WiFi or wireless penetration testing is an important aspect of any security audit project, organizations are facing serious threats from their insecure WiFi network. A compromised wifi puts the entire network at risks. Consider the recent darkhotel attack, where the top business executives were the target and the attacker were targeting them by hacking into the insecure hotel WiFi network. The moral of the story is that, “the organizations should include a WiFi penetration testing process in their regular security procedure”.
There is the little difference between a network vulnerability assessment tool and WiFi vulnerability scanners, so here is the quick list of the tools that could be very useful while performing WiFi penetration testing.
Aircrack-ng
Aircrack-ng is an 802.11 WEP and WPA-PSK keys cracking program that can recover keys once enough data packets have been captured. It implements the standard FMS attack along with some optimizations like KoreK attacks, as well as the all-new PTW attack, thus making the attack much faster compared to other WEP cracking tools. In fact, Aircrack-ng is a set of tools for auditing wireless networks.
Kismet
Kismet is an 802.11 layer2 wireless network detector, sniffer, and intrusion detection system. Kismet will work with any wireless card which supports raw monitoring (rfmon) mode, and (with appropriate hardware) can sniff 802.11b, 802.11a, 802.11g, and 802.11n traffic. Kismet also supports plugins which allow sniffing other media such as DECT.
Netstumbler
Netstumbler is the best known Windows tool for finding open wireless access points ("Wardiving"). They also distribute a WinCE version for PDAs and such named MiniStumbler. The tool is currently free but Windows-only and no source code is provided. It uses a more active approach to finding WAPs than passive sniffers such as Kismet or KisMAC.
InSSIDer
inSSIDer is a wireless network scanner for Windows, OS X, and Android. It was designed to overcome limitations of NetStumbler, namely not working well on 64-bit Windows and Windows Vista. inSSIDer can find open wireless access points, track signal strength over time, and save logs with GPS records.
KisMAC
This popular wireless stumbler for Mac OS X offers many of the features of its namesake Kismet, though the codebase is entirely different. Unlike console-based Kismet, KisMAC offers a pretty GUI and was around before Kismet was ported to OS X. It also offers mapping, Pcap-format import and logging, and even some decryption and deauthentication attacks.
Reaver-WPS
Reaver performs a brute force attack against an access point's WiFi Protected Setup pin number. Once the WPS pin is found, the WPA PSK can be recovered and alternately the AP's wireless settings can be reconfigured.
Fern WiFi Cracker
Fern WiFi Cracker is a wireless security auditing application that is written in python and uses python-qt4. This application uses the aircrack-ng suite of tools.