Wireless Attackswififingerprintinginformation-gatheringawdlwpsp2p

WIG-NG

WIG-NG is a utility for Wi-Fi device fingerprinting. It supports protocols like AWDL, CCX, HP Printers IE, Wi-Fi Direct, and WPS.

Description

WIG-NG (Wi-Fi Information Gathering) is a Kali Linux tool designed for fingerprinting Wi-Fi devices by analyzing wireless traffic. It identifies devices based on unique protocol signatures and information elements without performing channel hopping, recommending tools like chopping or airodump-ng for that purpose.

Use cases include reconnaissance in wireless penetration testing, device discovery, and profiling network clients supporting specific standards. The tool processes live captures from network interfaces or offline PCAP files/directories, making it versatile for both real-time and post-capture analysis.

It requires root privileges and dependencies like Python3, impacket, pcapy, and setproctitle. Active mode enables frame injection for certain modules, enhancing interactive capabilities.

How It Works

WIG-NG captures and analyzes Wi-Fi frames to fingerprint devices using supported protocols and standards: Apple Wireless Direct Link (AWDL), Cisco Client Extension (CCX), HP Printers Custom Information Element, Wi-Fi Direct (P2P), and Wi-Fi Protected Setup (WPS). It operates on specified network interfaces, PCAP files, or directories, processing multiple files concurrently. Active mode allows frame injection by some modules. It does not hop channels, focusing solely on passive or targeted frame analysis for identification.

Installation

bash

sudo apt install wig-ng

Flags

-h, --helpshow this help message and exit

-v, --verboseOutput verbosity (incremental).

-c, --concurrent countNumber of PCAP capture files to process simultaneously.

-a, --activeSome modules can perform frame injection, this is define by setting the active mode.

-i, --interfacenetwork interface

-rpcap file

-Rpcap directory

Examples

Display the help message and usage information for wig-ng.

wig-ng -h

Display the help message and usage information for wig-ng.py.

wig-ng.py -h

Run wig-ng on live network interface wlan0 for real-time Wi-Fi fingerprinting.

wig-ng -i wlan0

Process a single PCAP file for offline Wi-Fi device fingerprinting analysis.

wig-ng -r capture.pcap

Process all PCAP files in a directory for batch Wi-Fi fingerprinting.

wig-ng -R /path/to/pcap/dir

Run on interface wlan0 with verbose output for detailed fingerprinting results.

wig-ng -i wlan0 -v

Process PCAP file with 4 concurrent captures for faster analysis.

wig-ng -r file.pcap -c 4

Enable active mode on interface wlan0 to allow frame injection by supported modules.

wig-ng -i wlan0 -a

Updated 2026-04-16kali.org ↗