In a previous post, we have discussed Wireless Penetration testing and here we listed out Top 13+ Wireless PenTesting tools. In this article, we will learn about the features of Silica Wireless Assessment Tool by Immunity. So with a further adieu, let’s get into the business.
Silica from Immunity, which is a veritable Swiss army knife of wireless hacking. Silica runs on Linux; however, it’s distributed as a bootable USB drive and virtual machine image, making it easy to run on any laptop. What makes Silica interesting and particularly in my point of view is that it combines the features of network and client exploitation tools. Once Silica has compromised a network (say by cracking the network key) or wireless client (via MITM), it can unleash a host of client penetration exploits, much like Metasploit, which is the best point.
For example, most Windows clients cache WEP and WPA2 keys for secured networks they have previously authenticated with (so-called PMK caching). If Silica successfully penetrates said client, it can pull all the cached keys (in plain text), allowing unfettered access to a new set of WLANs.
Silica also has the ability to capture and analysis network packets like Wireshark, so once you’re on an encrypted network, you view all of the client traffic. To put it simply, if you want to see both how susceptible your WLANs are to every known attack and how vulnerable wireless clients are to network exploits, Silica is your tool. See silica in action.
Unlike traditional scanners that merely identify possible vulnerabilities, SILICA determines the true risk of a particular access point. SILICA does this by non-intrusively leveraging vulnerabilities and determining what assets behind the vulnerable access point can be compromised.
Additionally, while traditional scanners can enumerate the vulnerabilities of a particular target, they cannot evaluate whether a mitigating control is in place on the target or in the surrounding environment. With SILICA’s unique methodology it can report on whether the vulnerability can be successfully exploited.
More than simple scanning, the Silica provides following:
- Improved security posture
- Simplified troubleshooting
- Network mapping
- Create real threat profiles and vulnerability assessments
- Build WiFi risk and vulnerability analysis for PCI, SOX
- Rogue access point detection
- Auditing wireless client security
Silica provides the following features:
- Recover WEP, WPA 1,2 and LEAP keys
- Passively hijack web application sessions for email, social networking, and Intranet sites.
- Map a wireless network and identify its relationships with associated clients and other Access Points.
- Identify vendors, hidden SSIDs and equipment passively.
- Scan and break into hosts on the network using integrated CANVAS exploit modules and commands to recover screenshots, password hashes and other sensitive information.
- Perform man-in-the-middle attacks to find valuable information exchanged between hosts.
- Generate reports for wireless and network data.
- Hijack wireless client connections via access point impersonation.
- Passively inject custom content into client’s web sessions.
- Take full control of wireless clients via CANVAS’s client-side exploitation framework.
- Decrypt and easily view all WEP and WPA 1/2 traffic.
We are ending this post. Let us know your views on this in the comments below.