Kismet Cheat Blatt¶
Überblick¶
Kismet ist ein drahtloses Netzwerk- und Gerätedetektor, Sniffer, Wardriving-Tool und WIDS (wireless Intrusion Erkennung) Rahmen. Es funktioniert mit Wi-Fi-Schnittstellen, Bluetooth-Schnittstellen, einigen SDR (Software definiert Radio) Hardware wie der RTLSDR und anderen spezialisierten Erfassungshardware. Kismet kann drahtlose Netzwerke, Kunden und ihre Beziehungen passiv erkennen, so dass es ein wesentliches Werkzeug für die drahtlose Sicherheitsbewertung und -überwachung.
ZEIT Warning: Verwenden Sie Kismet nur in Umgebungen, die Sie besitzen oder eine ausdrückliche Erlaubnis zur Überwachung haben. Unberechtigte drahtlose Überwachung kann lokale Gesetze und Vorschriften verletzen.
Installation¶
Ubuntu/Debian Installation¶
```bash
Add Kismet repository¶
wget -O - https://www.kismetwireless.net/repos/kismet-release.gpg.key|sudo apt-key add - echo 'deb https://www.kismetwireless.net/repos/apt/release/$(lsb_release -cs) $(lsb_release -cs) main'|sudo tee /etc/apt/sources.list.d/kismet.list
Update package list¶
sudo apt update
Install Kismet¶
sudo apt install kismet
Add user to kismet group¶
sudo usermod -aG kismet $USER
Log out and back in for group changes to take effect¶
```_
Manuelle Erstellung¶
```bash
Install dependencies¶
sudo apt update sudo apt install -y build-essential git libmicrohttpd-dev pkg-config \ zlib1g-dev libnl-3-dev libnl-genl-3-dev libcap-dev \ libpcap-dev libnm-dev libdw-dev libsqlite3-dev libprotobuf-dev \ libprotobuf-c-dev protobuf-compiler protobuf-c-compiler \ libsensors4-dev libusb-1.0-0-dev python3 python3-setuptools \ python3-protobuf python3-requests python3-numpy python3-serial \ python3-usb python3-dev python3-websockets librtlsdr0 librtlsdr-dev \ libfftw3-dev libncurses5-dev libpcre3-dev
Clone Kismet repository¶
git clone https://www.kismetwireless.net/git/kismet.git cd kismet
Configure and compile¶
./configure make -j$(nproc)
Install¶
sudo make suidinstall
Add user to kismet group¶
sudo usermod -aG kismet $USER ```_
Kali Linux Installation¶
```bash
Kismet is pre-installed on Kali Linux¶
kismet --version
If not installed¶
sudo apt update sudo apt install kismet
Add user to kismet group¶
sudo usermod -aG kismet $USER ```_
Docker Installation¶
```bash
Pull Kismet Docker image¶
docker pull kismetwireless/kismet
Run Kismet in Docker with host networking¶
docker run -it --rm --net=host \ --privileged \ -v /dev/bus/usb:/dev/bus/usb \ kismetwireless/kismet
Create persistent volume for logs¶
docker volume create kismet-logs
Run with persistent storage¶
docker run -d --name kismet \ --net=host \ --privileged \ -v kismet-logs:/opt/kismet/logs \ -v /dev/bus/usb:/dev/bus/usb \ kismetwireless/kismet ```_
Grundkonfiguration¶
Erster Setup¶
```bash
Create Kismet configuration directory¶
mkdir -p ~/.kismet
Generate default configuration¶
kismet --print-config > ~/.kismet/kismet.conf
Edit configuration¶
nano ~/.kismet/kismet.conf
Key configuration options:¶
server=tcp://127.0.0.1:2501¶
allowedusers=kismet¶
logprefix=/tmp/kismet¶
logtypes=kismetdb,pcapng¶
```_
Schnittstellenkonfiguration¶
```bash
List available interfaces¶
kismet --list-interfaces
Check interface capabilities¶
iw dev
Put interface in monitor mode manually¶
sudo ip link set wlan0 down sudo iw dev wlan0 set type monitor sudo ip link set wlan0 up
Configure Kismet to use specific interface¶
echo "source=wlan0" >> ~/.kismet/kismet.conf
Multiple interfaces¶
echo "source=wlan0" >> ~/.kismet/kismet.conf echo "source=wlan1" >> ~/.kismet/kismet.conf
Interface with specific options¶
echo "source=wlan0:name=primary,hop=true" >> ~/.kismet/kismet.conf ```_
Benutzermanagement¶
```bash
Add user to Kismet¶
sudo kismet_site_config --add-user username
Set user password¶
sudo kismet_site_config --set-password username
List users¶
sudo kismet_site_config --list-users
Remove user¶
sudo kismet_site_config --remove-user username
Create admin user¶
sudo kismet_site_config --add-admin admin_user ```_
Basisnutzung¶
Starting Kismet¶
```bash
Start Kismet server¶
kismet
Start with specific interface¶
kismet -c wlan0
Start with multiple interfaces¶
kismet -c wlan0,wlan1
Start in background¶
kismet --daemonize
Start with custom config¶
kismet -f /path/to/custom.conf
Start with specific log location¶
kismet --log-prefix /var/log/kismet/ ```_
Web Interface¶
```bash
Access web interface (default)¶
firefox http://localhost:2501
Custom port configuration¶
echo "httpd_port=8080" >> ~/.kismet/kismet.conf
Enable HTTPS¶
echo "httpd_ssl=true" >> ~/.kismet/kismet.conf echo "httpd_ssl_cert=/path/to/cert.pem" >> ~/.kismet/kismet.conf echo "httpd_ssl_key=/path/to/key.pem" >> ~/.kismet/kismet.conf
Allow remote access (security risk)¶
echo "httpd_bind_address=0.0.0.0" >> ~/.kismet/kismet.conf ```_
Kommandozeilenschnittstelle¶
```bash
Connect to Kismet server¶
kismet_client
Connect to remote server¶
kismet_client --server 192.168.1.100:2501
Non-interactive mode¶
kismet_client --autostart --user username --password password
Export data¶
kismet_client --export-xml networks.xml kismet_client --export-csv devices.csv ```_
Erweiterte Überwachung¶
Kanal Hopping¶
```bash
Configure channel hopping¶
echo "channel_hop=true" >> ~/.kismet/kismet.conf echo "channel_hop_speed=5" >> ~/.kismet/kismet.conf
Specific channels only¶
echo "channel_hop_channels=1,6,11" >> ~/.kismet/kismet.conf
5GHz channels¶
echo "channel_hop_channels=36,40,44,48,149,153,157,161" >> ~/.kismet/kismet.conf
Disable channel hopping for specific interface¶
echo "source=wlan0:hop=false,channel=6" >> ~/.kismet/kismet.conf ```_
GPS Integration¶
```bash
Configure GPS¶
echo "gps=gpsd:host=localhost,port=2947" >> ~/.kismet/kismet.conf
Start gpsd¶
sudo gpsd /dev/ttyUSB0 -F /var/run/gpsd.sock
Test GPS connection¶
gpsmon
Configure GPS logging¶
echo "gps_log=true" >> ~/.kismet/kismet.conf ```_
Bluetooth Überwachung¶
```bash
Enable Bluetooth capture¶
echo "source=hci0:type=linuxbluetooth" >> ~/.kismet/kismet.conf
Multiple Bluetooth interfaces¶
echo "source=hci0:type=linuxbluetooth,name=bt0" >> ~/.kismet/kismet.conf echo "source=hci1:type=linuxbluetooth,name=bt1" >> ~/.kismet/kismet.conf
Configure Bluetooth scanning¶
echo "bluetooth_scan_interval=30" >> ~/.kismet/kismet.conf ```_
