Kismet Cheat Blatt
Überblick
Kismet ist ein drahtloses Netzwerk- und Gerätedetektor, Sniffer, Wardriving-Tool und WIDS (wireless Intrusion Erkennung) Rahmen. Es funktioniert mit Wi-Fi-Schnittstellen, Bluetooth-Schnittstellen, einigen SDR (Software definiert Radio) Hardware wie der RTLSDR und anderen spezialisierten Erfassungshardware. Kismet kann drahtlose Netzwerke, Kunden und ihre Beziehungen passiv erkennen, so dass es ein wesentliches Werkzeug für die drahtlose Sicherheitsbewertung und -überwachung.
ZEIT Warning: Verwenden Sie Kismet nur in Umgebungen, die Sie besitzen oder eine ausdrückliche Erlaubnis zur Überwachung haben. Unberechtigte drahtlose Überwachung kann lokale Gesetze und Vorschriften verletzen.
Installation
Ubuntu/Debian Installation
```bash
Add Kismet repository
wget -O - https://www.kismetwireless.net/repos/kismet-release.gpg.key|sudo apt-key add - echo 'deb https://www.kismetwireless.net/repos/apt/release/$(lsb_release -cs) $(lsb_release -cs) main'|sudo tee /etc/apt/sources.list.d/kismet.list
Update package list
sudo apt update
Install Kismet
sudo apt install kismet
Add user to kismet group
sudo usermod -aG kismet $USER
Log out and back in for group changes to take effect
```_
Manuelle Erstellung
```bash
Install dependencies
sudo apt update sudo apt install -y build-essential git libmicrohttpd-dev pkg-config \ zlib1g-dev libnl-3-dev libnl-genl-3-dev libcap-dev \ libpcap-dev libnm-dev libdw-dev libsqlite3-dev libprotobuf-dev \ libprotobuf-c-dev protobuf-compiler protobuf-c-compiler \ libsensors4-dev libusb-1.0-0-dev python3 python3-setuptools \ python3-protobuf python3-requests python3-numpy python3-serial \ python3-usb python3-dev python3-websockets librtlsdr0 librtlsdr-dev \ libfftw3-dev libncurses5-dev libpcre3-dev
Clone Kismet repository
git clone https://www.kismetwireless.net/git/kismet.git cd kismet
Configure and compile
./configure make -j$(nproc)
Install
sudo make suidinstall
Add user to kismet group
sudo usermod -aG kismet $USER ```_
Kali Linux Installation
```bash
Kismet is pre-installed on Kali Linux
kismet --version
If not installed
sudo apt update sudo apt install kismet
Add user to kismet group
sudo usermod -aG kismet $USER ```_
Docker Installation
```bash
Pull Kismet Docker image
docker pull kismetwireless/kismet
Run Kismet in Docker with host networking
docker run -it --rm --net=host \ --privileged \ -v /dev/bus/usb:/dev/bus/usb \ kismetwireless/kismet
Create persistent volume for logs
docker volume create kismet-logs
Run with persistent storage
docker run -d --name kismet \ --net=host \ --privileged \ -v kismet-logs:/opt/kismet/logs \ -v /dev/bus/usb:/dev/bus/usb \ kismetwireless/kismet ```_
Grundkonfiguration
Erster Setup
```bash
Create Kismet configuration directory
mkdir -p ~/.kismet
Generate default configuration
kismet --print-config > ~/.kismet/kismet.conf
Edit configuration
nano ~/.kismet/kismet.conf
Key configuration options:
server=tcp://127.0.0.1:2501
allowedusers=kismet
logprefix=/tmp/kismet
logtypes=kismetdb,pcapng
```_
Schnittstellenkonfiguration
```bash
List available interfaces
kismet --list-interfaces
Check interface capabilities
iw dev
Put interface in monitor mode manually
sudo ip link set wlan0 down sudo iw dev wlan0 set type monitor sudo ip link set wlan0 up
Configure Kismet to use specific interface
echo "source=wlan0" >> ~/.kismet/kismet.conf
Multiple interfaces
echo "source=wlan0" >> ~/.kismet/kismet.conf echo "source=wlan1" >> ~/.kismet/kismet.conf
Interface with specific options
echo "source=wlan0:name=primary,hop=true" >> ~/.kismet/kismet.conf ```_
Benutzermanagement
```bash
Add user to Kismet
sudo kismet_site_config --add-user username
Set user password
sudo kismet_site_config --set-password username
List users
sudo kismet_site_config --list-users
Remove user
sudo kismet_site_config --remove-user username
Create admin user
sudo kismet_site_config --add-admin admin_user ```_
Basisnutzung
Starting Kismet
```bash
Start Kismet server
kismet
Start with specific interface
kismet -c wlan0
Start with multiple interfaces
kismet -c wlan0,wlan1
Start in background
kismet --daemonize
Start with custom config
kismet -f /path/to/custom.conf
Start with specific log location
kismet --log-prefix /var/log/kismet/ ```_
Web Interface
```bash
Access web interface (default)
firefox http://localhost:2501
Custom port configuration
echo "httpd_port=8080" >> ~/.kismet/kismet.conf
Enable HTTPS
echo "httpd_ssl=true" >> ~/.kismet/kismet.conf echo "httpd_ssl_cert=/path/to/cert.pem" >> ~/.kismet/kismet.conf echo "httpd_ssl_key=/path/to/key.pem" >> ~/.kismet/kismet.conf
Allow remote access (security risk)
echo "httpd_bind_address=0.0.0.0" >> ~/.kismet/kismet.conf ```_
Kommandozeilenschnittstelle
```bash
Connect to Kismet server
kismet_client
Connect to remote server
kismet_client --server 192.168.1.100:2501
Non-interactive mode
kismet_client --autostart --user username --password password
Export data
kismet_client --export-xml networks.xml kismet_client --export-csv devices.csv ```_
Erweiterte Überwachung
Kanal Hopping
```bash
Configure channel hopping
echo "channel_hop=true" >> ~/.kismet/kismet.conf echo "channel_hop_speed=5" >> ~/.kismet/kismet.conf
Specific channels only
echo "channel_hop_channels=1,6,11" >> ~/.kismet/kismet.conf
5GHz channels
echo "channel_hop_channels=36,40,44,48,149,153,157,161" >> ~/.kismet/kismet.conf
Disable channel hopping for specific interface
echo "source=wlan0:hop=false,channel=6" >> ~/.kismet/kismet.conf ```_
GPS Integration
```bash
Configure GPS
echo "gps=gpsd:host=localhost,port=2947" >> ~/.kismet/kismet.conf
Start gpsd
sudo gpsd /dev/ttyUSB0 -F /var/run/gpsd.sock
Test GPS connection
gpsmon
Configure GPS logging
echo "gps_log=true" >> ~/.kismet/kismet.conf ```_
Bluetooth Überwachung
```bash
Enable Bluetooth capture
echo "source=hci0:type=linuxbluetooth" >> ~/.kismet/kismet.conf
Multiple Bluetooth interfaces
echo "source=hci0:type=linuxbluetooth,name=bt0" >> ~/.kismet/kismet.conf echo "source=hci1:type=linuxbluetooth,name=bt1" >> ~/.kismet/kismet.conf
Configure Bluetooth scanning
echo "bluetooth_scan_interval=30" >> ~/.kismet/kismet.conf ```_
