alexandre/wifite2
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Documentation, code-formatting, and refactoring.

Browse Source 
* Added some docs, updated existing docs.
* Use single-quotes for strings when possible.
* Color.pexception() prints exception and stack trace.
This commit is contained in:
derv82
2018-08-17 03:40:43 -07:00
parent 6adca64154
commit 0977f48d0c
29 changed files with 627 additions and 596 deletions
Download Patch File Download Diff File Expand all files Collapse all files

50
wifite/attack/all.py
View File

@@ -1,18 +1,17 @@
#!/usr/bin/env python
# -*- coding: utf-8 -*-
from .wep import AttackWEP
from .wpa import AttackWPA
from .wps import AttackWPS
from .pmkid import AttackPMKID
from ..config import Configuration
from ..util.color import Color
from ..util.input import raw_input
class AttackAll(object):
@classmethod
def attack_multiple(cls, targets):
'''
Attacks all given `targets` (list[wifite.model.target]) until user interruption.
Returns: Number of targets that were attacked (int)
'''
attacked_targets = 0
targets_remaining = len(targets)
for index, target in enumerate(targets, start=1):
@@ -33,19 +32,35 @@ class AttackAll(object):
@classmethod
def attack_single(cls, target, targets_remaining):
'''
Attacks a single `target` (wifite.model.target).
Returns: True if attacks should continue, False otherwise.
'''
from .wep import AttackWEP
from .wpa import AttackWPA
from .wps import AttackWPS
from .pmkid import AttackPMKID
attacks = []
if Configuration.use_eviltwin:
pass # TODO:EvilTwin attack
# TODO: EvilTwin attack
pass
elif 'WEP' in target.encryption:
attacks.append(AttackWEP(target))
elif 'WPA' in target.encryption:
# WPA can have multiple attack vectors
# WPA can have multiple attack vectors:
if target.wps:
# WPS
attacks.append(AttackWPS(target))
# PMKID
attacks.append(AttackPMKID(target))
# Handshake capture
attacks.append(AttackWPA(target))
if len(attacks) == 0:
@@ -58,16 +73,7 @@ class AttackAll(object):
if result:
break # Attack was successful, stop other attacks.
except Exception as e:
Color.pl("\n{!} {R}Error: {O}%s" % str(e))
if Configuration.verbose > 0 or Configuration.print_stack_traces:
Color.pl('\n{!} {O}Full stack trace below')
from traceback import format_exc
Color.p('\n{!} ')
err = format_exc().strip()
err = err.replace('\n', '\n{W}{!} {W} ')
err = err.replace(' File', '{W}{D}File')
err = err.replace(' Exception: ', '{R}Exception: {O}')
Color.pl(err)
Color.pexception(e)
continue
except KeyboardInterrupt:
Color.pl('\n{!} {O}interrupted{W}\n')
@@ -82,10 +88,13 @@ class AttackAll(object):
@classmethod
def user_wants_to_continue(cls, targets_remaining, attacks_remaining=0):
''' Asks user if attacks should continue onto other targets '''
'''
Asks user if attacks should continue onto other targets
Returns:
True if user wants to continue, False otherwise.
'''
if attacks_remaining == 0 and targets_remaining == 0:
# No targets or attacksleft, drop out
return
return # No targets or attacksleft, drop out
prompt_list = []
if attacks_remaining > 0:
@@ -98,6 +107,7 @@ class AttackAll(object):
prompt = Color.s('{+} type {G}c{W} to {G}continue{W}' +
' or {R}s{W} to {R}stop{W}: ')
from ..util.input import raw_input
if raw_input(prompt).lower().startswith('s'):
return False
else:

