def channel_hopper():
try:
os.system("sudo iw dev %s set channel %d" % (interface, channel))
except Exception, err:
logs_api.errors_log(str(err))
pass
def filter_aps(*arg):
access_point = arg[0]
profile = arg[1]
# if profile mode is enabled filter results just for that essid
filtered_ssid = ""
if (profile):
with open(profile, 'r') as f:
next(f) #skipping first line
for line in f:
filtered_ssid = line.split()[0]
break
if access_point['essid'] != filtered_ssid:
return False
for ap in captured_aps:
try:
if ap['essid'] == access_point['essid'] and ap[
'mac'] == access_point['mac'] and ap[
'channel'] == access_point['channel'] and ap[
'key type'] == access_point['key type'] and ap[
'group cipher'] == access_point[
'group cipher'] and (
abs(int(access_point['signal'])) <=
abs(int(ap['signal'])) + 20
and abs(int(access_point['signal'])) >=
abs(int(ap['signal'])) - 20):
return False
except Exception as e:
logs_api.errors_log("Exception found: " + str(e))
pass
return True
def call_active_methods(iface, ap_name, bssid):
internal_ip = active_detectors.get_internal_IP(iface)
print ("Internal IP: %s" % internal_ip)
external_ip = active_detectors.get_external_IP()
print ("External IP: %s" % external_ip)
isp = active_detectors.get_ISP(external_ip)
print ("ISP: %s" % isp)
#active_detectors.traceroute(hostname_internal, iface) # test internal address
hostname_external = "8.8.8.8"
print(colors.get_color("ORANGE")+"Calculating the traceroute..."+colors.get_color("ENDC"))
traceroute_val = active_detectors.traceroute(hostname_external, iface)
print ("Traceroute for %s: %s" % (hostname_external, traceroute_val)) # test external address)
print(colors.get_color("ORANGE")+"Checking AP fingerprint..."+colors.get_color("ENDC"))
cp_name = active_detectors.get_AP_fingerprint()
print ("Fingerprint computer name: %s" % cp_name)
# disconnect
print(colors.get_color("ORANGE")+"Disconnecting from [%s | %s]" % (ap_name,bssid) +colors.get_color("ENDC"))
try:
os.system("nmcli device disconnect "+iface)
except Exception as Error:
logs_api.errors_log("Error: "+str(subprocess.CalledProcessError))
pass
return
def get_external_IP():
try:
external_ip = subprocess.check_output(" dig +short myip.opendns.com @resolver1.opendns.com ", shell=True)
return external_ip.strip()
except subprocess.CalledProcessError:
logs_api.errors_log("Error: "+str(subprocess.CalledProcessError))
pass
return
def get_internal_IP(iface):
try:
internal_ip = subprocess.check_output(" ip addr show "+iface+" | grep 'inet ' | awk -F' ' '{print $2}' ", shell=True)
return internal_ip.strip()
except subprocess.CalledProcessError:
logs_api.errors_log("Error: "+str(subprocess.CalledProcessError))
pass
return
def signal_handler(signal, frame):
try:
manage_interfaces.disable_monitor(interface_monitor)
except err:
logs_api.errors_log(str(err))
pass
print(colors.get_color("GRAY") +
"\nExiting...\nGoodbye!"+colors.get_color("ENDC"), flush=True)
sys.exit(0)
def get_results(interface):
list_of_results=[]
try:
#Call the process to get the output to parse
proc = subprocess.check_output("sudo iwlist "+interface+" scan",shell=True)
#Break the output making an array containing the info of each Access Point
list_of_results = re.split(r'\bCell \d{2}\b - ',proc)[1:]
except subprocess.CalledProcessError:
logs_api.errors_log("Error"+str(subprocess.CalledProcessError))
return parse(list_of_results)
def get_AP_fingerprint():
try:
gateway = subprocess.check_output(" netstat -nr | grep 'UG[ \t]' | awk 'NR==2 {print $2}' ", shell=True)
gateway = gateway.strip()
print(gateway)