SZR Integration
```bash
RTL-SDR configuration
echo "source=rtlsdr-0:type=rtlsdr" >> ~/.kismet/kismet.conf
HackRF configuration
echo "source=hackrf:type=hackrf" >> ~/.kismet/kismet.conf
Configure frequency ranges
echo "source=rtlsdr-0:frequency=433920000" >> ~/.kismet/kismet.conf
Multiple SDR devices
echo "source=rtlsdr-0:type=rtlsdr,name=rtl0" >> ~/.kismet/kismet.conf echo "source=rtlsdr-1:type=rtlsdr,name=rtl1" >> ~/.kismet/kismet.conf ```_
Datenanalyse
Analyse von Dateien
```bash
List log files
ls -la ~/.kismet/logs/
Analyze Kismet database
kismet_log_to_kml --in kismet.kismet --out networks.kml
Extract specific data
kismet_log_devices --in kismet.kismet --out devices.csv
Convert to other formats
kismet_log_to_pcap --in kismet.kismet --out capture.pcap
Filter by time
kismet_log_devices --in kismet.kismet --start-time "2023-01-01 00:00:00" --end-time "2023-01-01 23:59:59" ```_
Datenbankabfragen
```bash
Connect to Kismet database
sqlite3 ~/.kismet/logs/Kismet-*.kismet
Common queries
.tables
List all devices
SELECT devmac, devtype, firsttime, lasttime FROM devices;
List access points
SELECT devmac, device FROM devices WHERE devtype = 'Wi-Fi AP';
List clients
SELECT devmac, device FROM devices WHERE devtype = 'Wi-Fi Client';
Show encryption types
SELECT devmac, device, crypt FROM devices WHERE devtype = 'Wi-Fi AP';
Find WPS enabled networks
SELECT devmac, device FROM devices WHERE device LIKE '%WPS%';
Exit database
.quit ```_
REST API Verwendung
```bash
Get system status
curl http://localhost:2501/system/status.json
Get device list
curl http://localhost:2501/devices/views/all/devices.json
Get specific device
curl http://localhost:2501/devices/by-key/DEVICE_KEY/device.json
Get alerts
curl http://localhost:2501/alerts/definitions.json
Get channels
curl http://localhost:2501/channels/channels.json
Authentication required for some endpoints
curl -u username:password http://localhost:2501/devices/views/all/devices.json ```_
Automatisierungsskripte
Automatisierte Überwachung Script
```bash
!/bin/bash
Automated Kismet monitoring with alerting
KISMET_CONFIG="$HOME/.kismet/kismet.conf" LOG_DIR="$HOME/kismet_monitoring" ALERT_EMAIL="security@company.com" SCAN_DURATION=3600 # 1 hour INTERFACE="wlan0"
mkdir -p "$LOG_DIR"
Function to send alert
send_alert() \\{ local message="$1" local log_file="$2"
| echo "$message" | mail -s "Kismet Alert" -A "$log_file" "$ALERT_EMAIL" 2>/dev/null | | \ | echo "Alert: $message (email failed)" \\}
Function to analyze results
analyze_results() \\{ local kismet_db="$1" local timestamp="$2"
echo "[+] Analyzing results from $kismet_db"
# Count devices by type
ap_count=$(sqlite3 "$kismet_db" "SELECT COUNT(*) FROM devices WHERE devtype = 'Wi-Fi AP';")
client_count=$(sqlite3 "$kismet_db" "SELECT COUNT(*) FROM devices WHERE devtype = 'Wi-Fi Client';")
# Find open networks
open_networks=$(sqlite3 "$kismet_db" "SELECT COUNT(*) FROM devices WHERE devtype = 'Wi-Fi AP' AND crypt = 'None';")
# Find WPS networks
wps_networks=$(sqlite3 "$kismet_db" "SELECT COUNT(*) FROM devices WHERE devtype = 'Wi-Fi AP' AND device LIKE '%WPS%';")
