Skip to content

stavinski/etd

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

24 Commits

.gitignore

.gitignore

 
 

LICENSE

LICENSE

 
 

README.md

README.md

 
 

etd.py

etd.py

 
 

etd.service

etd.service

 
 

etd.yaml

etd.yaml

 
 

requirements.txt

requirements.txt

 
 

setup.sh

setup.sh

 
 

Repository files navigation

Evil Twin Detector (ETD)

Written by: Mike Cromwell

The Evil Twin Detector monitors for devices that are trying to spoof your existing wireless access points, if any are found a notification is sent by email and/or syslog over UDP.

Requirements

Software

  • Linux (could potentially run on other posix systems)
  • Python 2.7
  • systemd
  • pip

Wireless Adapter

Wireless Adapter that supports monitoring, I have been using the Alfa AWUS051NH and have managed to get this working on both 2.4 & 5Ghz bands. I would imagine any of the usual wireless adapters that get mentioned for hacking on Kali would work fine.

Install

git clone https://github.com/stavinski/etd.git && cd etd

ETD can run in 2 modes standalone or as a systemd daemon service.

Standalone

sudo python etd.py

Note that the script must be ran as root.

Service

sudo ./setup.sh install

The existing etd.yaml config file will be copied into /etc/etd so any changes made for the service should be made here and the service restarted

Configuration

ETD uses a yaml config file, when you clone the repo it has a baseline version called etd.yaml, these will need to be tailored to your environment.

Global

  • include_5ghz: (bool)
  • wlan_iface: (string) defaults to 'wlan0' but you will want this to be the iface associated with your wireless adapter
  • mon_iface: (string) defaults to 'mon0' this is the name that the created monitor iface will use change only if it conflicts
  • 5ghz_channels: (list) this can be changed for your region

Logging

  • level: (string) defaults to 'WARN', but can be changed to standard logging levels
  • name:* (string) defaults to 'Evil Twin Detector'

SMTP

  • enabled: (bool) defaults to No
  • server: (string) defaults to 'localhost'
  • port: (int) defaults to 25
  • user: (string) defaults to EMPTY
  • password: (string) defaults to EMPTY
  • from: (string) defaults to 'etd@localhost'
  • to: (string) defaults to 'root@localhost'
  • subject: (string) defaults to 'ETD DETECTION'

Syslog

  • enabled: (bool) defaults to No
  • server: (string) defaults to 'localhost'
  • port: (int) defaults to 514

Ignores

Contains a list of MAC addresses for wireless access points that you expect to be using an SSID you are pattern matching against so that you don't get false positives.

Patterns

Contains a list of strings that should be pattern matched against the SSID being broadcast so that you can filter which devices are actively trying to spoof known wireless access points.

About

Evil Twin Detector

Topics

security monitoring wireless wireless-network wifi-security monitoring-tool security-tools

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

3 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Languages