cp_name = subprocess.check_output(" nmap -sC -O "+gateway+" | grep 'Computer name' | awk '{print $4}' ", shell=True)
return cp_name
except subprocess.CalledProcessError:
logs_api.errors_log("Error: "+str(subprocess.CalledProcessError))
pass
return
def get_ISP(external_ip):
url = "http://ip-api.com/json/"
req_isp = "?fields=isp"
try:
r = requests.get(url+external_ip+req_isp)
isp = json.loads(r.text)["isp"]
return isp
except Exception as Error:
logs_api.errors_log("Error: "+str(Error))
pass
return
def channel_hopper():
#current_ch = 6
#while True:
try:
#current_ch+=1
#if(current_ch > 13):
# current_ch = 1
#print("The current_ch: %s" % str(channel))
os.system("sudo iw dev %s set channel %d" % (interface, channel))
#time.sleep(0.5)
except Exception, err:
logs_api.errors_log(str(err))
pass
def traceroute(hostname, iface):
try:
out = subprocess.check_output("traceroute "+hostname+" -i "+iface, shell=True)
count = 0
for line in out.split('\n')[1:]:
if line:
count += 1
return count
except subprocess.CalledProcessError:
logs_api.errors_log("Error: "+str(subprocess.CalledProcessError))
pass
return
def scan(*arg):
##print ("Scanning "+str(len(arg)))
active_probing, profile = False, False
interface = arg[0]
if(len(arg)==2):
profile = arg[1]
elif(len(arg)==3):
active_probing = arg[1]
interface_monitor = arg[2]
elif(len(arg)==4):
profile = arg[1]
active_probing = arg[2]
interface_monitor = arg[3]
global table_of_manufacturers
table_of_manufacturers = manufacturer.MacParser(manufacturer_table).refresh()
sys.stdout=Unbuffered(sys.stdout)
table = ['Date','AP Name','CH','BSSID','Brand','Signal','Quality','Frequency','Encryption','Cipher', 'Authentication','TSF']
print (colors.get_color("BOLD") + '{:^22s}|{:^24s}|{:^9s}|{:^19s}|{:^15s}|{:^8s}|{:^9s}|{:^11s}|{:^18s}|{:^8s}|{:^16s}|{:^16s}'.format(table[0],table[1],table[2],table[3],table[4],table[5],table[6],table[7],table[8],table[9],table[10],table[11]) + colors.get_color("ENDC"))
while True:
ap_list = get_results(interface)
try:
for line in ap_list:
# filter to check if APs already exists
if filter_aps(line, profile):
limited = False
if len(line['essid'])>21:
limited = True
# apply detections heuristics
if limited:
if (noknowled_detector.suspicious_behaviours(line,captured_aps) == "suspicious_1"):
print (colors.get_color("FAIL") + '{:^22s} {:<23s} {:^9s} {:^19s} {:^15s} {:^8s} {:^9s} {:^10s} {:^18s} {:^8s} {:^16s} {:<18s}'.format(getTimeDate(),line['essid'][0:21],line['channel'],line['mac'], line['manufacturer'],line['signal'],line['quality'],line['frequency'],line['key type'],line['group cipher'], line['authentication suites'], line['tsf']) + colors.get_color("ENDC") )
elif (noknowled_detector.suspicious_behaviours(line,captured_aps) == "suspicious_2" or noknowled_detector.suspicious_behaviours(line,captured_aps) == "suspicious_4"):
print (colors.get_color("FAIL1") + '{:^22s} {:<23s} {:^9s} {:^19s} {:^15s} {:^8s} {:^9s} {:^10s} {:^18s} {:^8s} {:^16s} {:<18s}'.format(getTimeDate(),line['essid'][0:21],line['channel'],line['mac'], line['manufacturer'],line['signal'],line['quality'],line['frequency'],line['key type'],line['group cipher'], line['authentication suites'], line['tsf']) + colors.get_color("ENDC") )
elif (noknowled_detector.suspicious_behaviours(line,captured_aps) == "suspicious_3"):
print (colors.get_color("FAIL2") + '{:^22s} {:<23s} {:^9s} {:^19s} {:^15s} {:^8s} {:^9s} {:^10s} {:^18s} {:^8s} {:^16s} {:<18s}'.format(getTimeDate(),line['essid'][0:21],line['channel'],line['mac'], line['manufacturer'],line['signal'],line['quality'],line['frequency'],line['key type'],line['group cipher'], line['authentication suites'], line['tsf']) + colors.get_color("ENDC") )