48
wifite/attack/pmkid.py
View File

@@ -5,7 +5,6 @@ from ..model.attack import Attack
from ..config import Configuration
from ..tools.hashcat import HcxDumpTool, HcxPcapTool, Hashcat
from ..util.color import Color
from ..util.process import Process
from ..util.timer import Timer
from ..model.pmkid_result import CrackResultPMKID
@@ -55,7 +54,16 @@ class AttackPMKID(Attack):
def run(self):
# TODO: Check that we have all hashcat programs
'''
Performs PMKID attack, if possible.
1) Captures PMKID hash (or re-uses existing hash if found).
2) Cracks the hash.
Returns:
True if handshake is captured. False otherwise.
'''
from ..util.process import Process
# Check that we have all hashcat programs
dependencies = [
Hashcat.dependency_name,
HcxDumpTool.dependency_name,
@@ -68,15 +76,15 @@ class AttackPMKID(Attack):
pmkid_file = None
# Load exisitng has from filesystem
if Configuration.ignore_old_handshakes == False:
# Load exisitng PMKID hash from filesystem
pmkid_file = self.get_existing_pmkid_file(self.target.bssid)
if pmkid_file is not None:
Color.pattack('PMKID', self.target, 'CAPTURE',
'Loaded {C}existing{W} PMKID hash: {C}%s{W}\n' % pmkid_file)
# Capture hash from live target.
if pmkid_file is None:
# Capture hash from live target.
pmkid_file = self.capture_pmkid()
if pmkid_file is None:
@@ -85,10 +93,15 @@ class AttackPMKID(Attack):
# Crack it.
self.success = self.crack_pmkid_file(pmkid_file)
return True # Even if we don't crack it, capturing a PMKID is "successful"
return True # Even if we don't crack it, capturing a PMKID is 'successful'
def capture_pmkid(self):
'''
Runs hashcat's hcxpcaptool to extract PMKID hash from the .pcapng file.
Returns:
The PMKID hash (str) if found, otherwise None.
'''
self.keep_capturing = True
self.timer = Timer(60)
@@ -113,7 +126,7 @@ class AttackPMKID(Attack):
if pmkid_hash is None:
Color.pattack('PMKID', self.target, 'CAPTURE',
'{R}Failed{O} to capture PMKID\n')
Color.pl("")
Color.pl('')
return None # No hash found.
Color.clear_entire_line()
@@ -124,27 +137,32 @@ class AttackPMKID(Attack):
def crack_pmkid_file(self, pmkid_file):
'''
Cracks file containing PMKID hash (*.16800).
Runs hashcat containing PMKID hash (*.16800).
If cracked, saves results in self.crack_result
Returns:
True if cracked, False otherwise.
'''
# Check that wordlist exists before cracking.
if Configuration.wordlist is None:
Color.pl('\n{!} {O}Not cracking because {R}wordlist{O} is not found.')
Color.pl('{!} {O}Run Wifite with the {R}--crack{O} and {R}--dict{O} options to try again.')
Color.pl('\n{!} {O}Not cracking PMKID ' +
'because there is no {R}wordlist{O} (re-run with {C}--dict{O})')
# TODO: Uncomment once --crack is updated to support recracking PMKIDs.
#Color.pl('{!} {O}Run Wifite with the {R}--crack{O} and {R}--dict{O} options to try again.')
key = None
else:
Color.clear_entire_line()
Color.pattack('PMKID', self.target, 'CRACK', 'Cracking PMKID...\n')
Color.pattack('PMKID', self.target, 'CRACK', 'Cracking PMKID using {C}%s{W} ...\n' % Configuration.wordlist)
key = Hashcat.crack_pmkid(pmkid_file)
if key is None:
# Failed to crack.
Color.clear_entire_line()
Color.pattack('PMKID', self.target, '{R}CRACK',
'{R}Failed{O} to crack PMKID\n')
Color.pl("")
'{R}Failed{O}: passphrase not found in dictionary.\n')
Color.pl('')
return False
else:
# Successfully cracked.
@@ -158,6 +176,7 @@ class AttackPMKID(Attack):
def dumptool_thread(self):
'''Runs hashcat's hcxdumptool until it dies or `keep_capturing == False`'''
dumptool = HcxDumpTool(self.target, self.pcapng_file)
# Let the dump tool run until we have the hash.
@@ -168,9 +187,7 @@ class AttackPMKID(Attack):
def save_pmkid(self, pmkid_hash):
'''
Saves a copy of the pmkid (handshake) to hs/
'''
'''Saves a copy of the pmkid (handshake) to hs/ directory.'''
# Create handshake dir
if not os.path.exists(Configuration.wpa_handshake_dir):
os.mkdir(Configuration.wpa_handshake_dir)
@@ -188,3 +205,4 @@ class AttackPMKID(Attack):
pmkid_handle.write('\n')
return pmkid_file

