Cheat Kismet Feuille
Aperçu général
Kismet est un détecteur de réseau et d'appareils sans fil, un sniffer, un outil de déroutement et un cadre de détection d'intrusion sans fil. Il fonctionne avec des interfaces Wi-Fi, des interfaces Bluetooth, du matériel SDR (radio définie par logiciel) comme le RTLSDR, et d'autres équipements de capture spécialisés. Kismet peut détecter passivement les réseaux sans fil, les clients et leurs relations, ce qui en fait un outil essentiel pour l'évaluation et la surveillance de la sécurité sans fil.
C'est pas vrai. Attention : N'utilisez Kismet que dans les environnements que vous possédez ou avez la permission explicite de surveiller. La surveillance sans fil non autorisée peut violer les lois et règlements locaux.
Installation
Installation Ubuntu/Debian
# Add Kismet repository
wget -O - https://www.kismetwireless.net/repos/kismet-release.gpg.key|sudo apt-key add -
echo 'deb https://www.kismetwireless.net/repos/apt/release/$(lsb_release -cs) $(lsb_release -cs) main'|sudo tee /etc/apt/sources.list.d/kismet.list
# Update package list
sudo apt update
# Install Kismet
sudo apt install kismet
# Add user to kismet group
sudo usermod -aG kismet $USER
# Log out and back in for group changes to take effect
Compilation manuelle
# Install dependencies
sudo apt update
sudo apt install -y build-essential git libmicrohttpd-dev pkg-config \
zlib1g-dev libnl-3-dev libnl-genl-3-dev libcap-dev \
libpcap-dev libnm-dev libdw-dev libsqlite3-dev libprotobuf-dev \
libprotobuf-c-dev protobuf-compiler protobuf-c-compiler \
libsensors4-dev libusb-1.0-0-dev python3 python3-setuptools \
python3-protobuf python3-requests python3-numpy python3-serial \
python3-usb python3-dev python3-websockets librtlsdr0 librtlsdr-dev \
libfftw3-dev libncurses5-dev libpcre3-dev
# Clone Kismet repository
git clone https://www.kismetwireless.net/git/kismet.git
cd kismet
# Configure and compile
./configure
make -j$(nproc)
# Install
sudo make suidinstall
# Add user to kismet group
sudo usermod -aG kismet $USER
```_
### Installation de Kali Linux
```bash
# Kismet is pre-installed on Kali Linux
kismet --version
# If not installed
sudo apt update
sudo apt install kismet
# Add user to kismet group
sudo usermod -aG kismet $USER
```_
### Installation Docker
```bash
# Pull Kismet Docker image
docker pull kismetwireless/kismet
# Run Kismet in Docker with host networking
docker run -it --rm --net=host \
--privileged \
-v /dev/bus/usb:/dev/bus/usb \
kismetwireless/kismet
# Create persistent volume for logs
docker volume create kismet-logs
# Run with persistent storage
docker run -d --name kismet \
--net=host \
--privileged \
-v kismet-logs:/opt/kismet/logs \
-v /dev/bus/usb:/dev/bus/usb \
kismetwireless/kismet
Configuration de base
Configuration initiale
# Create Kismet configuration directory
mkdir -p ~/.kismet
# Generate default configuration
kismet --print-config > ~/.kismet/kismet.conf
# Edit configuration
nano ~/.kismet/kismet.conf
# Key configuration options:
# server=tcp://127.0.0.1:2501
# allowedusers=kismet
# logprefix=/tmp/kismet
# logtypes=kismetdb,pcapng
Configuration de l'interface
# List available interfaces
kismet --list-interfaces
# Check interface capabilities
iw dev
# Put interface in monitor mode manually
sudo ip link set wlan0 down
sudo iw dev wlan0 set type monitor
sudo ip link set wlan0 up
# Configure Kismet to use specific interface
echo "source=wlan0" >> ~/.kismet/kismet.conf
# Multiple interfaces
echo "source=wlan0" >> ~/.kismet/kismet.conf
echo "source=wlan1" >> ~/.kismet/kismet.conf
# Interface with specific options
echo "source=wlan0:name=primary,hop=true" >> ~/.kismet/kismet.conf
Gestion des utilisateurs
