diff --git a/README.md b/README.md index 153796f..6961f23 100644 --- a/README.md +++ b/README.md @@ -1,18 +1,70 @@ -Wifite 2 -======== +Wifite +====== -A complete re-write of [`wifite`](https://github.com/derv82/wifite), a Python script for auditing wireless networks. +This repo is a complete re-write of [`wifite`](https://github.com/derv82/wifite), a Python script for auditing wireless networks. Wifite runs existing wireless-auditing tools for you. Stop memorizing command arguments & switches! -This version is compatible with both `python2` and `python3`. +Wifite is compatible with both `python2` and `python3`. -Installation ------------- +Wifite is designed to use all known methods for retrieving the password of a wireless access point (router). These methods include: +1. WPS: The [WPS Pixie-Dust attack](https://nakedsecurity.sophos.com/2014/09/02/using-wps-may-be-even-more-dangerous/) +2. WPA: The [WPA Handshake Capture](https://hashcat.net/forum/thread-7717.html) and offline crack. +3. WPA: The [PMKID Hash Capture](https://hashcat.net/forum/thread-7717.html) and offline crack. +4. WEP: Various known attacks against WEP, including *fragmentation*, *chop-chop*, *aireplay*, etc. -From the root directory of this package: +Run wifite, select your targets, and Wifite will automatically start trying to capture or crack the password. -Run *wifite* using: `python -m wifite` +Supported Operating Systems +--------------------------- + +Wifite is designed specifically for the latest version of [**Kali** Linux](https://www.kali.org/). [ParrotSec](https://www.parrotsec.org/) is also supported. + +Other pen-testing distributions (such as BackBox) have outdated versions of the tools used by Wifite. Do not expect support unless you are using the latest versions of the *Required Tools*. + +Required Tools +-------------- + +First and foremost, you will need a wireless card capable of "Monitor Mode" and packet injection (see [this tutorial for checking if your wireless card is compatible](http://www.aircrack-ng.org/doku.php?id=compatible_cards)). There are many cheap wireless cards that plug into USB available from online stores. + +Second, only the latest versions of these programs are supported and must be installed for Wifite to work properly: + +**Required:** + +* [`iwconfig`](https://wiki.debian.org/iwconfig): For identifying wireless devices already in Monitor Mode. +* [`ifconfig`](https://en.wikipedia.org/wiki/Ifconfig): For starting/stopping wireless devices. +* [`Aircrack-ng`](http://aircrack-ng.org/) suite, includes: + * [`airmon-ng`](https://tools.kali.org/wireless-attacks/airmon-ng): For enumerating and enabling Monitor Mode on wireless devices. + * [`aircrack-ng`](https://tools.kali.org/wireless-attacks/aircrack-ng): For cracking WEP .cap files and WPA handshake captures. + * [`aireplay-ng`](https://tools.kali.org/wireless-attacks/aireplay-ng): For deauthing access points, replaying capture files, various WEP attacks. + * [`airodump-ng`](https://tools.kali.org/wireless-attacks/airodump-ng): For target scanning & capture file generation. + * [`packetforge-ng`](https://tools.kali.org/wireless-attacks/packetforge-ng): For forging capture files. + +**Optional, but Recommended:** + +* [`tshark`](https://www.wireshark.org/docs/man-pages/tshark.html): For detecting WPS networks and inspecting handshake capture files. +* [`reaver`](https://github.com/t6x/reaver-wps-fork-t6x): For WPS Pixie-Dust attacks. + * Note: Reaver's `wash` tool can be used to detect WPS networks if `tshark` is not found. +* [`bully`](https://github.com/aanarchyy/bully): For WPS Pixie-Dust attacks. + * Alternative to Reaver. Specify `--bully` to use Bully instead of Reaver. + * Bully is also used to fetch PSK if `reaver` cannot after cracking WPS PIN. +* [`coWPAtty`](https://tools.kali.org/wireless-attacks/cowpatty): For detecting handshake captures. +* [`pyrit`](https://github.com/JPaulMora/Pyrit): For detecting handshake captures. +* [`hashcat`](https://hashcat.net/): For cracking PMKID hashes. + * [`hcxdumptool`](https://github.com/ZerBea/hcxdumptool): For capturing PMKID hashes. + * [`hcxpcaptool`](https://github.com/ZerBea/hcxtools): For converting PMKID packet captures into `hashcat`'s format. + +Run Wifite +---------- + +``` +git clone https://github.com/derv82/wifite2.git +cd wifite2 +python -m wifite +``` + +Install Wifite +-------------- To install onto your computer (so you can just run `wifite` from any terminal), run: @@ -20,18 +72,37 @@ To install onto your computer (so you can just run `wifite` from any terminal), sudo python setup.py install ``` ----- +This will install `wifite` to `/usr/sbin/wifite` which should be in your terminal path. -Note: Uninstalling is [not as easy](https://stackoverflow.com/questions/1550226/python-setup-py-uninstall#1550235). The only way to uninstall is to record the files installed by the above command and *remove* those files: +**Note:** Uninstalling is [not as easy](https://stackoverflow.com/questions/1550226/python-setup-py-uninstall#1550235). The only way to uninstall is to record the files installed by the above command and *remove* those files: ```bash -sudo python setup.py install --record files.txt -cat files.txt | xargs sudo rm -f -sudo rm -f files.txt +sudo python setup.py install --record files.txt \ + && cat files.txt | xargs sudo rm \ + && rm -f files.txt ``` -What's new in Wifite2? ----------------------- +Brief Feature List +------------------ + +* [PMKID hash capture](https://hashcat.net/forum/thread-7717.html) (enabled by-default, force with: `--pmkid`) +* Reaver (or `-bully`) WPS Pixie-Dust attack (enabled by-default, force with: `--wps-only`) +* WPA handshake capture (enabled by-default, force with: `--no-wps`) +* Validates handshakes against `pyrit`, `tshark`, `cowpatty`, and `aircrack-ng` (when available) +* Various WEP attacks (replay, chopchop, fragment, hirte, p0841, caffe-latte) +* Automatically decloaks hidden access points while scanning or attacking. + * Note: Only works when channel is fixed. Use the `-c ` switch. + * Disable this via `--no-deauths` switch +* 5Ghz support for some wireless cards (via `-5` switch). + * Note: Some tools don't play well on 5GHz channels (e.g. `aireplay-ng`) +* Stores cracked passwords and handshakes to the current directory (`--cracked`) + * Includes metadata about the access point. +* Easy to try to crack handshakes or PMKID hashes against a wordlist (`--crack`) + +What's new? +----------- + +Comparing this repo to the "old wifite" @ https://github.com/derv82/wifite * **Less bugs** * Cleaner process management. Does not leave processes running in the background (the old `wifite` was bad about this). @@ -44,17 +115,18 @@ What's new in Wifite2? * **Educational** * The `--verbose` option (expandable to `-vv` or `-vvv`) shows which commands are executed & the output of those commands. * This can help debug why Wifite is not working for you. Or so you can learn how these tools are used. -* Actively developed (as of March 2018). +* More-actively developed. * Python 3 support. * Sweet new ASCII banner. -What's gone in Wifite2? ------------------------ +What's gone? +------------ * No more WPS PIN attack, because it can take days on-average. - * However, the Pixie-Dust attack is still an option. + * However, this feature may be added back into Wiite2 (See [#90](https://github.com/derv82/wifite2/issues/90)) + * And the Pixie-Dust attack is still an option. * Some command-line arguments (`--wept`, `--wpst`, and other confusing switches). - * You can still access some of these, try `./Wifite.py -h -v` + * You can still access some of these obscure options, try `wifite -h -v` What's not new? --------------- @@ -62,65 +134,6 @@ What's not new? * (Mostly) Backwards compatible with the original `wifite`'s arguments. * Same text-based interface everyone knows and loves. -Brief Feature List ------------------- - -* Reaver (or `-bully`) Pixie-Dust attack (enabled by-default, force with: `--wps-only`) -* WPA handshake capture (enabled by-default, force with: `--no-wps`) -* Validates handshakes against `pyrit`, `tshark`, `cowpatty`, and `aircrack-ng` (when available) -* Various WEP attacks (replay, chopchop, fragment, hirte, p0841, caffe-latte) -* Automatically decloaks hidden access points while scanning or attacking. - * Note: Only works when channel is fixed. Use the `-c ` switch. - * Disable this via `--no-deauths` switch -* 5Ghz support for some wireless cards (via `-5` switch). - * Note: Some tools don't play well on 5GHz channels (e.g. `aireplay-ng`) -* Stores cracked passwords and handshakes to the current directory (`--cracked`) - * Includes metadata about the access point. -* Provides commands to crack captured WPA handshakes (`--crack`) - * Includes all commands needed to crack using `aircrack-ng`, `john`, `hashcat`, or `pyrit`. - -Linux Distribution Support --------------------------- - -Wifite2 is designed specifically for the latest version of **Kali**'s rolling release (tested on Kali 2017.2, updated Jan 2018). - -Other pen-testing distributions (such as BackBox) have outdated versions of the tools used by Wifite; these distributions are not supported. - -Required Tools --------------- - -Only the latest versions of these programs are supported: - -**Required:** - -* `iwconfig`: For identifying wireless devices already in Monitor Mode. -* `ifconfig`: For starting/stopping wireless devices. -* `Aircrack-ng` suite, includes: - * `aircrack-ng`: For cracking WEP .cap files and WPA handshake captures. - * `aireplay-ng`: For deauthing access points, replaying capture files, various WEP attacks. - * `airmon-ng`: For enumerating and enabling Monitor Mode on wireless devices. - * `airodump-ng`: For target scanning & capture file generation. - * `packetforge-ng`: For forging capture files. - -**Optional, but Recommended:** - -* `tshark`: For detecting WPS networks and inspecting handshake capture files. -* `reaver`: For WPS Pixie-Dust attacks. - * Note: Reaver's `wash` tool can be used to detect WPS networks if `tshark` is not found. -* `bully`: For WPS Pixie-Dust attacks. - * Alternative to Reaver. Specify `--bully` to use Bully instead of Reaver. - * Bully is also used to fetch PSK if `reaver` cannot after cracking WPS PIN. -* `cowpatty`: For detecting handshake captures. -* `pyrit`: For detecting handshake captures. - -Installing & Running --------------------- -``` -git clone https://github.com/derv82/wifite2.git -cd wifite2 -./Wifite.py -``` - Screenshots -----------