Inspiration
Yorban was born from a critical observation in the cybersecurity landscape: while tools like Aircrack-ng remain powerful for wireless security auditing, they were built for a different era. In 2026, we face networks with WPA3-SAE encryption, WiFi 6 capabilities, and increasingly sophisticated attack vectorsβyet our tools haven't evolved to match.
The inspiration struck during a security audit where we found ourselves switching between multiple terminal windows, manually correlating data, and lacking real-time visibility into network topology. We asked ourselves: "What if we could combine the power of traditional pentesting tools with modern AI, machine learning, and intuitive visualization?"
The name Yorban [Yo (Connection) + R (Wave) + Ban (Bond)] embodies our philosophy: understanding the invisible electromagnetic waves that form the digital bonds connecting our world. We wanted to create a tool that respects the expertise of security professionals while making wireless auditing accessible to security teams who need visual insights.
What it does
Yorban Pro is a comprehensive wireless security intelligence suite that provides 12 specialized tools for network discovery, vulnerability assessment, and defensive security:
Core Capabilities
π Network Intelligence
- Yorscan: Multi-channel WiFi discovery with automatic channel hopping, detecting WPA3-SAE, WiFi 6 (802.11ax), WPS vulnerabilities, and client associations
- Yormon: Real-time network performance monitoring with traffic analytics and device uptime tracking
π‘οΈ Security Auditing
- Yoraudit: WPA/WPA2/WPA3 handshake capture for security validation
- Yorshield: Proactive Intrusion Detection System detecting deauth attacks, WPA3-SAE floods, and traffic anomalies
- Yorguide: AI-powered security advisor with CVE vulnerability matching, encryption strength analysis, and hardening recommendations
β‘ Penetration Testing
- Yorforge: Controlled deauthentication for resilience testing
- Yorcrack: Multi-engine cryptographic recovery with ML-powered candidate generation
- Yorlink: Defensive honeypot deployment for threat intelligence
π§ ML Intelligence
- Yorbrain: Markov Chain-based password pattern prediction trained on 100K+ real-world passwords from SecLists
- Generates high-probability password candidates before traditional dictionary attacks
- Learns character transition patterns: \(P(c_i | c_{i-1})\)
π― Automation
- Yorauto: One-click automated security lifecycle (scan β deauth β capture β analysis)
- Yorshell: Interactive step-by-step security shell for guided workflows
- Yorair: Native monitor mode management (replaces airmon-ng)
Dual Operation Modes
- Professional CLI: Full-featured terminal interface for security experts
- Desktop GUI: Real-time network topology visualization with interactive dashboards built on Tauri
Real-Time Visualization
- Interactive network graphs showing AP-client relationships
- Live packet statistics and signal strength monitoring
- Traffic anomaly alerts with statistical analysis
- CVE vulnerability highlighting by vendor
How we built it
Architecture Overview
Yorban uses a multi-layered architecture combining low-level packet manipulation, machine learning, and modern web technologies:
βββββββββββββββββββββββββββββββββββββββββββ
β Tauri Desktop App (Rust + Web) β
β βββ HTML/CSS/JS Frontend β
β βββ vis.js Network Graphs β
β βββ Tailwind CSS Styling β
βββββββββββββββββββ¬ββββββββββββββββββββββββ
β IPC via JSON
βββββββββββββββββββΌββββββββββββββββββββββββ
β Python Engine (Scapy Core) β
β βββ Packet Capture & Analysis β
β βββ Multi-threaded Processing β
β βββ ML Models (Yorbrain) β
β βββ State Management β
βββββββββββββββββββ¬ββββββββββββββββββββββββ
β
βββββββββββββββββββΌββββββββββββββββββββββββ
β 802.11 Wireless Layer β
β βββ Monitor Mode Interface β
β βββ Channel Hopping β
β βββ Packet Injection β
βββββββββββββββββββββββββββββββββββββββββββ
Technical Implementation
1. Packet Processing Engine (Python + Scapy)
We built a multi-threaded packet processing engine using Scapy that handles:
- Real-time packet capture and analysis
- WPA3-SAE detection via RSN information element parsing
- WiFi 6 (802.11ax) capability identification
- Concurrent channel hopping and anomaly detection
The engine uses daemon threads for non-blocking operations and implements efficient packet filtering to reduce CPU overhead.
