diff --git a/Wifite.py b/Wifite.py old mode 100644 new mode 100755 diff --git a/py/Airmon.py b/py/Airmon.py index 5fdb382..9e829db 100644 --- a/py/Airmon.py +++ b/py/Airmon.py @@ -134,6 +134,7 @@ class Airmon(object): @staticmethod def ask(): ''' Asks user to define which wireless interface to use ''' + Color.pl('\n{+} looking for {C}wireless interfaces{W}') mon_ifaces = Airmon.get_interfaces_in_monitor_mode() mon_count = len(mon_ifaces) if mon_count == 1: @@ -143,8 +144,13 @@ class Airmon(object): % iface); return iface + Color.pl('') + a = Airmon() a.print_menu() + + Color.pl('') + count = len(a.interfaces) if count == 0: # No interfaces found diff --git a/py/Arguments.py b/py/Arguments.py index 19045ca..bd5d4fb 100644 --- a/py/Arguments.py +++ b/py/Arguments.py @@ -3,108 +3,219 @@ import argparse class Arguments(object): - def __init__(self): - self.args = self.get_arguments() + ''' Holds arguments used by the Wifite ''' + def __init__(self, Configuration): + self.args = self.get_arguments(Configuration) + + def get_arguments(self, Configuration): + ''' Returns parser.args() containing all program arguments ''' - def get_arguments(self): description = 'Wrapper script around aircrack-ng and reaver' - description += ' https://github.com/derv82/wifite' - parser = argparse.ArgumentParser( - description=description) + description += ' https://github.com/derv82/wifite2' + parser = argparse.ArgumentParser(description=description) # Global variables glob = parser.add_argument_group('SETTINGS') glob.add_argument('-i', action='store', dest='interface', - metavar='interface', + metavar='[interface]', type=str, help='Wireless interface to use (default: ask)') glob.add_argument('-c', action='store', dest='channel', - metavar='channel', + metavar='[channel]', type=int, help='Wireless channel to scan (default: all channels)') + glob.add_argument('-b', + action='store', + dest='target_bssid', + metavar='[bssid]', + type=str, + help='BSSID (e.g. AA:BB:CC:DD:EE:FF) of access point to attack') + glob.add_argument('-e', + action='store', + dest='target_essid', + metavar='[essid]', + type=str, + help='ESSID (name) of access point to attack') # WEP wep = parser.add_argument_group('WEP-RELATED') wep.add_argument('--wep', action='store_true', dest='wep_filter', - help='Only show WEP-encrypted networks') + help='Filter to display WEP-encrypted networks (default: off)') wep.add_argument('--require-fakeauth', action='store_true', dest='require_fakeauth', - help='Fails attacks if fake-authentication fails') + help='Fails attacks if fake-auth fails (default: off)') + wep.add_argument('-pps', + action='store', + dest='wep_pps', + metavar='[pps]', + type=int, + help='Packets Per Second to replay (default: %d pps)' + % Configuration.wep_pps) + wep.add_argument('-wept', + action='store', + dest='wep_timeout', + metavar='[seconds]', + type=int, + help='Seconds to wait before failing (default: %d ivs)' + % Configuration.wep_timeout) + wep.add_argument('-wepc', + action='store', + dest='wep_crack_at_ivs', + metavar='[ivs]', + type=int, + help='Start cracking at this many IVs (default: %d ivs)' + % Configuration.wep_crack_at_ivs) + wep.add_argument('-weprs', + action='store', + dest='wep_restart_stale_ivs', + metavar='[seconds]', + type=int, + help='Restart aireplay if no new IVs appear (default: %ds)' + % Configuration.wep_restart_stale_ivs) + wep.add_argument('-weprc', + action='store', + dest='wep_restart_aircrack', + metavar='[seconds]', + type=int, + help='Restart aircrack after this delay (default: %ds)' + % Configuration.wep_restart_aircrack) # WPA wpa = parser.add_argument_group('WPA-RELATED') wpa.add_argument('--wpa', action='store_true', dest='wpa_filter', - help='Only show WPA-encrypted networks') + help='Filter to display WPA-encrypted networks (includes WPS)') + wpa.add_argument('-wpadt', + action='store', + dest='wpa_deauth_timeout', + metavar='[seconds]', + type=int, + help='Time to wait before failing a Deauth (default: %ds)' + % Configuration.wpa_deauth_timeout) + wpa.add_argument('-wpat', + action='store', + dest='wpa_attack_timeout', + metavar='[seconds]', + type=int, + help='Time to wait before failing WPA attack (default: %ds)' + % Configuration.wpa_attack_timeout) + wpa.add_argument('-hs', + action='store', + dest='wpa_handshake_dir', + metavar='[dir]', + type=str, + help='Directory to store handshake files (default: %s)' + % Configuration.wpa_handshake_dir) + wpa.add_argument('--dict', + action='store', + dest='wordlist', + metavar='[file]', + type=str, + help='File containing passwords for cracking (default: %s)' + % Configuration.wordlist) # WPS wps = parser.add_argument_group('WPS-RELATED') wps.add_argument('--wps', action='store_true', dest='wps_filter', - help='Only