Recently The release of the new version of the Nzyme Toolkit 1.2.0 was announced, which is dis designed to monitor wireless networks in order to detect malicious activity, implement rogue access points, unauthorized connections and carry out typical attacks.
The new version stands out for implementing the reporting functionality to nzymeIn addition to the fact that you can program different types of reports that, optionally, will also be sent by email.
About Nzyme
For those unaware of nzyme, you should know that this is a tool that uses WiFi adapters in monitor mode to scan frequencies for suspicious behavior, specifically rogue access points and known WiFi attack platforms. Each recorded wireless frame is analyzed and optionally sent to a Graylog log management system for long-term storage allowing you to perform incident response and forensic analysis.
Traffic is captured by switching the wireless adapter to monitor mode for transit network frames. Captured network frames can be sent to Graylog for long-term storage in case the data is needed to analyze incidents and malicious actions. For example, the program allows you to identify the appearance of unauthorized access points, and if an attempt to compromise the wireless network is detected, it will show who was the target of the attack and which users were compromised.
The system can generate various types of alerts and also supports various methods to detect abnormal activity, including verifying network components using fingerprint identifiers and creating cheats. Supports the generation of alerts when the network structure is violated (for example, the appearance of a previously unknown BSSID), changes in network parameters related to security (for example, change of encryption modes), detecting the presence of typical devices to carry out attacks. (for example, WiFi Pineapple), fixing a trap access or detecting abnormal changes in behavior.
In addition to analyzing malicious activity, the system can be used for general monitoring of wireless networks, as well as for the physical detection of the source of detected anomalies through the use of trackers, which make it possible to progressively identify a malicious wireless device based on its specificity.
Main new features of Nzyme 1.2.0
In this new version, as commented at the beginning highlights added support for generating and emailing reports on detected anomalies, registered networks and general status.
In addition, it is also highlighted that added support for alerts on detection of attempted attacks to block the operation of the surveillance cameras based on the massive sending of deauthentication packets.
A page with the attacker's profile has been added, that provides information on the systems and access points with which the attacker interacted, as well as statistics on the signal level and frames sent.
And it also stands out that the ability to configure callback handlers to respond to a warning (for example, it can be used to write failure information to a log file).
Of the other changes that stand out:
- Added support for never-before-seen SSID detection warnings.
- Added support for alerts on monitoring system failures, for example when a wireless adapter is disconnected from a computer running Nzyme.
- Improved support for WPA3-based networks.
- Added a resource inventory list, showing the parameters of the deployed networks being monitored.
Finally for those interested in knowing more In this regard, you can consult the details in the following link.
It is also worth mentioning that the project code is written in Java and distributed under the SSPL license (Server Side Public License), which is based on AGPLv3, but is not open due to discriminatory requirements on the use of the product in cloud services.