def scan(*arg):
interface = arg[0]
ssids = arg[1]
table = [
'Date', 'AP Name', 'CH', 'BSSID', 'Signal', 'Quality', 'Frequency',
'Encryption', 'Cipher', 'Authentication', 'TSF'
]
print(
colors.get_color("BOLD") +
'{:^22s}|{:^24s}|{:^9s}|{:^19s}|{:^8s}|{:^9s}|{:^11s}|{:^18s}|{:^8s}|{:^16s}|{:^16s}'
.format(table[0], table[1], table[2], table[3], table[4], table[5],
table[6], table[7], table[8], table[9], table[10]) +
colors.get_color("ENDC"),
flush=True)
while True:
ap_list = get_results(interface)
try:
for line in ap_list:
# filter to check if APs already exists
if filter_aps(line):
print(
'{:^22s} {:<23s} {:^9s} {:^19s} {:^8s} {:^9s} {:^10s} {:^18s} {:^8s} {:^16s} {:<18s}'
.format(getTimeDate(), line['essid'], line['channel'],
line['mac'], line['signal'], line['quality'],
line['frequency'], line['key type'],
line['group cipher'],
line['authentication suites'], line['tsf']),
flush=True)
captured_aps.append(line)
time.sleep(1)
except Exception as err:
print(err, "ERROR")
pass
def spot_karma(scanned_ap):
##DEBUG
#print("Looking fot karmas...")
#print phishing_karma
#print (scanned_ap['mac'] in phishing_karma and scanned_ap['essid'] not in phishing_karma)
if (scanned_ap['mac'] in phishing_karma):
c = len(phishing_karma.values())
cp = 0
for i in range(c):
if (scanned_ap['essid'] in phishing_karma.values()[i]
and scanned_ap['mac'] in phishing_karma.values()[i]):
break
#print ("scanned_ap %s" % scanned_ap['essid'])
#print ("phishing_karma: %s" % phishing_karma.values()[i])
if (scanned_ap['essid'] not in phishing_karma.values()[i]):
cp += 1
if (cp == c):
phishing_karma[scanned_ap['mac']].add(scanned_ap['essid'])
print(
colors.get_color("FAIL") +
"[%s | %s] Karma Rogue Access Point!\n[Type] Karma attack."
% (scanned_ap['essid'], scanned_ap['mac']) +
colors.get_color("ENDC"))
break
else:
phishing_karma[scanned_ap['mac']] = set([scanned_ap['essid']])
def check_interface(iface):
try:
outputz = subprocess.check_output("iwlist " + iface + " scan", stderr=subprocess.STDOUT, shell=True)
except Exception as e:
print(colors.get_color("ORANGE") + "Please check your interface." + colors.get_color("ENDC"))
print(colors.get_color("GRAY") + "Exception: %s" % e + colors.get_color("ENDC") )
sys.exit(1)
def associateToAp(ap_name,bssid,pwd,iface):
if(pwd==''):
print(colors.get_color("ORANGE")+"Trying to associate to [%s | %s]" % (ap_name,bssid) +colors.get_color("ENDC"))
try:
#os.system("nmcli dev wifi connect "+ap_name+" bssid "+bssid+" ifname "+iface)
assoc_result = subprocess.check_output("nmcli dev wifi connect "+ap_name+" bssid "+bssid+" ifname "+iface, shell=True)
if ("Error:" not in str(assoc_result) ):
call_active_methods(iface, ap_name, bssid)
else:
print ("Associated!")
return
except Exception as e:
print("Exception: %s" %e)
return
else:
print(colors.get_color("ORANGE")+"Trying to associate to [%s | %s]" % (ap_name,bssid) +colors.get_color("ENDC"))
try:
#os.system("nmcli dev wifi connect "+str(ap_name)+" password "+str(pwd)+" bssid "+str(bssid).upper()+" ifname "+str(iface))
assoc_result = subprocess.check_output("nmcli dev wifi connect "+str(ap_name)+" password "+str(pwd)+" bssid "+str(bssid).upper()+" ifname "+str(iface), shell=True)
if ("Error:" not in str(assoc_result)):
print ("Associated!")
call_active_methods(iface, ap_name, bssid)
else:
print ("Not associated!")
