Installing airgraph-ng on Kali Linux

Posted on July 28, 2020 by mark

There are many tutorials on using airgraph-ng on youtube; most omit the small detail that it cannot be installed using a package manager.

The airodump-ng utility within the aircrack-ng toolkit is used to scan wireless activity near your location, including not just wireless hot spots but also the devices connected to or trying to connect to those hot spots. As it only scans activity happening in the air and cannot be considered a hacking tool it can be considered legal to use anywhere. It can save results to a CSV file, which id not easily human readable.

The airgraph-ng utility covered here is one of the experimental scripts available in the aircrack-ng suite of tools. It’s purpose is to take the CSV file generated by the airodump-ng utility and display the data captured as a pretty diagram showing the association between the devices captured. This is useful in determining what wireless devices are connected to what access points at a glance without having to write your own tools to parse the file.

As the airgraph-ng script is in the ‘experimental’ category it is not shipped as part of aircrack-ng packages that are available for most Linux distributions so needs to be installed from source. The aircrack-ng sources can be obtained with “git clone https://github.com/aircrack-ng/aircrack-ng.git”.

The airgraph-ng tool requires a bit of manual fiddling to get it to work after installation, which may be why it is bundled in the experimental category; but the fiddling required is covered in this post.

This post covers installing airgraph-ng (actually installing the entire package) on the normal full Kali OS server install, plus covers additional steps needed if you installed your Kali system from the Live DVD media rather than the server media.

The live DVD used was

Linux kali 4.19.0-kali3-amd64 #1 SMP Debian 4.19.20-1kali1 (2019-02-14) x86_64 GNU/Linux
gcc (Debian 8.2.0-14) 8.2.0

The server install used was

Linux kali 5.7.0-kali1-amd64 #1 SMP Debian 5.7.6-1kali2 (2020-07-01) x86_64 GNU/Linux
gcc (Debian 9.3.0-14) 9.3.0

Requirements:

  • A GCC compiler version below 10, as of July 18 2020 it is not possible to compile the aircrack-ng tools using GCC 10
  • Any Linux OS with an older version of the GCC Compiler available (Fedora 32 for example uses GCC 10 so cannot be used). This post uses the Kali OS
  • The OS must have python 2 installed (2.7 works OK); the airgraph-ng python script will not run under python3. Kali Linux includes both python and python3 so this is not an issue if you are using Kali Linux

The issue:

Most OS’s have the package aircrack-ng available in their repositories, Kali even comes with the package installed; this provides the standard airmon-ng and airodump-ng utilities. The issue is that the supplied packages do not include optional utilities such as airgraph-ng. If you want experimental features you must install from source.

This post was written on July 18 2020; issues with the source on github not compiling using GCC 10 may have been resolved by the time you read this.

Pre-requisites

If you installed from the live DVD:

If you installed a VM from the ‘live DVD’ after the install you will have no repositories configured, even the DVD media will have been commented out of the available repository list after installation. You need to be able to access repositories to install packages required to compile the source. This is easily fixed with the below command.

cat << EOF >> /etc/apt/sources.list
deb http://http.kali.org/kali kali-rolling main non-free contrib
# For source package access, uncomment the following line
# deb-src http://http.kali.org/kali kali-rolling main non-free contrib
EOF

Additional packages required:

In order to compile the aircrack-ng utilities you need at a minimum the following additional packages installed in addition to the base Kali install.

apt-get clean
apt-get autoclean
apt update
apt upgrade
apt install build-essential
apt-get install automake autoconf autotools-dev 
apt install libtool pkg-config m4
apt install libssl-dev
apt install libnl-3-200 libnl-3-dev
apt install libpcap-dev
apt install libnl-genl-3-200 libnl-genl-3-dev

# The below are only needed if you installed Kali from the live DVD
apt install libstdc++-dev
apt install python3-graphviz graphviz
apt install python-pygraphviz
apt install python3-pydot python3-pydot-ng python3-pydotplus

Obtaining aitcrack-ng, and Compiling

After all the pre-requisites have been satisfied you are ready to actually compile it. Do not just blindly copy/paste the below commands, run each one by one and fix errors as needed before running the next.

cd ~
mkdir git
cd git
git clone https://github.com/aircrack-ng/aircrack-ng.git
cd aircrack-ng
autoreconf -i
./configure --with-ext-scripts --disable-shared --enable-static
make
make install

If all went well you will have updated versions of the software in /usr/local/bin and /usr/local/sbin. The files installed by the default Kali install package reside in /usr/bin and /usr/sbin so both can co-exist at the same time. It is important to note however that on Kali the /usr/local directories are by default searched first so your newly compiled files will be chosen by default.

