A compact Arduino-based Wi-Fi pentesting sketch for the ESP32-S3 WROOM-1-N16R8 board. Exposes a local web UI over SoftAP so every feature can be driven from a phone or laptop — no serial monitor required.
⚠️ Authorized use only. This tool implements Wi-Fi attacks that are illegal against networks you do not own or have written permission to test. Use only in a lab you control or on an engagement with a signed statement of work.
- Beacon Spam — injects arbitrary SSIDs from a user-controlled list
- Deauthentication — sends deauth frames to connected clients on a selected channel
- Evil Portal — spins up a SoftAP with a captive portal that serves
data/index.htmland logs submitted credentials to SPIFFS - Captive DNS hijack — 53/UDP DNS responder redirects every A-query to the portal
- Web UI — async HTTP + WebSocket frontend over
192.168.4.1, all actions behind CSRF-less simple controls for fast lab use
Portal assets (data/captive.html, data/index.html, data/success.html)
are pushed via ESP32 Sketch Data Upload into SPIFFS.
# Arduino IDE — board: ESP32S3 Dev Module
# Partition Scheme: "Huge APP (3MB No OTA/1MB SPIFFS)" for the portal assets
# PSRAM: OPI PSRAMLibrary deps (Library Manager):
AsyncTCP(me-no-dev)ESPAsyncWebServer(me-no-dev)ArduinoJson
- Install the ESP32 Sketch Data Upload plugin for your Arduino IDE.
- Place
captive.html,index.html,success.htmlunderdata/. - Run Tools → ESP32 Sketch Data Upload.
- Power on. The board starts an open AP named
Free-WiFi. - Connect your phone / laptop; any URL redirects to the portal.
- Open
http://192.168.4.1→ live dashboard:- toggle Beacon Spam / Deauth / Evil Portal
- view captured credentials
Unauthorized access to computer networks is a criminal offence in most jurisdictions (e.g. Germany §202a/c StGB, US 18 U.S.C. §1030). The author takes no responsibility for misuse.
© 2026 DC INFOSEC · MIT License