A comprehensive toolkit for WiFi handshake collection, signal mapping with GPS, and web-based visualization. MiFi provides both CLI tools for automated handshake capture and a modern web dashboard for interactive analysis of WiFi signal data.
git clone https://github.com/bigstig22/MiFi.git
cd MiFi
./start.shThe setup script will:
- Create all necessary directories (logs, collection, archive, tracking, john, hc, tak, config)
- Create database file (
config/networks.db) - Install all system dependencies (aircrack-ng, john, hashcat, gpsd, etc.)
- Install Python dependencies from
config/requirements.txt - Download
config/rockyou.txtwordlist - Create default
config/config.iniconfiguration file - Configure GPS services
- Verify installation
Note: The script will prompt for sudo when needed for system package installation.
Git Repository: This repository tracks only source code and documentation. Runtime files (databases, captured handshakes, certificates, etc.) are excluded via .gitignore and will be created automatically by start.sh.
If you prefer manual installation, see the Manual Installation section below.
- WiFi Handshake Collection: Automated WPA2 handshake capture with deauth attacks
- Signal Mapping with GPS: Real-time WiFi signal strength mapping with GPS coordinates
- Web Dashboard: Interactive map visualization with filtering, color coding, and analysis tools
- TAK Server Integration: Native CoT message support for TAK Server 5.6 (no plugin required)
- Hash Processing: Automatic conversion to Hashcat (.22000) and John the Ripper (.john) formats
- Wordlist Cracking: Integrated aircrack-ng wordlist attacks
- Helper Scripts: Automated cracking workflows for Hashcat and John the Ripper
MiFi operates in several distinct modes, each designed for specific use cases:
collect-manual: Interactive mode for selecting and capturing specific networkscollect-auto: Automated capture of all detected WPA2 networkstarget: Persistent scanning and capture for a specific ESSID
process-manual: Interactive processing of captured handshakesprocess-auto: Batch processing of all captured handshakes
full-manual: Collection followed by manual processingfull-auto: Fully automated collection and processing pipeline
config: Configure WiFi interface for headless operationmap: GPS-enabled signal mapping for site surveysdashboard: Start the web visualization dashboard
Interactive mode where you select networks to target:
sudo python3 mifi.py --mode collect-manualFeatures:
- Scans for nearby networks
- Displays network table with ESSID, BSSID, Channel, Power, Encryption
- Prompts for network selection
- Allows rescanning with
rscommand - Quit with
qcommand
Options:
-IS, --initial-scan <seconds>: Initial scan duration (default: 30)-TS, --target-scan <seconds>: Handshake monitoring time (default: 60)-p, --packets <count>: Number of deauth packets (default: 100)
Example:
sudo python3 mifi.py --mode collect-manual -IS 45 -TS 90 -p 150Automatically captures handshakes from all detected WPA2 networks:
sudo python3 mifi.py --mode collect-autoFeatures:
- Scans once, then attempts capture on all WPA2 networks
- No user interaction required
- Can be combined with
-Hfor headless background operation
Options: Same as manual mode
Example with headless:
sudo python3 mifi.py --mode collect-auto -H -IS 10 -TS 30Continuously scans until a specific network is found, then captures its handshake:
sudo python3 mifi.py --mode target --TID "[TARGET ID]"Features:
- Persistent scanning until target network appears
- Multiple capture attempts if handshake fails
- Ideal for networks that appear intermittently
Options:
--TID, --target-id <ESSID>: Required - Target network ESSID-TSA, --target-search-attempts <count>: Scan attempts before giving up (default: 25)-TA, --target-attempts <count>: Capture attempts per detection (default: 10)-IS, --initial-scan <seconds>: Scan duration per attempt (default: 30)-TS, --target-scan <seconds>: Handshake monitoring time (default: 60)-p, --packets <count>: Deauth packets per attempt (default: 100)
