Kismet Cheat Sheet
"Clase de la hoja" idbutton id="kismet-copy-btn" class="copy-btn" onclick="copyAllCommands()" Copiar todos los comandos id="kismet-pdf-btn" class="pdf-btn" onclick="generatePDF()" Generar PDF seleccionado/button ■/div titulada
Sinopsis
Kismet es una red inalámbrica y un detector de dispositivos, un francotirador, una herramienta de manejo y un marco de detección de intrusiones sin cables. Funciona con interfaces Wi-Fi, interfaces Bluetooth, algún hardware SDR (radio definido de software) como el RTLSDR y otro hardware de captura especializado. Kismet puede detectar pasivamente redes inalámbricas, clientes y sus relaciones, por lo que es una herramienta esencial para la evaluación y monitoreo de seguridad inalámbrica.
NOVEDAD Advertencia: Únicamente utilice Kismet en entornos que posee o tenga permiso explícito para monitorear. La vigilancia inalámbrica no autorizada puede violar las leyes y reglamentos locales.
Instalación
Instalación Ubuntu/Debian
# Add Kismet repository
wget -O - https://www.kismetwireless.net/repos/kismet-release.gpg.key|sudo apt-key add -
echo 'deb https://www.kismetwireless.net/repos/apt/release/$(lsb_release -cs) $(lsb_release -cs) main'|sudo tee /etc/apt/sources.list.d/kismet.list
# Update package list
sudo apt update
# Install Kismet
sudo apt install kismet
# Add user to kismet group
sudo usermod -aG kismet $USER
# Log out and back in for group changes to take effect
Recopilación manual
# Install dependencies
sudo apt update
sudo apt install -y build-essential git libmicrohttpd-dev pkg-config \
zlib1g-dev libnl-3-dev libnl-genl-3-dev libcap-dev \
libpcap-dev libnm-dev libdw-dev libsqlite3-dev libprotobuf-dev \
libprotobuf-c-dev protobuf-compiler protobuf-c-compiler \
libsensors4-dev libusb-1.0-0-dev python3 python3-setuptools \
python3-protobuf python3-requests python3-numpy python3-serial \
python3-usb python3-dev python3-websockets librtlsdr0 librtlsdr-dev \
libfftw3-dev libncurses5-dev libpcre3-dev
# Clone Kismet repository
git clone https://www.kismetwireless.net/git/kismet.git
cd kismet
# Configure and compile
./configure
make -j$(nproc)
# Install
sudo make suidinstall
# Add user to kismet group
sudo usermod -aG kismet $USER
Kali Linux Instalación
# Kismet is pre-installed on Kali Linux
kismet --version
# If not installed
sudo apt update
sudo apt install kismet
# Add user to kismet group
sudo usermod -aG kismet $USER
Docker Instalación
# Pull Kismet Docker image
docker pull kismetwireless/kismet
# Run Kismet in Docker with host networking
docker run -it --rm --net=host \
--privileged \
-v /dev/bus/usb:/dev/bus/usb \
kismetwireless/kismet
# Create persistent volume for logs
docker volume create kismet-logs
# Run with persistent storage
docker run -d --name kismet \
--net=host \
--privileged \
-v kismet-logs:/opt/kismet/logs \
-v /dev/bus/usb:/dev/bus/usb \
kismetwireless/kismet
Configuración básica
Configuración inicial
# Create Kismet configuration directory
mkdir -p ~/.kismet
# Generate default configuration
kismet --print-config > ~/.kismet/kismet.conf
# Edit configuration
nano ~/.kismet/kismet.conf
