def scan(*arg): interface = arg[0] ssids = arg[1] table = [ 'Date', 'AP Name', 'CH', 'BSSID', 'Signal', 'Quality', 'Frequency', 'Encryption', 'Cipher', 'Authentication', 'TSF' ] print( colors.get_color("BOLD") + '{:^22s}|{:^24s}|{:^9s}|{:^19s}|{:^8s}|{:^9s}|{:^11s}|{:^18s}|{:^8s}|{:^16s}|{:^16s}' .format(table[0], table[1], table[2], table[3], table[4], table[5], table[6], table[7], table[8], table[9], table[10]) + colors.get_color("ENDC"), flush=True) while True: ap_list = get_results(interface) try: for line in ap_list: # filter to check if APs already exists if filter_aps(line): print( '{:^22s} {:<23s} {:^9s} {:^19s} {:^8s} {:^9s} {:^10s} {:^18s} {:^8s} {:^16s} {:<18s}' .format(getTimeDate(), line['essid'], line['channel'], line['mac'], line['signal'], line['quality'], line['frequency'], line['key type'], line['group cipher'], line['authentication suites'], line['tsf']), flush=True) captured_aps.append(line) time.sleep(1) except Exception as err: print(err, "ERROR") pass
def spot_karma(scanned_ap): ##DEBUG #print("Looking fot karmas...") #print phishing_karma #print (scanned_ap['mac'] in phishing_karma and scanned_ap['essid'] not in phishing_karma) if (scanned_ap['mac'] in phishing_karma): c = len(phishing_karma.values()) cp = 0 for i in range(c): if (scanned_ap['essid'] in phishing_karma.values()[i] and scanned_ap['mac'] in phishing_karma.values()[i]): break #print ("scanned_ap %s" % scanned_ap['essid']) #print ("phishing_karma: %s" % phishing_karma.values()[i]) if (scanned_ap['essid'] not in phishing_karma.values()[i]): cp += 1 if (cp == c): phishing_karma[scanned_ap['mac']].add(scanned_ap['essid']) print( colors.get_color("FAIL") + "[%s | %s] Karma Rogue Access Point!\n[Type] Karma attack." % (scanned_ap['essid'], scanned_ap['mac']) + colors.get_color("ENDC")) break else: phishing_karma[scanned_ap['mac']] = set([scanned_ap['essid']])
def check_interface(iface): try: outputz = subprocess.check_output("iwlist " + iface + " scan", stderr=subprocess.STDOUT, shell=True) except Exception as e: print(colors.get_color("ORANGE") + "Please check your interface." + colors.get_color("ENDC")) print(colors.get_color("GRAY") + "Exception: %s" % e + colors.get_color("ENDC") ) sys.exit(1)
def associateToAp(ap_name,bssid,pwd,iface): if(pwd==''): print(colors.get_color("ORANGE")+"Trying to associate to [%s | %s]" % (ap_name,bssid) +colors.get_color("ENDC")) try: #os.system("nmcli dev wifi connect "+ap_name+" bssid "+bssid+" ifname "+iface) assoc_result = subprocess.check_output("nmcli dev wifi connect "+ap_name+" bssid "+bssid+" ifname "+iface, shell=True) if ("Error:" not in str(assoc_result) ): call_active_methods(iface, ap_name, bssid) else: print ("Associated!") return except Exception as e: print("Exception: %s" %e) return else: print(colors.get_color("ORANGE")+"Trying to associate to [%s | %s]" % (ap_name,bssid) +colors.get_color("ENDC")) try: #os.system("nmcli dev wifi connect "+str(ap_name)+" password "+str(pwd)+" bssid "+str(bssid).upper()+" ifname "+str(iface)) assoc_result = subprocess.check_output("nmcli dev wifi connect "+str(ap_name)+" password "+str(pwd)+" bssid "+str(bssid).upper()+" ifname "+str(iface), shell=True) if ("Error:" not in str(assoc_result)): print ("Associated!") call_active_methods(iface, ap_name, bssid) else: print ("Not associated!") return except Exception as e: print("Exception: %s" %e) return
def intro(): print(colors.get_color("BOLD") + " _ ____ ____ _ _ \n"+ " _ __ ___ __ _ _ _ ___ / \ | _ \ | _ \ ___| |_ ___ ___| |_ \n" + "| '__/ _ \ / _` | | | |/ _ \ / _ \ | |_) | | | | |/ _ \ __/ _ \/ __| __| \n" + "| | | (_) | (_| | |_| | __// ___ \| __/ | |_| | __/ || __/ (__| |_ \n"+ "|_| \___/ \__, |\__,_|\___/_/ \_\_| |____/ \___|\__\___|\___|\__| \n "+ " |___/ v1.0\n"+ "\t\t\t\tby Team Rogue_AP\n"+ colors.get_color("ENDC"))
def signal_handler(signal, frame): try: manage_interfaces.disable_monitor(interface_monitor) except err: logs_api.errors_log(str(err)) pass print(colors.get_color("GRAY") + "\nExiting...\nGoodbye!"+colors.get_color("ENDC"), flush=True) sys.exit(0)
def main(): check_root() try: with open('ssids.json') as f: ssids = json.load(f) print(colors.get_color("ORANGE") + str(ssids) + colors.get_color("ENDC")) except: print(colors.get_color("FAIL") + "[x] File SSID.json Not Found" + colors.get_color("ENDC")) sys.exit(0) parse_args(ssids)
def wifi_attacks_detector(interface): global interface_monitor interface_monitor = interface global auth_reqs global assoc_reqs auth_reqs = 0 assoc_reqs = 0 print( colors.get_color("GRAY") + "WiFi Attacks Detection..." + colors.get_color("ENDC")) sniff(iface=interface_monitor, prn=sniffRequests, store=0)
