#!/bin/bash
#
############################################################################
# US Phone Number Generator by DERV #
############################################################################
# HELP
# run the program with -h for help
#
# ./f0ne.sh -h
#
############################################################################
#
# USES:
# wget*
# awk
# sort**
# uniq**
# tr**
#
# *internet access is required
#
# **not necessary, but recommended
#
#
############################################################################
#
# CHANGE LOG
#
# revision 6 changes: (8/22/10)
# -command-line arguments!
# -to run: ./f0ne.sh [city] [style]
# -outputs only phone numbers instead of a file (so user can pipe to a file or aircrack)
# -ex: ./f0ne.sh "albuquerque, nm" 2
# -this will create all alb numbers with style 555-666-1234 (- separators)
#
#
# revision 5 changes: (8/18/10)
# -can run independent of crunch - slower, but it works if crunch isn't available
# -saves to 'name_of_city.txt' instead of generic 'phone.txt'
# -leeto burrito ascii art
#
# revision 4 changes:
# -removes duplicates for numbers that don't contain the area code (prefix only)
#
# revision 3 changes:
# -aircrack-ng passthrough for WPA cracking (saves time/space)
# -key is outputted to aircrack.txt and script stops immediately if key is found
#
# revision 2 changes:
# -menu system to output certain phone number formats
# -corrected error for cities with spaces in the name
#
############################################################################
#
# ToDo
# receive city, format, aircrack info as arguments to be more linux-like
# - just have if [[ $1 != ... everywhere!
#
############################################################################
#
# Note:
# This script runs MUCH faster if crunch is installed!
# program looks for crunch in directory /pentest/passwords/crunch/
# edit the line below if crunch is located elsewhere on your computer:
#
CRUNCH="/pentest/passwords/crunch/./crunch"
#CRUNCH="/derpderp/hurrdurr/./crunch" # for testing if user doesn't have crunch
#
# crunch can be found here: http://sourceforge.net/projects/crunch-wordlist/
#
############################################################################
# check if the user needs help
if [[ $1 = 'h' ]] || [[ $1 = '--help' ]] || [[ $1 = '-h' ]] || [[ $1 = 'help' ]] || [[ $1 = '-help' ]]; then
echo ""
echo -e "\E[32m /"
echo -e "\E[32m /\`\`/ \E[32mf 0 n e"
echo -e "\E[32m /__/"
echo -e "\E[32m /__/ \E[37mphone number generator"
echo -e "\E[39m"
echo ""
echo -e "\E[37mabout:"
echo -e "\E[39m"
echo " Phone numbers are a common password choice."
echo " Generating every 7-digit phone number for an area code leads to 10 million numbers."
echo " There is a website that finds only valid numbers (areacode and prefix) for certain cities."
echo " This program uses that website to generate customized lists of phone numbers."
echo ""
echo ""
echo -e "\E[37mhow to use:"
echo -e "\E[39m"
echo " Enter the U.S. city, for example 'New York'."
echo ""
echo " Then enter what format you want the phone number stored."
echo " 1) (555)444-####"
echo " 2) 555-444-####"
echo " 3) 555444####"
echo " 4) 444-####"
echo " 5) 444####"
echo ""
echo " f0ne will ask if you want to passthrough the results to aircrack-ng to crack WPA."
echo " This feature is designed to save time and harddisk space."
echo " Enter 'y' to select this option."
echo " You will be prompted for the .CAP file containing a WPA handshake,"
echo " and the name (SSID) of the access point."
echo ""
echo " If you do not select aircrack-ng passthrough, f0ne will save the numbers to a file."
echo ""
echo ""
echo -e "\E[37mnote:"
echo " f0ne uses Crunch to generate phone numbers quickly."
echo " The script defaults to /pentest/passwords/crunch/ to locate crunch"
echo " If needed, edit f0ne.sh to change the crunch path (LINE 66)"
echo ""
echo " If crunch is not found, f0ne.sh uses a built-in script that is much slower than crunch."
echo ""
echo " f0ne also accepts command-line arguments!"