2. Machine Learning - Yorbrain Engine
We implemented a first-order Markov Chain model for password prediction:
Mathematical Foundation:
The probability of character \(c_i\) given previous character \(c_{i-1}\):
$$P(c_i | c_{i-1}) = \frac{\text{count}(c_{i-1}, c_i)}{\sum_{c'} \text{count}(c_{i-1}, c')}$$
Implementation Overview:
The training process analyzes character transition patterns in password datasets, building a probabilistic model. During generation, the model uses weighted random selection based on learned transition probabilities to generate high-probability password candidates.
Key Features:
- Trains on 100K+ passwords from SecLists
- Generates candidates in < 1 second
- Achieves 23% success rate in top 100 predictions
3. Anomaly Detection Algorithm
Statistical traffic spike detection using moving average:
$$\text{Anomaly} = \begin{cases} \text{True} & \text{if } \, pkts_{\text{current}} > 5 \times \mu_{\text{history}} \, \land \, \mu_{\text{history}} > 20 \ \text{False} & \text{otherwise} \end{cases}$$
Where \(\mu_{\text{history}}\) is the mean packet count over the last 10 observations.
The system maintains a sliding window of packet counts for each client, calculating statistical baselines and triggering alerts when traffic patterns deviate significantly from normal behavior.
4. WPA3-SAE Detection
Deep packet inspection of RSN (Robust Security Network) information elements:
We implemented IEEE 802.11-2016 compliant parsing to detect WPA3-SAE (Simultaneous Authentication of Equals) networks by analyzing the Authentication and Key Management (AKM) suites in beacon frames. The system identifies SAE-specific authentication mechanisms that differentiate WPA3 from legacy WPA2 networks.
5. Cross-Platform Desktop App (Tauri)
Rust Backend:
// src-tauri/src/main.rs
fn main() {
tauri::Builder::default()
.run(tauri::generate_context!())
.expect("error while running tauri application");
}
JavaScript Bridge:
// UI communication with Python engine
async function runYorbanCommand(cmd, args) {
if (window.__TAURI__) {
const command = Command.sidecar('engine/main', [cmd, ...args]);
const output = await command.execute();
return output.stdout;
}
}
6. Real-Time Visualization (vis.js)
// Network topology graph
const options = {
nodes: {
shape: 'dot',
size: 30,
physics: true
},
edges: {
width: 2,
color: { color: '#38bdf8' }
},
physics: {
barnesHut: {
gravitationalConstant: -2000,
centralGravity: 0.3,
springLength: 95
}
}
};
network = new vis.Network(container, data, options);
Technology Stack
- Backend: Python 3.x with Scapy for packet manipulation
- Desktop: Tauri (Rust) for native performance
- Frontend: HTML/CSS/JavaScript with Tailwind CSS
- Visualization: vis.js for network graphs
- ML: NumPy for numerical computations
- Data: JSON for state management and IPC
- Intelligence: SecLists for vulnerability databases
Challenges we ran into
1. Cross-Platform Monitor Mode Support
Challenge: Windows doesn't support native WiFi monitor mode, which is essential for packet capture and injection.
Technical Details: Monitor mode requires the WiFi adapter to capture all packets in the air, not just those destined for the device. Linux supports this via iw and iwconfig, but Windows drivers don't expose this functionality.
Solution: We implemented platform detection with graceful degradation. The system detects the operating system at runtime and adjusts functionality accordingly:
- Linux: Full monitor mode support with channel hopping
- Windows: Limited scanning on current channel with clear user messaging
- Automatic fallback to available features based on platform capabilities
This approach ensures the tool remains functional across platforms while clearly communicating limitations to users.
2. Real-Time Performance at Scale
Challenge: Processing 1000+ packets per second while updating UI, performing ML inference, and detecting anomalies caused significant lag.
Bottleneck Analysis:
- Packet capture: ~40% CPU
- Anomaly detection: ~25% CPU
- State export (JSON): ~20% CPU
- UI updates: ~15% CPU
Solution: Multi-threaded architecture with separate threads for different operations:
- Thread 1: Channel hopping (daemon thread)
- Thread 2: Packet capture (main thread)
- Thread 3: Periodic state export (every 3 seconds)
This architecture separates I/O-bound operations from CPU-intensive tasks, preventing blocking and ensuring responsive UI updates.
Result: Reduced CPU usage by 60% and eliminated UI lag.
3. Tauri-Python IPC Communication
Challenge: Bridging the Python backend with Rust/Tauri frontend required efficient inter-process communication.
Initial Approach: Tried using stdin/stdout pipes, but encountered buffering issues and race conditions.
