Evil Twin Access Point Toolkit

A complete, modular, and reproducible evil twin access point setup for defensive security testing, penetration testing, and wireless security research.

⚠️ Legal Disclaimer

FOR EDUCATIONAL AND AUTHORIZED SECURITY TESTING ONLY

This tool is provided for:

• Educational purposes
• Authorized penetration testing
• Security research in controlled environments
• Defensive security training

ILLEGAL USE IS STRICTLY PROHIBITED. Unauthorized access to computer networks is a crime in most jurisdictions. Users are solely responsible for:

• Obtaining written authorization before testing
• Compliance with all applicable laws and regulations
• Any consequences resulting from misuse

By using this tool, you agree to use it only on networks you own or have explicit written permission to test.

---

📋 Table of Contents

• Overview
• Features
• Hardware Requirements
• Software Requirements
• Installation
• Configuration
• Usage
• Traffic Capture
• Monitoring
• Troubleshooting
• Project Structure
• Security Considerations
• Contributing
• License

---

🎯 Overview

This toolkit creates a rogue wireless access point (evil twin) that mimics a legitimate network. It captures network traffic by creating an identical SSID that clients may automatically connect to, believing it's the legitimate network.

What is an Evil Twin Attack?

An evil twin is a fraudulent Wi-Fi access point that appears to be legitimate but is set up to eavesdrop on wireless communications. The attack works by positioning a rogue access point near the target network, broadcasting the same SSID, and tricking devices into connecting.

Use Cases

• 🔐 Penetration testing wireless security
• 🎓 Security awareness training and demonstrations
• 🧪 Network security research in lab environments
• 🛡️ Testing wireless intrusion detection systems
• 📱 Analyzing device behavior and client connectivity

---

✨ Features

• 🔧 Modular Design: Clear separation of concerns with reusable functions
• 📊 Verbose Output: Color-coded status messages for every operation
• 🔍 Real-time Monitoring: Live tracking of connected clients with timestamps
• 📝 Comprehensive Logging: Detailed logs for hostapd, dnsmasq, and connections
• 🌐 Internet Sharing: Automatic NAT configuration for internet passthrough
• 🔄 Auto-Discovery: Automatic detection of internet-facing interface
• 🧹 Clean Teardown: Graceful shutdown with full system restoration
• ✅ Dependency Management: Automated installation and verification
• 🎨 Cross-Platform: Supports Debian, Ubuntu, Kali, Fedora, Arch, and more
• 📦 Reproducible: Version-controllable configuration files
• 📡 Interface Detection: Automatic wireless adapter detection and AP mode verification
• 📸 Traffic Capture: Built-in PCAP capture with filtering and rotation

---

🔌 Hardware Requirements

Wireless Network Adapter

Your wireless adapter MUST support AP (Access Point) mode. Not all wireless cards support this functionality.

✅ Recommended Adapters

These adapters are known to work well and support AP mode:

Chipset	Model Examples	Features	Price Range
RTL8812AU	Alfa AWUS036ACH, TP-Link Archer T4U	Dual-band (2.4/5GHz), High power, Excellent range	$40-60
RTL8814AU	Alfa AWUS1900, TP-Link Archer T9UH	Quad antenna, AC1900, Long range	$60-80
Atheros AR9271	TP-Link TL-WN722N v1, Alfa AWUS036NHA	Stable, Well-supported, Budget-friendly	$20-35
MT7612U	Panda PAU0D, Alfa AWUS036ACM	Dual-band, Good compatibility	$35-50
RTL8188EU	Various budget adapters	Basic, 2.4GHz only, Entry-level	$10-20

🏆 Top Recommendations

1. Alfa AWUS036ACH (RTL8812AU)

   • Best overall choice for penetration testing
   • Excellent driver support in Kali Linux
   • High transmit power (up to 30dBm)
   • Dual-band support

2. TP-Link TL-WN722N v1 (Atheros AR9271)

   • Best budget option
   • Rock-solid stability
   • Native Linux support
   • ⚠️ Make sure to get version 1, not v2 or v3

