Rogue SSID Detection Script

Custom Commands
1

1. Introduction

  • Rogue SSIDs can pose significant security risks. These unauthorized networks can lure employees into connecting, potentially exposing sensitive company data or providing an attack vector for malicious actors.

  • By actively scanning and identifying rogue SSIDs, IT teams can strengthen wireless security and maintain a trusted Wi-Fi environment.

  • Reminder: This is part of the new Custom Command feature in NetBeez v15.0.

2. Script Overview

  • What the script does:

    • Defines a list of approved SSIDs (whitelisted WiFi networks).

    • Scans the environment for all visible SSIDs on the specified interface.

    • Compares the scanned SSIDs with the approved list.

    • Flags any unauthorized/rogue SSIDs and counts them.

  • Why it’s useful:

    • Helps detect unauthorized APs or nearby networks that may cause interference or pose a security threat.

    • Simple to adapt (just edit the approved SSID list).

3. The Script

Provide the full script in a code block.

#!/usr/bin/env bash

# Approved SSIDs (modify this list)
approved_ssids=("netbeez" "netbeez-ipv6" "netbeez-ubi")

# Interface to scan on (change if needed)
iface="wlan0"

# Scan for SSIDs (unique list)
scanned_ssids=$(sudo iw dev "$iface" scan 2>/dev/null | grep -oP '(?<=SSID: ).*' | sort -u)

rogue_list=()

# Compare scanned SSIDs with approved list
while IFS= read -r ssid; do
    if [[ -n "$ssid" && ! " ${approved_ssids[*]} " =~ " ${ssid} " ]]; then
        rogue_list+=("$ssid")
    fi
done <<< "$scanned_ssids"

# Count rogue SSIDs
rogue_count=${#rogue_list[@]}

# Print error line if rogues found
if [[ $rogue_count -gt 0 ]]; then
    echo "ERROR: Rogue SSIDs count:${rogue_count}: Rogue SSIDs List: ${rogue_list[*]}"
fi

# Always print final rogue count
echo "rogue_ssids=${rogue_count}"

4. Example Output

  • Show a clean output when no rogue SSIDs are found:
rogue_ssids=0
  • Show an example when rogue SSIDs are detected:
ERROR: Rogue SSIDs count:2: Rogue SSIDs List: CoffeeShopWiFi FreeAirportWiFi
rogue_ssids=2

5. Closing Remarks

This rogue SSID monitoring is a lightweight but effective security check that can be automated via NetBeez agents. You can easily customize the script by adding/removing SSIDs from the approved list. Please share feedback, and contribute their own script improvements in the NetBeez Community.