### Example: Set Channel to 11 Source: https://github.com/justcallmekoko/esp32marauder/wiki/channel This is an example of how to set the WiFi channel to 11. ```bash channel -s 11 ``` -------------------------------- ### Start Evil Portal with SSID List Source: https://github.com/justcallmekoko/esp32marauder/wiki/Evil-Portal-Workflow Initiates the Evil Portal attack using the configured SSID list. Ensure SSIDs are added and verified before execution. ```bash evilportal -c start ``` -------------------------------- ### Enable Specific Setting Source: https://github.com/justcallmekoko/esp32marauder/wiki/Settings-CMD Enable a specific setting using the '-s' argument followed by the setting name and 'enable'. For example, to enable ForcePMKID. ```bash settings -s ForcePMKID enable ``` -------------------------------- ### Beacon Spam Attack Examples Source: https://github.com/justcallmekoko/esp32marauder/wiki/attack Initiate beacon spam attacks using a list of SSIDs, random SSIDs, or by copying existing access points. ```bash attack -t beacon -l ``` ```bash attack -t beacon -r ``` ```bash attack -t beacon -a ``` -------------------------------- ### Run Sniffpwn Scan Source: https://github.com/justcallmekoko/esp32marauder/wiki/sniffpwn Execute the sniffpwn command to start scanning for Pwnagotchi beacon frames. This command initiates the sniffing process. ```bash sniffpwn ``` -------------------------------- ### Update Firmware via SD Card CLI Source: https://github.com/justcallmekoko/esp32marauder/wiki/update Use this command to initiate a firmware update using the SD card. Ensure the SD card is properly prepared and connected according to the SD Update guide. ```bash update -s/ ``` -------------------------------- ### Start PMKID Sniffing Source: https://github.com/justcallmekoko/esp32marauder/wiki/sniffpmkid Initiates PMKID frame sniffing. Use the -c argument to specify a channel, -d to send deauthentication frames, or -l to target selected access points from a list. The -l switch cycles channels every second. ```bash sniffpmkid [-c ] [-d] [-l] ``` -------------------------------- ### Beacon Frame Structure (C++) Source: https://github.com/justcallmekoko/esp32marauder/wiki/Beacon-Spam-List Defines the base structure of a WiFi beacon frame, including fields for Frame Control, addresses, timestamp, and capability information. This is a barebones packet that gets further populated. ```C++ // barebones packet uint8_t packet[128] = { 0x80, 0x00, 0x00, 0x00, //Frame Control, Duration /*4*/ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, //Destination address /*10*/ 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, //Source address - overwritten later /*16*/ 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, //BSSID - overwritten to the same as the source address /*22*/ 0xc0, 0x6c, //Seq-ctl /*24*/ 0x83, 0x51, 0xf7, 0x8f, 0x0f, 0x00, 0x00, 0x00, //timestamp - the number of microseconds the AP has been active /*32*/ 0x64, 0x00, //Beacon interval /*34*/ 0x01, 0x04, //Capability info /* SSID */ /*36*/ 0x00 }; ``` -------------------------------- ### Get Current WiFi Channel Source: https://github.com/justcallmekoko/esp32marauder/wiki/channel Execute the channel command without arguments to retrieve the current WiFi channel of the interface. ```bash channel ``` -------------------------------- ### Display Settings Management Source: https://github.com/justcallmekoko/esp32marauder/wiki/Settings-CMD Use this command to view available settings for management. No arguments are needed. ```bash settings ``` -------------------------------- ### Join WiFi via CLI Source: https://github.com/justcallmekoko/esp32marauder/wiki/Join Use this command to join a WiFi network by specifying the access point index and password. ```bash join -a -p ``` -------------------------------- ### List Access Points with Arguments Source: https://github.com/justcallmekoko/esp32marauder/wiki/list Use the '-a', '-s', '-c', or '-t' arguments to specify the type of list to display: access