With dBmonster, you are able to scan for nearby WiFi devices and track them through the signal strength (dBm) of their sent packets. Therefore, you can identify the exact location of nearby WiFi devices (use a directional WiFi antenna for the best results) or find out in which direction your (self made) antenna works the best (antenna radiation patterns).
In addition, there are features such as tracking the signal strength of packet types that are often abused in WiFi attacks (ex. Deauthentication Frames) to determine the location of someone attacking your network.
You can also check for devices that are sending Probe Requests for an unusual long time. You will then be notified when dBmonster detects that a stalker’s device is following you (inspiration: Matt Edmondson’s BlackHat article).
All in all, it's a multitool for tracking and locating nearby devices via their activities in the radio frequency range.
- Features on Linux and MacOS
- Short preview
- Installation
- Has been successfully tested on...
- Troubleshooting for MacOS
- Working on...
- Additional information
Feature | Linux | MacOS |
---|---|---|
Listing WiFi interfaces | ✅ | ✅ |
Track & scan on 2.4GHz | ✅ | ✅ |
Track & scan on 5GHz | ✅ | ✅ |
Track 802.11 frames (ex. deauth. frames) | ✅ | ✅ |
Track & scan PCAP files | ✅ | ✅ |
Detection of potential stalkers | ✅ | ✅ |
Scanning for AP | ✅ | ✅ |
Scanning for STA | ✅ | ☑️ |
MAC Address Information Gathering (OSINT) | ✅ | ✅ |
Voice notification when device is found | ✅ | ✅ |
dBmonster-preview.mov
git clone https://github.com/90N45-d3v/dBmonster
cd dBmonster
# Install required tools (On MacOS without sudo)
sudo python requirements.py
# Start dBmonster
sudo python dBmonster.py
* ⚠️ Due to a bug in matplotlib with Python 3.11, the plot window needs to be resized to work. Till now, please use Python ≤ 3.10 for smooth usage
Platform 💻 | WiFi Adapter 📡 |
---|---|
Kali Linux | ALFA AWUS036NHA, DIY Bi-Quad WiFi Antenna |
MacOS Ventura | Internal card 802.11 a/b/g/n/ac (MBP 2019) |
* should work on any MacOS or Debian based system and with every WiFi card that supports monitor-mode
Normally, you can only enable monitor-mode on the internal wifi card from MacOS with the airport utility from Apple. Somehow, wireshark (or here TShark) can enable it too on MacOS. Cool, but because of the MacOS system and Wireshark’s workaround, there are many issues running dBmonster on MacOS. After some time, it could freeze and/or you have to stop dBmonster/TShark manually from the CLI with the ps
command. If you want to run it anyway, here are some helpful tips:
Look if there are any processes, named dBmonster, tshark or python:
sudo ps -U root
Now kill them with the following command:
sudo kill <PID OF PROCESS>
sudo airport <WiFi INTERFACE NAME> sniff
Press control + c after a few seconds
* Please contact me on twitter, if you have anymore problems
- RSSI at MAC Address Lookup if device is nearby
- SDR support for advanced operations
- Capture signal strength data for offline graphs
- Generate multiple graphs in one coordinate system
- MAC address assembler - Associate multiple random MAC addresses because of their similar dBm signal
- PCAP File Analytics - Classify detected devices and calculate the average signal strength
- @Hak5 WiFi Coconut Mode - Transfer sniffed traffic in realtime to dBmonster (Need tester... Contact me on Twitter)
- If the tracked WiFi device is out of range or doesn't send any packets, the graph stops plotting till there is new data. So don't panic ;)
- dBmonster wasn't tested on all systems... If there are any errors or something is going wrong, contact me. (Of course you can also contact me if you liked my project!)