feat(skills): 802.11 wireless attack suite (WPA3-SAE, EAP, WPS, evil-twin, deauth/PMF, KRACK/FragAttacks)#436
Merged
1 commit merged intoJun 1, 2026
Merged
Conversation
…, WPS, evil-twin, deauth/PMF, KRACK/FragAttacks Adds 7 new SKILL.md playbooks filling documented gaps in the wireless skills library: - standard/wireless/SKILL.md: top-level catalog + crypto decision tree (was missing; all other domains ship one) - standard/wireless/wpa3-sae/SKILL.md: fills the dangling wpa2-psk reference; DragonShift transition-mode downgrade, CVE-2023-52424 SSID Confusion, Dragonblood side-channels - standard/wireless/wpa-enterprise-eap/SKILL.md: rogue-RADIUS evil-twin (eaphammer/hostapd-wpe), MSCHAPv2→NetNTLM capture, GTC downgrade, PEAP relay via wpa_sycophant - standard/wireless/wps-pixie-dust/SKILL.md: fills explicit workflow.md TODO; reaver -K/pixiewps Pixie-Dust + bully online brute + PSK-to-Credential chain - standard/wireless/evil-twin-karma/SKILL.md: fills workflow.md RoE gate with no backing skill; KARMA/Mana PNL probe harvest, hostapd-mana rogue AP, wifiphisher portal, bettercap MITM - standard/wireless/deauth-pmf/SKILL.md: extracts scattered deauth/PMF logic from wpa2-psk into a reusable primitive; PMF state detection + targeted/broadcast deauth + mdk4 + 802.11w finding - standard/wireless/krack-fragattacks/SKILL.md: covers legacy/embedded supplicant exposure; Vanhoef krackattacks-scripts + fragattacks test tool, per-CVE findings All files are additive markdown (no source code changes). ruff check/format and skills-registry tests pass.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
New playbooks
standard/wireless/SKILL.mdworkflow.md+wpa2-psk. Adds crypto-mode decision tree, posture table, and full leaf-skill routing.standard/wireless/wpa3-sae/SKILL.mdwpa2-psk(references/wpa3-transition-mode-notes.mdsays "try wpa3-sae skill" — that skill did not exist). Covers DragonShift transition-mode downgrade, CVE-2023-52424 SSID Confusion, Dragonblood side-channels, and SAE captive-portal recovery.standard/wireless/wpa-enterprise-eap/SKILL.mdworkflow.mdKG-node section names "EAP credential" as a type with no backing skill. Covers eaphammer/hostapd-wpe rogue-RADIUS evil-twin, MSCHAPv2→NetNTLM capture + crack, GTC downgrade, and PEAP relay via wpa_sycophant.standard/wireless/wps-pixie-dust/SKILL.mdworkflow.mdTECHNIQUE phase explicitly lists WPS and KG Finding examples cite "WPS Pixie-Dust susceptibility" — no skill existed. Covers reaver -K/pixiewps Pixie-Dust, bully online brute, lockout handling, and PSK→Credential chain.standard/wireless/evil-twin-karma/SKILL.mdworkflow.mdscope rules contain a dedicated evil-twin RoE gate with no backing skill. Covers KARMA/Mana PNL harvest, hostapd-mana rogue AP, wifiphisher portal templates, bettercap MITM, and MAC-randomization defeat.standard/wireless/deauth-pmf/SKILL.mdwpa2-pskonly. Extracts it into a reusable primitive called by wpa2-psk (Path B), wpa3-sae (Path A), and evil-twin (Step 3). Standalone deliverable:pmf_statefinding (disabled/optional/required).standard/wireless/krack-fragattacks/SKILL.mdNotes
ruff check,ruff format --check, andtest_skills_registry/test_skills_pathall pass green.wpa2-psk/SKILL.md(name, description, allowed-tools, metadata.{subdomain, when_to_use, tags, mitre_attack}).wpa2-pskis listed in the new catalog; no modifications to it.