hostapd-mana vs WiFi-Pumpkin3
GitHub Stats
About hostapd-mana
hostapd-mana is a featureful rogue access point tool based on a modified version of hostapd, the standard Linux access point daemon. Developed by SensePost, it extends hostapd with capabilities specifically useful for wireless penetration testing: it can impersonate any SSID that clients are probing for (karma attack), capture WPA/WPA2 handshakes from connecting clients, downgrade encryption to capture credentials, and integrate with EAP credential harvesting for WPA-Enterprise networks. hostapd-mana acts as a convincing evil twin that automatically responds to client probe requests, tricking devices into connecting and exposing their credentials or traffic. It's commonly used in wireless assessments to test organizational resilience against rogue access point attacks and to capture domain credentials from enterprise wireless clients.
About WiFi-Pumpkin3
WiFi-Pumpkin3 is a powerful framework for rogue access point attacks, providing an all-in-one solution for wireless security assessments. It creates a fake access point with built-in DHCP, DNS, and captive portal services, capturing credentials from clients who connect and attempt to authenticate. The framework includes proxy plugins for injecting JavaScript, capturing images, modifying HTML responses, and sniffing unencrypted traffic. WiFi-Pumpkin3 features both a command-line and graphical interface, making it accessible for different skill levels. Its plugin architecture supports custom captive portal templates (mimicking hotel WiFi, corporate portals, social media login pages), transparent proxying with SSL stripping, and integration with external tools like Bettercap and Responder for more sophisticated attacks.
Platform Support
Tags
Shared
hostapd-mana only
WiFi-Pumpkin3 only