Wireless Attackswifirogue-apmanahostapdwpaeapradiuskarma

berate-ap

berate-ap is a script for orchestrating mana rogue Wi-Fi Access Points. It can also handle regular hostapd APs and create access points easily.

Description

berate-ap provides a comprehensive toolset for setting up rogue Wi-Fi access points using mana toolkit integration or standard hostapd configurations. It supports various wireless attack scenarios including Mana attacks that respond to device probes, WPA handshake capture, and Enterprise EAP authentication interception. The tool simplifies the creation of malicious APs for penetration testing and wireless security assessments.

Use cases include creating fake access points to capture credentials, performing Karma/Mana attacks to lure devices, and testing WPA/WPA2/WPA3 security by capturing handshakes in hashcat format. It handles both personal and enterprise wireless networks with built-in RADIUS server support or external RADIUS integration.

The tool offers flexible internet sharing methods (NAT/bridge) and extensive customization for SSID, channels, authentication types, and logging. Enterprise options enable sophisticated EAP attacks while Mana WPE mode specifically targets credential interception from various EAP methods.

How It Works

berate-ap orchestrates hostapd-mana to create rogue Wi-Fi access points that respond to device probes (Mana/Karma attacks) and capture authentication attempts. It uses hostapd configuration for standard AP operation and mana-specific modules for advanced attacks like WPA handshake capture (output to hashcat hccapx format) and EAP credential interception. The tool manages network interfaces, creates bridges when needed, sets up dnsmasq for DNS, and handles internet sharing via NAT or bridging. Built-in RADIUS server handles Enterprise EAP authentication, while external RADIUS support is available. Mana logging captures device taxonomy and credentials to specified output files.

Installation

bash

sudo apt install berate-ap

Flags

-h, --helpShow this help

--versionPrint version number

-c <channel>Channel number (default: 1)

-w <WPA version>Use 1 for WPA, use 2 for WPA2, 3 for WPA3, use 1+2 for WPA/2 (default), or 2+3 for WPA3/2 transition

-nDisable Internet sharing (if you use this, don't pass the <interface-with-internet> argument)

-m <method>Method for Internet sharing. Use: 'nat' for NAT (default)

--eapEnable Enterprise (EAP) wireless settings. Default is to use built in RADIUS server

--eap-user-fileFull path to EAP user file. Default will use Manas hostapd.eap_user

--radius-serverUse an external RADIUS server rather than built in. Default port is 1812

--mana-wpeEnable WPE mode. Will intercept various EAP credentials

--manaEnable Mana Attack. Will respond affirmative to all device access point probes

--mana-wpaEnable MANA WPA handshake capture. Captures handshakes in hashcat hccapx format

--wpa-sycophantEnable the enable_sycophant flag in MANA. Relays MSCHAP authentication attempts between rogue and legitimate AP

-g <gateway>IPv4 Gateway for the Access Point (default: 192.168.12.1)

Examples

Create WPA2 AP 'MyAccessPoint' with passphrase on wlan0 using eth0 for internet sharing

berate_ap wlan0 eth0 MyAccessPoint MyPassPhrase

Pipe SSID and passphrase to create AP with internet sharing

echo -e 'MyAccessPoint\nMyPassPhrase' | berate_ap wlan0 eth0

Create open AP 'MyAccessPoint' with internet sharing from eth0

berate_ap wlan0 eth0 MyAccessPoint

Pipe SSID to create open AP with internet sharing

echo 'MyAccessPoint' | berate_ap wlan0 eth0

Create AP using same wlan0 interface for both AP and internet (requires --no-virt)

berate_ap wlan0 wlan0 MyAccessPoint MyPassPhrase

Create AP without internet sharing

berate_ap -n wlan0 MyAccessPoint MyPassPhrase

Create AP using bridge method for internet sharing

berate_ap -m bridge wlan0 eth0 MyAccessPoint MyPassPhrase

Create AP using existing bridge interface br0 for internet sharing

berate_ap -m bridge wlan0 br0 MyAccessPoint MyPassPhrase

Updated 2026-04-16kali.org ↗