alexandre/wifite2
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Detect when AP has WPS Locked, show in target list

Browse Source
This commit is contained in:
derv82
2018-08-24 16:50:24 -07:00
parent 141934a7b1
commit 2e671e0273
8 changed files with 43 additions and 23 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
wifite/attack/all.py
View File

@@ -54,7 +54,7 @@ class AttackAll(object):
# WPA can have multiple attack vectors: # WPA can have multiple attack vectors:
# WPS # WPS
if target.wps: if target.wps != False:
if Configuration.wps_pixie: if Configuration.wps_pixie:
attacks.append(AttackWPS(target, pixie_dust=True)) attacks.append(AttackWPS(target, pixie_dust=True))
if Configuration.wps_pin: if Configuration.wps_pin:

4
wifite/attack/pmkid.py
View File

@@ -62,8 +62,8 @@ class AttackPMKID(Attack):
Returns: Returns:
True if handshake is captured. False otherwise. True if handshake is captured. False otherwise.
''' '''
# Skip if user only wants to run PixieDust attack # Skip if user only wants to attack WPS targets
if Configuration.wps_only and self.target.wps: if Configuration.wps_only and self.target.wps == False:
Color.pl('\r{!} {O}Skipping PMKID attack on {R}%s{O} because {R}--wps-only{O} is set{W}' % self.target.essid) Color.pl('\r{!} {O}Skipping PMKID attack on {R}%s{O} because {R}--wps-only{O} is set{W}' % self.target.essid)
self.success = False self.success = False
return False return False

12
wifite/attack/wpa.py
View File

@@ -27,15 +27,17 @@ class AttackWPA(Attack):
def run(self): def run(self):
'''Initiates full WPA handshake capture attack.''' '''Initiates full WPA handshake capture attack.'''
if Configuration.use_pmkid_only: # Skip if target is not WPS
self.success = False if Configuration.wps_only and self.target.wps == False:
return False
# Skip if user only wants to run PixieDust attack
if Configuration.wps_only and self.target.wps:
Color.pl('\r{!} {O}Skipping WPA-Handshake attack on {R}%s{O} because {R}--wps-only{O} is set{W}' % self.target.essid) Color.pl('\r{!} {O}Skipping WPA-Handshake attack on {R}%s{O} because {R}--wps-only{O} is set{W}' % self.target.essid)
self.success = False self.success = False
return self.success return self.success
# Skip if user only wants to run PMKID attack
if Configuration.use_pmkid_only:
self.success = False
return False
# Capture the handshake (or use an old one) # Capture the handshake (or use an old one)
handshake = self.capture_handshake() handshake = self.capture_handshake()

9
wifite/model/target.py
View File

@@ -60,7 +60,8 @@ class Target(object):
self.essid = None # '(%s)' % self.bssid self.essid = None # '(%s)' % self.bssid
self.essid_known = False self.essid_known = False
self.wps = None # False=No WPS, None=Locked WPS, True=Unlocked WPS
self.wps = False
self.decloaked = False # If ESSID was hidden but we decloaked it. self.decloaked = False # If ESSID was hidden but we decloaked it.
@@ -136,9 +137,9 @@ class Target(object):
if self.wps == True: if self.wps == True:
wps = Color.s('{G} yes') wps = Color.s('{G} yes')
elif self.wps == False: elif self.wps == False:
wps = Color.s('{R} no') wps = Color.s('{O} no')
else: elif self.wps is None:
wps = Color.s('{O} n/a') wps = Color.s('{R}lock')
clients = ' ' clients = ' '
if len(self.clients) > 0: if len(self.clients) > 0:

2
wifite/tools/airodump.py
View File

@@ -260,7 +260,7 @@ class Airodump(Dependency):
result.append(target) result.append(target)
elif 'WPA' in Configuration.encryption_filter and 'WPA' in target.encryption: elif 'WPA' in Configuration.encryption_filter and 'WPA' in target.encryption:
result.append(target) result.append(target)
elif 'WPS' in Configuration.encryption_filter and target.wps: elif 'WPS' in Configuration.encryption_filter and target.wps != False:
result.append(target) result.append(target)
elif skip_wps: elif skip_wps:
result.append(target) result.append(target)