3. Alfa AWUS036ACM (MT7612U)

   • Good balance of price and performance
   • Excellent compatibility
   • Medium power output

❌ Adapters to Avoid

• Built-in laptop wireless cards (usually don't support AP mode)
• RTL8188FTV chipset (poor AP mode support)
• Broadcom chipsets (limited Linux support)
• Any adapter labeled "v2" or "v3" of previously working models (often use different, incompatible chipsets)

Verifying AP Mode Support

Before purchasing, verify the adapter supports AP mode:

# Check if your current adapter supports AP mode
iw list | grep -A 10 "Supported interface modes"

# Look for this in the output:
# * AP
# * monitor

Additional Hardware

• Ethernet Connection: Required for internet passthrough (can be physical or USB-Ethernet adapter)
• Sufficient USB Power: Some high-power adapters may require a powered USB hub
• Computer: Any laptop or desktop running Linux (recommended: Kali Linux)

---

💻 Software Requirements

Operating System

• Recommended: Kali Linux (2020.1 or later)
• Also Supported:
  • Debian 10+
  • Ubuntu 18.04+
  • Fedora 30+
  • Arch Linux
  • ParrotOS
  • BlackArch

Required Packages

These will be automatically installed by install_dependencies.sh:

• hostapd - Creates the access point
• dnsmasq - Provides DHCP and DNS services
• iptables - Configures NAT and firewall rules
• iproute2 - Network interface configuration
• wireless-tools - Wireless management utilities
• net-tools - Network diagnostic tools
• iw - Wireless configuration utility
• tcpdump - Packet capture utility

Privileges

• Root/sudo access is required for all operations

---

📦 Installation

Quick Start

# Clone the repository
git clone https://github.com/yourusername/evil-twin-ap.git
cd evil-twin-ap

# Install dependencies
sudo ./install_dependencies.sh

# Detect your wireless interfaces
sudo ./detect_interface.sh

# Configure your settings (update interface if needed)
nano hostapd.conf  # Change SSID, channel, interface
nano dnsmasq.conf  # Adjust DHCP settings, interface

# Start the evil twin
sudo ./start_evil_twin.sh

Detailed Installation

Step 1: Clone Repository

git clone https://github.com/yourusername/evil-twin-ap.git
cd evil-twin-ap

Step 2: Install Dependencies

The installation script automatically detects your Linux distribution and installs required packages:

sudo ./install_dependencies.sh

What it does:

• Detects your Linux distribution
• Updates package lists
• Installs all required tools
• Verifies kernel modules are loaded
• Checks wireless adapter compatibility
• Creates documentation

Step 3: Detect Wireless Interfaces

CRITICAL STEP: Before configuring, detect which wireless interface supports AP mode:

sudo ./detect_interface.sh

This script will analyze all wireless interfaces and recommend the best one to use.

Example output:

==========================================
   Wireless Interface Detection
==========================================

[INFO] Scanning for wireless interfaces...

[✓] Found 2 wireless interface(s)

═══════════════════════════════════════════
Interface: wlan1
═══════════════════════════════════════════
State: DORMANT
MAC Address: 1a:60:c6:85:87:53
Driver: rtl88XXau

[INFO] Checking capabilities for wlan1...
[✓] Supports AP mode (Access Point) ✓
[✓] Supports Monitor mode ✓
Current Mode: managed

═══════════════════════════════════════════
Interface: wlan0
═══════════════════════════════════════════
State: DOWN
MAC Address: b2:72:bf:bc:31:bd
Driver: iwlwifi

[INFO] Checking capabilities for wlan0...
[✓] Supports AP mode (Access Point) ✓
[✓] Supports Monitor mode ✓
Current Mode: managed
[!] Power management is ON (may cause issues)

==========================================
   Summary & Recommendations
==========================================

[✓] Found 2 AP-capable interfaces:
  - wlan1
  - wlan0

[INFO] Recommendation: Use wlan1 (likely external USB adapter)

[!] wlan0 is usually built-in WiFi - use external adapter if available

[INFO] To update configuration files, run:
  sed -i 's/^interface=.*/interface=wlan1/' hostapd.conf
  sed -i 's/^interface=.*/interface=wlan1/' dnsmasq.conf

Current Configuration:
  hostapd.conf: interface=wlan1
  dnsmasq.conf: interface=wlan1

[INFO] After updating, verify with: iw list | grep -A 10 'Supported interface modes'

Key Insights:

• 🎯 wlan1 is typically your external USB adapter (recommended for evil twin)
• 💻 wlan0 is usually built-in WiFi (may have power management issues)
• ✅ The script shows which interfaces support AP mode
• 📝 Follow the script's recommendations to update your config files
• ⚠️ Important: Use the external adapter (wlan1) for best results

If you have multiple interfaces:

• External USB adapters (wlan1, wlan2) are preferred over built-in (wlan0)
• Realtek, Atheros, and Ralink chipsets typically have better AP mode support
• Disable or disconnect wlan0 if you're using wlan1 to avoid conflicts

Step 4: Verify Installation

After installation and interface detection, verify everything is working:

# Check hostapd
hostapd -v

# Check dnsmasq
dnsmasq -v

# List wireless interfaces
iw dev

# Verify AP mode support (detailed)
iw list | grep -A 10 "Supported interface modes"

# Check current interface configuration
grep "^interface=" hostapd.conf dnsmasq.conf

---

⚙️ Configuration

hostapd.conf - Access Point Settings

Edit hostapd.conf to customize your evil twin:

nano hostapd.conf

Key settings to modify:

# Wireless interface (CHANGE to wlan1 if using external USB adapter)
interface=wlan1

# Network name (CHANGE THIS to match target network)
ssid=TestNetwork

# Channel (1-11 for 2.4GHz, 36-165 for 5GHz)
channel=6

# WiFi password
wpa_passphrase=letitrain2

# Country code (affects available channels)
country_code=US

dnsmasq.conf - DHCP/DNS Settings

Edit dnsmasq.conf to customize network settings:

nano dnsmasq.conf

Key settings:

# Interface to serve DHCP/DNS (MUST match hostapd.conf)
interface=wlan1

# DHCP range (adjust as needed)
dhcp-range=192.168.99.10,192.168.99.250,12h

# Gateway (this machine)
dhcp-option=3,192.168.99.1

# DNS servers (upstream)
server=8.8.8.8
server=8.8.4.4

Network Configuration

Default settings:

• AP IP: 192.168.99.1
• Subnet: 192.168.99.0/24
• DHCP Range: 192.168.99.10 - 192.168.99.250
• Channel: 6 (2.4GHz)
• Password: letitrain2
• Interface: wlan1 (external adapter)

---

🚀 Usage

Starting the Evil Twin

sudo ./start_evil_twin.sh

What happens:

1. ✅ Checks root privileges
2. ✅ Verifies all dependencies are installed
3. ✅ Discovers internet-facing interface (eth0, etc.)
4. ✅ Validates network interfaces exist
5. ✅ Stops conflicting services (NetworkManager, wpa_supplicant)
6. ✅ Configures wireless interface with IP 192.168.99.1
7. ✅ Enables IP forwarding
8. ✅ Sets up NAT and iptables rules
9. ✅ Starts DHCP/DNS server (dnsmasq)
10. ✅ Starts access point (hostapd)
11. ✅ Begins monitoring connected clients

Output example:

==========================================
   Evil Twin AP - Start Script
==========================================

[INFO] Checking privileges...
[SUCCESS] Running with root privileges
[INFO] Checking dependencies...
[SUCCESS] All dependencies found
[INFO] Discovering internet interface...
[SUCCESS] Internet interface detected: eth0
[INFO] Checking interface wlan1...
[SUCCESS] Interface wlan1 found
...
==========================================
   Evil Twin AP Started Successfully!
==========================================

