def dependency_check(self): ''' Check that required programs are installed ''' required_apps = [ 'airmon-ng', 'iwconfig', 'ifconfig', 'aircrack-ng', 'aireplay-ng', 'airodump-ng', 'tshark' ] optional_apps = [ 'packetforge-ng', 'reaver', 'bully', 'cowpatty', 'pyrit', 'stdbuf', 'macchanger' ] missing_required = False missing_optional = False for app in required_apps: if not Process.exists(app): missing_required = True Color.pl('{!} {R}error: required app {O}%s{R} was not found' % app) for app in optional_apps: if not Process.exists(app): missing_optional = True Color.pl( '{!} {O}warning: recommended app {R}%s{O} was not found' % app) if missing_required: Color.pl('{!} {R}required app(s) were not found, exiting.{W}') sys.exit(-1) if missing_optional: Color.pl('{!} {O}recommended app(s) were not found') Color.pl('{!} {O}wifite may not work as expected{W}')
def print_banner(self): """ Displays ASCII art of the highest caliber. """ Color.pl('''\ {G} . {GR}{D} {W}{G} . {W} {G}.´ · .{GR}{D} {W}{G}. · `. {G}wifite {D}%s{W} {G}: : : {GR}{D} (¯) {W}{G} : : : {W}{D}automated wireless auditor {G}`. · `{GR}{D} /¯\ {W}{G}´ · .´ {C}{D}https://github.com/derv82/wifite2 {G} ` {GR}{D}/¯¯¯\{W}{G} ´ {W} ''' % Configuration.version)
def check_handshake(self, capfile): ''' Analyzes .cap file for handshake ''' if capfile == '<all>': Color.pl('{+} checking all handshakes in {G}"./hs"{W} directory\n') try: capfiles = [ os.path.join('hs', x) for x in os.listdir('hs') if x.endswith('.cap') ] except OSError, e: capfiles = [] if len(capfiles) == 0: Color.pl('{!} {R}no .cap files found in {O}"./hs"{W}\n')
def main(self): ''' Either performs action based on arguments, or starts attack scanning ''' if os.getuid() != 0: Color.pl('{!} {R}error: {O}wifite{R} must be run as {O}root{W}') Color.pl('{!} {O}re-run as: sudo ./Wifite.py{W}') Configuration.exit_gracefully(0) self.dependency_check() Configuration.initialize(load_interface=False) if Configuration.show_cracked: self.display_cracked() elif Configuration.check_handshake: self.check_handshake(Configuration.check_handshake) elif Configuration.crack_handshake: CrackHandshake() else: Configuration.get_interface() self.run()
def user_wants_to_continue(self, targets_remaining, attacks_remaining=0): ''' Asks user if attacks should continue onto other targets ''' if attacks_remaining == 0 and targets_remaining == 0: # No targets or attacksleft, drop out return prompt_list = [] if attacks_remaining > 0: prompt_list.append( Color.s('{C}%d{W} attack(s)' % attacks_remaining)) if targets_remaining > 0: prompt_list.append( Color.s('{C}%d{W} target(s)' % targets_remaining)) prompt = ' and '.join(prompt_list) Color.pl('{+} %s remain, do you want to continue?' % prompt) prompt = Color.s('{+} type {G}c{W} to {G}continue{W}' + ' or {R}s{W} to {R}stop{W}: ') if raw_input(prompt).lower().startswith('s'): return False else: return True
def display_cracked(self): ''' Show cracked targets from cracked.txt ''' name = CrackResult.cracked_file if not os.path.exists(name): Color.pl('{!} {O}file {C}%s{O} not found{W}' % name) return with open(name, 'r') as fid: cracked_targets = json.loads(fid.read()) if len(cracked_targets) == 0: Color.pl('{!} {R}no results found in {O}%s{W}' % name) else: Color.pl('{+} displaying {G}%d {C}cracked target(s){W}\n' % len(cracked_targets)) for item in cracked_targets: cr = CrackResult.load(item) cr.dump() Color.pl('')
def run(): w = Wifite() w.print_banner() try: w.main() except Exception, e: Color.pl('\n{!} {R}Error:{O} %s{W}' % str(e)) if Configuration.verbose > 0 or True: Color.pl('\n{!} {O}Full stack trace below') from traceback import format_exc Color.p('\n{!} ') err = format_exc().strip() err = err.replace('\n', '\n{!} {C} ') err = err.replace(' File', '{W}File') err = err.replace(' Exception: ', '{R}Exception: {O}') Color.pl(err) Color.pl('\n{!} {R}Exiting{W}\n')