def intro(): print( colors.get_color("BOLD") + " _ ____ ____ _ _ \n" + " _ __ ___ __ _ _ _ ___ / \ | _ \ | _ \ ___| |_ ___ ___| |_ \n" + "| '__/ _ \ / _` | | | |/ _ \ / _ \ | |_) | | | | |/ _ \ __/ _ \/ __| __| \n" + "| | | (_) | (_| | |_| | __// ___ \| __/ | |_| | __/ || __/ (__| |_ \n" + "|_| \___/ \__, |\__,_|\___/_/ \_\_| |____/ \___|\__\___|\___|\__| \n " + " |___/ v2.0\n" + "\t\t\t\tby Ricardo Gonçalves - 0x4notherik\n" + colors.get_color("ENDC"))
def usage(): intro() print_info("Usage: ./rogue_detector.py [option]") print("\nOptions: -i interface\t\t -> the interface to monitor the network") print("\t -s scan_type\t\t -> name of scanning type (iwlist, scapy)") print(colors.get_color("BOLD")+"\nExample:sudo python3 ./rogue_detector.py -i iface -s iwlist"+colors.get_color("ENDC"))
def spoting_PineAP(*arg): global interface_monitor scanned_ap = arg[0] active_probing = False alfa_brand = "Alfa" default_bssid = ":13:37:" if (default_bssid in scanned_ap['mac']): print( colors.get_color("FAIL") + "[%s | %s] Possible Rogue Access Point!\n[Type] PineAp RAP. (Acc: 1)" % (scanned_ap['essid'], scanned_ap['mac']) + colors.get_color("ENDC")) elif (default_bssid in scanned_ap['mac'] and scanned_ap['key type'] == "Open"): print( colors.get_color("FAIL") + "[%s | %s] Possible Rogue Access Point!\n[Type] PineAp RAP. (Acc: 2)" % (scanned_ap['essid'], scanned_ap['mac']) + colors.get_color("ENDC")) elif (alfa_brand in scanned_ap['manufacturer']): print( colors.get_color("FAIL") + "[%s | %s] Possible Rogue Access Point!\n[Type] Blacklisted BSSID. (Acc: 1)" % (scanned_ap['essid'], scanned_ap['mac']) + colors.get_color("ENDC")) if (len(arg) > 2): active_probing = arg[1] interface_monitor = arg[2] th1 = threading.Thread(target=gen_PineAp_ssid(scanned_ap)) th1.daemon = True th1.start() #p1 = multiprocessing.Process(target=gen_PineAp_ssid, args=(scanned_ap,)) #p1.start() #p1.join() if (active_probing): th2 = threading.Thread(target=send_Probe_Req(interface_monitor)) th2.daemon = True th2.start() #p2 = multiprocessing.Process(target=send_Probe_Req, args=(interface_monitor,)) #p2.start() #p2.join() for pineAP_ssid in pineAP_ssids: if (pineAP_ssid == scanned_ap['essid']): print( colors.get_color("FAIL") + "[%s | %s] Possible Rogue Access Point!\n[Type] PineAp produced RAP (possible hidden RAP)." % (scanned_ap['essid'], scanned_ap['mac']) + colors.get_color("ENDC")) active_probing = False
def usage(): intro() print_info("Usage: ./rogue_detector.py [option]") print( "\nOptions: -i interface\t\t -> the interface to monitor the network") print("\t -im interface\t\t -> interface for active mode") print("\t -p profile\t\t -> name of the profile to load") print("\t -s scan_type\t\t -> name of scanning type (iwlist, scapy)") print("\t -h hive_mode\t\t -> creates an AP") print("\t -d deauth\t\t -> deauthenticates users from target AP") print( "\t -wifi_attacks_detect\t -> detects deauthentication and pmkid attacks" ) print("\t -a active_mode\t -> activates random probe requests") print( colors.get_color("BOLD") + "\nExample: ./rogue_detector.py -i iface -s iwlist -p example_profile.txt" + colors.get_color("ENDC"))
def check_tsf(scanned_ap): simple_poc_threshold_down = "0:01:00.10" simple_poc_threshold_up = 800 scanned_tsf = scanned_ap['tsf'].split()[0] if (scanned_tsf < simple_poc_threshold_down): print( colors.get_color("ORANGE") + "[%s | %s] Recently Created AP..." % (scanned_ap['essid'], scanned_ap['mac']) + colors.get_color("ENDC")) if (len(scanned_ap['tsf'].split()) > 1): if (int(scanned_tsf) > simple_poc_threshold_up): print( colors.get_color("ORANGE") + "[%s | %s] Strange uptime..." % (scanned_ap['essid'], scanned_ap['mac']) + colors.get_color("ENDC"))
def call_active_methods(iface, ap_name, bssid): internal_ip = active_detectors.get_internal_IP(iface) print ("Internal IP: %s" % internal_ip) external_ip = active_detectors.get_external_IP() print ("External IP: %s" % external_ip) isp = active_detectors.get_ISP(external_ip) print ("ISP: %s" % isp) #active_detectors.traceroute(hostname_internal, iface) # test internal address hostname_external = "8.8.8.8" print(colors.get_color("ORANGE")+"Calculating the traceroute..."+colors.get_color("ENDC")) traceroute_val = active_detectors.traceroute(hostname_external, iface) print ("Traceroute for %s: %s" % (hostname_external, traceroute_val)) # test external address) print(colors.get_color("ORANGE")+"Checking AP fingerprint..."+colors.get_color("ENDC")) cp_name = active_detectors.get_AP_fingerprint() print ("Fingerprint computer name: %s" % cp_name) # disconnect print(colors.get_color("ORANGE")+"Disconnecting from [%s | %s]" % (ap_name,bssid) +colors.get_color("ENDC")) try: os.system("nmcli device disconnect "+iface) except Exception as Error: logs_api.errors_log("Error: "+str(subprocess.CalledProcessError)) pass return
def deauthenticate(iface): target_ap_bssid = str(raw_input(colors.get_color("ORANGE")+"Enter target AP (BSSID): "+colors.get_color("ENDC"))) target_client_bssid = str(raw_input(colors.get_color("ORANGE")+"Enter target Client (BSSID) [empty for brodcast]: "+colors.get_color("ENDC"))) if (target_client_bssid == ''): target_client_bssid = ":".join(["ff"]*6) number_of_times = input(colors.get_color("ORANGE")+"How many times: "+colors.get_color("ENDC")) number_of_pkts = input(colors.get_color("ORANGE")+"Number of deauth packets: "+colors.get_color("ENDC")) pkt = RadioTap() / Dot11(type=0,subtype=12,addr1=target_client_bssid,addr2=target_ap_bssid,addr3=target_ap_bssid) / Dot11Deauth(reason=7) for n in range(number_of_times): sendp(pkt, iface=iface, count=number_of_pkts) print(colors.get_color("ORANGE")+"[%s]" %(n+1) +" Deauth sent from: "+iface+" BSSID: "+target_ap_bssid+ " for Client: "+target_client_bssid+colors.get_color("ENDC")) print("Switching to monitor mode...") manage_interfaces.disable_monitor(iface) print(colors.get_color("GRAY") + "\nExiting...\nGoodbye!"+colors.get_color("ENDC"))
def print_info(info, type=0): if (type == 0): m = colors.get_color("OKBLUE") elif (type == 1): m = colors.get_color("OKGREEN") elif (type == 2): m = colors.get_color("WARNING") m += "[*] " + colors.get_color("ENDC") + colors.get_color("BOLD") + info + colors.get_color("ENDC") print(m)
def scan(*arg): ##print ("Scanning "+str(len(arg))) active_probing, profile = False, False interface = arg[0] if(len(arg)==2): profile = arg[1] elif(len(arg)==3): active_probing = arg[1] interface_monitor = arg[2] elif(len(arg)==4): profile = arg[1] active_probing = arg[2] interface_monitor = arg[3] global table_of_manufacturers table_of_manufacturers = manufacturer.MacParser(manufacturer_table).refresh() sys.stdout=Unbuffered(sys.stdout) table = ['Date','AP Name','CH','BSSID','Brand','Signal','Quality','Frequency','Encryption','Cipher', 'Authentication','TSF'] print (colors.get_color("BOLD") + '{:^22s}|{:^24s}|{:^9s}|{:^19s}|{:^15s}|{:^8s}|{:^9s}|{:^11s}|{:^18s}|{:^8s}|{:^16s}|{:^16s}'.format(table[0],table[1],table[2],table[3],table[4],table[5],table[6],table[7],table[8],table[9],table[10],table[11]) + colors.get_color("ENDC")) while True: ap_list = get_results(interface) try: for line in ap_list: # filter to check if APs already exists if filter_aps(line, profile): limited = False if len(line['essid'])>21: limited = True # apply detections heuristics if limited: if (noknowled_detector.suspicious_behaviours(line,captured_aps) == "suspicious_1"): print (colors.get_color("FAIL") + '{:^22s} {:<23s} {:^9s} {:^19s} {:^15s} {:^8s} {:^9s} {:^10s} {:^18s} {:^8s} {:^16s} {:<18s}'.format(getTimeDate(),line['essid'][0:21],line['channel'],line['mac'], line['manufacturer'],line['signal'],line['quality'],line['frequency'],line['key type'],line['group cipher'], line['authentication suites'], line['tsf']) + colors.get_color("ENDC") ) elif (noknowled_detector.suspicious_behaviours(line,captured_aps) == "suspicious_2" or noknowled_detector.suspicious_behaviours(line,captured_aps) == "suspicious_4"): print (colors.get_color("FAIL1") + '{:^22s} {:<23s} {:^9s} {:^19s} {:^15s} {:^8s} {:^9s} {:^10s} {:^18s} {:^8s} {:^16s} {:<18s}'.format(getTimeDate(),line['essid'][0:21],line['channel'],line['mac'], line['manufacturer'],line['signal'],line['quality'],line['frequency'],line['key type'],line['group cipher'], line['authentication suites'], line['tsf']) + colors.get_color("ENDC") ) elif (noknowled_detector.suspicious_behaviours(line,captured_aps) == "suspicious_3"): print (colors.get_color("FAIL2") + '{:^22s} {:<23s} {:^9s} {:^19s} {:^15s} {:^8s} {:^9s} {:^10s} {:^18s} {:^8s} {:^16s} {:<18s}'.format(getTimeDate(),line['essid'][0:21],line['channel'],line['mac'], line['manufacturer'],line['signal'],line['quality'],line['frequency'],line['key type'],line['group cipher'], line['authentication suites'], line['tsf']) + colors.get_color("ENDC") ) else: print '{:^22s} {:<23s} {:^9s} {:^19s} {:^15s} {:^8s} {:^9s} {:^10s} {:^18s} {:^8s} {:^16s} {:<18s}'.format(getTimeDate(),line['essid'][0:21],line['channel'],line['mac'], line['manufacturer'],line['signal'],line['quality'],line['frequency'],line['key type'],line['group cipher'], line['authentication suites'], line['tsf']) else: if (noknowled_detector.suspicious_behaviours(line,captured_aps) == "suspicious_1"): print (colors.get_color("FAIL") + '{:^22s} {:<23s} {:^9s} {:^19s} {:^15s} {:^8s} {:^9s} {:^10s} {:^18s} {:^8s} {:^16s} {:<18s}'.format(getTimeDate(),line['essid'],line['channel'],line['mac'], line['manufacturer'],line['signal'],line['quality'],line['frequency'],line['key type'],line['group cipher'], line['authentication suites'], line['tsf']) + colors.get_color("ENDC") ) elif (noknowled_detector.suspicious_behaviours(line,captured_aps) == "suspicious_2" or noknowled_detector.suspicious_behaviours(line,captured_aps) == "suspicious_4"): print (colors.get_color("FAIL1") + '{:^22s} {:<23s} {:^9s} {:^19s} {:^15s} {:^8s} {:^9s} {:^10s} {:^18s} {:^8s} {:^16s} {:<18s}'.format(getTimeDate(),line['essid'],line['channel'],line['mac'], line['manufacturer'],line['signal'],line['quality'],line['frequency'],line['key type'],line['group cipher'], line['authentication suites'], line['tsf']) + colors.get_color("ENDC") ) elif (noknowled_detector.suspicious_behaviours(line,captured_aps) == "suspicious_3"): print (colors.get_color("FAIL2") + '{:^22s} {:<23s} {:^9s} {:^19s} {:^15s} {:^8s} {:^9s} {:^10s} {:^18s} {:^8s} {:^16s} {:<18s}'.format(getTimeDate(),line['essid'],line['channel'],line['mac'], line['manufacturer'],line['signal'],line['quality'],line['frequency'],line['key type'],line['group cipher'], line['authentication suites'], line['tsf']) + colors.get_color("ENDC") ) else: print '{:^22s} {:<23s} {:^9s} {:^19s} {:^15s} {:^8s} {:^9s} {:^10s} {:^18s} {:^8s} {:^16s} {:<18s}'.format(getTimeDate(),line['essid'],line['channel'],line['mac'], line['manufacturer'],line['signal'],line['quality'],line['frequency'],line['key type'],line['group cipher'], line['authentication suites'], line['tsf']) if(profile): passive_detectors.authorized_aps(line, profile) if( line['key type'] == "Open"): passive_detectors.free_WiFis_detect(line, captured_aps) passive_detectors.spot_karma(line) #passive_detectors.deauth_detector(interface_monitor) # new stufx if (active_probing): passive_detectors.spoting_PineAP(line, active_probing, interface_monitor) else: passive_detectors.spoting_PineAP(line) #if (deauth_detect): #passive_detectors.deauth_detector(interface_monitor) # new stufx # end of detections heuristics passive_detectors.check_tsf(line) captured_aps.append(line) signal.signal(signal.SIGINT, signal_handler) time.sleep(1) except Exception, err: logs_api.errors_log(str(err)) pass
self.stream = stream def write(self, data): self.stream.write(data) self.stream.flush() log_file.write(data) # Write the data of stdout here to a text file as well def signal_handler(signal, frame): try: manage_interfaces.disable_monitor(interface_monitor) except Exception, err: logs_api.errors_log(str(err)) pass print (colors.get_color("GRAY") + "\nExiting...\nGoodbye!"+colors.get_color("ENDC")) sys.exit(0) def scan(*arg): ##print ("Scanning "+str(len(arg))) active_probing, profile = False, False interface = arg[0] if(len(arg)==2): profile = arg[1] elif(len(arg)==3): active_probing = arg[1] interface_monitor = arg[2] elif(len(arg)==4): profile = arg[1] active_probing = arg[2] interface_monitor = arg[3]
def parse_args(email): ##intro() scanners = ["scapy", "iwlist"] scanner_type = "" profile, scan, hive, deauth, active_probing, wifi_attacks_detect = False, False, False, False, False, False if (len(sys.argv) < 4): usage() return # setting up args for cmd in sys.argv: if (cmd == "-i"): global interface interface = sys.argv[sys.argv.index(cmd) + 1] pre_check(interface) if (cmd == "-im"): global interface_monitor interface_monitor = sys.argv[sys.argv.index(cmd) + 1] pre_check(interface_monitor) if (cmd == "-p"): profile_name = sys.argv[sys.argv.index(cmd) + 1] if (os.path.isfile(profile_name)): profile = True else: print( colors.get_color("FAIL") + "Profile selected does not exists!