-
Notifications
You must be signed in to change notification settings - Fork 39
/
Copy patheapscan.1
96 lines (82 loc) · 3.78 KB
/
eapscan.1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
.TH EAPScan 1
.SH NAME
EAPScan - Actively Enumerate 802.1x Wireless Networks.
.SH SYNOPSIS
eapscan [-h] -e ESSID -b BSSID -i IFACE [-v] [-c CHANNEL] [--all]
[--check-wps] [--identity IDENTITY]
[--types EAP_TYPES [EAP_TYPES ...]] [--xml]
.SH DESCRIPTION
EAPScan is an open source tool, distributed with EAPeak that is designed
to help the security assessment of wireless networks that utilize the
802.1x standard for authentication. It works by forging association
requests to the target access point and then using the Legacy NAK
message described in the EAP RFC (3748) in an attempt to force the AP
to authenticate it with an EAP type of EAPScan's choice. Using this
method an attacker can actively enumerate which EAP types are supported
on a given wireless network with out the need to passively monitor
client traffic.
It is important that the wireless interface that is selected supports
injection. Use the Aircrack-ng utility to configure the wireless
interface, and ensure that it is on the same channel as the target AP.
In the event that all types appear as 'Could Not Be Determined,' it is
likely that the targeted Access Point does not support EAP
authentication.
.SH OPTIONS
usage: eapscan [-h] -e ESSID -b BSSID -i IFACE [-v] [-c CHANNEL] [--all]
[--check-wps] [--identity IDENTITY]
[--types EAP_TYPES [EAP_TYPES ...]] [--xml]
EAPScan: Actively Enumerate 802.1x Wireless Networks
optional arguments:
-h, --help show this help message and exit
-e ESSID, --essid ESSID
target ESSID
-b BSSID, --bssid BSSID
target BSSID
-i IFACE, --iface IFACE
interface to use when capturing live
-v, --version show program's version number and exit
-c CHANNEL, --channel CHANNEL
target channel
--all scan all EAP types (4-254)
--check-wps check if WPS is enabled
--identity IDENTITY EAP outer identity string
--types EAP_TYPES [EAP_TYPES ...]
list of specific EAP types to try
--xml export data to xml
.SH RESOURCES
EAPScan relies on the Scapy libraries from the community repository.
.SH COPYRIGHT
Copyright 2011-2018 SecureState
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are
met:
* Redistributions of source code must retain the above copyright
notice, this list of conditions and the following disclaimer.
* Redistributions in binary form must reproduce the above
copyright notice, this list of conditions and the following disclaimer
in the documentation and/or other materials provided with the
distribution.
* Neither the name of the project nor the names of its
contributors may be used to endorse or promote products derived from
this software without specific prior written permission.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.SH AUTHOR
Spencer McIntyre
.SH SEE ALSO
RFC 2716 (EAP-TLS)
.P
RFC 3748 (EAP)
.P
RFC 4851 (EAP-FAST)
.P
RFC 5281 (EAP-TTLSv0)