. listen to all MACs (OUI) to identify target (listen_target.sh)
listen_target.sh
* List clients
	* Assoc ? AP name, BSSID
	* Query ? List
	* Power
* Store in DB
* Localisation AP (google ?)
* Recherche AP (google ?)
* Recouper client entre sessions
* Recouper AP entre clients

* DB of matching MAC / OUI / Extensions
  with Equipment / Brand / Model / Options

. listen to networks seeked by target
	. if fails, deauth target to see which network it seeks (listen_target.sh)

. create our AP named as discovered AP (create_ap.sh)
  . maybe create on a different channel ?

. fuzz AP / BSSID where target is connected to
  . send broken packets with MAC of the target AP, can it make clients not trust it ?

. deauth target from AP it's connected to

. accept connection to our AP, offer internet. intranet ?

. mitm
	. if noob, mitm ssl
	. if noob, enter wifi password