Wi-Fi Honey

wifi-honey is a Wi-Fi honeypot tool designed to lure attackers by broadcasting fake ESSIDs on specified channels. It automates the setup of monitor mode interfaces, creating four for use as access points and one for running airodump-ng to capture traffic. In WPA/WPA2 scenarios, this captures the first two packets of the four-way handshake, enabling key cracking with tools like aircrack-ng or coWPAtty.

The tool simplifies deployment by managing everything within a single screen session, with labeled sessions for each component. This allows users to switch between screens to monitor activity across the fake APs and capture interface. It warns about interfering processes like NetworkManager that must be killed using airmon-ng check kill before proceeding.

Use cases include wireless security testing, deception operations, and collecting credentials from attackers attempting to connect to the honeypot APs.

The script automates creating five monitor mode interfaces from a specified wireless interface: four act as access points broadcasting the given ESSID on the specified channel, and the fifth runs airodump-ng for packet capture. All operations occur within a screen session with labeled windows for each interface and process. It detects and warns about conflicting processes that change channels or revert interfaces from monitor mode. For WPA/WPA2, airodump-ng captures initial handshake packets alongside the honeypot APs.