Updates wraith : Wireless assault, reconnaissance, collection and exploitation toolkit.

Updates wraith : Wireless assault, reconnaissance, collection and exploitation toolkit.

Attack vectors, rogue devices, interfering networks are best visualized and identified over time. Current tools i.e. Kismet, Aircrack-ng and Wireshark are excellent tools but none are completely suitable for collecting and analyzing the 802.11 environment over a period of time without that is, implementing a custom interface.
While originally intending to develop such a custom interface to one or more Kismet based sensors, Wraith evolved. Kismet did not offer enough information, Wireshark offered too much. Wraith is an attempt to develop a toolsuite that eases the collection, collation and analysis of temporal 802.11 data in order to provide administrators with the ability to view their network(s) from a bird’s eye view and drill down as necessary to a single device. Wraith allows the user to decide what data to view, how to view it and ‘when’ to view it.
Once the reconnaissance and collection development is stable, assault plug-ins will be developed to aid WLAN administrators in the security testing of their networks.

– linux (preferred 3.x kernel, tested on 3.13.0-43)
– NOTE: some cards i.e. rosewill usb nics were not fully supported through iw on earlier kernels
– Python 2.7
– iw 3.17
– postgresql 9.x (tested on 9.3.5)
– pyscopg 2.5.3
– mgrs 1.1
– macchanger 1.7.0
3. MODULES: Currently consists of four components/modules
a. Radio (v 0.0.4): 802.11 network interface objects and functions
Objects/functions to manipulate wireless nics and parse 802.11 captures. Partial support of 802.11-2012
Standards :
– Currently Supported: 802.11a\b\g
– Partially Supported: 802.11n
– Not Supported: 802.11s\y\u\ac\ad\af
b. DySKT (v 0.1.5) : Dynamic Small Kill Team (Wraith Sensor)
– An 802.11 sensor consisting of an optional collection radio (i.e. spotter), a mandatory reconnaissance radio (i.e. shooter) and an RTO which relays collected data to Nidus, the data storage system (i.e. HQ). DySKT collects data in the form of raw 802.11 packets with the reconnaissance (and collection if present) radios, forwarding that date along with any geolocational data (if a gps device is present) to higher.
c. Nidus (v 0.0.6): Data Storage Manager
– Nidus is the Data Storage manager processing data received from DySKT. Nidus is the interface to the backend Postgresql database, processing data in terms of raw 802.11 frames, gps location, and ‘device’ details/status.
d. GUI: non-operational gui

4. ARCHITECTURE/HEIRARCHY: Brief Overview of the project file structure
# wraith/ Top-level package
+ __init__.py initialize the top-level
+ wraith-rt.py the gui
+ wraith.conf gui configuration file
+ LICENSE software license
+ README.txt details
+ CONFIGURE.txt setup details
+ widgets gui subpackage
— icons icons folder
— __init__.py initialize widgets subpackage
— panel.py defines Panel and subclasses for gui
+ utils utility functions
— __init__.py initialize utils subpackage
— bits.py bitmask functions
— timestamps timestamp conversion functions
+ radio subpackage for radio/radiotap
— __init__.py initialize radio subpackage
— bits.py bitmask related funcs, bit extraction functions
— iwtools.py iwconfig, ifconfig interface and nic utilities
— iw.py iw 3.17 interface
— radiotap.py radiotap parsing
— mpdu.py IEEE 802.11 MAC (MPDU) parsing
— dott1u.py contstants for 802.11u (not currently used)
— channels.py 802.11 channel, freq utilities
— mcs.py mcs index functions
— oui.py oui/manuf related functions
+ dyskt subpackage for wraith sensor
__init__.py initialize dyskt package
— dyskt.conf configuration file for dyskt
— dyskt.log.conf configuration file for dyskt logging
— dyskt.py primary module
— internal.py defines the Report class
— rdoctl.py radio controler with tuner, sniffer
— rto.py data collation and forwarding
— dysktd dyskt daemon
+ nidus subpackage for datamanager
— __init__.py initialize nidus package
— nidus.conf nidus configuration
— nidus.log.conf nidus logging configuration
— nidus.py nidus server
— nmp.py nidus protocol definition
— nidusdb.py interface to storage system
— simplepcap.py pcap writer
— nidus.sql sql tables definition
— nidusd nidus daemon


1) Postgresql
ensure postgresql 9.3 is installed
configure postgresql and nidus db
sudo apt-get install postgresql-9.3-postgis-2.1
sudo -u postgres psql

# create nidus user and nidus database
postgres@feral:/var/lib$ createuser nidus –pwprompt –no-superuser –no-createrole –no-createdb
createdb –owner=nidus nidus

# use btree_gist (see http://www.postgresql.org/docs/devel/static/rangetypes.html)
sudo su – postgres
postgres=# psql -d nidus
postgres=# CREATE EXTENSION btree_gist;

2) Dependencies
– dateutil 2.3 https://pypi.python.org/pypi/python-dateutil

– iw 3.17 https://www.kernel.org/pub/software/network/iw/iw-3.17.tar.xz
o install to /usr/sbin/iw

– psycopg2 2.5.4 https://pypi.python.org/pypi/psycopg2

– mgrs 1.1 https://pypi.python.org/packages/source/m/mgrs/mgrs-1.1.0.tar.gz
o may need python-setuptools

gui support
o python-tk
o tix

3) Configure system for use
Set up daemons
o sucktd
1) copy <pathtowraith>/suckt/sucktd to /etc/init.d
2) change ownership to root/root (if necessary)
3) change permissions to 755
o nidusd
1) copy <pathtowraith>/suckt/sucktd to /etc/init.d
2) change ownership to root/root (if necessary)
3) change permissions to 755

Set up logs
cd /var/logs
mkdir wraith
sudo chown <user>:adm wraith
chmod 750 wraith
cd wraith
touch suckt.log
touch nidus.log

configure iw, iwconfig, ifconfig and binding raw socket for root access
o We need root access to iw, iwconfig and ifconfig
* One can modify the deamons to run as root
* One can run python interpreter as root
* Or one can modify the sudoers file as below
# Cmnd alias specification
Cmnd_Alias IWCONFIG = /sbin/iwconfig
Cmnd_Alias IFCONFIG = /sbin/ifconfig
Cmnd_Alias IW = /usr/sbin/iw #–> iw 3.17

# Allow user to execute iw* commands

sudo service sudo restart # to have it start immediately
o We need to give the python interpreter set raw capability
* Once again, we could run as root
* Or give the python interpreter set raw capability
sudo setcap cap_net_raw=+ep /usr/bin/python2.7
sudo setcap cap_net_raw=-ep /usr/bin/python2.7
* Using suckt daemon, set raw capabilities are temporarily enabled and
then removed after the raw socket is bound

Download : wraith-master.zip (111 KB)  | Or Clone URL here
Source : Wraith Wireless  | Our Post Before