# Key configuration options:
# server=tcp://127.0.0.1:2501
# allowedusers=kismet
# logprefix=/tmp/kismet
# logtypes=kismetdb,pcapng
Configuración de interfaz
# List available interfaces
kismet --list-interfaces
# Check interface capabilities
iw dev
# Put interface in monitor mode manually
sudo ip link set wlan0 down
sudo iw dev wlan0 set type monitor
sudo ip link set wlan0 up
# Configure Kismet to use specific interface
echo "source=wlan0" >> ~/.kismet/kismet.conf
# Multiple interfaces
echo "source=wlan0" >> ~/.kismet/kismet.conf
echo "source=wlan1" >> ~/.kismet/kismet.conf
# Interface with specific options
echo "source=wlan0:name=primary,hop=true" >> ~/.kismet/kismet.conf
Gestión de usuarios
# Add user to Kismet
sudo kismet_site_config --add-user username
# Set user password
sudo kismet_site_config --set-password username
# List users
sudo kismet_site_config --list-users
# Remove user
sudo kismet_site_config --remove-user username
# Create admin user
sudo kismet_site_config --add-admin admin_user
Uso básico
Inicio Kismet
# Start Kismet server
kismet
# Start with specific interface
kismet -c wlan0
# Start with multiple interfaces
kismet -c wlan0,wlan1
# Start in background
kismet --daemonize
# Start with custom config
kismet -f /path/to/custom.conf
# Start with specific log location
kismet --log-prefix /var/log/kismet/
Interfaz web
# Access web interface (default)
firefox http://localhost:2501
# Custom port configuration
echo "httpd_port=8080" >> ~/.kismet/kismet.conf
# Enable HTTPS
echo "httpd_ssl=true" >> ~/.kismet/kismet.conf
echo "httpd_ssl_cert=/path/to/cert.pem" >> ~/.kismet/kismet.conf
echo "httpd_ssl_key=/path/to/key.pem" >> ~/.kismet/kismet.conf
# Allow remote access (security risk)
echo "httpd_bind_address=0.0.0.0" >> ~/.kismet/kismet.conf
Interfaz de línea de mando
# Connect to Kismet server
kismet_client
# Connect to remote server
kismet_client --server 192.168.1.100:2501
# Non-interactive mode
kismet_client --autostart --user username --password password
# Export data
kismet_client --export-xml networks.xml
kismet_client --export-csv devices.csv
Supervisión avanzada
Canalización
# Configure channel hopping
echo "channel_hop=true" >> ~/.kismet/kismet.conf
echo "channel_hop_speed=5" >> ~/.kismet/kismet.conf
# Specific channels only
echo "channel_hop_channels=1,6,11" >> ~/.kismet/kismet.conf
# 5GHz channels
echo "channel_hop_channels=36,40,44,48,149,153,157,161" >> ~/.kismet/kismet.conf
# Disable channel hopping for specific interface
echo "source=wlan0:hop=false,channel=6" >> ~/.kismet/kismet.conf
Integración GPS
# Configure GPS
echo "gps=gpsd:host=localhost,port=2947" >> ~/.kismet/kismet.conf
# Start gpsd
sudo gpsd /dev/ttyUSB0 -F /var/run/gpsd.sock
# Test GPS connection
gpsmon
# Configure GPS logging
echo "gps_log=true" >> ~/.kismet/kismet.conf
Supervisión Bluetooth
# Enable Bluetooth capture
echo "source=hci0:type=linuxbluetooth" >> ~/.kismet/kismet.conf
# Multiple Bluetooth interfaces
echo "source=hci0:type=linuxbluetooth,name=bt0" >> ~/.kismet/kismet.conf
echo "source=hci1:type=linuxbluetooth,name=bt1" >> ~/.kismet/kismet.conf