points, SSIDs, stations, or Airtags respectively. Access points marked as '(selected)' are used in future attacks. ```bash listap -a/-s/-c/-t ``` -------------------------------- ### Start Sniffing Deauthentication Frames Source: https://github.com/justcallmekoko/esp32marauder/wiki/sniffdeauth Initiates the sniffing of deauthentication frames. This function automatically cycles through channels to capture traffic and can be stopped with the stopscan command. ```bash sniffdeauth ``` -------------------------------- ### Set LED Pattern Source: https://github.com/justcallmekoko/esp32marauder/wiki/led Use this command to set the onboard RGB LED to a pre-programmed pattern. Available patterns include 'rainbow'. ```bash led -p rainbow ``` -------------------------------- ### Deauthentication Attack Examples Source: https://github.com/justcallmekoko/esp32marauder/wiki/attack Execute deauthentication attacks. Options include targeting selected APs, selected APs and stations, or manually specifying source and destination MAC addresses. ```bash attack -t deauth ``` ```bash attack -t deauth -c ``` ```bash attack -t deauth -s AA:BB:CC:DD:EE:FF ``` ```bash attack -t deauth -s AA:BB:CC:DD:EE:FF -d AA:BB:CC:DD:EE:FF ``` -------------------------------- ### Select Custom HTML File Source: https://github.com/justcallmekoko/esp32marauder/wiki/Evil-Portal-Workflow Use this command to select a custom HTML file for the Evil Portal from your SD card. Ensure the HTML file is placed on the root of the SD card. ```bash evilportal -c sethtml ``` -------------------------------- ### Execute Signal Monitor Session Source: https://github.com/justcallmekoko/esp32marauder/wiki/Signal-Monitor-Workflow Initiates the signal monitoring session after access points have been selected. ```bash sigmon ``` -------------------------------- ### Select All Access Points Source: https://github.com/justcallmekoko/esp32marauder/wiki/select Use this to select all available access points in the list. This is a convenient way to target every AP. ```bash select -a all ``` -------------------------------- ### Display and Select Access Points Source: https://github.com/justcallmekoko/esp32marauder/wiki/AP-Clone-spam-workflow Lists available access points and allows selection for the attack. Use `list -a` to view all discovered APs and `select -a` with comma-separated indices to choose specific ones. ```bash list -a ``` ```bash select -a 0,1,2 ``` -------------------------------- ### Set LED Color with Hex Code Source: https://github.com/justcallmekoko/esp32marauder/wiki/led Use this command to set the onboard RGB LED to a specific color using a hex code. Ensure the hex code is prefixed with '#'. ```bash led -s #8F00FF ``` -------------------------------- ### Select Access Points by Index Source: https://github.com/justcallmekoko/esp32marauder/wiki/select Use this to select specific access points by their index numbers. Indices are comma-separated. ```bash select -a 1,3,5 ``` -------------------------------- ### Restore Default Settings Source: https://github.com/justcallmekoko/esp32marauder/wiki/Settings-CMD Restore all settings to their default values using the '-r' argument. This action resets all configurations. ```bash settings -r ``` -------------------------------- ### Execute WiFi Attacks Source: https://github.com/justcallmekoko/esp32marauder/wiki/attack Use this command to initiate various WiFi attacks. Specify the attack type with -t and relevant options. ```bash attack -t ] [-d ]/probe/rickroll> ``` -------------------------------- ### Select Access Points by ESSID String Match Source: https://github.com/justcallmekoko/esp32marauder/wiki/select Use this to select access points based on their ESSID. You can match if the ESSID equals a specific string or contains a specific string. ```bash select -a -f "equals 'E CORP' or contains EVIL" ``` -------------------------------- ### List SSIDs Source: https://github.com/justcallmekoko/esp32marauder/wiki/Evil-Portal-Workflow Display the current list of SSIDs that have