Airstrike Attack Modules

Airstrike intentionally focuses on the three Wi-Fi attacks that proved stable across labs and field engagements. Each module has its own Python worker inside attacks/ and exposes status, logs, and captures through Socket.IO.

Deauthentication

Use this module to eject clients from an AP by flooding crafted 802.11 deauth frames.

• Ideal for forcing handshakes, testing IDS/WIPS response, or simulating nuisance scenarios.
• Inputs: interface, BSSID/SSID, channel, packet rate.
• Backend tooling: airmon-ng (monitor mode), aireplay-ng, plus iw/ifconfig for cleanup.

Handshake Capture + Cracking

Captures WPA/WPA2 handshakes and immediately launches aircrack-ng with the configured wordlist.

• Workflow: enable monitor mode → start airodump-ng → optionally trigger a deauth burst → feed captured handshake into aircrack-ng.
• Configuration: target BSSID, channel, capture duration, wordlist path (config['wordlist'] by default).
• Output: PCAP + cracked credentials stored per BSSID under captures/.

Evil Twin

Clones a target SSID using hostapd/dnsmasq, stands up DHCP/DNS spoofing, and can optionally display your captive portal.

• Components: hostapd for beaconing, dnsmasq for DHCP/DNS, iptables for NAT, optional dnsspoof or custom portal.
• Use cases: credential phishing, rogue AP detection drills, captive portal testing.
• Cleanup: the worker returns the adapter to managed mode and restores original IP configuration.

Workflow Tips

1. Scan for targets, confirming signal strength and channel stability.
2. Run the desired attack while watching the Results tab for live logs.
3. Download artifacts (PCAPs, cracked keys) from captures/<BSSID>.

Have ideas to enhance these modules? Open an issue or pull request on GitHub with logs, adapter info, and reproduction notes.