24
wifite/attack/wep.py
View File

@@ -18,7 +18,7 @@ class AttackWEP(Attack):
Contains logic for attacking a WEP-encrypted access point.
'''
fakeauth_wait = 5
fakeauth_wait = 5 # TODO: Configuration?
def __init__(self, target):
super(AttackWEP, self).__init__(target)
@@ -251,16 +251,7 @@ class AttackWEP(Attack):
return self.success
except Exception as e:
Color.pl("\n{!} {R}Error: {O}%s" % str(e))
if Configuration.verbose > 0 or Configuration.print_stack_traces:
Color.pl('\n{!} {O}Full stack trace below')
from traceback import format_exc
Color.p('\n{!} ')
err = format_exc().strip()
err = err.replace('\n', '\n{!} {C} ')
err = err.replace(' File', '{W}File')
err = err.replace(' Exception: ', '{R}Exception: {O}')
Color.pl(err)
Color.pexception(e)
continue
# End of big try-catch
# End of for-each-attack-type loop
@@ -273,8 +264,8 @@ class AttackWEP(Attack):
def user_wants_to_stop(self, current_attack, attacks_remaining, target):
'''
Ask user what attack to perform next (re-orders attacks_remaining, returns False),
or if we should stop attacking this target (returns True).
Ask user what attack to perform next (re-orders attacks_remaining, returns False),
or if we should stop attacking this target (returns True).
'''
if target is None:
Color.pl("")
@@ -336,11 +327,11 @@ class AttackWEP(Attack):
attacks_remaining.insert(0, attacks_remaining.pop(answer-2))
return False # Don't stop
def fake_auth(self):
'''
Attempts to fake-authenticate with target.
Returns: True if successful,
False is unsuccessful.
Attempts to fake-authenticate with target.
Returns: True if successful, False is unsuccessful.
'''
Color.p('\r{+} attempting {G}fake-authentication{W} with {C}%s{W}...' % self.target.bssid)
fakeauth = Aireplay.fakeauth(self.target, timeout=AttackWEP.fakeauth_wait)
@@ -363,7 +354,6 @@ class AttackWEP(Attack):
return fakeauth
if __name__ == '__main__':
Configuration.initialize(True)
from ..model.target import Target

