WPScan & WPSpy Tools

May 9th, 2009

These are the Wifi-Protected Setup tools that we presented at ChicagoCon.

WPScan actively sends 802.11 probe requests to access points that advertise WPS support. It then parses out the WPS Information Element in the resulting probe response and displays the results. This is a very useful fingerprinting tool since nearly all new routers have WPS enabled by default, and most vendors will actually put the exact make, model, and version of the router in the probe response!

WPSpy is a tool to simply monitor and report changes in the WPS status of and access point. This is particularly useful if you are running some of our described attacks that leverage WPS to gain access to the WLAN.

, ,

4 Responses to “WPScan & WPSpy Tools”

  1. Hacking With Gum » WiFi Protected Setup Router Backdoor Says:
    May 17th, 2009 at 10:36 am

    [...] you just wait for WPS to be activated (WPS state can be passively monitored real-time using WPSpy) and use a WPS-capable WiFi card (or software) to retrieve the key: Using a Belkin WiFi card to [...]

  2. jean Says:
    February 24th, 2010 at 9:41 pm

    hello, i try to use your tool, but i have the following error:

    sudo ./wpspy.py -i wlan1
    Traceback (most recent call last):
    File “./wpspy.py”, line 237, in
    main()
    File “./wpspy.py”, line 220, in main
    conf.iface = optarg
    NameError: global name ‘conf’ is not defined

    (with, wifinger, wpscan and wpspy)

    I run under ubuntu 10, python v2.6, scapy from the package manager (2.0.1-1), i have lorcon v2 rc1 installed, and i have also test with a capture when airodump run on a fixed channel. I have also test with a .cap file generated by airodump-ng (sudo python wpscan.py -p /home/me/test-01.cap -b 00:MAC:…: -e SSID
    Caught exception while running sniff(): global name ’sniff’ is not defined
    )

    If you can submit your configuration (py, scapy) / requierement, it will be cool (for more information, my card is in monitor mode, it’s a rtl8187 with patch aircrack-ng r8187)

  3. craig Says:
    February 27th, 2010 at 8:37 pm

    Hi jean,

    scapy has changed the way that imports are done since we released the tool. We’ll updated it soon (hopefully!), but here’s the fix: at the top of the scripts, replace “from scapy import *” with “from scapy.all import *”.

  4. Car Radio Wire Says:
    June 14th, 2010 at 1:30 am

    LOL hell ya but no one touches my lunch

Leave a Reply