#coding = utf - 8from scapy.allimport *from scapy.layers.dot11import

1. #
2. coding = utf - 8
3.  
4. from scapy.all
5. import *
6. from scapy.layers.dot11
7. import Dot11Beacon
8. from termcolor
9. import colored
10. import time
11.  
12. banner = ""
13. "
14.  
15. PiDense can detects,
16.  
17. [ * ] Pineapple activity
18. [ * ] KARMA Attacks[ * ] Enviroment threats[ * ] Deauth Attacks[ * ] Other Fake AP Tactics
19. -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -
20. ""
21. "
22.  
23. def logging(log):
24. with open("/var/log/pidens.log", "a") as f:
25. f.write(str(log) + "\n")
26. f.flush()
27. f.close()
28.  
29. def sniff_channel_hop(iface):
30. for i in range(1, 14):
31. os.system("iwconfig " + iface + " channel " + str(i))
32. sniff(iface = iface, count = 15, prn = air_scan)
33.  
34. def air_scan(pkt):
35. ""
36. "
37. Scan all network with channel hopping
38. Collected all ssid and mac address information
39. : param pkt: result of sniff
40. function ""
41. "
42. if pkt.haslayer(Dot11Beacon):
43. ssid, bssid = pkt.info, pkt.addr2
44. if ssid not in ssidlist and len(ssid) != 0:
45. ssidlist.append(ssid)
46. capability = pkt.sprintf("{Dot11Beacon:%Dot11Beacon.cap%}\
47. {Dot11ProbeResp:%Dot11ProbeResp.cap%}")
48. enc = "Y"
49. if "privacy"
50. not in capability and len(ssid) != 0:
51. enc = 'N'
52. info = "{}=*={}".format(enc, ssid)
53. if info not in info_list and info_list_2:
54. info_list.append(info)
55. info_list_2.append(info)
56. elif "privacy" in capability and len(ssid) != 0:
57. info = "{}=*={}".format(enc, ssid)
58. if info not in info_list_2:
59. info_list_2.append(info)
60.  
61. elif pkt.haslayer(Dot11ProbeResp):
62. ssid, bssid = pkt.info, pkt.addr2
63. info = "{}=*={}".format(bssid, ssid)
64. if len(ssid) != 0 and info not in info_list:
65. karmalist.append(info)
66.  
67. elif pkt.haslayer(Dot11Deauth):
68. pass#
69. if pkt.reason == 7: #deauth_list.append(pkt.reason)
70.  
71. def same_ssid(info_list_2, same_ssids):
72. for i in range(0, len(info_list_2)):
73. for j in range(i + 1, len(info_list_2)):
74. ssid1 = info_list_2[i].split("=*=")[1]
75. ssid2 = info_list_2[j].split("=*=")[1]
76. enc1 = info_list_2[i].split("=*=")[0]
77. enc2 = info_list_2[j].split("=*=")[0]
78. if ssid1 == ssid2 and enc1 != enc2 and(ssid1 or ssid2) != '':
79. same_ssids += 1
80. print u "\n\u001b[41;1mCritical\u001b[0m\t\033[1mFakeAP\t\t\u001b[41;1msame ssid, different encryption\u001b[0m\t" + "\033[1mSSID: ", ssid1
81. return same_ssids
82.  
83. def karma_attack_check(karmalist, karma):
84. for i in karmalist:
85. bssid, ssid = i.split("=*=")
86. if bssid not in karma.keys():
87. karma[bssid] = []
88. karma[bssid].append(ssid)
89. elif bssid in karma.keys() and ssid not in karma[bssid]:
90. karma[bssid].append(ssid)
91. for v in karma.keys():
92. if len(karma[v]) >= 3 and v not in karma_mac_address:
93. print u "\n\u001b[41;1mCritical\u001b[0m\t\033[1mFakeAP\t\t\u001b[41;1mKARMA Attacks\u001b[0m\t\t\t" + "\033[1mMAC: ", v
94. karma_mac_address.append(v)
95.  
96. def blackssid_check(info_list_2):
97. blackssids = open("blacklist.txt", "r").readlines()
98. blackssids = [black[: -1].lower() for black in blackssids]
99. for black in blackssids:
100. for info in info_list_2:
101. ssid = info.split("=*=")[1]
102. enc = info.split("=*=")[0]
103. if black in ssid and enc == "N":
104. print u "\n\u001b[41;1mCritical\u001b[0m\t\033[1mCritical SSID\t\u001b[41;1mBlacklist\u001b[0m\t\t\t" + "\033[1mSSID: ", ssid
105.  
106. if __name__ == '__main__':
107. density = 5
108. iface = "wlan0mon"
109. now = time.strftime("%c")
110. print banner
111. print u "\u001b[40;1m T \u001b[41;1m H \u001b[42;1m R \u001b[43;1m E \u001b[45;1m A \u001b[46;1m T \u001b[41;1m S \u001b[0m____________________________________________________\n"
112. print u "\u001b[4m\u001b[240;1mSeverity\tAttack Type\tDescription\t\t\tContent\u001b[0m"
113. while True:
114. threat_time = time.strftime("%c")
115. time.sleep(45)
116. karmalist = []
117. karma_mac_address = []
118. karma = {}
119. same_ssids = 0
120. info_list = []
121. info_list_2 = []
122. ssidlist = []
123. deauth_list = []
124. sniff_channel_hop(iface)
125. p = same_ssid(info_list_2, same_ssids)
126. blackssid_check(info_list_2)
127. karma_attack_check(karmalist, karma)
128. if p >= 3:
129. print u "\n\u001b[41;1mCritical\u001b[0m\t\033[1mPineapple\t\u001b[41;1mUnencrypted WiFi\u001b[0m\t\t" + "\033[1mCount: ", p
130. elif len(info_list) >= density:
131. print u "\n\u001b[43;1mMEDIUM\t\u001b[0m\t\033[1mDensity\t\t\u001b[43;1mOPN Networks\u001b[0m\t\t\t" + "\033[1mCount: ", len(info_list)# elif len(deauth_list) >= 0: #print u "\n\u001b[44;1mInformation\u001b[0m\t\033[1mDeauth Packets\t\u001b[44;1mDeauthentication Attacks\u001b[0m\t" + "\033[1mCount: ", len(deauth_list)
132. print "______________________________________________________: ", threat_time