else:
print '{:^22s} {:<23s} {:^9s} {:^19s} {:^15s} {:^8s} {:^9s} {:^10s} {:^18s} {:^8s} {:^16s} {:<18s}'.format(getTimeDate(),line['essid'][0:21],line['channel'],line['mac'], line['manufacturer'],line['signal'],line['quality'],line['frequency'],line['key type'],line['group cipher'], line['authentication suites'], line['tsf'])
else:
if (noknowled_detector.suspicious_behaviours(line,captured_aps) == "suspicious_1"):
print (colors.get_color("FAIL") + '{:^22s} {:<23s} {:^9s} {:^19s} {:^15s} {:^8s} {:^9s} {:^10s} {:^18s} {:^8s} {:^16s} {:<18s}'.format(getTimeDate(),line['essid'],line['channel'],line['mac'], line['manufacturer'],line['signal'],line['quality'],line['frequency'],line['key type'],line['group cipher'], line['authentication suites'], line['tsf']) + colors.get_color("ENDC") )
elif (noknowled_detector.suspicious_behaviours(line,captured_aps) == "suspicious_2" or noknowled_detector.suspicious_behaviours(line,captured_aps) == "suspicious_4"):
print (colors.get_color("FAIL1") + '{:^22s} {:<23s} {:^9s} {:^19s} {:^15s} {:^8s} {:^9s} {:^10s} {:^18s} {:^8s} {:^16s} {:<18s}'.format(getTimeDate(),line['essid'],line['channel'],line['mac'], line['manufacturer'],line['signal'],line['quality'],line['frequency'],line['key type'],line['group cipher'], line['authentication suites'], line['tsf']) + colors.get_color("ENDC") )
elif (noknowled_detector.suspicious_behaviours(line,captured_aps) == "suspicious_3"):
print (colors.get_color("FAIL2") + '{:^22s} {:<23s} {:^9s} {:^19s} {:^15s} {:^8s} {:^9s} {:^10s} {:^18s} {:^8s} {:^16s} {:<18s}'.format(getTimeDate(),line['essid'],line['channel'],line['mac'], line['manufacturer'],line['signal'],line['quality'],line['frequency'],line['key type'],line['group cipher'], line['authentication suites'], line['tsf']) + colors.get_color("ENDC") )
else:
print '{:^22s} {:<23s} {:^9s} {:^19s} {:^15s} {:^8s} {:^9s} {:^10s} {:^18s} {:^8s} {:^16s} {:<18s}'.format(getTimeDate(),line['essid'],line['channel'],line['mac'], line['manufacturer'],line['signal'],line['quality'],line['frequency'],line['key type'],line['group cipher'], line['authentication suites'], line['tsf'])
if(profile):
passive_detectors.authorized_aps(line, profile)
if( line['key type'] == "Open"):
passive_detectors.free_WiFis_detect(line, captured_aps)
passive_detectors.spot_karma(line)
#passive_detectors.deauth_detector(interface_monitor) # new stufx
if (active_probing):
passive_detectors.spoting_PineAP(line, active_probing, interface_monitor)
else:
passive_detectors.spoting_PineAP(line)
#if (deauth_detect):
#passive_detectors.deauth_detector(interface_monitor) # new stufx
# end of detections heuristics
passive_detectors.check_tsf(line)
captured_aps.append(line)
signal.signal(signal.SIGINT, signal_handler)
time.sleep(1)
except Exception, err:
logs_api.errors_log(str(err))
pass
def signal_handler(signal, frame): try: manage_interfaces.disable_monitor(interface_monitor) except Exception, err: logs_api.errors_log(str(err)) pass
def scan(*arg):
active_probing, profile = False, False
email = arg[0]
interface = arg[1]
global interface_monitor
if(len(arg) == 3):
profile = arg[2]
elif(len(arg) == 4):
active_probing = arg[2]
interface_monitor = arg[3]
elif(len(arg) == 4):
profile = arg[2]
active_probing = arg[3]
interface_monitor = arg[4]
global table_of_manufacturers
table_of_manufacturers = manufacturer.MacParser(
manufacturer_table).refresh()
table = ['Date', 'AP Name', 'CH', 'BSSID', 'Brand', 'Signal', 'Quality',
'Frequency', 'Encryption', 'Cipher', 'Authentication', 'TSF']