# Add user to Kismet
sudo kismet_site_config --add-user username
# Set user password
sudo kismet_site_config --set-password username
# List users
sudo kismet_site_config --list-users
# Remove user
sudo kismet_site_config --remove-user username
# Create admin user
sudo kismet_site_config --add-admin admin_user
Utilisation de base
Démarrer Kismet
# Start Kismet server
kismet
# Start with specific interface
kismet -c wlan0
# Start with multiple interfaces
kismet -c wlan0,wlan1
# Start in background
kismet --daemonize
# Start with custom config
kismet -f /path/to/custom.conf
# Start with specific log location
kismet --log-prefix /var/log/kismet/
Interface Web
# Access web interface (default)
firefox http://localhost:2501
# Custom port configuration
echo "httpd_port=8080" >> ~/.kismet/kismet.conf
# Enable HTTPS
echo "httpd_ssl=true" >> ~/.kismet/kismet.conf
echo "httpd_ssl_cert=/path/to/cert.pem" >> ~/.kismet/kismet.conf
echo "httpd_ssl_key=/path/to/key.pem" >> ~/.kismet/kismet.conf
# Allow remote access (security risk)
echo "httpd_bind_address=0.0.0.0" >> ~/.kismet/kismet.conf
Interface de ligne de commande
# Connect to Kismet server
kismet_client
# Connect to remote server
kismet_client --server 192.168.1.100:2501
# Non-interactive mode
kismet_client --autostart --user username --password password
# Export data
kismet_client --export-xml networks.xml
kismet_client --export-csv devices.csv
Surveillance avancée
Bouchonnage des canaux
# Configure channel hopping
echo "channel_hop=true" >> ~/.kismet/kismet.conf
echo "channel_hop_speed=5" >> ~/.kismet/kismet.conf
# Specific channels only
echo "channel_hop_channels=1,6,11" >> ~/.kismet/kismet.conf
# 5GHz channels
echo "channel_hop_channels=36,40,44,48,149,153,157,161" >> ~/.kismet/kismet.conf
# Disable channel hopping for specific interface
echo "source=wlan0:hop=false,channel=6" >> ~/.kismet/kismet.conf
Intégration GPS
# Configure GPS
echo "gps=gpsd:host=localhost,port=2947" >> ~/.kismet/kismet.conf
# Start gpsd
sudo gpsd /dev/ttyUSB0 -F /var/run/gpsd.sock
# Test GPS connection
gpsmon
# Configure GPS logging
echo "gps_log=true" >> ~/.kismet/kismet.conf
Surveillance Bluetooth
# Enable Bluetooth capture
echo "source=hci0:type=linuxbluetooth" >> ~/.kismet/kismet.conf
# Multiple Bluetooth interfaces
echo "source=hci0:type=linuxbluetooth,name=bt0" >> ~/.kismet/kismet.conf
echo "source=hci1:type=linuxbluetooth,name=bt1" >> ~/.kismet/kismet.conf
# Configure Bluetooth scanning
echo "bluetooth_scan_interval=30" >> ~/.kismet/kismet.conf
DTS Intégration
# RTL-SDR configuration
echo "source=rtlsdr-0:type=rtlsdr" >> ~/.kismet/kismet.conf
# HackRF configuration
echo "source=hackrf:type=hackrf" >> ~/.kismet/kismet.conf
# Configure frequency ranges
echo "source=rtlsdr-0:frequency=433920000" >> ~/.kismet/kismet.conf
# Multiple SDR devices
echo "source=rtlsdr-0:type=rtlsdr,name=rtl0" >> ~/.kismet/kismet.conf
echo "source=rtlsdr-1:type=rtlsdr,name=rtl1" >> ~/.kismet/kismet.conf
Analyse des données
Loger l'analyse de fichier
# List log files
ls -la ~/.kismet/logs/
# Analyze Kismet database
kismet_log_to_kml --in kismet.kismet --out networks.kml
# Extract specific data
kismet_log_devices --in kismet.kismet --out devices.csv
# Convert to other formats
kismet_log_to_pcap --in kismet.kismet --out capture.pcap
# Filter by time
kismet_log_devices --in kismet.kismet --start-time "2023-01-01 00:00:00" --end-time "2023-01-01 23:59:59"
Demandes de données
# Connect to Kismet database
sqlite3 ~/.kismet/logs/Kismet-*.kismet
# Common queries
.tables
# List all devices
SELECT devmac, devtype, firsttime, lasttime FROM devices;
# List access points
SELECT devmac, device FROM devices WHERE devtype = 'Wi-Fi AP';
# List clients
SELECT devmac, device FROM devices WHERE devtype = 'Wi-Fi Client';