# Generate report
report_file="$LOG_DIR/report_$timestamp.txt"
cat > "$report_file" << EOF
Kismet Monitoring Report - $(date)
Scan Duration: $SCAN_DURATION seconds Interface: $INTERFACE
Summary: - Access Points: $ap_count - Clients: $client_count - Open Networks: $open_networks - WPS Enabled: $wps_networks
EOF
# Add detailed findings
if [ "$open_networks" -gt 0 ]; then
echo "Open Networks Found:" >> "$report_file"
sqlite3 "$kismet_db" "SELECT devmac, device FROM devices WHERE devtype = 'Wi-Fi AP' AND crypt = 'None';" >> "$report_file"
echo "" >> "$report_file"
fi
if [ "$wps_networks" -gt 0 ]; then
echo "WPS Enabled Networks:" >> "$report_file"
sqlite3 "$kismet_db" "SELECT devmac, device FROM devices WHERE devtype = 'Wi-Fi AP' AND device LIKE '%WPS%';" >> "$report_file"
echo "" >> "$report_file"
fi
# Send alerts for concerning findings
if [ "$open_networks" -gt 5 ]; then
send_alert "High number of open networks detected: $open_networks" "$report_file"
fi
if [ "$wps_networks" -gt 10 ]; then
send_alert "High number of WPS-enabled networks detected: $wps_networks" "$report_file"
fi
echo "[+] Report generated: $report_file"
\\}
Main monitoring function
run_monitoring() \\{ local timestamp=$(date +%Y%m%d_%H%M%S) local log_prefix="$LOG_DIR/kismet_$timestamp"
echo "[+] Starting Kismet monitoring session: $timestamp"
# Configure Kismet for this session
cat > "/tmp/kismet_monitor.conf" << EOF
source=$INTERFACE logprefix=$log_prefix logtypes=kismetdb,pcapng server=tcp://127.0.0.1:2501 allowedusers=kismet channel_hop=true channel_hop_speed=5 gps=false EOF
# Start Kismet
kismet -f "/tmp/kismet_monitor.conf" --daemonize --silent
if [ $? -eq 0 ]; then
echo "[+] Kismet started successfully"
# Wait for scan duration
echo "[+] Scanning for $SCAN_DURATION seconds..."
sleep "$SCAN_DURATION"
# Stop Kismet
pkill kismet
sleep 5
# Analyze results
kismet_db="$\\\\{log_prefix\\\\}.kismet"
if [ -f "$kismet_db" ]; then
analyze_results "$kismet_db" "$timestamp"
else
echo "[-] Kismet database not found: $kismet_db"
fi
else
echo "[-] Failed to start Kismet"
return 1
fi
# Cleanup
rm -f "/tmp/kismet_monitor.conf"
\\}
Check if interface exists and is available
if ! ip link show "$INTERFACE" > /dev/null 2>&1; then echo "[-] Interface $INTERFACE not found" exit 1 fi
Put interface in monitor mode
echo "[+] Setting $INTERFACE to monitor mode" sudo ip link set "$INTERFACE" down sudo iw dev "$INTERFACE" set type monitor sudo ip link set "$INTERFACE" up
if [ $? -eq 0 ]; then echo "[+] Interface configured successfully" run_monitoring else echo "[-] Failed to configure interface" exit 1 fi
echo "[+] Monitoring session completed" ```_
Wardrier Skript
```bash
!/bin/bash
Automated wardriving with GPS logging
GPS_DEVICE="/dev/ttyUSB0" INTERFACE="wlan0" OUTPUT_DIR="wardriving_$(date +%Y%m%d)" SCAN_TIME=7200 # 2 hours
mkdir -p "$OUTPUT_DIR"
Function to setup GPS
setup_gps() \\{ echo "[+] Setting up GPS"
# Start gpsd
sudo gpsd "$GPS_DEVICE" -F /var/run/gpsd.sock
# Wait for GPS fix
echo "[+] Waiting for GPS fix..."
