Using PineAP to Find Common SSIDs

Wigle does not show a bias on commonly used/associated SSID for wifi. Performing a wireless survey for clients, you are often more concerned with the immediate site location’s spectrum analysis. But with a penetration testing, things get a bit more open. In order to aid with identifying potential targets devices, the portability and discretion of a Wifi Pineapple is superb. Additionally, canvasing an error and observing the demographics known SSIDs allows us to determine which SSIDs will be more likely to succeed. If AT&T is popular for broadband in the area, ‘attwifi’ is a great choice (representing 8.7% of my current sample size of 854 SSIDs). I wanted a way to support broad research, as well localized results. So I wrote some Python.

If you are interested in profiling SSIDs, or just need a parser for PineAP log files, check out SsidyMetrics.



Airgraph-ng on Kali 2.0

Airgraph-ng does not install by default with aircrack-ng. Its main wiki page has not been updated for almost six years, but is still relevant and airgraph-ng does see a fix now and again. Getting it running on Kali 2.0 was straightforward enough, but did require a bit of troubleshooting.

Make install threw an error regarding ‘common.mak’ which does not exist. Instead of ‘make install’ it appears that ‘python install’ should be used for the installation now.

This almost gets you there. Airgraph-ng expects the path /usr/bin/airgraph-ng to be valid, so creating a link to the directory gets it going. The following commands should get airgraph-ng installed and running:

cd /opt
svn co
cd airgraph-ng
python install
ln -s /opt/airgraph-ng /usr/bin/airgraph-ng

Note that trying this on two installs, first time it is run it says that it is getting ‘oui.txt’. I had to let this run for a minute or two before killing it and being able to successfully create an image.

airgraph-ng CAPR

War-walking Hawaiian Style


To prepare for an upcoming Wifi Survey, I decided to configure a Wifi Pineapple to use Kismet and GPS as described in Hacking Exposed – Wireless. In addition to the book, there are quite a few articles and posts to make this happen, and overall it is a simple effort.


  • WiFi Pineapple Mark V
  • Pineapple Juice 15000
  • GlobalSat BU-353-S4 USB GPS Receiver


While some people recommend using Kismet for GPS, I did not have success with that configuration and ended up running GPSD. Consequently, the default kistmet.conf file does not require substantial changes as it defaults to a GPS/GPSD configuration.

Daemonizing GPSD and specifying the ‘don’t wait for a client to connect before polling’ flag (-n). Note that a capital ‘N’ flag is used to run GPSD interactively and may assist with your device troubleshooting.

While I think that your GPS will most likely register as /dev/ttyUSB0, double-check the load.

Kismet is a client interface for the Pineapple, so ensure that you install AutoSSH and auto-enable it.

To get Kismet running, we need to do the following:

  1. ssh to Pineapple
  2. Install dependencies:
    1. opkg update
    2. opkg install gpsd
    3. opkg install kistmet_server
  3. Edit Kismet configuration (see Wardriving with WiFi Pineapple Mark V running Kismet)
    1. Modify log directory; logprefix=/sd/kismet/
  4. Run GPS service:
    1. gpsd -n /dev/ttyUSB0
  5. Initialize Antenna
    1. ifconfig wlan1 down
    2. iwconfig wlan1 mode monitor
  6. Run Kismet
    1. kismet_server

Kiswalk Startup/Shutdown Script

With your setup scripts in place, all that needs to be done is to SSH into the Pineapple, run ‘ start’, go for a walk, SSH back in and run ‘ stop’


if [[ "$1" == "start" ]]
    echo "Starting Kismet..."

    # Initialize GPS device
    gpsd -n /dev/ttyUSB0

    # Put the second antenna in monitor mode
    ifconfig wlan1 down
    iwconfig wlan1 mode monitor

    # Start Kismet
    kismet_server --daemonize
elif [[ "$1" == "stop" ]]
    # Stop Kismet
    echo -e '\n!0 shutdown' | nc localhost 2501

    # Download the capture files
    tar cvzf /sd/kismet.tar.gz /sd/kismet/*
    scp /root/kismet.tar.gz root@
    echo " [start/stop]"

Script maintained on Github


Hak5 Forum: GPSD Problem

Hak5 Forum: Track Pineapple via GPS

Wardriving with WiFi Pineapple Mark V running Kismet

© 2021 /dev/thought

Theme by Anders NorénUp ↑