- Wi-Fi Alliance
- Attacks:
- KRACK attack:
- ICMP redirects: Man-in-the-Middle Attacks without Rogue AP: When WPAs Meet ICMP Redirects.
- MacStealer:
- paper: Framing Frames: Bypassing Wi-Fi Encryption by Manipulating Transmit Queues.
- repository: est Wi-Fi networks for client isolation bypasses.
- wifi-framing: Repository for the Framing Frames publication
- [IEEE]:
- Tools
- aircrack-ng: complete suite of tools to assess WiFi network security.
- GitHub: WiFi security auditing tools suite
- airpwn-ng: Packet injection for wifi.
- bettercap: Swiss Army knife for WiFi, Bluetooth Low Energy, wireless
HID hijacking.
- GitHub: source code repository.
- ESP32 802.11 TX: Send arbitrary IEEE 802.11 frames with Espressif's ESP32.
- ESP32 ESP8266 attacks: Proof of Concept of ESP32/8266 Wi-Fi vulnerabilties.
- ESP32 Marauder: suite of WiFi/Bluetooth offensive and defensive tools for the ESP32.
- esp32-wifi-penetration-tool: Exploring possibilities of ESP32 platform to attack on nearby Wi-Fi networks.
- FreeRADIUS: open source RADIUS server.
- hostapd: user space daemon for access points.
- Kismet: Wi-Fi, Bluetooth, RF, and more
- GitHub: Kismet and related tools and libraries for wireless monitoring, transmitting, and auditing.
- iw: nl80211 based CLI configuration utility for wireless devices.
- libwifi: an 802.11 (WiFi) Frame Generation and Parsing Library in C.
- github repo: libwifi github repository
- libwifi (nukesor): rust library for parsing IEE 802.11 frames.
- libwifi (vanhoefm): python and scapy scripts for Wi-Fi.
- nexmon: The C-based Firmware Patching Framework for Broadcom/Cypress WiFi Chips.
- pawnagotchi: A2C-based “AI” powered by bettercap and running on a Raspberry Pi Zero W that learns from its surrounding WiFi environment in order to maximize the crackable WPA key material it captures/
- pi-pwnbox-rogueap: Rogue AP based on Raspberry Pi
- WEF: Wi-Fi Exploitation Framework.
- wifi-cracking: Crack WPA/WPA2 Wi-Fi Routers with Airodump-ng and Aircrack-ng/Hashcat.
- wifijammer: Continuously jam all wifi clients/routers.
- wifiphisher: The Rogue Access Point Framework.
- wifipumpkin3: Powerful framework for rogue access point attack.
- wifite2: script for auditing wireless networks.
- wpa_supplicant: supplicant for 802.11
- aircrack-ng: complete suite of tools to assess WiFi network security.
- esp-wifi: WIP / POC for using the ESP32-C3, ESP32-S3 and ESP32 wifi drivers in bare-metal Rust.
- USB-WiFi: USB WiFi Adapter Information for Linux
- KillerBee: IEEE 802.15.4/ZigBee Security Research Toolkit.
- bluetooth.com
- Awesome bluetooth security: useful references for anyone working with Bluetooth BR/EDR/LE or Mesh security.
- BLE Security Attack Defence: Unveiling zero day vulnerabilities and security flaws in modern Bluetooth LE stacks.
- Tools
- ble-fuzzing: Stateful Black-Box Fuzzing of BLE Devices Using Automata Learning
- BTLE: Bluetooth Low Energy (BLE) packet sniffer and transmitter for both standard and non standard (raw bit) based on Software Defined Radio (SDR).
- btlejack: Bluetooth Low Energy Swiss-army knife.
- ESP32 bluetooth classic sniffer: Active Bluetooth BR/EDR Sniffer/Injector as cheap as any ESP32 board can get.
- ice9-bluetooth-sniffer: Wireshark Bluetooth sniffer for HackRF, BladeRF, and USRP.
- internalblue: About Bluetooth experimentation framework for Broadcom and Cypress chips.
- Injectable firmware: Custom firmware for nrf52840-dongle.
- nRF sniffer: Bluetooth LE sniffer from nordic.
- Sniffle: A sniffer for Bluetooth 5 and 4.x LE
- csa-iot.org: Connectivity Standards Alliance
- Home Assistant: Open source home automation
- Matter
- Thread
- OpenThread: open-source implementation of Thread
- Specifications
- ZigBee
- Linux Wireless wiki: Documentation for the Linux wireless (IEEE-802.11) subsystem.
- Realtek drivers:
- RTL88x2BU: Linux Driver for USB WiFi Adapters that are based on the RTL8812BU and RTL8822BU Chipset.
- Bouffalo Labs
- Espressif
- Silicon Labs
- Microchip
- Nordic
- NXP
- Renesas
- STMicroelectronics
- Texas Instruments
- Awesome CTS: curated list of Capture The Signal CTF related stuff.
- cts.ninja: CTF focused on radio signal reverse engineering
- FCC
- [fccid.io]: Searchable FCC ID Database
- Official FCC ID
- Mirage: powerful and modular framework dedicated to the security analysis of wireless communications.
- Signal Identification Guide: help identify radio signals through example sounds and waterfall images.
- Hardware
- BladeRF: 2x2 MIMO, 47MHz to 6GHz frequency range
- GitHub: bladeRF USB 3.0 Superspeed Software Defined Radio Source Code.
- HackRF One: oftware Defined Radio peripheral capable of transmission or
reception of radio signals from 1 MHz to 6 GHz.
- GitHub: low cost software radio platform.
- LimeSDR: low cost, open source, apps-enabled software defined radio (SDR).
- GitHub: LimeSdr software
- BladeRF: 2x2 MIMO, 47MHz to 6GHz frequency range
- Libraries
- FISSURE: RF and reverse engineering framework for everyone.
- GNU Radio: development toolkit that provides signal processing blocks
to implement software radios.
- GitHub: the Free and Open Software Radio Ecosystem.
- LiquidSDR: free and open-source signal processing library for
software-defined radios.
- liquid-dsp: digital signal processing library for software-defined radios.
- OpenOFDM: Sythesizable, modular Verilog implementation of 802.11 OFDM decoder.
- Theory
- Tools
- sdrangel: SDR Rx/Tx software
- SDRPlusPlusA: Cross-Platform SDR Software
- urh: Universal Radio Hacker