Yarilo is an offensive security tool and packet sniffer designed for capturing and decrypting encrypted wireless network traffic. This project can analyze and interpret packets on WPA2-protected networks with support for more coming soon. It can aid in network security assessments and understanding of wireless communication protocols.
Capabilities:
pcap
The project consists of two components:
sveltekit
soon)Let's talk about running the release version of Yarilo
, we strongly encourage running the sniffer through docker because of the issues that arise while compiling grpc
by hand (it takes a lot of time on smaller devices).
You can use typicalam/yarilo:latest
as the base docker image. This project has two modes - file mode and interface mode. File mode runs the sniffer and analyzer on file recordings to decrypt existing data. Interface mode allows Yarlilo to take in a NIC (network interface card) and use that to sniff out network traffic captured by the card. You can also provide it a directory (shared volume) to be able to save the decrypted data. An example deployment docker compose file achieving is available at docker-compose.srv.yml. To run it execute the following command in the repo root:
docker compose -f docker-compose.srv.yml up -d
What about running this thing locally?
Run in the backend directory ($MY_GRPC_INSTALL_DIR
should be your grpc
install dir):
Prepare definitions:
protoc -I ../protos --cpp_out=src/proto --grpc_out=src/proto --plugin=protoc-gen-grpc=`which grpc_cpp_plugin` ../protos/service.proto
Compile and run:
cmake -DCMAKE_PREFIX_PATH=$MY_GRPC_INSTALL_DIR -G Ninja -B build .
ninja -C build
./build/yarilo --help
C++ reference documentation is built alongside the project if -DYARILO_BUILD_DOCS=ON
is specified (requires doxygen
). Open the build/doc_doxygen/html/index.html
file in a browser to view. Optionally, for protobuf definitons to also be included in the docs, run the following before building (requires go
):
go install github.com/pseudomuto/protoc-gen-doc/cmd/protoc-gen-doc@latest
protoc -I../protos --doc_opt=markdown,proto.md --doc_out=docs ../protos/service.proto
To run the client, enter the frontend
directory and run:
npm install
npm run dev
If your sniffer isn't running in docker
you should also run envoy like so: envoy -c backend/envoy.yaml
.