You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
π§ Work in Progress β This project is under active development and has not been rigorously tested. Expect bugs, incomplete features, and breaking changes. Use at your own risk.
Wireless AP scanner + deauth attack orchestrator with terminal UI
smartdos is an interactive TUI tool for ethical wireless penetration testing. It discovers nearby access points via beacon frame capture, lets you select targets, and orchestrates deauthentication attacks in round-robin or parallel mode β all from a keyboard-driven terminal interface.
β οΈ LEGAL & ETHICAL DISCLAIMER
This tool is for authorized security testing and educational purposes ONLY.
Only use this software on networks you own or have explicit written permission to test.
Deauthenticating stations from an access point is an active denial-of-service attack.
Unauthorized use of deauth attacks violates:
US 18 U.S.C. Β§ 1030 (Computer Fraud and Abuse Act)
EU Directive 2013/40/EU (Attacks against information systems)
UK Computer Misuse Act 1990
Similar laws in other jurisdictions
Penalties include fines and imprisonment.
The authors assume no liability for misuse. You are responsible for your own actions.
Features
Scanning & Discovery
Feature
Description
AP Scanning
Live 802.11 beacon/probe-response capture via pcap on 2.4 GHz, 5 GHz, and 6 GHz channels
Client Discovery
Detects associated clients per AP from data/management frames
Signal Display
dBm + percentage for each AP, color-coded (green/yellow/red)
Channel Detection
Reads channel from DS Parameter Set IE tag
Encryption Detection
Identifies OPEN / WPA / WPA2
Vendor Lookup
OUI-based NIC vendor identification for APs and clients
Channel Hopping
Scanner hops across 2.4 GHz, 5 GHz, and 6 GHz channels every 250 ms
Attack Capabilities
Feature
Description
Deauth Injection
Raw 802.11 deauth frames (FC 0xC0) with radiotap header via pcap sendpacket()
Auth-DoS
802.11 auth flood β spams AP with spoofed auth requests from unique MACs, exhausting the association table and saturating the management CPU. Causes beacon starvation β SSID disappears. Can crash AP firmware (restart required). Not mitigated by WPA3 or 802.11w/PMF.
Broadcast Deauth
Deauthenticates all clients from a target AP (broadcast DA)
Client Deauth
Targeted deauth of a specific client MAC (bidirectional: APβclient and clientβAP)
Round-Robin Mode
Cycles through targets one at a time with configurable inter-burst delay
Parallel Mode
Attacks all targets simultaneously
Configurable Burst
Adjustable burst size and send interval via in-app settings overlay (G)
Client Tracking & Pursuit
Feature
Description
Client Follow
Follow a specific client MAC β auto-updates target AP when client roams
Pursuit Mode
Single-adapter pursuit: triggers channel sweep when followed client goes silent
Client Naming
Assign friendly names to client MACs; persisted across sessions
AP Harvest Mode
Mark APs for passive client harvesting (H); auto-follows new clients seen on harvested APs; harvested APs highlighted with β marker
Handshake Capture
Feature
Description
WPA Handshake Capture
Detects EAPOL frames from data captures; writes pcap files to ~/.smartdos/handshakes/
PMKID Capture
Captures PMKID from EAPOL frame 1; compatible with aircrack-ng / hashcat
Libpcap Format Output
Radiotap (linktype 127) pcap files β crackable with aircrack-ng -w or hashcat
Persistence & Session Management
Feature
Description
Session Logging
All events written to ~/.smartdos/session.log with auto-rotation at size limit
Saved-List Restore
On launch, optionally restore a previously saved target/client list from ~/.smartdos/lists/
AP List Persistence
Discovered APs saved to ~/.smartdos/aps.json
Attack Settings
Burst size, interval, attack type, pursuit mode persisted across sessions
Named Lists
Save/load named target or client lists via ~/.smartdos/lists/
Interface & UI
Feature
Description
Monitor Mode
Auto-enables via airmon-ng or falls back to iw
Live Counters
Real-time deauth frame counters per target
Event Log
Scrollable log panel showing actions and errors
Full-screen Events
Tab expands the event log to the whole screen (scrollable); Tab/Esc to return
Panel Navigation
β/β and c switch between AP list / Target list / Client list panels
Settings Overlay
In-app overlay to tune burst size, send interval, and 2.4/5/6 GHz band toggles without restarting
Clear Scan Results
R clears AP list and resets discovery state mid-session
Requirements
Linux with wireless networking hardware
Root privileges (for monitor mode and packet injection)
libpcap development headers (libpcap-dev on Debian/Ubuntu)
aircrack-ng suite (airmon-ng for monitor mode setup) β optional, falls back to iw
# Run with auto-detected interface:
sudo ./target/release/smartdos
# Run with specific interface:
sudo ./target/release/smartdos wlan0
# If you already have a monitor interface:
sudo ./target/release/smartdos wlan0mon
# Demo mode (no hardware required β uses stub interface for UI development/testing):
./target/release/smartdos --demo
Controls
Key
Action
β / β
Navigate list
β / β
Switch panels
Tab
Open full-screen Events page (Tab/Esc to return; ββ / PgUpΒ·PgDn scroll)
t
Toggle target β add/remove selected AP, or target selected client (in client view)
d
Remove selected target
Space
Enable/disable selected target
c
View clients of selected AP
n
Name selected client
h
Toggle harvest mode on selected AP (AP list panel only)
A
Toggle attack type (Deauth β Auth-DoS)
M
Toggle attack mode (Round-Robin β Parallel)
P
Toggle pursuit mode
G
Open settings overlay (burst size / send interval)
