Map WiFi networks with precision

Map Wi-Fi airspace and identify target networks for wireless attacks

Initial wireless engagement phase to build target topology before active attacks (deauth, evil-twin, handshake capture).

• · Wi-Fi adapter in monitor mode with packet injection capability
• · Target band(s) and regulatory domain (US/JP/EU)
• · Optional: GPS coordinates for war-driving geolocation

• · CSV/PCAP of all discoverable APs with BSSID, ESSID, channel, encryption, PMF, client list
• · Structured target list with vendor OUI, firmware fingerprint, WPS status, signal strength

• · airodump-ng / airmon-ng (from aircrack-ng suite)
• · aireplay-ng (injection testing)
• · Kismet (war-driving + GPS integration)
• · wireshark-tools (OUI lookup)
• · Wigle API (optional, for map aggregation)

• · Compatible Wi-Fi adapter (AR9271, RTL8812AU, MT7612U, etc.)
• · Monitor mode + packet injection working (must pass aireplay --test)
• · Regulatory domain set correctly (iw reg set) for legal channel access

• · Hidden SSIDs not discovered unless client probe or deauth triggers disclosure
• · Monitor-mode setup fails on Broadcom BCM43xx adapters (proprietary firmware)
• · WIDS/WAPS detects continuous channel hopping and blocks probing
• · 6 GHz band requires Wi-Fi 6E adapter and recent driver (cutting edge support)

• · Covers all three bands: 2.4 GHz, 5 GHz, 6 GHz (Wi-Fi 6E)
• · Adapter compatibility matrix with specific chipset strengths/limitations
• · Detailed PMF/WPS/vendor fingerprinting for downstream attack selection