Configuration:
  SSID: TestNetwork
  Channel: 6
  Password: letitrain2
  AP IP: 192.168.99.1
  Subnet: 192.168.99.0/24
  WLAN Interface: wlan1
  Internet Interface: eth0

To stop the Evil Twin AP, run:
  sudo ./stop_evil_twin.sh

To capture traffic for analysis:
  sudo ./capture_traffic.sh
  sudo ./capture_traffic.sh -v  # verbose mode

Stopping the Evil Twin

sudo ./stop_evil_twin.sh

What happens:

1. ✅ Stops connection monitor
2. ✅ Stops hostapd gracefully
3. ✅ Stops dnsmasq
4. ✅ Clears iptables rules
5. ✅ Disables IP forwarding
6. ✅ Resets wireless interface
7. ✅ Restarts NetworkManager
8. ✅ Displays session statistics

Output example:

==========================================
   Evil Twin AP - Stop Script
==========================================

[INFO] Stopping hostapd...
[SUCCESS] hostapd stopped (PID: 12345)
[INFO] Stopping dnsmasq...
[SUCCESS] dnsmasq stopped (PID: 12346)
...
==========================================
   Session Statistics
==========================================

Unique clients connected: 3

Last 10 DHCP assignments:
  192.168.99.10 - AA:BB:CC:DD:EE:01
  192.168.99.11 - AA:BB:CC:DD:EE:02
  192.168.99.12 - AA:BB:CC:DD:EE:03

---

📸 Traffic Capture

Capturing Network Traffic

The toolkit includes a comprehensive traffic capture script that saves packet data as PCAP files for analysis:

# Basic capture (continuous until Ctrl+C)
sudo ./capture_traffic.sh

# Capture for specific duration (60 seconds)
sudo ./capture_traffic.sh -d 60

# Capture with verbose output and live statistics
sudo ./capture_traffic.sh -v

# Capture only HTTP/HTTPS traffic
sudo ./capture_traffic.sh -f "tcp port 80 or tcp port 443"

# Capture with custom filename
sudo ./capture_traffic.sh -n my_test_capture

# Capture on specific interface
sudo ./capture_traffic.sh -i wlan1

# Capture with file rotation (50MB files, max 20 files)
sudo ./capture_traffic.sh -s 50 -m 20

Capture Script Options

-i, --interface <name>    Wireless interface to capture (default: wlan0)
-d, --duration <seconds>  Capture duration in seconds (default: continuous)
-n, --name <name>         Custom capture filename prefix
-f, --filter <filter>     BPF capture filter (e.g., "tcp port 80")
-s, --size <MB>           Rotate files when size reaches MB (default: 100)
-m, --max-files <num>     Maximum number of rotated files (default: 10)
-v, --verbose             Show verbose packet statistics
-h, --help                Show help message

Capture Features

• ✅ Saves traffic as standard PCAP format
• ✅ Automatic file rotation to prevent huge files
• ✅ Live packet statistics in verbose mode
• ✅ BPF filtering support (Berkeley Packet Filter)
• ✅ Timed captures or continuous operation
• ✅ Safe cleanup on Ctrl+C
• ✅ Output saved to output/ directory

Output Location

All captures are saved in output/ with timestamp-based filenames:

• Format: capture_YYYYMMDD_HHMMSS.pcap
• Custom: yourname_YYYYMMDD_HHMMSS.pcap

Analyzing Captured Traffic

# Open in Wireshark (GUI)
wireshark output/capture_20251018_143215.pcap

# Analyze with tcpdump
tcpdump -r output/capture_20251018_143215.pcap -n

# Filter for specific protocols
tcpdump -r output/capture_20251018_143215.pcap 'tcp port 80'

# Extract HTTP requests
tcpdump -r output/capture_20251018_143215.pcap -A 'tcp port 80'

# Get capture statistics
capinfos output/capture_20251018_143215.pcap

# Use tshark for advanced analysis
tshark -r output/capture_20251018_143215.pcap -Y "http.request"

Common BPF Filters

# HTTP traffic only
sudo ./capture_traffic.sh -f "tcp port 80"

# HTTPS traffic only
sudo ./capture_traffic.sh -f "tcp port 443"

# HTTP and HTTPS
sudo ./capture_traffic.sh -f "tcp port 80 or tcp port 443"

# DNS queries
sudo ./capture_traffic.sh -f "udp port 53"

# Specific IP address
sudo ./capture_traffic.sh -f "host 192.168.99.10"

# Exclude broadcast traffic
sudo ./capture_traffic.sh -f "not broadcast and not multicast"

# Capture only TCP traffic
sudo ./capture_traffic.sh -f "tcp"

---

📊 Monitoring

Real-time Connection Monitoring

The toolkit provides several ways to monitor connected clients:

1. Connection Log

Automatically updated every 5 seconds:

tail -f logs/connections.log

Example output:

=== Sat Oct 18 14:32:15 EDT 2025 ===
Connected clients:
192.168.99.10 dev wlan1 lladdr aa:bb:cc:dd:ee:01 REACHABLE
192.168.99.11 dev wlan1 lladdr aa:bb:cc:dd:ee:02 STALE

2. DHCP Assignments

View DHCP leases in real-time:

tail -f logs/dnsmasq.log

Example output:

dnsmasq-dhcp[12346]: DHCPDISCOVER(wlan1) aa:bb:cc:dd:ee:01
dnsmasq-dhcp[12346]: DHCPOFFER(wlan1) 192.168.99.10 aa:bb:cc:dd:ee:01
dnsmasq-dhcp[12346]: DHCPREQUEST(wlan1) 192.168.99.10 aa:bb:cc:dd:ee:01
dnsmasq-dhcp[12346]: DHCPACK(wlan1) 192.168.99.10 aa:bb:cc:dd:ee:01 android-device

3. Access Point Status

Monitor hostapd logs:

tail -f logs/hostapd.log

4. Manual Checks

# List connected clients
sudo iw dev wlan1 station dump

# Show DHCP leases
cat /var/lib/misc/dnsmasq.leases

# Check interface status
ip addr show wlan1

# View active connections
sudo arp -a -i wlan1

---

🔧 Troubleshooting

Common Issues and Solutions

1. "No wireless interfaces found"

Problem: Your wireless adapter isn't detected.

Solutions:

# Check if adapter is connected
lsusb | grep -i wireless

# Check interface name
ip link show

# Try replugging USB adapter

# Check kernel messages
dmesg | tail -20

# Run the detection script
sudo ./detect_interface.sh

2. "Interface doesn't support AP mode"

Problem: Your adapter doesn't support creating access points.

Solution: You need a different wireless adapter. See Hardware Requirements for recommendations.

Verify support:

iw list | grep -A 10 "Supported interface modes"
# Should show: * AP

3. "hostapd failed to start"

Problem: hostapd can't start the access point.

Solutions:

# Check if interface is busy
sudo airmon-ng check kill

# Verify interface is up
sudo ip link set wlan1 up

# Check hostapd config syntax
sudo hostapd -d hostapd.conf

# View detailed logs
cat logs/hostapd.log

# Make sure you're using the right interface
grep "^interface=" hostapd.conf

4. "NetworkManager keeps interfering"

Problem: NetworkManager is managing the wireless interface.

Solution:

# The start script handles this, but if issues persist:
sudo systemctl stop NetworkManager
sudo systemctl disable NetworkManager  # Temporarily

# After testing, re-enable:
sudo systemctl enable NetworkManager
sudo systemctl start NetworkManager

5. "Clients connect but have no internet"

Problem: NAT/routing isn't configured correctly.