SZR Integration¶
```bash
RTL-SDR configuration¶
echo "source=rtlsdr-0:type=rtlsdr" >> ~/.kismet/kismet.conf
HackRF configuration¶
echo "source=hackrf:type=hackrf" >> ~/.kismet/kismet.conf
Configure frequency ranges¶
echo "source=rtlsdr-0:frequency=433920000" >> ~/.kismet/kismet.conf
Multiple SDR devices¶
echo "source=rtlsdr-0:type=rtlsdr,name=rtl0" >> ~/.kismet/kismet.conf echo "source=rtlsdr-1:type=rtlsdr,name=rtl1" >> ~/.kismet/kismet.conf ```_
Datenanalyse¶
Analyse von Dateien¶
```bash
List log files¶
ls -la ~/.kismet/logs/
Analyze Kismet database¶
kismet_log_to_kml --in kismet.kismet --out networks.kml
Extract specific data¶
kismet_log_devices --in kismet.kismet --out devices.csv
Convert to other formats¶
kismet_log_to_pcap --in kismet.kismet --out capture.pcap
Filter by time¶
kismet_log_devices --in kismet.kismet --start-time "2023-01-01 00:00:00" --end-time "2023-01-01 23:59:59" ```_
Datenbankabfragen¶
```bash
Connect to Kismet database¶
sqlite3 ~/.kismet/logs/Kismet-*.kismet
Common queries¶
.tables
List all devices¶
SELECT devmac, devtype, firsttime, lasttime FROM devices;
List access points¶
SELECT devmac, device FROM devices WHERE devtype = 'Wi-Fi AP';
List clients¶
SELECT devmac, device FROM devices WHERE devtype = 'Wi-Fi Client';
Show encryption types¶
SELECT devmac, device, crypt FROM devices WHERE devtype = 'Wi-Fi AP';
Find WPS enabled networks¶
SELECT devmac, device FROM devices WHERE device LIKE '%WPS%';
Exit database¶
.quit ```_
REST API Verwendung¶
```bash
Get system status¶
curl http://localhost:2501/system/status.json
Get device list¶
curl http://localhost:2501/devices/views/all/devices.json
Get specific device¶
curl http://localhost:2501/devices/by-key/DEVICE_KEY/device.json
Get alerts¶
curl http://localhost:2501/alerts/definitions.json
Get channels¶
curl http://localhost:2501/channels/channels.json
Authentication required for some endpoints¶
curl -u username:password http://localhost:2501/devices/views/all/devices.json ```_
Automatisierungsskripte¶
Automatisierte Überwachung Script¶
```bash
!/bin/bash¶
Automated Kismet monitoring with alerting¶
KISMET_CONFIG="\(HOME/.kismet/kismet.conf" LOG_DIR="\)HOME/kismet_monitoring" ALERT_EMAIL="security@company.com" SCAN_DURATION=3600 # 1 hour INTERFACE="wlan0"
mkdir -p "$LOG_DIR"
Function to send alert¶
send_alert() \\{ local message="\(1" local log_file="\)2"
echo "$message"|mail -s "Kismet Alert" -A "$log_file" "$ALERT_EMAIL" 2>/dev/null||\
echo "Alert: $message (email failed)"
\\}
Function to analyze results¶
analyze_results() \\{ local kismet_db="\(1" local timestamp="\)2"
echo "[+] Analyzing results from $kismet_db"
# Count devices by type
ap_count=$(sqlite3 "$kismet_db" "SELECT COUNT(*) FROM devices WHERE devtype = 'Wi-Fi AP';")
client_count=$(sqlite3 "$kismet_db" "SELECT COUNT(*) FROM devices WHERE devtype = 'Wi-Fi Client';")
# Find open networks
open_networks=$(sqlite3 "$kismet_db" "SELECT COUNT(*) FROM devices WHERE devtype = 'Wi-Fi AP' AND crypt = 'None';")
# Find WPS networks
wps_networks=$(sqlite3 "$kismet_db" "SELECT COUNT(*) FROM devices WHERE devtype = 'Wi-Fi AP' AND device LIKE '%WPS%';")
