Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/usr/bin/ruby
- # this is a work in progress, im going to eventuall make a complete handler for wireless router .
- # I started trying to make a WAP software in rub but after a while I started realizing that I shouldnt reinvent the wheel
- # i should just make a really good car. Im going to incorporate a bit of C and python also, the C to speed it up and the python
- #for some packet manipulation in the stream using scapy.
- #The configurtation options are all constants, i figured that instead of asking each time (since people generally have a
- #consistant setup) you set them in the code, the Class "packet_filter" is the filter (no really?!?!) i generally use nested ifs
- # for the hueristics but you can do whatever here, the logger is being worked on as you read this.
- #TODO: plucking images is an interesting idea.
- #install script
- #timed saves to pcap if ACTBAD, selective ports, most useful for tcp reconstruction
- require 'socket'
- require 'openssl'
- require 'packetfu'
- #Handles encryption
- #example
- # #preparing my balls for encryption
- # balls = Encryption.new("balls")
- # #encrypting my balls
- # balls.encrypt_payload
- class Encryption
- def initialize (string)
- @string = string
- end
- #encrypts
- def encrypt_payload
- cipher = OpenSSL::Cipher::Cipher.new('aes-256-cbc')
- cipher.encrypt
- cipher.key = WAPinit::KEY
- cipher.iv = WAPinit::IV
- cipher.update(@string) + cipher.final
- end
- #decrypts
- def decrypt_payload
- cipher = OpenSSL::Cipher::Cipher.new('aes-256-cbc')
- cipher.decrypt
- cipher.key = WAPinit::KEY
- cipher.iv = WAPinit::IV
- cipher.update(@string) + cipher.final
- end
- end
- #instances of this class start the show
- class WAPinit
- printf "\n\033[00;31m[SYSTEM]\033[00m Initializing Constants\n"
- printf "\033[00;35m===============================================================\033[00m\n"
- #general config
- KEY = "qwertyuiopasdfghjklzxcvbnmqwerty"
- IV = "qwertyuiopasdfghjklzxcvbnmqwerty"
- $ACTBAD=true
- $VERBOSE = true
- LOGGING= true
- MONITOR="mon0"
- EXTIF="eth1"
- TUNNEL="at0"
- INTIF="wlan1"
- TTY="/dev/tty10"
- CHAN = "9"
- ESSID="Firefly"
- #DHCP config
- RANGE="192.168.1.2 192.168.1.254"
- SCOPE="192.168.1.0"
- GATEWAY="192.168.1.1"
- MASK="255.255.255.0"
- BROADCAST="192.168.1.255"
- DOMAIN="cerberusrouter.net"
- DNS1="208.67.222.222"
- DNS2="208.67.220.220"
- #file contents of the bind and DHCP servers
- bind = <<BIND
- options {
- directory "/var/cache/bind";
- forwarders {
- #{GATEWAY};
- };
- auth-nxdomain no; # conform to RFC1035
- listen-on-v6 { any; };
- };
- BIND
- dhcp3 = <<DHCP
- ddns-update-style interim;
- ignore client-updates;
- subnet #{SCOPE} netmask #{MASK} {
- range #{RANGE};
- option subnet-mask #{MASK}; # Default subnet mask to be used by DHCP clients
- option broadcast-address #{BROADCAST}; # Default broadcast address to be used by DHCP clients
- option routers #{GATEWAY}; # Default gateway to be used by DHCP clients
- option domain-name "#{DOMAIN}";
- option domain-name-servers #{DNS1}, #{DNS2}; # Default DNS to be used by DHCP clients
- }
- # DHCP requests are not forwarded. Applies when there is more than one ethernet device and forwarding is configured.
- # option ipforwarding off;
- default-lease-time 21600; # Amount of time in seconds that a client may keep the IP address
- max-lease-time 43200;
- option time-offset -18000; # Eastern Standard Time
- # option ntp-servers 192.168.1.1; # Default NTP server to be used by DHCP clients
- DHCP
- #Heuristics for the execution of aircrack suite and monitoring tools and pretty much what ever else you want to add
- #this uses nested IF's to determine if the application is running, if it isnt it will start it
- if `ifconfig`.match(/mon[0-9]/)
- printf "\033[00;31m[SYSTEM] Monitor mode Previously Enabled, Skipping\033[00m \n"
- if `ifconfig`.match(/at[0-9]/) != true
- printf "\033[00;31m[SYSTEM]\033[00mActivating Wireless Access Point \n"
- pid = fork do
- system("airbase-ng -e #{ESSID} -a DE:AD:BE:EF:CA:FE -v -v -c #{CHAN} -I 5000 #{MONITOR} 2>&1")
- end
- Process.detach(pid)
- else printf "\033[00;31m[SYSTEM]WAP Already Active Skipping (if you did not know this please 'killall -9 airbase') \033[00m \n"
- end
- elsif `ifconfig`.match(/wlan[0-9]/)
- `gksu "airmon-ng start #{EXTIF} #{CHAN}"`
- printf "\033[00;31m[SYSTEM]\033[00m Monitor Mode Enabled on #{INTIF} \n"
- printf "\033[00;31m[SYSTEM]\033[00mActivating Wireless Access Point \n"
- pid = fork do
- $WAP = system("airbase-ng -e #{ESSID} -a DE:AD:BE:EF:CA:FE -v -v -c #{CHAN} -I 5000 #{MONITOR} 2>&1")
- end
- Process.detach(pid)
- end
- printf "\033[00;31m[SYSTEM]\033[00m TTY output Being Directed to \033[00;31m#{TTY}\033[00m\n"
- printf "\033[00;34m[NETWORK]\033[00m External Interface: \033[00;31m#{EXTIF}\033[00m\n"
- printf "\033[00;34m[NETWORK]\033[00m Monitor Interface: \033[00;31m #{MONITOR}\033[00m\n"
- printf "\033[00;34m[NETWORK]\033[00m Internal Interface: \033[00;31m#{INTIF}\033[00m\n"
- printf "\033[00;34m[NETWORK]\033[00m Tunnnel Interface: \033[00;31m #{TUNNEL}\033[00m\n"
- #begin the router-fu!
