Wireless Scanning and a new tool

Jul 17th, 2010

Comments: 2
Category: Uncategorized

Wireless Scanning and a new tool

I had some cause to do some wireless work recently, which got me interested in doing some more war-walking (and hey, the weathers actually been nice enough to make it pleasant recently).
It was interesting to see the density of wireless networks in the suburban area near where I live, a quick 30 minute walk can easily pick up several hundred APs. Also some of the stats on encryption were interesting with about 25% of networks either using WEP or having no encryption at all, so still rich pickings there for anyone who wants free access or to attack some home networks directly.
I also did a bit of scanning with my N900 in Glasgow, near the apple store and noticed they’ve got an awful lot of clients connected to their unencrypted wireless networks there (~ 260 client spread over 3 APs), hope everyone is using VPNs or SSL only sites ;op
Also couldn’t find something to do the analysis the way I was looking for it, so I knocked up a quick script in ruby to analyse the .netxml output files from kismet.
It’s available here . It needs ruby, rubygems and nokogiri to work. worth noting that on linux installs you’ll need some xml parsing libraries installed before installing nokogiri (libxslt libxml2 libxml2-dev)
Basic syntax is very straightforward.
./kis_analysis.rb -f [netxml file] -r [report name] you can add -g if you’ve got GPS data to add links from each network to a google maps point and -m to draw a map of all the networks seen.
Any feedback/comments welcome either on the blog or to rorym@nmrconsult.net

DISCUSSION 2 Comments

  1. Steven Ryan September 4, 2010 at 3:11 pm

    I just gave the tool a whirl to test my GPS device and it worked great. In just under a mile drive there were over 800 networks. Nice report format and simple to use. I like the tie in to Google maps too!
    I haven’t looked in to the code yet but I would like to tie it in to sqlite to enable me to run some basic queries e.g. list all open networks, which networks had the most clients, draw on a map for all the access points called ‘XYZBank’. If I get around to this I will email you the changes.
    One final point is the general statistics section of the report shows:
    Encryption: WPA+TKIP
    Encryption: WPA+PSK
    TKIP is used with PSK so I assume this should be a bit more accurate e.g. PSK, Enterprise, TKIP, CCMP etc.

  2. Rory2 September 7, 2010 at 8:15 pm

    Cool glad to hear it works 🙂
    Yeah sqlite integration would be a cool idea, good to be able to tie multiple runs together. On the encryption front, the scripts pulling information from the kismet output, so I wonder how much is visible in the output… hmm will have to go have a look..
    The code is a bit on the ugly side when it comes to generating the javascipt for google maps, I’d like to find a way to make it a bit neater but it seems to be a restriction of the google maps format

Add a comment

Your email address will not be shared or published. Required fields are marked *