\n" + colors.get_color("ENDC")) return if (cmd == "-s"): scan = True scanner_type = sys.argv[sys.argv.index(cmd) + 1] if (cmd == "-h"): hive = True if (cmd == "-d"): deauth = True if (cmd == "-a"): active_probing = True if (cmd == "-wifi_attacks_detect"): wifi_attacks_detect = True if (scan): if (scanner_type == "scapy"): manage_interfaces.enable_monitor(interface) try: if (profile): scapy_monitor.scapy_scan(interface, profile_name) else: scapy_monitor.scapy_scan(interface) except Exception as e: print("Exception:113 %s" % e) return if (scanner_type == "iwlist"): # print(profile,active_probing,profile_name,"--sqsqw") try: if (profile and active_probing): print(profile, active_probing, profile_name, "--sqsqw") manage_interfaces.change_mac(interface_monitor) manage_interfaces.enable_monitor(interface_monitor) iwlist_monitor.scan(email, interface, profile_name, active_probing, interface_monitor) elif (active_probing): manage_interfaces.change_mac(interface_monitor) manage_interfaces.enable_monitor(interface_monitor) iwlist_monitor.scan(email, interface, active_probing, interface_monitor) elif (profile): iwlist_monitor.scan(email, interface, profile_name) else: iwlist_monitor.scan(email, interface) except Exception as e: print("Exception:114 %s" % e) return if (scanner_type not in scanners): print( colors.get_color("FAIL") + "Wrong module selected!\n" + colors.get_color("ENDC")) usage() return if (hive): try: interface_monitor except Exception as e: print( colors.get_color("ORANGE") + "'im' interface not defined!" + colors.get_color("ENDC")) print( colors.get_color("GRAY") + "Exception: %s" % e + colors.get_color("ENDC")) sys.exit(0) iface_hive = interface_monitor try: manage_interfaces.enable_monitor(iface_hive) p = multiprocessing.Process(hive_mode.startRogueAP(iface_hive)) p.start() p.join() except Exception as e: print("Exception: %s" % e) return if (deauth): iface_deauth = interface_monitor try: manage_interfaces.enable_monitor(iface_deauth) p = multiprocessing.Process(deauthing.deauthenticate(iface_deauth)) p.start() p.join() except Exception as e: print("Exception: %s" % e) return if (wifi_attacks_detect): iface_deauth = interface_monitor try: manage_interfaces.enable_monitor(iface_deauth) p = multiprocessing.Process( passive_detectors.wifi_attacks_detector(interface_monitor)) p.start() p.join() except Exception as e: print("Exception: %s" % e) return
def free_WiFis_detect(scanned_ap, captured_aps): ##DEBUG #print("Detecting Rogue Free Wifis ...") with open('profiles/free_wifis.txt', 'r') as f: next(f) for line in f: auth_ssid = line.split()[0] ##print(auth_ssid) ##print (scanned_ap['essid']) if (auth_ssid in scanned_ap['essid']): print( colors.get_color("UNDERLINE") + "Scanning %s " % scanned_ap['essid'] + " with: %s" % scanned_ap['mac'] + colors.get_color("ENDC")) ##print("inside 1") auth_vendors = [] c = 1 while c < len(line.split()): auth_vendors.append(line.split()[c]) c += 1 ##print scanned_ap['manufacturer'] ##print ("AUTH VENDORS: %s" % auth_vendors) if (scanned_ap['manufacturer'] in auth_vendors): ##print("inside 2 **************************") # in this situation we need to understand the pattern of the bssid and channel ##if ("STCP" in captured_ap['essid']): ## print (colors.get_color("OKGREEN")+"[%s | %s] Probable Auth Free WiFi." % (scanned_ap['essid'], scanned_ap['mac']) + colors.get_color("ENDC")) for captured_ap in captured_aps: ##print("inside 3 +++++++++++++++++++++++") # NOS_WIFI if (scanned_ap['essid'] == "NOS_WIFI_Fon" and ("NOS-" in captured_ap['essid'] or "ZON-" in captured_ap['essid'])): last_byte = captured_ap['mac'][15:] val = int(last_byte, base=16) val_inc = hex(val + 1)[2:] correct_bssid = captured_ap['mac'][:-2] + val_inc ## DEBUG ##print("Produced correct BSSID: %s and CH: %s" % (correct_bssid, captured_ap['channel'])) ##print("Scanned AP BSSID: %s and CH: %s" % (scanned_ap['mac'], scanned_ap['channel'])) if (scanned_ap['mac'] == correct_bssid.upper() and scanned_ap['channel'] == captured_ap['channel']): print( colors.get_color("OKGREEN") + "[%s | %s] Probable Valid Free WiFi." % (scanned_ap['essid'], scanned_ap['mac']) + colors.get_color("ENDC")) break #else: # not in auth vendors # print(colors.get_color("FAIL")+"[%s | %s] Strange Free WiFi. Possible Rogue Access Point!" % (scanned_ap['essid'], scanned_ap['mac']) +colors.get_color("ENDC") ) # break # MEO-WiFi elif (scanned_ap['essid'] == "MEO-WiFi" and "MEO-" in captured_ap['essid']): first_byte = captured_ap['mac'][:-15] last_byte = captured_ap['mac'][15:] val_1 = int(first_byte, base=16) val_1_inc = hex(val_1 + 2)[2:] val_2 = int(last_byte, base=16) val_2_inc = hex(val_2 + 1)[2:] correct_bssid = val_1_inc + captured_ap['mac'][ 2:-2] + val_2_inc ## DEBUG ##print("Produced correct BSSID: %s and CH: %s" % (correct_bssid, captured_ap['channel'])) ##print("Scanned AP BSSID: %s and CH: %s" % (scanned_ap['mac'], scanned_ap['channel'])) if (scanned_ap['mac'] == correct_bssid.upper() and scanned_ap['channel'] == captured_ap['channel']): print( colors.get_color("OKGREEN") + "[%s | %s] Probable Valid Free WiFi." % (scanned_ap['essid'], scanned_ap['mac']) + colors.get_color("ENDC")) break #else: # not in auth vendors # print(colors.get_color("FAIL")+"[%s | %s] Strange Free WiFi. Possible Rogue Access Point!" % (scanned_ap['essid'], scanned_ap['mac']) +colors.get_color("ENDC") ) # break # wifi_eventos elif (scanned_ap['essid'] == "wifi_eventos" and "eduroam" in captured_ap['essid']): last_byte = captured_ap['mac'][15:] val = int(last_byte, base=16) val_inc = hex(val + 1)[2:] correct_bssid = captured_ap['mac'][:-2] + val_inc ## DEBUG ##print("Produced correct BSSID: %s and CH: %s" % (correct_bssid, captured_ap['channel'])) ##print("Scanned AP BSSID: %s and CH: %s" % (scanned_ap['mac'], scanned_ap['channel'])) if (scanned_ap['mac'] == correct_bssid.upper() and scanned_ap['channel'] == captured_ap['channel']): print( colors.get_color("OKGREEN") + "[%s | %s] Probable Valid Free WiFi." % (scanned_ap['essid'], scanned_ap['mac']) + colors.get_color("ENDC")) break else: # not in auth vendors print( colors.get_color("FAIL") + "[%s | %s] Strange Free WiFi. Possible Rogue Access Point!" % (scanned_ap['essid'], scanned_ap['mac']) + colors.get_color("ENDC")) break # UPorto elif (scanned_ap['essid'] == "UPorto" and "eduroam" in captured_ap['essid']): last_byte = captured_ap['mac'][15:] val = int(last_byte, base=16) val_inc = hex(val + 2)[2:] correct_bssid = captured_ap['mac'][:-2] + val_inc ## DEBUG ##print("Produced correct BSSID: %s and CH: %s" % (correct_bssid, captured_ap['channel'])) ##print("Scanned AP BSSID: %s and CH: %s" % (scanned_ap['mac'], scanned_ap['channel'])) if (scanned_ap['mac'] == correct_bssid.upper() and scanned_ap['channel'] == captured_ap['channel']): print( colors.get_color("OKGREEN") + "[%s | %s] Probable Valid Free WiFi." % (scanned_ap['essid'], scanned_ap['mac']) + colors.get_color("ENDC")) break else: # not in auth vendors print( colors.get_color("FAIL") + "[%s | %s] Strange Free WiFi. Possible Rogue Access Point!" % (scanned_ap['essid'], scanned_ap['mac']) + colors.get_color("ENDC")) break else: # not in auth vendors print( colors.get_color("FAIL") + "[%s | %s] Strange Free WiFi. Possible Rogue Access Point!" % (scanned_ap['essid'], scanned_ap['mac']) + colors.get_color("ENDC"))
def aps_lookup(pkt): global table_of_manufacturers global channel table_of_manufacturers = manufacturer.MacParser( manufacturer_table).refresh() parsed_list = [] ap = {} if (channel > 13): channel = 1 channel_hopper() channel += 1 # we are checking if ssid is already in the access_points list (and we also want same ssid with different bssid) if ((pkt.haslayer(Dot11Beacon) or pkt.haslayer(Dot11ProbeResp)) and (pkt[Dot11].addr3 not in access_points)): # for future work #print pkt[Dot11].cap #print pkt[Dot11ProbeResp].cap access_points.add(pkt[Dot11].addr3) ssid = pkt[Dot11].info ap.update({"essid": ssid}) bssid = pkt[Dot11].addr3 ap.update({"mac": bssid.upper()}) channel = int(ord(pkt[Dot11Elt:3].info)) ap.update({"channel": channel}) capability = pkt.sprintf("{Dot11Beacon:%Dot11Beacon.cap%}\ {Dot11ProbeResp:%Dot11ProbeResp.cap%}") extra = pkt.notdecoded sig_str = -(256 - ord(extra[-4:-3])) ap.update({"signal": sig_str}) manufacturer_data = manufacturer.search(table_of_manufacturers, str(pkt.addr2)) if (manufacturer_data == []): vendor = "Not Found" ap.update({"manufacturer": "Null"}) else: vendor = manufacturer_data[0].manuf ap.update({"manufacturer": vendor}) if (str(vendor) == "None"): vendor = "Not Found" if (re.search("privacy", capability)): encryption = "1" key_type = "Protected" ap.update({"key type": key_type}) # for future work #print pkt[Dot11Elt].ID #if (pkt[Dot11Elt].ID == 48): # key_type = "WPA2" # ap.update({"key type":key_type}) # encryption = key_type #elif (pkt[Dot11Elt].ID == 221 and pkt[Dot11Elt].info.startswith('\x00P\xf2\x01\x01\x00')): # key_type = "WEP" # ap.update({"key type":key_type}) # encryption = key_type #encryption = "1" #key_type="Yes" #ap.update({"key type":key_type}) else: encryption = "0" key_type = "Open" ap.update({"key type": key_type}) # call passive detectors if (profile): passive_detectors.authorized_aps(ap, profile) passive_detectors.free_WiFis_detect(ap, captured_aps) passive_detectors.spot_karma(ap) captured_aps.append(ap) spaces = 23 - len(ssid) spaces = ' ' * spaces if encryption == "0": print colors.get_color("OKGREEN") + "%s %s %s %2d %s %s %s" % ( ssid, spaces, bssid, int(channel), vendor, encryption, sig_str) + colors.get_color("ENDC") else: print "%s %s %s %2d %s %s %s" % ( ssid, spaces, bssid, int(channel), vendor, encryption, sig_str) ## For Database Module ##db_api.insert_in_db_scapy(conn, ssid, bssid, int(channel), vendor, encryption) signal.signal(signal.SIGINT, signal_handler)
def check_root(): if os.geteuid() != 0: print( colors.get_color("FAIL") + "[!] Requires root" + colors.get_color("ENDC")) sys.exit(0)
def printHeader(): print( colors.get_color("WARNING") + "SSID\t\t\t\tBSSID\t CH BRAND\tENC RSSI" + colors.get_color("ENDC"))
def scan(*arg): active_probing, profile = False, False email = arg[0] interface = arg[1] global interface_monitor if(len(arg) == 3): profile = arg[2] elif(len(arg) == 4): active_probing = arg[2] interface_monitor = arg[3] elif(len(arg) == 4): profile = arg[2] active_probing = arg[3] interface_monitor = arg[4] global table_of_manufacturers table_of_manufacturers = manufacturer.MacParser( manufacturer_table).refresh() table = ['Date', 'AP Name', 'CH', 'BSSID', 'Brand', 'Signal', 'Quality', 'Frequency', 'Encryption', 'Cipher', 'Authentication', 'TSF'] print(colors. get_color("BOLD") + '{:^22s}|{:^24s}|{:^9s}|{:^19s}|{:^15s}|{:^8s}|{:^9s}|{:^11s}|{:^18s}|{:^8s}|{:^16s}|{:^16s}'.format( table[0], table[1], table[2], table[3], table[4], table[5], table[6], table[7], table[8], table[9], table[10], table[11]) + colors.get_color("ENDC"), flush=True) while True: ap_list = get_results(interface) try: for line in ap_list: # filter to check if APs already exists if filter_aps(line, profile): limited = False if (noknowledge_detector.suspicious_behaviours(line, captured_aps) == "suspicious_1"): print(colors.get_color("FAIL") + '{:^22s} {:<23s} {:^9s} {:^19s} {:^15s} {:^8s} {:^9s} {:^10s} {:^18s} {:^8s} {:^16s} {:<18s}'.format(getTimeDate( ), line['essid'], line['channel'], line['mac'], line['manufacturer'], line['signal'], line['quality'], line['frequency'], line['key type'], line['group cipher'], line['authentication suites'], line['tsf']) + colors.get_color("ENDC"), flush=True) # captured AP with same bssid and dif essid and encryption (karma) elif (noknowledge_detector.suspicious_behaviours(line, captured_aps) == "suspicious_2" or noknowledge_detector.suspicious_behaviours(line, captured_aps) == "suspicious_4"): print(colors.get_color("FAIL1") + '{:^22s} {:<23s} {:^9s} {:^19s} {:^15s} {:^8s} {:^9s} {:^10s} {:^18s} {:^8s} {:^16s} {:<18s}'.format(getTimeDate( ), line['essid'], line['channel'], line['mac'], line['manufacturer'], line['signal'], line['quality'], line['frequency'], line['key type'], line['group cipher'], line['authentication suites'], line['tsf']) + colors.get_color("ENDC"), flush=True) # captured AP with same essid, bssid, encryption and dif channel elif (noknowledge_detector.suspicious_behaviours(line, captured_aps) == "suspicious_3"): print(colors.get_color("FAIL2") + '{:^22s} {:<23s} {:^9s} {:^19s} {:^15s} {:^8s} {:^9s} {:^10s} {:^18s} {:^8s} {:^16s} {:<18s}'.format(getTimeDate( ), line['essid'], line['channel'], line['mac'], line['manufacturer'], line['signal'], line['quality'], line['frequency'], line['key type'], line['group cipher'], line['authentication suites'], line['tsf']) + colors.get_color("ENDC"), flush=True) # captured AP with same essid, bssid, channel and dif encryption elif (noknowledge_detector.suspicious_behaviours(line, captured_aps) == "suspicious_4"): print(colors.get_color("ORANGE") + '{:^22s} {:<23s} {:^9s} {:^19s} {:^15s} {:^8s} {:^9s} {:^10s} {:^18s} {:^8s} {:^16s} {:<18s}'.format(getTimeDate( ), line['essid'], line['channel'], line['mac'], line['manufacturer'], line['signal'], line['quality'], line['frequency'], line['key type'], line['group cipher'], line['authentication suites'], line['tsf']) + colors.get_color("ENDC"), flush=True) else: email.sendmail("*****@*****.**", "*****@*****.**", "Rouge AP detected..") print('{:^22s} {:<23s} {:^9s} {:^19s} {:^15s} {:^8s} {:^9s} {:^10s} {:^18s} {:^8s} {:^16s} {:<18s}'.format(getTimeDate( ), line['essid'], line['channel'], line['mac'], line['manufacturer'], line['signal'], line['quality'], line['frequency'], line['key type'], line['group cipher'], line['authentication suites'], line['tsf'])) if(profile): passive_detectors.authorized_aps(line, profile) if(line['key type'] == "Open"): passive_detectors.free_WiFis_detect(line, captured_aps) passive_detectors.spot_karma(line) # passive_detectors.deauth_detector(interface_monitor) # new stufx if (active_probing): passive_detectors.spoting_PineAP( line, active_probing, interface_monitor) else: passive_detectors.spoting_PineAP(line) passive_detectors.check_tsf(line) captured_aps.append(line) signal.signal(signal.SIGINT, signal_handler) time.sleep(1) except Exception as err: logs_api.errors_log(str(err)) pass
