Continuously jam all wifi clients and access points within range. The effectiveness of this script is constrained by your wireless card. Alfa cards seem to effectively jam within about a block radius with heavy access point saturation. Granularity is given in the options for more effective targeting.
Requires: python 2.7, python-scapy, a wireless card capable of injection.
Author: Dan McInerney
wifijammer.py [-h] [-s [SKIP [SKIP ...]]] [-i INTERFACE] [-c CHANNEL] [-m MAXIMUM] [-n] [-t TIMEINTERVAL] [-p PACKETS] [-d] [-a [ACCESSPOINT [ACCESSPOINT ...]]] [--world]
optional arguments: -h, --help show this help message and exit -s [SKIP [SKIP ...]], --skip [SKIP [SKIP ...]] Skip deauthing this MAC address. Example: -s 00:11:BB:33:44:AA -i INTERFACE, --interface INTERFACE Choose monitor mode interface. By default script will find the most powerful interface and starts monitor mode on it. Example: -i mon5 -c CHANNEL, --channel CHANNEL Listen on and deauth only clients on the specified channel. Example: -c 6 -m MAXIMUM, --maximum MAXIMUM Choose the maximum number of clients to deauth. List of clients will be emptied and repopulated after hitting the limit. Example: -m 5 -n, --noupdate Do not clear the deauth list when the maximum (-m) number of client/AP combos is reached. Must be used in conjunction with -m. Example: -m 10 -n -t TIMEINTERVAL, --timeinterval TIMEINTERVAL Choose the time interval between packets being sent. Default is as fast as possible. If you see scapy errors like 'no buffer space' try: -t .00001 -p PACKETS, --packets PACKETS Choose the number of packets to send in each deauth burst. Default value is 1; 1 packet to the client and 1 packet to the AP. Send 2 deauth packets to the client and 2 deauth packets to the AP: -p 2 -d, --directedonly Skip the deauthentication packets to the broadcast address of the access points and only send them to client/AP pairs -a [ACCESSPOINT [ACCESSPOINT ...]], --accesspoint [ACCESSPOINT [ACCESSPOINT ...]] Enter the SSID or MAC address of a specific access point to target --world N. American standard is 11 channels but the rest of the world it's 13 so this options enables the scanning of 13 channels
wifijammer Usage Example
This will find the most powerful wireless interface and turn on monitor mode. If a monitor mode interface is already up it will use the first one it finds instead. It will then start sequentially hopping channels 1 per second from channel 1 to 11 identifying all access points and clients connected to those access points. On the first pass through all the wireless channels it is only identifying targets. After that the 1sec per channel time limit is eliminated and channels are hopped as soon as the deauth packets finish sending. Note that it will still add clients and APs as it finds them after the first pass through.
Upon hopping to a new channel it will identify targets that are on that channel and send 1 deauth packet to the client from the AP, 1 deauth to the AP from the client, and 1 deauth to the AP destined for the broadcast address to deauth all clients connected to the AP. Many APs ignore deauths to broadcast addresses.
python wifijammer.py -a 00:0E:DA:DE:24:8E -c 2
Deauthenticate all devices with which 00:0E:DA:DE:24:8E communicates and skips channel hopping by setting the channel to the target AP's channel (2 in this case). This would mainly be an access point's MAC so all clients associated with that AP would be deauthenticated, but you can also put a client MAC here to target that one client and any other devices that communicate with it.
python wifijammer.py -c 1 -p 5 -t .00001 -s DL:3D:8D:JJ:39:52 -d --world
- -c, Set the monitor mode interface to only listen and deauth clients or APs on channel 1
- -p, Send 5 packets to the client from the AP and 5 packets to the AP from the client along with 5 packets to the broadcast address of the AP
- -t, Set a time interval of .00001 seconds between sending each deauth (try this if you get a scapy error like 'no buffer space')
- -s, Do not deauth the MAC DL:3D:8D:JJ:39:52. Ignoring a certain MAC address is handy in case you want to tempt people to join your access point in cases of wanting to use LANs.py or a Pineapple on them.
- -d, Do not send deauths to access points' broadcast address; this will speed up the deauths to the clients that are found
- --world, Set the max channel to 13. In N. America the max channel standard is 11, but the rest of the world uses 13 channels so use this option if you're not in N. America
python wifijammer.py -m 10
The -m option sets a max number of client/AP combos that the script will attempt to deauth. When the max number is reached, it clears and repopulates its list based on what traffic it sniffs in the area. This allows you to constantly update the deauth list with client/AP combos who have the strongest signal in case you were not stationary. If you want to set a max and not have the deauth list clear itself when the max is hit, just add the -n option like: -m 10 -n
How to install wifijammer
Installation on Kali Linux
git clone https://github.com/DanMcInerney/wifijammer.git cd wifijammer/ sudo python2 wifijammer.py --help
- How to perform selective jamming of Wi-Fi networks and clients (DoS attack on individual access points / clients)
- Alfa AWUS052NH – Kali Linux Compatible USB Adapter
- Best Kali Linux Compatible USB Wi-Fi adapters 2017