// ESP32 Deauth Detector demo — magikh0e.pl web flasher // // Passive Wi-Fi monitor. Puts the radio in promiscuous mode and flags // 802.11 deauthentication (subtype 0xC) and disassociation (subtype 0xA) // management frames — the fingerprint of a Wi-Fi deauth attack. It is // RECEIVE-ONLY: it never transmits a single frame. It channel-hops 1..13, // prints each hit plus a running tally to serial at 115200 baud, and // pulses the onboard LED (GPIO2) when it sees an attack frame. // // Flash this on one board and run a deauther against your OWN network on // another to watch your defenses light up. Detection only — no attack. // // by magikh0e -- 07.2026 #include #include "esp_wifi.h" static const int LED_PIN = 2; static volatile uint32_t deauths = 0, disassocs = 0; static uint8_t channel = 1; static void onFrame(void *buf, wifi_promiscuous_pkt_type_t type) { if (type != WIFI_PKT_MGMT) return; const wifi_promiscuous_pkt_t *p = (const wifi_promiscuous_pkt_t *)buf; const uint8_t *f = p->payload; const uint8_t fc0 = f[0]; // 802.11 frame control, byte 0 const bool deauth = (fc0 == 0xC0); // mgmt (type 0), subtype 12 const bool disassoc = (fc0 == 0xA0); // mgmt (type 0), subtype 10 if (!deauth && !disassoc) return; if (deauth) deauths++; else disassocs++; digitalWrite(LED_PIN, HIGH); Serial.printf("[!] %-8s ch%2d src %02X:%02X:%02X:%02X:%02X:%02X -> " "%02X:%02X:%02X:%02X:%02X:%02X rssi %d (deauth=%u disassoc=%u)\n", deauth ? "DEAUTH" : "DISASSOC", channel, f[10], f[11], f[12], f[13], f[14], f[15], f[4], f[5], f[6], f[7], f[8], f[9], p->rx_ctrl.rssi, deauths, disassocs); digitalWrite(LED_PIN, LOW); } void setup() { Serial.begin(115200); delay(200); pinMode(LED_PIN, OUTPUT); Serial.println("ESP32 deauth detector -- receive-only, channel-hopping 1..13."); WiFi.mode(WIFI_STA); esp_wifi_set_promiscuous(true); esp_wifi_set_promiscuous_rx_cb(&onFrame); esp_wifi_set_channel(channel, WIFI_SECOND_CHAN_NONE); } void loop() { channel = (channel % 13) + 1; esp_wifi_set_channel(channel, WIFI_SECOND_CHAN_NONE); delay(300); }