# Generate report
report_file="$LOG_DIR/report_$timestamp.txt"
cat > "$report_file" << EOF
Kismet Monitoring Report - $(date)¶
Scan Duration: $SCAN_DURATION seconds Interface: $INTERFACE
Summary: - Access Points: $ap_count - Clients: $client_count - Open Networks: $open_networks - WPS Enabled: $wps_networks
EOF
# Add detailed findings
if [ "$open_networks" -gt 0 ]; then
echo "Open Networks Found:" >> "$report_file"
sqlite3 "$kismet_db" "SELECT devmac, device FROM devices WHERE devtype = 'Wi-Fi AP' AND crypt = 'None';" >> "$report_file"
echo "" >> "$report_file"
fi
if [ "$wps_networks" -gt 0 ]; then
echo "WPS Enabled Networks:" >> "$report_file"
sqlite3 "$kismet_db" "SELECT devmac, device FROM devices WHERE devtype = 'Wi-Fi AP' AND device LIKE '%WPS%';" >> "$report_file"
echo "" >> "$report_file"
fi
# Send alerts for concerning findings
if [ "$open_networks" -gt 5 ]; then
send_alert "High number of open networks detected: $open_networks" "$report_file"
fi
if [ "$wps_networks" -gt 10 ]; then
send_alert "High number of WPS-enabled networks detected: $wps_networks" "$report_file"
fi
echo "[+] Report generated: $report_file"
\\}
Main monitoring function¶
run_monitoring() \\{ local timestamp=\((date +%Y%m%d_%H%M%S) local log_prefix="\)LOG_DIR/kismet_$timestamp"
echo "[+] Starting Kismet monitoring session: $timestamp"
# Configure Kismet for this session
cat > "/tmp/kismet_monitor.conf" << EOF
source=\(INTERFACE logprefix=\)log_prefix logtypes=kismetdb,pcapng server=tcp://127.0.0.1:2501 allowedusers=kismet channel_hop=true channel_hop_speed=5 gps=false EOF
# Start Kismet
kismet -f "/tmp/kismet_monitor.conf" --daemonize --silent
if [ $? -eq 0 ]; then
echo "[+] Kismet started successfully"
# Wait for scan duration
echo "[+] Scanning for $SCAN_DURATION seconds..."
sleep "$SCAN_DURATION"
# Stop Kismet
pkill kismet
sleep 5
# Analyze results
kismet_db="$\\\\{log_prefix\\\\}.kismet"
if [ -f "$kismet_db" ]; then
analyze_results "$kismet_db" "$timestamp"
else
echo "[-] Kismet database not found: $kismet_db"
fi
else
echo "[-] Failed to start Kismet"
return 1
fi
# Cleanup
rm -f "/tmp/kismet_monitor.conf"
\\}
Check if interface exists and is available¶
if ! ip link show "$INTERFACE" > /dev/null 2>&1; then echo "[-] Interface $INTERFACE not found" exit 1 fi
Put interface in monitor mode¶
echo "[+] Setting \(INTERFACE to monitor mode" sudo ip link set "\)INTERFACE" down sudo iw dev "\(INTERFACE" set type monitor sudo ip link set "\)INTERFACE" up
if [ $? -eq 0 ]; then echo "[+] Interface configured successfully" run_monitoring else echo "[-] Failed to configure interface" exit 1 fi
echo "[+] Monitoring session completed" ```_
Wardrier Skript¶
```bash
!/bin/bash¶
Automated wardriving with GPS logging¶
GPS_DEVICE="/dev/ttyUSB0" INTERFACE="wlan0" OUTPUT_DIR="wardriving_$(date +%Y%m%d)" SCAN_TIME=7200 # 2 hours
mkdir -p "$OUTPUT_DIR"
Function to setup GPS¶
setup_gps() \\{ echo "[+] Setting up GPS"
# Start gpsd
sudo gpsd "$GPS_DEVICE" -F /var/run/gpsd.sock
# Wait for GPS fix
echo "[+] Waiting for GPS fix..."
