Air-Guard – ESP32 Based Wi-Fi Intrusion Detection System (github.com)

Air-Guard is an open-source Wi‑Fi intrusion detection tool that turns an ESP32 microcontroller into a real‑time packet sniffer with a desktop graphical interface. It captures live 802.11 traffic, presents live packet statistics and visualizations, and detects attacks such as deauthentication floods and Evil Twin APs. It also integrates machine‑learning models to detect the Kr00k vulnerability and web‑spoofing attempts, and can export captures and logs as .pcap or .log files for offline analysis. Significance: by combining a low‑cost ESP32 edge sensor with a Python GUI and ML detection, Air‑Guard democratizes wireless monitoring for researchers, defenders, and pentesters—enabling portable, real‑time IDS capabilities without expensive hardware. Technically, setup involves cloning the repo, installing Python dependencies (pip install -r requirements.txt), uploading the sniffer sketch from the “arduino” folder to the ESP32 (tested with Arduino IDE; compatible with esptool.py/ESP‑IDF), and running python3 main.py. The project’s mix of packet‑level monitoring, visualization, and ML inference makes it useful for rapid threat triage and for collecting labeled data for further model refinement, while also offering standard pcap exports for forensic workflows.