####################################### # U.S. Phone Number Generator by DERV # ####################################### # # revision 4 changes: # -removes duplicates for numbers that don't contain the area code (prefix only) # # revision 3 changes: # -aircrack-ng passthrough for WPA cracking (saves time/space) # -key is outputted to aircrack.txt and script stops immediately if key is found # # revision 2 changes: # -menu system to output certain phone number formats # -corrected error for cities with spaces in the name # # uses CRUNCH to generate mostly valid phone numbers # crunch can be found here: http://sourceforge.net/projects/crunch-wordlist/ # ############################################################################ # trap term/keyboard interrupt signals trap ITSATRAP INT trap ITSATRAP TERM ITSATRAP() { echo "" echo "Keyboard interrupt; exiting." exit } # path and filename of 'crunch' -- wordlist generator CRUNCH="/pentest/passwords/crunch/./crunch" if [[ ! -f "$CRUNCH" ]]; then echo "" echo "[!] Path to crunch not found! ($CRUNCH)" echo "[!] Please edit phone.sh Line 31 to the correct path to Crunch" exit fi # intro echo "" echo "[-] U.S. Phone Number Generator by DERV" echo "" echo -n "[+] Enter a U.S. City (e.g. chicago): " read CITY # website we use can't have spaces -- needs plus-signs (+) instead CITY=$(echo "${CITY}" | sed 's/ /+/g') # menu echo "" echo "[-] Select the format for the phone numbers:" echo "" echo " 1) (555)555-5555 [13 chars]" echo " 2) 555-555-1234 [12 chars]" echo " 3) 5555555555 [10 chars]" echo " 4) 555-1234 [ 8 chars]" echo " 5) 5551234 [ 7 chars]" echo "" echo -n "[+] Enter a number between 1 and 5: " read STYLE # check if style (phone number formatting) is a valid menu option if [[ "$STYLE" -lt "1" ]] || [[ $STYLE -gt "5" ]]; then # if they picked something < 1 or > 5 echo "" echo "[!] Invalid menu number; exiting." exit fi # wpa passthrough question echo "" echo "[?] Do you want to passthrough the phone numbers into " echo -n " aircrack-ng to crack a WPA handshake capture file? (y/n): " read ANS if [[ "$ANS" == "y" ]]; then # get .cap path echo "" echo -n "[+] Enter path to the .cap file containing WPA2 handshake: " read CAP if [[ ! -f "$CAP" ]]; then # if the .cap file does not exist, gtfo CAP="" echo "" echo "[!] CAP file \'${CAP}\' not found; defaulting output to phone.txt" else # cap file exists, get the ESSID echo "" echo -n "[+] Enter the ESSID of the access point: " read ESSID fi rm -f aircrack.txt else # if CAP="", then we will only output phone numbers to phone.txt; no passthrough CAP="" fi # get html from site echo "" echo "[-] Gathering area-code and prefix information from web..." wget -O /tmp/page1.txt http://www.melissadata.com/lookups/phonelocation.asp?number=${CITY} if [[ $(cat /tmp/page1.txt) == "" ]]; then echo "" echo "[!] Unable to access phone numbers for city '${CITY}'; exiting" exit fi # grab the beginning of the phone numbers awk ' BEGIN {FS = "?number=" } {print $2} ' /tmp/page1.txt >> /tmp/page2.txt rm /tmp/page1.txt # strip the end of the number (ignoring the trailing '0000' for each #) awk ' BEGIN {FS = "0000\"" } {print $1} ' /tmp/page2.txt >> /tmp/page1.txt rm /tmp/page2.txt # remove blank lines 'cause I suck at awk awk '$0!~/^$/ {print $0}' /tmp/page1.txt > /tmp/page2.txt rm /tmp/page1.txt if [[ $STYLE -gt "3" ]]; then # don't need area code! while read Lines do echo ${Lines:3} >> /tmp/page1.txt done < /tmp/page2.txt rm /tmp/page2.txt cat /tmp/page1.txt | sort | uniq > /tmp/page2.txt rm /tmp/page1.txt fi # get rid of previous phone.txt file (so we don't concatenate) echo "" > phone.txt # at this point, /tmp/page2.txt contains all of the area codes and prefixes for the city # loop through every areacode/prefix while read Line do # if we are passing through to aircrack and we've cracked it, stop! if [[ ! "$CAP" == "" ]] && [[ -f "aircrack.txt" ]]; then break fi # formats the line to fit the style if [ $STYLE = '1' ]; then # Style: (###)###-@@@@ Line="(${Line:0:3})${Line:3}-" LEN=13 elif [ $STYLE = '2' ]; then # Style: ###-###-@@@@ Line="${Line:0:3}-${Line:3}-" LEN=12 elif [ $STYLE = '3' ]; then # Style: ######@@@@ Line=${Line} #nothing changes LEN=10 elif [ $STYLE = '4' ]; then # Style: ###-@@@@ Line="${Line}-" LEN=8 elif [ $STYLE = '5' ]; then # Style: ###@@@@ # Line="${Line}" LEN=7 fi # now that we know the format, see if we are passing through to aircrack or phone.txt if [[ ! "$CAP" == "" ]]; then # cap file exists, need to pass through to aircrack echo "[-] Passing through to aircrack: ${Line}####..." ${CRUNCH} $LEN $LEN 0123456789 -t ${Line}@@@@ | aircrack-ng -l aircrack.txt -w - -e ${ESSID} ${CAP} else # no cap file, just output to phone.txt echo "[-] Creating phone numbers for areacode/prefix: ${Line}..." ${CRUNCH} $LEN $LEN 0123456789 -t ${Line}@@@@ >> phone.txt fi done < /tmp/page2.txt # delete temporary file containing area codes/prefixes rm /tmp/page2.txt if [[ ! "$CAP" == "" ]]; then # if we were trying to passthrough echo -n "[!] Finished! " if [[ -f "aircrack.txt" ]]; then # if we cracked it echo "Password found: " + $(cat aircrack.txt) else # if we didn't crack it echo "Password not found." fi else # if we were just generating phone numbers echo "[!] Finished!; results are saved in 'phone.txt'" fi