Data

Tools

Indexes

Applications

Experiments

Awesome

An open API service indexing awesome lists of open source software.

https://github.com/ANDRVV/gapcast

📡 802.11 broadcast analyzer & injector
https://github.com/ANDRVV/gapcast

audit evil-twin ieee80211 injection radar security security-tools sniffer suite wifi wifi-hacking wifi-security wpa wpa2 wpa3 wpe

Last synced: 8 days ago
JSON representation

📡 802.11 broadcast analyzer & injector

Awesome Lists containing this project

README 

          







    Gapcast logo

    




Ask me | Wiki | Upcoming




An IEEE 802.11 packet injector and analyzer software📡


Use it with -radar!






[![Go](https://github.com/ANDRVV/gapcast/actions/workflows/go.yml/badge.svg)](https://github.com/ANDRVV/gapcast/actions/workflows/go.yml) [![CodeQL](https://github.com/ANDRVV/gapcast/actions/workflows/codeql.yml/badge.svg)](https://github.com/ANDRVV/gapcast/actions/workflows/codeql.yml) 



[![Codacy Security Scan](https://github.com/ANDRVV/gapcast/actions/workflows/codacy.yml/badge.svg)](https://github.com/ANDRVV/gapcast/actions/workflows/codacy.yml)




How to install & run Gapcast


‼️Check dependencies‼️


🔧For GNU/Linux:





```bash

git clone https://github.com/ANDRVV/gapcast.git

cd gapcast

go build -buildvcs=false

./gapcast -i 

```



❄️Or, you can install Gapcast from Nix-Os Packages



![](https://github.com/ANDRVV/gapcast/blob/main/images/gapcast-scan.png?raw=true)



💉Injection Table



Table Injection Example

The Injection table is a table where you can insert data and perform an attack or injection.



Advantages:


    

        
  • You don't need to specify the channel.
    • 

        
  • You don't need to specify the BSSID.
    • 

        
  • Multiple synchronized attacks.
    • 

        
  • Quick and easy attack initialization.
    • 

        
  • Interface with attack information.
    • 



For more info click here.






🕵️‍♂️Deep Scanning



Single deep scanning Example

The Single Deep Scanning feature focuses on a single target, splitting the scan into three phases. By using the BSSID alone, you can obtain a wide range of information.


Step 1: detect the channel of the AP or STA.


Step 2: collects the packets that are exchanged.


Step 3: arrange the data and calculate the distance based on different antennas.


For more info click here.


🚀Soon be updated! It will give more stuff!






🌐Evil-Twin with Captive Portal



Evil Twin Example

By utilizing the INJ Table, you can initiate Evil Twin mode. After selecting the appropriate parameters, the attack will commence. One adapter, if available, will deauthenticate the victim's AP, while the second adapter will establish a rogue AP equipped with a Captive Portal system. This setup allows for the collection of credentials if the LogIn page templates are configured.



For more info click here.






📶Monitor mode handler



For each driver there is a correct sequence of commands to start the network card correctly in monitor mode. Drivers supported by gapcast can also have a txpower modification, bug fixing etc. If the driver is not supported, it will start monitor mode directly with airmon-ng.


Supported drivers:


    

        
  • 

    RTL88XXAU mon+txpower
    • 

        
  • 

    R8187 mon+bugfix
    • 

        
  • 

    RTL8812CU mon
    • 

        
  • 

    RTL8821CU mon
    • 




> [!IMPORTANT]

> 

> If your driver is not supported or if you would like to boot into monitor mode with your changes, just do so before starting gapcast. **If gapcast recognizes that the interface has already set monitor mode, it will not make any changes or even try to restart monitor mode**.



📈Parameter techniques



SCAN-ALL-FOR-LONG-TIME



```bash

./gapcast -i  -2.4+5g -d

```

> [!Note]

> 

> Scans all 2.4/5 Ghz channels disabling shifting of inactive devices.



SCAN-ALL-FREQ-OF-ONE-AP



```bash

./gapcast -i  -2.4+5g -c 10,36 -p 03:e9:58:65:2a:8

```

> [!Note]

> 

> *Access Point* that have 5 Ghz and 2.4 Ghz transmit via 2 different addresses, the address for 5 Ghz and the one for 2.4 Ghz. In most cases these 2 addresses have a Mac address with a very similar prefix:

> 

> In this case of selecting channel 10 for 2.4 Ghz and channel 36 for 5 Ghz with ```-c ``` uses 2 channels with different bands, using ```-2.4+5g```. Taking into consideration an *Access Point* that has the 5 Ghz address *03:e9:58:65:2a:8e* and the 2.4 Ghz address *03:e9:58:65:2a:86*, the **common prefix** is *03:e9:58:65:2a:8*, which is set via ```-p ```.

> With this parameter **only devices with that specified prefix will be displayed**.



SCAN-ALL-RANGE



```bash

./gapcast -i  -2.4+5g -radar

```

> [!Note]

>

> Scan all 2.4/5 Ghz channels showing the approximate radius of the location in meters with the ```-radar``` parameter using the [RadarRSSI library](https://github.com/ANDRVV/RadarRSSI), [more info](https://github.com/ANDRVV/gapcast/wiki#-radar).



SCAN-2.4G



```bash

./gapcast -i 

```

> [!Note]

> 

> Scans all 2.4 channels.



SCAN-5G



```bash

./gapcast -i  -5g

```

> [!Note]

> 

> Scans all 5 Ghz channels adding ```-5g``` parameter.



SCAN-ALL-RECORDING



```bash

./gapcast -i  -2.4+5g -w out.pcap

```

> [!Note]

> 

> Scans all 2.4/5 Ghz channels, recording it and saving to a pcap file. Registration can be done by adding the ```-w .pcap``` parameter.



SCAN-AP-DEAUTH-AND-REC-EAPOL



```bash

./gapcast -i  -c 11 -b a3:65:1b:56:7e:3c -w out.pcap

```

> [!Note]

> 

> Scan only AP's channel (11) to get the best WPA 4-Way Handshake, To deauthenticate you need to open the gapcast injection table by pressing **[CTRL-P]**, then select the De-Auth type, enter the required information and start the attack by pressing **CTRL-D** key for a few seconds (check that clients are present via the light-blue bar), as soon as the **CTRL-D** key is deactivated, the clients that reconnect to the *Access Point*:

> 

> Will **send and receive EAPOL packets** which you will record and save with the ```-w .pcap``` parameter.



RESTORE-DATA



```bash

./gapcast -l out.pcap

```

> [!Note]

> 

> If you want to restore data from a previous scan, done with [gapcast](https://github.com/ANDRVV/gapcast), [wireshark](https://github.com/wireshark/wireshark) or other tools and load them on the [gapcast](https://github.com/ANDRVV/gapcast) table to better analyze the data, just insert the ```-l .pcap``` parameter, if you want to restore the data and continue the scan you must add the ```-i ``` parameter and/or add other additional parameters.



SCAN-ALL-AP



```bash

./gapcast -i  -2.4+5g -beacon 

```

> [!Note]

> 

> If you want to show or record only the *Access Points* you must enter the ```-beacon``` parameter. For this technique, where we show all *Access Points* of all channels it is necessary to add the parameter ```-2.4+5g```.



💻Happy hacking!😊



📚Dependencies



> [!CAUTION]

> You must install ```libpcap```, ```libx11```, ```apache2```, ```iptables```, ```hostapd```, ```dnsmasq```, ```aircrack-ng```, ```php```, if you'd use **gapcast**!



🚀Upcoming features


    

  • TOTAL REFACTOR IN PROGRESS !!
    •