Re: Vulnerability Scanner for Wireless Card Drivers

[Joshua Wright <jwright () hasborg com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> Has any one heard of a VS for wireless card drivers?
>
> What I mean is a tool that you have on your laptop and scan the
> laptops that are probing into the air, for driver versions with
> vulnerabilities (something common).

I wrote a wireless driver VA scanner while working at Aruba called
WiFiDEnum: https://labs.arubanetworks.com/

This is not a passive monitor-mode scanner.  It reaches the host over
the WMIC protocol to enumerate registry keys using the logged-in user's
credentials (or alternate specified administrative credentials) and uses
a local MS Access database of known driver vulnerabilities to generate a
short HTML or XML vulnerability report.

I haven't been maintaining WiFiDEnum since leaving Aruba for
InGuardians, but you could easily download the tool and update the
Access DB supplied to add new driver information based on NIST NVD entries.

If you run into trouble, drop me a note.

- -Josh
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)

iEYEARECAAYFAkquuT8ACgkQapC4Te3oxYxldwCfdgNwEL4HKAbUPReYhhGZDlFs
nHgAnj6Gu0eJ4Ozibrk1CBvEP33KLdA1
=lN56
-----END PGP SIGNATURE-----

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified. 

http://www.iacertification.org
------------------------------------------------------------------------