EVIL-ESP
A super portable evil device based on the ESP8266, running MicroPython, with a single button and small OLED display.
Source
Attacks
| Attack | Behavior |
|---|---|
| Beacon spammer | Floods fake WiFi beacons so many phantom APs appear nearby |
| Captive portal | Hosts a “free hotspot” and redirects users to a registration page (credentials logged, no real sign-in) |
| Evil twin | Clones a protected network’s ESSID as an open AP; captive portal asks for the WiFi password “to complete a firmware upgrade” |
Credentials land in data/captive_portal/log.csv and data/evil_twin/log.csv (viewable on-device or on the MicroPython console at startup).
Installation
- Wire an I2C OLED and push button (pin with pull-up)
- Flash MicroPython from the repo
firmware/folder - Edit
data/config/config.jsonfor hardware and preferences - Upload the project tree (
ampyor similar)
Optional external antenna and power bank for portability. Headless mode: disable display/button in config and set the startup attack (evil twin needs target SSID in config).
Configuration mode
Start config mode, join the board’s setup AP, and change attack options in the captive config page without reflashing.
Deauthentication note
MicroPython cannot send 802.11 deauth frames on current Espressif SDK versions. For evil-twin workflows, the repo includes a separate Arduino deauther sketch for another ESP8266, or use authorized lab tooling on Linux.
Use responsibly and only on networks you own or are permitted to test.