def load_from_arguments(): ''' Sets configuration values based on Argument.args object ''' from args import Arguments args = Arguments(Configuration).args if args.random_mac: Configuration.random_mac = True Color.pl( '{+} {C}option:{W} using {G}random mac address{W} when scanning & attacking' ) if args.channel: Configuration.target_channel = args.channel Color.pl( '{+} {C}option:{W} scanning for targets on channel {G}%s{W}' % args.channel) if args.interface: Configuration.interface = args.interface Color.pl('{+} {C}option:{W} using wireless interface {G}%s{W}' % args.interface) if args.target_bssid: Configuration.target_bssid = args.target_bssid Color.pl('{+} {C}option:{W} targeting BSSID {G}%s{W}' % args.target_bssid) if args.five_ghz == True: Configuration.five_ghz = True Color.pl( '{+} {C}option:{W} including {G}5Ghz networks{W} in scans') if args.show_bssids == True: Configuration.show_bssids = True Color.pl( '{+} {C}option:{W} showing {G}bssids{W} of targets during scan' ) if args.no_deauth == True: Configuration.no_deauth = True Color.pl( '{+} {C}option:{W} will {R}not{W} {O}deauth{W} clients during scans or captures' ) if args.num_deauths and args.num_deauths > 0: Configuration.num_deauths = args.num_deauths Color.pl( '{+} {C}option:{W} will send {G}%d{W} deauth packets when deauthing' % Configuration.num_deauths) if args.target_essid: Configuration.target_essid = args.target_essid Color.pl('{+} {C}option:{W} targeting ESSID {G}%s{W}' % args.target_essid) if args.ignore_essid is not None: Configuration.ignore_essid = args.ignore_essid Color.pl( '{+} {C}option:{W} {O}ignoring ESSIDs that include {R}%s{W}' % args.ignore_essid) if args.scan_time: Configuration.scan_time = args.scan_time Color.pl( '{+} {C}option:{W} ({G}pillage{W}) attack all targets after {G}%d{W}s' % args.scan_time) if args.verbose: Configuration.verbose = args.verbose Color.pl('{+} {C}option:{W} verbosity level {G}%d{W}' % args.verbose) if args.kill_conflicting_processes: Configuration.kill_conflicting_processes = True Color.pl( '{+} {C}option:{W} kill conflicting processes {G}enabled{W}') # WEP if args.wep_filter: Configuration.wep_filter = args.wep_filter if args.wep_pps: Configuration.wep_pps = args.wep_pps Color.pl( '{+} {C}option:{W} using {G}%d{W} packets-per-second on WEP attacks' % args.wep_pps) if args.wep_timeout: Configuration.wep_timeout = args.wep_timeout Color.pl( '{+} {C}option:{W} WEP attack timeout set to {G}%d seconds{W}' % args.wep_timeout) if args.require_fakeauth: Configuration.require_fakeauth = True Color.pl( '{+} {C}option:{W} fake-authentication is {G}required{W} for WEP attacks' ) if args.wep_crack_at_ivs: Configuration.wep_crack_at_ivs = args.wep_crack_at_ivs Color.pl( '{+} {C}option:{W} will start cracking WEP keys at {G}%d IVs{W}' % args.wep_crack_at_ivs) if args.wep_restart_stale_ivs: Configuration.wep_restart_stale_ivs = args.wep_restart_stale_ivs Color.pl( '{+} {C}option:{W} will restart aireplay after {G}%d seconds{W} of no new IVs' % args.wep_restart_stale_ivs) if args.wep_restart_aircrack: Configuration.wep_restart_aircrack = args.wep_restart_aircrack Color.pl( '{+} {C}option:{W} will restart aircrack every {G}%d seconds{W}' % args.wep_restart_aircrack) # WPA if args.wpa_filter: Configuration.wpa_filter = args.wpa_filter if args.wordlist: if os.path.exists(args.wordlist): Configuration.wordlist = args.wordlist Color.pl( '{+} {C}option:{W} using wordlist {G}%s{W} to crack WPA handshakes' % args.wordlist) else: Configuration.wordlist = None Color.pl( '{+} {C}option:{O} wordlist {R}%s{O} was not found, wifite will NOT attempt to crack handshakes' % args.wordlist) if args.wpa_deauth_timeout: Configuration.wpa_deauth_timeout = args.wpa_deauth_timeout Color.pl( '{+} {C}option:{W} will deauth WPA clients every {G}%d seconds{W}' % args.wpa_deauth_timeout) if args.wpa_attack_timeout: Configuration.wpa_attack_timeout = args.wpa_attack_timeout Color.pl( '{+} {C}option:{W} will stop WPA handshake capture after {G}%d seconds{W}' % args.wpa_attack_timeout) if args.ignore_old_handshakes: Configuration.ignore_old_handshakes = True Color.pl( "{+} {C}option:{W} will {O}ignore{W} existing handshakes (force capture)" ) if args.wpa_handshake_dir: Configuration.wpa_handshake_dir = args.wpa_handshake_dir Color.pl('{+} {C}option:{W} will store handshakes to {G}%s{W}' % args.wpa_handshake_dir) if args.wpa_strip_handshake: Configuration.wpa_strip_handshake = True Color.pl( "{+} {C}option:{W} will {G}strip{W} non-handshake packets") # WPS if args.wps_filter: Configuration.wps_filter = args.wps_filter if args.wps_only: Configuration.wps_only = True Color.pl( '{+} {C}option:{W} will *only* attack non-WEP networks with {G}WPS attacks{W} (no handshake capture)' ) if args.no_wps: Configuration.no_wps = args.no_wps Color.pl( '{+} {C}option:{W} will {O}never{W} use {C}WPS attacks{W} (Pixie-Dust/PIN) on targets' ) if args.use_bully: Configuration.use_bully = args.use_bully Color.pl( '{+} {C}option:{W} use {C}bully{W} instead of {C}reaver{W} for WPS Attacks' ) if args.wps_pixie_timeout: Configuration.wps_pixie_timeout = args.wps_pixie_timeout Color.pl( '{+} {C}option:{W} WPS pixie-dust attack will timeout after {G}%d seconds{W}' % args.wps_pixie_timeout) if args.wps_pixie_step_timeout: Configuration.wps_pixie_step_timeout = args.wps_pixie_step_timeout Color.pl( '{+} {C}option:{W} Any step in the pixie-dust attack will timeout after {G}%d seconds{W}' % args.wps_pixie_step_timeout) if args.wps_fail_threshold: Configuration.wps_fail_threshold = args.wps_fail_threshold Color.pl( '{+} {C}option:{W} will stop WPS attack after {G}%d failures{W}' % args.wps_fail_threshold) if args.wps_timeout_threshold: Configuration.wps_timeout_threshold = args.wps_timeout_threshold Color.pl( '{+} {C}option:{W} will stop WPS attack after {G}%d timeouts{W}' % args.wps_timeout_threshold) if args.wps_skip_rate_limit == False: Configuration.wps_skip_rate_limit = False Color.pl( '{+} {C}option:{W} will {G}continue{W} WPS attacks when rate-limited' ) # Adjust encryption filter Configuration.encryption_filter = [] if Configuration.wep_filter: Configuration.encryption_filter.append('WEP') if Configuration.wpa_filter: Configuration.encryption_filter.append('WPA') if Configuration.wps_filter: Configuration.encryption_filter.append('WPS') if len(Configuration.encryption_filter) == 3: Color.pl( '{+} {C}option:{W} targeting {G}all encrypted networks{W}') elif len(Configuration.encryption_filter) == 0: # Default to scan all types Configuration.encryption_filter = ['WEP', 'WPA', 'WPS'] else: Color.pl('{+} {C}option:{W} ' + 'targeting {G}%s-encrypted{W} networks' % '/'.join(Configuration.encryption_filter)) # Adjust WEP attack list Configuration.wep_attacks = [] import sys seen = set() for arg in sys.argv: if arg in seen: continue seen.add(arg) if arg == '-arpreplay': Configuration.wep_attacks.append('replay') if arg == '-fragment': Configuration.wep_attacks.append('fragment') if arg == '-chopchop': Configuration.wep_attacks.append('chopchop') if arg == '-caffelatte': Configuration.wep_attacks.append('caffelatte') if arg == '-p0841': Configuration.wep_attacks.append('p0841') if arg == '-hirte': Configuration.wep_attacks.append('hirte') if len(Configuration.wep_attacks) == 0: # Use all attacks Configuration.wep_attacks = [ 'replay', 'fragment', 'chopchop', 'caffelatte', 'p0841', 'hirte' ] elif len(Configuration.wep_attacks) > 0: Color.pl('{+} {C}option:{W} using {G}%s{W} WEP attacks' % '{W}, {G}'.join(Configuration.wep_attacks)) # Commands if args.cracked: Configuration.show_cracked = True if args.check_handshake: Configuration.check_handshake = args.check_handshake if args.crack_handshake: Configuration.crack_handshake = True
def run(self): ''' Main program. 1) Scans for targets, asks user to select targets 2) Attacks each target ''' s = Scanner() if s.target: # We found the target we want targets = [s.target] else: targets = s.select_targets() attacked_targets = 0 targets_remaining = len(targets) for idx, t in enumerate(targets, start=1): attacked_targets += 1 targets_remaining -= 1 Color.pl( '\n{+} ({G}%d{W}/{G}%d{W})' % (idx, len(targets)) + ' starting attacks against {C}%s{W} ({C}%s{W})' % (t.bssid, t.essid if t.essid_known else "{O}ESSID unknown")) if 'WEP' in t.encryption: attack = AttackWEP(t) elif 'WPA' in t.encryption: if t.wps: attack = AttackWPS(t) result = False try: result = attack.run() except Exception as e: Color.pl("\n{!} {R}Error: {O}%s" % str(e)) if Configuration.verbose > 0 or Configuration.print_stack_traces: Color.pl('\n{!} {O}Full stack trace below') from traceback import format_exc Color.p('\n{!} ') err = format_exc().strip() err = err.replace('\n', '\n{!} {C} ') err = err.replace(' File', '{W}File') err = err.replace(' Exception: ', '{R}Exception: {O}') Color.pl(err) except KeyboardInterrupt: Color.pl('\n{!} {O}interrupted{W}\n') if not self.user_wants_to_continue( targets_remaining, 1): break if result and attack.success: # We cracked it. attack.crack_result.save() continue else: # WPS failed, try WPA handshake. attack = AttackWPA(t) else: # Not using WPS, try WPA handshake. attack = AttackWPA(t) else: Color.pl( "{!} {R}Error: {O}unable to attack: encryption not WEP or WPA" ) continue try: attack.run() except Exception, e: Color.pl("\n{!} {R}Error: {O}%s" % str(e)) if Configuration.verbose > 0 or True: Color.pl('\n{!} {O}Full stack trace below') from traceback import format_exc Color.p('\n{!} ') err = format_exc().strip() err = err.replace('\n', '\n{!} {C} ') err = err.replace(' File', '{W}File') err = err.replace(' Exception: ', '{R}Exception: {O}') Color.pl(err) except KeyboardInterrupt: Color.pl('\n{!} {O}interrupted{W}\n') if not self.user_wants_to_continue(targets_remaining): break
if capfile == '<all>': Color.pl('{+} checking all handshakes in {G}"./hs"{W} directory\n') try: capfiles = [ os.path.join('hs', x) for x in os.listdir('hs') if x.endswith('.cap') ] except OSError, e: capfiles = [] if len(capfiles) == 0: Color.pl('{!} {R}no .cap files found in {O}"./hs"{W}\n') else: capfiles = [capfile] for capfile in capfiles: Color.pl('{+} checking for handshake in .cap file {C}%s{W}' % capfile) if not os.path.exists(capfile): Color.pl('{!} {O}.cap file {C}%s{O} not found{W}' % capfile) return hs = Handshake(capfile, bssid=Configuration.target_bssid, essid=Configuration.target_essid) hs.analyze() Color.pl('') def run(self): ''' Main program. 1) Scans for targets, asks user to select targets 2) Attacks each target '''
'--check', action='store', metavar='file', nargs='?', const='<all>', dest='check_handshake', help=Color. s('Check a .cap file (or all hs/*.cap files) for WPA handshakes')) commands.add_argument('-check', help=argparse.SUPPRESS, action='store', nargs='?', const='<all>', dest='check_handshake') commands.add_argument( '--crack', action='store_true', dest='crack_handshake', help=Color.s('Show commands to crack a captured handshake')) if __name__ == '__main__': from util.color import Color from config import Configuration Configuration.initialize(False) a = Arguments(Configuration) args = a.args for (key, value) in sorted(args.__dict__.iteritems()): Color.pl('{C}%s: {G}%s{W}' % (key.ljust(21), value))