forked from haxorthematrix/loc-nogps
-
Notifications
You must be signed in to change notification settings - Fork 0
/
BSSIDbrute.py
executable file
·146 lines (130 loc) · 5.49 KB
/
BSSIDbrute.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
#!/usr/bin/python
############################################################################
# #
# Name: Geolocate multiple, unknown BSSIDs using Google #
# #
# Description: BSSIDlookup accepts one input to the command line #
# and utilizes the iSniff GPS/undocumented API call to #
# determine location of APs, while filling in for unknown #
# for up to 3 octets. #
# #
# Usage: ./BSSIDbrute.py <01:23:x:67:x:ab> #
# an "x" should represent the octets to bruteforce #
# #
# Requirements: Python #
# python-requests #
# BeautifulSoup #
# bs4 #
# iSniffGPS wloc (included) #
# #
# Authors: Larry Pesce - larry@inguardians.com @haxorthematrix #
# Don Weber - don@inguardians.com @cutaway #
# #
# Credits: * Nathan Sweaney - nathan@sweaney.com, for his work on KLV #
# where some of this code was adapted from/inspired by. #
# * Secure Ideas - RE: Nathan Sweaney #
# * @hubert3 - hubert(at)pentest.com, for his hard work on #
# iSniffGPS, as this project would not be possible without it. #
# * Francois-Xavier Aguessy and Come Demoustier - For their work #
# in the undocumented Apple API call for geolocation. #
# * @cutaway - for being a great friend, co-worker, and #
# instructing this python n00b in the ways of the force. #
# * InGuardians - for giving me a chance, and the honor of #
# working with and for my heroes. #
# * @edwardmccabe and anonymous donors for sample files! #
# #
# Date: September 19, 2014 #
# #
############################################################################
import sys
import applewloc
import pygmaps
import webbrowser
import os
def usage():
print "%s Usage"%sys.argv[0]
print " -h: help"
print " -b <bssid>: BSSID to search. Format: 01:23:x:67:x:ab. Search locations should be a single 'x'."
print " -d: Turn on debugging."
print " -w: Opens web browser. Requires -m"
print " -m: Generate google map. Defaults to mymap.draw.html"
print " -o: Custom filename map output"
sys.exit()
# Defaults
bssid = None
STATUS = False
DEBUG = False
output_file = "mymap.draw.html"
writemap = True
mymap = None
openbrowser = False
networks = {}
# Process options
ops = ['-b','-d','-h','-o','-w']
while len(sys.argv) > 1:
op = sys.argv.pop(1)
if op == '-b':
# Get user input and make it all lower case
bssid = sys.argv.pop(1).lower()
if bssid.count(':') != 5: usage()
if op == '-d':
DEBUG = True
applewloc.DEBUG = True
if op == '-o':
output_file = sys.argv.pop(1)
if op == '-w':
openbrowser = True
if op == '-h':
usage()
if op not in ops:
print "Unknown option:",op
usage()
# Test for user input
if not bssid: usage()
if DEBUG: print "In bssid:",bssid
# Build possible values. These will be lower.
max_octet = 256
octets = [chr(x).encode('hex') for x in range(max_octet)]
# Generate possible networks
re_chr = 'x'
if not bssid.count(re_chr) or bssid.count(re_chr) > 3:
print "Expected input 12:x:45:x:67:x with max of 3 x\'s"
sys.exit()
# First run
tmp = [bssid.replace('x',x,1) for x in octets]
# Second run
if tmp[0].count('x'):
tmp2 = []
for e in tmp:
tmp2.extend([e.replace('x',x,1) for x in octets])
tmp = tmp2
# Third run
if tmp[0].count('x'):
print "You know this is going to take FOREVER, right?"
tmp2 = []
for e in tmp:
tmp2.extend([e.replace('x',x,1) for x in octets])
tmp = tmp2
# Search for networks
for e in tmp:
# Process each bssid
network = applewloc.AppleWloc(bssid=e)
#print "networks:",network
networks.update(network)
# Print each network discovered
applewloc.print_locs(network)
#networks = applewloc.AppleWloc(bssid)
#print "networks:",networks
#if writemap == True:
# Create Google map of networks
base_bssid = networks.keys()[0]
mymap = pygmaps.maps((networks[base_bssid][0]),(networks[base_bssid][1]), 4)
for e in networks.keys():
mymap.addpoint(networks[e][0],networks[e][1],color = "#FF0000",title = [e])
mymap.draw('./'+output_file)
output_file = os.path.abspath(output_file)
print "File written to:", output_file
# Open in web browser
if openbrowser == True:
webbrowser.open_new_tab("file://"+output_file)
print "%s Done."%sys.argv[0]