{"id":13587696,"url":"https://github.com/phenotypic/ProbeOSX","last_synced_at":"2025-04-07T22:31:29.765Z","repository":{"id":143800947,"uuid":"142938075","full_name":"phenotypic/ProbeOSX","owner":"phenotypic","description":"Capture and interpret probe requests with macOS","archived":false,"fork":false,"pushed_at":"2022-02-21T14:46:09.000Z","size":279,"stargazers_count":10,"open_issues_count":0,"forks_count":4,"subscribers_count":1,"default_branch":"master","last_synced_at":"2024-05-01T21:34:17.137Z","etag":null,"topics":["bash","interpreter","macos","macosx","osx","privacy-tools","probe-requests","security-tools","shell","tool","ui","wifi","wifi-security"],"latest_commit_sha":null,"homepage":"","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/phenotypic.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null}},"created_at":"2018-07-30T23:26:40.000Z","updated_at":"2023-04-20T20:36:32.000Z","dependencies_parsed_at":null,"dependency_job_id":"a4ed7a37-3f82-49d0-ad66-2b129bdf6b36","html_url":"https://github.com/phenotypic/ProbeOSX","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/phenotypic%2FProbeOSX","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/phenotypic%2FProbeOSX/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/phenotypic%2FProbeOSX/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/phenotypic%2FProbeOSX/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/phenotypic","download_url":"https://codeload.github.com/phenotypic/ProbeOSX/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247740822,"owners_count":20988275,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["bash","interpreter","macos","macosx","osx","privacy-tools","probe-requests","security-tools","shell","tool","ui","wifi","wifi-security"],"created_at":"2024-08-01T15:06:19.349Z","updated_at":"2025-04-07T22:31:29.168Z","avatar_url":"https://github.com/phenotypic.png","language":"Shell","funding_links":[],"categories":["Shell"],"sub_categories":[],"readme":"# ProbeOSX\n\nProbeOSX allows macOS users to sniff for [probe requests](https://medium.com/@brannondorsey/wi-fi-is-broken-3f6054210fa5) and obtain plain text information like MAC addresses and previously connected networks.\n\nThis information could allow an attacker to maliciously clone a network and trick devices into connecting, thereby routing all traffic through the attacker. [This](https://www.youtube.com/watch?v=Z8RHMUSYTiA\u0026frags=pl%2Cwn) video shows how a Linux user may do this using a similar tool.\n\n## Usage\n\nDownload with:\n```\ngit clone https://github.com/phenotypic/ProbeOSX.git\n```\n\nRun from same directory with:\n```\nbash ProbeOSX.sh\n```\n\nThe script is fairly easy to use, simply run it using the command above. Here are some flags you can add:\n\n| Flag | Description |\n| --- | --- |\n| `-h` | Help: Display all availabe flags |\n| `-v` | Verbose: Show **ALL** probe requests, even those from the same MAC address asking for the same network. Not recommended |\n| `-na` | No analysis: Mutes the analysis feature at the end of a scan |\n| `-i \u003cinterface\u003e` | Interface: Manually set Wi-Fi interface (script should normally auto-detect the correct interface) |\n\n### Notes\n\nThe script will only run if there is a MAC address lookup table in its directory called `mac-vendor.txt`. A file is included in the repository so it shouldn't be a problem. However, if you would like to use a custom lookup table, make sure it follows this format:\n\n```\n\u003cVENDORID\u003e\t\u003cVENDORNAME\u003e\n00000E\tFujitsu\nFCE998\tApple, Inc.\n...\n```\n\n**When you want to stop**, simply press `control` + `c`.\n\n### Interpreting the output\n\nThe table below contains a short description of all of the data outputted by the script:\n\n| Name | Description |\n| --- | --- |\n| `Time` | The time the probe request was sent (in Hours:Minutes:Seconds). |\n| `Signal` | This is the signal strength of the probe request when received by your computer in dBm. The closer the value is to 0, the stronger the signal. |\n| `MAC address` | Address unique to every device with Wi-Fi capability, may be used to fingerprint a device (can be spoofed). |\n| `Target Network` | This is the name (SSID) of network which the device has requested to connect to. |\n| `Vendor` | This is the manufacturer of whichever device has made the request; determined by the first 6 characters of the MAC. |\n\nIf you have enabled verbose output (`-v`) or have intercepted multiple probe requests from one MAC address asking for multiple networks and haven't suppressed the analysis with `-na`, then you will recieve an analysis following the scan which will show the multiple networks that each MAC address has requested.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fphenotypic%2FProbeOSX","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fphenotypic%2FProbeOSX","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fphenotypic%2FProbeOSX/lists"}