CommandInWiFi
Investigating Command Injection Flaws in WiFi Access Point Storage
Inspired by Zero-Click Attacks
This project is under development.
- Purpose: Strictly for educational and research purposes only. Use ethically and legally.
- IoT Pentesting Use Case: Designed for IoT security professionals to evaluate device behavior under abnormal WiFi SSID input conditions.
This tool generates WiFi SSIDs based on user-defined payloads. Certain IoT devices and embedded systems mishandle SSID names by treating them as executable inputs or unsanitized strings during network discovery or storage. This leads to:
- Denial of Service (DoS)
- Remote Code Execution (RCE)
- Unexpected device reboots
- Unauthorized port access
The tool identifies if a device reboots or crashes when exposed to malicious SSIDs.
Example Use:
- Inject payload into SSID
- Monitor device behavior (e.g., unexpected reboot, shell access, crash)
| Status | Description |
|---|---|
| SAFE | Device ignores SSID payloads and behaves normally. |
| UNSAFE | Device crashes or reboots upon seeing specific SSIDs. |
| S.No | Device Description | Risk Level |
|---|---|---|
| 1 | Devices auto-connecting to open SSIDs with no user interaction | Zero-Click |
| 2 | Devices interpreting saved SSIDs as shell input during boot or network scanning | Critical |
| 3 | Devices with improper escaping of special characters in SSID | Low |
- Develop full testing framework
- Auto-discover vulnerable IoT devices
- Write project documentation
- Add vulnerable firmware/source samples
- Maintain a payload injection list
- Build CLI-based SSID test tool
- Expand test modules:
- OS Command Injection payloads
- Bluetooth vulnerability tests
- NFC fuzzing (planned)