Wifi Pumpkin – Wifi Security Audit Framework

Image: Latest Hacking News

The security audit framework used to test the security of wifi against threats like the man in the middle attacks is known as Wifi Pumpkin. The tool generates fake access points to employ MITM attacks on wifi networks.

 The machine is capable of utilizing cyber-attacks, such as by developing fake/rogue access points, de-authenticating clients from access points, DHCP starvation attacks, Windows updates attacks, Karma attacks, DNS spoofing, and ARP poisoning. Moreover, Wifi Pumpkin carries the potentiality of phishing, credentials monitoring, and capturing images on the fly.

Wifi Pumpkin is operated by the support of Kali Linux, Parrot OS, Pentoo, and Ubuntu. By cloning the framework from GitHub and running the installer as shown in the following commands Wifi Pumpkin can be installed.

git clone https://github.com/P0cL4bs/WiFi-Pumpkin.git
cd WiFi-Pumpkin
chmod +x installer.sh
sudo ./installer.sh --install

Wifi Pumpkin requires the following software to operate.

  • hostapd
  • is-DHCP-server
  • php5-cli
  • rfkill
  • iptables
  • nmcli

Isc-DHCP-server and php5-cli are optional. The dependencies can be installed by running the requirements.txt file as follows.

pip install –r requirements.txt

How Wifi Pumpkin Works

There are many ways to use Wifi Pumpkin. For demonstration purpose, we are going to develop a rogue access point where anyone can join without requiring any credentials. To make wifi access point Wifi Pumpkin needed Ethernet and wifi adapter. Run the following command to check the available wifi interface.


In most of the cases, it is wlan0.  The next step is to launch the Wifi Pumpkin. Operate the following command to release the Wifi Pumpkin interface.


If that does not perform, run the same command with sudo option i-e

sudo wifi-pumpkin

After opening the Wifi Pumpkin interface, go to the plugins tab to choose the desired plugins for auditing or simulating the wifi attack.

After that, you need to configure the access point from the settings tab. The settings tab provides various configurations to adapt, such as Access Point setting (configuring SSID and BSSID, choosing the network adapter), activity monitor setting, and DHCP setting.  The settings tab doesn’t have an option of enabling wireless security. Keep it unchecked for creating rogue access point without any credentials.

Once you are done with the setting, press the start button to allow the access point to broadcast the free wifi in the vicinity.  Wifi Pumpkin has an activity monitoring window that records all the traffic of the users who are connected with the rogue access point.

Source: Click Here


Please enter your comment!
Please enter your name here