SHARE
TWEET

Usage The Rogue Toolkit

TVT618 Jan 27th, 2019 895 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. usage: python rogue.py -i wlan0 -h g -c 6 -e rogue --auth open --internet
  2.  
  3. The Rogue Toolkit is an extensible toolkit aimed at providing penetration
  4. testers an easy-to-use platform to deploy software-defined Access Points (AP)
  5. for the purpose of conducting penetration testing and red team engagements. By
  6. using Rogue, penetration testers can easily perform targeted evil twin attacks
  7. against a variety of wireless network types.
  8.  
  9. optional arguments:
  10.   -w PCAP_FILENAME, --write PCAP_FILENAME
  11.                         Write all collected wireless frames to a pcap file.
  12.   -m HOSTAPD_MANUAL_CONF, --manual HOSTAPD_MANUAL_CONF
  13.                         Loads a custom hostapd config file instead of
  14.                         dynamically generating a file
  15.   --internet            Provide network access
  16.   --auth {open,wep,wpa-personal,wpa-enterprise}
  17.                         Specify auth type. (Default: open)
  18.   --cert-wizard         Use this flag to create a new RADIUS cert for your AP
  19.   --clone-wizard        Used to clone a target website
  20.   --show-options        Display configured options.
  21.   -i INTERFACE, --interface INTERFACE
  22.                         The phy interface on which to create the AP
  23.  
  24. hostapd configuration:
  25.   --driver {hostap,nl80211,atheros,wired,none,bsd}
  26.                         Choose the hostapd-wpe driver
  27.   -d                    show more hostapd-wpe debug messages
  28.   -dd                   show even more hostapd-wpe debug messages
  29.  
  30. Attack Arguments:
  31.   --karma               Enable Karma.
  32.   --sslsplit            Enable sslsplit.
  33.   --responder           Enable responder using default configuration.
  34.   --essid-mask {0,1,2}  Send empty SSID in beacons and ignore probe request
  35.                         frames that do not specify full SSID. 1 = send empty
  36.                         (length=0) SSID in beacon and ignore probe request for
  37.                         broadcast SSID 2 = clear SSID (ASCII 0), but keep the
  38.                         original length (this may be required with some
  39.                         clients that do not support empty SSID) and ignore
  40.                         probe requests for broadcast SSID (Default: 0)
  41.   --hostile-portal      Enable hostile portal.
  42.   --hostile-mode {beef,responder}
  43.                         Select attack type performed by hostile portal.
  44.   --hostile-location HOSTILE_LOCATION
  45.                         Used to specify the location of the cloned site
  46.                         location. Note: httrack creates a new directory within
  47.                         the destination location with the name of the site
  48.                         cloned. (Default: /var/www/html)
  49.   --target-file TARGET_FILE
  50.                         Used to specify the file in which the hostile portal
  51.                         hook will be inserted into. (Default: /index.html)
  52.   --hostile-marker HOSTILE_MARKER
  53.                         Specify the line in the file target file to insert the
  54.                         web hook above. (Default: </body> )
  55.   --hostile-hook HOSTILE_HOOK
  56.                         Specify custom hook code to insert into the target
  57.                         file
  58.  
  59. IEEE 802.11 related configuration:
  60.   -b BSSID, --bssid BSSID
  61.                         Specify access point BSSID (Default:
  62.                         00:11:22:33:44:00)
  63.   -e ESSID, --essid ESSID
  64.                         Specify access point ESSID (Default: rogue)
  65.   -h {a,b,g,n,ac}, --hw-mode {a,b,g,n,ac}
  66.                         Specify access point hardware mode (Default: g).
  67.   --freq {2,5}          Specify the radio band to use (Default: 2GHz).
  68.   -c CHANNEL, --channel CHANNEL
  69.                         Specify access point channel. (Default: 0 - with ACS
  70.                         to find an unused channel)
  71.   --country {AD,AE,AF,AG,AI,AL,AM,AO,AQ,AR,AS,AT,AU,AW,AX,AZ,BA,BB,BD,BE,BF,BG,BH,BI,BJ,BL,BM,BN,BO,BQ,BQ,BR,BS,BT,BV,BW,BY,BZ,CA,CC,CD,CF,CG,CH,CI,CK,CL,CM,CN,CO,CR,CU,CV,CW,CX,CY,CZ,DE,DJ,DK,DM,DO,DZ,EC,EE,EG,EH,ER,ES,ET,FI,FJ,FK,FM,FO,FR,GA,GB,GD,GE,GF,GG,GH,GI,GL,GM,GN,GP,GQ,GR,GS,GT,GU,GW,GY,HK,HM,HN,HR,HT,HU,ID,IE,IL,IM,IN,IO,IQ,IR,IS,IT,JE,JM,JO,JP,KE,KG,KH,KI,KM,KN,KP,KR,KW,KY,KZ,LA,LB,LC,LI,LK,LR,LS,LT,LU,LV,LY,MA,MC,MD,ME,MF,MG,MH,MK,ML,MM,MN,MO,MP,MQ,MR,MS,MT,MU,MV,MW,MX,MY,MZ,NA,NC,NE,NF,NG,NI,NL,NO,NP,NR,NU,NZ,OM,PA,PE,PF,PG,PH,PK,PL,PM,PN,PR,PS,PT,PW,PY,QA,RE,RO,RS,RU,RW,SA,SB,SC,SD,SE,SG,SH,SI,SJ,SK,SL,SM,SN,SO,SR,SS,ST,SV,SX,SY,SZ,TC,TD,TF,TG,TH,TJ,TK,TL,TM,TN,TO,TR,TT,TV,TW,TZ,UA,UG,UM,US,UY,UZ,VA,VC,VE,VG,VI,VN,VU,WF,WS,YE,YT,ZA,ZM,ZW}
  72.                         Configures of country of operation
  73.   --macaddr-acl {0,1,2}
  74.                         Station MAC address -based authentication 0 = accept
  75.                         unless in deny list 1 = deny unless in accept list 2 =
  76.                         use external RADIUS (accept/deny will be searched
  77.                         first) (Default: 0)
  78.   --mac-accept-file MACADDR_ACCEPT_FILE
  79.                         Location of hostapd-wpe macaddr_acl accept file
  80.                         (Default: /home/rogue/tmp/hostapd.accept)
  81.   --mac-deny-file MACADDR_DENY_FILE
  82.                         Location of hostapd-wpe macaddr_acl deny file
  83.                         (Default: /home/rogue/tmp/hostapd.accept)
  84.   --auth-algs {1,2,3}   IEEE 802.11 specifies two authentication algorithms. 1
  85.                         allows only WPA2 authentication algorithms. 2 is WEP.
  86.                         3 allows both. (Default: 3)
  87.   --wmm-enabled         Enable Wireless Multimedia Extensions
  88.   --ieee80211d          Enabling IEEE 802.11d advertises the country_code and
  89.                         the set of allowed channels and transmit power levels
  90.                         based on the regulatory limits. (Default: False)
  91.   --ieee80211h          Enables radar detection and DFS support. DFS support
  92.                         is required for an outdoor 5 GHZ channel. (This can
  93.                         only be used if ieee80211d is enabled). (Default:
  94.                         False)
  95.   --ap-isolate          Enable client isolation to prevent low-level bridging
  96.                         of frames between associated stations in the BSS.
  97.                         (Default: disabled)
  98.  
  99. IEEE 802.11n related configuration:
  100.   --ht-mode {0,1,2}     Configure supported channel width set 0 = Feature
  101.                         disabled 1 = [HT40-] (2.4 GHz = 5-13, 5 GHz =
  102.                         40,48,56,64) 2 = [HT40+] (2.4 GHz = 1-7 (1-9 in
  103.                         Europe/Japan), 5 GHz = 36,44,52,60) (Default = 0).
  104.   --disable-short20     Disables Short GI for 20 MHz for HT capabilities.
  105.   --disable-short40     Disables Short GI for 40 MHz for HT capabilities.
  106.   --require-ht          Require stations to support HT PHY (reject association
  107.                         if they do not). (Default: False)
  108.  
  109. IEEE 802.11ac related configuration:
  110.   --vht-width {0,1,2,3}
  111.                         VHT channel width (Default: 1).
  112.   --vht-operation {0,1}
  113.                         Enable toggling between 0 for
  114.                         vht_oper_centr_freq_seg0_idx and 1 for
  115.                         vht_oper_centr_freq_seg1_idx (Default: 0).
  116.   --vht-index VHT_INDEX
  117.                         Enables control of vht_oper_centr_freq_seg[0/1]_idx
  118.                         index value (Default: 42).
  119.   --require-vht         Require stations to support VHT PHY (reject
  120.                         association if they do not) (Default: disabled).
  121.  
  122. IWPA/IEEE 802.11i configuration:
  123.   --wpa-passphrase WPA_PASSPHRASE
  124.                         Specify the Pre-Shared Key for WPA network.
  125.   --wpa {1,2,3}         Specify WPA type (Default: 2).
  126.   --wpa-pairwise {CCMP,TKIP,CCMP TKIP}
  127.                         (Default: 'CCMP TKIP')
  128.   --rsn-pairwise {CCMP,TKIP,CCMP TKIP}
  129.                         (Default: 'CCMP')
  130.  
  131. WEP authentication configuration:
  132.   --wep-key-version {0,1,2,3}
  133.                         Determine the version of the WEP configuration
  134.   --wep-key WEP_KEY     Determine the version of the WEP configuration
  135.  
