via scapy sniff)\nsudo -i\n```\n\nBring up a wifi interface in monitor mode (usually mon0) so that airodump-ng shows traffic.\n\n`sudo airmon-ng check kill`\n\nNote: check what the connected wireless NIC device is named using iwconfig\n\n`iwconfig`\n\nMake sure the USB wireless NIC, such as an Alfa AWUS036 is passed-through to the VM\nExample value is: wlx00c0ca4f55b9 (or it could be something like wlan0)\n\n`sudo airmon-ng start wlx00c0ca4f55b9`\n\n- Sometimes the OS and Wireless card like to act up and display a message like: \"SIOCSIFFLAGS: Operation not possible due to RF-kill\". In that case, this can help:\n`sudo rfkill unblock wifi; sudo rfkill unblock all`\n\n4. Optional (set to false by default in setting.py). Get InfluxDB up and running, and update the .\\security_ssid\\settings.py with the correct IP or hostname of the InfluxDB box.\n\nNote: Fastest way to get it up and running for development is with Docker:\n\n`docker run -p 8086:8086 influxdb:1.8.0`\n\n5. Start live sniffing with:\n\n `./run.sh -i mon0`\n\n (Note: the -i param here is to identify the interface name that airmon-ng is monitoring packets with, default value is actually mon0)\n\n\nOptional: To solicit ARPs from iOS devices, set up an access point with DHCP disabled (e.g. using airbase-ng) and configure your sniffing interface to the same channel.\nOnce associated, iOS devices will send up to three ARPs destined for the MAC address of the DHCP server on previously joined networks. On typical home WiFi routers, the DHCP server MAC address is the same as the WiFi interface MAC address, which can be used for accurate geolocation.\n\nOptional: For debugging code locally, a .pcap (in this case, .cap) file can be generated with (as root or with sudo):\n\n`airodump-ng -w sample-data --output-format pcap mon0`\n\nThen you can run with (assuming sample-data.cap is in the root of this repo):\n\n`./run.sh -r sample-data.cap`\n\nTo run Postgres in Docker for testing, as an alternative to sqlite\n```\ndocker run -d -p 5432:5432 --name postgres95 -e POSTGRES_PASSWORD=postgres postgres:9.5\n```\nIf needed, get in to the box with:\n\n`docker exec -it postgres95 bash`\n\n`psql -U postgres`\n\n\nDependencies\n------------------------------------------------------------------------------------------------------------\nSee requirements.txt for python modules and versions required.\nExternally, this application writes out to an InfluxDB data store (in addition to the local Django DB (sqlite)).\n\nThis repo has been recently developed on a Ubuntu 16.04 (64-bit) VM with Python 3.8, Django 4.x and Scapy 2.4.x. \nThe web interface code has been updated and tested with Django running on Mac OS X Sierra with Python 3.8.\n\nNetwork sniffing via airmon-ng has been tested on a Ubuntu 16.04 VM and Raspian (RasPi 3).\n\nCredits\n------------------------------------------------------------------------------------------------------------\n------------------------------------------------------------------------------------------------------------\nThis repo was originally written by @hubert3 / hubert(at)pentest.com. Presented at Blackhat USA July 2012, the original code published on Github 2012-08-31.\nThe implementation of wloc.py is based on work by François-Xavier Aguessy and Côme Demoustier [[2]][paper].\nMark Wuergler of Immunity, Inc. provided helpful information through mailing list posts and Twitter replies.\nIncludes Bluff JS chart library by James Coglan.\n1. http://arstechnica.com/apple/2012/03/anatomy-of-an-iphone-leak/\n2. http://fxaguessy.fr/rapport-pfe-interception-ssl-analyse-donnees-localisation-smartphones/\n[ars]: http://arstechnica.com/apple/2012/03/anatomy-of-an-iphone-leak/\n[paper]: http://fxaguessy.fr/rapport-pfe-interception-ssl-analyse-donnees-localisation-smartphones/\n\n(gisdev01) Starting in mid-2017 and then again in 2020, several updates and upgrades have been completed, including addition of InfluxDB functionality, summary functionality, Raspberry Pi support, and several front-end updates.\n\n\n\n```\nconda install Django\nconda install matplotlib\nconda install -c conda-forge influxdb\nconda install -c conda-forge netaddr\nconda install -c conda-forge google-api-core\n\n# Not available in any conda channels\npip install django-picklefield\n\nconda env export \u003e environment.yml\nconda env create -f environment.yml\n\n\n\n\n```","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgisdev01%2Fsecurity-ssid-abi","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fgisdev01%2Fsecurity-ssid-abi","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgisdev01%2Fsecurity-ssid-abi/lists"}