return
except Exception as e:
print("Exception: %s" %e)
return
def intro():
print(colors.get_color("BOLD") +
" _ ____ ____ _ _ \n"+
" _ __ ___ __ _ _ _ ___ / \ | _ \ | _ \ ___| |_ ___ ___| |_ \n" +
"| '__/ _ \ / _` | | | |/ _ \ / _ \ | |_) | | | | |/ _ \ __/ _ \/ __| __| \n" +
"| | | (_) | (_| | |_| | __// ___ \| __/ | |_| | __/ || __/ (__| |_ \n"+
"|_| \___/ \__, |\__,_|\___/_/ \_\_| |____/ \___|\__\___|\___|\__| \n "+
" |___/ v1.0\n"+
"\t\t\t\tby Team Rogue_AP\n"+ colors.get_color("ENDC"))
def signal_handler(signal, frame):
try:
manage_interfaces.disable_monitor(interface_monitor)
except err:
logs_api.errors_log(str(err))
pass
print(colors.get_color("GRAY") +
"\nExiting...\nGoodbye!"+colors.get_color("ENDC"), flush=True)
sys.exit(0)
def main():
check_root()
try:
with open('ssids.json') as f:
ssids = json.load(f)
print(colors.get_color("ORANGE") + str(ssids) + colors.get_color("ENDC"))
except:
print(colors.get_color("FAIL") + "[x] File SSID.json Not Found" + colors.get_color("ENDC"))
sys.exit(0)
parse_args(ssids)
def wifi_attacks_detector(interface):
global interface_monitor
interface_monitor = interface
global auth_reqs
global assoc_reqs
auth_reqs = 0
assoc_reqs = 0
print(
colors.get_color("GRAY") + "WiFi Attacks Detection..." +
colors.get_color("ENDC"))
sniff(iface=interface_monitor, prn=sniffRequests, store=0)
def intro():
print(
colors.get_color("BOLD") +
" _ ____ ____ _ _ \n"
+
" _ __ ___ __ _ _ _ ___ / \ | _ \ | _ \ ___| |_ ___ ___| |_ \n"
+
"| '__/ _ \ / _` | | | |/ _ \ / _ \ | |_) | | | | |/ _ \ __/ _ \/ __| __| \n"
+
"| | | (_) | (_| | |_| | __// ___ \| __/ | |_| | __/ || __/ (__| |_ \n"
+
"|_| \___/ \__, |\__,_|\___/_/ \_\_| |____/ \___|\__\___|\___|\__| \n "
+
" |___/ v2.0\n"
+ "\t\t\t\tby Ricardo Gonçalves - 0x4notherik\n" +
colors.get_color("ENDC"))
def usage():
intro()
print_info("Usage: ./rogue_detector.py [option]")
print("\nOptions: -i interface\t\t -> the interface to monitor the network")
print("\t -s scan_type\t\t -> name of scanning type (iwlist, scapy)")
print(colors.get_color("BOLD")+"\nExample:sudo python3 ./rogue_detector.py -i iface -s iwlist"+colors.get_color("ENDC"))
def spoting_PineAP(*arg):
global interface_monitor
scanned_ap = arg[0]
active_probing = False
alfa_brand = "Alfa"
default_bssid = ":13:37:"
if (default_bssid in scanned_ap['mac']):
print(
colors.get_color("FAIL") +
"[%s | %s] Possible Rogue Access Point!\n[Type] PineAp RAP. (Acc: 1)"
% (scanned_ap['essid'], scanned_ap['mac']) +
colors.get_color("ENDC"))
elif (default_bssid in scanned_ap['mac']
and scanned_ap['key type'] == "Open"):
print(
colors.get_color("FAIL") +
"[%s | %s] Possible Rogue Access Point!\n[Type] PineAp RAP. (Acc: 2)"
% (scanned_ap['essid'], scanned_ap['mac']) +
colors.get_color("ENDC"))
elif (alfa_brand in scanned_ap['manufacturer']):
print(
colors.get_color("FAIL") +
"[%s | %s] Possible Rogue Access Point!\n[Type] Blacklisted BSSID. (Acc: 1)"
% (scanned_ap['essid'], scanned_ap['mac']) +
colors.get_color("ENDC"))
if (len(arg) > 2):
active_probing = arg[1]
interface_monitor = arg[2]
th1 = threading.Thread(target=gen_PineAp_ssid(scanned_ap))
th1.daemon = True
th1.start()
#p1 = multiprocessing.Process(target=gen_PineAp_ssid, args=(scanned_ap,))
#p1.start()
#p1.join()
if (active_probing):
th2 = threading.Thread(target=send_Probe_Req(interface_monitor))
th2.daemon = True
th2.start()
#p2 = multiprocessing.Process(target=send_Probe_Req, args=(interface_monitor,))
#p2.start()
#p2.join()
for pineAP_ssid in pineAP_ssids:
if (pineAP_ssid == scanned_ap['essid']):
print(
colors.get_color("FAIL") +
"[%s | %s] Possible Rogue Access Point!\n[Type] PineAp produced RAP (possible hidden RAP)."
% (scanned_ap['essid'], scanned_ap['mac']) +
colors.get_color("ENDC"))
active_probing = False
def usage():
intro()
print_info("Usage: ./rogue_detector.py [option]")
print(
"\nOptions: -i interface\t\t -> the interface to monitor the network")
print("\t -im interface\t\t -> interface for active mode")
print("\t -p profile\t\t -> name of the profile to load")
print("\t -s scan_type\t\t -> name of scanning type (iwlist, scapy)")
print("\t -h hive_mode\t\t -> creates an AP")
print("\t -d deauth\t\t -> deauthenticates users from target AP")
print(
"\t -wifi_attacks_detect\t -> detects deauthentication and pmkid attacks"
)
print("\t -a active_mode\t -> activates random probe requests")
print(
colors.get_color("BOLD") +
"\nExample: ./rogue_detector.py -i iface -s iwlist -p example_profile.txt"
+ colors.get_color("ENDC"))
def check_tsf(scanned_ap):
simple_poc_threshold_down = "0:01:00.10"
simple_poc_threshold_up = 800
scanned_tsf = scanned_ap['tsf'].split()[0]
if (scanned_tsf < simple_poc_threshold_down):
print(
colors.get_color("ORANGE") + "[%s | %s] Recently Created AP..." %
(scanned_ap['essid'], scanned_ap['mac']) +
colors.get_color("ENDC"))
if (len(scanned_ap['tsf'].split()) > 1):
if (int(scanned_tsf) > simple_poc_threshold_up):
print(
colors.get_color("ORANGE") + "[%s | %s] Strange uptime..." %
(scanned_ap['essid'], scanned_ap['mac']) +
colors.get_color("ENDC"))
def call_active_methods(iface, ap_name, bssid):
internal_ip = active_detectors.get_internal_IP(iface)
