Skip to content
Detect and alert when Rogue AP and Deauth attacks occur
Branch: master
Clone or download
Latest commit 8e972a3 May 16, 2019
Type Name Latest commit message Commit time
Failed to load latest commit information.
hostapd-configs Get the files combined into Sep 28, 2018
.gitignore Update May 16, 2019
config.json Add config fields and get strength check working Nov 28, 2018
requirements.txt Update requirement Nov 29, 2018


WatchTower is a tool created to help detect both Rogue AP and Deauth attacks. It is in early stages of development and was developed initially to fulfill the requirements of my IT662 Data Communications and Networking class.


Slack Alerts

watchtower2 watchtower1


  1. Clone project repo
  2. virtualenv --python python3 venv
  3. git clone
  4. pip3 install scapy/
  5. pip3 install -r requirements.txt
  6. airmon-ng start wlan0 (where wlan0 is a WLAN adapter)
  7. python3 ./watchtower

config.json documentation

  "ssid": "MyNetwork",
  "macs": [
  "channel": 6,
  "encryption": "WPA2",
  "cipher": "CCMP",
  "authentication": "PSK",
  "signalStrength": -35,
  "strengthVariance": 5,
  "checks": {
    "checkMAC": true,
    "checkChannel": false,
    "checkEncryption": true,
    "checkCipher": true,
    "checkAuthentication": true,
    "checkStrength": true
  "slackWebhook": "",
  "sendSlackNotify": false

authType options:

  • "WPA2"
  • "WEP"
  • "OPEN"

Known issues

  • In hostapd, if "wpa=" is set to 3 enabling both WPA and WPA2, we just detect it as WPA2

Academic Paper

PDF (12 Pages)


Because this project is based off of the Airoscapy project by Peter Kacherginsky, WatchTower is licensed under the Creative Commons “Attribution-NonCommercial-ShareAlike 4.0 International” (CC BY-NC-SA 4.0) license . Airoscapy is released under this license which re-quires material built upon it to be released under the same.

You can’t perform that action at this time.