Reaver: Stop if AP becomes locked. Config/Args cleanup

wifite/args.py

@@ -51,18 +51,25 @@ class Arguments(object):
             dest='interface',
             metavar='[interface]',
             type=str,
-            help=Color.s('Wireless interface to use (default: {G}choose first ' +
+            help=Color.s('Wireless interface to use, e.g. {C}wlan0mon{W} ' +
-                'or ask{W})'))
+                '(default: {G}ask{W})'))
 
         glob.add_argument('-c',
             action='store',
             dest='channel',
             metavar='[channel]',
             type=int,
-            help=Color.s('Wireless channel to scan (default: {G}all channels{W})'))
+            help=Color.s('Wireless channel to scan (default: {G}all 2Ghz channels{W})'))
         glob.add_argument('--channel', help=argparse.SUPPRESS, action='store',
                 dest='channel', type=int)
 
+        glob.add_argument('-5',
+            '--5ghz',
+            action='store_true',
+            dest='five_ghz',
+            help=self._verbose('Include 5Ghz channels (default: {G}off{W})'))
+
+
         glob.add_argument('-mac',
             '--random-mac',
             action='store_true',
@@ -87,12 +94,6 @@ class Arguments(object):
             help=Color.s('Kill processes that conflict with Airmon/Airodump ' +
                 '(default: {G}off{W})'))
 
-        glob.add_argument('-5',
-            '--5ghz',
-            action='store_true',
-            dest='five_ghz',
-            help=self._verbose('Include 5Ghz channels (default: {G}off{W})'))
-
         glob.add_argument('-b',
             action='store',
             dest='target_bssid',
@@ -122,7 +123,7 @@ class Arguments(object):
         glob.add_argument('--ignore-essid', help=argparse.SUPPRESS, action='store',
                 dest='ignore_essid', type=str)
 
-        glob.add_argument('--clients-only', '-co',
+        glob.add_argument('--clients-only',
             action='store_true',
             dest='clients_only',
             help=Color.s('Only show targets that have associated clients ' +
@@ -170,15 +171,14 @@ class Arguments(object):
         wep.add_argument('--wep',
             action='store_true',
             dest='wep_filter',
-            help=Color.s('Filter to display only WEP-encrypted networks ' +
+            help=Color.s('Show only {C}WEP-encrypted networks{W}'))
-                '(default: {G}off{W})'))
         wep.add_argument('-wep', help=argparse.SUPPRESS, action='store_true',
                 dest='wep_filter')
 
         wep.add_argument('--require-fakeauth',
             action='store_true',
             dest='require_fakeauth',
-            help=Color.s('Fails attacks if fake-auth fails (default: {G}off{W})'))
+            help=Color.s('Fails attacks if {C}fake-auth{W} fails (default: {G}off{W})'))
         wep.add_argument('--nofakeauth', help=argparse.SUPPRESS, action='store_true',
                 dest='require_fakeauth')
         wep.add_argument('-nofakeauth', help=argparse.SUPPRESS, action='store_true',
@@ -196,7 +196,7 @@ class Arguments(object):
             dest='wep_pps',
             metavar='[pps]',
             type=int,
-            help=self._verbose('Packets Per Second to replay (default: ' +
+            help=self._verbose('Packets-per-second to replay (default: ' +
                 '{G}%d pps{W})' % self.config.wep_pps))
         wep.add_argument('-pps', help=argparse.SUPPRESS, action='store',
                 dest='wep_pps', type=int)
@@ -244,42 +244,42 @@ class Arguments(object):
         wep.add_argument('--arpreplay',
             action='store_true',
             dest='wep_attack_replay',
-            help=self._verbose('Use ARP-replay WEP attack (default: {G}on{W})'))
+            help=self._verbose('Use {C}ARP-replay{W} WEP attack (default: {G}on{W})'))
         wep.add_argument('-arpreplay', help=argparse.SUPPRESS, action='store_true',
                 dest='wep_attack_replay')
 
         wep.add_argument('--fragment',
             action='store_true',
             dest='wep_attack_fragment',
-            help=self._verbose('Use fragmentation WEP attack (default: {G}on{W})'))
+            help=self._verbose('Use {C}fragmentation{W} WEP attack (default: {G}on{W})'))
         wep.add_argument('-fragment', help=argparse.SUPPRESS, action='store_true',
                 dest='wep_attack_fragment')
 
         wep.add_argument('--chopchop',
             action='store_true',
             dest='wep_attack_chopchop',
-            help=self._verbose('Use chop-chop WEP attack (default: {G}on{W})'))
+            help=self._verbose('Use {C}chop-chop{W} WEP attack (default: {G}on{W})'))
         wep.add_argument('-chopchop', help=argparse.SUPPRESS, action='store_true',
                 dest='wep_attack_chopchop')
 