# Show encryption types
SELECT devmac, device, crypt FROM devices WHERE devtype = 'Wi-Fi AP';
# Find WPS enabled networks
SELECT devmac, device FROM devices WHERE device LIKE '%WPS%';
# Exit database
.quit
API REST Utilisation
# Get system status
curl http://localhost:2501/system/status.json
# Get device list
curl http://localhost:2501/devices/views/all/devices.json
# Get specific device
curl http://localhost:2501/devices/by-key/DEVICE_KEY/device.json
# Get alerts
curl http://localhost:2501/alerts/definitions.json
# Get channels
curl http://localhost:2501/channels/channels.json
# Authentication required for some endpoints
curl -u username:password http://localhost:2501/devices/views/all/devices.json
Scripts d'automatisation
Scénario de suivi automatisé
#!/bin/bash
# Automated Kismet monitoring with alerting
KISMET_CONFIG="$HOME/.kismet/kismet.conf"
LOG_DIR="$HOME/kismet_monitoring"
ALERT_EMAIL="security@company.com"
SCAN_DURATION=3600 # 1 hour
INTERFACE="wlan0"
mkdir -p "$LOG_DIR"
# Function to send alert
send_alert() \\\\{
local message="$1"
local log_file="$2"
echo "$message"|mail -s "Kismet Alert" -A "$log_file" "$ALERT_EMAIL" 2>/dev/null||\
echo "Alert: $message (email failed)"
\\\\}
# Function to analyze results
analyze_results() \\\\{
local kismet_db="$1"
local timestamp="$2"
echo "[+] Analyzing results from $kismet_db"
# Count devices by type
ap_count=$(sqlite3 "$kismet_db" "SELECT COUNT(*) FROM devices WHERE devtype = 'Wi-Fi AP';")
client_count=$(sqlite3 "$kismet_db" "SELECT COUNT(*) FROM devices WHERE devtype = 'Wi-Fi Client';")
# Find open networks
open_networks=$(sqlite3 "$kismet_db" "SELECT COUNT(*) FROM devices WHERE devtype = 'Wi-Fi AP' AND crypt = 'None';")
# Find WPS networks
wps_networks=$(sqlite3 "$kismet_db" "SELECT COUNT(*) FROM devices WHERE devtype = 'Wi-Fi AP' AND device LIKE '%WPS%';")
# Generate report
report_file="$LOG_DIR/report_$timestamp.txt"
cat > "$report_file" << EOF
Kismet Monitoring Report - $(date)
=====================================
Scan Duration: $SCAN_DURATION seconds
Interface: $INTERFACE
Summary:
- Access Points: $ap_count
- Clients: $client_count
- Open Networks: $open_networks
- WPS Enabled: $wps_networks
EOF
# Add detailed findings
if [ "$open_networks" -gt 0 ]; then
echo "Open Networks Found:" >> "$report_file"
sqlite3 "$kismet_db" "SELECT devmac, device FROM devices WHERE devtype = 'Wi-Fi AP' AND crypt = 'None';" >> "$report_file"
echo "" >> "$report_file"
fi
if [ "$wps_networks" -gt 0 ]; then
echo "WPS Enabled Networks:" >> "$report_file"
sqlite3 "$kismet_db" "SELECT devmac, device FROM devices WHERE devtype = 'Wi-Fi AP' AND device LIKE '%WPS%';" >> "$report_file"
echo "" >> "$report_file"
fi
# Send alerts for concerning findings
if [ "$open_networks" -gt 5 ]; then
send_alert "High number of open networks detected: $open_networks" "$report_file"
fi
if [ "$wps_networks" -gt 10 ]; then
send_alert "High number of WPS-enabled networks detected: $wps_networks" "$report_file"
fi
echo "[+] Report generated: $report_file"
\\\\}
# Main monitoring function
run_monitoring() \\\\{
local timestamp=$(date +%Y%m%d_%H%M%S)
local log_prefix="$LOG_DIR/kismet_$timestamp"
echo "[+] Starting Kismet monitoring session: $timestamp"
# Configure Kismet for this session
cat > "/tmp/kismet_monitor.conf" << EOF
source=$INTERFACE
logprefix=$log_prefix
logtypes=kismetdb,pcapng
server=tcp://127.0.0.1:2501
allowedusers=kismet
channel_hop=true
channel_hop_speed=5
gps=false
EOF
# Start Kismet
kismet -f "/tmp/kismet_monitor.conf" --daemonize --silent
if [ $? -eq 0 ]; then
echo "[+] Kismet started successfully"
# Wait for scan duration
echo "[+] Scanning for $SCAN_DURATION seconds..."
