November 28, 2011

Tehran WiFi war-drive map

Back in the time I was living in Tehran, as a personal project I used to do annually war-drivings to gather information about current state of wireless security in Tehran (and possibly expand the results to Iran). The idea was to capture and analyze at least 5000 unique access points on each run, import data into database and do various analysis on information.My favorite queries against collected data has been identifying number of insecure networks (as I previously released a limited subset of results in one of my articles), most common used SSIDs (to generate pre-computed tables for WPA2 cracking accordingly) and finally spotting interesting networks! I've seen a wide range of so called interesting targets past 4 years, being a reconfigured traffic control camera, or weak WEP key isolating the street from core network of a telecom operator to direct access to SIP servers of gov offices. And don't thing wrong, I've not done active checks to find such cases. All I used to do was linking passively gathered information with publicly available Whois records or just Google queries. There are a lot of things you can learn just from few random packets passing over your wifi card antennas. 

So, here I`m going to release  (a limited version) of my latest war-driving round (1/2011) in Tehran, exported to SQLite DB and also a sample KML export (Both generated by GISKismet from raw data)for those who just want to have visual fun with Google-Earth. By limited I mean result of my secondary environment I used while simply driving or walking around the city. My primary set, as usual, used to be a laptop with two wifi cards armed with Kismet and few other tools & scripts, and the secondary set was my beloved N900, properly customized to act as a full-blown wifi-hacking pocket device again running Kismet.

Finally I hope you respect the spirit and idea behind releasing these freely here, and refer to the source if you're using this data-set for your studies or analysis. I held NO RESPONSIBILITY for what others might do with this information and I DO NOT MIND if you're running an insecure access point that broadcast your important data into air to anyone, which is still as insecure as it was before in about a year before. I guess this is the first ever publicly released war-driving result for Tehran/Iran, or at least as far as I know. Please leave a comment if you're aware of other cases.

Zip archive containing data-set is available HERE.

Happy data-mining! :) 


  1. Thank you for sharing this.


  2. Anytime. check for THOUSANDS of similar samples!

  3. That Sound Interesting :D


  4. سلام آقای کشفی
    همچون دفعات پیش از زحمات شما بسیار سپاسگزار و قدردانم.اگر اشتباه نکنم در جزوه کاملی که 2 سال در مورد وایرلس پیش منتشر کرده بودید ذکر کرده شده که این
    جزوه را به روز خواهید کرد
    آیا در پست بعدی شما شاهد این خواهیم بود که با جدیدترین شیوه های رمز گذاری شبکه های وایرلس
    همچنین جدیترین سخت افزار و ابزار های وایرلس
    آشنایمان خواهیئ کرد؟

    باز هم بسیار متشکرم

    با احترام

  5. سلام
    دوست من مي تونيد چند تا کارت واي فاي اکسترنال که قابليت اسنيف و اينجکت داشته باشه معرفي کني که تو بازار ايران باشه؟
    رو لب تاپ من که وابو هست هيچ کدوم از ابزار هاي زير کار نمي کنه
    & ....

  6. سلام
    همه کارت های اکسترنال آلفا و Ubq کم
    و بیش مناسب هستن

    مشکل لپ تاپ شما اما به احتمال زیاد درایور هست نه خود کارت

    جزییات بیشتر :