Penetration Testing Tools Update: New Version of EAPeak Released

Saturday, October 15, 2011

Spencer McIntyre


SecureState is releasing an updated version of EAPeak.


EAPeak is a suite of open source tools to facilitate auditing of wireless networks that utilize the Extensible Authentication Protocol framework for authentication.


It is meant to give useful information relating to the security of these networks for PenTesters to use while searching for vulnerabilities.


Version 1.4 now includes additional features and multiple bug fixes. The new features introduced in Version 1.4 include support for viewing TLS certificates in EAPeak and a new tool in beta-status called EAPScan.


The certificate support within EAPeak now allows users to view details regarding what certificates certain EAP types are using. This can often aid an attacker in creating a malicious certificate by being able to imitate the original with authenticated information.


In addition, EAPeak now has a certificate export wizard that can be used to write x509 certificates to files. The export wizard can export the certificates in either DER or PEM format for use and inspection with other utilities.


EAPScan, the other major addition in Version 1.4 of EAPeak, changes EAPeak from a standalone tool to a suite that begins to bridge the gap from passive analysis to active attacks.


EAPScan is used for scanning wireless access points to determine what EAP types they are configured to use for authentication.


The benefit of this approach is that the attacker can generate the traffic necessary to footprint the network without having any clients present.


EAPScan also begins to introduce functionality for wireless frame injection that will continue to be used in future enhancements.


For more information on EAPeak, see the original blog post at:


The EAPeak Suite can be found at:


Cross-posted from SecureState

Possibly Related Articles:
Wireless Authentication Open Source Tools Penetration Testing TLS OS X Lion
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.