feat: NullSec DeauthDetect — WiFi Deauth Attack Detection Module

[bad-antics]

NullSec DeauthDetect

Real-time WiFi deauthentication attack detection module for the WiFi Pineapple MK7/Enterprise.

Features:

• Real-time Monitoring — Captures deauth/disassoc management frames via tcpdump
• Intelligent Alerting — Configurable threshold (default: 10 frames) and time window (default: 30s)
• Attacker Tracking — Identifies and ranks source MACs by deauth frame count
• Severity Classification — CRITICAL/HIGH/MEDIUM/LOW based on deauth frame rate
• Webhook Notifications — Discord/Slack compatible real-time alerts
• Channel Hopping — Automatic channel rotation across 2.4GHz band
• Background Operation — Runs as a managed background job
• Persistent Statistics — Tracks total deauths, unique attackers, alert history

Alert Severity:

Severity	Rate	Indication
CRITICAL	>10/sec	Active targeted attack
HIGH	>5/sec	Probable deauth flood
MEDIUM	>2/sec	Suspicious activity
LOW	≤2/sec	Minor events

API Actions:

• start_monitor / stop_monitor — Control monitoring
• get_status / get_stats — View current state
• get_alerts / clear_alerts — Manage alert history
• get_interfaces — List wireless interfaces

Dependencies:

• tcpdump (managed via module dependency system)

Use Cases:

• Detect aireplay-ng / mdk4 deauth attacks
• Compliance monitoring for wireless DoS
• Pen test verification
• Incident response — identify attacker MACs