def channel_hopper(): try: os.system("sudo iw dev %s set channel %d" % (interface, channel)) except Exception, err: logs_api.errors_log(str(err)) pass
def filter_aps(*arg): access_point = arg[0] profile = arg[1] # if profile mode is enabled filter results just for that essid filtered_ssid = "" if (profile): with open(profile, 'r') as f: next(f) #skipping first line for line in f: filtered_ssid = line.split()[0] break if access_point['essid'] != filtered_ssid: return False for ap in captured_aps: try: if ap['essid'] == access_point['essid'] and ap[ 'mac'] == access_point['mac'] and ap[ 'channel'] == access_point['channel'] and ap[ 'key type'] == access_point['key type'] and ap[ 'group cipher'] == access_point[ 'group cipher'] and ( abs(int(access_point['signal'])) <= abs(int(ap['signal'])) + 20 and abs(int(access_point['signal'])) >= abs(int(ap['signal'])) - 20): return False except Exception as e: logs_api.errors_log("Exception found: " + str(e)) pass return True
def call_active_methods(iface, ap_name, bssid): internal_ip = active_detectors.get_internal_IP(iface) print ("Internal IP: %s" % internal_ip) external_ip = active_detectors.get_external_IP() print ("External IP: %s" % external_ip) isp = active_detectors.get_ISP(external_ip) print ("ISP: %s" % isp) #active_detectors.traceroute(hostname_internal, iface) # test internal address hostname_external = "8.8.8.8" print(colors.get_color("ORANGE")+"Calculating the traceroute..."+colors.get_color("ENDC")) traceroute_val = active_detectors.traceroute(hostname_external, iface) print ("Traceroute for %s: %s" % (hostname_external, traceroute_val)) # test external address) print(colors.get_color("ORANGE")+"Checking AP fingerprint..."+colors.get_color("ENDC")) cp_name = active_detectors.get_AP_fingerprint() print ("Fingerprint computer name: %s" % cp_name) # disconnect print(colors.get_color("ORANGE")+"Disconnecting from [%s | %s]" % (ap_name,bssid) +colors.get_color("ENDC")) try: os.system("nmcli device disconnect "+iface) except Exception as Error: logs_api.errors_log("Error: "+str(subprocess.CalledProcessError)) pass return
def get_external_IP(): try: external_ip = subprocess.check_output(" dig +short myip.opendns.com @resolver1.opendns.com ", shell=True) return external_ip.strip() except subprocess.CalledProcessError: logs_api.errors_log("Error: "+str(subprocess.CalledProcessError)) pass return
def get_internal_IP(iface): try: internal_ip = subprocess.check_output(" ip addr show "+iface+" | grep 'inet ' | awk -F' ' '{print $2}' ", shell=True) return internal_ip.strip() except subprocess.CalledProcessError: logs_api.errors_log("Error: "+str(subprocess.CalledProcessError)) pass return
def signal_handler(signal, frame): try: manage_interfaces.disable_monitor(interface_monitor) except err: logs_api.errors_log(str(err)) pass print(colors.get_color("GRAY") + "\nExiting...\nGoodbye!"+colors.get_color("ENDC"), flush=True) sys.exit(0)
def get_results(interface): list_of_results=[] try: #Call the process to get the output to parse proc = subprocess.check_output("sudo iwlist "+interface+" scan",shell=True) #Break the output making an array containing the info of each Access Point list_of_results = re.split(r'\bCell \d{2}\b - ',proc)[1:] except subprocess.CalledProcessError: logs_api.errors_log("Error"+str(subprocess.CalledProcessError)) return parse(list_of_results)
def get_AP_fingerprint(): try: gateway = subprocess.check_output(" netstat -nr | grep 'UG[ \t]' | awk 'NR==2 {print $2}' ", shell=True) gateway = gateway.strip() print(gateway) cp_name = subprocess.check_output(" nmap -sC -O "+gateway+" | grep 'Computer name' | awk '{print $4}' ", shell=True) return cp_name except subprocess.CalledProcessError: logs_api.errors_log("Error: "+str(subprocess.CalledProcessError)) pass return
def get_ISP(external_ip): url = "http://ip-api.com/json/" req_isp = "?fields=isp" try: r = requests.get(url+external_ip+req_isp) isp = json.loads(r.text)["isp"] return isp except Exception as Error: logs_api.errors_log("Error: "+str(Error)) pass return
def channel_hopper(): #current_ch = 6 #while True: try: #current_ch+=1 #if(current_ch > 13): # current_ch = 1 #print("The current_ch: %s" % str(channel)) os.system("sudo iw dev %s set channel %d" % (interface, channel)) #time.sleep(0.5) except Exception, err: logs_api.errors_log(str(err)) pass
def traceroute(hostname, iface): try: out = subprocess.check_output("traceroute "+hostname+" -i "+iface, shell=True) count = 0 for line in out.split('\n')[1:]: if line: count += 1 return count except subprocess.CalledProcessError: logs_api.errors_log("Error: "+str(subprocess.CalledProcessError)) pass return
def scan(*arg): ##print ("Scanning "+str(len(arg))) active_probing, profile = False, False interface = arg[0] if(len(arg)==2): profile = arg[1] elif(len(arg)==3): active_probing = arg[1] interface_monitor = arg[2] elif(len(arg)==4): profile = arg[1] active_probing = arg[2] interface_monitor = arg[3] global table_of_manufacturers table_of_manufacturers = manufacturer.MacParser(manufacturer_table).refresh() sys.stdout=Unbuffered(sys.stdout) table = ['Date','AP Name','CH','BSSID','Brand','Signal','Quality','Frequency','Encryption','Cipher', 'Authentication','TSF'] print (colors.get_color("BOLD") + '{:^22s}|{:^24s}|{:^9s}|{:^19s}|{:^15s}|{:^8s}|{:^9s}|{:^11s}|{:^18s}|{:^8s}|{:^16s}|{:^16s}'.format(table[0],table[1],table[2],table[3],table[4],table[5],table[6],table[7],table[8],table[9],table[10],table[11]) + colors.get_color("ENDC")) while True: ap_list = get_results(interface) try: for line in ap_list: # filter to check if APs already exists if filter_aps(line, profile): limited = False if len(line['essid'])>21: limited = True # apply detections heuristics if limited: if (noknowled_detector.suspicious_behaviours(line,captured_aps) == "suspicious_1"): print (colors.get_color("FAIL") + '{:^22s} {:<23s} {:^9s} {:^19s} {:^15s} {:^8s} {:^9s} {:^10s} {:^18s} {:^8s} {:^16s} {:<18s}'.format(getTimeDate(),line['essid'][0:21],line['channel'],line['mac'], line['manufacturer'],line['signal'],line['quality'],line['frequency'],line['key type'],line['group cipher'], line['authentication suites'], line['tsf']) + colors.get_color("ENDC") ) elif (noknowled_detector.suspicious_behaviours(line,captured_aps) == "suspicious_2" or noknowled_detector.suspicious_behaviours(line,captured_aps) == "suspicious_4"): print (colors.get_color("FAIL1") + '{:^22s} {:<23s} {:^9s} {:^19s} {:^15s} {:^8s} {:^9s} {:^10s} {:^18s} {:^8s} {:^16s} {:<18s}'.format(getTimeDate(),line['essid'][0:21],line['channel'],line['mac'], line['manufacturer'],line['signal'],line['quality'],line['frequency'],line['key type'],line['group cipher'], line['authentication suites'], line['tsf']) + colors.get_color("ENDC") ) elif (noknowled_detector.suspicious_behaviours(line,captured_aps) == "suspicious_3"): print (colors.get_color("FAIL2") + '{:^22s} {:<23s} {:^9s} {:^19s} {:^15s} {:^8s} {:^9s} {:^10s} {:^18s} {:^8s} {:^16s} {:<18s}'.format(getTimeDate(),line['essid'][0:21],line['channel'],line['mac'], line['manufacturer'],line['signal'],line['quality'],line['frequency'],line['key type'],line['group cipher'], line['authentication suites'], line['tsf']) + colors.get_color("ENDC") ) else: print '{:^22s} {:<23s} {:^9s} {:^19s} {:^15s} {:^8s} {:^9s} {:^10s} {:^18s} {:^8s} {:^16s} {:<18s}'.format(getTimeDate(),line['essid'][0:21],line['channel'],line['mac'], line['manufacturer'],line['signal'],line['quality'],line['frequency'],line['key type'],line['group cipher'], line['authentication suites'], line['tsf']) else: if (noknowled_detector.suspicious_behaviours(line,captured_aps) == "suspicious_1"): print (colors.get_color("FAIL") + '{:^22s} {:<23s} {:^9s} {:^19s} {:^15s} {:^8s} {:^9s} {:^10s} {:^18s} {:^8s} {:^16s} {:<18s}'.format(getTimeDate(),line['essid'],line['channel'],line['mac'], line['manufacturer'],line['signal'],line['quality'],line['frequency'],line['key type'],line['group cipher'], line['authentication suites'], line['tsf']) + colors.get_color("ENDC") ) elif (noknowled_detector.suspicious_behaviours(line,captured_aps) == "suspicious_2" or noknowled_detector.suspicious_behaviours(line,captured_aps) == "suspicious_4"): print (colors.get_color("FAIL1") + '{:^22s} {:<23s} {:^9s} {:^19s} {:^15s} {:^8s} {:^9s} {:^10s} {:^18s} {:^8s} {:^16s} {:<18s}'.format(getTimeDate(),line['essid'],line['channel'],line['mac'], line['manufacturer'],line['signal'],line['quality'],line['frequency'],line['key type'],line['group cipher'], line['authentication suites'], line['tsf']) + colors.get_color("ENDC") ) elif (noknowled_detector.suspicious_behaviours(line,captured_aps) == "suspicious_3"): print (colors.get_color("FAIL2") + '{:^22s} {:<23s} {:^9s} {:^19s} {:^15s} {:^8s} {:^9s} {:^10s} {:^18s} {:^8s} {:^16s} {:<18s}'.format(getTimeDate(),line['essid'],line['channel'],line['mac'], line['manufacturer'],line['signal'],line['quality'],line['frequency'],line['key type'],line['group cipher'], line['authentication suites'], line['tsf']) + colors.get_color("ENDC") ) else: print '{:^22s} {:<23s} {:^9s} {:^19s} {:^15s} {:^8s} {:^9s} {:^10s} {:^18s} {:^8s} {:^16s} {:<18s}'.format(getTimeDate(),line['essid'],line['channel'],line['mac'], line['manufacturer'],line['signal'],line['quality'],line['frequency'],line['key type'],line['group cipher'], line['authentication suites'], line['tsf']) if(profile): passive_detectors.authorized_aps(line, profile) if( line['key type'] == "Open"): passive_detectors.free_WiFis_detect(line, captured_aps) passive_detectors.spot_karma(line) #passive_detectors.deauth_detector(interface_monitor) # new stufx if (active_probing): passive_detectors.spoting_PineAP(line, active_probing, interface_monitor) else: passive_detectors.spoting_PineAP(line) #if (deauth_detect): #passive_detectors.deauth_detector(interface_monitor) # new stufx # end of detections heuristics passive_detectors.check_tsf(line) captured_aps.append(line) signal.signal(signal.SIGINT, signal_handler) time.sleep(1) except Exception, err: logs_api.errors_log(str(err)) pass
def signal_handler(signal, frame): try: manage_interfaces.disable_monitor(interface_monitor) except Exception, err: logs_api.errors_log(str(err)) pass
def scan(*arg): active_probing, profile = False, False email = arg[0] interface = arg[1] global interface_monitor if(len(arg) == 3): profile = arg[2] elif(len(arg) == 4): active_probing = arg[2] interface_monitor = arg[3] elif(len(arg) == 4): profile = arg[2] active_probing = arg[3] interface_monitor = arg[4] global table_of_manufacturers table_of_manufacturers = manufacturer.MacParser( manufacturer_table).refresh() table = ['Date', 'AP Name', 'CH', 'BSSID', 'Brand', 'Signal', 'Quality', 'Frequency', 'Encryption', 'Cipher', 'Authentication', 