sleep "$SCAN_DURATION"
# Stop Kismet
pkill kismet
sleep 5
# Analyze results
kismet_db="$\\\\{log_prefix\\\\}.kismet"
if [ -f "$kismet_db" ]; then
analyze_results "$kismet_db" "$timestamp"
else
echo "[-] Kismet database not found: $kismet_db"
fi
else
echo "[-] Failed to start Kismet"
return 1
fi
# Cleanup
rm -f "/tmp/kismet_monitor.conf"
\\\\}
# Check if interface exists and is available
if ! ip link show "$INTERFACE" > /dev/null 2>&1; then
echo "[-] Interface $INTERFACE not found"
exit 1
fi
# Put interface in monitor mode
echo "[+] Setting $INTERFACE to monitor mode"
sudo ip link set "$INTERFACE" down
sudo iw dev "$INTERFACE" set type monitor
sudo ip link set "$INTERFACE" up
if [ $? -eq 0 ]; then
echo "[+] Interface configured successfully"
run_monitoring
else
echo "[-] Failed to configure interface"
exit 1
fi
echo "[+] Monitoring session completed"
Scénario de la conductivité
#!/bin/bash
# Automated wardriving with GPS logging
GPS_DEVICE="/dev/ttyUSB0"
INTERFACE="wlan0"
OUTPUT_DIR="wardriving_$(date +%Y%m%d)"
SCAN_TIME=7200 # 2 hours
mkdir -p "$OUTPUT_DIR"
# Function to setup GPS
setup_gps() \\\\{
echo "[+] Setting up GPS"
# Start gpsd
sudo gpsd "$GPS_DEVICE" -F /var/run/gpsd.sock
# Wait for GPS fix
echo "[+] Waiting for GPS fix..."