print ("Internal IP: %s" % internal_ip)
external_ip = active_detectors.get_external_IP()
print ("External IP: %s" % external_ip)
isp = active_detectors.get_ISP(external_ip)
print ("ISP: %s" % isp)
#active_detectors.traceroute(hostname_internal, iface) # test internal address
hostname_external = "8.8.8.8"
print(colors.get_color("ORANGE")+"Calculating the traceroute..."+colors.get_color("ENDC"))
traceroute_val = active_detectors.traceroute(hostname_external, iface)
print ("Traceroute for %s: %s" % (hostname_external, traceroute_val)) # test external address)
print(colors.get_color("ORANGE")+"Checking AP fingerprint..."+colors.get_color("ENDC"))
cp_name = active_detectors.get_AP_fingerprint()
print ("Fingerprint computer name: %s" % cp_name)
# disconnect
print(colors.get_color("ORANGE")+"Disconnecting from [%s | %s]" % (ap_name,bssid) +colors.get_color("ENDC"))
try:
os.system("nmcli device disconnect "+iface)
except Exception as Error:
logs_api.errors_log("Error: "+str(subprocess.CalledProcessError))
pass
return
def deauthenticate(iface):
target_ap_bssid = str(raw_input(colors.get_color("ORANGE")+"Enter target AP (BSSID): "+colors.get_color("ENDC")))
target_client_bssid = str(raw_input(colors.get_color("ORANGE")+"Enter target Client (BSSID) [empty for brodcast]: "+colors.get_color("ENDC")))
if (target_client_bssid == ''):
target_client_bssid = ":".join(["ff"]*6)
number_of_times = input(colors.get_color("ORANGE")+"How many times: "+colors.get_color("ENDC"))
number_of_pkts = input(colors.get_color("ORANGE")+"Number of deauth packets: "+colors.get_color("ENDC"))
pkt = RadioTap() / Dot11(type=0,subtype=12,addr1=target_client_bssid,addr2=target_ap_bssid,addr3=target_ap_bssid) / Dot11Deauth(reason=7)
for n in range(number_of_times):
sendp(pkt, iface=iface, count=number_of_pkts)
print(colors.get_color("ORANGE")+"[%s]" %(n+1) +" Deauth sent from: "+iface+" BSSID: "+target_ap_bssid+ " for Client: "+target_client_bssid+colors.get_color("ENDC"))
print("Switching to monitor mode...")
manage_interfaces.disable_monitor(iface)
print(colors.get_color("GRAY") + "\nExiting...\nGoodbye!"+colors.get_color("ENDC"))
def print_info(info, type=0):
if (type == 0):
m = colors.get_color("OKBLUE")
elif (type == 1):
m = colors.get_color("OKGREEN")
elif (type == 2):
m = colors.get_color("WARNING")
m += "[*] " + colors.get_color("ENDC") + colors.get_color("BOLD") + info + colors.get_color("ENDC")
print(m)
def scan(*arg):
##print ("Scanning "+str(len(arg)))
active_probing, profile = False, False
interface = arg[0]
if(len(arg)==2):
profile = arg[1]
elif(len(arg)==3):
active_probing = arg[1]
interface_monitor = arg[2]
elif(len(arg)==4):
profile = arg[1]
active_probing = arg[2]
interface_monitor = arg[3]
global table_of_manufacturers
table_of_manufacturers = manufacturer.MacParser(manufacturer_table).refresh()
sys.stdout=Unbuffered(sys.stdout)
table = ['Date','AP Name','CH','BSSID','Brand','Signal','Quality','Frequency','Encryption','Cipher', 'Authentication','TSF']
print (colors.get_color("BOLD") + '{:^22s}|{:^24s}|{:^9s}|{:^19s}|{:^15s}|{:^8s}|{:^9s}|{:^11s}|{:^18s}|{:^8s}|{:^16s}|{:^16s}'.format(table[0],table[1],table[2],table[3],table[4],table[5],table[6],table[7],table[8],table[9],table[10],table[11]) + colors.get_color("ENDC"))
while True:
ap_list = get_results(interface)
try:
for line in ap_list:
# filter to check if APs already exists
if filter_aps(line, profile):
limited = False
if len(line['essid'])>21:
limited = True
# apply detections heuristics
if limited:
if (noknowled_detector.suspicious_behaviours(line,captured_aps) == "suspicious_1"):
print (colors.get_color("FAIL") + '{:^22s} {:<23s} {:^9s} {:^19s} {:^15s} {:^8s} {:^9s} {:^10s} {:^18s} {:^8s} {:^16s} {:<18s}'.format(getTimeDate(),line['essid'][0:21],line['channel'],line['mac'], line['manufacturer'],line['signal'],line['quality'],line['frequency'],line['key type'],line['group cipher'], line['authentication suites'], line['tsf']) + colors.get_color("ENDC") )
elif (noknowled_detector.suspicious_behaviours(line,captured_aps) == "suspicious_2" or noknowled_detector.suspicious_behaviours(line,captured_aps) == "suspicious_4"):
print (colors.get_color("FAIL1") + '{:^22s} {:<23s} {:^9s} {:^19s} {:^15s} {:^8s} {:^9s} {:^10s} {:^18s} {:^8s} {:^16s} {:<18s}'.format(getTimeDate(),line['essid'][0:21],line['channel'],line['mac'], line['manufacturer'],line['signal'],line['quality'],line['frequency'],line['key type'],line['group cipher'], line['authentication suites'], line['tsf']) + colors.get_color("ENDC") )
elif (noknowled_detector.suspicious_behaviours(line,captured_aps) == "suspicious_3"):
print (colors.get_color("FAIL2") + '{:^22s} {:<23s} {:^9s} {:^19s} {:^15s} {:^8s} {:^9s} {:^10s} {:^18s} {:^8s} {:^16s} {:<18s}'.format(getTimeDate(),line['essid'][0:21],line['channel'],line['mac'], line['manufacturer'],line['signal'],line['quality'],line['frequency'],line['key type'],line['group cipher'], line['authentication suites'], line['tsf']) + colors.get_color("ENDC") )
else:
print '{:^22s} {:<23s} {:^9s} {:^19s} {:^15s} {:^8s} {:^9s} {:^10s} {:^18s} {:^8s} {:^16s} {:<18s}'.format(getTimeDate(),line['essid'][0:21],line['channel'],line['mac'], line['manufacturer'],line['signal'],line['quality'],line['frequency'],line['key type'],line['group cipher'], line['authentication suites'], line['tsf'])
else:
if (noknowled_detector.suspicious_behaviours(line,captured_aps) == "suspicious_1"):
print (colors.get_color("FAIL") + '{:^22s} {:<23s} {:^9s} {:^19s} {:^15s} {:^8s} {:^9s} {:^10s} {:^18s} {:^8s} {:^16s} {:<18s}'.format(getTimeDate(),line['essid'],line['channel'],line['mac'], line['manufacturer'],line['signal'],line['quality'],line['frequency'],line['key type'],line['group cipher'], line['authentication suites'], line['tsf']) + colors.get_color("ENDC") )
elif (noknowled_detector.suspicious_behaviours(line,captured_aps) == "suspicious_2" or noknowled_detector.suspicious_behaviours(line,captured_aps) == "suspicious_4"):
print (colors.get_color("FAIL1") + '{:^22s} {:<23s} {:^9s} {:^19s} {:^15s} {:^8s} {:^9s} {:^10s} {:^18s} {:^8s} {:^16s} {:<18s}'.format(getTimeDate(),line['essid'],line['channel'],line['mac'], line['manufacturer'],line['signal'],line['quality'],line['frequency'],line['key type'],line['group cipher'], line['authentication suites'], line['tsf']) + colors.get_color("ENDC") )
elif (noknowled_detector.suspicious_behaviours(line,captured_aps) == "suspicious_3"):
print (colors.get_color("FAIL2") + '{:^22s} {:<23s} {:^9s} {:^19s} {:^15s} {:^8s} {:^9s} {:^10s} {:^18s} {:^8s} {:^16s} {:<18s}'.format(getTimeDate(),line['essid'],line['channel'],line['mac'], line['manufacturer'],line['signal'],line['quality'],line['frequency'],line['key type'],line['group cipher'], line['authentication suites'], line['tsf']) + colors.get_color("ENDC") )
else:
print '{:^22s} {:<23s} {:^9s} {:^19s} {:^15s} {:^8s} {:^9s} {:^10s} {:^18s} {:^8s} {:^16s} {:<18s}'.format(getTimeDate(),line['essid'],line['channel'],line['mac'], line['manufacturer'],line['signal'],line['quality'],line['frequency'],line['key type'],line['group cipher'], line['authentication suites'], line['tsf'])
if(profile):
passive_detectors.authorized_aps(line, profile)
if( line['key type'] == "Open"):
passive_detectors.free_WiFis_detect(line, captured_aps)
passive_detectors.spot_karma(line)
#passive_detectors.deauth_detector(interface_monitor) # new stufx
if (active_probing):
passive_detectors.spoting_PineAP(line, active_probing, interface_monitor)
else:
passive_detectors.spoting_PineAP(line)
#if (deauth_detect):
#passive_detectors.deauth_detector(interface_monitor) # new stufx
# end of detections heuristics
passive_detectors.check_tsf(line)
captured_aps.append(line)
signal.signal(signal.SIGINT, signal_handler)
time.sleep(1)
except Exception, err:
logs_api.errors_log(str(err))
pass
self.stream = stream
def write(self, data):
self.stream.write(data)
self.stream.flush()
log_file.write(data) # Write the data of stdout here to a text file as well
def signal_handler(signal, frame):
try:
manage_interfaces.disable_monitor(interface_monitor)
except Exception, err:
logs_api.errors_log(str(err))
pass
print (colors.get_color("GRAY") + "\nExiting...\nGoodbye!"+colors.get_color("ENDC"))
sys.exit(0)
def scan(*arg):
##print ("Scanning "+str(len(arg)))
active_probing, profile = False, False
interface = arg[0]
if(len(arg)==2):
profile = arg[1]
elif(len(arg)==3):
active_probing = arg[1]
interface_monitor = arg[2]
elif(len(arg)==4):
profile = arg[1]
active_probing = arg[2]
interface_monitor = arg[3]
def parse_args(email):
##intro()
scanners = ["scapy", "iwlist"]
scanner_type = ""
profile, scan, hive, deauth, active_probing, wifi_attacks_detect = False, False, False, False, False, False
if (len(sys.argv) < 4):
usage()
return
# setting up args
for cmd in sys.argv:
if (cmd == "-i"):
global interface
interface = sys.argv[sys.argv.index(cmd) + 1]
pre_check(interface)
if (cmd == "-im"):
global interface_monitor
interface_monitor = sys.argv[sys.argv.index(cmd) + 1]
pre_check(interface_monitor)
if (cmd == "-p"):
profile_name = sys.argv[sys.argv.index(cmd) + 1]
if (os.path.isfile(profile_name)):
profile = True
else:
print(
colors.get_color("FAIL") +
"Profile selected does not exists!\n" +
colors.get_color("ENDC"))
return
if (cmd == "-s"):
scan = True
scanner_type = sys.argv[sys.argv.index(cmd) + 1]
if (cmd == "-h"):
hive = True
if (cmd == "-d"):
deauth = True
if (cmd == "-a"):
active_probing = True
if (cmd == "-wifi_attacks_detect"):
wifi_attacks_detect = True
if (scan):
if (scanner_type == "scapy"):
manage_interfaces.enable_monitor(interface)
try:
if (profile):
scapy_monitor.scapy_scan(interface, profile_name)
else:
scapy_monitor.scapy_scan(interface)
except Exception as e:
print("Exception:113 %s" % e)
return
if (scanner_type == "iwlist"):
# print(profile,active_probing,profile_name,"--sqsqw")
try:
if (profile and active_probing):
print(profile, active_probing, profile_name, "--sqsqw")
manage_interfaces.change_mac(interface_monitor)
manage_interfaces.enable_monitor(interface_monitor)
iwlist_monitor.scan(email, interface, profile_name,
active_probing, interface_monitor)
elif (active_probing):
manage_interfaces.change_mac(interface_monitor)
manage_interfaces.enable_monitor(interface_monitor)