  136. IEEE 802.1X-2004 configuration:
  137.   --ieee8021x           Enable 802.1x
  138.   --eapol-version {1,2}
  139.                         IEEE 802.1X/EAPOL version (Default: 2)
  140.   --eapol-workaround    EAPOL-Key index workaround (set bit7) for WinXP
  141.                         Supplicant
  142.  
  143. RADIUS client configuration:
  144.   --no-log-badpass      When set, incorrect passwords will not be logged
  145.   --no-log-goodpass     When set, valid passwords will not be logged
  146.   --own-address OWN_IP_ADDR
  147.                         The own IP address of the access point (Default:
  148.                         127.0.0.1)
  149.   --auth-server-addr AUTH_SERVER_ADDR
  150.                         IP address of radius authentication server (Default:
  151.                         127.0.0.1)
  152.   --auth-secret AUTH_SERVER_SHARED_SECRET
  153.                         Radius authentication server shared secret (Default:
  154.                         secret)
  155.   --auth-server-port AUTH_SERVER_PORT
  156.                         Networking port of radius authentication server
  157.                         (Default: 1812)
  158.   --acct-server-addr ACCT_SERVER_ADDR
  159.                         IP address of radius accounting server (Default:
  160.                         127.0.0.1)
  161.   --acct-secret ACCT_SERVER_SHARED_SECRET
  162.                         Radius accounting server shared secret
  163.   --acct-server-port ACCT_SERVER_PORT
  164.                         Networking port of radius accounting server (Default:
  165.                         1813)
  166.   --radius-proto {udp,tcp,*}
  167.                         (Default: *)
  168.   --default-eap {fast,peap,ttls,tls,leap,pwd,md5,gtc}
  169.                         Specify the default EAP method used in RADIUS
  170.                         authentication. (Default: md5)
  171.   -E {all,fast,peap,ttls,tls,leap,pwd,md5,gtc}, --supported-eap {all,fast,peap,ttls,tls,leap,pwd,md5,gtc}
  172.                         Specify the default EAP method used in RADIUS
  173.                         authentication. (Default: md5)
  174.   --print-creds         Print intercepted credentials
  175.  
  176. External DHCP configuration:
  177.   --lease DEFAULT_LEASE_TIME
  178.                         Define DHCP lease time (Default: 600)
  179.   --max-lease MAX_LEASE_TIME
  180.                         Define max DHCP lease time (Default: 7200)
  181.   --prim-name-server PRIMARY_NAME_SERVER
  182.                         Define primary name server (Default: 8.8.8.8)
  183.   --sec-name-server SECONDARY_NAME_SERVER
  184.                         Define secondary name server (Default: 8.8.4.4)
  185.   --subnet DHCP_SUBNET  (Default: 10.254.239.0)
  186.   --route-subnet ROUTE_SUBNET
  187.                         (Default: 10.254.239)
  188.   --netmask DHCP_NETMASK
  189.                         (Default: 255.255.255.0)
  190.   --ip-address IP_ADDRESS
  191.                         (Default: 10.254.239.1)
  192.   --secondary-interface SECONDARY_INTERFACE
  193.                         Used to specify the second phy interface used to
  194.                         bridge the hostapd-wpe interface (-i) with another
  195.                         network (Default: eth0)
  196.   --pool-start DHCP_POOL_START
  197.                         (Default: 10.254.239.10)
  198.   --pool-end DHCP_POOL_END
  199.                         (Default: 10.254.239.70)
  200.  
  201. Website cloning configuration:
  202.   --clone-target CLONE_TARGET
  203.                         Used to specify target website to clone (e.g.
  204.                         https://www.example.com/)
  205.   --clone-dest CLONE_DEST
  206.                         Specify the location of the web root for the hostile
  207.                         portal, it is recommended that you clone to your web
  208.                         root. Note: httrack will create a directory in this
  209.                         location with the name of the site cloned. (Default:
  210.                         /var/www/html)
  211.  
  212. sslsplit configuration:
  213.   --cert-nopass         Generate a x.509 Certificate with no password for the
  214.                         purpose of sslsplit.
  215.   --encrypted-port SSLSPLIT_ENCRYPTED_PORT
  216.                         Specify port for encrypted web communication (TCP/443)
  217.                         be redirected to. (Default: 8443)
  218.  
  219. HTTPD configuration:
  220.   --httpd-port HTTPD_PORT
  221.                         defines the port for httpd service to listen on.
  222.                         (Default: 80)
  223.   --httpd-ssl-port HTTP_SSL_PORT
  224.                         Defines port for SSL-enabled httpd service to listen
  225.                         on. (Default: 443)
  226.   --ssl                 Enable ssl version of rogue httpd. When enabled,
  227.                         --httpd-ssl-port overwrites --httpd-port. (Default:
  228.                         443)
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top