Wireless Reconnaissance And Intelligent Target Harvesting
Switch branches/tags
Nothing to show
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Failed to load latest commit information.
wraith
.gitignore
CHANGES
CONFIGURE
LICENSE
MANIFEST.in
README.md
TODO
__init__.py
setup.cfg
setup.py

README.md

WRAITH: Wireless Reconnaissance And Intelligent Target Harvesting.

"You knew that I reap where I have not sown and gather where I scattered no seed."

1 DESCRIPTION:

Attack vectors, rogue devices, interfering networks are best visualized and identified over time. Current tools i.e. Kismet, Aircrack-ng and Wireshark are excellent tools but none are completely suitable for collecting and analyzing the 802.11 environment over a period of time without that is, implementing a custom interface.

While originally intending to develop such a custom interface to one or more Kismet based sensors, Wraith evolved. Kismet did not offer enough information, Wireshark offered too much. Wraith is an attempt to develop a toolsuite that eases the collection, collation and analysis of temporal 802.11 data in order to provide administrators with the ability to view their network(s) from a bird's eye view and drill down as necessary to a single device. Wraith allows the user to decide what data to view, how to view it and 'when' to view it.

2. REQUIREMENTS:

  • linux (tested on 3.13.x kernel)
    • NOTE: some cards i.e. rosewill usb nics were not fully supported through iw on earlier 3.13.x kernels
  • Python 2.7
  • postgresql 9.x (tested on 9.3.5)
  • pyscopg > 2.6
  • mgrs 1.1
  • PyRIC 0.1.3 https://github.com/wraith-wireless/pyric)

3. MODULES: Currently consists of three main components/modules: Wifi, Iyri and

the GUI and three secondary modules: utils, widgets, and nidus.

a. wifi (v 0.0.5): 802.11 network interface objects and functions

Objects/functions to manipulate wireless nics and parse 802.11 captures.

Standards

  • Currently Supported: 802.11a\b\g
  • Partially Supported: 802.11n
  • Not Supported: 802.11s\y\u\ac\ad\af

b. iryi (v 0.2.1): Wraith Sensor

Iryi is a 802.11 sensor consisting of an optional radio (shama), and a mandatory radio (abad). 802.11 packets are stored in a circular buffer, parsed and inserted in the database. Any geolocational data is also stored (if a gps device is present).

NOTE: In earlier versions < 0.1.x, Iyri did not handle database writes/updates. Rather this was handled by an additional module colocated on the same system as database that the sensor would pass data to. It was with great relunctance that I removed this 'mediator', and moved database functionality directly to the sensor, primarily for two reasons:

  • it would restrict wraith to a single platform i.e. expanding to a central database and multiple sensors will be very difficult.
  • sensors could no longer be used on 'minimal' systems i.e. routers and other embedded systems However, there were two primary reasons for doing so:
  • I wanted to push more autonomy and intelligence into the sensor which would require the sensor to parse out radiotap and mpdu (no point in doing this twice)
  • frames (as strings) were being passed through multiple connection, queues and sockets before they eventually made their way to the mediator causing a major delay in processing

d. wraith-rt: GUI

At present the gui provides limited functionality and is very much in the developlmental stage. The gui can be used to:

  • start/stop services: Postgresql, Iyri
  • configure Wraith, Iyri
  • view current sessions, current wirless nics and Iyri's log
  • fix database errors, delete all entries in database
  • RF math & land nav conversions, RF math calculations

e. utils: utility functionality

Provides various functions used throughout wraith. See Architecture section for further information.

f. widgets: gui super classes

Defines a graphic suite based on Tkinter/ttk where a set of non-modal panels operate under the control of a master panel and execute tasks, display information independently of or in conjuction with this panel and other panels. (Think undocked windows).

g. nidus: database

Provides the Postgresql database schema, nidus.sql.

4. ARCHITECTURE/HEIRARCHY: Brief Overview of the project file structure

  • wraith: Top-level package
  • __init__.py initialize the top-level
  • wraith-rt.py the main Panel gui
  • subpanels.py child panels
  • wraith.conf gui configuration file
  • LICENSE software license
  • README.md this file
  • CONFIGURE.txt setup details
  • TODO todos for each subpackage
  • widgets: gui subpackage
    • icons: icons folder
    • __init__.py initialize widgets subpackage
    • panel.py defines Panel and subclasses for gui
  • utils: utility functions
    • __init__.py initialize utils subpackage
    • timestamps.py timestamp conversion functions
    • landnav.py land navigation utilities
    • cmdline.py various cmdline utilities for testing processes
    • simplepcap.py pcap writer
    • valrep.py validation and reporting functionality
    • oui.py oui/manuf related functions
  • data: data folder
    • oui.txt tab seperated oui manufacturer file
  • standards: initialize standards subpackage
    • radiotap.py radiotap parsing
    • mpdu.py IEEE 802.11 MAC (MPDU) parsing
    • dott1u.py contstants for 802.11u (not currently used)
    • channels.py 802.11 channel, freq utilities
    • mcs.py mcs index functions
  • nidus: database schema
    • __init__.py initialize nidus subpackage
    • nidus.sql database definition
  • iyri: subpackage for wraith sensor
    • __init__.py initialize iyri package
    • iyri.conf configuration file for iyri
    • iyri.log.conf configuration file for iyri logging
    • iyri.py primary module
    • constants.py defines several constants used by iryi
    • gpsctl.py GPS device handler
    • rdoctl.py radio controler
    • tuner.py radio scanner
    • collate.py data collation and forwarding
    • thresh.py Thresher process for parsing/writing frames
    • iyrid iyri daemon