WiFi-Pumpkin v0.8.5 released, Framework for Rogue Wi-Fi Access Point Attack • Penetration Testing

Wi-Fi security. The main feature is the ability to create a fake AP and make Man In The Middle attack, but the list of features is quite broad.


  • Rogue Wi-Fi Access Point
  • Deauth Attack Clients AP
  • Probe Request Monitor
  • DHCP Starvation Attack
  • Credentials Monitor
  • Transparent Proxy
  • Windows Update Attack
  • Phishing Manager
  • Partial Bypass HSTS protocol
  • Support beef hook
  • ARP Poison
  • DNS Spoof
  • Patch Binaries via MITM
  • Karma Attacks (support hostapd-mana)
  • LLMNR, NBT-NS and MDNS poisoner (Responder)
  • Pumpkin-Proxy (ProxyServer (mitmproxy API))
  • Capture images on the fly


Plugin Description
Dns2proxy This tools offer a different features for post-explotation once you change the DNS server to a Victim.
Sstrip2 Sslstrip is a MITM tool that implements Moxie Marlinspike’s SSL stripping attacks based version fork @LeonardoNve/@xtr4nge.
Sergio_proxy Sergio Proxy (a Super Effective Recorder of Gathered Inputs and Outputs) is an HTTP proxy that was written in Python for the Twisted framework.
Patch Binaries via MITM: BackdoorFactory + mitmProxy, bdfproxy-ng is a fork and review of the original BDFProxy @secretsquirrel.
Responder an LLMNR, NBT-NS and MDNS poisoner. Author: Laurent Gaffie


git clone https://github.com/P0cL4bs/WiFi-Pumpkin.git
cd WiFi-Pumpkin
./installer.sh –install

Changelog Version 0.8.5
– added new plugin TCP-Proxy
– added capture image HTTP request (Tab ImageCap)
– added new HTTP-request widgets get info from Headers requests
– added new columm (url) on HTTP-Authentication
– added now WF allow to start without internet connection
– added option that exclude USB card on start
– added support to use 2 wireless cards #211
– remove netcreds plugin thks for all DanMcInerney
– added Python DNS Server improvements #165
– added new style in progressbar on home
– fixed possible bug when start AP with interface wlanx
– fixed exit app when exclude USB adapter
– fixed Network-ManagerUI again
– fixed error: iptables Bad argument
– added option for check network connection Tab->Settings
– fixed error TCP-Proxy plugin imageCap #218
– fixed possible error [Errno 2] No such file or directory #217
– fixed replace bs4 to BeautifulSoup #228
– fixed argument for ‘s’ must be a string #232 thanks @okazymyrov
– fixed IndexError: Layer [Raw] not found #234
– added option for restore NM USB adpater after app closed #239
– moved option settings -> Menu File
– fixed hide error sslstrip exceptions.RuntimeError
– fixed [Errno socket error] [Errno -2] Name or service not known #252
– fixed control lock/unlock plugins tabs when changes options
– fixed PhishingManager error when try shutdown httpd server
– fixed Windows UpdateFake modules
– fixed check return is NoneType from function get_interface_mac
– fixed No such file or directory: ‘settings/dhcpd.conf’ #266
– fixed Wireless Deauth module scan network with airodump-ng
– added plugin PumpkinProxy: disable browser caching, cache-control in HTML
– added constants into a separate module [more modular design]
– fixed pumpking-proxy all plugins inject page #272
– fixed issue #273
– fixed function get ipaddress by interface
– added new colorQListWidget [hover, selection]
– added new design Qtableview for default theme
– added hostapd option BSSID configuration [Settings TAB]
– added show security password type option [Settings TAB]
– fixed dhcpserver exception try get hostname device #277
– fixed set border just table home in default theme
– added Qapplication: allow only one instance of WP to run
– fixed dhcpd server error can’t read file or directory
– removed monitors views [dns2proxy,urlcreds,credentials]
– added dashboard infor [uptime,threads,AP info] in tab home
– added more code organization in file main.py
– fixed bug not working as expected #279
– fixed small bug with Table when add new users
– added new icon WiFi-Pumpkin
– fixed group all object PyQt4 QtGui,QtCore
– fixed except when try import QtGui
– fixed detect if range ip class is same the [DHCP Server] #285
– fixed import QtGui thanks @Brain2000 #282
– fixed redirect Traffic from all domain [dns spoof] #296
– added run WP without mitmproxy packager #309
– fixed cryptography kali 2017.3 thanks @yudevan #315
– fixed import Queue module from multiprocessing #357