timeout=60
while [ $timeout -gt 0 ]; do
if gpsmon -n 1|grep -q "3D"; then
echo "[+] GPS fix acquired"
return 0
fi
sleep 5
timeout=$((timeout - 5))
done
echo "[-] GPS fix not acquired, continuing without GPS"
return 1
\\\\}
# Function to create KML from results
create_kml() \\\\{
local kismet_db="$1"
local kml_file="$2"
echo "[+] Creating KML file: $kml_file"
python3 << EOF
import sqlite3
import xml.etree.ElementTree as ET
from xml.dom import minidom
# Connect to Kismet database
conn = sqlite3.connect('$kismet_db')
cursor = conn.cursor()
# Create KML structure
kml = ET.Element('kml', xmlns='http://www.opengis.net/kml/2.2')
document = ET.SubElement(kml, 'Document')
ET.SubElement(document, 'name').text = 'Kismet Wardriving Results'
# Query for devices with GPS coordinates
cursor.execute('''
SELECT devmac, device, crypt, min_lat, min_lon, max_lat, max_lon
FROM devices
WHERE devtype = 'Wi-Fi AP' AND min_lat != 0 AND min_lon != 0
''')
for row in cursor.fetchall():
devmac, device, crypt, min_lat, min_lon, max_lat, max_lon = row
# Create placemark
placemark = ET.SubElement(document, 'Placemark')
ET.SubElement(placemark, 'name').text = device or devmac
# Description
description = f"MAC: \\\\{devmac\\\\}\\nEncryption: \\\\{crypt\\\\}"
ET.SubElement(placemark, 'description').text = description
# Style based on encryption
style = ET.SubElement(placemark, 'Style')
icon_style = ET.SubElement(style, 'IconStyle')
icon = ET.SubElement(icon_style, 'Icon')
if crypt == 'None':
ET.SubElement(icon, 'href').text = 'http://maps.google.com/mapfiles/kml/paddle/red-circle.png'
elif 'WEP' in crypt:
ET.SubElement(icon, 'href').text = 'http://maps.google.com/mapfiles/kml/paddle/ylw-circle.png'
else:
ET.SubElement(icon, 'href').text = 'http://maps.google.com/mapfiles/kml/paddle/grn-circle.png'
# Point coordinates (use average of min/max)
avg_lat = (min_lat + max_lat) / 2
avg_lon = (min_lon + max_lon) / 2
point = ET.SubElement(placemark, 'Point')
ET.SubElement(point, 'coordinates').text = f"\\\\{avg_lon\\\\},\\\\{avg_lat\\\\},0"
# Write KML file
rough_string = ET.tostring(kml, 'unicode')
reparsed = minidom.parseString(rough_string)
with open('$kml_file', 'w') as f:
f.write(reparsed.toprettyxml(indent=" "))
conn.close()
print(f"KML file created: $kml_file")
EOF
\\\\}
# Function to generate statistics
generate_stats() \\\\{
local kismet_db="$1"
local stats_file="$2"
echo "[+] Generating statistics: $stats_file"
