Wireless Audit Pipeline (WAP)
In progressEvent-driven Python pipeline automating 802.11 wireless security audits — capture, profiling, scoring, visualization, and reporting.
Overview
WAP is a modular, event-driven Python pipeline that automates the full wireless security audit workflow: from raw 802.11 frame capture through structured target profiling, vulnerability scoring, network visualization, attack vector recommendation, and HTML report generation. The system is designed as a recommendation engine — it generates prioritized attack vectors and CLI command strings for documentation purposes without executing anything unless explicitly armed via --execute in a fully authorized lab context. Built with asyncio pub/sub event bus, Pydantic v2 models, async SQLite persistence, and Jinja2 reporting.
Technologies Used
Key Features
- 7-module event-driven pipeline architecture
- Monitor mode capture with dumpcap ring-buffer
- TShark JSON streaming and frame classification
- TargetProfile aggregation with OUI lookup
- Configurable vulnerability scoring with risk bands
- NetworkX bipartite graph visualization + GraphML export
- Rule-based attack vector recommendation (dry-run default)
- Jinja2 HTML/PDF reports with MITRE ATT&CK references
Challenges & Solutions
Challenge:
Processing high-throughput 802.11 frame streams in real-time
Solution:
Implemented async event bus with pub/sub pattern and backpressure-aware stream processing
Challenge:
Ensuring safety in an offensive security tool
Solution:
Built multi-layer safety: dry_run default, authorized_bssids whitelist, prohibited command patterns, explicit --execute flag required
Challenge:
Maintaining chain-of-custody integrity for forensic evidence
Solution:
SHA256 hashing of all exports, incident tagging, and immutable audit logging throughout the pipeline
Outcome
239 test cases (70.7% branch coverage), 4 phases complete, Phase 5 hardening in progress