def sniffRequests(p): global auth_reqs global assoc_reqs if (p.haslayer(Dot11Auth)): print( colors.get_color("BOLD") + "[%s] " % getTimeDate() + colors.get_color("OKGREEN") + "Authentication packet found from %s to %s" % (p[Dot11].addr2, p[Dot11].addr1) + colors.get_color("ENDC")) auth_reqs += 1 if (p.haslayer(Dot11AssoReq)): print( colors.get_color("BOLD") + "[%s] " % getTimeDate() + colors.get_color("OKBLUE") + "Association request found from %s to %s" % (p[Dot11].addr2, p[Dot11].addr1) + colors.get_color("ENDC")) assoc_reqs += 1 if (p.haslayer(Dot11Deauth)): print( colors.get_color("BOLD") + "[%s] " % getTimeDate() + colors.get_color("PURPLE") + "Deauthentication packet found from %s to %s Reason -> %s" % (p[Dot11].addr2, p[Dot11].addr1, p[Dot11Deauth].reason) + colors.get_color("ENDC")), error_code = int(p[Dot11Deauth].reason) print deauth_error_codes[error_code] if (auth_reqs >= 20): print( colors.get_color("FAIL") + "[WiFi Attack] Probable PMKID attack.\nReason: Too many Authentication requests." + colors.get_color("ENDC")) auth_reqs = 0 if (assoc_reqs >= 20): print( colors.get_color("FAIL") + "[WiFi Attack] Probable PMKID attack.\nReason: Too many Association requests." + colors.get_color("ENDC")) assoc_reqs = 0 signal.signal(signal.SIGINT, signal_handler)
def authorized_aps(scanned_ap, profile): with open(profile, 'r') as f: next(f) #skipping first line t = 0 for line in f: auth_ssid, auth_enc, auth_rssi, auth_ch = line.split( )[0], line.split()[1], line.split()[2], line.split()[3] auth_rssi = int(auth_rssi) auth_ch = int(auth_ch) nr_auth_aps = int(line.split()[4]) if (scanned_ap['essid'] == auth_ssid): auth_bssids = [] c = 5 while c < len(line.split()): auth_bssids.append(line.split()[c]) c += 1 if (c > 6): t = c - 6 ## DEBUG #print ("scanned ap: %s" % scanned_ap['mac']) #print ("auth bssids: %s" % auth_bssids) if (scanned_ap['mac'] in auth_bssids): #(.lower()) if (auth_enc != 'Open' and scanned_ap['key type'] == "Open"): print( colors.get_color("FAIL") + "[%s | %s] Possible Rogue Access Point!\n[Type] Evil Twin, different encryption." % (scanned_ap['essid'], scanned_ap['mac']) + colors.get_color("ENDC")) break if (auth_ch != int(scanned_ap['channel'])): print( colors.get_color("FAIL") + "[%s | %s] Possible Rogue Access Point!\n[Type] Multichannel AP." % (scanned_ap['essid'], scanned_ap['mac']) + colors.get_color("ENDC")) break if (abs(int(scanned_ap['signal'])) > auth_rssi + 15 or abs(int(scanned_ap['signal'])) < auth_rssi - 15): print( colors.get_color("FAIL") + "[%s | %s] Strange RSSI!!! Associate? (y/n)" % (scanned_ap['essid'], scanned_ap['mac']) + colors.get_color("ENDC")) ##print ("the timeout: %s" % TIMEOUT) signal.alarm(TIMEOUT) assoc = yes_or_no() signal.alarm(0) if (assoc == "y"): iface = str( raw_input( "Choose an interface for the association process: " )) if (scanned_ap['key type'] == "Open"): p = multiprocessing.Process( associate.associateToAp( scanned_ap['essid'], scanned_ap['mac'], '', iface)) p.start() else: pwd = str(raw_input("Enter the AP password: "******"t = %s and nr_auth_aps = %s" % (t,nr_auth_aps) if (t == nr_auth_aps): print( colors.get_color("FAIL") + "[%s | %s] Possible Rogue Access Point!\n[Type] Evil Twin, unauthorized bssid." % (scanned_ap['essid'], scanned_ap['mac']) + colors.get_color("ENDC")) ## Testing Network if (scanned_ap['essid'] == "LAB_NETWORK"): print( colors.get_color("FAIL") + "[%s | %s] Associate? (y/n)" % (scanned_ap['essid'], scanned_ap['mac']) + colors.get_color("ENDC")) signal.alarm(TIMEOUT) assoc = yes_or_no() signal.alarm(0) if (assoc == "y"): iface = str( raw_input( "Choose an interface for the association process: " )) if (scanned_ap['key type'] == "Open"): p = multiprocessing.Process( associate.associateToAp(scanned_ap['essid'], scanned_ap['mac'], '', iface)) p.start() else: pwd = str(raw_input("Enter the AP password: ")) p = multiprocessing.Process( associate.associateToAp(scanned_ap['essid'], scanned_ap['mac'], pwd, iface)) p.start() else: break
def interrupted(signum, frame): print( colors.get_color("GRAY") + 'Skipping association...' + colors.get_color("ENDC")) sys.exit(0)