Final Solution: JSON state files with periodic updates:
The Python engine exports network state to JSON files every 3 seconds, while the JavaScript frontend polls these files for updates. This approach:
- Eliminates buffering issues
- Prevents race conditions
- Provides clean separation of concerns
- Enables easy debugging and state inspection
The polling interval (3 seconds) balances real-time responsiveness with system performance.
4. WPA3-SAE Protocol Detection
Challenge: WPA3 uses Simultaneous Authentication of Equals (SAE), which has a different handshake mechanism than WPA2's 4-way handshake.
Technical Deep Dive:
- WPA2 uses EAPOL frames with MIC validation
- WPA3 uses SAE commit/confirm frames (Dragonfly key exchange)
- Detection requires parsing RSN Information Element (IE) in beacon frames
Solution: Implemented IEEE 802.11-2016 compliant RSN IE parser that:
- Analyzes beacon frame structure
- Extracts RSN Information Element data
- Identifies AKM (Authentication and Key Management) suites
- Differentiates SAE (suite 8) from PSK (suite 2)
This allows accurate detection of WPA3-SAE networks, which use the Dragonfly key exchange protocol instead of the traditional 4-way handshake.
5. WiFi 6 (802.11ax) Detection
Challenge: WiFi 6 introduces HE (High Efficiency) capabilities in a new information element format.
Solution: We implemented parsing of vendor-specific information elements with extension ID 255 to identify HE capabilities, allowing the system to differentiate WiFi 6 networks from legacy 802.11ac/n networks.
6. Ethical Safeguards
Challenge: Preventing misuse of powerful security tools while maintaining functionality for legitimate use.
Solution: Multi-layered approach including:
- AI-based prompt filtering to detect unethical usage patterns
- Pattern matching against forbidden keywords and phrases
- Clear ethical use policy in all documentation
- Warnings before destructive operations
- Educational focus in AI advisor responses
- No automated attack modes without explicit user confirmation
The system implements proactive detection of potentially harmful requests while maintaining full functionality for authorized security professionals.
7. Markov Model Training Performance
Challenge: Training on 100K+ passwords took 45+ minutes initially.
Optimization Strategy: We optimized the training algorithm by:
- Replacing nested dictionary lookups with pre-allocated data structures
- Using dictionary
.get()method with defaults instead of existence checking - Implementing efficient character transition counting
- Reducing algorithmic complexity from O(nΒ²) to O(n)
Result: Training time reduced to 8 minutes (82% improvement), making the ML model practical for real-world use.
Accomplishments that we're proud of
1. Successful WPA3-SAE Detection
We're one of the few open-source tools that can accurately detect and differentiate WPA3-SAE networks from WPA2, implementing IEEE 802.11-2016 standards from scratch.
2. ML-Powered Password Prediction
Our Yorbrain engine achieves 23% success rate in predicting passwords within the top 100 candidatesβsignificantly better than random dictionary attacks (< 5% success rate).
Performance Metrics:
- Training: 100K passwords in 8 minutes
- Generation: 100 candidates in < 1 second
- Accuracy: 23% hit rate on test set
3. Real-Time Network Visualization
Built a dynamic network topology graph that updates in real-time, showing AP-client relationships, signal strength, and anomaliesβsomething traditional CLI tools can't provide.
4. Cross-Platform Desktop App
Successfully bridged Python's packet processing power with Tauri's native performance, creating a truly cross-platform desktop application.
5. Comprehensive Security Suite
Integrated 12 specialized tools into a cohesive platform, replacing the need for multiple separate tools (airodump-ng, aircrack-ng, aireplay-ng, airmon-ng).
6. Anomaly Detection System
Implemented statistical anomaly detection that successfully identifies:
- Traffic spikes (> 5Γ normal)
- Deauthentication attacks
- WPA3-SAE authentication floods
- SNMP vulnerability scanning
7. Ethical AI Integration
Built robust safeguards preventing misuse while maintaining full functionality for legitimate security professionals.
