Alfa Arsenal is a wireless security assessment platform. It is intended solely for lawful, authorized use by qualified security professionals and researchers.
Before running any assessment activity, confirm all of the following:
- You have explicit, documented written authorization for the target network and all affected systems.
- The scope of work is defined, including allowed BSSIDs, channels, physical locations, and time windows.
- The rules of engagement (ROE) have been reviewed and loaded via
--policy-file. - You understand the legal and regulatory environment of the jurisdiction where the assessment will run.
- Affected stakeholders have been notified where required by contract or policy.
- You have a process to stop operations immediately if asked.
The platform supports policy-as-code ROE files. A representative file is provided at
policies/example_roe.json. Typical controls include:
| Control | Purpose |
|---|---|
allowed_operations |
Whitelist the classes of assessment activity permitted for the engagement. |
target_allowlist |
Restrict live RF operations to specific BSSIDs or ESSID patterns. |
require_active_assessment |
Require an explicit run start before any disruptive action. |
allowed_channels |
Limit channel operations to the agreed spectrum range. |
max_tx_power_dbm |
Enforce maximum transmit power to reduce unintended interference. |
Load an ROE file with:
sudo python3 alfa_arsenal.py --policy-file ./policies/example_roe.jsonThis software is provided for educational and authorized professional use only. The authors and contributors assume no liability for misuse or damage arising from use of this software. Unauthorized access to computer networks, interception of communications, or disruption of wireless services is illegal in many jurisdictions.
Operators are solely responsible for ensuring that every action taken with this platform is lawful and authorized.
If you observe this project being used in an unauthorized or harmful manner, please contact the maintainers as described in SECURITY.md.