Hardware components | ||||||
 |
| × | 1 | |||
Software apps and online services | ||||||
 |
| |||||
 |
| |||||
This project is a full-featured Wi-Fi security auditing and simulation system built on the ESP32 platform, designed for education, research, and automation. The device features a responsive web interface, real-time data collection, attack simulations, and automatic notifications via Telegram.
MotivationThe increasing need for wireless security requires accessible and educational tools. Many users are unaware of the risks posed by weak passwords, phishing portals, or duplicate networks (Evil Twin attacks). This project was created to demonstrate these vulnerabilities and drive awareness through hands-on practice, all without endangering the privacy of real users.
Features and Modes- A live web dashboard displays detected networks, clients connected to the ESP32’s own AP, presence of known devices (by MAC), and any passwords collected via simulation.
- Periodic Wi-Fi scans list up to 50 nearby networks, providing SSID, BSSID, channel, encryption type, and signal strength; duplicate SSIDs (Evil Twin cases) trigger visual alerts.
- Active monitoring of clients connected to the onboard AP, with instant notifications via Telegram whenever a device connects or disconnects.
- Group device tracking shows a table with the presence/absence of specified devices (e.g., “Paulo”, “João”, “André”), based on MAC address.
- Export detailed reports in TXT (including all scan, client, and presence info) and CSV (networks/clients), all directly accessible from the web interface. It's also sent via Telegram.
- Evil Portal mode simulates a Wi-Fi login page, collecting user-entered passwords and displaying results live and via Telegram—highlighting the risks of phishing-style attacks.
- Brute Force mode simulates dictionary attacks using a fixed wordlist and passwords gathered from the portal; all outcomes are displayed in real-time and reported to Telegram in case of success.
- Wi-Fi credentials setup is managed by WiFiManager, including a protected option to reset settings from the interface.
- The project uses RESTful API endpoints to deliver real-time status, reports, and auditing results to the web interface and external services, all secured by admin authentication.
The ESP32 operates in AP+STA mode, serving the web dashboard at http://192.168.4.1/ for easy field deployment.
ConclusionThis is a safe, versatile, and educational kit to explore and teach Wi-Fi security in practice. It integrates collection, analysis, simulation of common attacks, and remote notifications in one system.It’s ideal for demonstrating real vulnerabilities, promoting security awareness, and serving as a foundation for more advanced automation projects.
Comments