cat > "$stats_file" << EOF
Wardriving Statistics - $(date)
===============================
EOF
# Basic counts
echo "Device Counts:" >> "$stats_file"
sqlite3 "$kismet_db" "SELECT devtype, COUNT(*) FROM devices GROUP BY devtype;"|\
sed 's/|/ : /' >> "$stats_file"
echo "" >> "$stats_file"
# Encryption breakdown
echo "Encryption Types:" >> "$stats_file"
sqlite3 "$kismet_db" "SELECT crypt, COUNT(*) FROM devices WHERE devtype = 'Wi-Fi AP' GROUP BY crypt;"|\
sed 's/|/ : /' >> "$stats_file"
echo "" >> "$stats_file"
# Channel usage
echo "Channel Usage:" >> "$stats_file"
sqlite3 "$kismet_db" "SELECT channel, COUNT(*) FROM devices WHERE devtype = 'Wi-Fi AP' GROUP BY channel ORDER BY channel;"|\
sed 's/|/ : /' >> "$stats_file"
echo "" >> "$stats_file"
# Vendor breakdown (top 10)
echo "Top 10 Vendors:" >> "$stats_file"
sqlite3 "$kismet_db" "SELECT manuf, COUNT(*) as count FROM devices WHERE devtype = 'Wi-Fi AP' GROUP BY manuf ORDER BY count DESC LIMIT 10;"|\
sed 's/|/ : /' >> "$stats_file"
echo "" >> "$stats_file"
# Security concerns
echo "Security Concerns:" >> "$stats_file"
open_count=$(sqlite3 "$kismet_db" "SELECT COUNT(*) FROM devices WHERE devtype = 'Wi-Fi AP' AND crypt = 'None';")
wep_count=$(sqlite3 "$kismet_db" "SELECT COUNT(*) FROM devices WHERE devtype = 'Wi-Fi AP' AND crypt LIKE '%WEP%';")
wps_count=$(sqlite3 "$kismet_db" "SELECT COUNT(*) FROM devices WHERE devtype = 'Wi-Fi AP' AND device LIKE '%WPS%';")
echo "Open Networks: $open_count" >> "$stats_file"
echo "WEP Networks: $wep_count" >> "$stats_file"
echo "WPS Enabled: $wps_count" >> "$stats_file"
\\\\}
# Main wardriving function
run_wardriving() \\\\{
local timestamp=$(date +%Y%m%d_%H%M%S)
local log_prefix="$OUTPUT_DIR/wardriving_$timestamp"
echo "[+] Starting wardriving session: $timestamp"
# Setup GPS
gps_available=false
if setup_gps; then
gps_available=true
fi
# Configure Kismet
cat > "/tmp/kismet_wardriving.conf" << EOF
source=$INTERFACE
logprefix=$log_prefix
logtypes=kismetdb,pcapng,gpsxml
server=tcp://127.0.0.1:2501
allowedusers=kismet
channel_hop=true
channel_hop_speed=3
EOF
if [ "$gps_available" = true ]; then
echo "gps=gpsd:host=localhost,port=2947" >> "/tmp/kismet_wardriving.conf"
echo "gps_log=true" >> "/tmp/kismet_wardriving.conf"
fi
# Start Kismet
kismet -f "/tmp/kismet_wardriving.conf" --daemonize --silent
if [ $? -eq 0 ]; then
echo "[+] Kismet started successfully"
echo "[+] Wardriving for $SCAN_TIME seconds..."