91
wifite/attack/wpa.py
View File

@@ -24,11 +24,9 @@ class AttackWPA(Attack):
self.success = False
def run(self):
'''
Initiates full WPA handshake capture attack.
'''
'''Initiates full WPA handshake capture attack.'''
# Check if user only wants to run PixieDust attack
# Skip if user only wants to run PixieDust attack
if Configuration.wps_only and self.target.wps:
Color.pl('\r{!} {O}--wps-only{R} set, ignoring WPA-handshake attack on {O}%s{W}' % self.target.essid)
self.success = False
@@ -56,8 +54,9 @@ class AttackWPA(Attack):
self.success = True
return self.success
def capture_handshake(self):
''' Returns captured or stored handshake, otherwise None '''
'''Returns captured or stored handshake, otherwise None.'''
handshake = None
# First, start Airodump process
@@ -67,7 +66,7 @@ class AttackWPA(Attack):
output_file_prefix='wpa') as airodump:
Color.clear_entire_line()
Color.pattack("WPA", self.target, "Handshake capture", "Waiting for target to appear...")
Color.pattack('WPA', self.target, 'Handshake capture', 'Waiting for target to appear...')
airodump_target = self.wait_for_target(airodump)
self.clients = []
@@ -78,7 +77,7 @@ class AttackWPA(Attack):
essid = airodump_target.essid if airodump_target.essid_known else None
handshake = self.load_handshake(bssid=bssid, essid=essid)
if handshake:
Color.pattack("WPA", self.target, "Handshake capture", "found {G}existing handshake{W} for {C}%s{W}" % handshake.essid)
Color.pattack('WPA', self.target, 'Handshake capture', 'found {G}existing handshake{W} for {C}%s{W}' % handshake.essid)
Color.pl('\n{+} Using handshake from {C}%s{W}' % handshake.capfile)
return handshake
@@ -88,10 +87,10 @@ class AttackWPA(Attack):
while handshake is None and not timeout_timer.ended():
step_timer = Timer(1)
Color.clear_entire_line()
Color.pattack("WPA",
Color.pattack('WPA',
airodump_target,
"Handshake capture",
"Listening. (clients:{G}%d{W}, deauth:{O}%s{W}, timeout:{R}%s{W})" % (len(self.clients), deauth_timer, timeout_timer))
'Handshake capture',
'Listening. (clients:{G}%d{W}, deauth:{O}%s{W}, timeout:{R}%s{W})' % (len(self.clients), deauth_timer, timeout_timer))
# Find .cap file
cap_files = airodump.find_files(endswith='.cap')
@@ -124,11 +123,11 @@ class AttackWPA(Attack):
for client in airodump_target.clients:
if client.station not in self.clients:
Color.clear_entire_line()
Color.pattack("WPA",
Color.pattack('WPA',
airodump_target,
"Handshake capture",
"Discovered new client: {G}%s{W}" % client.station)
Color.pl("")
'Handshake capture',
'Discovered new client: {G}%s{W}' % client.station)
Color.pl('')
self.clients.append(client.station)
# Send deauth to a client or broadcast
@@ -143,7 +142,7 @@ class AttackWPA(Attack):
if handshake is None:
# No handshake, attack failed.
Color.pl("\n{!} {O}WPA handshake capture {R}FAILED:{O} Timed out after %d seconds" % (Configuration.wpa_attack_timeout))
Color.pl('\n{!} {O}WPA handshake capture {R}FAILED:{O} Timed out after %d seconds' % (Configuration.wpa_attack_timeout))
return handshake
else:
# Save copy of handshake to ./hs/
@@ -153,34 +152,34 @@ class AttackWPA(Attack):
def crack_handshake(self, handshake, wordlist):
'''Tries to crack a handshake. Returns WPA key if found, otherwise None.'''
if wordlist is None:
Color.pl("{!} {O}Not cracking handshake because" +
" wordlist ({R}--dict{O}) is not set")
Color.pl('{!} {O}Not cracking handshake because' +
' wordlist ({R}--dict{O}) is not set')
return None
elif not os.path.exists(wordlist):
Color.pl("{!} {O}Not cracking handshake because" +
" wordlist {R}%s{O} was not found" % wordlist)
Color.pl('{!} {O}Not cracking handshake because' +
' wordlist {R}%s{O} was not found' % wordlist)
return None
Color.pl("\n{+} {C}Cracking WPA Handshake:{W} Using {C}aircrack-ng{W} via" +
" {C}%s{W} wordlist" % os.path.split(wordlist)[-1])
Color.pl('\n{+} {C}Cracking WPA Handshake:{W} Using {C}aircrack-ng{W} via' +
' {C}%s{W} wordlist' % os.path.split(wordlist)[-1])
key_file = Configuration.temp('wpakey.txt')
command = [
"aircrack-ng",
"-a", "2",
"-w", wordlist,
"--bssid", handshake.bssid,
"-l", key_file,
'aircrack-ng',
'-a', '2',
'-w', wordlist,
'--bssid', handshake.bssid,
'-l', key_file,
handshake.capfile
]
crack_proc = Process(command)
# Report progress of cracking
aircrack_nums_re = re.compile(r"(\d+)/(\d+) keys tested.*\(([\d.]+)\s+k/s")
aircrack_key_re = re.compile(r"Current passphrase:\s*([^\s].*[^\s])\s*$")
aircrack_nums_re = re.compile(r'(\d+)/(\d+) keys tested.*\(([\d.]+)\s+k/s')
aircrack_key_re = re.compile(r'Current passphrase:\s*([^\s].*[^\s])\s*$')
num_tried = num_total = 0
percent = num_kps = 0.0
eta_str = "unknown"
eta_str = 'unknown'
current_key = ''
while crack_proc.poll() is None:
line = crack_proc.pid.stdout.readline()
@@ -198,26 +197,26 @@ class AttackWPA(Attack):
else:
continue
status = "\r{+} {C}Cracking WPA Handshake: %0.2f%%{W}" % percent
status += " ETA: {C}%s{W}" % eta_str
status += " @ {C}%0.1fkps{W}" % num_kps
#status += " ({C}%d{W}/{C}%d{W} keys)" % (num_tried, num_total)
status += " (current key: {C}%s{W})" % current_key
status = '\r{+} {C}Cracking WPA Handshake: %0.2f%%{W}' % percent
status += ' ETA: {C}%s{W}' % eta_str
status += ' @ {C}%0.1fkps{W}' % num_kps
#status += ' ({C}%d{W}/{C}%d{W} keys)' % (num_tried, num_total)
status += ' (current key: {C}%s{W})' % current_key
Color.clear_entire_line()
Color.p(status)
Color.pl("")
Color.pl('')
# Check crack result
if os.path.exists(key_file):
with open(key_file, "r") as fid:
with open(key_file, 'r') as fid:
key = fid.read().strip()
os.remove(key_file)
Color.pl("{+} {G}Cracked WPA Handshake{W} PSK: {G}%s{W}\n" % key)
Color.pl('{+} {G}Cracked WPA Handshake{W} PSK: {G}%s{W}\n' % key)
return key
else:
Color.pl("{!} {R}Failed to crack handshake:" +
" {O}%s{R} did not contain password{W}" % wordlist.split(os.sep)[-1])
Color.pl('{!} {R}Failed to crack handshake:' +
' {O}%s{R} did not contain password{W}' % wordlist.split(os.sep)[-1])
return None
def load_handshake(self, bssid, essid):
@@ -260,7 +259,7 @@ class AttackWPA(Attack):
cap_filename = os.path.join(Configuration.wpa_handshake_dir, cap_filename)
if Configuration.wpa_strip_handshake:
Color.p("{+} {C}stripping{W} non-handshake packets, saving to {G}%s{W}..." % cap_filename)
Color.p('{+} {C}stripping{W} non-handshake packets, saving to {G}%s{W}...' % cap_filename)
handshake.strip(outfile=cap_filename)
Color.pl('{G}saved{W}')
else:
@@ -282,25 +281,25 @@ class AttackWPA(Attack):
for index, client in enumerate([None] + self.clients):
if client is None:
target_name = "*broadcast*"
target_name = '*broadcast*'
else:
target_name = client
Color.clear_entire_line()
Color.pattack("WPA",
Color.pattack('WPA',
target,
"Handshake capture",
"Deauthing {O}%s{W}" % target_name)
'Handshake capture',
'Deauthing {O}%s{W}' % target_name)
Aireplay.deauth(target.bssid, client_mac=client, timeout=2)
if __name__ == '__main__':
Configuration.initialize(True)
from ..model.target import Target
fields = "A4:2B:8C:16:6B:3A, 2015-05-27 19:28:44, 2015-05-27 19:28:46, 11, 54e,WPA, WPA, , -58, 2, 0, 0. 0. 0. 0, 9, Test Router Please Ignore, ".split(',')
fields = 'A4:2B:8C:16:6B:3A, 2015-05-27 19:28:44, 2015-05-27 19:28:46, 11, 54e,WPA, WPA, , -58, 2, 0, 0. 0. 0. 0, 9, Test Router Please Ignore, '.split(',')
target = Target(fields)
wpa = AttackWPA(target)
try:
wpa.run()
except KeyboardInterrupt:
Color.pl("")
Color.pl('')
pass
Configuration.exit_gracefully(0)

