Making a WiFi Scanner In Python

Have you ever wanted to build a tool to display nearby wireless networks along with their MAC address and some other useful information? Well, in this tutorial, we are going to build a Wi-Fi scanner using the Scapy library in Python.

If you’re in this field for a while, you might have seen the airodump-ng utility that sniffs, captures, and decodes 802.11 frames to display nearby wireless networks in a nice format, in this tutorial, we will do a similar one.

Getting Started

To get started, you need to install Scapy, I have cloned the development version, you can also install it using pip:

Note: This tutorial assumes you are using any Unix-based environment, it is also suggested you use Kali Linux.

After that, we gonna use pandas just for printing in a nice format (you can change that obviously):

Now the code of this tutorial won’t work if you do not enable monitor mode in your network interface, please install aircrack-ng (which comes pre-installed on Kali) and run the following command:

Now you can check your interface name using iwconfig:

As you can see, our interface is now in monitor mode and has the name “wlan0”.

You can also use iwconfig itself to change your network card into monitor mode:

Writing the Code

Let’s get started, open up a new Python file and import the necessary modules:

Next, we need to initialize an empty data frame that stores our networks:

So I’ve set the BSSID (MAC address of the access point) as the index of each row, as it is unique for every device.

If you’re familiar with Scapy, then you know for sure that we are going to use the sniff() function, which takes the callback function that is executed whenever a packet is sniffed, let’s implement this function:

This callback makes sure that the sniffed packet has a beacon layer on it, if it is the case, then it will extract the BSSID, SSID (name of access point), signal, and some stats. Scapy’s Dot11Beacon class has the awesome network_stats() function that extracts some useful information from the network, such as the channel, rates, and encryption type. Finally, we add this information to the data frame with the BSSID as the index.

You will encounter some networks that don’t have the SSID (SSID equals “”), this is an indicator that it’s a hidden network. In hidden networks, the access point leaves the info field blank to hide the discovery of the network name, you will still find them using this tutorial’s script, but without a network name.

Now we need a way to visualize this data frame. Since we’re going to use the sniff() function (which blocks and starts sniffing in the main thread), we need to use a separate thread to print the content of networks a data frame, the below code does that:

To the main code now:

Changing Channels

Now if you execute this, you will notice not all nearby networks are available, that’s because we’re listening on one WLAN channel only. We can use the iwconfig command to change the channel, here is the Python function for it:

For instance, if you want to change to channel 2, the command would be:

Great, so this will change channels incrementally from 1 to 14 every 0.5 seconds, spawning the daemon thread that runs this function:

Note: Channels 12 and 13 are allowed in low-power mode, while channel 14 is banned and only allowed in Japan.

Note that we set the daemon an attribute of the thread to True, so this thread will end whenever the program exit.

Here is a screenshot of my execution:

Conclusion

Alright, in this tutorial, we wrote a simple Wi-Fi scanner using the Scapy library that sniffs and decodes beacon frames which are transmitted every time by access points, they serve to announce the presence of a wireless network.

Here is the source code of the article:- https://github.com/KoderKumar/Wifi-Scanner

Thank you for reading my article

And if you like it give me a follow.

https://www.instagram.com/coder_kumar/