alexandre/wifite2
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Fixing logic with switches, updating README.

Browse Source 
Some switches are not compatible (--wps-only + --pmkid).
Wifite detects & stops if options are incompatible.

README was oudated (said no PIN attack), updated some URLs.
This commit is contained in:
derv82
2018-09-02 10:59:11 -07:00
parent 7309dfcce6
commit 467f40d68a
4 changed files with 43 additions and 46 deletions
Download Patch File Download Diff File Expand all files Collapse all files

44
README.md
View File

@@ -5,32 +5,30 @@ This repo is a complete re-write of [`wifite`](https://github.com/derv82/wifite)
Wifite runs existing wireless-auditing tools for you. Stop memorizing command arguments & switches! Wifite runs existing wireless-auditing tools for you. Stop memorizing command arguments & switches!
Wifite is compatible with both `python2` and `python3`.
Wifite is designed to use all known methods for retrieving the password of a wireless access point (router). These methods include: Wifite is designed to use all known methods for retrieving the password of a wireless access point (router). These methods include:
1. WPS: The [WPS Pixie-Dust attack](https://nakedsecurity.sophos.com/2014/09/02/using-wps-may-be-even-more-dangerous/) 1. WPS: The [Offline Pixie-Dust attack](https://en.wikipedia.org/wiki/Wi-Fi_Protected_Setup#Offline_brute-force_attack)
2. WPA: The [WPA Handshake Capture](https://hashcat.net/forum/thread-7717.html) and offline crack. 1. WPS: The [Online Brute-Force PIN attack](https://en.wikipedia.org/wiki/Wi-Fi_Protected_Setup#Online_brute-force_attack)
3. WPA: The [PMKID Hash Capture](https://hashcat.net/forum/thread-7717.html) and offline crack. 2. WPA: The [WPA Handshake Capture](https://hashcat.net/forum/thread-7717.html) + offline crack.
3. WPA: The [PMKID Hash Capture](https://hashcat.net/forum/thread-7717.html) + offline crack.
4. WEP: Various known attacks against WEP, including *fragmentation*, *chop-chop*, *aireplay*, etc. 4. WEP: Various known attacks against WEP, including *fragmentation*, *chop-chop*, *aireplay*, etc.
Run wifite, select your targets, and Wifite will automatically start trying to capture or crack the password. Run wifite, select your targets, and Wifite will automatically start trying to capture or crack the password.
Supported Operating Systems Supported Operating Systems
--------------------------- ---------------------------
Wifite is designed specifically for the latest version of [**Kali** Linux](https://www.kali.org/). [ParrotSec](https://www.parrotsec.org/) is also supported. Wifite is designed specifically for the latest version of [**Kali** Linux](https://www.kali.org/). [ParrotSec](https://www.parrotsec.org/) is also supported.
Other pen-testing distributions (such as BackBox) have outdated versions of the tools used by Wifite. Do not expect support unless you are using the latest versions of the *Required Tools*. Other pen-testing distributions (such as BackBox or Ubuntu) have outdated versions of the tools used by Wifite. Do not expect support unless you are using the latest versions of the *Required Tools*, and also [patched wireless drivers that support injection]().
Required Tools Required Tools
-------------- --------------
First and foremost, you will need a wireless card capable of "Monitor Mode" and packet injection (see [this tutorial for checking if your wireless card is compatible](http://www.aircrack-ng.org/doku.php?id=compatible_cards) and also [this guide](https://en.wikipedia.org/wiki/Wi-Fi_Protected_Setup#Offline_brute-force_attack)). There are many cheap wireless cards that plug into USB available from online stores.
First and foremost, you will need a wireless card capable of "Monitor Mode" and packet injection (see [this tutorial for checking if your wireless card is compatible](http://www.aircrack-ng.org/doku.php?id=compatible_cards)). There are many cheap wireless cards that plug into USB available from online stores.
