If wireless security testing is on your radar, you need to get Reaver Pro. As I outlined in this Hacking For Dummies, 4th edition chapter, Reaver Pro is a great tool for cracking the WPA pre-shared key on all those consumer-grade wireless APs/routers that everyone installs in the enterprise.
The latest version of Reaver Pro is very simple to use. No live CDs or VMs to boot. You simply connect the device into your test system’s Ethernet port, connect the power adapter, browse to 10.9.8.1, login, and you’re ready to roll. Here is a quick video overview and here is a screenshot showing its interface:
Terry Dunlap with Tactical Network Solutions (the company that created and sells Reaver Pro) has a great team of sharp guys…and they’ve been very responsive when prompted with my mostly dumb questions.
If anything let Reaver Pro be a reminder of two things:
It seems to me that with the advent of WPA, WPA2, and enterprise-grade wireless security controls that people have let their guard down a bit with wireless security.
Don’t be that guy.
As I like to say, you can’t secure what you don’t acknowledge! WPS is enabled by default in most situations. It’s broken. Even if you have the option to throttle PIN requests, you need to find WPS and disable it (even on your home wireless). The convenience factor it provides is just not worth the risk of someone gaining full access to your wireless (and likely wired) network.
“A business associate referred our company to Principle Logic when we were seeking a resource to perform vulnerability /penetration testing for our external and internal networks. We found Kevin Beaver to be professional, well informed, and easy to work with. His testing did not disrupt our networks, and his progress updates were timely.
His final report was very thorough and included security recommendations for our network environment. The executive leadership was so impressed with Kevin’s security expertise, they have extended their agreement to continue to perform periodic testing. We highly recommend Kevin Beaver and Principle Logic as a resource for network security testing.”