Example:
sudo python3 mifi.py --mode target --TID "CorporateWiFi" -TSA 50 -TA 15Interactive processing of captured handshakes:
python3 mifi.py --mode process-manualFeatures:
- Lists all .cap files in collection directory
- Prompts for file selection
- Choose processing method (Aircrack, JTR, Hashcat, or All)
- Archives processed files automatically
Options:
-WL, --word-list <path>: Custom wordlist path (default: config/rockyou.txt)
Example:
python3 mifi.py --mode process-manual -WL /path/to/custom_wordlist.txtBatch processes all captured handshakes:
python3 mifi.py --mode process-autoFeatures:
- Processes all .cap files in collection directory
- Runs all processing methods (JTR, Hashcat, Aircrack)
- Archives files after processing
- No user interaction required
Options: Same as manual processing
Runs collection in manual mode, then processing in manual mode:
sudo python3 mifi.py --mode full-manualFully automated collection and processing:
sudo python3 mifi.py --mode full-autoOptions: Combines all collection and processing options
GPS-enabled signal strength mapping for site surveys:
sudo python3 mifi.py --mode mapFeatures:
- Scans for networks at multiple GPS locations
- Records signal strength with GPS coordinates
- TAK Server Integration: Sends CoT messages to TAK Server 5.6 (use
-takflag or enable inconfig/config.ini) - Stores data in database for dashboard visualization
- Waits for new GPS fixes between scans
Options:
-MS, --map-scans <count>: Total number of scans (default: 25)-MSD, --map-scan-duration <seconds>: Duration per scan (default: 1)-GPS, --gps-port <path>: GPS device path (default: /dev/ttyUSB0)-GLA, --gps-lock-attempts <count>: GPS fix attempts before exit (default: 20)-GLW, --gps-lock-wait <seconds>: Wait time between GPS attempts (default: 5)
Example:
sudo python3 mifi.py --mode map -MS 50 -MSD 3 -GPS /dev/ttyUSB1GPS Setup: Before using map mode, ensure gpsd is running:
sudo gpsd /dev/ttyUSB0 -F /var/run/gpsd.sock
# Or configure /etc/default/gpsd and start service:
sudo systemctl start gpsdConfigures WiFi interface for headless operation:
sudo python3 mifi.py --mode configFeatures:
- Detects available wireless interfaces
- Enables monitor mode automatically
- Saves interface to config/config.ini
- Required before using
-Hheadless mode
Starts the web visualization dashboard:
python3 mifi.py --mode dashboardFeatures:
- Interactive map visualization
- Filter by session, ESSID, BSSID, signal strength, channel, date, altitude
- Multiple visualization modes: Markers, Heatmap, Gradient
- Color legend and customizable color thresholds
- Toggleable labels
- Delete tracks functionality
Access:
- Local: http://localhost:5000
- Network: http://:5000
--mode <mode>: Required - Operation mode (see modes above)-v, --verbose: Enable verbose output (creates large log files)-H, --headless: Run in background (only with*-automodes)-h, --help: Show help message--version: Show version information
-IS, --initial-scan <seconds>: Initial spectrum sweep time (default: 30)-TS, --target-scan <seconds>: Handshake monitoring time (default: 60)-p, --packets <count>: Deauth packet count (default: 100)
-WL, --word-list <path>: Custom wordlist path (default: config/rockyou.txt)
--TID, --target-id <ESSID>: Required - Target ESSID-TSA, --target-search-attempts <count>: Scan attempts (default: 25)-TA, --target-attempts <count>: Capture attempts (default: 10)
-MS, --map-scans <count>: Total scans (default: 25)-MSD, --map-scan-duration <seconds>: Scan duration (default: 1)-GPS, --gps-port <path>: GPS device path (default: /dev/ttyUSB0)-GLA, --gps-lock-attempts <count>: GPS fix attempts (default: 20)-tak: Enable TAK Server integration (or configure inconfig/config.ini)--tak-host <host>: TAK Server hostname/IP (overridesconfig/config.ini)--tak-port <port>: TAK Server port (default: 8087)--tak-protocol <tcp|udp>: Protocol (default: tcp)--tak-cert <path>: Client certificate file--tak-key <path>: Private key file--tak-ca <path>: CA certificate file-GLW, --gps-lock-wait <seconds>: Wait between attempts (default: 5)
