krackattacks-scripts
Scripts to test if Wi-Fi clients or access points are vulnerable to the KRACK attack against WPA2.
What is krackattacks-scripts?
krackattacks-scripts is a collection of Python scripts designed to test whether Wi-Fi clients or access points are vulnerable to the KRACK (Key Reinstallation Attack) against WPA2. It simulates specific attack vectors to detect key reinstallation flaws, helping identify unpatched devices. The scripts correspond to known CVEs and provide a methodical way to validate security patches.
Security researchers, penetration testers, network administrators, and Wi-Fi device manufacturers who need to verify if their systems are patched against KRACK vulnerabilities.
It offers a free, open-source alternative to proprietary testing tools, with detailed test cases mapped to Wi-Fi Alliance standards and support for both client and access point testing in controlled environments.
Overview
This project provides a suite of Python scripts to detect vulnerabilities related to the KRACK (Key Reinstallation Attack) against WPA2 Wi-Fi security. It allows security researchers and network administrators to test whether specific clients or access points are affected by critical CVEs like CVE-2017-13077 and CVE-2017-13080.
Key Features
- Client Vulnerability Testing — Seven distinct tests to check for key reinstallation vulnerabilities in Wi-Fi clients, including pairwise and group key handshake flaws.
- Access Point Testing — Detects vulnerabilities in the FT (Fast Transition) handshake (802.11r) used by access points during roaming.
- Detailed Test Mapping — Scripts correspond to official Wi-Fi Alliance test cases for standardized vulnerability assessment.
- Manual Verification Support — Includes guidance for using additional monitoring interfaces to manually confirm script findings.
- Regulatory and Hardware Considerations — Provides notes on hardware encryption, 5 GHz band limitations, and driver adjustments for accurate testing.
Philosophy
The project emphasizes responsible security testing by providing tools to verify patches and assess real-world vulnerability status, rather than functioning as attack scripts. It requires legitimate network credentials to operate.
Related Projects
Found a gem we're missing?
Open-Awesome is built by the community, for the community. Submit a project, suggest an awesome list, or help improve the catalog on GitHub.
