fluxion

The Fluxion tool is typically invoked as a shell script with superuser privileges, often executed from its directory.

Usage:
sudo ./fluxion.sh

(Interactive Menu Options)
    Fluxion is primarily an interactive, menu-driven tool. The following are the main operational phases or choices presented to the user after initial invocation:

Target Selection
    Allows the user to scan for available Wi-Fi networks and select a target.

Handshake Sniffing
    Initiates deauthentication attacks and attempts to capture a WPA/WPA2 handshake from the target network's clients.

Fake AP Setup
    Configures a rogue access point mimicking the legitimate target network.

Web Interface Setup
    Sets up a captive portal/phishing page to prompt users for their Wi-Fi password.

Deauthentication Attack
    Continuously deauthenticates clients from the legitimate access point to force them to reconnect to the fake AP.

SSL Certificate Generation
    Generates self-signed SSL certificates for the fake portal to appear more legitimate.

DNS Server Configuration
    Sets up a local DNS server to redirect traffic to the phishing page.

Credential Verification
    Verifies captured passwords against the network's handshake or against common password lists.

Fluxion is an advanced, automated wireless security auditing and penetration testing framework designed to simulate sophisticated phishing attacks against Wi-Fi networks. It primarily targets WPA/WPA2-PSK networks. The tool works by leveraging a series of techniques including the creation of a rogue access point (Fake AP), deauthentication attacks to disconnect legitimate clients, and a web-based phishing portal. When clients attempt to reconnect to what they perceive as their original network, they are redirected to a convincing fake login page, prompting them to enter the Wi-Fi password. This method aims to capture the WPA/WPA2 handshake or directly obtain the passphrase through social engineering. Fluxion integrates various well-known tools like aircrack-ng, hostapd, dnsmasq, and web servers to automate these complex steps, making it accessible even for users with moderate technical skills. It's often used by penetration testers to assess network vulnerabilities and user awareness.

Using Fluxion for unauthorized access to Wi-Fi networks is illegal and unethical. It should only be used in environments where explicit permission has been granted, such as for penetration testing with a "get out of jail free" card, or for educational purposes on personal networks. The tool relies on several external dependencies (e.g., aircrack-ng suite, hostapd, dnsmasq, php, xterm) which must be installed and properly configured. Detection by intrusion detection systems (IDS) is possible, as its deauthentication and fake AP activities are prominent. Effectiveness can vary based on network security measures, client behavior, and specific Wi-Fi adapter capabilities.

Fluxion relies heavily on other established tools for its functionality. Key dependencies include the aircrack-ng suite for wireless attacks and handshake capture, hostapd for creating the fake access point, dnsmasq for DNS and DHCP services, and php for serving the phishing web pages. Xterm or similar terminal emulators are often required for spawning multiple terminal windows for different processes. Users must ensure all these tools are installed and properly configured on their system, typically Kali Linux or similar Debian-based distributions.

The core methodology of Fluxion involves creating an "Evil Twin" attack. It first scans for a target network and its clients. Then, it deauthenticates clients from the legitimate AP, forcing them to disconnect. Simultaneously, it spawns a fake access point with the same SSID as the target. When clients attempt to reconnect, they are directed to the fake AP, which then presents a convincing phishing page (e.g., a router's firmware update page or a network login page) prompting for the Wi-Fi password. Once entered, the password can be captured and, in some cases, verified against the captured handshake or known credentials.

Fluxion evolved from earlier Wi-Fi hacking scripts like "linset" and "wifislax," aiming to automate and improve the process of capturing WPA/WPA2 handshakes via social engineering. It gained significant popularity within the cybersecurity community, particularly among users of Kali Linux and other penetration testing distributions, due to its user-friendly, menu-driven interface and comprehensive automation of complex attack vectors. Development continues through various forks on platforms like GitHub, driven by community contributions to adapt to new Wi-Fi security measures and improve reliability.

aircrack-ng(8), hostapd(8), dnsmasq(8), MDK3, wifiphisher