Anamika Singh

Program Analyst, Cognizant

Anamika Singh

Paper Title

Wi-Hawk Password Auditing Tool

Abstract

In a wireless network there are thousands of wifi routers configured with default admin passwords, which makes them vulnerable to security breaches. A wireless router when newly installed has a default admin password depending on its manufacturer and model. If not changed, the router can be compromised by an adversary to hack into the wireless network. A list of such default passwords can be obtained readily from internet which then can be used by adversaries to identify whether the router is using their default password or not. Wi-Hawk is an open source tool for auditing a range of IP addresses to sniff out wifi routers which are configured with default admin passwords. The tool provides capability to scan network for such default configured routers by taking input as

  • Single IP
  • Range of IPs
  • SHODAN search

The tool uses a database which contains a list of routers with their default passwords. Based on type of input given it scans a single IP, or a range of IPs, or uses SHODAN search and scans the IPs returned by the search. SHODAN search api is a search engine which list down IPs/servers based on following list of search criteria:Country, City, Port, Host name, Geo Location, Server, OS, Date range, SSL Filters. Once the tool gets the list of IPs it scans the range to check for default configured routers.

Speaker Bio

A C++ developer by profession who has a keen interest in Security. Lately I have started using Python to convert my security ideas to working tools. Author of Wi-Hawk, the WiFi auditing tool. Active member of null Chennai chapter and NULLCON first timer.

Copyright © 2018-19 | Nullcon India | International Security Conference | All Rights Reserved