Wireless Attackswifivulnerabilitydetectioncontrol-frameattackproximity

Proximoth

Proximoth is a command-line tool that detects Wi-Fi devices in proximity vulnerable to Control Frame Attacks. It uses packet injection and sniffing to identify susceptible targets.

Description

Proximoth serves as a specialized cybersecurity tool for assessing Wi-Fi network security by targeting Control Frame Attack vulnerabilities. It scans for nearby Wi-Fi devices that can be exploited through malformed or malicious control frames, such as RTS/CTS frames, which are critical for Wi-Fi medium access control.

The tool is particularly useful for wireless penetration testers and security researchers evaluating the resilience of Wi-Fi deployments against proximity-based attacks. By injecting crafted frames, Proximoth reveals devices that fail to properly validate control frames, potentially allowing denial-of-service or other exploits in real-world scenarios.

Designed for Kali Linux environments, it requires a compatible wireless interface capable of packet injection and promiscuous mode sniffing, making it a valuable addition to wireless assessment toolkits.

How It Works

Proximoth operates by injecting RTS (Request to Send) control frames targeted at specific MAC addresses using a specified wireless interface in monitor mode. It sniffs for CTS (Clear to Send) responses from nearby devices, indicating vulnerability to control frame attacks. The tool measures response times and statistics, with configurable intervals between RTS injections (default 500,000 microseconds). Captured CTS frames can be dumped to PCAP files for further analysis. Custom BSSID injection simulates attacks from specific sender MAC addresses, with automatic global/unicast fixing unless disabled.

Installation

bash

sudo apt install proximoth

Flags

-h, --helpPrints this screen.

-o <file>, --out-file <file>File to write statistics after shutdown.

-b <bssid>, --bssid <bssid>Custom BSSID to be injected as sender MAC address. Address is fixed automatically to be global and unicast.

-a, --no-mac-autofixDisables unicast/global auto fix for BSSID MAC addresses.

-i <iface>, --interface <iface>Wireless interface to use packet injection and sniffing. Obligatory option.

-d <file>, --dump-file <file>Write all CTS captures to a PCAP file.

-r <us>, --rts-interval <us>Microseconds as threshold to wait between RTS injections. Setting it to a low value might cause malfunction. Default: 500000

-t, --text-modeEnables text only mode.

--versionPrints version number and author information.

Examples

Display the help screen showing all available options and usage.

proximoth -h

Scan target MAC AA:BB:CC:DD:EE:FF using wlan0 interface (obligatory interface option).

proximoth -i wlan0 AA:BB:CC:DD:EE:FF

Test target with custom BSSID sender using monitor mode interface.

proximoth -i wlan0mon -b 11:22:33:44:55:66 AA:BB:CC:DD:EE:FF

Capture all CTS responses to PCAP file for analysis.

proximoth -i wlan0 -d captures.pcap AA:BB:CC:DD:EE:FF

Save statistics to file with custom 250ms RTS interval.

proximoth -i wlan0 -o stats.txt -r 250000 AA:BB:CC:DD:EE:FF

Run in text-only mode for console output without graphics.

proximoth -i wlan0 -t AA:BB:CC:DD:EE:FF

Show version number and author information.

proximoth --version

Use custom BSSID without auto MAC address fixing.

proximoth -i wlan0 -a -b 00:11:22:33:44:55 AA:BB:CC:DD:EE:FF

Updated 2026-04-16kali.org ↗