echo "[+] Press Ctrl+C to stop early"
# Wait for scan time or user interrupt
sleep "$SCAN_TIME" &
wait $!
# Stop Kismet
echo "[+] Stopping Kismet..."
pkill kismet
sleep 5
# Process results
kismet_db="$\\\\{log_prefix\\\\}.kismet"
if [ -f "$kismet_db" ]; then
echo "[+] Processing results..."
# Generate KML
create_kml "$kismet_db" "$\\\\{log_prefix\\\\}.kml"
# Generate statistics
generate_stats "$kismet_db" "$\\\\{log_prefix\\\\}_stats.txt"
# Convert to other formats
kismet_log_to_pcap --in "$kismet_db" --out "$\\\\{log_prefix\\\\}.pcap"
echo "[+] Results processed successfully"
echo "[+] Files created:"
ls -la "$\\\\{log_prefix\\\\}"*
else
echo "[-] Kismet database not found: $kismet_db"
fi
else
echo "[-] Failed to start Kismet"
return 1
fi
# Cleanup
rm -f "/tmp/kismet_wardriving.conf"
# Stop GPS daemon
if [ "$gps_available" = true ]; then
sudo pkill gpsd
fi
\\\\}
# Check prerequisites
if ! command -v kismet &> /dev/null; then
echo "[-] Kismet not found. Please install Kismet first."
exit 1
fi
if ! ip link show "$INTERFACE" > /dev/null 2>&1; then
echo "[-] Interface $INTERFACE not found"
exit 1
fi
# Setup interface
echo "[+] Setting up interface $INTERFACE"
sudo ip link set "$INTERFACE" down
sudo iw dev "$INTERFACE" set type monitor
sudo ip link set "$INTERFACE" up
if [ $? -eq 0 ]; then
echo "[+] Interface configured successfully"
run_wardriving
else
echo "[-] Failed to configure interface"
exit 1
fi
echo "[+] Wardriving session completed"
echo "[+] Results saved in: $OUTPUT_DIR"
Script de détection de Rogue AP
#!/bin/bash
# Detect rogue access points using Kismet
KNOWN_APS_FILE="known_aps.txt"
INTERFACE="wlan0"
SCAN_TIME=300 # 5 minutes
ALERT_EMAIL="security@company.com"
# Function to create known APs file if it doesn't exist
create_known_aps() \\\\{
if [ ! -f "$KNOWN_APS_FILE" ]; then
echo "Creating known APs file: $KNOWN_APS_FILE"
cat > "$KNOWN_APS_FILE" << 'EOF'
# Known legitimate access points
# Format: MAC_ADDRESS|SSID|LOCATION
00:11:22:33:44:55|CompanyWiFi|Building A
AA:BB:CC:DD:EE:FF|GuestNetwork|Reception
# Add your known APs here
EOF
echo "Please edit $KNOWN_APS_FILE with your known access points"
exit 1
fi
\\\\}
# Function to detect rogue APs
detect_rogue_aps() \\\\{
local kismet_db="$1"
local timestamp="$2"
echo "[+] Detecting rogue access points"
# Create temporary files
local detected_aps="/tmp/detected_aps_$timestamp.txt"
local rogue_aps="/tmp/rogue_aps_$timestamp.txt"
local report_file="rogue_ap_report_$timestamp.txt"
# Extract detected APs
sqlite3 "$kismet_db" "SELECT devmac, device FROM devices WHERE devtype = 'Wi-Fi AP';" > "$detected_aps"
# Compare with known APs
> "$rogue_aps" # Clear file
while IFS='|' read -r detected_mac detected_ssid; do
# Skip empty lines
[ -z "$detected_mac" ] && continue
# Check if this AP is in known list
found=false
while IFS='|' read -r known_mac known_ssid known_location; do
# Skip comments and empty lines
[[ "$known_mac" =~ ^#.*$||-z "$known_mac" ]] && continue
if [ "$detected_mac" = "$known_mac" ]; then
found=true
break
fi
done < "$KNOWN_APS_FILE"
# If not found in known list, it's potentially rogue
if [ "$found" = false ]; then
echo "$detected_mac|$detected_ssid" >> "$rogue_aps"
fi
done < "$detected_aps"
# Generate report
cat > "$report_file" << EOF
Rogue Access Point Detection Report
Generated: $(date)
Scan Duration: $SCAN_TIME seconds
EOF
rogue_count=$(wc -l < "$rogue_aps" 2>/dev/null||echo "0")
if [ "$rogue_count" -gt 0 ]; then
echo "⚠️ ROGUE ACCESS POINTS DETECTED: $rogue_count" >> "$report_file"
echo "================================================" >> "$report_file"
echo "" >> "$report_file"
while IFS='|' read -r mac ssid; do
echo "MAC: $mac" >> "$report_file"
echo "SSID: $ssid" >> "$report_file"
# Get additional details from database
details=$(sqlite3 "$kismet_db" "SELECT crypt, channel, manuf FROM devices WHERE devmac = '$mac';")
if [ -n "$details" ]; then
echo "Details: $details" >> "$report_file"
fi
echo "---" >> "$report_file"
done < "$rogue_aps"
# Send alert
echo "Rogue access points detected: $rogue_count"|\
mail -s "SECURITY ALERT: Rogue APs Detected" -A "$report_file" "$ALERT_EMAIL" 2>/dev/null||\
echo "Alert: $rogue_count rogue APs detected (email failed)"
else
echo "✅ No rogue access points detected" >> "$report_file"
fi
echo "[+] Report generated: $report_file"
# Cleanup
rm -f "$detected_aps" "$rogue_aps"
\\\\}
# Function to run rogue AP scan
run_rogue_scan() \\\\{
local timestamp=$(date +%Y%m%d_%H%M%S)
local log_prefix="/tmp/rogue_scan_$timestamp"
echo "[+] Starting rogue AP detection scan"
# Configure Kismet
cat > "/tmp/kismet_rogue.conf" << EOF
source=$INTERFACE
logprefix=$log_prefix
logtypes=kismetdb
server=tcp://127.0.0.1:2501
allowedusers=kismet
channel_hop=true
channel_hop_speed=5
EOF
# Start Kismet
kismet -f "/tmp/kismet_rogue.conf" --daemonize --silent
if [ $? -eq 0 ]; then
echo "[+] Scanning for $SCAN_TIME seconds..."