iwlist_monitor.scan(email, interface, active_probing,
interface_monitor)
elif (profile):
iwlist_monitor.scan(email, interface, profile_name)
else:
iwlist_monitor.scan(email, interface)
except Exception as e:
print("Exception:114 %s" % e)
return
if (scanner_type not in scanners):
print(
colors.get_color("FAIL") + "Wrong module selected!\n" +
colors.get_color("ENDC"))
usage()
return
if (hive):
try:
interface_monitor
except Exception as e:
print(
colors.get_color("ORANGE") + "'im' interface not defined!" +
colors.get_color("ENDC"))
print(
colors.get_color("GRAY") + "Exception: %s" % e +
colors.get_color("ENDC"))
sys.exit(0)
iface_hive = interface_monitor
try:
manage_interfaces.enable_monitor(iface_hive)
p = multiprocessing.Process(hive_mode.startRogueAP(iface_hive))
p.start()
p.join()
except Exception as e:
print("Exception: %s" % e)
return
if (deauth):
iface_deauth = interface_monitor
try:
manage_interfaces.enable_monitor(iface_deauth)
p = multiprocessing.Process(deauthing.deauthenticate(iface_deauth))
p.start()
p.join()
except Exception as e:
print("Exception: %s" % e)
return
if (wifi_attacks_detect):
iface_deauth = interface_monitor
try:
manage_interfaces.enable_monitor(iface_deauth)
p = multiprocessing.Process(
passive_detectors.wifi_attacks_detector(interface_monitor))
p.start()
p.join()
except Exception as e:
print("Exception: %s" % e)
return
def free_WiFis_detect(scanned_ap, captured_aps):
##DEBUG
#print("Detecting Rogue Free Wifis ...")
with open('profiles/free_wifis.txt', 'r') as f:
next(f)
for line in f:
auth_ssid = line.split()[0]
##print(auth_ssid)
##print (scanned_ap['essid'])
if (auth_ssid in scanned_ap['essid']):
print(
colors.get_color("UNDERLINE") +
"Scanning %s " % scanned_ap['essid'] +
" with: %s" % scanned_ap['mac'] + colors.get_color("ENDC"))
##print("inside 1")
auth_vendors = []
c = 1
while c < len(line.split()):
auth_vendors.append(line.split()[c])
c += 1
##print scanned_ap['manufacturer']
##print ("AUTH VENDORS: %s" % auth_vendors)
if (scanned_ap['manufacturer'] in auth_vendors):
##print("inside 2 **************************")
# in this situation we need to understand the pattern of the bssid and channel
##if ("STCP" in captured_ap['essid']):
## print (colors.get_color("OKGREEN")+"[%s | %s] Probable Auth Free WiFi." % (scanned_ap['essid'], scanned_ap['mac']) + colors.get_color("ENDC"))
for captured_ap in captured_aps:
##print("inside 3 +++++++++++++++++++++++")
# NOS_WIFI
if (scanned_ap['essid'] == "NOS_WIFI_Fon"
and ("NOS-" in captured_ap['essid']
or "ZON-" in captured_ap['essid'])):
last_byte = captured_ap['mac'][15:]
val = int(last_byte, base=16)
val_inc = hex(val + 1)[2:]
correct_bssid = captured_ap['mac'][:-2] + val_inc
## DEBUG
##print("Produced correct BSSID: %s and CH: %s" % (correct_bssid, captured_ap['channel']))
##print("Scanned AP BSSID: %s and CH: %s" % (scanned_ap['mac'], scanned_ap['channel']))
if (scanned_ap['mac'] == correct_bssid.upper()
and scanned_ap['channel']
== captured_ap['channel']):
print(
colors.get_color("OKGREEN") +
"[%s | %s] Probable Valid Free WiFi." %
(scanned_ap['essid'], scanned_ap['mac']) +
colors.get_color("ENDC"))
break
#else: # not in auth vendors
# print(colors.get_color("FAIL")+"[%s | %s] Strange Free WiFi. Possible Rogue Access Point!" % (scanned_ap['essid'], scanned_ap['mac']) +colors.get_color("ENDC") )
# break
# MEO-WiFi
elif (scanned_ap['essid'] == "MEO-WiFi"
and "MEO-" in captured_ap['essid']):
first_byte = captured_ap['mac'][:-15]
last_byte = captured_ap['mac'][15:]
val_1 = int(first_byte, base=16)
val_1_inc = hex(val_1 + 2)[2:]
val_2 = int(last_byte, base=16)
val_2_inc = hex(val_2 + 1)[2:]
correct_bssid = val_1_inc + captured_ap['mac'][
2:-2] + val_2_inc
## DEBUG
##print("Produced correct BSSID: %s and CH: %s" % (correct_bssid, captured_ap['channel']))
##print("Scanned AP BSSID: %s and CH: %s" % (scanned_ap['mac'], scanned_ap['channel']))
if (scanned_ap['mac'] == correct_bssid.upper()
and scanned_ap['channel']
== captured_ap['channel']):
print(
colors.get_color("OKGREEN") +
"[%s | %s] Probable Valid Free WiFi." %
(scanned_ap['essid'], scanned_ap['mac']) +
colors.get_color("ENDC"))
break
#else: # not in auth vendors
# print(colors.get_color("FAIL")+"[%s | %s] Strange Free WiFi. Possible Rogue Access Point!" % (scanned_ap['essid'], scanned_ap['mac']) +colors.get_color("ENDC") )
# break
# wifi_eventos
elif (scanned_ap['essid'] == "wifi_eventos"
and "eduroam" in captured_ap['essid']):
last_byte = captured_ap['mac'][15:]
val = int(last_byte, base=16)
val_inc = hex(val + 1)[2:]
correct_bssid = captured_ap['mac'][:-2] + val_inc
## DEBUG
##print("Produced correct BSSID: %s and CH: %s" % (correct_bssid, captured_ap['channel']))
##print("Scanned AP BSSID: %s and CH: %s" % (scanned_ap['mac'], scanned_ap['channel']))
if (scanned_ap['mac'] == correct_bssid.upper()
and scanned_ap['channel']
== captured_ap['channel']):
print(
colors.get_color("OKGREEN") +
"[%s | %s] Probable Valid Free WiFi." %
(scanned_ap['essid'], scanned_ap['mac']) +
colors.get_color("ENDC"))
break
else: # not in auth vendors
print(
colors.get_color("FAIL") +
"[%s | %s] Strange Free WiFi. Possible Rogue Access Point!"
