Today, SecureState is releasing a new tool for footprinting 802.1x wireless networks called EAPeak. EAPeak is a Python powered script that is meant to parse useful pieces of information for a Security Assessment of wireless networks that use the Enterprise Authentication Protocol. It relies on the Scapy libraries to parse both PCap files and live network captures. Some highlights of the information that EAPeak can pull from wireless networks include:
- EAP Types supported by Access Points
- EAP Types supported by Clients
- Client Usernames
- LEAP MSChap v2 Challenge and Responses
EAPeak relies on the Scapy Community Repository libraries available here.
The community repository version of Scapy is required because the standard trunk does not contain the layers necessary to parse EAP frames to the extent that is necessary within EAPeak. SecureState has added the layers to the Scapy Community Repository to both parse and inject EAP-TTLS, EAP-TLS, PEAP, LEAP. Furthermore, SecureState has expanded the functionality of the standard EAP frame to include additional information, such as parsing Legacy NAK information. The additions to Scapy have laid a foundation that will facilitate injection of EAP frames, which will play a key role in additional features.
This release of EAPeak is only the beginning of what SecureState is planning on releasing over the next year for targeted attacks towards 802.1x wireless networks. Future releases of EAPeak will see the inclusion of additional components that will cross the line from a passive reconnaissance tool to a suite of tools for active attacks.
More information and the actual tool can be found here.