I would recomend you do not uninstall the aircrack-ng package and actually use the packaged versions of the utilities. The reason for that is that is that if you were paying attention during the configure step you will have noticed that many facilities were not implemented (for example pcap is available as libpcap-dev was one of the packages I stated you need to download, pcre was not available as I could not locate a libpcre-dev package to obtain it). It can be assumed that the packaged utilites have all features available so are probably the better ones to use. Remember this post is about obtaining the airgraph-ng command, however if you want to obtain all the features and use the latest source you need to hunt down all the development libraries and header files needed to provide all the features.

airgraph-ng is now available, but it will not yet run

So, you think you are now reasy to run airgraph-ng ?. Bad news, the script is broken. Fortunately not too badly, the issues are

  1. it requires a ‘support’ directory under your current working directory, which you need to manually create
  2. it wants to download a device list file from http://standards-oui.ieee.org/oui.txt into that directory, and fails to do so

The fix is simply, in your work directory

mkdir support
cd support
wget http://standards-oui.ieee.org/oui.txt
cd ..

and run the airgraph-ng command again, with the ‘support’ directory and required file within it existing it will finally work.

Other important things to note: are

  • The airmon-ng script runs using python 2 (fortunately Kali has 2.7 ‘python command’ as well as python 3.x ‘python3 command’ so that is not an issue
  • The airgraph-ng script will not run under python 3.x, if you try to install it on a server with only python 3.x forget it (at the current time) as the graphviz libraries are for python2 and if airmon-ng is run with ‘python3’ it cannot find the graphviz libraries (this will obviously change in later releases, but for now it is a stopper)

An example usage, assuming wireless device is wlp1s0

--- On Terminal 1
airmon-ng start wlp1s0

--- On Terminal 2
airodump-ng wlp1s0mon -w /root/osint/data/airodump_scan_location_date
^C (control-C) when run for a while to capture data, at least 5mins

# take the wireless adapter out of monitor mode, should free up terminal 1 again
airmon-ng stop wlp1s0mon

# Then use the collected data
   # map as a png the wireless devices actually connected to the networks located
   airgraph-ng -i airodump_scan_location_date.csv -o 'airodump_scan_location_date_CAPR' -g CAPR
   # map as png devices trying to connect to networks, this can show what networks they
   # connected to in the past that they are trying to re-connect to.
   airgraph-ng -i airodump_scan_location_date.csv -o 'airodump_scan_location_date_CPG' -g CPG

The first graph allows connected wireless devices nearby to be mapped to the wireless hot spots they are connected to which is useful for penetration testers, especially if ‘open’ unsecured ssid’s are found.

The details in second graph can be used by hackers, to use ssid spoofing to obtain the first two parts of a key handshake from the device trying to connect the the fake ssid; while the device will not connect as the fake ssid does not have a valid key there are tools that allow a key to be determined from those first two parts of the handshake the device used; this allows a fully operational fake ssid to be created and route all the traffic from the device connecting to it through that fake ssid hot spot… so ensure your wireless devices are never setup to try to autoconnect (most phones do) and instead manually connect to networks you know are expected to be near you when needed, as all connection attempts are broadcast to every wireless hot spot within range including those mapping other peoples networks.

About mark

At work, been working on Tandems for around 30yrs (programming + sysadmin), plus AIX and Solaris sysadmin also thrown in during the last 20yrs; also about 5yrs on MVS (mainly operations and automation but also smp/e work). At home I have been using linux for decades. Programming background is commercially in TAL/COBOL/SCOBOL/C(Tandem); 370 assembler(MVS); C, perl and shell scripting in *nix; and Microsoft Macro Assembler(windows).
This entry was posted in Penetration Testing, Unix. Bookmark the permalink.