WiFi Security Agent

Test wireless network security and identify WiFi vulnerabilities.

Overview

Agent Name: WiFiSecurityAgent Scan Type: wifi-security Credit Cost: 1 credit Target Types: WiFi networks, wireless infrastructure

Capabilities

WPA/WPA2/WPA3 security assessment
Rogue access point detection
Weak password identification
Encryption configuration review
Hidden SSID discovery
WiFi authentication testing
Evil twin attack detection
Client isolation testing

Usage


# Scan WiFi network
alprina scan <SSID> --type wifi-security
 
# Comprehensive wireless audit
alprina scan <SSID> --type wifi-security --profile comprehensive

What It Tests

Encryption Strength
- WPA3 vs WPA2 vs WEP
- Password complexity
- Cipher suite configuration
Authentication
- WPS vulnerabilities
- RADIUS configuration
- Enterprise authentication
Network Security
- Client isolation
- Guest network separation
- Management frame protection
Rogue Detection
- Unauthorized APs
- Evil twin attacks
- MAC spoofing

Example Output


{
  "scan_id": "scan_wifi505",
  "findings": [
    {
      "severity": "high",
      "title": "Weak WiFi Password",
      "description": "WiFi password is short and uses common pattern",
      "ssid": "CompanyWiFi",
      "encryption": "WPA2-PSK",
      "recommendation": "Use strong password (20+ characters, mixed case, numbers, symbols)"
    },
    {
      "severity": "medium",
      "title": "WPS Enabled",
      "description": "WiFi Protected Setup (WPS) is enabled and vulnerable to brute force",
      "recommendation": "Disable WPS in router settings"
    }
  ]
}

Common Vulnerabilities

Weak or default passwords
WEP encryption (obsolete)
WPS enabled
No client isolation
Unencrypted management frames
Rogue access points

Best Practices

Use WPA3 when available
Strong passphrase (20+ characters)
Disable WPS
Enable client isolation for guest networks
Hide SSID (security through obscurity)
Regular security audits