print(colors. get_color("BOLD") + '{:^22s}|{:^24s}|{:^9s}|{:^19s}|{:^15s}|{:^8s}|{:^9s}|{:^11s}|{:^18s}|{:^8s}|{:^16s}|{:^16s}'.format(
table[0], table[1], table[2], table[3], table[4], table[5], table[6], table[7], table[8], table[9], table[10], table[11]) + colors.get_color("ENDC"), flush=True)
while True:
ap_list = get_results(interface)
try:
for line in ap_list:
# filter to check if APs already exists
if filter_aps(line, profile):
limited = False
if (noknowledge_detector.suspicious_behaviours(line, captured_aps) == "suspicious_1"):
print(colors.get_color("FAIL") + '{:^22s} {:<23s} {:^9s} {:^19s} {:^15s} {:^8s} {:^9s} {:^10s} {:^18s} {:^8s} {:^16s} {:<18s}'.format(getTimeDate(
), line['essid'], line['channel'], line['mac'], line['manufacturer'], line['signal'], line['quality'], line['frequency'], line['key type'], line['group cipher'], line['authentication suites'], line['tsf']) + colors.get_color("ENDC"), flush=True)
# captured AP with same bssid and dif essid and encryption (karma)
elif (noknowledge_detector.suspicious_behaviours(line, captured_aps) == "suspicious_2" or noknowledge_detector.suspicious_behaviours(line, captured_aps) == "suspicious_4"):
print(colors.get_color("FAIL1") + '{:^22s} {:<23s} {:^9s} {:^19s} {:^15s} {:^8s} {:^9s} {:^10s} {:^18s} {:^8s} {:^16s} {:<18s}'.format(getTimeDate(
), line['essid'], line['channel'], line['mac'], line['manufacturer'], line['signal'], line['quality'], line['frequency'], line['key type'], line['group cipher'], line['authentication suites'], line['tsf']) + colors.get_color("ENDC"), flush=True)
# captured AP with same essid, bssid, encryption and dif channel
elif (noknowledge_detector.suspicious_behaviours(line, captured_aps) == "suspicious_3"):
print(colors.get_color("FAIL2") + '{:^22s} {:<23s} {:^9s} {:^19s} {:^15s} {:^8s} {:^9s} {:^10s} {:^18s} {:^8s} {:^16s} {:<18s}'.format(getTimeDate(
), line['essid'], line['channel'], line['mac'], line['manufacturer'], line['signal'], line['quality'], line['frequency'], line['key type'], line['group cipher'], line['authentication suites'], line['tsf']) + colors.get_color("ENDC"), flush=True)
# captured AP with same essid, bssid, channel and dif encryption
elif (noknowledge_detector.suspicious_behaviours(line, captured_aps) == "suspicious_4"):
print(colors.get_color("ORANGE") + '{:^22s} {:<23s} {:^9s} {:^19s} {:^15s} {:^8s} {:^9s} {:^10s} {:^18s} {:^8s} {:^16s} {:<18s}'.format(getTimeDate(
), line['essid'], line['channel'], line['mac'], line['manufacturer'], line['signal'], line['quality'], line['frequency'], line['key type'], line['group cipher'], line['authentication suites'], line['tsf']) + colors.get_color("ENDC"), flush=True)
else:
email.sendmail("*****@*****.**", "*****@*****.**", "Rouge AP detected..")
print('{:^22s} {:<23s} {:^9s} {:^19s} {:^15s} {:^8s} {:^9s} {:^10s} {:^18s} {:^8s} {:^16s} {:<18s}'.format(getTimeDate(
), line['essid'], line['channel'], line['mac'], line['manufacturer'], line['signal'], line['quality'], line['frequency'], line['key type'], line['group cipher'], line['authentication suites'], line['tsf']))
if(profile):
passive_detectors.authorized_aps(line, profile)
if(line['key type'] == "Open"):
passive_detectors.free_WiFis_detect(line, captured_aps)
passive_detectors.spot_karma(line)
# passive_detectors.deauth_detector(interface_monitor) # new stufx
if (active_probing):
passive_detectors.spoting_PineAP(
line, active_probing, interface_monitor)
else:
passive_detectors.spoting_PineAP(line)
passive_detectors.check_tsf(line)
captured_aps.append(line)
signal.signal(signal.SIGINT, signal_handler)
time.sleep(1)
except Exception as err:
logs_api.errors_log(str(err))
pass