echo -e " Usage: \E[39m./f0ne.sh \E[32m[CITY] [STYLE]\E[37m"
echo -e " Example: \E[39m./f0ne.sh \E[32m\"albuquerque, nm\" 5\E[37m"
echo " When using command-line arguments, f0ne will only output the phone numbers and no other data,"
echo " so piping to a file is recommened:"
echo -e " \E[39m./f0ne.sh \E[32m\"chicago, il\" 5 \E[36m> chicago.txt\E[37m"
echo " This will write all the phone numbers to the file 'chicago.txt'"
echo -e "\E[39m"
exit 0
fi
# trap term/keyboard interrupt signals
trap ITSATRAP INT
trap ITSATRAP TERM
ITSATRAP() {
killall aircrack-ng 2> /dev/null & 1> /dev/null
if [[ $# -eq 0 ]]; then
echo -e "\E[39m"
echo -e "\E[31m[!] Keyboard interrupt; exiting\E[39m"
fi
exit 0
}
# banner
if [[ $# -eq 0 ]]; then # only print if user supplied no arguments
echo ""
echo -e "\E[32m /"
echo -e "\E[32m /\`\`/ \E[32mf 0 n e"
echo -e "\E[32m /__/"
echo -e "\E[32m /__/ \E[37mphone number generator"
echo -e "\E[39m"
echo ""
fi
# check if user has crunch installed
if [[ ! -f "$CRUNCH" ]]; then
# crunch isn't found; use a built-in shell script instead
# check if user is root; warn about not running as root (chmod!)
if [[ `users` != 'root' ]] && [[ $# -eq 0 ]]; then
echo "[+] It is recommened to run this script as root if you do not have crunch installed."
echo -n "[?] Do you wish to continue? (y/n) "
read ANSWER
if [[ "${ANSWER}" = 'n' ]]; then
exit 0;
fi
fi
HAS_CRUNCH="0" # variable so we know if we are using CRUNCH or not
if [[ $# -eq 0 ]]; then
echo ""
echo -e "\E[31m[!] \E[39mCrunch was not found."
echo "[-] Creating temporary phone-number-generating script..."
fi
# create script that generates the last 4 phone numbers to the argument passed
# as you can see, all this script does is echo (it's harmless)
echo "#!/bin/bash
trap ITSATRAP INT
trap ITSATRAP TERM
ITSATRAP() {
exit 0
}
PRE=\$1
COUNT=0
while [ \${COUNT} -lt 10000 ]; do
TEMP=\${COUNT}
if [ \${#TEMP} -eq 1 ]; then
TEMP=\"000\${TEMP}\"
elif [ \${#TEMP} -eq 2 ]; then
TEMP=\"00\${TEMP}\"
elif [ \${#TEMP} -eq 3 ]; then
TEMP=\"0\${TEMP}\"
fi
echo \${PRE}\${TEMP}
COUNT=\$((COUNT + 1))
done
exit 0" > f0ne-crunch.sh
# end of script
# change permissions on this temporary script (so we can run it)
chmod +x f0ne-crunch.sh
# let user know what's up
if [[ $# -eq 0 ]]; then
echo -e "\E[33m[-] \E[39mNote: Temporary script f0ne-crunch.sh will be deleted on exit."
fi
CRUNCH="./f0ne-crunch.sh"
## old style would quit ; fuck that!
## echo ""
## echo "[!] Path to crunch not found! ($CRUNCH)"
## echo "[!] Please edit phone.sh Line 40 to the correct path to Crunch"
## exit
else
# if crunch is found, use it! (it's much faster than f0ne-crunch.sh)
HAS_CRUNCH="1"
fi
if [[ $# -eq 0 ]]; then
echo -n -e "\E[32m[+] \E[39mEnter a U.S. City (e.g. \E[32mchicago, il\E[39m): \E[32m"
read CITY
OUTFILE=$CITY
# OUTFILE is the output file -- where the data is saved to
OUTFILE=${OUTFILE// /} # strip out the spaces
OUTFILE=${OUTFILE//[^a-zA-Z0-9]/} # leave only alphanumeric characters
OUTFILE=`echo -n $OUTFILE | tr A-Z a-z` # convert to lowercase
OUTFILE="${OUTFILE}.txt" # make it a txt file
rm -rf ${OUTFILE} # remove the output file, just in case; so we don't 'stack' numbers together
elif [[ $# -eq 1 ]]; then
CITY=$1
STYLE=3 # default to [areacode][prefix][number] without any separators
OUTFILE=""
elif [[ $# -eq 2 ]]; then
CITY=$1
STYLE=$2 # user gave us city and separator!
OUTFILE=""
else
echo -e "\E[33m[+] \E[39mError: invalid amount of arguments"
echo ""
echo -e "\E[33m[+] \E[39mProper usage (with examples):"
echo ""
echo -e "\E[33m[+] \E[39m./f0ne.sh \E[32m[CITY]"
echo -e "\E[33m[+] \E[39m ./f0ne.sh \E[32mchicago"
echo -e "\E[33m[+] \E[39m ./f0ne.sh \E[32m\"chicago, il\""
echo ""
echo -e "\E[33m[+] \E[39m./f0ne.sh \E[32m[CITY] [STYLE]"
echo -e "\E[33m[+] \E[39m ./f0ne.sh \E[32mchicago 3"
echo -e "\E[33m[+] \E[39m ./f0ne.sh \E[32m\"chicago, il\" 3"
echo ""
exit 0
fi
# change format of CITY (used for URL request)
CITY=${CITY// /+} # website we use can't have spaces; use plus-signs (+) instead
CITY=${CITY//,/+} # convert commas to spaces
CITY=${CITY//[^a-zA-Z0-9+]/} # only alphanumeric characters (and plus signs!)
