View Full Version : Pwnstar9.0 for Kali-linux 2016R1-2 released for testing

2017-02-04, 06:16
Musket Teams have voted to release their latest field version of Pwnstar9 for WPA Phishing and Open Hotspots for community testing.

Script supports Kali 2016R1R2 only!


1. Complete control of most aspects of the Rogue AP process. Such as mac spoofing, channels, AP names of various components, 2nd wifi device options and all aspects of internet connection when access thru captive portal.

2. Passive and Active DOS processes all run from only one(1) wifi device supporting packet injection. Passive DDOS allows RogueAP Clones running parallel with Rogue AP and still supporting active DDOS when required.

3. 17 Web Page folders supporting dns spoof and captive portals for both Open Web Sites, WPA Phishing AND WPA Enterprise

4. MITMf and sslslip, sslslip+ and sslstrip are setup thru menu options as required by user.

5. WPA Downgrade added to active DDOS choices available.

6 HTTPS trap to avoid warning to phish

7. Options for use of two(2) wifi devices

You can download the zip which contains a lengthy help file.




Musket Teams

2017-02-07, 02:42
Webpage Updates

Replace two files in the webpage folder with these updates

Corrects a small flaw on right side of background

Musket Teams

Update available at either address below



2017-02-11, 22:59
Dear Mmusket,

I just tried the tool on a fresh install of 2016R2. Using choice 9 a with captive portal and sniffing, I was able to get the captive portal to work fine, but the victim machine could not get past the captive portal for further credential sniffing. Every refresh of browser or attempt to go to other site resulted in captive portal page again. Any thoughts on what I am doing wrong or potential bug? Target was iOS device with safari.

2017-02-12, 07:47
To social cred

1. If you want to do credential sniffing not WPA Phishing suggest you use item 3. This being said tell us the following and we will run some tests and get back to you as we are currently working on new pages.

1. What web page did you use?

2. Reference the HTTPS trap feature which selection did you use?

In general to get past the portal phishing page you first must enter data requested by the page correctly. If you use the HTTPS trap feature the phish will bypass the portal page until a http request is made. At that point the portal page is seen. Once data is entered correctly the phishing page is no longer seen unless you change your mac address and sign in with a different ip.

In closing use the HTTPS trap, get an association to the rogue and make a https request. You should be sent straight to the internet. Next change your request to http and you should get the portal page, 'Now enter the data requested and see what occurs.

Musket Teams

2017-02-12, 07:48
To social cred

Suggest you cross reference this post concerning airbase-ng



2017-02-13, 07:33
New Web Pages and corrections to one folder are available at:


or download thru the following:

Newpages and Updates.zip


Musket Teams

2017-02-28, 07:58
New Web Pages and Corrections 2

Included in the package are six(6) webpage folders

Replace the following four(4) folders with these newer ones


Corrects a flaw in error pages.

New Web Pages


The speed webpages attempt to exploit the emotional need for more internet speed.

All web page coding has been rechecked and tested

The captive portal coding is currently being explored by MTeams for newer approaches so expect further changes in the future.

You can download at;




Musket Teams

2017-03-01, 09:01
Any plans to make this compatible for us poor invisible minority that uses KL1? Please? That would be cool.

2017-03-01, 09:25
I assure you that users of Kali 1.10a are not invisible to us. MTeams spent allot of coding time keeping 1.10a functioning. Until we found the older airmon-ng solution reaver always worked better for us when using k1.10a. Furthermore we could never get Bully to do much of anything and are starting tests to see if bully functions better for us when using the older airmon-ng.

Reference Pwnstar9.0 MTeams ran into problems with some of the sniffing tools. You could make a usb install of kali 2016. This would result in one of the sniffing tools possibly unusable but that might be corrected. However we will look into a modified version. We plan on loading beef into the package. We tried but it kept eating our distro.


2017-04-03, 09:09
Hi MT, thanks for your outstanding work.
Would it be possible to use Pwnstar9.0 as a "simple" wifi repeater / range extender?
I need to extend my access point signal using my KALI 2016.R2 box.
I have 2 wifi adapters.

2017-04-03, 11:25
To JackBauer

You can setup an access point but it would not be protected by WPA or WEP. Just use selection three not 4 or 9a as you do not need to login in thru a web page. If you understand both bash coding and airbase-ng commands we think you could encrypt the airbase-ng with WEP BUT have it transmit that it is WPA. That would confuse a hacker to some extent. Notice our RogueAP WPA Clone used to passive DDOS a target transmits that it is WPA encrypted. We ran some tests years back with this WEP/WPA concept .


2017-04-16, 02:39
Hi Guys i have playing with the latest version i have set up Rogue AP Name = ZZZ Blackhole but has a different name DIRECT -oQF3 etc
why is that ?


2017-04-16, 08:59
To maxwell8686

When you select the type of airbase-ng to set up there are three(3) types. You have selected type three(3) which responds to all probes. Just select type 2 and you will only broadcast the essid or rogueAP name you require.

Furthermore if you select type three(3) or possibly type one(1) you will also end up with a second rogueAP name called default.

Musket Teams

2017-04-25, 14:00
Can this one help to sniff https logins?

Was thinking as sslstrip doesn't work (all using now HSTS) to let the user connect to a rogue AP and from there trick him to login to an https site and get the credentials .... ?

2017-04-26, 11:33
To: pamamolf

Pwnstar9 supports MITMf and sslslip, sslslip+ and sslstrip. Setup pwnstar9 to use Item 3 in the basic menu

You might try the beef package in airgeddon available for download here in Community Projects. MTeams cannot test as our receivers do not work with airgeddon.

Musket Teams