show WPA networks with WPS enabled') + help='Filter to display WPS-enabled networks') wps.add_argument('--reaver', action='store_true', dest='reaver_only', - help='Only use Reaver on WPS networks (no handshake attack)') + help='ONLY use Reaver on WPS networks (default: off)') wps.add_argument('--no-reaver', action='store_true', dest='no_reaver', - help='Do NOT use Reaver on WPS networks (handshake only)') + help='Do NOT use Reaver on WPS networks (default: off)') wps.add_argument('--pixie', action='store_true', dest='pixie_only', - help='Only use the WPS Pixie-Dust attack (do not crack PINs)') - - # Cracking - crack = parser.add_argument_group('CRACKING') - crack.add_argument('--cracked', + help='Only use the WPS Pixie-Dust attack (default: off)') + wps.add_argument('--pixiet', + action='store', + dest='wps_pixie_timeout', + metavar='[seconds]', + type=int, + help='Time to wait before stopping PixieDust (default: %ds)' + % Configuration.wps_pixie_timeout) + wps.add_argument('-wpst', + action='store', + dest='wps_pin_timeout', + metavar='[seconds]', + type=int, + help='Time to wait before stopping PIN attack (default: %ds)' + % Configuration.wps_pin_timeout) + wps.add_argument('-wpsmr', + action='store', + dest='wps_max_retries', + metavar='[retries]', + type=int, + help='Maximum number of Retries before stopping (default: %d)' + % Configuration.wps_max_retries) + wps.add_argument('-wpsmf', + action='store', + dest='wps_fail_threshold', + metavar='[fails]', + type=int, + help='Maximum number of Failures before stopping (default: %d)' + % Configuration.wps_fail_threshold) + wps.add_argument('-wpsmt', + action='store', + dest='wps_timeout_threshold', + metavar='[timeouts]', + type=int, + help='Maximum number of Timeouts before stopping (default: %d)' + % Configuration.wps_timeout_threshold) + wps.add_argument('--ignore-ratelimit', + action='store_false', + dest='wps_ignore_rate_limit', + help='Continues attack if WPS is rate-limited (default: off)') + + # Commands + commands = parser.add_argument_group('COMMANDS') + commands.add_argument('--cracked', action='store_true', dest='cracked', help='Display previously-cracked access points') - crack.add_argument('--check', + commands.add_argument('--check-hs', action='store', metavar='[file]', - dest='check', + dest='check_handshake', help='Check a .cap file for WPA handshakes') - crack.add_argument('--crack-wpa', + commands.add_argument('--crack-wpa', action='store', type=str, - dest='crackwpa', + dest='crack_wpa', metavar='[file]', help='Crack a .cap file containing a WPA handshake') - crack.add_argument('--crack-wep', + commands.add_argument('--crack-wep', action='store', type=str, - dest='crackwep', + dest='crack_wep', metavar='[file]', help='Crack a .cap file containing WEP IVS') - crack.add_argument('--dict', - action='store', - type=str, - dest='wordlist', - metavar='[file]', - help='Dictionary/wordlist to use for cracking') - - # Misc - commands = parser.add_argument_group('FUNCTIONS') commands.add_argument('--update', action='store_true', dest='update', help='Update to latest version of Wifite (on github)') - + return parser.parse_args() if __name__ == '__main__': - a = Arguments() + from Color import Color + from Configuration import Configuration + Configuration.initialize() + a = Arguments(Configuration) args = a.args - print args + for (key,value) in sorted(args.__dict__.iteritems()): + Color.pl('{C}%s: {G}%s{W}' % (key.ljust(21),value)) diff --git a/py/AttackWPA.py b/py/AttackWPA.py index 6cdf7b1..bede736 100644 --- a/py/AttackWPA.py +++ b/py/AttackWPA.py @@ -23,6 +23,13 @@ class AttackWPA(Attack): ''' Initiates full WPA hanshake capture attack. ''' + + # Check if user only wants to run PixieDust attack + if Configuration.pixie_only and self.target.wps: + Color.pl('{!} {O}--pixie{R} set, ignoring WPA-handshake attack') + self.success = False + return self.success + # First, start Airodump process with Airodump(channel=self.target.channel, target_bssid=self.target.bssid, diff --git a/py/AttackWPS.py b/py/AttackWPS.py index a747a92..b4c7770 100644 --- a/py/AttackWPS.py +++ b/py/AttackWPS.py @@ -35,7 +35,7 @@ class AttackWPS(Attack): ' support the {O}WPS pixie-dust attack{W}') if Configuration.pixie_only: - Color.pl('{!} {O}--pixie-only{R} set, ignoring WPS-PIN attack{W}') + Color.pl('{!