# Configure Bluetooth scanning
echo "bluetooth_scan_interval=30" >> ~/.kismet/kismet.conf
SDR Integración
# RTL-SDR configuration
echo "source=rtlsdr-0:type=rtlsdr" >> ~/.kismet/kismet.conf
# HackRF configuration
echo "source=hackrf:type=hackrf" >> ~/.kismet/kismet.conf
# Configure frequency ranges
echo "source=rtlsdr-0:frequency=433920000" >> ~/.kismet/kismet.conf
# Multiple SDR devices
echo "source=rtlsdr-0:type=rtlsdr,name=rtl0" >> ~/.kismet/kismet.conf
echo "source=rtlsdr-1:type=rtlsdr,name=rtl1" >> ~/.kismet/kismet.conf
Análisis de datos
Análisis de archivos
# List log files
ls -la ~/.kismet/logs/
# Analyze Kismet database
kismet_log_to_kml --in kismet.kismet --out networks.kml
# Extract specific data
kismet_log_devices --in kismet.kismet --out devices.csv
# Convert to other formats
kismet_log_to_pcap --in kismet.kismet --out capture.pcap
# Filter by time
kismet_log_devices --in kismet.kismet --start-time "2023-01-01 00:00:00" --end-time "2023-01-01 23:59:59"
Consultas de bases de datos
# Connect to Kismet database
sqlite3 ~/.kismet/logs/Kismet-*.kismet
# Common queries
.tables
# List all devices
SELECT devmac, devtype, firsttime, lasttime FROM devices;
# List access points
SELECT devmac, device FROM devices WHERE devtype = 'Wi-Fi AP';
# List clients
SELECT devmac, device FROM devices WHERE devtype = 'Wi-Fi Client';
# Show encryption types
SELECT devmac, device, crypt FROM devices WHERE devtype = 'Wi-Fi AP';
# Find WPS enabled networks
SELECT devmac, device FROM devices WHERE device LIKE '%WPS%';
# Exit database
.quit
REST API Usage
# Get system status
curl http://localhost:2501/system/status.json
# Get device list
curl http://localhost:2501/devices/views/all/devices.json
# Get specific device
curl http://localhost:2501/devices/by-key/DEVICE_KEY/device.json
# Get alerts
curl http://localhost:2501/alerts/definitions.json
# Get channels
curl http://localhost:2501/channels/channels.json
# Authentication required for some endpoints
curl -u username:password http://localhost:2501/devices/views/all/devices.json
Scripts de automatización
Script de monitoreo automatizado
#!/bin/bash
# Automated Kismet monitoring with alerting
KISMET_CONFIG="$HOME/.kismet/kismet.conf"
LOG_DIR="$HOME/kismet_monitoring"
ALERT_EMAIL="security@company.com"
SCAN_DURATION=3600 # 1 hour
INTERFACE="wlan0"
mkdir -p "$LOG_DIR"
# Function to send alert
send_alert() \\\\{
local message="$1"
local log_file="$2"
echo "$message"|mail -s "Kismet Alert" -A "$log_file" "$ALERT_EMAIL" 2>/dev/null||\
echo "Alert: $message (email failed)"
\\\\}
# Function to analyze results
analyze_results() \\\\{
local kismet_db="$1"
local timestamp="$2"
echo "[+] Analyzing results from $kismet_db"
# Count devices by type
ap_count=$(sqlite3 "$kismet_db" "SELECT COUNT(*) FROM devices WHERE devtype = 'Wi-Fi AP';")
client_count=$(sqlite3 "$kismet_db" "SELECT COUNT(*) FROM devices WHERE devtype = 'Wi-Fi Client';")
# Find open networks
open_networks=$(sqlite3 "$kismet_db" "SELECT COUNT(*) FROM devices WHERE devtype = 'Wi-Fi AP' AND crypt = 'None';")
# Find WPS networks
wps_networks=$(sqlite3 "$kismet_db" "SELECT COUNT(*) FROM devices WHERE devtype = 'Wi-Fi AP' AND device LIKE '%WPS%';")
