Skip to content

TypicalAM/Yarilo

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

174 Commits
backend
backend
 
 
frontend
frontend
 
 
pinhandler
pinhandler
 
 
protos
protos
 
 
.gitattributes
.gitattributes
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 
docker-compose.srv.yml
docker-compose.srv.yml
 
 
docker-compose.yml
docker-compose.yml
 
 

Repository files navigation

Yarilo

Yarilo is an offensive security tool and packet sniffer designed for capturing and decrypting encrypted wireless network traffic. This project can analyze and interpret packets on WPA2-protected networks with support for more coming soon. It can aid in network security assessments and understanding of wireless communication protocols.

Capabilities:

  • Capturing and decrypting data from nearby networks
  • Transferring data to/from pcap
  • Replay attacks (deauth)
  • Efficient channel hopping
  • Brute-forcing passwords (work in progress)

The project consists of two components:

  • Sniffer - packet capturing backend written in C++
  • Web Client - controlling the sniffer and viewing data (moving to sveltekit soon)

Release

Let's talk about running the release version of Yarilo, we strongly encourage running the sniffer through docker because of the issues that arise while compiling grpc by hand (it takes a lot of time on smaller devices).

Sniffer

You can use typicalam/yarilo:latest as the base docker image. This project has two modes - file mode and interface mode. File mode runs the sniffer and analyzer on file recordings to decrypt existing data. Interface mode allows Yarlilo to take in a NIC (network interface card) and use that to sniff out network traffic captured by the card. You can also provide it a directory (shared volume) to be able to save the decrypted data. An example deployment docker compose file achieving is available at docker-compose.srv.yml. To run it execute the following command in the repo root:

docker compose -f docker-compose.srv.yml up -d

Development

What about running this thing locally?

Sniffer

Run in the backend directory ($MY_GRPC_INSTALL_DIR should be your grpc install dir):

Prepare definitions:

protoc -I ../protos --cpp_out=src --grpc_out=src --plugin=protoc-gen-grpc=`which grpc_cpp_plugin` ../protos/packets.proto

Run with mayhem support:

cmake -DCMAKE_PREFIX_PATH=$MY_GRPC_INSTALL_DIR -DYARILO_WITH_MAYHEM=ON -G Ninja -B build .
ninja -C build
./build/yarilo --help

Without mayhem support:

cmake -DCMAKE_PREFIX_PATH=$MY_GRPC_INSTALL_DIR -G Ninja -B build .
ninja -C build
./build/yarilo --help

C++ reference documentation is automatically built alongside the project (requires doxygen). Open the build/doc_doxygen/html/index.html file in a browser to view. Optionally, for protobuf definitons to also be included in the docs, run the following before building (requires go):

go install github.com/pseudomuto/protoc-gen-doc/cmd/protoc-gen-doc@latest
protoc -I../protos --doc_opt=markdown,proto.md --doc_out=docs ../protos/packets.proto

Client

To run the client, enter the frontend directory and run:

npm install
npm run proto:gen
npm run dev

If your sniffer isn't running in docker you should also run envoy like so: envoy -c backend/envoy.yaml.

Extras - Pinhandler

Pin handler can be used to communicate between the host machine (with the LEDs and suchlike) and the container, it does so by using special gprc endpoints which stream the LED state. If you wish to see some action on your host machine you can run the following in the pinhandler directory:

python3 -m pip install grpcio grpcio-tools
python3 -m grpc_tools.protoc -I../protos --python_out=. --pyi_out=. --grpc_python_out=. ../protos/packets.proto
python3 handler.py localhost:9090

About

Network Traffic Decrypter & Packet Analyzer

Topics

cplusplus svelte wireless 802-11 libtins

Resources

Readme
Activity

Stars

4 stars

Watchers

3 watching

Forks

0 forks
Report repository

Contributors 2

  •  
  •  

Languages