The term likely originated in early 2010s hacker forums (e.g., Hack Forums, Null Byte) as a blend of "WAP" (Wireless Access Point) and "BOM" (bomb/mayhem), though it never became an official CVE or industry-standard term. WAPBOM exploits the beacon frame —a management frame in Wi-Fi that access points broadcast periodically (typically every 100 ms) to announce their presence, SSID, supported rates, and capabilities.
| Tool | Function | Notes | |------|----------|-------| | | Beacon flood mode ( mdk3 wlan0 b ) | Most famous for SSID flooding; often called "beacon flood" or "fake AP flood". | | Airgeddon | Menu-driven suite includes beacon flood. | Wrapper around MDK3, better UX. | | Bettercap | wifi.ap module with beacon injection. | More modern, supports randomized SSIDs. | | Wifijammer | Deauth + beacon flooding. | Python-based. | wapbom
Example MDK3 command for a WAPBOM-style attack: The term likely originated in early 2010s hacker forums (e
1. Definition & Origin WAPBOM is an acronym that stands for Wireless Access Point Beakon of Mayhem (or occasionally "Broadcast of Mayhem"). It is a niche, informal term used primarily in red teaming, penetration testing, and wireless security research. The term describes a specific type of denial-of-service (DoS) or disruption attack targeting 802.11 wireless networks (Wi-Fi), where an attacker floods an area with crafted beacon frames to overwhelm client devices or disrupt network discovery. | | Airgeddon | Menu-driven suite includes beacon flood
For security professionals, understanding WAPBOM helps in designing resilient wireless networks and educating users about the risks of connecting to unknown open access points. Last updated: 2025. This write-up is for educational and defensive purposes only. Unauthorized use of beacon flooding is illegal.