'TSF'] print(colors. get_color("BOLD") + '{:^22s}|{:^24s}|{:^9s}|{:^19s}|{:^15s}|{:^8s}|{:^9s}|{:^11s}|{:^18s}|{:^8s}|{:^16s}|{:^16s}'.format( table[0], table[1], table[2], table[3], table[4], table[5], table[6], table[7], table[8], table[9], table[10], table[11]) + colors.get_color("ENDC"), flush=True) while True: ap_list = get_results(interface) try: for line in ap_list: # filter to check if APs already exists if filter_aps(line, profile): limited = False if (noknowledge_detector.suspicious_behaviours(line, captured_aps) == "suspicious_1"): print(colors.get_color("FAIL") + '{:^22s} {:<23s} {:^9s} {:^19s} {:^15s} {:^8s} {:^9s} {:^10s} {:^18s} {:^8s} {:^16s} {:<18s}'.format(getTimeDate( ), line['essid'], line['channel'], line['mac'], line['manufacturer'], line['signal'], line['quality'], line['frequency'], line['key type'], line['group cipher'], line['authentication suites'], line['tsf']) + colors.get_color("ENDC"), flush=True) # captured AP with same bssid and dif essid and encryption (karma) elif (noknowledge_detector.suspicious_behaviours(line, captured_aps) == "suspicious_2" or noknowledge_detector.suspicious_behaviours(line, captured_aps) == "suspicious_4"): print(colors.get_color("FAIL1") + '{:^22s} {:<23s} {:^9s} {:^19s} {:^15s} {:^8s} {:^9s} {:^10s} {:^18s} {:^8s} {:^16s} {:<18s}'.format(getTimeDate( ), line['essid'], line['channel'], line['mac'], line['manufacturer'], line['signal'], line['quality'], line['frequency'], line['key type'], line['group cipher'], line['authentication suites'], line['tsf']) + colors.get_color("ENDC"), flush=True) # captured AP with same essid, bssid, encryption and dif channel elif (noknowledge_detector.suspicious_behaviours(line, captured_aps) == "suspicious_3"): print(colors.get_color("FAIL2") + '{:^22s} {:<23s} {:^9s} {:^19s} {:^15s} {:^8s} {:^9s} {:^10s} {:^18s} {:^8s} {:^16s} {:<18s}'.format(getTimeDate( ), line['essid'], line['channel'], line['mac'], line['manufacturer'], line['signal'], line['quality'], line['frequency'], line['key type'], line['group cipher'], line['authentication suites'], line['tsf']) + colors.get_color("ENDC"), flush=True) # captured AP with same essid, bssid, channel and dif encryption elif (noknowledge_detector.suspicious_behaviours(line, captured_aps) == "suspicious_4"): print(colors.get_color("ORANGE") + '{:^22s} {:<23s} {:^9s} {:^19s} {:^15s} {:^8s} {:^9s} {:^10s} {:^18s} {:^8s} {:^16s} {:<18s}'.format(getTimeDate( ), line['essid'], line['channel'], line['mac'], line['manufacturer'], line['signal'], line['quality'], line['frequency'], line['key type'], line['group cipher'], line['authentication suites'], line['tsf']) + colors.get_color("ENDC"), flush=True) else: email.sendmail("*****@*****.**", "*****@*****.**", "Rouge AP detected..") print('{:^22s} {:<23s} {:^9s} {:^19s} {:^15s} {:^8s} {:^9s} {:^10s} {:^18s} {:^8s} {:^16s} {:<18s}'.format(getTimeDate( ), line['essid'], line['channel'], line['mac'], line['manufacturer'], line['signal'], line['quality'], line['frequency'], line['key type'], line['group cipher'], line['authentication suites'], line['tsf'])) if(profile): passive_detectors.authorized_aps(line, profile) if(line['key type'] == "Open"): passive_detectors.free_WiFis_detect(line, captured_aps) passive_detectors.spot_karma(line) # passive_detectors.deauth_detector(interface_monitor) # new stufx if (active_probing): passive_detectors.spoting_PineAP( line, active_probing, interface_monitor) else: passive_detectors.spoting_PineAP(line) passive_detectors.check_tsf(line) captured_aps.append(line) signal.signal(signal.SIGINT, signal_handler) time.sleep(1) except Exception as err: logs_api.errors_log(str(err)) pass