Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/typicalam/yarilo

Wireless Network Traffic Decrypter & Packet Analyzer
https://github.com/typicalam/yarilo

802-11 cplusplus libtins svelte wireless

Last synced: 2 days ago
JSON representation

Wireless Network Traffic Decrypter & Packet Analyzer

Host: GitHub
URL: https://github.com/typicalam/yarilo
Owner: TypicalAM
Created: 2023-12-11T07:09:06.000Z (11 months ago)
Default Branch: main
Last Pushed: 2024-10-25T15:39:58.000Z (13 days ago)
Last Synced: 2024-10-25T16:06:16.025Z (13 days ago)
Topics: 802-11, cplusplus, libtins, svelte, wireless
Language: C++
Homepage:
Size: 10.8 MB
Stars: 5
Watchers: 4
Forks: 0
Open Issues: 4
Metadata Files:
- Readme: README.md

Awesome Lists containing this project

README

# Yarilo

Yarilo is an offensive security tool and packet sniffer designed for capturing and decrypting encrypted wireless network traffic. This project can analyze and interpret packets on WPA2-protected networks with support for more coming soon. It can aid in network security assessments and understanding of wireless communication protocols.

**Capabilities**:
- Capturing and decrypting data from nearby networks
- Transferring data to/from `pcap`
- Replay attacks (deauth)
- Efficient channel hopping
- Brute-forcing passwords (work in progress)

**The project consists of two components**:
- Sniffer - packet capturing backend written in C++
- Web Client - controlling the sniffer and viewing data (moving to `sveltekit` soon)

## Release

Let's talk about running the release version of `Yarilo`, we strongly encourage running the sniffer through docker because of the issues that arise while compiling `grpc` by hand (it takes a lot of time on smaller devices).

### Sniffer

You can use `typicalam/yarilo:latest` as the base docker image. This project has two modes - file mode and interface mode. File mode runs the sniffer and analyzer on file recordings to decrypt existing data. Interface mode allows Yarlilo to take in a NIC (network interface card) and use that to sniff out network traffic captured by the card. You can also provide it a directory (shared volume) to be able to save the decrypted data. An example deployment **docker compose** file achieving is available at [docker-compose.srv.yml](https://github.com/TypicalAM/Yarilo/blob/main/docker-compose.srv.yml). To run it execute the following command in the repo root:

```sh
docker compose -f docker-compose.srv.yml up -d
```

## Development

What about running this thing locally?

### Sniffer

Run in the backend directory (`$MY_GRPC_INSTALL_DIR` should be your `grpc` install dir):

Prepare definitions:

```sh
protoc -I ../protos --cpp_out=src/proto --grpc_out=src/proto --plugin=protoc-gen-grpc=`which grpc_cpp_plugin` ../protos/service.proto
```

Compile and run:

```sh
cmake -DCMAKE_PREFIX_PATH=$MY_GRPC_INSTALL_DIR -G Ninja -B build .
ninja -C build
./build/yarilo --help
```

C++ reference documentation is built alongside the project if `-DYARILO_BUILD_DOCS=ON` is specified (requires `doxygen`). Open the `build/doc_doxygen/html/index.html` file in a browser to view. Optionally, for protobuf definitons to also be included in the docs, run the following before building (requires `go`):

```sh
go install github.com/pseudomuto/protoc-gen-doc/cmd/protoc-gen-doc@latest
protoc -I../protos --doc_opt=markdown,proto.md --doc_out=docs ../protos/service.proto
```

### Client

To run the client, enter the `frontend` directory and run:

```sh
npm install
npm run proto:gen
npm run dev
```

If your sniffer isn't running in `docker` you should also run [envoy](https://www.envoyproxy.io/) like so: `envoy -c backend/envoy.yaml`.