} {O}--pixie{R} set, ignoring WPS-PIN attack{W}') self.success = False else: # Run WPS-PIN attack @@ -136,7 +136,7 @@ class AttackWPS(Attack): break # TODO: Timeout check - if reaver.running_time() > Configuration.wps_timeout: + if reaver.running_time() > Configuration.wps_pixie_timeout: Color.pl('{R}failed: {O}timeout after %d seconds{W}' % Configuration.wps_timeout) break diff --git a/py/Configuration.py b/py/Configuration.py index cac9093..db8dbca 100644 --- a/py/Configuration.py +++ b/py/Configuration.py @@ -2,18 +2,8 @@ import os -''' ---wep : Target WEP networks ---wpa : Target WPA networks ---wps : Target WPS networks - ^ Can be combined - ---no-reaver : Do not use reaver on WPS networks ---reaver : Only use reaver on WPS networks -''' - class Configuration(object): - ''' Stores configuration variables for Wifite. ''' + ''' Stores configuration variables and functions for Wifite. ''' initialized = False # Flag indicating config has been initialized temp_dir = None # Temporary directory @@ -80,34 +70,74 @@ class Configuration(object): Configuration.no_reaver = False # Do not use Reaver on WPS networks Configuration.reaver = False # ONLY use Reaver on WPS networks Configuration.pixie_only = False # ONLY use Pixie-Dust attack on WPS - Configuration.wps_timeout = 600 # Seconds to wait before failing + Configuration.wps_pin_timeout = 600 # Seconds to wait before reaver fails + Configuration.wps_pixie_timeout = 600 # Seconds to wait before pixie fails Configuration.wps_max_retries = 20 # Retries before failing Configuration.wps_fail_threshold = 30 # Max number of failures Configuration.wps_timeout_threshold = 30 # Max number of timeouts Configuration.wps_skip_rate_limit = True # Skip rate-limited WPS APs + # Commands + Configuration.cracked = False + Configuration.check_handshake = None + Configuration.crack_wpa = None + Configuration.crack_wep = None + Configuration.update = False + # Overwrite config values with arguments (if defined) Configuration.load_from_arguments() @staticmethod def load_from_arguments(): - from Arguments import Arguments - args = Arguments().args ''' Sets configuration values based on Argument.args object ''' - if args.channel: Configuration.target_channel = args.channel - if args.interface: Configuration.interface = args.interface + from Arguments import Arguments + args = Arguments(Configuration).args + if args.channel: Configuration.target_channel = args.channel + if args.interface: Configuration.interface = args.interface + if args.target_bssid: Configuration.target_bssid = args.target_bssid + if args.target_essid: Configuration.target_essid = args.target_essid + + # WEP if args.wep_filter: Configuration.wep_filter = args.wep_filter + if args.wep_pps: Configuration.wep_pps = args.wep_pps + if args.wep_timeout: Configuration.wep_timeout = args.wep_timeout if args.require_fakeauth: Configuration.require_fakeauth = False + if args.wep_crack_at_ivs: + Configuration.wep_crack_at_ivs = args.wep_crack_at_ivs + if args.wep_restart_stale_ivs: + Configuration.wep_restart_stale_ivs = args.wep_restart_stale_ivs + if args.wep_restart_aircrack: + Configuration.wep_restart_aircrack = args.wep_restart_aircrack + # WPA if args.wpa_filter: Configuration.wpa_filter = args.wpa_filter if args.wordlist: Configuration.wordlist = args.wordlist + if args.wpa_deauth_timeout: + Configuration.wpa_deauth_timeout = args.wpa_deauth_timeout + if args.wpa_attack_timeout: + Configuration.wpa_attack_timeout = args.wpa_attack_timeout + if args.wpa_handshake_dir: + Configuration.wpa_handshake_dir = args.wpa_handshake_dir + # WPS if args.wps_filter: Configuration.wps_filter = args.wps_filter - if args.no_reaver: Configuration.no_reaver = args.no_reaver if args.reaver_only: Configuration.reaver_only = args.reaver_only + if args.no_reaver: Configuration.no_reaver = args.no_reaver if args.pixie_only: Configuration.pixie_only = args.pixie_only + if args.wps_pixie_timeout: + Configuration.wps_pixie_timeout = args.wps_pixie_timeout + if args.wps_pin_timeout: + Configuration.wps_pin_timeout = args.wps_pin_timeout + if args.wps_max_retries: + Configuration.wps_max_retries = args.wps_max_retries + if args.wps_fail_threshold: + Configuration.wps_fail_threshold = args.wps_fail_threshold + if args.wps_timeout_threshold: + Configuration.wps_timeout_threshold = args.wps_timeout_threshold + if args.wps_ignore_rate_limit: + Configuration.wps_skip_rate_limit = not args.wps_ignore_rate_limit # Adjust encryption filter if Configuration.wep_filter or \ @@ -119,6 +149,13 @@ class Configuration(object): if Configuration.wpa_filter: Configuration.encryption_filter.append('WPA') if Configuration.wps_filter: Configuration.encryption_filter.append('WPS') + # Commands + if args.cracked: Configuration.show_cracked = True + if args.crack_wpa: Configuration.crack_wpa = args.crack_wpa + if args.crack_wep: Configuration.crack_wep = args.crack_wep + if args.update: Configuration.update = True + if args.check_handshake: Configuration.check_handshake = args.check_handshake + if Configuration.interface == None: # Interface wasn't defined, select it! from Airmon import Airmon