sleep "$SCAN_TIME"
# Stop Kismet
pkill kismet
sleep 3
# Analyze results
kismet_db="$\\\\{log_prefix\\\\}.kismet"
if [ -f "$kismet_db" ]; then
detect_rogue_aps "$kismet_db" "$timestamp"
else
echo "[-] Kismet database not found"
fi
else
echo "[-] Failed to start Kismet"
return 1
fi
# Cleanup
rm -f "/tmp/kismet_rogue.conf"
rm -f "$\\\\{log_prefix\\\\}"*
\\\\}
# Main execution
create_known_aps
# Check interface
if ! ip link show "$INTERFACE" > /dev/null 2>&1; then
echo "[-] Interface $INTERFACE not found"
exit 1
fi
# Setup interface
echo "[+] Setting up interface $INTERFACE"
sudo ip link set "$INTERFACE" down
sudo iw dev "$INTERFACE" set type monitor
sudo ip link set "$INTERFACE" up
if [ $? -eq 0 ]; then
run_rogue_scan
else
echo "[-] Failed to configure interface"
exit 1
fi
echo "[+] Rogue AP detection completed"
Intégration avec d'autres outils
Intégration de Wireshark
# Convert Kismet logs to pcap for Wireshark
kismet_log_to_pcap --in kismet.kismet --out capture.pcap
# Open in Wireshark
wireshark capture.pcap
# Filter specific traffic in Wireshark
# wlan.fc.type_subtype == 0x08 # Beacon frames
# wlan.fc.type_subtype == 0x04 # Probe requests
# wlan.fc.type_subtype == 0x05 # Probe responses
Intégration Aircrack-ng
# Extract handshakes from Kismet capture
aircrack-ng -J handshakes capture.pcap
# Use with hashcat
hashcat -m 2500 handshakes.hccapx wordlist.txt
# Convert Kismet pcap for aircrack-ng
aircrack-ng capture.pcap
Intégration Nmap
# Extract IP addresses from Kismet for network scanning
sqlite3 kismet.kismet "SELECT DISTINCT ip FROM devices WHERE ip != '';"|\
while read ip; do
nmap -sS "$ip"
done
Dépannage
Questions communes
Problèmes d'interface
# Check interface status
ip link show
# Reset interface
sudo ip link set wlan0 down
sudo ip link set wlan0 up
# Check for conflicting processes
sudo lsof /dev/wlan0
sudo fuser -k /dev/wlan0
# Restart network manager
sudo systemctl restart NetworkManager
# Check kernel modules
lsmod|grep 80211
Questions relatives à la permission
# Check user groups
groups $USER
# Add user to kismet group
sudo usermod -aG kismet $USER
# Fix file permissions
sudo chown -R kismet:kismet /var/log/kismet/
sudo chmod -R 755 /var/log/kismet/
# Check capabilities
getcap /usr/bin/kismet_cap_linux_wifi
Questions relatives au GPS
# Check GPS device
ls -la /dev/ttyUSB*
ls -la /dev/ttyACM*
# Test GPS manually
sudo gpsd /dev/ttyUSB0 -F /var/run/gpsd.sock
gpsmon
# Check gpsd status
sudo systemctl status gpsd
# Restart gpsd
sudo systemctl restart gpsd
Questions relatives aux bases de données
# Check database integrity
sqlite3 kismet.kismet "PRAGMA integrity_check;"
# Repair database
sqlite3 kismet.kismet ".recover"|sqlite3 kismet_recovered.kismet
# Check database schema
sqlite3 kismet.kismet ".schema"
# Vacuum database
sqlite3 kismet.kismet "VACUUM;"
Optimisation des performances
# Reduce logging
echo "logtypes=kismetdb" >> ~/.kismet/kismet.conf
# Optimize channel hopping
echo "channel_hop_speed=10" >> ~/.kismet/kismet.conf
# Limit data sources
echo "source=wlan0:hop=true,channel=1,6,11" >> ~/.kismet/kismet.conf
# Increase buffer sizes
echo "packet_buffer_size=65536" >> ~/.kismet/kismet.conf
Ressources
- [Documentation officielle Kismet] (LINK_7)
- [Répôt de Kismet GitHub] (LINK_7)
- [Documentation de l'API de Kismet REST] (LINK_7)
- [Essais de sécurité sans fil] (LINK_7)
- [802.11 Réseaux sans fil] (LINK_7)
- [Pratiques exemplaires en matière de conduite] (LINK_7)
- [Détection d'intrusion sans fil] (LINK_7)
*Cette feuille de triche fournit une référence complète pour l'utilisation de Kismet pour la détection et la surveillance du réseau sans fil. Assurez-vous toujours d'avoir une autorisation appropriée avant d'utiliser cet outil dans n'importe quel environnement. *