MiFi/
โโโ mifi.py # Main CLI tool
โโโ mifi_dashboard.py # Web dashboard server
โโโ start.sh # Automated setup script
โโโ README.md # This file
โ
โโโ config/ # Configuration and data files
โ โโโ requirements.txt # Python dependencies (tracked in git)
โ โโโ config.ini # Interface configuration (auto-created, not in git)
โ โโโ networks.db # SQLite database (auto-created, not in git)
โ โโโ rockyou.txt # Wordlist (downloaded by start.sh, not in git)
โ
โโโ logs/ # Application logs (not in git)
โ โโโ YYYY-MM-DD_HH-MM-SS.log
โ
โโโ collection/ # Captured handshakes (.cap files, not in git)
โ โโโ ESSID--BSSID--CH--TIMESTAMP-01.cap
โ
โโโ archive/ # Processed files archive (not in git)
โ โโโ pcap/ # Archived .cap files
โ
โโโ tracking/ # Exported tracking data (not in git, created by start.sh)
โ โโโ tracking_data_*.json
โ โโโ tracking_data_*.csv
โ
โโโ john/ # John the Ripper processing
โ โโโ jtr.py # John automation script (tracked in git)
โ โโโ *.john # WPA handshake hashes (not in git)
โ โโโ *_eapol.john # EAPOL-specific hashes (not in git)
โ โโโ *_pmkid.john # PMKID-specific hashes (not in git)
โ โโโ results/ # Cracked password outputs (not in git)
โ โโโ archive/ # Processed file archive (not in git)
โ
โโโ hc/ # Hashcat processing
โ โโโ hash_cat.py # Hashcat automation script (tracked in git)
โ โโโ *.22000 # Hashcat format hashes (not in git)
โ โโโ archive/ # Processed file archive (not in git)
โ
โโโ tak/ # TAK Server integration
โโโ nginx_tak_stream.conf # Nginx config (tracked in git)
โโโ TAK_SERVER_SETUP.md # Setup documentation (tracked in git)
โโโ *.p12, *.pem # Certificates (not in git - user-specific)
โโโ *.crt, *.key # Additional certs (not in git)
The repository tracks only source code and documentation:
- Python scripts:
mifi.py,mifi_dashboard.py - Helper scripts:
hc/hash_cat.py,john/jtr.py - Configuration template:
config/requirements.txt - Documentation:
README.md,tak/TAK_SERVER_SETUP.md - Setup script:
start.sh - Nginx config:
tak/nginx_tak_stream.conf
Runtime files and user-specific data are excluded:
__pycache__/- Python cache filescollection/- Captured handshake files (.cap)*.john- John the Ripper hash filesconfig/networks.db- SQLite databaseconfig/config.ini- User configurationconfig/rockyou.txt- Wordlist (large file)config/.mifi_dashboard_state.json- Dashboard statetak/*.pem,tak/*.p12- TAK certificates (user-specific)logs/,archive/,tracking/- Runtime directories
All excluded files are automatically created by start.sh when setting up the environment.
Hardware:
- WiFi adapter capable of monitor mode
- USB GPS module (optional, for mapping mode)
- Linux system (Debian/Ubuntu recommended)
Software:
- Python 3.6+
- aircrack-ng suite
- John the Ripper (Jumbo version for wpapcap2john)
- Hashcat
- gpsd and gpsd-clients (for GPS mapping)
Debian/Ubuntu:
sudo apt update
sudo apt install -y aircrack-ng john hashcat python3 python3-pip gpsd gpsd-clients iw wireless-toolsFedora/RHEL/CentOS:
sudo dnf install -y aircrack-ng john hashcat python3 python3-pip gpsd gpsd-clients iw wireless-toolsArch Linux:
sudo pacman -S aircrack-ng john hashcat python python-pip gpsd iw wireless_toolspip3 install --user -r config/requirements.txtOr system-wide:
sudo pip3 install -r config/requirements.txt# Option 1: Download from GitHub
wget https://github.com/brannondorsey/naive-hashcat/releases/download/data/rockyou.txt -O config/rockyou.txt
# Option 2: Extract from system location
gunzip -c /usr/share/wordlists/rockyou.txt.gz > config/rockyou.txtmkdir -p logs collection archive/pcap tracking john/results john/archive hc/archive tak configNote: The tracking/ folder is required for exporting tracking data. It is automatically created by start.sh.