50
wifite/attack/wps.py
View File

@@ -4,8 +4,6 @@
from ..model.attack import Attack
from ..util.color import Color
from ..config import Configuration
from ..tools.bully import Bully
from ..tools.reaver import Reaver
class AttackWPS(Attack):
def __init__(self, target):
@@ -22,26 +20,36 @@ class AttackWPS(Attack):
self.success = False
return self.success
###################
# Pixie-Dust attack
if Configuration.use_bully:
# Bully: Pixie-dust
bully = Bully(self.target)
bully.run()
bully.stop()
self.crack_result = bully.crack_result
self.success = self.crack_result is not None
return self.success
return self.run_bully()
else:
reaver = Reaver(self.target)
if reaver.is_pixiedust_supported():
# Reaver: Pixie-dust
reaver = Reaver(self.target)
reaver.run()
self.crack_result = reaver.crack_result
self.success = self.crack_result is not None
return self.success
else:
Color.pl("{!} {R}your version of 'reaver' does not support the {O}WPS pixie-dust attack{W}")
return self.run_reaver()
return False
def run_bully(self):
# Bully: Pixie-dust
from ..tools.bully import Bully
bully = Bully(self.target)
bully.run()
bully.stop()
self.crack_result = bully.crack_result
self.success = self.crack_result is not None
return self.success
def run_reaver(self):
from ..tools.reaver import Reaver
reaver = Reaver(self.target)
if not reaver.is_pixiedust_supported():
Color.pl("{!} {R}your version of 'reaver' does not support the {O}WPS pixie-dust attack{W}")
return False
else:
# Reaver: Pixie-dust
reaver = Reaver(self.target)
reaver.run()
self.crack_result = reaver.crack_result
self.success = self.crack_result is not None
return self.success