# Generate report
report_file="$LOG_DIR/report_$timestamp.txt"
cat > "$report_file" << EOF
Kismet Monitoring Report - $(date)
=====================================
Scan Duration: $SCAN_DURATION seconds
Interface: $INTERFACE
Summary:
- Access Points: $ap_count
- Clients: $client_count
- Open Networks: $open_networks
- WPS Enabled: $wps_networks
EOF
# Add detailed findings
if [ "$open_networks" -gt 0 ]; then
echo "Open Networks Found:" >> "$report_file"
sqlite3 "$kismet_db" "SELECT devmac, device FROM devices WHERE devtype = 'Wi-Fi AP' AND crypt = 'None';" >> "$report_file"
echo "" >> "$report_file"
fi
if [ "$wps_networks" -gt 0 ]; then
echo "WPS Enabled Networks:" >> "$report_file"
sqlite3 "$kismet_db" "SELECT devmac, device FROM devices WHERE devtype = 'Wi-Fi AP' AND device LIKE '%WPS%';" >> "$report_file"
echo "" >> "$report_file"
fi
# Send alerts for concerning findings
if [ "$open_networks" -gt 5 ]; then
send_alert "High number of open networks detected: $open_networks" "$report_file"
fi
if [ "$wps_networks" -gt 10 ]; then
send_alert "High number of WPS-enabled networks detected: $wps_networks" "$report_file"
fi
echo "[+] Report generated: $report_file"
\\\\}
# Main monitoring function
run_monitoring() \\\\{
local timestamp=$(date +%Y%m%d_%H%M%S)
local log_prefix="$LOG_DIR/kismet_$timestamp"
echo "[+] Starting Kismet monitoring session: $timestamp"
# Configure Kismet for this session
cat > "/tmp/kismet_monitor.conf" << EOF
source=$INTERFACE
logprefix=$log_prefix
logtypes=kismetdb,pcapng
server=tcp://127.0.0.1:2501
allowedusers=kismet
channel_hop=true
channel_hop_speed=5
gps=false
EOF
# Start Kismet
kismet -f "/tmp/kismet_monitor.conf" --daemonize --silent
if [ $? -eq 0 ]; then
echo "[+] Kismet started successfully"
# Wait for scan duration
echo "[+] Scanning for $SCAN_DURATION seconds..."
sleep "$SCAN_DURATION"
# Stop Kismet
pkill kismet
sleep 5
# Analyze results
kismet_db="$\\\\{log_prefix\\\\}.kismet"
if [ -f "$kismet_db" ]; then
analyze_results "$kismet_db" "$timestamp"
else
echo "[-] Kismet database not found: $kismet_db"
fi
else
echo "[-] Failed to start Kismet"
return 1
fi
# Cleanup
rm -f "/tmp/kismet_monitor.conf"
\\\\}
# Check if interface exists and is available
if ! ip link show "$INTERFACE" > /dev/null 2>&1; then
echo "[-] Interface $INTERFACE not found"
exit 1
fi
# Put interface in monitor mode
echo "[+] Setting $INTERFACE to monitor mode"
sudo ip link set "$INTERFACE" down
sudo iw dev "$INTERFACE" set type monitor
sudo ip link set "$INTERFACE" up
if [ $? -eq 0 ]; then
echo "[+] Interface configured successfully"
run_monitoring
else
echo "[-] Failed to configure interface"
exit 1
fi
echo "[+] Monitoring session completed"
Wardriving Script
#!/bin/bash
# Automated wardriving with GPS logging
GPS_DEVICE="/dev/ttyUSB0"
INTERFACE="wlan0"
OUTPUT_DIR="wardriving_$(date +%Y%m%d)"
SCAN_TIME=7200 # 2 hours
mkdir -p "$OUTPUT_DIR"
# Function to setup GPS
setup_gps() \\\\{
echo "[+] Setting up GPS"
# Start gpsd
sudo gpsd "$GPS_DEVICE" -F /var/run/gpsd.sock
# Wait for GPS fix
echo "[+] Waiting for GPS fix..."
