Evil Twin AP Framework Module

Evil Twin AP Module

Standalone module for Evil Twin attacks with captive portal:

• AP Cloning — Clones target access point SSID, BSSID, and channel configuration using hostapd with precise signal strength matching.
• Deauthentication — Sends targeted deauth frames to specific clients or broadcasts to force disconnection from the legitimate AP and reconnection to the evil twin.
• Captive Portal — Responsive web portal mimicking common WiFi login pages: hotel, airport, corporate guest network, and ISP provider templates with localized branding.
• Credential Capture — Captures WPA2 passwords entered by users who believe they are re-authenticating to their known network through the captive portal.
• Traffic Interception — Once connected, performs transparent proxying with SSL stripping for HTTP traffic and DNS spoofing for targeted domain redirection.
• Automation — Single-command deployment: scans for target network, clones it, launches deauth, starts captive portal, and begins credential capture simultaneously.