def dependency_check(self):
''' Check that required programs are installed '''
required_apps = [
'airmon-ng', 'iwconfig', 'ifconfig', 'aircrack-ng', 'aireplay-ng',
'airodump-ng', 'tshark'
]
optional_apps = [
'packetforge-ng', 'reaver', 'bully', 'cowpatty', 'pyrit', 'stdbuf',
'macchanger'
]
missing_required = False
missing_optional = False
for app in required_apps:
if not Process.exists(app):
missing_required = True
Color.pl('{!} {R}error: required app {O}%s{R} was not found' %
app)
for app in optional_apps:
if not Process.exists(app):
missing_optional = True
Color.pl(
'{!} {O}warning: recommended app {R}%s{O} was not found' %
app)
if missing_required:
Color.pl('{!} {R}required app(s) were not found, exiting.{W}')
sys.exit(-1)
if missing_optional:
Color.pl('{!} {O}recommended app(s) were not found')
Color.pl('{!} {O}wifite may not work as expected{W}')
def print_banner(self):
""" Displays ASCII art of the highest caliber. """
Color.pl('''\
{G} . {GR}{D} {W}{G} . {W}
{G}.´ · .{GR}{D} {W}{G}. · `. {G}wifite {D}%s{W}
{G}: : : {GR}{D} (¯) {W}{G} : : : {W}{D}automated wireless auditor
{G}`. · `{GR}{D} /¯\ {W}{G}´ · .´ {C}{D}https://github.com/derv82/wifite2
{G} ` {GR}{D}/¯¯¯\{W}{G} ´ {W}
''' % Configuration.version)
def check_handshake(self, capfile):
''' Analyzes .cap file for handshake '''
if capfile == '<all>':
Color.pl('{+} checking all handshakes in {G}"./hs"{W} directory\n')
try:
capfiles = [
os.path.join('hs', x) for x in os.listdir('hs')
if x.endswith('.cap')
]
except OSError, e:
capfiles = []
if len(capfiles) == 0:
Color.pl('{!} {R}no .cap files found in {O}"./hs"{W}\n')
def main(self):
''' Either performs action based on arguments, or starts attack scanning '''
if os.getuid() != 0:
Color.pl('{!} {R}error: {O}wifite{R} must be run as {O}root{W}')
Color.pl('{!} {O}re-run as: sudo ./Wifite.py{W}')
Configuration.exit_gracefully(0)
self.dependency_check()
Configuration.initialize(load_interface=False)
if Configuration.show_cracked:
self.display_cracked()
elif Configuration.check_handshake:
self.check_handshake(Configuration.check_handshake)
elif Configuration.crack_handshake:
CrackHandshake()
else:
Configuration.get_interface()
self.run()
def user_wants_to_continue(self, targets_remaining, attacks_remaining=0):
''' Asks user if attacks should continue onto other targets '''
if attacks_remaining == 0 and targets_remaining == 0:
# No targets or attacksleft, drop out
return
prompt_list = []
if attacks_remaining > 0:
prompt_list.append(
Color.s('{C}%d{W} attack(s)' % attacks_remaining))
if targets_remaining > 0:
prompt_list.append(
Color.s('{C}%d{W} target(s)' % targets_remaining))
prompt = ' and '.join(prompt_list)
Color.pl('{+} %s remain, do you want to continue?' % prompt)
prompt = Color.s('{+} type {G}c{W} to {G}continue{W}' +
' or {R}s{W} to {R}stop{W}: ')
if raw_input(prompt).lower().startswith('s'):
return False
else:
return True
def display_cracked(self):
''' Show cracked targets from cracked.txt '''
name = CrackResult.cracked_file
if not os.path.exists(name):
Color.pl('{!} {O}file {C}%s{O} not found{W}' % name)
return
with open(name, 'r') as fid:
cracked_targets = json.loads(fid.read())
if len(cracked_targets) == 0:
Color.pl('{!} {R}no results found in {O}%s{W}' % name)
else:
Color.pl('{+} displaying {G}%d {C}cracked target(s){W}\n' %
len(cracked_targets))
for item in cracked_targets:
cr = CrackResult.load(item)
cr.dump()
Color.pl('')
def run():
w = Wifite()
w.print_banner()
try:
w.main()
except Exception, e:
Color.pl('\n{!} {R}Error:{O} %s{W}' % str(e))
if Configuration.verbose > 0 or True:
Color.pl('\n{!} {O}Full stack trace below')
from traceback import format_exc
Color.p('\n{!} ')
err = format_exc().strip()
err = err.replace('\n', '\n{!} {C} ')
err = err.replace(' File', '{W}File')
err = err.replace(' Exception: ', '{R}Exception: {O}')
Color.pl(err)
Color.pl('\n{!} {R}Exiting{W}\n')
def load_from_arguments():
''' Sets configuration values based on Argument.args object '''
from args import Arguments
args = Arguments(Configuration).args
if args.random_mac:
Configuration.random_mac = True
Color.pl(
'{+} {C}option:{W} using {G}random mac address{W} when scanning & attacking'
)
if args.channel:
Configuration.target_channel = args.channel
Color.pl(
'{+} {C}option:{W} scanning for targets on channel {G}%s{W}' %
args.channel)
if args.interface:
Configuration.interface = args.interface
Color.pl('{+} {C}option:{W} using wireless interface {G}%s{W}' %
args.interface)
if args.target_bssid:
Configuration.target_bssid = args.target_bssid
Color.pl('{+} {C}option:{W} targeting BSSID {G}%s{W}' %
args.target_bssid)
if args.five_ghz == True:
Configuration.five_ghz = True
Color.pl(
'{+} {C}option:{W} including {G}5Ghz networks{W} in scans')
if args.show_bssids == True:
Configuration.show_bssids = True
Color.pl(
'{+} {C}option:{W} showing {G}bssids{W} of targets during scan'
)
if args.no_deauth == True:
Configuration.no_deauth = True
Color.pl(
'{+} {C}option:{W} will {R}not{W} {O}deauth{W} clients during scans or captures'
)
if args.num_deauths and args.num_deauths > 0:
Configuration.num_deauths = args.num_deauths
Color.pl(
'{+} {C}option:{W} will send {G}%d{W} deauth packets when deauthing'
% Configuration.num_deauths)
if args.target_essid:
Configuration.target_essid = args.target_essid
Color.pl('{+} {C}option:{W} targeting ESSID {G}%s{W}' %
args.target_essid)
if args.ignore_essid is not None:
Configuration.ignore_essid = args.ignore_essid
Color.pl(
'{+} {C}option:{W} {O}ignoring ESSIDs that include {R}%s{W}' %
args.ignore_essid)
if args.scan_time:
Configuration.scan_time = args.scan_time
Color.pl(
'{+} {C}option:{W} ({G}pillage{W}) attack all targets after {G}%d{W}s'
% args.scan_time)
if args.verbose:
Configuration.verbose = args.verbose
Color.pl('{+} {C}option:{W} verbosity level {G}%d{W}' %
args.verbose)
if args.kill_conflicting_processes:
Configuration.kill_conflicting_processes = True
Color.pl(
'{+} {C}option:{W} kill conflicting processes {G}enabled{W}')
# WEP
if args.wep_filter:
Configuration.wep_filter = args.wep_filter
if args.wep_pps:
Configuration.wep_pps = args.wep_pps
Color.pl(
'{+} {C}option:{W} using {G}%d{W} packets-per-second on WEP attacks'
% args.wep_pps)
if args.wep_timeout:
Configuration.wep_timeout = args.wep_timeout
Color.pl(
'{+} {C}option:{W} WEP attack timeout set to {G}%d seconds{W}'
% args.wep_timeout)
if args.require_fakeauth:
Configuration.require_fakeauth = True
Color.pl(
'{+} {C}option:{W} fake-authentication is {G}required{W} for WEP attacks'
)
if args.wep_crack_at_ivs:
Configuration.wep_crack_at_ivs = args.wep_crack_at_ivs
Color.pl(
'{+} {C}option:{W} will start cracking WEP keys at {G}%d IVs{W}'
% args.wep_crack_at_ivs)
if args.wep_restart_stale_ivs:
Configuration.wep_restart_stale_ivs = args.wep_restart_stale_ivs
Color.pl(
'{+} {C}option:{W} will restart aireplay after {G}%d seconds{W} of no new IVs'
% args.wep_restart_stale_ivs)
if args.wep_restart_aircrack:
Configuration.wep_restart_aircrack = args.wep_restart_aircrack
Color.pl(
'{+} {C}option:{W} will restart aircrack every {G}%d seconds{W}'
% args.wep_restart_aircrack)
# WPA
if args.wpa_filter:
Configuration.wpa_filter = args.wpa_filter
if args.wordlist:
if os.path.exists(args.wordlist):
Configuration.wordlist = args.wordlist
Color.pl(
'{+} {C}option:{W} using wordlist {G}%s{W} to crack WPA handshakes'
% args.wordlist)
else:
Configuration.wordlist = None
Color.pl(
'{+} {C}option:{O} wordlist {R}%s{O} was not found, wifite will NOT attempt to crack handshakes'
% args.wordlist)
if args.wpa_deauth_timeout:
Configuration.wpa_deauth_timeout = args.wpa_deauth_timeout
Color.pl(
'{+} {C}option:{W} will deauth WPA clients every {G}%d seconds{W}'
% args.wpa_deauth_timeout)
if args.wpa_attack_timeout:
Configuration.wpa_attack_timeout = args.wpa_attack_timeout
Color.pl(
'{+} {C}option:{W} will stop WPA handshake capture after {G}%d seconds{W}'
% args.wpa_attack_timeout)
if args.ignore_old_handshakes:
Configuration.ignore_old_handshakes = True
Color.pl(
"{+} {C}option:{W} will {O}ignore{W} existing handshakes (force capture)"
)
if args.wpa_handshake_dir:
Configuration.wpa_handshake_dir = args.wpa_handshake_dir
Color.pl('{+} {C}option:{W} will store handshakes to {G}%s{W}' %
args.wpa_handshake_dir)
if args.wpa_strip_handshake:
Configuration.wpa_strip_handshake = True
Color.pl(
"{+} {C}option:{W} will {G}strip{W} non-handshake packets")
# WPS
if args.wps_filter:
Configuration.wps_filter = args.wps_filter
if args.wps_only:
Configuration.wps_only = True
Color.pl(
'{+} {C}option:{W} will *only* attack non-WEP networks with {G}WPS attacks{W} (no handshake capture)'
)
if args.no_wps:
Configuration.no_wps = args.no_wps
Color.pl(
'{+} {C}option:{W} will {O}never{W} use {C}WPS attacks{W} (Pixie-Dust/PIN) on targets'
)
if args.use_bully:
Configuration.use_bully = args.use_bully
Color.pl(
'{+} {C}option:{W} use {C}bully{W} instead of {C}reaver{W} for WPS Attacks'
)
if args.wps_pixie_timeout:
Configuration.wps_pixie_timeout = args.wps_pixie_timeout
Color.pl(
'{+} {C}option:{W} WPS pixie-dust attack will timeout after {G}%d seconds{W}'
% args.wps_pixie_timeout)
if args.wps_pixie_step_timeout:
Configuration.wps_pixie_step_timeout = args.wps_pixie_step_timeout
Color.pl(
'{+} {C}option:{W} Any step in the pixie-dust attack will timeout after {G}%d seconds{W}'
% args.wps_pixie_step_timeout)
if args.wps_fail_threshold:
Configuration.wps_fail_threshold = args.wps_fail_threshold
Color.pl(
'{+} {C}option:{W} will stop WPS attack after {G}%d failures{W}'
% args.wps_fail_threshold)
if args.wps_timeout_threshold:
Configuration.wps_timeout_threshold = args.wps_timeout_threshold
Color.pl(
'{+} {C}option:{W} will stop WPS attack after {G}%d timeouts{W}'
% args.wps_timeout_threshold)
if args.wps_skip_rate_limit == False:
Configuration.wps_skip_rate_limit = False
Color.pl(
'{+} {C}option:{W} will {G}continue{W} WPS attacks when rate-limited'
)
# Adjust encryption filter
Configuration.encryption_filter = []
if Configuration.wep_filter:
Configuration.encryption_filter.append('WEP')
if Configuration.wpa_filter:
Configuration.encryption_filter.append('WPA')
if Configuration.wps_filter:
Configuration.encryption_filter.append('WPS')
if len(Configuration.encryption_filter) == 3:
Color.pl(
'{+} {C}option:{W} targeting {G}all encrypted networks{W}')
elif len(Configuration.encryption_filter) == 0:
# Default to scan all types
Configuration.encryption_filter = ['WEP', 'WPA', 'WPS']
else:
Color.pl('{+} {C}option:{W} ' +
'targeting {G}%s-encrypted{W} networks' %
'/'.join(Configuration.encryption_filter))
# Adjust WEP attack list
Configuration.wep_attacks = []
import sys
seen = set()
for arg in sys.argv:
if arg in seen: continue
seen.add(arg)
if arg == '-arpreplay': Configuration.wep_attacks.append('replay')
if arg == '-fragment': Configuration.wep_attacks.append('fragment')
if arg == '-chopchop': Configuration.wep_attacks.append('chopchop')
if arg == '-caffelatte':
Configuration.wep_attacks.append('caffelatte')
if arg == '-p0841': Configuration.wep_attacks.append('p0841')
if arg == '-hirte': Configuration.wep_attacks.append('hirte')
if len(Configuration.wep_attacks) == 0:
# Use all attacks
Configuration.wep_attacks = [
'replay', 'fragment', 'chopchop', 'caffelatte', 'p0841',
'hirte'
]
elif len(Configuration.wep_attacks) > 0:
Color.pl('{+} {C}option:{W} using {G}%s{W} WEP attacks' %
'{W}, {G}'.join(Configuration.wep_attacks))
# Commands
if args.cracked: Configuration.show_cracked = True
if args.check_handshake:
Configuration.check_handshake = args.check_handshake
if args.crack_handshake: Configuration.crack_handshake = True
def run(self):
'''
Main program.
1) Scans for targets, asks user to select targets
2) Attacks each target
'''
s = Scanner()
if s.target:
# We found the target we want
targets = [s.target]
else:
targets = s.select_targets()
attacked_targets = 0
targets_remaining = len(targets)
for idx, t in enumerate(targets, start=1):
attacked_targets += 1
targets_remaining -= 1
Color.pl(
'\n{+} ({G}%d{W}/{G}%d{W})' % (idx, len(targets)) +
' starting attacks against {C}%s{W} ({C}%s{W})' %
(t.bssid, t.essid if t.essid_known else "{O}ESSID unknown"))
if 'WEP' in t.encryption:
attack = AttackWEP(t)
elif 'WPA' in t.encryption:
if t.wps:
attack = AttackWPS(t)
result = False
try:
result = attack.run()
except Exception as e:
Color.pl("\n{!} {R}Error: {O}%s" % str(e))
if Configuration.verbose > 0 or Configuration.print_stack_traces:
Color.pl('\n{!} {O}Full stack trace below')
from traceback import format_exc
Color.p('\n{!} ')
err = format_exc().strip()
err = err.replace('\n', '\n{!} {C} ')
err = err.replace(' File', '{W}File')
err = err.replace(' Exception: ',
'{R}Exception: {O}')
Color.pl(err)
except KeyboardInterrupt:
Color.pl('\n{!} {O}interrupted{W}\n')
if not self.user_wants_to_continue(
targets_remaining, 1):
break
if result and attack.success:
# We cracked it.
attack.crack_result.save()
continue
else:
# WPS failed, try WPA handshake.
attack = AttackWPA(t)
else:
# Not using WPS, try WPA handshake.
attack = AttackWPA(t)
else:
Color.pl(
"{!} {R}Error: {O}unable to attack: encryption not WEP or WPA"
)
continue
try:
attack.run()
except Exception, e:
Color.pl("\n{!} {R}Error: {O}%s" % str(e))
if Configuration.verbose > 0 or True:
Color.pl('\n{!} {O}Full stack trace below')
from traceback import format_exc
Color.p('\n{!} ')
err = format_exc().strip()
err = err.replace('\n', '\n{!} {C} ')
err = err.replace(' File', '{W}File')
err = err.replace(' Exception: ', '{R}Exception: {O}')
Color.pl(err)
except KeyboardInterrupt:
Color.pl('\n{!} {O}interrupted{W}\n')
if not self.user_wants_to_continue(targets_remaining):
break
if capfile == '<all>':
Color.pl('{+} checking all handshakes in {G}"./hs"{W} directory\n')
try:
capfiles = [
os.path.join('hs', x) for x in os.listdir('hs')
if x.endswith('.cap')
]
except OSError, e:
capfiles = []
if len(capfiles) == 0:
Color.pl('{!} {R}no .cap files found in {O}"./hs"{W}\n')
else:
capfiles = [capfile]
for capfile in capfiles:
Color.pl('{+} checking for handshake in .cap file {C}%s{W}' %
capfile)
if not os.path.exists(capfile):
Color.pl('{!} {O}.cap file {C}%s{O} not found{W}' % capfile)
return
hs = Handshake(capfile,
bssid=Configuration.target_bssid,
essid=Configuration.target_essid)
hs.analyze()
Color.pl('')
def run(self):
'''
Main program.
1) Scans for targets, asks user to select targets
2) Attacks each target
'''
'--check',
action='store',
metavar='file',
nargs='?',
const='<all>',
dest='check_handshake',
help=Color.
s('Check a .cap file (or all hs/*.cap files) for WPA handshakes'))
commands.add_argument('-check',
help=argparse.SUPPRESS,
action='store',
nargs='?',
const='<all>',
dest='check_handshake')
commands.add_argument(
'--crack',
action='store_true',
dest='crack_handshake',
help=Color.s('Show commands to crack a captured handshake'))
if __name__ == '__main__':
from util.color import Color
from config import Configuration
Configuration.initialize(False)
a = Arguments(Configuration)
args = a.args
for (key, value) in sorted(args.__dict__.iteritems()):
Color.pl('{C}%s: {G}%s{W}' % (key.ljust(21), value))