timeout=60
while [ $timeout -gt 0 ]; do
if gpsmon -n 1|grep -q "3D"; then
echo "[+] GPS fix acquired"
return 0
fi
sleep 5
timeout=$((timeout - 5))
done
echo "[-] GPS fix not acquired, continuing without GPS"
return 1
\\\\}
# Function to create KML from results
create_kml() \\\\{
local kismet_db="$1"
local kml_file="$2"
echo "[+] Creating KML file: $kml_file"
python3 << EOF
import sqlite3
import xml.etree.ElementTree as ET
from xml.dom import minidom
# Connect to Kismet database
conn = sqlite3.connect('$kismet_db')
cursor = conn.cursor()
# Create KML structure
kml = ET.Element('kml', xmlns='http://www.opengis.net/kml/2.2')
document = ET.SubElement(kml, 'Document')
ET.SubElement(document, 'name').text = 'Kismet Wardriving Results'
# Query for devices with GPS coordinates
cursor.execute('''
SELECT devmac, device, crypt, min_lat, min_lon, max_lat, max_lon
FROM devices
WHERE devtype = 'Wi-Fi AP' AND min_lat != 0 AND min_lon != 0
''')
for row in cursor.fetchall():
devmac, device, crypt, min_lat, min_lon, max_lat, max_lon = row
# Create placemark
placemark = ET.SubElement(document, 'Placemark')
ET.SubElement(placemark, 'name').text = device or devmac
# Description
description = f"MAC: \\\\{devmac\\\\}\\nEncryption: \\\\{crypt\\\\}"
ET.SubElement(placemark, 'description').text = description
# Style based on encryption
style = ET.SubElement(placemark, 'Style')
icon_style = ET.SubElement(style, 'IconStyle')
icon = ET.SubElement(icon_style, 'Icon')
if crypt == 'None':
ET.SubElement(icon, 'href').text = 'http://maps.google.com/mapfiles/kml/paddle/red-circle.png'
elif 'WEP' in crypt:
ET.SubElement(icon, 'href').text = 'http://maps.google.com/mapfiles/kml/paddle/ylw-circle.png'
else:
ET.SubElement(icon, 'href').text = 'http://maps.google.com/mapfiles/kml/paddle/grn-circle.png'
# Point coordinates (use average of min/max)
avg_lat = (min_lat + max_lat) / 2
avg_lon = (min_lon + max_lon) / 2
point = ET.SubElement(placemark, 'Point')
ET.SubElement(point, 'coordinates').text = f"\\\\{avg_lon\\\\},\\\\{avg_lat\\\\},0"
# Write KML file
rough_string = ET.tostring(kml, 'unicode')
reparsed = minidom.parseString(rough_string)
with open('$kml_file', 'w') as f:
f.write(reparsed.toprettyxml(indent=" "))
conn.close()
print(f"KML file created: $kml_file")
EOF
\\\\}
# Function to generate statistics
generate_stats() \\\\{
local kismet_db="$1"
local stats_file="$2"
echo "[+] Generating statistics: $stats_file"
cat > "$stats_file" << EOF
Wardriving Statistics - $(date)
===============================
EOF
# Basic counts
echo "Device Counts:" >> "$stats_file"
sqlite3 "$kismet_db" "SELECT devtype, COUNT(*) FROM devices GROUP BY devtype;"|\
sed 's/|/ : /' >> "$stats_file"
echo "" >> "$stats_file"
# Encryption breakdown
echo "Encryption Types:" >> "$stats_file"
sqlite3 "$kismet_db" "SELECT crypt, COUNT(*) FROM devices WHERE devtype = 'Wi-Fi AP' GROUP BY crypt;"|\
sed 's/|/ : /' >> "$stats_file"
echo "" >> "$stats_file"
# Channel usage
echo "Channel Usage:" >> "$stats_file"
sqlite3 "$kismet_db" "SELECT channel, COUNT(*) FROM devices WHERE devtype = 'Wi-Fi AP' GROUP BY channel ORDER BY channel;"|\
sed 's/|/ : /' >> "$stats_file"
echo "" >> "$stats_file"
# Vendor breakdown (top 10)
echo "Top 10 Vendors:" >> "$stats_file"