# Start gpsd with your GPS device
sudo gpsd /dev/ttyUSB0 -F /var/run/gpsd.sock
# Or configure service
sudo nano /etc/default/gpsd
# Add: DEVICES="/dev/ttyUSB0"
# Add: GPSD_OPTIONS="-n"
sudo systemctl start gpsd
sudo systemctl enable gpsd-
Configure interface:
sudo python3 mifi.py --mode config
-
Collect handshakes:
sudo python3 mifi.py --mode collect-manual
-
Process handshakes:
python3 mifi.py --mode process-auto
-
View results:
- Check
john/results/for John the Ripper outputs - Check
hc/for Hashcat outputs - Review logs in
logs/
- Check
Automated collection and processing:
sudo python3 mifi.py --mode full-auto -H -IS 30 -TS 60 -WL /path/to/wordlist.txtTargeted network capture:
sudo python3 mifi.py --mode target --TID "TargetNetwork" -TSA 50 -TA 20GPS signal mapping:
sudo python3 mifi.py --mode map -MS 100 -MSD 2 -GPS /dev/ttyUSB0Start dashboard:
python3 mifi.py --mode dashboard
# Access at http://localhost:5000The web dashboard provides interactive visualization of collected WiFi signal data.
- Interactive Maps: OpenStreetMap and Satellite views
- Visualization Modes: Markers, Heatmap, and Gradient
- Advanced Filtering: Session, ESSID, BSSID, Signal, Channel, Date, Altitude
- Color Customization: Edit color thresholds for signal strength
- Toggleable Labels: Show/hide ESSID labels on markers
- Color Legend: Visual reference for signal strength colors
- Track Management: Delete tracks matching filters
F- Toggle filters panelR- Refresh dataM- Focus display mode selectorL- Toggle labelsDel- Open delete dialogEsc- Close modal
python3 mifi.py --mode dashboardThen open: http://localhost:5000
Automates John the Ripper attacks on processed handshakes:
cd john
python3 jtr.pyFeatures:
- Finds all
.johnfiles (not tracked in git) - Runs dictionary and brute-force attacks
- Outputs results to
results/directory - Archives processed files
Automates Hashcat attacks on processed handshakes:
cd hc
python3 hash_cat.pyFeatures:
- Finds
.22000files (not tracked in git) - Downloads config/rockyou.txt if missing
- Runs multiple attack modes
- Archives processed files
If you run mifi with sudo, the database may be owned by root:
sudo chown $USER:$USER config/networks.db- Check USB connection
- Verify device path:
ls -l /dev/ttyUSB* - Check permissions:
sudo usermod -aG dialout $USER(logout/login) - Ensure gpsd is running:
sudo systemctl status gpsd - Test GPS:
cgps -sorgpsmon
- Check interface:
iwconfigoriw dev - Check rfkill:
sudo rfkill unblock wifi - Verify driver support:
iw phy - Try manual monitor mode:
sudo airmon-ng start wlan0
- Ensure you've run map mode at least once
- Check database exists and has data:
sqlite3 config/networks.db "SELECT COUNT(*) FROM signal_tracking;" - Verify database permissions
Run the setup script again:
./start.shOr manually install missing packages based on error messages.
- Run config mode:
sudo python3 mifi.py --mode config - Manually edit
config/config.iniwith your interface name - Ensure interface is in monitor mode
IMPORTANT: This tool is provided for educational and authorized security testing purposes only.
- Unauthorized access to networks or data is illegal and punishable by law
- Only use this tool on networks you own or have explicit written permission to test
- The authors assume no responsibility for misuse or damage caused by this software
- Users are solely responsible for compliance with local laws and regulations
- Use responsibly and ethically
aircrack-ng(airodump-ng, aireplay-ng, aircrack-ng)john(John the Ripper Jumbo)hashcatpython3andpython3-pipgpsdandgpsd-clients(for GPS mapping)iwandwireless-tools
tabulate>=0.9.0pyserial>=3.5gps3>=0.33.3flask>=2.0.0flask-cors>=4.0.0
config/rockyou.txtwordlist (auto-downloaded by start.sh)
- Fork the repository
- Create a feature branch (
git checkout -b feature/amazing-feature) - Commit your changes (
git commit -m 'Add amazing feature') - Push to the branch (
git push origin feature/amazing-feature) - Open a Pull Request
This software is provided as-is for educational purposes. Please ensure compliance with local laws and regulations when using this tool.
For issues, questions, or contributions, please open an issue on the GitHub repository.
Version: 0.1.1
Last Updated: 2025