EAPeak is a Python powered script that is meant to parse useful pieces of information for a Security Assessment of wireless networks that use the Enterprise Authentication Protocol. It relies on the Scapy libraries to parse both PCap files and live network captures. Some highlights of the information that EAPeak can pull from wireless networks include:
- EAP Types supported by Access Points
- EAP Types supported by Clients
- Client Usernames
- LEAP MSChap v2 Challenge and Responses
EAPeak relies on the Scapy Community Repository libraries available here: http://hg.secdev.org/scapy-com
The community repository version of Scapy is required because the standard trunk does not contain the layers necessary to parse EAP frames to the extent that is necessary within EAPeak. SecureState has added the layers to the Scapy Community Repository to both parse and inject EAP-TTLS, EAP-TLS, PEAP, LEAP. The functionality of the standard EAP frame to include additional information, such as parsing Legacy NAK information. The additions to Scapy have laid a foundation that will facilitate injection of EAP frames, which will play a key role in additional features.