Second, only the latest versions of these programs are supported and must be installed for Wifite to work properly: Second, only the latest versions of these programs are supported and must be installed for Wifite to work properly:
**Required:** **Required:**
* `python`: Wifite is compatible with both `python2` and `python3`.
* [`iwconfig`](https://wiki.debian.org/iwconfig): For identifying wireless devices already in Monitor Mode. * [`iwconfig`](https://wiki.debian.org/iwconfig): For identifying wireless devices already in Monitor Mode.
* [`ifconfig`](https://en.wikipedia.org/wiki/Ifconfig): For starting/stopping wireless devices. * [`ifconfig`](https://en.wikipedia.org/wiki/Ifconfig): For starting/stopping wireless devices.
* [`Aircrack-ng`](http://aircrack-ng.org/) suite, includes: * [`Aircrack-ng`](http://aircrack-ng.org/) suite, includes:
@@ -43,9 +41,9 @@ Second, only the latest versions of these programs are supported and must be ins
**Optional, but Recommended:** **Optional, but Recommended:**
* [`tshark`](https://www.wireshark.org/docs/man-pages/tshark.html): For detecting WPS networks and inspecting handshake capture files. * [`tshark`](https://www.wireshark.org/docs/man-pages/tshark.html): For detecting WPS networks and inspecting handshake capture files.
* [`reaver`](https://github.com/t6x/reaver-wps-fork-t6x): For WPS Pixie-Dust attacks. * [`reaver`](https://github.com/t6x/reaver-wps-fork-t6x): For WPS Pixie-Dust & brute-force attacks.
* Note: Reaver's `wash` tool can be used to detect WPS networks if `tshark` is not found. * Note: Reaver's `wash` tool can be used to detect WPS networks if `tshark` is not found.
* [`bully`](https://github.com/aanarchyy/bully): For WPS Pixie-Dust attacks. * [`bully`](https://github.com/aanarchyy/bully): For WPS Pixie-Dust & brute-force attacks.
* Alternative to Reaver. Specify `--bully` to use Bully instead of Reaver. * Alternative to Reaver. Specify `--bully` to use Bully instead of Reaver.
* Bully is also used to fetch PSK if `reaver` cannot after cracking WPS PIN. * Bully is also used to fetch PSK if `reaver` cannot after cracking WPS PIN.
* [`coWPAtty`](https://tools.kali.org/wireless-attacks/cowpatty): For detecting handshake captures. * [`coWPAtty`](https://tools.kali.org/wireless-attacks/cowpatty): For detecting handshake captures.
@@ -54,18 +52,17 @@ Second, only the latest versions of these programs are supported and must be ins
* [`hcxdumptool`](https://github.com/ZerBea/hcxdumptool): For capturing PMKID hashes. * [`hcxdumptool`](https://github.com/ZerBea/hcxdumptool): For capturing PMKID hashes.
* [`hcxpcaptool`](https://github.com/ZerBea/hcxtools): For converting PMKID packet captures into `hashcat`'s format. * [`hcxpcaptool`](https://github.com/ZerBea/hcxtools): For converting PMKID packet captures into `hashcat`'s format.