         wep.add_argument('--caffelatte',
             action='store_true',
             dest='wep_attack_caffe',
-            help=self._verbose('Use caffe-latte WEP attack (default: {G}on{W})'))
+            help=self._verbose('Use {C}caffe-latte{W} WEP attack (default: {G}on{W})'))
         wep.add_argument('-caffelatte', help=argparse.SUPPRESS, action='store_true',
                 dest='wep_attack_caffelatte')
 
         wep.add_argument('--p0841',
             action='store_true',
             dest='wep_attack_p0841',
-            help=self._verbose('Use p0841 WEP attack (default: {G}on{W})'))
+            help=self._verbose('Use {C}p0841{W} WEP attack (default: {G}on{W})'))
         wep.add_argument('-p0841', help=argparse.SUPPRESS, action='store_true',
                 dest='wep_attack_p0841')
 
         wep.add_argument('--hirte',
             action='store_true',
             dest='wep_attack_hirte',
-            help=self._verbose('Use ARP-replay WEP attack (default: {G}on{W})'))
+            help=self._verbose('Use {C}hirte{W} WEP attack (default: {G}on{W})'))
         wep.add_argument('-hirte', help=argparse.SUPPRESS, action='store_true',
                 dest='wep_attack_hirte')
 
@@ -288,35 +288,15 @@ class Arguments(object):
         wpa.add_argument('--wpa',
             action='store_true',
             dest='wpa_filter',
-            help=Color.s('Filter to display only WPA-encrypted networks (includes WPS)'))
+            help=Color.s('Show only {C}WPA-encrypted networks{W} (includes {C}WPS{W})'))
         wpa.add_argument('-wpa', help=argparse.SUPPRESS, action='store_true',
                 dest='wpa_filter')
 
-        wpa.add_argument('--wpadt',
-            action='store',
-            dest='wpa_deauth_timeout',
-            metavar='[seconds]',
-            type=int,
-            help=self._verbose('Time to wait between sending Deauths ' +
-                '(default: {G}%d sec{W})' % self.config.wpa_deauth_timeout))
-        wpa.add_argument('-wpadt', help=argparse.SUPPRESS, action='store',
-                dest='wpa_deauth_timeout', type=int)
-
-        wpa.add_argument('--wpat',
-            action='store',
-            dest='wpa_attack_timeout',
-            metavar='[seconds]',
-            type=int,
-            help=self._verbose('Time to wait before failing WPA attack ' +
-                '(default: {G}%d sec{W})' % self.config.wpa_attack_timeout))
-        wpa.add_argument('-wpat', help=argparse.SUPPRESS, action='store',
-                dest='wpa_attack_timeout', type=int)
-
         wpa.add_argument('--pmkid',
             action='store_true',
             dest='use_pmkid_only',
-            help=Color.s('ONLY use PMKID capture on non-WEP networks ' +
+            help=Color.s('{O}Only{W} use {C}PMKID capture{W}, avoids other WPS & ' +
-                '(default: {G}off{W})'))
+                'WPA attacks (default: {G}off{W})'))
         # Alias
         wpa.add_argument('-pmkid', action='store_true', dest='use_pmkid_only',
             help=argparse.SUPPRESS)
@@ -345,6 +325,26 @@ class Arguments(object):
             help=Color.s('File containing passwords for cracking (default: {G}%s{W})')
                 % self.config.wordlist)
 
+        wpa.add_argument('--wpadt',
+            action='store',
+            dest='wpa_deauth_timeout',
+            metavar='[seconds]',
+            type=int,
+            help=self._verbose('Time to wait between sending Deauths ' +
+                '(default: {G}%d sec{W})' % self.config.wpa_deauth_timeout))
+        wpa.add_argument('-wpadt', help=argparse.SUPPRESS, action='store',
+                dest='wpa_deauth_timeout', type=int)
+
+        wpa.add_argument('--wpat',
+            action='store',
+            dest='wpa_attack_timeout',
+            metavar='[seconds]',
+            type=int,
+            help=self._verbose('Time to wait before failing WPA attack ' +
+                '(default: {G}%d sec{W})' % self.config.wpa_attack_timeout))
+        wpa.add_argument('-wpat', help=argparse.SUPPRESS, action='store',
+                dest='wpa_attack_timeout', type=int)
+
         # TODO: Uncomment the --strip option once it works
         '''
         wpa.add_argument('--strip',
@@ -361,39 +361,44 @@ class Arguments(object):
         wps.add_argument('--wps',
             action='store_true',
             dest='wps_filter',
-            help=Color.s('Filter to display only WPS-enabled networks'))
+            help=Color.s('Show only {C}WPS-enabled networks{W}'))
         wps.add_argument('-wps', help=argparse.SUPPRESS, action='store_true',
                 dest='wps_filter')
 
