WiFiAngel is an interactive terminal (TUI) application for authorized wireless security work on Linux. It uses Rich for menus and live tables, and orchestrates common Wi‑Fi and lab tools: aircrack-ng, hcxdumptool / hcxtools, hashcat, hostapd, dnsmasq, bettercap, reaver, and others.
Use only on networks and equipment you own or have explicit written permission to test. Unauthorized interception of networks or traffic is illegal in most jurisdictions.
- Features
- Requirements
- Installation
- Quick start
- Using the application
- Screenshots
- Runtime files and reports
- Repository layout
- Development
- License and disclaimer
| Area | What it does |
|---|---|
| Monitor mode | Puts the chosen adapter into monitor mode via airmon-ng / iw, with interface resolution (e.g. wlan0 → wlan0mon) through WiFiAdapterManager. |
| Network discovery | Passive scan using airodump-ng CSV export (--band abg), parsed and merged into an in-memory AP list with SSID, BSSID, channel, security, signal, clients, and WPS hints where available. |
| Live scan UI | While scanning from the main menu, a live Rich table updates; you can return to the main menu and stop the scan with the same menu option. |
| Target selection | Choose a BSSID from discovered networks for attacks that require a selected AP. |
All attack flows assume a selected target where applicable. The app asks for legal-use confirmation once at startup instead of repeating per-module confirmations.
| # | Feature | Summary |
|---|---|---|
| 1 | WPA / WPA2 / WPA3 handshake capture | Advanced capture engine: airodump-ng plus optional hcxdumptool PMKID source, PMF/WPA3-aware deauthentication strategy, client prioritization, frame-level EAPOL replay scoring, live quality telemetry, best-artifact promotion, manifest JSON, optional .22000 export, and hashcat job queue integration. |
| 2 | Deauthentication | Submenu: broadcast deauth to all associated clients, or targeted deauth to one client MAC (aireplay-ng). |
| 3 | PMKID capture | hcxdumptool capture to pcapng, conversion with hcxpcapngtool to 22000 hash format, optional PMKID verification helpers. |
| 4 | Dictionary attack | Run aircrack-ng (or related flow) against a captured handshake using a wordlist (defaults under config/defaults.py). |
| 5 | Hybrid (handshake + PMKID) | Combined capture path: handshake and PMKID in one workflow, then crack attempts as data becomes available. |
| 6 | WPS attack | reaver: Pixie Dust (-K 1) or PIN brute force, with live output in the TUI (requires WPS-enabled target). |
| 7 | Evil Twin lab | hostapd + dnsmasq fake AP: DHCP, DNS, optional client isolation awareness, uplink checks. With a non‑Wi‑Fi default route (e.g. Ethernet), the tool can enable IP forwarding, iptables NAT, DHCP renew on uplink, and show activity (e.g. dnsmasq queries, conntrack / ss-style stats) for lab observation. |
| 8 | Man-in-the-Middle toolkit | Requires bettercap: interface + gateway selection, optional ping sweep for targets, ARP spoof + sniff caplet, Rich Live dashboard (session, traffic digest, ARP clients, pattern alerts). Session logs under logs/mitm/<timestamp>/. |
| # | Feature | Summary |
|---|---|---|
| 1 | Wi-Fi adapter settings | Toggle monitor / managed mode, set channel, show adapter info (iwconfig / related). |
| 2 | Network statistics | Table of discovered networks: channels, security, signal, clients, data packet counts, first/last seen (requires prior scan data). |
| 3 | Client analysis | Lists client MACs observed per network with security context. |
| 4 | MAC address changer | Wrapper around macchanger: show, random, custom, restore. |
| 5 | Signal analyzer | Signal-strength oriented view for scanned APs. |
| 6 | Channel optimizer | Channel recommendation / analysis helpers for 2.4/5 GHz scans. |
| 7 | Security audit | High-level security posture summary from scan-derived data. |
| 8 | Hidden SSID discovery | Workflows to infer or surface hidden SSIDs where frames allow. |
| 9 | Bluetooth and IoT scan | bleak-based BLE discovery (requires Python dependency); lists nearby BLE devices when available. |
| 10 | Network speed test | Upload/download probes via curl (or configured runners), with formatted throughput and simple recommendations. |
| 11 | RF Environment Profiler | Channel density, estimated noise pressure, and overlap-aware interference profiling; suggests best channels for targeting strategy. |
| 12 | Handshake Validator Pro | Multi-source validation for captured handshake/PMKID artifacts using quality scoring plus aircrack-ng and hcxhashtool checks when available. |
| 13 | Wordlist Intelligence | Generates SSID/OUI/vendor-aware candidate wordlists with scored mutations and optional export. |
| 14 | Capture Health Checker | Validates .cap / .pcapng / .22000 capture integrity, duplicate records, and corrupt entries with a health verdict. |
| 15 | WPS Risk Analyzer | Estimates WPS lock-state exposure, rate-limit hints, and practical success window for WPS-enabled targets. |
| 16 | Channel Hopper Optimizer | Adaptive per-channel dwell and hop-interval optimization based on live network/client pressure. |
Automated lab-style pipeline. Legal-use confirmation is requested once at startup; runtime modules do not repeat legal disclaimers or authorization prompts.
- Monitor mode via the same adapter path as the main menu (
WiFiAdapterManager). - Discovery — 60 seconds of
airodump-ngwith the same live network table used by the main menu scan. - Prioritization — scores networks (clients, signal, cipher family, WPS, etc.) and shows a prioritized table.
- Target selection — comma-separated indices or explicit
all; empty or invalid input cancels instead of broadening scope. - Parallel assessments — only networks with observed clients; per-network worker runs airodump + hcxdumptool, deauth bursts, 3–5 minute capture window (configurable in code), then
aircrack-ng/hashcatas appropriate. Live status panel shows per-target heartbeat. - Results table and summary statistics; artifacts under
auto_hack_sessions/<timestamp>/and log append to the session report. Recovered Wi-Fi passphrases are shown in results and can be included in reports, so store outputs securely.
Loggerwrites timestamped logs underlogs/<timestamp>/(main, attacks, networks, clients, evil twin, DNS, traffic helpers).generate_report()can produce security-oriented HTML output via thereportspackage.- MITM runs create
logs/mitm/<timestamp>/(caplets, stdout/stderr, traffic/sensitive logs).
- OS: Linux with a real wireless adapter (not WSL without USB passthrough; VMs need the device passed through).
- Privileges: root (
sudo). - Python: 3.8+ recommended (3.10+ well tested).
pip install -r requirements.txtChecked at session start (must be on PATH): airmon-ng, airodump-ng, aireplay-ng, hashcat, hcxdumptool.
Commonly required for full feature set:
| Area | Typical packages (Debian/Ubuntu) |
|---|---|
| Core Wi‑Fi / crack | aircrack-ng, hashcat, hcxdumptool, hcxtools (hcxpcapngtool) |
| Evil Twin | hostapd, dnsmasq; iptables, iproute2 |
| WPS | reaver |
| MITM | bettercap |
| Optional helpers | curl, nmcli, macchanger, net-tools (ifconfig), wpaclean |
Example:
sudo apt update
sudo apt install -y aircrack-ng hashcat hcxdumptool hcxtools hostapd dnsmasq macchanger reaver curl iproute2 iptables
# Optional
sudo apt install -y bettercap network-managerOn startup, app.main also runs warn_optional_missing_tools so you see which optional binaries are missing before using specific menus.
git clone <repository-url>
cd wifiangel
pip install -r requirements.txtFrom the repository root:
sudo python3 wifiangel.pyThe launcher:
- Verifies root, OS, and Python imports
- Creates runtime directories (
logs,tmp,handshake,auto_hack_sessions) - Warns about optional missing tools
- Shows the welcome banner and main menu
| Key | Action |
|---|---|
| 1 | Start monitor mode on the configured adapter |
| 2 | Start or stop network scan (airodump-ng CSV loop + live table) |
| 3 | Select target network from the current scan results |
| 4 | Open Attack techniques submenu |
| 5 | Open Tools submenu |
| 6 | Run Automated assessment workflow |
| 0 | Exit (stops an active scan if needed) |
Ctrl+C from the main menu stops an active scan or exits / returns depending on context.
- Choose adapter at startup (if prompted).
- 1 — monitor mode (or rely on 2 to auto-enable when scanning).
- 2 — run scan; press Enter when done reviewing the live table.
- 3 — pick target AP.
- 4 — run a specific attack or lab module.
Default paths are defined in config/defaults.py (e.g. wordlists/10-million-password-list-top-1000000.txt, fallback hints to /usr/share/wordlists/rockyou.txt). Dictionary and automated assessment flows prompt or fall back if files are missing.
Controller entrypoint for stateful workflow orchestration: interface bootstrap, monitor-mode transition,
airodump-ng scan loop control, target context binding, module dispatch, and graceful lifecycle cleanup.
Offensive workflow dispatcher for handshake/PMKID acquisition pipelines, targeted/broadcast deauth primitives, WPS routines, Evil Twin lab provisioning (
hostapd/dnsmasq/NAT), and bettercap-driven MITM telemetry sessions.
Diagnostic and post-capture analysis surface: RF channel interference modeling, multi-source handshake/PMKID validation, SSID/OUI-derived wordlist synthesis, capture integrity checks, WPS exposure scoring, and adaptive channel-hop interval optimization.
| Path | Purpose |
|---|---|
logs/ |
Per-run log trees (main.log, attacks.log, …) |
handshake/ |
Handshake .cap / related capture material |
handshake/<ssid>_<bssid>_<timestamp>/capture_manifest.json |
Advanced handshake session manifest with quality history, deauth strategy, targeted clients, artifacts, and optional hashcat job metadata |
tmp/ |
Temporary airodump-ng prefixes and scratch files |
auto_hack_sessions/ |
Timestamped automated assessment outputs and reports |
logs/mitm/ |
Bettercap-centric MITM session folders |
| Path | Role |
|---|---|
wifiangel.py |
Entry point → app.main:main |
app/wifi_angel.py |
Main controller, menus, Evil Twin, MITM, automated assessment |
app/main.py |
Environment checks and app bootstrap |
app/ui/ |
Rich theme (theme.py) and shared widgets (components.py) |
app/logger.py |
File logging and report hook |
adapters/system_tools/ |
CommandRunner, WiFiAdapterManager, speed/ping helpers |
attacks/ |
External command builders, output parsers, and hashcat job metadata |
wifi/ |
airodump-ng CSV parsing, frame helpers, capture quality, artifact indexing, telemetry, and profiling |
config/ |
Defaults, PATH checks, runtime dir creation |
reports/ |
HTML / security report generation |
tests/ |
pytest suite |
wordlists/ |
Bundled or placeholder wordlists (large lists may be gitignored) |
python -m pytestThis project is licensed under the GNU General Public License v3.0. See the LICENSE file.
The authors and contributors are not responsible for misuse. You alone are responsible for complying with applicable laws and for obtaining proper authorization before testing any network.