Subliminal Hacking
The Art and Science of Social Engineering


February 7, 2013

Wireless Attack and Audit Tools … Recommendations List

Wireless recon and exploitation may not be one of the techniques that first jumps to mind when you think of Social Engineering, but its a valid attack vector for both the on premises recon and attacks (direct to the wireless infrastructure) but also clientside (attacking the host on premise and in the airport lounge).

With this in mind and the ever increasing usage of wireless technologies and a couple of requests from people I thought it would be a great idea to put together another recommendations list of tools, hardware and resources for anyone looking to get into wireless auditing or adding wireless attack vectors to their current attack methodology (similar to my OSINT  Tools Recommendations List).

This page will be maintained and grown over time, if you know of a good tool, decent hardware or resource please get it touch for consideration on adding it to this list.

Wireless Networks

  • Aircrack-NG – Aircrack-ng is an 802.11 WEP and WPA-PSK keys cracking program that can recover keys once enough data packets have been captured.
  • Kismet – Kismet is an 802.11 layer2 wireless network detector, sniffer, and intrusion detection system.
  • inSSIDer – inSSIDer displays all the Wi-Fi networks around you – including security information, the strength of the network, and broadcasting channel.
  • Airpwn – Airpwn listens to incoming wireless packets, and if the data matches a pattern specified in the config files, custom content is injected “spoofed”.
  • CoWPAtty – WPA Dictionary Attacking Tool.
  • Ettercap – Not wireless specific but a handy tool for Man In The Middle Attacking.
  • ASLeap – Tool for exploiting Cisco LEAP authentication.
  • FreeRadius – A patch for the popular open-source FreeRADIUS implementation to demonstrate RADIUS impersonation vulnerabilities
  • Karmetasploit – Karmetasploit is a great function within Metasploit, allowing you to fake access points, capture passwords, harvest data, and conduct browser attacks against clients.
  • EWSA – Elcomsoft Wireless Security Auditor allows GPU power to crack WPA.WPA2 password enabled networks.
  • Alfa AWUS036H – 1000mW 1W 802.11b/g High Gain USB Wireless Long-Rang WiFi network Adapter with 5dBi Antenna.
  • GlobalStat BU353 GPS – USB GPS Dongle compatible with Kismet. Ideal war mapping out wireless coverage.
  • WiFi Pineapple – Awesome one box wonder of WiFi hacking goodness.
  • Immunity Silica – Automated wireless auditing tool.
  • AirPCAP – Wireless Packet Capture Solution.
  • Edimax EW-7811Un – Nano USB Wifi Adapter that supports inject.


  • BlueSnarfer –  Provides the ability to send and receive AT Commands from GSM extensions.
  • BlueBugger – Bluetooth tool to access phonebook, messages and other AT commands from supported GSM devices.
  • CarWhisperer – Provides the ability to connect to BlueTooth devices with a class of handsfree and uses default passkeys to connect.
  • Linksys Usbbt100 – Great moddable  BlueTooth dongle for hacking, not so easy to get hold of.
  • MSI MS-6967 – Another BlueTooth dongle that supports modding for external antenna.
  • Conceptronic CBT200U2 – Another BlueTooth dongle that supports modding for external antenna.
  • Ubertooth One – The goto hardware for Bluetooth hacking and experimentation.


  • KillerBee –  KillerBee is a Python based framework and tool set for exploring and exploiting the security of ZigBee and IEEE 802.15.4 networks.
  • KisBee – Kisbee is a project to create a small, battery powered, open source hardware device for capturing 802.15.4 (aka Zigbee).
  • AVR RZ Raven – Zigbee USB Wireless that works with the KillerBee Framework.


  • Proxmark3 – The Proxmark III is the most powerful and versatile open source device currently available for performing RFID research.

Be Sociable, Share!

    About the Author

    Dale Pearson
    has worked in IT since 1998, Infosec since 2004, and studied and performed hypnosis, mentalism etc since 2009. Dale is a full time Red Teamer with a love of social engineering and qualified hypnotherapist. He spends a great deal of time researching the various skills and techniques that make up the art and science of Social Engineering.


    1. […] Essential Wireless Attack (hacking) and Audit Tools for Security Penetration Testers and Social Engineers as recommended by Subliminal Hacking's Dale Pearson  […]

    2. loves libraries

      I found your site when I searched for subliminals or something. This here site really surprised me because I thought social engineers had to remain hidden. Do you suppose wireless attacks and beEF legal? Why are you telling people how to hack? What does this have to do with subliminals? Today I am researching subliminal stuff. What is the connection between hacking and the subliminal? Do you know any sites that offer uplifting visual, nonverbal subliminal? Like rapid speed nature scenes or happy scenes? Can you invent a site like that, with a full menu to choose from or custom-select? Maybe out in some verbal choices like one-liner jokes to choose from?

    3. Dale

      Thanks for stumbling across the site. You might want to take a moment to read the about page ( to get a better feel for what this site is about.
      As with any information if can be used for good or bad, but regardless awareness of tools and techniques can make everyone better prepared to defend themselves.

    4. Lesley

      Hi Dale: I found your article while searching for current resources on wireless hacking. I am having a hard time finding books with publication dates in the last year or even last two years. You have listed the book Hacking Exposed Wireless, Second Edition, (2010) which is a book that I own. Do you find that the information in this book is still current? Can you recommend any more current books? Thanks for the article!

    5. Dale


      Hacking wireless exposed is a great book, but as you point out is nearly 4 years old now.
      Although not a great amount of things have changed, I would recommend checking out BackTrack 5 Wireless Penetration Testing Beginner’s Guide.
      Even though it calls itself a beginners guide it has good, detailed coverage of various techniques.

      I guess the real question is, what are you looking for that you are not getting from the exposed publication?


    Leave a Reply

    Your email address will not be published. Required fields are marked *

    Time limit is exhausted. Please reload CAPTCHA.

    This site uses Akismet to reduce spam. Learn how your comment data is processed.