Run Wifite Run Wifite
---------- ----------
``` ```
git clone https://github.com/derv82/wifite2.git git clone https://github.com/derv82/wifite2.git
cd wifite2 cd wifite2
python -m wifite sudo ./Wifite.py
``` ```
Install Wifite Install Wifite
-------------- --------------
To install onto your computer (so you can just run `wifite` from any terminal), run: To install onto your computer (so you can just run `wifite` from any terminal), run:
```bash ```bash
@@ -84,24 +81,23 @@ sudo python setup.py install --record files.txt \
Brief Feature List Brief Feature List
------------------ ------------------
* [PMKID hash capture](https://hashcat.net/forum/thread-7717.html) (enabled by-default, force with: `--pmkid`) * [PMKID hash capture](https://hashcat.net/forum/thread-7717.html) (enabled by-default, force with: `--pmkid`)
* Reaver (or `-bully`) WPS Pixie-Dust attack (enabled by-default, force with: `--wps-only`) * WPS Offline Brute-Force Attack aka "Pixie-Dust". (enabled by-default, force with: `--wps-only --pixie`)
* WPA handshake capture (enabled by-default, force with: `--no-wps`) * WPS Online Brute-Force Attack aka "PIN attack". (enabled by-default, force with: `--wps-only --no-pixie`)
* WPA/2 Offline Brute-Force Attack via 4-Way Handshake capture (enabled by-default, force with: `--no-wps`)
* Validates handshakes against `pyrit`, `tshark`, `cowpatty`, and `aircrack-ng` (when available) * Validates handshakes against `pyrit`, `tshark`, `cowpatty`, and `aircrack-ng` (when available)
* Various WEP attacks (replay, chopchop, fragment, hirte, p0841, caffe-latte) * Various WEP attacks (replay, chopchop, fragment, hirte, p0841, caffe-latte)
* Automatically decloaks hidden access points while scanning or attacking. * Automatically decloaks hidden access points while scanning or attacking.
* Note: Only works when channel is fixed. Use the `-c <channel>` switch. * Note: Only works when channel is fixed. Use `-c <channel>`
* Disable this via `--no-deauths` switch * Disable this using `--no-deauths`
* 5Ghz support for some wireless cards (via `-5` switch). * 5Ghz support for some wireless cards (via `-5` switch).
* Note: Some tools don't play well on 5GHz channels (e.g. `aireplay-ng`) * Note: Some tools don't play well on 5GHz channels (e.g. `aireplay-ng`)
* Stores cracked passwords and handshakes to the current directory (`--cracked`) * Stores cracked passwords and handshakes to the current directory (`--cracked`)
* Includes metadata about the access point. * Includes information about the cracked access point (Name, BSSID, Date, etc).
* Easy to try to crack handshakes or PMKID hashes against a wordlist (`--crack`) * Easy to try to crack handshakes or PMKID hashes against a wordlist (`--crack`)
What's new? What's new?
----------- -----------
Comparing this repo to the "old wifite" @ https://github.com/derv82/wifite Comparing this repo to the "old wifite" @ https://github.com/derv82/wifite
* **Less bugs** * **Less bugs**
@@ -121,22 +117,16 @@ Comparing this repo to the "old wifite" @ https://github.com/derv82/wifite
What's gone? What's gone?
------------ ------------
* No more WPS PIN attack, because it can take days on-average.
* However, this feature may be added back into Wiite2 (See [#90](https://github.com/derv82/wifite2/issues/90))
* And the Pixie-Dust attack is still an option.
* Some command-line arguments (`--wept`, `--wpst`, and other confusing switches). * Some command-line arguments (`--wept`, `--wpst`, and other confusing switches).
* You can still access some of these obscure options, try `wifite -h -v` * You can still access some of these obscure options, try `wifite -h -v`
What's not new? What's not new?
--------------- ---------------
* (Mostly) Backwards compatible with the original `wifite`'s arguments. * (Mostly) Backwards compatible with the original `wifite`'s arguments.
* Same text-based interface everyone knows and loves. * Same text-based interface everyone knows and loves.