CITY=`echo -n $CITY | tr A-Z a-z` # finally, lowercase
if [[ $# -eq 0 ]]; then
# phone number style menu
echo -e "\E[39m"
echo -e "[-] Select a phone number format:"
echo ""
echo -e " \E[32m1\E[39m) (555)555-5555 [13 chars]"
echo -e " \E[32m2\E[39m) 555-555-1234 [12 chars]"
echo -e " \E[32m3\E[39m) 5555555555 [10 chars]"
echo -e " \E[32m4\E[39m) 555-1234 [ 8 chars]"
echo -e " \E[32m5\E[39m) 5551234 [ 7 chars]"
echo ""
echo -n -e "\E[32m[+]\E[39m Enter a number between \E[32m1\E[39m and \E[32m5\E[39m: \E[32m"
read STYLE
fi
# check if style (phone number formatting) is a valid menu option
if [[ "$STYLE" -lt "1" ]] || [[ $STYLE -gt "5" ]]; then
# if they picked something < 1 or > 5
echo -e "\E[31m[!] \E[39mInvalid menu number ($STYLE). Please use 1-5. \E[31mexiting.\E[39m"
exit 0
fi
# if we're not using command-line arguments...
if [[ $# -eq 0 ]]; then
# wpa passthrough question
echo -e "\E[33m[?]\E[39m Do you want to passthrough the phone numbers into "
echo -n -e " aircrack-ng to crack a WPA handshake capture file? (\E[32my\E[39m/\E[32mn\E[39m): \E[32m"
read ANS
# if they want to pass through to aircrack-ng...
if [[ "$ANS" == "y" ]]; then
# get .cap path
echo ""
echo -n -e "[+] Enter the \E[32mpath to the .cap file\E[39m containing a WPA handshake: \E[32m"
read CAP
echo -e "\E[39m"
if [[ ! -f "$CAP" ]]; then
# if the .cap file does not exist, gtfo
CAP=""
echo -e "\E[31m[!] \E[39mCAP file \E[31m\'${CAP}\' \E[39mnot found; defaulting output to \E[32m${OUTFILE}\E[39m"
else
# cap file exists, get the ESSID
echo -n -e "[+] Enter the \E[32mESSID\E[39m of the access point: \E[32m"
read ESSID
fi
# remove aircrack.txt now -- will contain if/when WPA key is found
rm -f aircrack.txt
else
# if CAP="", then we will only output phone numbers to the OUTFILE; no passthrough
CAP=""
fi
else
CAP=""
fi
# delete temporary files
rm -rf /tmp/page1.txt
rm -rf /tmp/page2.txt
# get html from site
if [[ $# -eq 0 ]]; then
echo -e "\E[39m"
echo -e "\E[32m[+] \E[39mGathering area-code and prefix information using wget; please wait..."
fi
wget -q -O /tmp/page1.txt http://www.melissadata.com/lookups/phonelocation.asp?number=${CITY}
# if wget returned invalid data or nothing at all...
if [[ $(cat /tmp/page1.txt) = "" ]] || [[ ! -f /tmp/page1.txt ]]; then
echo ""
echo -e "\E[31m[!]\E[39m Unable to download phone numbers for city '${CITY}'; exiting"
echo -e "\E[31m[!]\E[39m Unexpected errors occurred while accessing the following site:"
echo -e "\E[31mhttp://www.melissadata.com/lookups/phonelocation.asp?number=${CITY}\E[39m"
echo -e "\E[31m[!]\E[39m Check to make sure your internet connection is working and this URL provides relevant data."
exit 0
fi
# echo "[-] Prefixes gathered. Parsing..."
# the next few lines are pretty ugly
# i don't know much about awk, so I basically juggled the data between two files (page1.txt and page2.txt)
# this is horrible code and I'm sure there's a one-line awk solution to this, but I wasn't able to find it...
# grab the beginning of the phone numbers from page1, store in page2
awk ' BEGIN {FS = "?number=" } {print $2} ' /tmp/page1.txt >> /tmp/page2.txt
rm /tmp/page1.txt
# strip the end of the number (ignoring the trailing '0000' for each #)
awk ' BEGIN {FS = "0000\"" } {print $1} ' /tmp/page2.txt >> /tmp/page1.txt
rm /tmp/page2.txt
# remove blank lines 'cause I suck at awk
awk '$0!~/^$/ {print $0}' /tmp/page1.txt >> /tmp/page2.txt
rm /tmp/page1.txt
# if the user selected a menu item larger than 3...
if [[ "${STYLE}" -gt "3" ]]; then
# we don't need area code!
while read Lines
do
# remove areacode from each line
echo ${Lines:3} >> /tmp/page1.txt
done < /tmp/page2.txt
rm /tmp/page2.txt
# remove duplicates -- this is possible for large cities where different areacodes have the same prefix!
cat /tmp/page1.txt | sort | uniq > /tmp/page2.txt
rm /tmp/page1.txt
fi
# at this point, /tmp/page2.txt contains all of the [area codes and] prefixes for the city
# the following lines/loop counts how many prefixes there are
# this is purely to let the user know how much longer the process will take
COUNT=0 # COUNT will be the total amount of prefixes to generate
CURRENT=0 # CURRENT keeps track of which prefix we are currently working on
while read Line; do # go through every line in the prefix file
COUNT=$((COUNT + 1)) # increment counter
done < /tmp/page2.txt # stop at the end of the file
# loop through every areacode/prefix
while read Line
do
# if we are passing through to aircrack and we've cracked it, stop!
if [[ ! "$CAP" == "" ]] && [[ -f "aircrack.txt" ]]; then
break
fi
# sometimes the website returns only 3 digits (invalid numbers)
# i hit this error briefly, might have been isolated, but still gonna check for it!
if [[ "${STYLE}" -lt "4" ]] && [[ ${#Line} -eq 3 ]]; then
continue # move onto the next one
fi
CURRENT=$((CURRENT + 1)) # increment counter of how many prefixes we've done
# format the line to fit the style
if [ $STYLE = '1' ]; then
# Style: (###)###-@@@@
Line="(${Line:0:3})${Line:3}-"
LEN=13
elif [ $STYLE = '2' ]; then
# Style: ###-###-@@@@
Line="${Line:0:3}-${Line:3}-"
LEN=12
elif [ $STYLE = '3' ]; then
# Style: ######@@@@
Line=${Line} #nothing changes
LEN=10
elif [ $STYLE = '4' ]; then
# Style: ###-@@@@
Line="${Line}-"
LEN=8
elif [ $STYLE = '5' ]; then
# Style: ###@@@@
LEN=7
fi
# now that we know the format, see if we are passing through to aircrack or OUTFILE
if [[ ! "$CAP" == "" ]]; then
# cap file exists, need to pass through to aircrack
echo -e "\E[32m[+] \E[39mPassing through to aircrack-ng: \E[32m${Line}####\E[39m..."
if [[ HAS_CRUNCH = '1' ]]; then
${CRUNCH} $LEN $LEN 0123456789 -t ${Line}@@@@ | aircrack-ng -l aircrack.txt -w - -e ${ESSID} ${CAP}
else
${CRUNCH} "${Line}" | aircrack-ng -l aircrack.txt -w - -e ${ESSID} ${CAP}
fi
else
# no cap file, just output to OUTFILE
# if user didn't supply any arguments (we're in verbose mode)
if [[ $# -eq 0 ]]; then
echo -e "\E[32m[+] \E[39mGenerating phone numbers: \E[32m${Line}####\E[39m... (${CURRENT}/${COUNT})"
if [[ HAS_CRUNCH -eq 1 ]]; then
${CRUNCH} $LEN $LEN 0123456789 -t ${Line}@@@@ >> "${OUTFILE}"
else
${CRUNCH} "${Line}" >> "${OUTFILE}"
fi
else
# user supplied arguments, ONLY OUTPUT VALID NUMBERS!
if [[ HAS_CRUNCH -eq 1 ]]; then
${CRUNCH} $LEN $LEN 0123456789 -t ${Line}@@@@
else
${CRUNCH} "${Line}"
fi
fi
fi
done < /tmp/page2.txt
# at this point, we're done generating!
# delete temporary file containing area codes/prefixes
rm /tmp/page2.txt
if [[ ! "$CAP" == "" ]]; then
# if we were trying to passthrough
echo -n -e "\E[32m[!]\E[39m Finished! "
if [[ -f "aircrack.txt" ]]; then
# if we cracked it
echo -e "\E[32mPassword found: " + $(cat aircrack.txt)
echo -e "\E[32m[!] Saved to 'aircrack.txt'"
else
# if we didn't crack it
echo -e "\E[31mPassword not found."
fi
else
# if we were just generating phone numbers
if [[ $# -eq 0 ]]; then
echo ""
echo -e "\E[32m[!] Finished;\E[39m results are saved in \E[32m${OUTFILE}\E[39m"
fi
fi
# if we used the crunch script, delete it
if [[ $HAS_CRUNCH -eq 0 ]]; then
rm -rf f0ne-crunch.sh
fi
# print out a single white line so the next lines the user types/sees will be white (normal)
if [[ $# -eq 0 ]]; then
echo -e "\E[39m"
fi
exit 0