%
(scanned_ap['essid'], scanned_ap['mac']) +
colors.get_color("ENDC"))
break
# UPorto
elif (scanned_ap['essid'] == "UPorto"
and "eduroam" in captured_ap['essid']):
last_byte = captured_ap['mac'][15:]
val = int(last_byte, base=16)
val_inc = hex(val + 2)[2:]
correct_bssid = captured_ap['mac'][:-2] + val_inc
## DEBUG
##print("Produced correct BSSID: %s and CH: %s" % (correct_bssid, captured_ap['channel']))
##print("Scanned AP BSSID: %s and CH: %s" % (scanned_ap['mac'], scanned_ap['channel']))
if (scanned_ap['mac'] == correct_bssid.upper()
and scanned_ap['channel']
== captured_ap['channel']):
print(
colors.get_color("OKGREEN") +
"[%s | %s] Probable Valid Free WiFi." %
(scanned_ap['essid'], scanned_ap['mac']) +
colors.get_color("ENDC"))
break
else: # not in auth vendors
print(
colors.get_color("FAIL") +
"[%s | %s] Strange Free WiFi. Possible Rogue Access Point!"
%
(scanned_ap['essid'], scanned_ap['mac']) +
colors.get_color("ENDC"))
break
else: # not in auth vendors
print(
colors.get_color("FAIL") +
"[%s | %s] Strange Free WiFi. Possible Rogue Access Point!"
% (scanned_ap['essid'], scanned_ap['mac']) +
colors.get_color("ENDC"))
def aps_lookup(pkt):
global table_of_manufacturers
global channel
table_of_manufacturers = manufacturer.MacParser(
manufacturer_table).refresh()
parsed_list = []
ap = {}
if (channel > 13):
channel = 1
channel_hopper()
channel += 1
# we are checking if ssid is already in the access_points list (and we also want same ssid with different bssid)
if ((pkt.haslayer(Dot11Beacon) or pkt.haslayer(Dot11ProbeResp))
and (pkt[Dot11].addr3 not in access_points)):
# for future work
#print pkt[Dot11].cap
#print pkt[Dot11ProbeResp].cap
access_points.add(pkt[Dot11].addr3)
ssid = pkt[Dot11].info
ap.update({"essid": ssid})
bssid = pkt[Dot11].addr3
ap.update({"mac": bssid.upper()})
channel = int(ord(pkt[Dot11Elt:3].info))
ap.update({"channel": channel})
capability = pkt.sprintf("{Dot11Beacon:%Dot11Beacon.cap%}\
{Dot11ProbeResp:%Dot11ProbeResp.cap%}")
extra = pkt.notdecoded
sig_str = -(256 - ord(extra[-4:-3]))
ap.update({"signal": sig_str})
manufacturer_data = manufacturer.search(table_of_manufacturers,
str(pkt.addr2))
if (manufacturer_data == []):
vendor = "Not Found"
ap.update({"manufacturer": "Null"})
else:
vendor = manufacturer_data[0].manuf
ap.update({"manufacturer": vendor})
if (str(vendor) == "None"):
vendor = "Not Found"
if (re.search("privacy", capability)):
encryption = "1"
key_type = "Protected"
ap.update({"key type": key_type})
# for future work
#print pkt[Dot11Elt].ID
#if (pkt[Dot11Elt].ID == 48):
# key_type = "WPA2"
# ap.update({"key type":key_type})
# encryption = key_type
#elif (pkt[Dot11Elt].ID == 221 and pkt[Dot11Elt].info.startswith('\x00P\xf2\x01\x01\x00')):
# key_type = "WEP"
# ap.update({"key type":key_type})
# encryption = key_type
#encryption = "1"
#key_type="Yes"
#ap.update({"key type":key_type})
else:
encryption = "0"
key_type = "Open"
ap.update({"key type": key_type})
# call passive detectors
if (profile):
passive_detectors.authorized_aps(ap, profile)
passive_detectors.free_WiFis_detect(ap, captured_aps)
passive_detectors.spot_karma(ap)
captured_aps.append(ap)
spaces = 23 - len(ssid)
spaces = ' ' * spaces
if encryption == "0":
print colors.get_color("OKGREEN") + "%s %s %s %2d %s %s %s" % (
ssid, spaces, bssid, int(channel), vendor, encryption,
sig_str) + colors.get_color("ENDC")
else:
print "%s %s %s %2d %s %s %s" % (
ssid, spaces, bssid, int(channel), vendor, encryption, sig_str)
## For Database Module
##db_api.insert_in_db_scapy(conn, ssid, bssid, int(channel), vendor, encryption)
signal.signal(signal.SIGINT, signal_handler)
def check_root():
if os.geteuid() != 0:
print(
colors.get_color("FAIL") + "[!] Requires root" +
colors.get_color("ENDC"))
sys.exit(0)
def printHeader():
print(
colors.get_color("WARNING") +
"SSID\t\t\t\tBSSID\t CH BRAND\tENC RSSI" +
colors.get_color("ENDC"))
def scan(*arg):
active_probing, profile = False, False
email = arg[0]
interface = arg[1]
global interface_monitor
if(len(arg) == 3):
profile = arg[2]
elif(len(arg) == 4):
active_probing = arg[2]
interface_monitor = arg[3]
elif(len(arg) == 4):
profile = arg[2]
active_probing = arg[3]
interface_monitor = arg[4]
global table_of_manufacturers
table_of_manufacturers = manufacturer.MacParser(
manufacturer_table).refresh()
table = ['Date', 'AP Name', 'CH', 'BSSID', 'Brand', 'Signal', 'Quality',
'Frequency', 'Encryption', 'Cipher', 'Authentication', 'TSF']
print(colors. get_color("BOLD") + '{:^22s}|{:^24s}|{:^9s}|{:^19s}|{:^15s}|{:^8s}|{:^9s}|{:^11s}|{:^18s}|{:^8s}|{:^16s}|{:^16s}'.format(
table[0], table[1], table[2], table[3], table[4], table[5], table[6], table[7], table[8], table[9], table[10], table[11]) + colors.get_color("ENDC"), flush=True)
while True:
ap_list = get_results(interface)
try:
for line in ap_list:
# filter to check if APs already exists
if filter_aps(line, profile):
limited = False
if (noknowledge_detector.suspicious_behaviours(line, captured_aps) == "suspicious_1"):
print(colors.get_color("FAIL") + '{:^22s} {:<23s} {:^9s} {:^19s} {:^15s} {:^8s} {:^9s} {:^10s} {:^18s} {:^8s} {:^16s} {:<18s}'.format(getTimeDate(
), line['essid'], line['channel'], line['mac'], line['manufacturer'], line['signal'], line['quality'], line['frequency'], line['key type'], line['group cipher'], line['authentication suites'], line['tsf']) + colors.get_color("ENDC"), flush=True)
# captured AP with same bssid and dif essid and encryption (karma)
elif (noknowledge_detector.suspicious_behaviours(line, captured_aps) == "suspicious_2" or noknowledge_detector.suspicious_behaviours(line, captured_aps) == "suspicious_4"):
print(colors.get_color("FAIL1") + '{:^22s} {:<23s} {:^9s} {:^19s} {:^15s} {:^8s} {:^9s} {:^10s} {:^18s} {:^8s} {:^16s} {:<18s}'.format(getTimeDate(
), line['essid'], line['channel'], line['mac'], line['manufacturer'], line['signal'], line['quality'], line['frequency'], line['key type'], line['group cipher'], line['authentication suites'], line['tsf']) + colors.get_color("ENDC"), flush=True)
# captured AP with same essid, bssid, encryption and dif channel
elif (noknowledge_detector.suspicious_behaviours(line, captured_aps) == "suspicious_3"):
print(colors.get_color("FAIL2") + '{:^22s} {:<23s} {:^9s} {:^19s} {:^15s} {:^8s} {:^9s} {:^10s} {:^18s} {:^8s} {:^16s} {:<18s}'.format(getTimeDate(
), line['essid'], line['channel'], line['mac'], line['manufacturer'], line['signal'], line['quality'], line['frequency'], line['key type'], line['group cipher'], line['authentication suites'], line['tsf']) + colors.get_color("ENDC"), flush=True)
# captured AP with same essid, bssid, channel and dif encryption
elif (noknowledge_detector.suspicious_behaviours(line, captured_aps) == "suspicious_4"):
print(colors.get_color("ORANGE") + '{:^22s} {:<23s} {:^9s} {:^19s} {:^15s} {:^8s} {:^9s} {:^10s} {:^18s} {:^8s} {:^16s} {:<18s}'.format(getTimeDate(
), line['essid'], line['channel'], line['mac'], line['manufacturer'], line['signal'], line['quality'], line['frequency'], line['key type'], line['group cipher'], line['authentication suites'], line['tsf']) + colors.get_color("ENDC"), flush=True)
else:
email.sendmail("*****@*****.**", "*****@*****.**", "Rouge AP detected..")
