WPScan & WPSpy Tools

May 9th, 2009

These are the Wifi-Protected Setup tools that we presented at ChicagoCon.

WPScan actively sends 802.11 probe requests to access points that advertise WPS support. It then parses out the WPS Information Element in the resulting probe response and displays the results. This is a very useful fingerprinting tool since nearly all new routers have WPS enabled by default, and most vendors will actually put the exact make, model, and version of the router in the probe response!

WPSpy is a tool to simply monitor and report changes in the WPS status of and access point. This is particularly useful if you are running some of our described attacks that leverage WPS to gain access to the WLAN.

, ,

14 Responses to “WPScan & WPSpy Tools”

  1. Hacking With Gum » WiFi Protected Setup Router Backdoor Says:
    May 17th, 2009 at 10:36 am

    [...] you just wait for WPS to be activated (WPS state can be passively monitored real-time using WPSpy) and use a WPS-capable WiFi card (or software) to retrieve the key: Using a Belkin WiFi card to [...]

  2. jean Says:
    February 24th, 2010 at 9:41 pm

    hello, i try to use your tool, but i have the following error:

    sudo ./wpspy.py -i wlan1
    Traceback (most recent call last):
    File “./wpspy.py”, line 237, in
    main()
    File “./wpspy.py”, line 220, in main
    conf.iface = optarg
    NameError: global name ‘conf’ is not defined

    (with, wifinger, wpscan and wpspy)

    I run under ubuntu 10, python v2.6, scapy from the package manager (2.0.1-1), i have lorcon v2 rc1 installed, and i have also test with a capture when airodump run on a fixed channel. I have also test with a .cap file generated by airodump-ng (sudo python wpscan.py -p /home/me/test-01.cap -b 00:MAC:…: -e SSID
    Caught exception while running sniff(): global name ’sniff’ is not defined
    )

    If you can submit your configuration (py, scapy) / requierement, it will be cool (for more information, my card is in monitor mode, it’s a rtl8187 with patch aircrack-ng r8187)

  3. craig Says:
    February 27th, 2010 at 8:37 pm

    Hi jean,

    scapy has changed the way that imports are done since we released the tool. We’ll updated it soon (hopefully!), but here’s the fix: at the top of the scripts, replace “from scapy import *” with “from scapy.all import *”.

  4. Car Radio Wire Says:
    June 14th, 2010 at 1:30 am

    LOL hell ya but no one touches my lunch

  5. Caramoan Island : Says:
    October 26th, 2010 at 9:13 am

    when it comes to car radios, i prefer to use either Alpine or Pioneer. they are really great brands.`-

  6. Leilani Glaeser Says:
    February 7th, 2011 at 6:04 pm

    Good site, where did you come up with the knowledge in this blog? Im pleased I found it though, ill be checking back soon to see what other articles you have.

  7. BIOCYTE Says:
    April 25th, 2011 at 2:45 am

    Thanks , very interesting !

  8. flavored coffee Says:
    August 8th, 2011 at 4:54 pm

    Nice post. I study something on different blogs everyday. It’s going to all the time be stimulating to read content from different writers and apply somewhat something from their blog.

  9. zappos coupon boots Says:
    August 29th, 2011 at 2:12 am

    Hey! I just wish to give an enormous thumbs up for the great data you’ve got here on this post. I might be coming again to your blog for extra soon.

  10. δονητές Says:
    September 12th, 2011 at 3:21 am

    My spouse and i ended up being really excited that Jordan managed to complete his analysis from the ideas he acquired while using the weblog. It’s not at all simplistic to simply always be releasing methods which other folks might have been trying to sell. And we already know we have the blog owner to give thanks to for this. All of the explanations you made, the easy site menu, the relationships you can help create – it’s everything astounding, and it is letting our son and the family imagine that the subject is interesting, and that’s really serious. Many thanks for everything!

  11. womens upside ugg boots Says:
    December 5th, 2011 at 6:33 am

    strongzz Attractive section of content. I just stumbled upon your site and in accession capital to assert that I get actually enjoyed account your blog posts. Anyway I will be subscribing to your augment and even I achievement you access consistently fast.

  12. jack Says:
    December 16th, 2011 at 11:31 am

    Spot on with this write-up, I actually assume this web site needs way more consideration. I’ll in all probability be again to learn way more, thanks for that info.

  13. WPS access point scan? | << hack 4 fun Says:
    January 5th, 2012 at 2:34 pm

    [...] wpscan.py je součástí balíčku wps_tools. Bude potřeba lehké poupravení kódu pro správnou funkčnost. mkdir wpstools wget [...]

  14. Use wps_tools To Scan WPS AP | Ark@Dis9Team Says:
    January 28th, 2012 at 3:42 am

    [...] tool is bundled wpscan.py wps_tools. You will need light tweaked code to work [...]

Leave a Reply