timeout=60
while [ $timeout -gt 0 ]; do
if gpsmon -n 1|grep -q "3D"; then
echo "[+] GPS fix acquired"
return 0
fi
sleep 5
timeout=$((timeout - 5))
done
echo "[-] GPS fix not acquired, continuing without GPS"
return 1
\\}
Function to create KML from results¶
create_kml() \\{ local kismet_db="\(1" local kml_file="\)2"
echo "[+] Creating KML file: $kml_file"
python3 << EOF
import sqlite3 import xml.etree.ElementTree as ET from xml.dom import minidom
Connect to Kismet database¶
conn = sqlite3.connect('$kismet_db') cursor = conn.cursor()
Create KML structure¶
kml = ET.Element('kml', xmlns='http://www.opengis.net/kml/2.2') document = ET.SubElement(kml, 'Document') ET.SubElement(document, 'name').text = 'Kismet Wardriving Results'
Query for devices with GPS coordinates¶
cursor.execute(''' SELECT devmac, device, crypt, min_lat, min_lon, max_lat, max_lon FROM devices WHERE devtype = 'Wi-Fi AP' AND min_lat != 0 AND min_lon != 0 ''')
for row in cursor.fetchall(): devmac, device, crypt, min_lat, min_lon, max_lat, max_lon = row
# Create placemark
placemark = ET.SubElement(document, 'Placemark')
ET.SubElement(placemark, 'name').text = device or devmac
# Description
description = f"MAC: \\\\{devmac\\\\}\\nEncryption: \\\\{crypt\\\\}"
ET.SubElement(placemark, 'description').text = description
# Style based on encryption
style = ET.SubElement(placemark, 'Style')
icon_style = ET.SubElement(style, 'IconStyle')
icon = ET.SubElement(icon_style, 'Icon')
if crypt == 'None':
ET.SubElement(icon, 'href').text = 'http://maps.google.com/mapfiles/kml/paddle/red-circle.png'
elif 'WEP' in crypt:
ET.SubElement(icon, 'href').text = 'http://maps.google.com/mapfiles/kml/paddle/ylw-circle.png'
else:
ET.SubElement(icon, 'href').text = 'http://maps.google.com/mapfiles/kml/paddle/grn-circle.png'
# Point coordinates (use average of min/max)
avg_lat = (min_lat + max_lat) / 2
avg_lon = (min_lon + max_lon) / 2
point = ET.SubElement(placemark, 'Point')
ET.SubElement(point, 'coordinates').text = f"\\\\{avg_lon\\\\},\\\\{avg_lat\\\\},0"
Write KML file¶
rough_string = ET.tostring(kml, 'unicode') reparsed = minidom.parseString(rough_string) with open('$kml_file', 'w') as f: f.write(reparsed.toprettyxml(indent=" "))
conn.close() print(f"KML file created: $kml_file") EOF \\}
Function to generate statistics¶
generate_stats() \\{ local kismet_db="\(1" local stats_file="\)2"
echo "[+] Generating statistics: $stats_file"
cat > "$stats_file" << EOF
Wardriving Statistics - $(date)¶
EOF
# Basic counts
echo "Device Counts:" >> "$stats_file"
sqlite3 "$kismet_db" "SELECT devtype, COUNT(*) FROM devices GROUP BY devtype;"|\
sed 's/|/ : /' >> "$stats_file"
echo "" >> "$stats_file"
# Encryption breakdown
echo "Encryption Types:" >> "$stats_file"
sqlite3 "$kismet_db" "SELECT crypt, COUNT(*) FROM devices WHERE devtype = 'Wi-Fi AP' GROUP BY crypt;"|\
sed 's/|/ : /' >> "$stats_file"
echo "" >> "$stats_file"
# Channel usage
echo "Channel Usage:" >> "$stats_file"
sqlite3 "$kismet_db" "SELECT channel, COUNT(*) FROM devices WHERE devtype = 'Wi-Fi AP' GROUP BY channel ORDER BY channel;"|\
sed 's/|/ : /' >> "$stats_file"
echo "" >> "$stats_file"
# Vendor breakdown (top 10)
echo "Top 10 Vendors:" >> "$stats_file"