timeout=60
while [ $timeout -gt 0 ]; do
if gpsmon -n 1|grep -q "3D"; then
echo "[+] GPS fix acquired"
return 0
fi
sleep 5
timeout=$((timeout - 5))
done
echo "[-] GPS fix not acquired, continuing without GPS"
return 1
\\}
Function to create KML from results
create_kml() \\{ local kismet_db="$1" local kml_file="$2"
echo "[+] Creating KML file: $kml_file"
python3 << EOF
import sqlite3 import xml.etree.ElementTree as ET from xml.dom import minidom
Connect to Kismet database
conn = sqlite3.connect('$kismet_db') cursor = conn.cursor()
Create KML structure
kml = ET.Element('kml', xmlns='http://www.opengis.net/kml/2.2') document = ET.SubElement(kml, 'Document') ET.SubElement(document, 'name').text = 'Kismet Wardriving Results'
Query for devices with GPS coordinates
cursor.execute(''' SELECT devmac, device, crypt, min_lat, min_lon, max_lat, max_lon FROM devices WHERE devtype = 'Wi-Fi AP' AND min_lat != 0 AND min_lon != 0 ''')
for row in cursor.fetchall(): devmac, device, crypt, min_lat, min_lon, max_lat, max_lon = row
# Create placemark
placemark = ET.SubElement(document, 'Placemark')
ET.SubElement(placemark, 'name').text = device or devmac
# Description
description = f"MAC: \\\\{devmac\\\\}\\nEncryption: \\\\{crypt\\\\}"
ET.SubElement(placemark, 'description').text = description
# Style based on encryption
style = ET.SubElement(placemark, 'Style')
icon_style = ET.SubElement(style, 'IconStyle')
icon = ET.SubElement(icon_style, 'Icon')
if crypt == 'None':
ET.SubElement(icon, 'href').text = 'http://maps.google.com/mapfiles/kml/paddle/red-circle.png'
elif 'WEP' in crypt:
ET.SubElement(icon, 'href').text = 'http://maps.google.com/mapfiles/kml/paddle/ylw-circle.png'
else:
ET.SubElement(icon, 'href').text = 'http://maps.google.com/mapfiles/kml/paddle/grn-circle.png'
# Point coordinates (use average of min/max)
avg_lat = (min_lat + max_lat) / 2
avg_lon = (min_lon + max_lon) / 2
point = ET.SubElement(placemark, 'Point')
ET.SubElement(point, 'coordinates').text = f"\\\\{avg_lon\\\\},\\\\{avg_lat\\\\},0"
Write KML file
rough_string = ET.tostring(kml, 'unicode') reparsed = minidom.parseString(rough_string) with open('$kml_file', 'w') as f: f.write(reparsed.toprettyxml(indent=" "))
conn.close() print(f"KML file created: $kml_file") EOF \\}
Function to generate statistics
generate_stats() \\{ local kismet_db="$1" local stats_file="$2"
echo "[+] Generating statistics: $stats_file"