         wps.add_argument('--no-wps',
             action='store_true',
             dest='no_wps',
-            help=Color.s('{O}NEVER{W} use WPS {O}PIN{W} & {O}Pixie-Dust{W} attacks ' +
+            help=self._verbose('{O}Never{W} use {O}WPS PIN{W} & {O}Pixie-Dust{W}' +
-                'on targets (default: {G}off{W})'))
+                'attacks on targets (default: {G}off{W})'))
 
         wps.add_argument('--wps-only',
             action='store_true',
             dest='wps_only',
-            help=Color.s('{G}ONLY{W} use WPS {C}PIN{W} & {C}Pixie-Dust{W} ' +
+            help=Color.s('{O}Only{W} use {C}WPS PIN{W} & {C}Pixie-Dust{W} ' +
                 'attacks (default: {G}off{W})'))
 
         wps.add_argument('--pixie',    action='store_true', dest='wps_pixie',
-            help=self._verbose('{G}ONLY{W} use WPS {C}Pixie-Dust{W} attack ' +
+            help=self._verbose('{O}Only{W} use {C}WPS Pixie-Dust{W} attack ' +
                 '(do not use {O}PIN attack{W})'))
 
         wps.add_argument('--no-pixie', action='store_true', dest='wps_no_pixie',
-            help=self._verbose('{O}NEVER{W} use WPS {O}Pixie-Dust{W} attack ' +
+            help=self._verbose('{O}Never{W} use {O}WPS Pixie-Dust{W} attack ' +
                 '(use {G}PIN attack{W})'))
 
         wps.add_argument('--bully',
             action='store_true',
             dest='use_bully',
-            help=Color.s('Use {G}bully{W} for WPS PIN & Pixie-Dust attacks ' +
+            help=Color.s('Use {G}bully{W} program for WPS PIN & Pixie-Dust attacks ' +
                 '(default: {G}reaver{W})'))
         # Alias
         wps.add_argument('-bully', help=argparse.SUPPRESS, action='store_true',
                 dest='use_bully')
 
+        # Ignore lock-outs
+        wps.add_argument('--ignore-locks', action='store_true', dest='wps_ignore_lock',
+            help=Color.s('Do {O}not{W} stop WPS PIN attack if AP becomes {O}locked{W} ' +
+                ' (default: {G}stop{W})'))
+
         # Time limit on entire attack.
         wps.add_argument('--wps-time',
             action='store',
@@ -435,7 +440,7 @@ class Arguments(object):
         commands.add_argument('--cracked',
             action='store_true',
             dest='cracked',
-            help=Color.s('Display previously-cracked access points'))
+            help=Color.s('Print previously-cracked access points'))
         commands.add_argument('-cracked', help=argparse.SUPPRESS, action='store_true',
                 dest='cracked')
 
@@ -445,7 +450,8 @@ class Arguments(object):
             nargs='?',
             const='<all>',
             dest='check_handshake',
-            help=Color.s('Check a .cap file (or all hs/*.cap files) for WPA handshakes'))
+            help=Color.s('Check a {C}.cap file{W} (or all {C}hs/*.cap{W} files) ' +
+                'for WPA handshakes'))
         commands.add_argument('-check', help=argparse.SUPPRESS, action='store',
                 nargs='?', const='<all>', dest='check_handshake')
 

wifite/config.py

@@ -103,6 +103,7 @@ class Configuration(object):
         cls.use_bully   = False  # Use bully instead of reaver
         cls.wps_pixie   = True
         cls.wps_pin     = True
+        cls.wps_ignore_lock = False  # Skip WPS PIN attack if AP is locked.
         cls.wps_pixie_timeout = 300      # Seconds to wait for PIN before WPS Pixie attack fails
         cls.wps_fail_threshold = 100     # Max number of failures
         cls.wps_timeout_threshold = 100  # Max number of timeouts
@@ -360,6 +361,10 @@ class Configuration(object):
             Color.pl('{+} {C}option:{W} will stop WPS attack after ' +
                     '{O}%d timeouts{W}' % args.wps_timeout_threshold)
 
+        if args.wps_ignore_lock:
+            cls.wps_ignore_lock = True
+            Color.pl('{+} {C}option:{W} will {O}ignore{W} WPS lock-outs')
+
     @classmethod
     def parse_encryption(cls):
         '''Adjusts encryption filter (WEP and/or WPA and/or WPS)'''

wifite/tools/reaver.py

@@ -115,6 +115,10 @@ class Reaver(Attack, Dependency):
                 # Check if we cracked it
                 self.crack_result = self.parse_crack_result(stdout)
 
+                # Check if locked
+                if self.locked and not Configuration.wps_ignore_lock:
+                    raise Exception('{O}Because access point is {R}Locked{W}')
+
                 time.sleep(0.5)
 
             # Check if crack result is in output