The nzyme project uses WiFi adapters in monitor mode to scan the frequencies for suspicious behavior, specifically rogue access points and known WiFi attack platforms. Each recorded wireless frame is parsed and optionally sent to a Graylog log management system for long-term storage that allows you to perform forensics and incident response. Ever wondered what to do if you catch a malicious wireless actor? With nzyme, you will be able to reconstruct what happened, who was targeted, and who was successfully compromised.
Several types of alerts are automatically raised. The employed techniques range from signature based analysis of expected network infrastructure, threat landscape assessment with fingerprinting to setting traps with deception capabilities.
nzyme is not designed to be physically moving around in any way. It is supposed to stay stationary and constantly observe the WiFi radio frequency spectrum. If you are looking for a WiFi recon or wardriving tool, you should check out Kismet.
(It obviously won't break from moving around but the interface and some of the functionality won't make much sense anymore.)
Please visit the getting started page to get started.
There are many ways to contribute and all community interaction is absolutely welcome:
Please be aware of the Code of Conduct that will be enforced across all channels and platforms.
Make sure to comply with local laws, especially with regards to wiretapping, when running nzyme. Note that nzyme is never decrypting any data but only reading unencrypted data on license-free frequencies.