cat > "$stats_file" << EOF
Wardriving Statistics - $(date)
EOF
# Basic counts
echo "Device Counts:" >> "$stats_file"
sqlite3 "$kismet_db" "SELECT devtype, COUNT(*) FROM devices GROUP BY devtype;"|\
sed 's/|/ : /' >> "$stats_file"
echo "" >> "$stats_file"
# Encryption breakdown
echo "Encryption Types:" >> "$stats_file"
sqlite3 "$kismet_db" "SELECT crypt, COUNT(*) FROM devices WHERE devtype = 'Wi-Fi AP' GROUP BY crypt;"|\
sed 's/|/ : /' >> "$stats_file"
echo "" >> "$stats_file"
# Channel usage
echo "Channel Usage:" >> "$stats_file"
sqlite3 "$kismet_db" "SELECT channel, COUNT(*) FROM devices WHERE devtype = 'Wi-Fi AP' GROUP BY channel ORDER BY channel;"|\
sed 's/|/ : /' >> "$stats_file"
echo "" >> "$stats_file"
# Vendor breakdown (top 10)
echo "Top 10 Vendors:" >> "$stats_file"
sqlite3 "$kismet_db" "SELECT manuf, COUNT(*) as count FROM devices WHERE devtype = 'Wi-Fi AP' GROUP BY manuf ORDER BY count DESC LIMIT 10;"|\
sed 's/|/ : /' >> "$stats_file"
echo "" >> "$stats_file"
# Security concerns
echo "Security Concerns:" >> "$stats_file"
open_count=$(sqlite3 "$kismet_db" "SELECT COUNT(*) FROM devices WHERE devtype = 'Wi-Fi AP' AND crypt = 'None';")
wep_count=$(sqlite3 "$kismet_db" "SELECT COUNT(*) FROM devices WHERE devtype = 'Wi-Fi AP' AND crypt LIKE '%WEP%';")
wps_count=$(sqlite3 "$kismet_db" "SELECT COUNT(*) FROM devices WHERE devtype = 'Wi-Fi AP' AND device LIKE '%WPS%';")
echo "Open Networks: $open_count" >> "$stats_file"
echo "WEP Networks: $wep_count" >> "$stats_file"
echo "WPS Enabled: $wps_count" >> "$stats_file"
\\}
Main wardriving function
run_wardriving() \\{ local timestamp=$(date +%Y%m%d_%H%M%S) local log_prefix="$OUTPUT_DIR/wardriving_$timestamp"
echo "[+] Starting wardriving session: $timestamp"
# Setup GPS
gps_available=false
if setup_gps; then
gps_available=true
fi
# Configure Kismet
cat > "/tmp/kismet_wardriving.conf" << EOF
source=$INTERFACE logprefix=$log_prefix logtypes=kismetdb,pcapng,gpsxml server=tcp://127.0.0.1:2501 allowedusers=kismet channel_hop=true channel_hop_speed=3 EOF
if [ "$gps_available" = true ]; then
echo "gps=gpsd:host=localhost,port=2947" >> "/tmp/kismet_wardriving.conf"
echo "gps_log=true" >> "/tmp/kismet_wardriving.conf"
fi
# Start Kismet
kismet -f "/tmp/kismet_wardriving.conf" --daemonize --silent
if [ $? -eq 0 ]; then
echo "[+] Kismet started successfully"
echo "[+] Wardriving for $SCAN_TIME seconds..."
