Software Tools to hack Wireless Networks


In order to combat the threats to your WLAN, there are a few software tools you should keep handy. Some of these are designed to keep hackers out using encryption and passwords, and other security measures, while others are tools that hackers would use, and which you can use as well to check your network for vulnerabilities.
The Hacker’s Tools
Nmap (“Network Mapper”) is a free open source utility for network exploration or security auditing. It was designed to rapidly scan large networks, although it works fine against single hosts. Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics. Nmap runs on most types of computers and both console and graphical versions are available. Nmap is free and open source.
Nessus Remote Security Scanner
Recently went closed source, but is still essentially free. Works with a client-server framework.
Nessus is the world’s most popular vulnerability scanner used in over 75,000 organizations world-wide. Many of the world’s largest organizations are realizing significant cost savings by using Nessus to audit business-critical enterprise devices and applications.
Wireshark (Formely Ethereal)
Wireshark is a GTK+-based network protocol analyzer, or sniffer, that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and to give Wireshark features that are missing from closed-source sniffers.
Works great on both Linux and Windows (with a GUI), easy to use and can reconstruct TCP/IP Streams! Will do a tutorial on Wireshark later.
This is a tool that hackers would use in order to view details about your network. NetStumbler can search for and locate all available wireless devices within range. It displays available access points, their SSIDs, the channels they operate on, what type of encryption and security in place, and the signal strength at the current location. The tool can also connect to GPS technologies to map and display the exact geographic location of the access points. You can put NetStumbler to work for you by using your laptop and circling your home to see how far your signal extends. You can also use it to test the security of your wireless security solutions.
NetStumbler is “beggarware”, software developed by programmers that request a donation for the use of their products, though this donation is completely voluntary.
Another tool created by the developers of NetStumbler, Net Stumbler can connect to GPS technologis to map and display geographic location of the access points MiniStumbler can be used on devices running PocketPC 3 and PocketPC 2002 operating systems. The functionality is the same as NetStumbler, and the uses similar. You can get both NetStumbler and MiniStumbler at www.netstumbler. com.
This is a WLAN tool that cracks WEP encryption. It sits as an invisible client on a network and “collects” packets and analyses them. Once it has gathered sufficient packets, it analyses them and attempts to decrypt the WEP code for the network. AirSnort eventually figures out the WEP key and lets the rogue client connect to the network as an authorised client. This tool can also be used to check the security of your WLAN and also to retrieve lost WLAN passwords. Get it from
SSID Sniff
This is a tool that is dedicated to finding a wireless network’s SSID. It is available at
Available for download at, BTScanner is a tool that lets you scan for Bluetooth devices in your vicinity and provide you with as much information about them as possible
without actually pairing with the devices. This tools allows you to make educated guesses about the type of device that BTScanner finds information about.
The Network Admin’s Tools
While most tools attempt to hide and cloak your access points, FakeAP goes in quite the opposite direction. It is generally used as a honeypot*, to catch would be hackers in the act, or analyse the tools they use. The tool uses the concept that the best place to hide is in a crowd, and literally creates thousands of fake access points (thus the name FakeAP). If your network consists of two or three access points, using FakeAP will drive would-be hackers crazy when they try and intrude upon your network. Unless they have plain dumb luck, the chances of a hacker finding the actual access points, hidden amongst the thousands of fake ones, is remote at best. The developers describe their tool as “Times Square on New Year’s eve”, and you can read more about it, or download the free tool from
The default wireless network administration tool, with good reason, Kismet works with any wireless card (802.11a/b/g) that supports raw packet monitoring mode. It can be used as an Intrusion Detection System (IDS), an invisible network detector, as well as a packet sniffer. It is available at
The self-proclaimed “heavyweight champion of intrusion prevention”, Snort is a popular open source network intrusion prevention system. It is capable of real-time traffic analysis as well as packet logging. It can be used to detect many types of probes and attacks, such as SMB probes, OS fingerprinting, stealth port scans, buffer overflow attacks and much, much more. The clincher is its real-time alerting capabilities, which make it a network administrators favourite IDS tool.
Short for Wireless Intrusion Detection System, WIDS can be used by wireless network administrators as a honeypot. Download it from
This is a GTK/Perl program that helps you discover and audit 802.11b wireless networks. The inbuilt statistics engine gives you common parameters provided by wireless drivers, and lets you view details about the consistency and signal strength of a network.
Ehsan Quddusi

- Advertisement -