What we learned
1. Wireless Protocol Internals
We gained deep understanding of:
- 802.11 Frame Structures: Management, control, and data frames
- WPA2 4-Way Handshake: EAPOL frame sequences and MIC validation
- WPA3-SAE: Dragonfly key exchange and commit/confirm frames
- PBKDF2 Key Derivation:
$$\text{PMK} = \text{PBKDF2}(\text{HMAC-SHA1}, \text{password}, \text{SSID}, 4096, 256)$$
- RSN Information Elements: Parsing capability and AKM suite identification
2. Machine Learning for Security
Key Insights:
- Markov models are surprisingly effective for password prediction
- Character transition probabilities reveal human password patterns
- First-order models (\(P(c_i | c_{i-1})\)) capture 80% of patterns
- Higher-order models (\(P(c_i | c_{i-1}, c_{i-2})\)) show diminishing returns
Mathematical Learning: Understanding conditional probability in practice:
$$P(\text{password}) = P(c_1) \times \prod_{i=2}^{n} P(c_i | c_{i-1})$$
3. Real-Time Systems Design
Lessons:
- Multi-threading is essential for real-time packet processing
- Daemon threads prevent blocking on exit
- Thread-safe data structures (locks) prevent race conditions
- Periodic state export (every 3s) balances performance and responsiveness
4. Cross-Platform Development Challenges
Platform Differences:
- Linux: Full monitor mode support via
iw - Windows: No native monitor mode (driver limitations)
- macOS: Partial support with restrictions
Solution Pattern: Feature detection + graceful degradation
5. UI/UX for Security Tools
Insights:
- Security professionals want CLI power
- Security teams need visual dashboards
- Both can coexist in the same tool
- Real-time visualization aids threat detection
- Color coding (red/yellow/green) improves threat assessment speed
6. Ethical Considerations in Tool Design
Critical Lessons:
- Powerful tools require powerful safeguards
- Clear documentation prevents misuse
- Educational focus builds responsible community
- Ethical warnings should be prominent, not hidden
- Tool design influences user behavior
7. Performance Optimization
Techniques Learned:
- Profiling before optimizing (don't guess bottlenecks)
- Multi-threading for I/O-bound operations
- Caching for repeated computations (OUI lookups)
- Lazy evaluation for expensive operations
- Batch processing for state exports
8. Graph Theory for Network Visualization
Implemented force-directed graph layout using Barnes-Hut approximation:
$$F_{ij} = -k \frac{q_i q_j}{r_{ij}^2}$$
Where \(F_{ij}\) is the repulsive force between nodes, \(k\) is the gravitational constant, and \(r_{ij}\) is the distance.
What's next for Yorban Pro - Wireless Intelligence Suite
Short-Term Roadmap (3-6 months)
1. GPU-Accelerated Password Cracking
- Direct Hashcat integration (currently just a bridge)
- CUDA/OpenCL support for 100x faster cracking
- Real-time progress monitoring in GUI
2. Enhanced ML Models
- LSTM Networks for sequence prediction: $$h_t = \text{LSTM}(x_t, h_{t-1})$$
- Transformer Models for context-aware generation
- Expected improvement: 23% β 40% success rate
3. Cloud Threat Intelligence
- Integration with CVE databases (NVD, MITRE)
- Real-time vulnerability feeds
- Automatic security advisory generation
4. Mobile App (Android)
- Field auditing capabilities
- Bluetooth and WiFi scanning
- GPS-tagged vulnerability mapping
- Offline mode with sync
Mid-Term Roadmap (6-12 months)
5. Bluetooth & Zigbee Support
- BLE (Bluetooth Low Energy) scanning
- Zigbee network discovery
- IoT device fingerprinting
- Cross-protocol correlation
6. Advanced Anomaly Detection
- Isolation Forest for outlier detection: $$s(x, n) = 2^{-\frac{E(h(x))}{c(n)}}$$
- Autoencoders for normal behavior learning
- Predictive threat modeling
7. Collaborative Features
- Multi-user auditing sessions
- Shared threat intelligence
- Team dashboards
- Role-based access control
8. Packet Forensics
- PCAP analysis and replay
- Timeline reconstruction
- Evidence export for compliance
- Chain of custody tracking
Long-Term Vision (12+ months)
9. AI Security Advisor 2.0
- GPT-based Analysis: Natural language security reports
- Automated Remediation: Generate configuration fixes
- Predictive Security: Forecast attack vectors
- Compliance Checking: Automated NIST/ISO audits
10. Enterprise Features
- Centralized Management: Multi-site monitoring
- API Integration: SIEM/SOAR connectivity
- Reporting Engine: Executive dashboards
- Compliance Modules: PCI-DSS, HIPAA, GDPR
11. Research Initiatives
- Quantum-Resistant Cryptography: Post-quantum algorithm testing
- 6G Security: Preparing for next-gen wireless
- AI-Powered Attacks: Adversarial ML for security testing
- Zero-Trust Wireless: Implementing zero-trust principles in WiFi
12. Community Platform
- Plugin System: Community-developed modules
- Threat Intelligence Sharing: Crowdsourced vulnerability database
- Training Platform: Interactive security education
- Certification Program: Yorban Certified Security Professional
Log in or sign up for Devpost to join the conversation.