- `modprobe ip_tables`
- `modprobe iptable_filter`
- `modprobe ip_conntrack`
- `modprobe ip_conntrack_ftp`
- `modprobe ip_conntrack_irc`
- `modprobe iptable_nat`
- `modprobe ip_nat_ftp`
- `modprobe ip_nat_irc`
- printf "\033[00;31m[SYSTEM]\033[00m Done loading modules\n"
- printf "\033[00;31m[SYSTEM]\033[00m Enabling DynamicAddr\n"
- `echo "1" > /proc/sys/net/ipv4/ip_dynaddr`
- printf "\033[00;31m[SYSTEM]\033[00m Resetting IPTables Rules\n"
- `iptables --table nat --flush`
- `iptables --delete-chain`
- `iptables --flush`
- `iptables -P INPUT ACCEPT`
- `iptables -F INPUT `
- `iptables -P OUTPUT ACCEPT`
- `iptables -F OUTPUT `
- `iptables -P FORWARD DROP`
- `iptables -F FORWARD `
- `iptables -t nat -F`
- printf "\n\033[00;31m[SYSTEM]\033[00m Configuring Routing Tables\n"
- printf "\033[00;35m===============================================================\033[00m\n"
- printf "\033[00;34m [NETWORK]\033[00m Forwarding DNS to Tunnel\n"
- `iptables -t nat -A PREROUTING -p udp --dport 53 -j DNAT --to #{GATEWAY}` #dns
- printf "\033[00;34m [NETWORK]\033[00m Forwarding Subnet to Tunnel\n"
- `iptables -A FORWARD -i #{INTIF} -o #{TUNNEL} -j ACCEPT`
- printf "\033[00;34m [NETWORK]\033[00m Forwarding Tunnel to Subnet\n"
- `iptables -A FORWARD -i #{TUNNEL} -o #{INTIF} -j ACCEPT`
- `iptables -A FORWARD -j LOG`
- printf "\033[00;34m [NETWORK]\033[00m Enabling NAT on \033[00;31m#{TUNNEL}\033[00m\n"
- `iptables -t nat -A POSTROUTING -o #{TUNNEL} -j MASQUERADE`
- `echo "1" > /proc/sys/net/ipv4/ip_forward`
- printf "\033[00;35m===============================================================\033[00m\n"
- printf "\033[00;31m[SYSTEM]\033[00m IPTables Configured\n"
- printf "\n\033[00;31m[SYSTEM]\033[00m Configuring DHCP\n"
- printf "\033[00;35m===============================================================\033[00m\n"
- `ifconfig at0 up`
- `ifconfig at0 #{GATEWAY} netmask #{MASK}`
- `ifconfig at0 mtu 1500`
- dhcpconf = File.open("/etc/dhcp3/dhcpd.conf", "w")
- dhcpconf.syswrite(dhcp3)
- printf `dhcpd3 #{TUNNEL}`
- printf "\033[00;35m===============================================================\033[00m\n"
- printf "\033[00;31m[SYSTEM]\033[00m DHCP Server Configured\n"
- printf "\n\033[00;31m[SYSTEM]\033[00m Configuring DNS\n"
- printf "\033[00;35m===============================================================\033[00m\n"
- dnsf = File.open("/etc/bind/named.conf.options", "w")
- dnsf.syswrite(bind)
- printf `/etc/init.d/bind9 restart`
- printf "\033[00;31m[SYSTEM]\033[00m DNS Caching Configured\n"
- printf "\033[00;35m===============================================================\033[00m\n"
- `notify-send "Cerberus - Wireless Access Point initialized`
- end
- #a sniffer just cause i dont have teh skillz yet for coding one in C
- #class Packet_filter
- # def initialize(filter,iface)
- # @filter = filter
- # @iface = iface
- # end
- # station = PacketFu::Capture.new(:iface => @iface, :start => true , :filter => @filter)
- # loop {
- # station.stream.each do |packet|
- # packet_object = PacketFu::Packet.parse(packet)
- #if packet_object.is_arp?
- #printf "\033[00;31m[Network]ARP: From #{packet_object.ip_saddr} to #{packet_object.ip_saddr}"
- #else printf "asdf\n"
- #end
- # end
- # }
- #end
- class Logger
- end
- WAPinit.new
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement