{"id":21990971,"url":"https://github.com/mh37/Argos","last_synced_at":"2025-07-23T00:31:42.537Z","repository":{"id":152841270,"uuid":"538850328","full_name":"mh37/Argos","owner":"mh37","description":"A passive WiFi tracking and profiling based on probe request frames.","archived":false,"fork":false,"pushed_at":"2022-12-10T10:07:49.000Z","size":7437,"stargazers_count":9,"open_issues_count":1,"forks_count":1,"subscribers_count":1,"default_branch":"Development","last_synced_at":"2024-11-29T20:02:54.478Z","etag":null,"topics":["linux","pentesting","probe-requests","python","reconnaissance","security","sniffing","tracking","wifi","wireless"],"latest_commit_sha":null,"homepage":"https://unit37.org/#Argos","language":"C","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/mh37.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2022-09-20T06:55:30.000Z","updated_at":"2024-11-24T20:48:05.000Z","dependencies_parsed_at":null,"dependency_job_id":"3da5f216-61a5-4fe0-a9f8-0a10a4468347","html_url":"https://github.com/mh37/Argos","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/mh37/Argos","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mh37%2FArgos","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mh37%2FArgos/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mh37%2FArgos/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mh37%2FArgos/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/mh37","download_url":"https://codeload.github.com/mh37/Argos/tar.gz/refs/heads/Development","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mh37%2FArgos/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":266596689,"owners_count":23953891,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-07-22T02:00:09.085Z","response_time":66,"last_error":null,"robots_txt_status":null,"robots_txt_updated_at":null,"robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["linux","pentesting","probe-requests","python","reconnaissance","security","sniffing","tracking","wifi","wireless"],"created_at":"2024-11-29T20:01:39.850Z","updated_at":"2025-07-23T00:31:42.519Z","avatar_url":"https://github.com/mh37.png","language":"C","funding_links":[],"categories":["C"],"sub_categories":[],"readme":"# Argos\n\nThis tool serves the purpose to showcase the amount of data a Wi-Fi enabled device might reveal about the user. It does so by capturing probe request frames, extracting the SSID value, send it to Wigle to retrieve geographic information of the SSID location, and then show it on a Map with the help of the Google Maps API.\n\nIn short this tool utilizes passive WiFi tracking and profiling based on probe request frames. You can choose to save captured data, but depending on your local laws this might be infringing on data privacy laws.\n\n## Arguments / Parameters\n\nThe tool currently supports the following arguments:\n\nNetwork Interface: ```-i```\nWrite data to a certain location: ```-w```\nLimit signal strength range: ```-lss```\n\nAs example, the following command will run the tool on NIC wlan1 and only capture probe requests that have a signal strength of -50 or higher.\n\n```sudo python3 ./argos.py -i wlan1 -lss '-50'```\n\nIt is important to use the lss parameter if you want to limit the range of what you are scanning. This may be crucial depending on your environment and legal restrictions. \n\n## Ethics\n\nThis tool was only used in controlled environments under strict ethic guidelines, and with the explicit permission of the device owners and the owner of the physical facility and infrastructure. All report data and test results which are published here have been anonymized. While the tool itself works of passive data, it easy to violate privacy and data protection laws by capturing something that wasn't inteded to be captured. Any usage of this tool should be limited to controlled environments and with extensive permissions of all involved parties.\n\n## Screenshots\n\nBelow you can an example of the tool in action. We are filtering here by signal strenght to cherry pick a target out of a location with many devices.\n\nIn this example, we managed to isolate three devices (MAC addresses) that have an identical signal strenght, and map the captured SSIDs through Wigle to a residential address, a cafe, and a local university. The rest could't be assigned to coordinates but is still of high value information. As example the device that pinged for the before mentioned locations was also sending a probe request for an SSID that was called IPhone (First Name of the person). Now we know that the person is using an IPhone, what their name and address is, where they might buy their coffee, and where they go to school.\n\n![Web UI](https://github.com/mh37/Argos/blob/Development/Reports/Pictures/argos-webUI.png?raw=true)\n\n## Hardware Used\n\n- An old laptop with Kali Linux\n  - Or a Raspberry Pi for more long term or low profile recording.\n- Alfa AC1900 WiFi Adapter (highly recommended for optimal performance)\n  - Also works on some Intel AC WiFi cards which are common on modern laptops but your milage may vary. It worked when I tested it on a Intel AC 9560\n  - I heard that with a modified driver you can also run the wireless NIC of some Raspberry Pi models in monitoring mode. But I did not test this.\n\n![Web UI](https://github.com/mh37/Argos/blob/Development/Reports/Pictures/setup.jpg?raw=true)\n\n## Requirements\n\n- Python3\n- Python Modules\n  - Scapy-python3\n  - Tornado\n- Airmon-ng\n- Wi-Fi Card that supports monitor mode\n  - Realtek RTL8814AU Driver\n\n## Core Functionality\n\n- Web Interface (so we can access the tool even if we are not near our monitoring device)\n- Scan for probe requests\n- Ignore duplicate requests\n- Mapping of vendor names based on MAC addresses\n- Utilize Blacklist and Whitelist for SSIDs\n- Obtain coordinates based on SSID names\n- Show SSID location as markers on Google Maps\n- Dynamic filtering of output data (Signal strength, SSID, MAC, Vendor)\n- Manual limiting of signal strength to reduce scope of the scanning\n- Saving of recorded data (WARNING: This may be illegal in your country)\n\n## Limitations\n\n- Vendor List is lacking\n- some devices are a lot more careful with their probe requests\n- MAC randomization make it a lot harder to fingerprint devices, especially for long term tracking. Nevertheless, it doesn't make it impossible. For more information check out [Why MAC Address Randomization is not Enough:\n  An Analysis of Wi-Fi Network Discovery Mechanisms](https://papers.mathyvanhoef.com/asiaccs2016.pdf)\n\n## API integrations\n\nCurrently, the script is dependent on two API integrations. One is Wigle, a war-driving database which is used to obtain coordinates of SSIDs. The other one is Google Maps to visualize the coordinates obtained by Wigle as map markers.\n\nOne big drawback here is that the free tier of the Wigle API access has a very limited amount of calls per day, which can be an issue if you need to send a lot of requests. You might want to utilize a different API for more intensive use, but as a proof of concept Wigle will do just fine.\n\n## Probe Requests\n\nProbe requests that we capture contain the signal strength (RSSI), MAC-Address of the client and the SSID name the client is probing for. We can use the first part of the MAC address to also match this with a vendor.\n\nAccording to IEEE 802.11-2012 the probe request frame body can contain the data listed below. This standard is outdated, but I do not have access to IEEE 802.11-2020 which is the newest specification. If you do you should find the information on page 843, and I gladly update it here if you can send it to me.\n\n### Mandatory\n\n- SSID\n- Supported rates\n\n### Optional\n\n- Extended supported rates\n- Request information\n- DSS parameter set\n- Supported Operating classes\n- HT capabilities\n- 20/40 BSS coexistence\n- Extended capabilities\n- SSID list\n- Channel Usage\n- Interworking\n- Mesh ID\n\nMost of these values are optional and require specific flags to be true on the client side to be included in the probe request. As example the SSID List property will require dot11MgmtOptionSSIDListActivated to be set to true. So most of the time you will not encounter such information.\n\n## Pending Features and Improvements\n\n- Device fingerprinting with the help of machine learning\n- Support multiple APIs for SSID coordinates\n- Support multiple Map APIs\n\n## FAQ and Troubleshooting\n\n### Driver issues\n\nMake sure your driver installation is correct. Incorrect installations or driver versions can cause multiple issues in terms of functionality. Make sure that the driver supports monitoring mode and other advanced features that you require.\n\nIn my case I use [this one](https://gitlab.com/kalilinux/packages/realtek-rtl8814au-dkms) you can also find a copy of it in this repository in case that this link goes down. Depending on your distro and if you face issues you can also try the driver from [aircrack-ng](https://github.com/aircrack-ng/rtl8812au)\n\n### The web interface or the map feature doesn't work\n\nCheck that the config file has the correct parameters and API keys Wigle and Google Maps\n\n## Credits\n\nThe list with MAC addresses and vendor identities is a direct copy of this [Vendor List](https://gist.github.com/aallan/b4bb86db86079509e6159810ae9bd3e4)\n\nThe initial base of this project was forked from [WifiProbeMapper](https://github.com/smythtech/WifiProbeMapperhttps:/).\n\nWARNING: The storage of MAC addresses is illegal in most countries and may violate your local data privacy laws. Check your local laws first.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmh37%2FArgos","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmh37%2FArgos","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmh37%2FArgos/lists"}