sqlite3 "$kismet_db" "SELECT manuf, COUNT(*) as count FROM devices WHERE devtype = 'Wi-Fi AP' GROUP BY manuf ORDER BY count DESC LIMIT 10;"|\
sed 's/|/ : /' >> "$stats_file"
echo "" >> "$stats_file"
# Security concerns
echo "Security Concerns:" >> "$stats_file"
open_count=$(sqlite3 "$kismet_db" "SELECT COUNT(*) FROM devices WHERE devtype = 'Wi-Fi AP' AND crypt = 'None';")
wep_count=$(sqlite3 "$kismet_db" "SELECT COUNT(*) FROM devices WHERE devtype = 'Wi-Fi AP' AND crypt LIKE '%WEP%';")
wps_count=$(sqlite3 "$kismet_db" "SELECT COUNT(*) FROM devices WHERE devtype = 'Wi-Fi AP' AND device LIKE '%WPS%';")
echo "Open Networks: $open_count" >> "$stats_file"
echo "WEP Networks: $wep_count" >> "$stats_file"
echo "WPS Enabled: $wps_count" >> "$stats_file"
\\\\}
# Main wardriving function
run_wardriving() \\\\{
local timestamp=$(date +%Y%m%d_%H%M%S)
local log_prefix="$OUTPUT_DIR/wardriving_$timestamp"
echo "[+] Starting wardriving session: $timestamp"
# Setup GPS
gps_available=false
if setup_gps; then
gps_available=true
fi
# Configure Kismet
cat > "/tmp/kismet_wardriving.conf" << EOF
source=$INTERFACE
logprefix=$log_prefix
logtypes=kismetdb,pcapng,gpsxml
server=tcp://127.0.0.1:2501
allowedusers=kismet
channel_hop=true
channel_hop_speed=3
EOF
if [ "$gps_available" = true ]; then
echo "gps=gpsd:host=localhost,port=2947" >> "/tmp/kismet_wardriving.conf"
echo "gps_log=true" >> "/tmp/kismet_wardriving.conf"
fi
# Start Kismet
kismet -f "/tmp/kismet_wardriving.conf" --daemonize --silent
if [ $? -eq 0 ]; then
echo "[+] Kismet started successfully"
echo "[+] Wardriving for $SCAN_TIME seconds..."
echo "[+] Press Ctrl+C to stop early"
# Wait for scan time or user interrupt
sleep "$SCAN_TIME" &
wait $!
# Stop Kismet
echo "[+] Stopping Kismet..."
pkill kismet
sleep 5
# Process results
kismet_db="$\\\\{log_prefix\\\\}.kismet"
if [ -f "$kismet_db" ]; then
echo "[+] Processing results..."
# Generate KML
create_kml "$kismet_db" "$\\\\{log_prefix\\\\}.kml"
# Generate statistics
generate_stats "$kismet_db" "$\\\\{log_prefix\\\\}_stats.txt"
# Convert to other formats
kismet_log_to_pcap --in "$kismet_db" --out "$\\\\{log_prefix\\\\}.pcap"
echo "[+] Results processed successfully"
echo "[+] Files created:"
ls -la "$\\\\{log_prefix\\\\}"*
else
echo "[-] Kismet database not found: $kismet_db"
fi
else
echo "[-] Failed to start Kismet"
return 1
fi
# Cleanup
rm -f "/tmp/kismet_wardriving.conf"
# Stop GPS daemon
if [ "$gps_available" = true ]; then
sudo pkill gpsd
fi
\\\\}
# Check prerequisites
if ! command -v kismet &> /dev/null; then
echo "[-] Kismet not found. Please install Kismet first."
exit 1
fi
if ! ip link show "$INTERFACE" > /dev/null 2>&1; then
echo "[-] Interface $INTERFACE not found"
exit 1
fi
# Setup interface
echo "[+] Setting up interface $INTERFACE"
sudo ip link set "$INTERFACE" down
sudo iw dev "$INTERFACE" set type monitor
sudo ip link set "$INTERFACE" up
if [ $? -eq 0 ]; then
echo "[+] Interface configured successfully"
run_wardriving
else
echo "[-] Failed to configure interface"
exit 1
fi
echo "[+] Wardriving session completed"
echo "[+] Results saved in: $OUTPUT_DIR"
Rogue AP Detection Script
#!/bin/bash
# Detect rogue access points using Kismet
KNOWN_APS_FILE="known_aps.txt"
INTERFACE="wlan0"
