dwpa VS airgeddon

From what I’ve seen, typically the contributor count on wpa-sec.stanev.org has hovered around 10-15; currently it sits at 6928 and climbing (but producing only ~2x the 24hr performance of the nominal 10-15 contributors). Does someone have a cluster / network of low-power devices they’ve begun contributing? Did the service recently get published somewhere to attract new contributors? Is there a bug in the contributor-count code?

"WPA_SEC: Internet connectivity detected. Uploading new handshakes to wpa-sec.stanev.org"

It has a feature that will upon capture auto upload the hashes to places like onlinehashcrack or https://wpa-sec.stanev.org/ to crack.

main.plugins.wpa-sec.enabled = false main.plugins.wpa-sec.api_key = "" main.plugins.wpa-sec.api_url = "https://wpa-sec.stanev.org" main.plugins.wpa-sec.download_results = false main.plugins.wpa-sec.whitelist = []

I would like to try and create a plugin that checks wpa-sec.stanev.org (your nets) and compare a list of "already cracked wifi networks" and then show you the most recent cracked wifi network on your pwnagotchi.

https://wpa-sec.stanev.org/?

The wpa-sec plugin is also already there; you just need to enable it in your config.toml. There's a key you need to grab from the https://wpa-sec.stanev.org website by signing up, too. Anytime you want to see what passwords have been cracked, you can use your key on that site to lookup progress.

I'm imagining a Pi 4 B 8GB, running 4 Pwnagotchi VMs in PiMox with 512MB RAM a piece, each connected to it's own 802.11AC / bluetooth USB adapter. Since PiMox runs on top of RasPiOS, load LXQT or XFCE and connect directly to localhost in the browser to manage the VMs, and add a 4G modem to be able to upload handshakes to https://wpa-sec.stanev.org without needing to be connected to a WiFi network.

iirc you just need to register for an API key on https://wpa-sec.stanev.org/ and put that in your config in the wpa-sec section, then enable the plugin. Here-ish: https://github.com/evilsocket/pwnagotchi/blob/master/pwnagotchi/defaults.toml#L46

Known tools (scripts) that are used to exploit WPS vulnerabilities are Reaver and Bully. Another great automated tool is Airgeddon. With some luck, you will be able to run these tools on vulnerable access points (or network repeaters, which are usually vulnerable to WPS attacks) and retrieve the key.

https://github.com/v1s1t0r1sh3r3/airgeddon "I'll just leave this here ;)"

Airgeddon might be for you.

Yes ! This is a good idea. Using a evil twin with a captive portal attack could directly give you the password without having to crack it, assuming the victim enters it. See https://github.com/v1s1t0r1sh3r3/airgeddon

take a look at the source code's menu functions. It's using read for prompts and case statements to pick functions.

``` git clone --depth 1 https://github.com/v1s1t0r1sh3r3/airgeddon.git && cd airgeddon