echo "[+] Press Ctrl+C to stop early"
# Wait for scan time or user interrupt
sleep "$SCAN_TIME" &
wait $!
# Stop Kismet
echo "[+] Stopping Kismet..."
pkill kismet
sleep 5
# Process results
kismet_db="$\\\\{log_prefix\\\\}.kismet"
if [ -f "$kismet_db" ]; then
echo "[+] Processing results..."
# Generate KML
create_kml "$kismet_db" "$\\\\{log_prefix\\\\}.kml"
# Generate statistics
generate_stats "$kismet_db" "$\\\\{log_prefix\\\\}_stats.txt"
# Convert to other formats
kismet_log_to_pcap --in "$kismet_db" --out "$\\\\{log_prefix\\\\}.pcap"
echo "[+] Results processed successfully"
echo "[+] Files created:"
ls -la "$\\\\{log_prefix\\\\}"*
else
echo "[-] Kismet database not found: $kismet_db"
fi
else
echo "[-] Failed to start Kismet"
return 1
fi
# Cleanup
rm -f "/tmp/kismet_wardriving.conf"
# Stop GPS daemon
if [ "$gps_available" = true ]; then
sudo pkill gpsd
fi
\\}
Check prerequisites
if ! command -v kismet &> /dev/null; then echo "[-] Kismet not found. Please install Kismet first." exit 1 fi
if ! ip link show "$INTERFACE" > /dev/null 2>&1; then echo "[-] Interface $INTERFACE not found" exit 1 fi
Setup interface
echo "[+] Setting up interface $INTERFACE" sudo ip link set "$INTERFACE" down sudo iw dev "$INTERFACE" set type monitor sudo ip link set "$INTERFACE" up
if [ $? -eq 0 ]; then echo "[+] Interface configured successfully" run_wardriving else echo "[-] Failed to configure interface" exit 1 fi
echo "[+] Wardriving session completed" echo "[+] Results saved in: $OUTPUT_DIR" ```_
Rogue AP Erkennungsskript
```bash
!/bin/bash
Detect rogue access points using Kismet
KNOWN_APS_FILE="known_aps.txt" INTERFACE="wlan0" SCAN_TIME=300 # 5 minutes ALERT_EMAIL="security@company.com"
Function to create known APs file if it doesn't exist
create_known_aps() \\{ if [ ! -f "$KNOWN_APS_FILE" ]; then echo "Creating known APs file: $KNOWN_APS_FILE" cat > "$KNOWN_APS_FILE" << 'EOF'
Known legitimate access points
| # Format: MAC_ADDRESS | SSID | LOCATION | | 00:11:22:33:44:55 | CompanyWiFi | Building A | | AA:BB:CC:DD:EE:FF | GuestNetwork | Reception |
Add your known APs here
EOF echo "Please edit $KNOWN_APS_FILE with your known access points" exit 1 fi \\}
Function to detect rogue APs
detect_rogue_aps() \\{ local kismet_db="$1" local timestamp="$2"
echo "[+] Detecting rogue access points"
# Create temporary files
local detected_aps="/tmp/detected_aps_$timestamp.txt"
local rogue_aps="/tmp/rogue_aps_$timestamp.txt"
local report_file="rogue_ap_report_$timestamp.txt"
# Extract detected APs
sqlite3 "$kismet_db" "SELECT devmac, device FROM devices WHERE devtype = 'Wi-Fi AP';" > "$detected_aps"
# Compare with known APs
> "$rogue_aps" # Clear file
while IFS='|' read -r detected_mac detected_ssid; do
# Skip empty lines
[ -z "$detected_mac" ] && continue
# Check if this AP is in known list
found=false
while IFS='|' read -r known_mac known_ssid known_location; do
# Skip comments and empty lines
| [[ "$known_mac" =~ ^#.*$ | | -z "$known_mac" ]] && continue |
if [ "$detected_mac" = "$known_mac" ]; then
found=true
break
fi
done < "$KNOWN_APS_FILE"
# If not found in known list, it's potentially rogue
if [ "$found" = false ]; then
echo "$detected_mac|$detected_ssid" >> "$rogue_aps"
fi
done < "$detected_aps"
# Generate report
cat > "$report_file" << EOF
Rogue Access Point Detection Report Generated: $(date) Scan Duration: $SCAN_TIME seconds
EOF
| rogue_count=$(wc -l < "$rogue_aps" 2>/dev/null | | echo "0") |
if [ "$rogue_count" -gt 0 ]; then
echo "⚠️ ROGUE ACCESS POINTS DETECTED: $rogue_count" >> "$report_file"
echo "================================================" >> "$report_file"
echo "" >> "$report_file"
while IFS='|' read -r mac ssid; do
echo "MAC: $mac" >> "$report_file"
echo "SSID: $ssid" >> "$report_file"
# Get additional details from database
details=$(sqlite3 "$kismet_db" "SELECT crypt, channel, manuf FROM devices WHERE devmac = '$mac';")
if [ -n "$details" ]; then
echo "Details: $details" >> "$report_file"
fi
echo "---" >> "$report_file"
done < "$rogue_aps"
# Send alert
echo "Rogue access points detected: $rogue_count"|\
| mail -s "SECURITY ALERT: Rogue APs Detected" -A "$report_file" "$ALERT_EMAIL" 2>/dev/null | | \ | echo "Alert: $rogue_count rogue APs detected (email failed)"
else
echo "✅ No rogue access points detected" >> "$report_file"
fi
echo "[+] Report generated: $report_file"
# Cleanup
rm -f "$detected_aps" "$rogue_aps"
\\}
Function to run rogue AP scan
run_rogue_scan() \\{ local timestamp=$(date +%Y%m%d_%H%M%S) local log_prefix="/tmp/rogue_scan_$timestamp"
echo "[+] Starting rogue AP detection scan"
# Configure Kismet
cat > "/tmp/kismet_rogue.conf" << EOF
source=$INTERFACE logprefix=$log_prefix logtypes=kismetdb server=tcp://127.0.0.1:2501 allowedusers=kismet channel_hop=true channel_hop_speed=5 EOF
# Start Kismet
kismet -f "/tmp/kismet_rogue.conf" --daemonize --silent
if [ $? -eq 0 ]; then
echo "[+] Scanning for $SCAN_TIME seconds..."
