Another command-line tool that is useful for wireless penetration testing is the WAIDPS tool. While billed as an intrusion-detection platform for wireless networks, this Python script is handy for gathering information about wireless networks and clients. To use WAIDPS, simply download the WAIDPS.py Python script from the website at https://github.com/SYWorks/waidps.

Once downloaded, place the script into any directory and then run it using the following command:

    # python waidps.py

Once the command executes, you will be brought to a screen while the script runs through the configuration:

WAIDPS has an optional feature that compares the MAC address of wireless access points to a list of known manufacturers. This feature is useful if you know that a particular target utilizes a specific manufacturer for their access points:

Once the initial configuration has run, WAIDPS will supply a list of access points and wireless networks that are in range. In addition, there is information on the type of encryption in use, as well as the authentication mechanism. Another good piece of information is the PWR or power indicator. This indicates the strength of the specific access point's signal. The closer the number is to zero, the stronger the signal. This is helpful if you are targeting a specific access point. If the signal is weaker than you would like, it indicates you may have to get closer to the actual access point:

In addition to identifying wireless access points, WAIDPS has the ability to scan for clients that may have wireless enabled but are not associated with an access point. This information can become useful if you need to spoof a MAC address that appears to come from a legitimate client: