Fix deauth, Pixie step timeout, better handshake options.

Deauth now deauths clients (whoops).
Checks all handshakes if no filename is given to --check-hs
Times out a --pixie attack if the step does not change in 30 seconds.

Wifite.py

@@ -63,12 +63,24 @@ class Wifite(object):
 
     def check_handshake(self, capfile):
         ''' Analyzes .cap file for handshake '''
+        if capfile == '<all>':
+            Color.pl('{+} checking all handshakes in {G}"./hs"{W} directory\n')
+            try:
+                capfiles = [os.path.join('hs', x) for x in os.listdir('hs') if x.endswith('.cap')]
+            except OSError, e:
+                capfiles = []
+            if len(capfiles) == 0:
+                Color.pl('{!} {R}no .cap files found in {O}"./hs"{W}\n')
+        else:
+            capfiles = [capfile]
+        for capfile in capfiles:
             Color.pl('{+} checking for handshake in .cap file {C}%s{W}' % capfile)
             if not os.path.exists(capfile):
                 Color.pl('{!} {O}.cap file {C}%s{O} not found{W}' % capfile)
                 return
             hs = Handshake(capfile, bssid=Configuration.target_bssid, essid=Configuration.target_essid)
             hs.analyze()
+            Color.pl('')
 
 
     def run(self):

py/Airmon.py

@@ -246,7 +246,7 @@ class Airmon(object):
                 pid = match.groups()[0]
                 pname = match.groups()[1]
                 Color.pl('{!} {R}terminating {O}conflicting process' +
-                         ' {R}%s{O} ({R}%s{O})' % (pname, pid))
+                         ' {R}%s{O} (PID {R}%s{O})' % (pname, pid))
                 os.kill(int(pid), signal.SIGTERM)
 
 

py/Arguments.py

@@ -182,6 +182,13 @@ class Arguments(object):
             type=int,
             help=Color.s('Time to wait before stopping PixieDust (default: {G}%d sec{W})')
                 % Configuration.wps_pixie_timeout)
+        wps.add_argument('--pixiest',
+            action='store',
+            dest='wps_pixie_step_timeout',
+            metavar='[seconds]',
+            type=int,
+            help=Color.s('Time to wait for a step to change before stopping PixieDust (default: {G}%d sec{W})')
+                % Configuration.wps_pixie_step_timeout)
         wps.add_argument('-wpst',
             action='store',
             dest='wps_pin_timeout',
@@ -223,20 +230,22 @@ class Arguments(object):
             help=Color.s('Display previously-cracked access points'))
         commands.add_argument('--check-hs',
             action='store',
-            metavar='[file]',
+            metavar='file',
+            nargs='?',
+            const='<all>',
             dest='check_handshake',
-            help=Color.s('Check a .cap file for WPA handshakes'))
+            help=Color.s('Check a .cap file (or all hs/*.cap files) for WPA handshakes'))
         commands.add_argument('--crack-wpa',
             action='store',
             type=str,
             dest='crack_wpa',
-            metavar='[file]',
+            metavar='file',
             help=Color.s('Crack a .cap file containing a WPA handshake'))
         commands.add_argument('--crack-wep',
             action='store',
             type=str,
             dest='crack_wep',
-            metavar='[file]',
+            metavar='file',
             help=Color.s('Crack a .cap file containing WEP IVS'))
         commands.add_argument('--update',
             action='store_true',

py/AttackWPA.py

@@ -217,13 +217,14 @@ class AttackWPA(Attack):
             target_name = 'broadcast'
         command = [
             'aireplay-ng',
-            '--ignore-negative-one',
             '-0', # Deauthentication
+            '1', # Number of deauths to perform.
             '-a', self.target.bssid
         ]
+        command.append('--ignore-negative-one')
         if station_bssid:
             # Deauthing a specific client
-            command.extend(['-h', station_bssid])
+            command.extend(['-c', station_bssid])
         command.append(Configuration.interface)
         Color.p(' {C}sending deauth{W} to {C}%s{W}' % target_name)
         return Process(command)

py/AttackWPS.py

@@ -71,6 +71,7 @@ class AttackWPS(Attack):
 
         pin = None
         step = '0) initializing'
+        time_since_last_step = 0
 
         while True:
             time.sleep(1)
@@ -106,6 +107,7 @@ class AttackWPS(Attack):
                     Color.pl('{R}failed: {O}WPS pin not found{W}')
                     return False
 
+            last_step = step
             # Status updates, depending on last line of stdout
             if 'Waiting for beacon from' in stdout_last_line:
                 step = '({C}step 1/8{W}) waiting for beacon'
@@ -133,9 +135,19 @@ class AttackWPS(Attack):
                 Color.pl('{R}failed: {O}WPS pin not found{W}')
                 break
 
+            if step != last_step:
+                # Step changed, reset step timer
+                time_since_last_step = 0
+            else:
+                time_since_last_step += 1
+
+            if time_since_last_step > Configuration.wps_pixie_step_timeout:
+                Color.pl('{R}failed: {O}step-timeout after %d seconds{W}' % Configuration.wps_pixie_step_timeout)
+                break
+
             # TODO: Timeout check
             if reaver.running_time() > Configuration.wps_pixie_timeout:
-                Color.pl('{R}failed: {O}timeout after %d seconds{W}' % Configuration.wps_timeout)
+                Color.pl('{R}failed: {O}timeout after %d seconds{W}' % Configuration.wps_pixie_timeout)
                 break
 
             # Reaver Failure/Timeout check

py/Configuration.py

@@ -70,8 +70,9 @@ class Configuration(object):
         Configuration.no_reaver   = False  # Do not use Reaver on WPS networks
         Configuration.reaver      = False  # ONLY use Reaver on WPS networks
         Configuration.pixie_only  = False  # ONLY use Pixie-Dust attack on WPS
-        Configuration.wps_pin_timeout = 600   # Seconds to wait before reaver fails
+        Configuration.wps_pin_timeout = 600        # Seconds to wait for PIN before reaver fails
-        Configuration.wps_pixie_timeout = 600 # Seconds to wait before pixie fails
+        Configuration.wps_pixie_timeout = 300      # Seconds to wait for PIN before pixie fails
+        Configuration.wps_pixie_step_timeout = 30  # Seconds to wait for a step to change before pixie fails
         Configuration.wps_max_retries = 20 # Retries before failing
         Configuration.wps_fail_threshold = 30  # Max number of failures
         Configuration.wps_timeout_threshold = 30  # Max number of timeouts
@@ -181,6 +182,9 @@ class Configuration(object):
         if args.wps_pixie_timeout:
             Configuration.wps_pixie_timeout = args.wps_pixie_timeout
             Color.pl('{+} {C}option:{W} WPS pixie-dust attack will timeout after {G}%d seconds{W}' % args.wps_pixie_timeout)
+        if args.wps_pixie_step_timeout:
+            Configuration.wps_pixie_step_timeout = args.wps_pixie_step_timeout
+            Color.pl('{+} {C}option:{W} Any step in the pixie-dust attack will timeout after {G}%d seconds{W}' % args.wps_pixie_step_timeout)
         if args.wps_pin_timeout:
             Configuration.wps_pin_timeout = args.wps_pin_timeout
             Color.pl('{+} {C}option:{W} WPS PIN attack will timeout after {G}%d seconds{W}' % args.wps_pin_timeout)

py/Handshake.py

@@ -29,8 +29,6 @@ class Handshake(object):
 
         if not self.essid and not self.bssid:
             # We do not know the bssid nor the essid
-            Color.pl('{!} {O}Warning{W}:' +
-                ' {R}bssid{O} and {R}essid{O} were not specified{W}')
             # TODO: Display menu for user to select from list
             # HACK: Just use the first one we see
             self.bssid = pairs[0][0]