been added for the Evil Portal. Use this to verify additions. ```bash list -s ``` -------------------------------- ### Add Single SSID Source: https://github.com/justcallmekoko/esp32marauder/wiki/List-Beacon-Spam-workflow Use this command to add a single, custom-named SSID to the list for the attack. Ensure the 'ssid' tool is available. ```bash ssid -a -n chiken ``` -------------------------------- ### Execute Beacon List Spam Attack Source: https://github.com/justcallmekoko/esp32marauder/wiki/List-Beacon-Spam-workflow Initiates a beacon spam attack using the predefined list of SSIDs. Requires the 'attack' tool. ```bash attack -t beacon -l ``` -------------------------------- ### Select Stations by Index Source: https://github.com/justcallmekoko/esp32marauder/wiki/select Use this to select specific stations by their index numbers. Indices are comma-separated. ```bash select -c 3,4,29 ``` -------------------------------- ### Generate Random SSIDs for Beacon Spam Source: https://github.com/justcallmekoko/esp32marauder/wiki/Random-Beacon-Spam-workflow Use this command to generate a list of random SSIDs. Specify the number of SSIDs to generate. ```bash ssid -a -g 50 ``` -------------------------------- ### Select Access Points for Attack Source: https://github.com/justcallmekoko/esp32marauder/wiki/Deauthentication-Attack-workflow Selects specific access points from the listed available access points for targeting. Multiple access points can be selected by their index. ```bash select -a 0,1 ``` -------------------------------- ### List Available Access Points Source: https://github.com/justcallmekoko/esp32marauder/wiki/Deauthentication-Attack-workflow Displays a list of discovered access points, typically after running a scan. Used to identify targets for selection. ```bash list -a ``` -------------------------------- ### Populating Probe Request Packet with AP Info Source: https://github.com/justcallmekoko/esp32marauder/wiki/Probe-Request-Flood Code snippet demonstrating how the probe request packet is dynamically populated with the SSID length and ESSID of an access point during the attack. ```C++ // Set SSID length int ssidLen = access_points->get(i).essid.length(); //int rand_len = sizeof(rand_reg); int fullLen = ssidLen; prob_req_packet[25] = fullLen; // Insert ESSID char buf[access_points->get(i).essid.length() + 1] = {}; access_points->get(i).essid.toCharArray(buf, access_points->get(i).essid.length() + 1); for(int i = 0; i < ssidLen; i++) prob_req_packet[26 + i] = buf[i]; ``` -------------------------------- ### Generate Random SSIDs Source: https://github.com/justcallmekoko/esp32marauder/wiki/List-Beacon-Spam-workflow Use this command to generate a specified number of random SSIDs for the attack. Ensure the 'ssid' tool is available. ```bash ssid -a -g 3 ``` -------------------------------- ### Monitor Probe Requests (C++) Source: https://github.com/justcallmekoko/esp32marauder/wiki/Beacon-Spam-List Checks incoming probe requests to see if they target any of the SSIDs in the beacon spam list. If a match is found, it indicates a 'sheep' (a device interested in connecting). ```C++ if ((snifferPacket->payload[0] == 0x40) && (display_obj.display_buffer->size() == 0)) { for (uint8_t i = 0; i < snifferPacket->payload[25]; i++) { essid.concat((char)snifferPacket->payload[26 + i]); } for (int i = 0; i < ssids->size(); i++) { if (ssids->get(i).essid == essid) { Serial.println("Found a sheep"); found = true; break; } } ``` -------------------------------- ### Select Access Point Source: https://github.com/justcallmekoko/esp32marauder/wiki/Evil-Portal-Workflow Selects a specific access point from the scanned list to be used for the Evil Portal. Replace `` with the corresponding number from the `list -a` output. ```bash select -a ``` -------------------------------- ### Set WiFi Channel Source: https://github.com/justcallmekoko/esp32marauder/wiki/channel Use this command to set the WiFi interface to a specific channel. The channel number is optional. ```bash channel -s ```