sqlite3 "$kismet_db" "SELECT manuf, COUNT(*) as count FROM devices WHERE devtype = 'Wi-Fi AP' GROUP BY manuf ORDER BY count DESC LIMIT 10;"|\
sed 's/|/ : /' >> "$stats_file"
echo "" >> "$stats_file"
# Security concerns
echo "Security Concerns:" >> "$stats_file"
open_count=$(sqlite3 "$kismet_db" "SELECT COUNT(*) FROM devices WHERE devtype = 'Wi-Fi AP' AND crypt = 'None';")
wep_count=$(sqlite3 "$kismet_db" "SELECT COUNT(*) FROM devices WHERE devtype = 'Wi-Fi AP' AND crypt LIKE '%WEP%';")
wps_count=$(sqlite3 "$kismet_db" "SELECT COUNT(*) FROM devices WHERE devtype = 'Wi-Fi AP' AND device LIKE '%WPS%';")
echo "Open Networks: $open_count" >> "$stats_file"
echo "WEP Networks: $wep_count" >> "$stats_file"
echo "WPS Enabled: $wps_count" >> "$stats_file"
\\}
Main wardriving function¶
run_wardriving() \\{ local timestamp=\((date +%Y%m%d_%H%M%S) local log_prefix="\)OUTPUT_DIR/wardriving_$timestamp"
echo "[+] Starting wardriving session: $timestamp"
# Setup GPS
gps_available=false
if setup_gps; then
gps_available=true
fi
# Configure Kismet
cat > "/tmp/kismet_wardriving.conf" << EOF
source=\(INTERFACE logprefix=\)log_prefix logtypes=kismetdb,pcapng,gpsxml server=tcp://127.0.0.1:2501 allowedusers=kismet channel_hop=true channel_hop_speed=3 EOF
if [ "$gps_available" = true ]; then
echo "gps=gpsd:host=localhost,port=2947" >> "/tmp/kismet_wardriving.conf"
echo "gps_log=true" >> "/tmp/kismet_wardriving.conf"
fi
# Start Kismet
kismet -f "/tmp/kismet_wardriving.conf" --daemonize --silent
if [ $? -eq 0 ]; then
echo "[+] Kismet started successfully"
echo "[+] Wardriving for $SCAN_TIME seconds..."
echo "[+] Press Ctrl+C to stop early"
# Wait for scan time or user interrupt
sleep "$SCAN_TIME" &
wait $!
# Stop Kismet
echo "[+] Stopping Kismet..."
pkill kismet
sleep 5
# Process results
kismet_db="$\\\\{log_prefix\\\\}.kismet"
if [ -f "$kismet_db" ]; then
echo "[+] Processing results..."
# Generate KML
create_kml "$kismet_db" "$\\\\{log_prefix\\\\}.kml"
# Generate statistics
generate_stats "$kismet_db" "$\\\\{log_prefix\\\\}_stats.txt"
# Convert to other formats
kismet_log_to_pcap --in "$kismet_db" --out "$\\\\{log_prefix\\\\}.pcap"
echo "[+] Results processed successfully"
echo "[+] Files created:"
ls -la "$\\\\{log_prefix\\\\}"*
else
echo "[-] Kismet database not found: $kismet_db"
fi
else
echo "[-] Failed to start Kismet"
return 1
fi
# Cleanup
rm -f "/tmp/kismet_wardriving.conf"
# Stop GPS daemon
if [ "$gps_available" = true ]; then
sudo pkill gpsd
fi
\\}
Check prerequisites¶
if ! command -v kismet &> /dev/null; then echo "[-] Kismet not found. Please install Kismet first." exit 1 fi
if ! ip link show "$INTERFACE" > /dev/null 2>&1; then echo "[-] Interface $INTERFACE not found" exit 1 fi
Setup interface¶
echo "[+] Setting up interface \(INTERFACE" sudo ip link set "\)INTERFACE" down sudo iw dev "\(INTERFACE" set type monitor sudo ip link set "\)INTERFACE" up
if [ $? -eq 0 ]; then echo "[+] Interface configured successfully" run_wardriving else echo "[-] Failed to configure interface" exit 1 fi
echo "[+] Wardriving session completed" echo "[+] Results saved in: $OUTPUT_DIR" ```_
Rogue AP Erkennungsskript¶
```bash
!/bin/bash¶
Detect rogue access points using Kismet¶
KNOWN_APS_FILE="known_aps.txt" INTERFACE="wlan0" SCAN_TIME=300 # 5 minutes ALERT_EMAIL="security@company.com"
Function to create known APs file if it doesn't exist¶
create_known_aps() \\{ if [ ! -f "$KNOWN_APS_FILE" ]; then echo "Creating known APs file: \(KNOWN_APS_FILE" cat > "\)KNOWN_APS_FILE" << 'EOF'
Known legitimate access points¶
Format: MAC_ADDRESS|SSID|LOCATION¶
00:11:22:33:44:55|CompanyWiFi|Building A AA:BB:CC:DD:EE:FF|GuestNetwork|Reception
Add your known APs here¶
EOF echo "Please edit $KNOWN_APS_FILE with your known access points" exit 1 fi \\}
Function to detect rogue APs¶
detect_rogue_aps() \\{ local kismet_db="\(1" local timestamp="\)2"
echo "[+] Detecting rogue access points"
# Create temporary files
local detected_aps="/tmp/detected_aps_$timestamp.txt"
local rogue_aps="/tmp/rogue_aps_$timestamp.txt"
local report_file="rogue_ap_report_$timestamp.txt"
# Extract detected APs
sqlite3 "$kismet_db" "SELECT devmac, device FROM devices WHERE devtype = 'Wi-Fi AP';" > "$detected_aps"
# Compare with known APs
> "$rogue_aps" # Clear file
while IFS='|' read -r detected_mac detected_ssid; do
# Skip empty lines
[ -z "$detected_mac" ] && continue
# Check if this AP is in known list
found=false
while IFS='|' read -r known_mac known_ssid known_location; do
# Skip comments and empty lines
[[ "$known_mac" =~ ^#.*$||-z "$known_mac" ]] && continue
if [ "$detected_mac" = "$known_mac" ]; then
found=true
break
fi
done < "$KNOWN_APS_FILE"
# If not found in known list, it's potentially rogue
if [ "$found" = false ]; then
echo "$detected_mac|$detected_ssid" >> "$rogue_aps"
fi
done < "$detected_aps"
# Generate report
cat > "$report_file" << EOF
Rogue Access Point Detection Report Generated: $(date) Scan Duration: $SCAN_TIME seconds
EOF
rogue_count=$(wc -l < "$rogue_aps" 2>/dev/null||echo "0")
if [ "$rogue_count" -gt 0 ]; then
echo "⚠️ ROGUE ACCESS POINTS DETECTED: $rogue_count" >> "$report_file"
echo "================================================" >> "$report_file"
echo "" >> "$report_file"
while IFS='|' read -r mac ssid; do
echo "MAC: $mac" >> "$report_file"
echo "SSID: $ssid" >> "$report_file"
# Get additional details from database
details=$(sqlite3 "$kismet_db" "SELECT crypt, channel, manuf FROM devices WHERE devmac = '$mac';")
if [ -n "$details" ]; then
echo "Details: $details" >> "$report_file"
fi
echo "---" >> "$report_file"
done < "$rogue_aps"
# Send alert
echo "Rogue access points detected: $rogue_count"|\
mail -s "SECURITY ALERT: Rogue APs Detected" -A "$report_file" "$ALERT_EMAIL" 2>/dev/null||\
echo "Alert: $rogue_count rogue APs detected (email failed)"
else
echo "✅ No rogue access points detected" >> "$report_file"
fi
echo "[+] Report generated: $report_file"
# Cleanup
rm -f "$detected_aps" "$rogue_aps"
\\}
Function to run rogue AP scan¶
run_rogue_scan() \\{ local timestamp=\((date +%Y%m%d_%H%M%S) local log_prefix="/tmp/rogue_scan_\)timestamp"
echo "[+] Starting rogue AP detection scan"
# Configure Kismet
cat > "/tmp/kismet_rogue.conf" << EOF
source=\(INTERFACE logprefix=\)log_prefix logtypes=kismetdb server=tcp://127.0.0.1:2501 allowedusers=kismet channel_hop=true channel_hop_speed=5 EOF
# Start Kismet
kismet -f "/tmp/kismet_rogue.conf" --daemonize --silent
if [ $? -eq 0 ]; then
echo "[+] Scanning for $SCAN_TIME seconds..."