18
wifite/tools/tshark.py
View File

@@ -159,6 +159,7 @@ class Tshark(Dependency):
capfile - .cap file from airodump containing packets capfile - .cap file from airodump containing packets
targets - list of Targets from scan, to be updated targets - list of Targets from scan, to be updated
''' '''
from ..config import Configuration
if not Tshark.exists(): if not Tshark.exists():
raise ValueError('Cannot detect WPS networks: Tshark does not exist') raise ValueError('Cannot detect WPS networks: Tshark does not exist')
@@ -183,24 +184,32 @@ class Tshark(Dependency):
# Failure is acceptable # Failure is acceptable
return return
bssids = set() wps_bssids = set()
locked_bssids = set()
for line in lines.split('\n'): for line in lines.split('\n'):
if ',' not in line: if ',' not in line:
continue continue
bssid, locked = line.split(',') bssid, locked = line.split(',')
# Ignore if WPS is locked? # Ignore if WPS is locked?
if '1' not in locked: if '1' not in locked:
bssids.add(bssid.upper()) wps_bssids.add(bssid.upper())
else:
locked_bssids.add(bssid.upper())
for t in targets: for t in targets:
t.wps = t.bssid.upper() in bssids target_bssid = t.bssid.upper()
if target_bssid in wps_bssids:
t.wps = True
elif target_bssid in locked_bssids:
t.wps = None
else:
t.wps = False
if __name__ == '__main__': if __name__ == '__main__':
test_file = './tests/files/contains_wps_network.cap' test_file = './tests/files/contains_wps_network.cap'
target_bssid = 'A4:2B:8C:16:6B:3A' target_bssid = 'A4:2B:8C:16:6B:3A'
'''
from ..model.target import Target from ..model.target import Target
fields = [ fields = [
'A4:2B:8C:16:6B:3A', # BSSID 'A4:2B:8C:16:6B:3A', # BSSID
@@ -219,6 +228,5 @@ if __name__ == '__main__':
print('Target(BSSID={}).wps = {} (Expected: True)'.format(targets[0].bssid, targets[0].wps)) print('Target(BSSID={}).wps = {} (Expected: True)'.format(targets[0].bssid, targets[0].wps))
assert targets[0].wps == True assert targets[0].wps == True
'''
print(Tshark.bssids_with_handshakes(test_file, bssid=target_bssid)) print(Tshark.bssids_with_handshakes(test_file, bssid=target_bssid))

15
wifite/tools/wash.py
View File

@@ -38,20 +38,29 @@ class Wash(Dependency):
return return
# Find all BSSIDs # Find all BSSIDs
bssids = set() wps_bssids = set()
locked_bssids = set()
for line in lines.split('\n'): for line in lines.split('\n'):
try: try:
obj = json.loads(line) obj = json.loads(line)
bssid = obj['bssid'] bssid = obj['bssid']
locked = obj['wps_locked'] locked = obj['wps_locked']
if locked != True: if locked != True:
bssids.add(bssid) wps_bssids.add(bssid)
else:
locked_bssids.add(bssid)
except: except:
pass pass
# Update targets # Update targets
for t in targets: for t in targets:
t.wps = t.bssid.upper() in bssids target_bssid = t.bssid.upper()
if target_bssid in wps_bssids:
t.wps = True
elif target_bssid in locked_bssids:
t.wps = None
else:
t.wps = False
if __name__ == '__main__': if __name__ == '__main__':
test_file = './tests/files/contains_wps_network.cap' test_file = './tests/files/contains_wps_network.cap'

2
wifite/util/scanner.py
View File

@@ -88,7 +88,7 @@ class Scanner(object):
return False # No specific target from user. return False # No specific target from user.
for target in self.targets: for target in self.targets:
if Configuration.wps_only and target.wps != True: if Configuration.wps_only and target.wps == False:
continue continue
if bssid and target.bssid and bssid.lower() == target.bssid.lower(): if bssid and target.bssid and bssid.lower() == target.bssid.lower():
self.target = target self.target = target