Solutions:

# Verify IP forwarding
cat /proc/sys/net/ipv4/ip_forward
# Should output: 1

# Check NAT rules
sudo iptables -t nat -L -v

# Verify internet interface
ip route show default

# Test internet on host
ping -c 3 8.8.8.8

# Check if eth0 has internet
ping -I eth0 -c 3 8.8.8.8

6. "Permission denied" errors

Problem: Not running with sufficient privileges.

Solution:

# Always use sudo
sudo ./start_evil_twin.sh

7. "Channel X is not available"

Problem: Wireless regulations restrict certain channels.

Solutions:

# Check available channels for your country
iw list | grep -A 20 "Frequencies:"

# Edit hostapd.conf and change to available channel
nano hostapd.conf
# Common safe channels: 1, 6, 11 (2.4GHz)

8. "dnsmasq failed to start"

Problem: Port 53 (DNS) is already in use.

Solutions:

# Check what's using port 53
sudo lsof -i :53

# Stop systemd-resolved if running
sudo systemctl stop systemd-resolved

# Or configure dnsmasq to use different port

9. "Wrong interface being used"

Problem: Scripts are using wlan0 instead of wlan1 (or vice versa).

Solutions:

# Run interface detection
sudo ./detect_interface.sh

# Update config files to use correct interface
sed -i 's/^interface=.*/interface=wlan1/' hostapd.conf
sed -i 's/^interface=.*/interface=wlan1/' dnsmasq.conf

# Verify changes
grep "^interface=" hostapd.conf dnsmasq.conf

Getting Help

If you encounter issues:

1. Check logs: Review logs/hostapd.log, logs/dnsmasq.log
2. Run detection: sudo ./detect_interface.sh
3. Verbose mode: Run scripts with bash -x
4. System logs: Check dmesg and journalctl
5. Test components: Test hostapd and dnsmasq individually
6. Open an issue: Include logs and system information

---

📁 Project Structure

evil-twin-ap/
│
├── README.md                    # This file (documentation)
├── LICENSE                      # License information
│
├── hostapd.conf                 # Access point configuration
├── dnsmasq.conf                 # DHCP/DNS server configuration
│
├── install_dependencies.sh      # Dependency installer (all distros)
├── detect_interface.sh          # Wireless interface detection & verification
├── start_evil_twin.sh           # Main start script
├── stop_evil_twin.sh            # Cleanup and stop script
├── capture_traffic.sh           # Traffic capture script (PCAP)
│
├── .evil_twin.pid               # Runtime PID file (created automatically)
├── .capture.pid                 # Capture PID file (created automatically)
│
├── logs/                        # Log directory (created at runtime)
│   ├── hostapd.log             # Access point logs
│   ├── dnsmasq.log             # DHCP/DNS logs
│   └── connections.log         # Client connection tracking
│
└── output/                      # Packet capture directory
    └── *.pcap                  # PCAP files from traffic capture

File Descriptions

File	Purpose	Modify?
hostapd.conf	AP settings (SSID, channel, password, interface)	✅ Yes - customize for your test
dnsmasq.conf	DHCP/DNS configuration (interface, IP range)	✅ Yes - adjust network settings
install_dependencies.sh	Installs required packages	❌ No - run as-is
detect_interface.sh	Detects wireless interfaces & AP mode support	❌ No - run as-is
start_evil_twin.sh	Starts the evil twin AP	⚠️ Rarely - only for advanced customization
stop_evil_twin.sh	Stops and cleans up	❌ No - run as-is
capture_traffic.sh	Captures traffic to PCAP files	⚠️ Use CLI options instead
logs/*.log	Runtime logs	📖 Read-only - for monitoring
output/*.pcap	Captured packet data	📖 Read-only - for analysis

---

🔒 Security Considerations

Ethical Usage Guidelines

1. Authorization: ALWAYS obtain written permission before testing
2. Scope: Stay within the agreed scope of testing
3. Documentation: Keep detailed logs of all activities
4. Disclosure: Report findings responsibly to network owners
5. Data Handling: Do not intercept, store, or misuse captured data

Legal Considerations

• Creating rogue access points without authorization is ILLEGAL in most countries
• Penalties can include fines, imprisonment, and criminal records
• Even "harmless" testing can be prosecuted if unauthorized
• Corporate environments: Get IT department approval in writing
• Public spaces: NEVER test on public networks

Technical Security

This toolkit by design:

• ✅ Focuses on access point creation and monitoring
• ✅ Includes traffic capture for authorized analysis only
• ✅ Provides comprehensive logging for accountability
• ⚠️ Does NOT include credential harvesting
• ⚠️ Does NOT include SSL stripping or active MITM attacks
• ⚠️ Does NOT include captive portal phishing

To enhance security of your testing:

• Use isolated network segments
• Implement test network identification (unique SSIDs)
• Limit testing to specific time windows
• Monitor and log all activities
• Use only in Faraday cages or RF-shielded rooms to prevent signal leakage

Defensive Measures

Organizations can protect against evil twin attacks by:

• Implementing 802.1X authentication (WPA2/WPA3 Enterprise)
• Using certificate validation for network authentication
• Deploying wireless intrusion detection systems (WIDS)
• Enabling Protected Management Frames (PMF/802.11w)
• Training users to verify network authenticity
• Using VPNs for sensitive communications
• Monitoring for rogue access points

---

🤝 Contributing

Contributions are welcome! Please follow these guidelines:

How to Contribute

1. Fork the repository
2. Create a feature branch: git checkout -b feature/your-feature
3. Make your changes with clear commit messages
4. Test thoroughly on multiple systems if possible
5. Update documentation if you change functionality
6. Submit a pull request with detailed description

Contribution Guidelines

• Maintain the modular structure
• Add verbose logging for new features
• Include error handling for edge cases
• Update README if adding new features
• Follow existing code style (bash best practices)
• Add comments for complex logic
• Test on at least one Debian-based distro

Code Style

# Use descriptive function names
configure_network_interface() {
    # Clear comments
    # Error handling
    # Verbose output
}

# Consistent formatting
print_info "Starting process..."
command || print_error "Failed to execute command"

Areas for Contribution

• Support for additional wireless drivers
• Web-based monitoring dashboard
• Enhanced client fingerprinting
• Automated security report generation
• Docker containerization
• Raspberry Pi specific optimizations
• Additional BPF filter templates
• Integration with other security tools

---

📄 License

This project is provided for educational and authorized security testing purposes only.

MIT License (see LICENSE file for full text)

Copyright (c) 2025 [Your Name]

Permission is hereby granted for educational and authorized security
testing purposes only...

---

🙏 Acknowledgments

• The Kali Linux team for excellent wireless security tools
• The hostapd and dnsmasq projects
• The wireless security research community
• Contributors and testers

---

📚 Additional Resources

Learning Resources

• OWASP Wireless Security Testing Guide
• WiFi Penetration Testing Methodology
• Wireless Security on Kali Linux

Related Tools

• Aircrack-ng: Wireless auditing suite
• Wireshark: Network protocol analyzer
• Bettercap: Network attacks and monitoring
• Wifiphisher: Automated phishing attacks on WiFi

Documentation

• hostapd Documentation
• dnsmasq Manual
• Linux Wireless Wiki
• tcpdump Manual

---

📞 Support

• Issues: GitHub Issues
• Discussions: GitHub Discussions
• Security: Report vulnerabilities via email (not public issues)

---

⚖️ Final Warning

┌─────────────────────────────────────────────────────────────┐
│                                                             │
│  This tool is provided for EDUCATIONAL PURPOSES ONLY        │
│                                                             │
│  Unauthorized access to computer networks is ILLEGAL        │
│                                                             │
│  Always obtain written permission before testing            │
│                                                             │
│  You are responsible for your actions                       │
│                                                             │
└─────────────────────────────────────────────────────────────┘

Remember: With great power comes great responsibility. Use this tool ethically, legally, and responsibly.

---

Happy (Authorized) Testing! 🔐