SCAN_TIME=300 # 5 minutes
ALERT_EMAIL="security@company.com"
# Function to create known APs file if it doesn't exist
create_known_aps() \\\\{
if [ ! -f "$KNOWN_APS_FILE" ]; then
echo "Creating known APs file: $KNOWN_APS_FILE"
cat > "$KNOWN_APS_FILE" << 'EOF'
# Known legitimate access points
# Format: MAC_ADDRESS|SSID|LOCATION
00:11:22:33:44:55|CompanyWiFi|Building A
AA:BB:CC:DD:EE:FF|GuestNetwork|Reception
# Add your known APs here
EOF
echo "Please edit $KNOWN_APS_FILE with your known access points"
exit 1
fi
\\\\}
# Function to detect rogue APs
detect_rogue_aps() \\\\{
local kismet_db="$1"
local timestamp="$2"
echo "[+] Detecting rogue access points"
# Create temporary files
local detected_aps="/tmp/detected_aps_$timestamp.txt"
local rogue_aps="/tmp/rogue_aps_$timestamp.txt"
local report_file="rogue_ap_report_$timestamp.txt"
# Extract detected APs
sqlite3 "$kismet_db" "SELECT devmac, device FROM devices WHERE devtype = 'Wi-Fi AP';" > "$detected_aps"
# Compare with known APs
> "$rogue_aps" # Clear file
while IFS='|' read -r detected_mac detected_ssid; do
# Skip empty lines
[ -z "$detected_mac" ] && continue
# Check if this AP is in known list
found=false
while IFS='|' read -r known_mac known_ssid known_location; do
# Skip comments and empty lines
[[ "$known_mac" =~ ^#.*$||-z "$known_mac" ]] && continue
if [ "$detected_mac" = "$known_mac" ]; then
found=true
break
fi
done < "$KNOWN_APS_FILE"
# If not found in known list, it's potentially rogue
if [ "$found" = false ]; then
echo "$detected_mac|$detected_ssid" >> "$rogue_aps"
fi
done < "$detected_aps"
# Generate report
cat > "$report_file" << EOF
Rogue Access Point Detection Report
Generated: $(date)
Scan Duration: $SCAN_TIME seconds
EOF
rogue_count=$(wc -l < "$rogue_aps" 2>/dev/null||echo "0")
if [ "$rogue_count" -gt 0 ]; then
echo "⚠️ ROGUE ACCESS POINTS DETECTED: $rogue_count" >> "$report_file"
echo "================================================" >> "$report_file"
echo "" >> "$report_file"
while IFS='|' read -r mac ssid; do
echo "MAC: $mac" >> "$report_file"
echo "SSID: $ssid" >> "$report_file"
# Get additional details from database
details=$(sqlite3 "$kismet_db" "SELECT crypt, channel, manuf FROM devices WHERE devmac = '$mac';")
if [ -n "$details" ]; then
echo "Details: $details" >> "$report_file"
fi
echo "---" >> "$report_file"
done < "$rogue_aps"
# Send alert
echo "Rogue access points detected: $rogue_count"|\
mail -s "SECURITY ALERT: Rogue APs Detected" -A "$report_file" "$ALERT_EMAIL" 2>/dev/null||\
echo "Alert: $rogue_count rogue APs detected (email failed)"
else
echo "✅ No rogue access points detected" >> "$report_file"
fi
echo "[+] Report generated: $report_file"
# Cleanup
rm -f "$detected_aps" "$rogue_aps"
\\\\}
# Function to run rogue AP scan
run_rogue_scan() \\\\{
local timestamp=$(date +%Y%m%d_%H%M%S)
local log_prefix="/tmp/rogue_scan_$timestamp"
echo "[+] Starting rogue AP detection scan"
# Configure Kismet
cat > "/tmp/kismet_rogue.conf" << EOF
source=$INTERFACE
logprefix=$log_prefix
logtypes=kismetdb
server=tcp://127.0.0.1:2501
allowedusers=kismet
channel_hop=true
channel_hop_speed=5
EOF
# Start Kismet
kismet -f "/tmp/kismet_rogue.conf" --daemonize --silent
if [ $? -eq 0 ]; then
echo "[+] Scanning for $SCAN_TIME seconds..."