Screenshots Screenshots
----------- -----------
Cracking WPS PIN using `reaver`'s Pixie-Dust attack, then retrieving WPA PSK using `bully`: Cracking WPS PIN using `reaver`'s Pixie-Dust attack, then retrieving WPA PSK using `bully`:
![Pixie-Dust with Reaver to get PIN and Bully to get PSK](https://i.imgur.com/I2W0wND.gif) ![Pixie-Dust with Reaver to get PIN and Bully to get PSK](https://i.imgur.com/I2W0wND.gif)

28
wifite/attack/all.py
View File

@@ -58,21 +58,27 @@ class AttackAll(object):
# WPA can have multiple attack vectors: # WPA can have multiple attack vectors:
# WPS # WPS
if target.wps != False and AttackWPS.can_attack_wps(): if not Configuration.use_pmkid_only:
if Configuration.wps_pixie: if target.wps != False and AttackWPS.can_attack_wps():
attacks.append(AttackWPS(target, pixie_dust=True)) # Pixie-Dust
if Configuration.wps_pin: if Configuration.wps_pixie:
attacks.append(AttackWPS(target, pixie_dust=False)) attacks.append(AttackWPS(target, pixie_dust=True))
# PMKID # PIN attack
attacks.append(AttackPMKID(target)) if Configuration.wps_pin:
attacks.append(AttackWPS(target, pixie_dust=False))
# Handshake capture if not Configuration.wps_only:
attacks.append(AttackWPA(target)) # PMKID
attacks.append(AttackPMKID(target))
# Handshake capture
if not Configuration.use_pmkid_only:
attacks.append(AttackWPA(target))
if len(attacks) == 0: if len(attacks) == 0:
Color.pl('{!} {R}Error: {O}Unable to attack: encryption not WEP or WPA') Color.pl('{!} {R}Error: {O}Unable to attack: no attacks available')
return return True # Keep attacking other targets (skip)
while len(attacks) > 0: while len(attacks) > 0:
attack = attacks.pop(0) attack = attacks.pop(0)

7
wifite/attack/pmkid.py
View File

@@ -62,12 +62,6 @@ class AttackPMKID(Attack):
Returns: Returns:
True if handshake is captured. False otherwise. True if handshake is captured. False otherwise.
''' '''
# Skip if user only wants to attack WPS targets
if Configuration.wps_only and self.target.wps == False:
Color.pl('\r{!} {O}Skipping PMKID attack on {R}%s{O} because {R}--wps-only{O} is set{W}' % self.target.essid)
self.success = False
return False
from ..util.process import Process from ..util.process import Process
# Check that we have all hashcat programs # Check that we have all hashcat programs
dependencies = [ dependencies = [
@@ -174,7 +168,6 @@ class AttackPMKID(Attack):
Color.clear_entire_line() Color.clear_entire_line()
Color.pattack('PMKID', self.target, '{R}CRACK', Color.pattack('PMKID', self.target, '{R}CRACK',
'{R}Failed {O}Passphrase not found in dictionary.\n') '{R}Failed {O}Passphrase not found in dictionary.\n')
Color.pl('')
return False return False
else: else:
# Successfully cracked. # Successfully cracked.

10
wifite/config.py
View File

@@ -148,15 +148,23 @@ class Configuration(object):
Color.pl('{+} {C}option:{W} using {G}eviltwin attacks{W} against all targets') Color.pl('{+} {C}option:{W} using {G}eviltwin attacks{W} against all targets')
''' '''
# Adjust WEP attack list
cls.parse_wep_attacks() cls.parse_wep_attacks()
cls.validate()
# Commands # Commands
if args.cracked: cls.show_cracked = True if args.cracked: cls.show_cracked = True
if args.check_handshake: cls.check_handshake = args.check_handshake if args.check_handshake: cls.check_handshake = args.check_handshake
if args.crack_handshake: cls.crack_handshake = True if args.crack_handshake: cls.crack_handshake = True
@classmethod
def validate(cls):
if cls.use_pmkid_only and cls.wps_only:
Color.pl('{!} {R}Bad Configuration:{O} --pmkid and --wps-only are not compatible')
raise RuntimeError('Unable to attack networks: --pmkid and --wps-only are not compatible together')
@classmethod @classmethod
def parse_settings_args(cls, args): def parse_settings_args(cls, args):
'''Parses basic settings/configurations from arguments.''' '''Parses basic settings/configurations from arguments.'''