v2.1
Powered by

# dragonshift

By
Brian Johnson

"This tool automates the execution of a WPA3-Transition Mode downgrade attack, specifically leveraging the Dragonblood vulnerability. In WPA3-Transition Mode, networks are configured to support both WPA2 and WPA3 connections to maintain compatibility with older devices. However, this feature can be exploited to create a rogue access point (AP) that mimics a legitimate network."

# Install 

# Install colorama and hostapd if not installed already
# sudo apt install hostapd-mana python3-colorama


git clone https://github.com/jabbaw0nky/DragonShift.git
cd DragonShift

# Run 

sudo python dragonshift.py -m wlan0mon

In this example we're using one interface and scanning the air space for vulnerable/downgrade-able WPA3 APs. Here's what it looks like when no vulnerable APs were found:

┌──(kali㉿NUC11-UBU)-[~/DragonShift]
└─$ sudo python dragonshift.py -m wlan0mon
 
▓█████▄  ██▀███   ▄▄▄        ▄████  ▒█████   ███▄    █   ██████  ██░ ██  ██▓  █████▒▄▄▄█████▓
▒██▀ ██▌▓██ ▒ ██▒▒████▄     ██▒ ▀█▒▒██▒  ██▒ ██ ▀█   █ ▒██    ▒ ▓██░ ██▒▓██▒▓██   ▒ ▓  ██▒ ▓▒
░██   █▌▓██ ░▄█ ▒▒██  ▀█▄  ▒██░▄▄▄░▒██░  ██▒▓██  ▀█ ██▒░ ▓██▄   ▒██▀▀██░▒██▒▒████ ░ ▒ ▓██░ ▒░
░▓█▄   ▌▒██▀▀█▄  ░██▄▄▄▄██ ░▓█  ██▓▒██   ██░▓██▒  ▐▌██▒  ▒   ██▒░▓█ ░██ ░██░░▓█▒  ░ ░ ▓██▓ ░ 
░▒████▓ ░██▓ ▒██▒ ▓█   ▓██▒░▒▓███▀▒░ ████▓▒░▒██░   ▓██░▒██████▒▒░▓█▒░██▓░██░░▒█░      ▒██▒ ░ 
 ▒▒▓  ▒ ░ ▒▓ ░▒▓░ ▒▒   ▓▒█░ ░▒   ▒ ░ ▒░▒░▒░ ░ ▒░   ▒ ▒ ▒ ▒▓▒ ▒ ░ ▒ ░░▒░▒░▓   ▒ ░      ▒ ░░   
 ░ ▒  ▒   ░▒ ░ ▒░  ▒   ▒▒ ░  ░   ░   ░ ▒ ▒░ ░ ░░   ░ ▒░░ ░▒  ░ ░ ▒ ░▒░ ░ ▒ ░ ░          ░    
 ░ ░  ░   ░░   ░   ░   ▒   ░ ░   ░ ░ ░ ░ ▒     ░   ░ ░ ░  ░  ░   ░  ░░ ░ ▒ ░ ░ ░      ░      
   ░       ░           ░  ░      ░     ░ ░           ░       ░   ░  ░  ░ ░                   
 ░                                                                                           

DragonShift v0.5 - WPA3-Transition Downgrade Attack Tool
Copyright (c) 2024, Akerva, CHAABT Moussa
    
[!] WARNING : Only the monitor mode interface has been provided.
The script will run in passive mode, meaning you won't be able to manually force stations to reconnect to the rogue AP. For better handshake capture, it's STRONGLY RECOMMENDED to use two interfaces: one in monitor mode for scanning and manual deauthentication, and another in managed mode to launch the rogue AP.
[!] Would you like to continue ? (y/n) y
[+] All required tools are present.
[+] The wlan0mon interface is in monitor mode. Starting Airodump-ng.
[+] Airodump-ng is running on interface wlan0mon for 1 minute...
[+] Capture done. Files are saved under 'scan-2025-12-04-15-35/discovery'.
[+] Parsing PCAP file: scan-2025-12-04-15-35/discovery-01.cap
[+] No vulnerable APs were found in the file. Exiting program.