sleep "$SCAN_TIME"
# Stop Kismet
pkill kismet
sleep 3
# Analyze results
kismet_db="$\\\\{log_prefix\\\\}.kismet"
if [ -f "$kismet_db" ]; then
detect_rogue_aps "$kismet_db" "$timestamp"
else
echo "[-] Kismet database not found"
fi
else
echo "[-] Failed to start Kismet"
return 1
fi
# Cleanup
rm -f "/tmp/kismet_rogue.conf"
rm -f "$\\\\{log_prefix\\\\}"*
\\\\}
# Main execution
create_known_aps
# Check interface
if ! ip link show "$INTERFACE" > /dev/null 2>&1; then
echo "[-] Interface $INTERFACE not found"
exit 1
fi
# Setup interface
echo "[+] Setting up interface $INTERFACE"
sudo ip link set "$INTERFACE" down
sudo iw dev "$INTERFACE" set type monitor
sudo ip link set "$INTERFACE" up
if [ $? -eq 0 ]; then
run_rogue_scan
else
echo "[-] Failed to configure interface"
exit 1
fi
echo "[+] Rogue AP detection completed"
Integración con otras herramientas
Wireshark Integration
# Convert Kismet logs to pcap for Wireshark
kismet_log_to_pcap --in kismet.kismet --out capture.pcap
# Open in Wireshark
wireshark capture.pcap
# Filter specific traffic in Wireshark
# wlan.fc.type_subtype == 0x08 # Beacon frames
# wlan.fc.type_subtype == 0x04 # Probe requests
# wlan.fc.type_subtype == 0x05 # Probe responses
Integración Aircrack-ng
# Extract handshakes from Kismet capture
aircrack-ng -J handshakes capture.pcap
# Use with hashcat
hashcat -m 2500 handshakes.hccapx wordlist.txt
# Convert Kismet pcap for aircrack-ng
aircrack-ng capture.pcap
Integración de Nmap
# Extract IP addresses from Kismet for network scanning
sqlite3 kismet.kismet "SELECT DISTINCT ip FROM devices WHERE ip != '';"|\
while read ip; do
nmap -sS "$ip"
done
Solución de problemas
Cuestiones comunes
Problemas de interfaz
# Check interface status
ip link show
# Reset interface
sudo ip link set wlan0 down
sudo ip link set wlan0 up
# Check for conflicting processes
sudo lsof /dev/wlan0
sudo fuser -k /dev/wlan0
# Restart network manager
sudo systemctl restart NetworkManager
# Check kernel modules
lsmod|grep 80211
Cuestiones de admisión
# Check user groups
groups $USER
# Add user to kismet group
sudo usermod -aG kismet $USER
# Fix file permissions
sudo chown -R kismet:kismet /var/log/kismet/
sudo chmod -R 755 /var/log/kismet/
# Check capabilities
getcap /usr/bin/kismet_cap_linux_wifi
GPS
# Check GPS device
ls -la /dev/ttyUSB*
ls -la /dev/ttyACM*
# Test GPS manually
sudo gpsd /dev/ttyUSB0 -F /var/run/gpsd.sock
gpsmon
# Check gpsd status
sudo systemctl status gpsd
# Restart gpsd
sudo systemctl restart gpsd
Cuestiones de base de datos
# Check database integrity
sqlite3 kismet.kismet "PRAGMA integrity_check;"
# Repair database
sqlite3 kismet.kismet ".recover"|sqlite3 kismet_recovered.kismet
# Check database schema
sqlite3 kismet.kismet ".schema"
# Vacuum database
sqlite3 kismet.kismet "VACUUM;"
Optimización del rendimiento
# Reduce logging
echo "logtypes=kismetdb" >> ~/.kismet/kismet.conf
# Optimize channel hopping
echo "channel_hop_speed=10" >> ~/.kismet/kismet.conf
# Limit data sources
echo "source=wlan0:hop=true,channel=1,6,11" >> ~/.kismet/kismet.conf
# Increase buffer sizes
echo "packet_buffer_size=65536" >> ~/.kismet/kismet.conf
Recursos
- Documentación oficial de Kismet
- Kismet GitHub Repository
- Kismet REST API Documentation
- Probación de seguridad ininterrumpida
- 802.11 Redes inalámbricas
- Las mejores prácticas
- Detección de intrusión ininterrumpida
-...
*Esta hoja de trampa proporciona una referencia completa para el uso de Kismet para la detección y monitoreo de redes inalámbricas. Siempre asegúrese de tener una autorización adecuada antes de usar esta herramienta en cualquier entorno. *