sleep "$SCAN_TIME"
# Stop Kismet
pkill kismet
sleep 3
# Analyze results
kismet_db="$\\\\{log_prefix\\\\}.kismet"
if [ -f "$kismet_db" ]; then
detect_rogue_aps "$kismet_db" "$timestamp"
else
echo "[-] Kismet database not found"
fi
else
echo "[-] Failed to start Kismet"
return 1
fi
# Cleanup
rm -f "/tmp/kismet_rogue.conf"
rm -f "$\\\\{log_prefix\\\\}"*
\\}
Main execution¶
create_known_aps
Check interface¶
if ! ip link show "$INTERFACE" > /dev/null 2>&1; then echo "[-] Interface $INTERFACE not found" exit 1 fi
Setup interface¶
echo "[+] Setting up interface \(INTERFACE" sudo ip link set "\)INTERFACE" down sudo iw dev "\(INTERFACE" set type monitor sudo ip link set "\)INTERFACE" up
if [ $? -eq 0 ]; then run_rogue_scan else echo "[-] Failed to configure interface" exit 1 fi
echo "[+] Rogue AP detection completed" ```_
Integration mit anderen Tools¶
Integration von Wirshark¶
```bash
Convert Kismet logs to pcap for Wireshark¶
kismet_log_to_pcap --in kismet.kismet --out capture.pcap
Open in Wireshark¶
wireshark capture.pcap
Filter specific traffic in Wireshark¶
wlan.fc.type_subtype == 0x08 # Beacon frames¶
wlan.fc.type_subtype == 0x04 # Probe requests¶
wlan.fc.type_subtype == 0x05 # Probe responses¶
```_
Integration von Aircracks¶
```bash
Extract handshakes from Kismet capture¶
aircrack-ng -J handshakes capture.pcap
Use with hashcat¶
hashcat -m 2500 handshakes.hccapx wordlist.txt
Convert Kismet pcap for aircrack-ng¶
aircrack-ng capture.pcap ```_
Nmap Integration¶
```bash
Extract IP addresses from Kismet for network scanning¶
sqlite3 kismet.kismet "SELECT DISTINCT ip FROM devices WHERE ip != '';"|\ while read ip; do nmap -sS "$ip" done ```_
Fehlerbehebung¶
Gemeinsame Themen¶
Schnittstellenprobleme¶
```bash
Check interface status¶
ip link show
Reset interface¶
sudo ip link set wlan0 down sudo ip link set wlan0 up
Check for conflicting processes¶
sudo lsof /dev/wlan0 sudo fuser -k /dev/wlan0
Restart network manager¶
sudo systemctl restart NetworkManager
Check kernel modules¶
lsmod|grep 80211 ```_
Genehmigungsfragen¶
```bash
Check user groups¶
groups $USER
Add user to kismet group¶
sudo usermod -aG kismet $USER
Fix file permissions¶
sudo chown -R kismet:kismet /var/log/kismet/ sudo chmod -R 755 /var/log/kismet/
Check capabilities¶
getcap /usr/bin/kismet_cap_linux_wifi ```_
GPS-Ausgaben¶
```bash
Check GPS device¶
ls -la /dev/ttyUSB* ls -la /dev/ttyACM*
Test GPS manually¶
sudo gpsd /dev/ttyUSB0 -F /var/run/gpsd.sock gpsmon
Check gpsd status¶
sudo systemctl status gpsd
Restart gpsd¶
sudo systemctl restart gpsd ```_
Datenbankprobleme¶
```bash
Check database integrity¶
sqlite3 kismet.kismet "PRAGMA integrity_check;"
Repair database¶
sqlite3 kismet.kismet ".recover"|sqlite3 kismet_recovered.kismet
Check database schema¶
sqlite3 kismet.kismet ".schema"
Vacuum database¶
sqlite3 kismet.kismet "VACUUM;" ```_
Leistungsoptimierung¶
```bash
Reduce logging¶
echo "logtypes=kismetdb" >> ~/.kismet/kismet.conf
Optimize channel hopping¶
echo "channel_hop_speed=10" >> ~/.kismet/kismet.conf
Limit data sources¶
echo "source=wlan0:hop=true,channel=1,6,11" >> ~/.kismet/kismet.conf
Increase buffer sizes¶
echo "packet_buffer_size=65536" >> ~/.kismet/kismet.conf ```_
Ressourcen¶
- [offizielle Kismet-Dokumentation](LINK_7
- Kismet GitHub Repository
- [Kismet REST API Dokumentation](LINK_7
- (LINK_7)
- 802.11 Funknetze
- (LINK_7)
- [Wireless Intrusion Detection](LINK_7
--
*Dieses Betrügereiblatt bietet eine umfassende Referenz für die Verwendung von Kismet zur drahtlosen Netzwerkerkennung und -überwachung. Stellen Sie immer sicher, dass Sie eine richtige Berechtigung haben, bevor Sie dieses Tool in jeder Umgebung verwenden. *