print('{:^22s} {:<23s} {:^9s} {:^19s} {:^15s} {:^8s} {:^9s} {:^10s} {:^18s} {:^8s} {:^16s} {:<18s}'.format(getTimeDate(
), line['essid'], line['channel'], line['mac'], line['manufacturer'], line['signal'], line['quality'], line['frequency'], line['key type'], line['group cipher'], line['authentication suites'], line['tsf']))
if(profile):
passive_detectors.authorized_aps(line, profile)
if(line['key type'] == "Open"):
passive_detectors.free_WiFis_detect(line, captured_aps)
passive_detectors.spot_karma(line)
# passive_detectors.deauth_detector(interface_monitor) # new stufx
if (active_probing):
passive_detectors.spoting_PineAP(
line, active_probing, interface_monitor)
else:
passive_detectors.spoting_PineAP(line)
passive_detectors.check_tsf(line)
captured_aps.append(line)
signal.signal(signal.SIGINT, signal_handler)
time.sleep(1)
except Exception as err:
logs_api.errors_log(str(err))
pass
def sniffRequests(p):
global auth_reqs
global assoc_reqs
if (p.haslayer(Dot11Auth)):
print(
colors.get_color("BOLD") + "[%s] " % getTimeDate() +
colors.get_color("OKGREEN") +
"Authentication packet found from %s to %s" %
(p[Dot11].addr2, p[Dot11].addr1) + colors.get_color("ENDC"))
auth_reqs += 1
if (p.haslayer(Dot11AssoReq)):
print(
colors.get_color("BOLD") + "[%s] " % getTimeDate() +
colors.get_color("OKBLUE") +
"Association request found from %s to %s" %
(p[Dot11].addr2, p[Dot11].addr1) + colors.get_color("ENDC"))
assoc_reqs += 1
if (p.haslayer(Dot11Deauth)):
print(
colors.get_color("BOLD") + "[%s] " % getTimeDate() +
colors.get_color("PURPLE") +
"Deauthentication packet found from %s to %s Reason -> %s" %
(p[Dot11].addr2, p[Dot11].addr1, p[Dot11Deauth].reason) +
colors.get_color("ENDC")),
error_code = int(p[Dot11Deauth].reason)
print deauth_error_codes[error_code]
if (auth_reqs >= 20):
print(
colors.get_color("FAIL") +
"[WiFi Attack] Probable PMKID attack.\nReason: Too many Authentication requests."
+ colors.get_color("ENDC"))
auth_reqs = 0
if (assoc_reqs >= 20):
print(
colors.get_color("FAIL") +
"[WiFi Attack] Probable PMKID attack.\nReason: Too many Association requests."
+ colors.get_color("ENDC"))
assoc_reqs = 0
signal.signal(signal.SIGINT, signal_handler)
def authorized_aps(scanned_ap, profile):
with open(profile, 'r') as f:
next(f) #skipping first line
t = 0
for line in f:
auth_ssid, auth_enc, auth_rssi, auth_ch = line.split(
)[0], line.split()[1], line.split()[2], line.split()[3]
auth_rssi = int(auth_rssi)
auth_ch = int(auth_ch)
nr_auth_aps = int(line.split()[4])
if (scanned_ap['essid'] == auth_ssid):
auth_bssids = []
c = 5
while c < len(line.split()):
auth_bssids.append(line.split()[c])
c += 1
if (c > 6):
t = c - 6
## DEBUG
#print ("scanned ap: %s" % scanned_ap['mac'])
#print ("auth bssids: %s" % auth_bssids)
if (scanned_ap['mac'] in auth_bssids): #(.lower())
if (auth_enc != 'Open'
and scanned_ap['key type'] == "Open"):
print(
colors.get_color("FAIL") +
"[%s | %s] Possible Rogue Access Point!\n[Type] Evil Twin, different encryption."
% (scanned_ap['essid'], scanned_ap['mac']) +
colors.get_color("ENDC"))
break
if (auth_ch != int(scanned_ap['channel'])):
print(
colors.get_color("FAIL") +
"[%s | %s] Possible Rogue Access Point!\n[Type] Multichannel AP."
% (scanned_ap['essid'], scanned_ap['mac']) +
colors.get_color("ENDC"))
break
if (abs(int(scanned_ap['signal'])) > auth_rssi + 15 or
abs(int(scanned_ap['signal'])) < auth_rssi - 15):
print(
colors.get_color("FAIL") +
"[%s | %s] Strange RSSI!!! Associate? (y/n)" %
(scanned_ap['essid'], scanned_ap['mac']) +
colors.get_color("ENDC"))
##print ("the timeout: %s" % TIMEOUT)
signal.alarm(TIMEOUT)
assoc = yes_or_no()
signal.alarm(0)
if (assoc == "y"):
iface = str(
raw_input(
"Choose an interface for the association process: "
))
if (scanned_ap['key type'] == "Open"):
p = multiprocessing.Process(
associate.associateToAp(
scanned_ap['essid'], scanned_ap['mac'],
'', iface))
p.start()
else:
pwd = str(raw_input("Enter the AP password: "******"t = %s and nr_auth_aps = %s" % (t,nr_auth_aps)
if (t == nr_auth_aps):
print(
colors.get_color("FAIL") +
"[%s | %s] Possible Rogue Access Point!\n[Type] Evil Twin, unauthorized bssid."
% (scanned_ap['essid'], scanned_ap['mac']) +
colors.get_color("ENDC"))
## Testing Network
if (scanned_ap['essid'] == "LAB_NETWORK"):
print(
colors.get_color("FAIL") + "[%s | %s] Associate? (y/n)" %
(scanned_ap['essid'], scanned_ap['mac']) +
colors.get_color("ENDC"))
signal.alarm(TIMEOUT)
assoc = yes_or_no()
signal.alarm(0)
if (assoc == "y"):
iface = str(
raw_input(
"Choose an interface for the association process: "
))
if (scanned_ap['key type'] == "Open"):
p = multiprocessing.Process(
associate.associateToAp(scanned_ap['essid'],
scanned_ap['mac'], '',
iface))
p.start()
else:
pwd = str(raw_input("Enter the AP password: "))
p = multiprocessing.Process(
associate.associateToAp(scanned_ap['essid'],
scanned_ap['mac'], pwd,
iface))
p.start()
else:
break
def interrupted(signum, frame):
print(
colors.get_color("GRAY") + 'Skipping association...' +
colors.get_color("ENDC"))
sys.exit(0)