sleep "$SCAN_TIME"
# Stop Kismet
pkill kismet
sleep 3
# Analyze results
kismet_db="$\\\\{log_prefix\\\\}.kismet"
if [ -f "$kismet_db" ]; then
detect_rogue_aps "$kismet_db" "$timestamp"
else
echo "[-] Kismet database not found"
fi
else
echo "[-] Failed to start Kismet"
return 1
fi
# Cleanup
rm -f "/tmp/kismet_rogue.conf"
rm -f "$\\\\{log_prefix\\\\}"*
\\}
Main execution
create_known_aps
Check interface
if ! ip link show "$INTERFACE" > /dev/null 2>&1; then echo "[-] Interface $INTERFACE not found" exit 1 fi
Setup interface
echo "[+] Setting up interface $INTERFACE" sudo ip link set "$INTERFACE" down sudo iw dev "$INTERFACE" set type monitor sudo ip link set "$INTERFACE" up
if [ $? -eq 0 ]; then run_rogue_scan else echo "[-] Failed to configure interface" exit 1 fi
echo "[+] Rogue AP detection completed" ```_
Integration mit anderen Tools
Integration von Wirshark
```bash
Convert Kismet logs to pcap for Wireshark
kismet_log_to_pcap --in kismet.kismet --out capture.pcap
Open in Wireshark
wireshark capture.pcap
Filter specific traffic in Wireshark
wlan.fc.type_subtype == 0x08 # Beacon frames
wlan.fc.type_subtype == 0x04 # Probe requests
wlan.fc.type_subtype == 0x05 # Probe responses
```_
Integration von Aircracks
```bash
Extract handshakes from Kismet capture
aircrack-ng -J handshakes capture.pcap
Use with hashcat
hashcat -m 2500 handshakes.hccapx wordlist.txt
Convert Kismet pcap for aircrack-ng
aircrack-ng capture.pcap ```_
Nmap Integration
```bash
Extract IP addresses from Kismet for network scanning
sqlite3 kismet.kismet "SELECT DISTINCT ip FROM devices WHERE ip != '';"|\ while read ip; do nmap -sS "$ip" done ```_
Fehlerbehebung
Gemeinsame Themen
Schnittstellenprobleme
```bash
Check interface status
ip link show
Reset interface
sudo ip link set wlan0 down sudo ip link set wlan0 up
Check for conflicting processes
sudo lsof /dev/wlan0 sudo fuser -k /dev/wlan0
Restart network manager
sudo systemctl restart NetworkManager
Check kernel modules
lsmod|grep 80211 ```_
Genehmigungsfragen
```bash
Check user groups
groups $USER
Add user to kismet group
sudo usermod -aG kismet $USER
Fix file permissions
sudo chown -R kismet:kismet /var/log/kismet/ sudo chmod -R 755 /var/log/kismet/
Check capabilities
getcap /usr/bin/kismet_cap_linux_wifi ```_
GPS-Ausgaben
```bash
Check GPS device
ls -la /dev/ttyUSB ls -la /dev/ttyACM
Test GPS manually
sudo gpsd /dev/ttyUSB0 -F /var/run/gpsd.sock gpsmon
Check gpsd status
sudo systemctl status gpsd
Restart gpsd
sudo systemctl restart gpsd ```_
Datenbankprobleme
```bash
Check database integrity
sqlite3 kismet.kismet "PRAGMA integrity_check;"
Repair database
sqlite3 kismet.kismet ".recover"|sqlite3 kismet_recovered.kismet
Check database schema
sqlite3 kismet.kismet ".schema"
Vacuum database
sqlite3 kismet.kismet "VACUUM;" ```_
Leistungsoptimierung
```bash
Reduce logging
echo "logtypes=kismetdb" >> ~/.kismet/kismet.conf
Optimize channel hopping
echo "channel_hop_speed=10" >> ~/.kismet/kismet.conf
Limit data sources
echo "source=wlan0:hop=true,channel=1,6,11" >> ~/.kismet/kismet.conf
Increase buffer sizes
echo "packet_buffer_size=65536" >> ~/.kismet/kismet.conf ```_
Ressourcen
- [offizielle Kismet-Dokumentation](LINK_7 -%20Kismet%20GitHub%20Repository
- [Kismet REST API Dokumentation](LINK_7 -%20(LINK_7)
- 802.11 Funknetze
- (LINK_7)
- [Wireless Intrusion Detection](LINK_7
--
*Dieses Betrügereiblatt bietet eine umfassende Referenz für die Verwendung von Kismet zur drahtlosen Netzwerkerkennung und -überwachung. Stellen Sie immer sicher, dass Sie eine richtige Berechtigung haben, bevor Sie dieses Tool in jeder Umgebung verwenden. *