diff --git a/py/Aireplay.py b/py/Aireplay.py index b955d4b..72def85 100644 --- a/py/Aireplay.py +++ b/py/Aireplay.py @@ -53,7 +53,7 @@ class WEPAttackType(object): class Aireplay(object): - def __init__(self, target, attack_type, client_mac=None, replay_file=None): + def __init__(self, target, attack_type, client_mac=None, replay_file=None, devnull=False): ''' Starts aireplay process. Args: @@ -77,7 +77,7 @@ class Aireplay(object): ''' self.pid = Process(cmd, - devnull=False, + devnull=devnull, cwd=Configuration.temp()) def is_running(self): @@ -85,7 +85,7 @@ class Aireplay(object): def stop(self): ''' Stops aireplay process ''' - if self.pid and self.pid.poll() != None: + if self.pid and self.pid.poll() == None: self.pid.interrupt() def get_output(self): diff --git a/py/Airodump.py b/py/Airodump.py index 277742f..aa9f44a 100644 --- a/py/Airodump.py +++ b/py/Airodump.py @@ -146,7 +146,7 @@ class Airodump(object): Wash.check_for_wps_and_update_targets(capfile, targets) # Filter targets based on encryption - targets = Airodump.filter_targets(targets) + targets = Airodump.filter_targets(targets, skip_wash=self.skip_wash) # Sort by power targets.sort(key=lambda x: x.power, reverse=True) @@ -224,19 +224,18 @@ class Airodump(object): return targets @staticmethod - def filter_targets(targets): + def filter_targets(targets, skip_wash=False): ''' Filters targets based on Configuration ''' result = [] # Filter based on Encryption for target in targets: - if 'WEP' in Configuration.encryption_filter and \ - 'WEP' in target.encryption: + if 'WEP' in Configuration.encryption_filter and 'WEP' in target.encryption: result.append(target) - elif 'WPA' in Configuration.encryption_filter and \ - 'WPA' in target.encryption: + elif 'WPA' in Configuration.encryption_filter and 'WPA' in target.encryption: result.append(target) - elif 'WPS' in Configuration.encryption_filter and \ - target.wps: + elif 'WPS' in Configuration.encryption_filter and target.wps: + result.append(target) + elif skip_wash: result.append(target) # Filter based on BSSID/ESSID @@ -259,7 +258,11 @@ class Airodump(object): targets (APs) that have unknown ESSIDs (hidden router names). ''' self.decloaking = False - # Only deauth if channel is fixed. + + # Do not deauth if requested + if Configuration.no_deauth: return + + # Do not deauth if channel is not fixed. if self.channel is None: return # Reusable deauth command diff --git a/py/Arguments.py b/py/Arguments.py index b47e715..51f6b1f 100644 --- a/py/Arguments.py +++ b/py/Arguments.py @@ -60,6 +60,10 @@ class Arguments(object): default=0, dest='verbose', help=Color.s('Verbose mode, prints more lines (default: {G}quiet{W})')) + glob.add_argument('--nodeauths', + action='store_true', + dest='no_deauth', + help=Color.s('Do not deauthenticate clients *EVER* (default: {G}off{W})')) # WEP wep = parser.add_argument_group('WEP-RELATED') diff --git a/py/AttackWEP.py b/py/AttackWEP.py index dcf301d..7ecfa4e 100644 --- a/py/AttackWEP.py +++ b/py/AttackWEP.py @@ -68,6 +68,7 @@ class AttackWEP(Attack): aireplay = Aireplay(self.target, \ wep_attack_type, \ client_mac=client_mac, \ + devnull=True, replay_file=replay_file) time_unchanged_ivs = time.time() # Timestamp when IVs last changed @@ -146,9 +147,8 @@ class AttackWEP(Attack): Color.pl('\n{!} {O}%s attack{R} did not generate' % attack_name + ' a .xor file{W}') # XXX: For debugging - Color.pl('\noutput:\n') - Color.pl(aireplay.get_output()) - Color.pl('') + Color.pl('{?} {O}Command: {R}%s{W}' % aireplay.cmd) + Color.pl('{?} {O}Output:\n{R}%s{W}' % aireplay.get_output()) break # If .xor exists, run packetforge-ng to create .cap @@ -172,8 +172,8 @@ class AttackWEP(Attack): break else: Color.pl('\n{!} {O}aireplay-ng exited unexpectedly{W}') - Color.pl('\naireplay.get_output():') - Color.pl(aireplay.get_output()) + Color.pl('{?} {O}Command: {R}%s{W}' % aireplay.cmd) + Color.pl('{?} {O}Output:\n%s{W}' % aireplay.get_output()) break # Continue to other attacks # Check if IVs stopped flowing (same for > N seconds) @@ -189,9 +189,12 @@ class AttackWEP(Attack): Color.pl('\n{!} restarting {C}aireplay{W} after' + ' {C}%d{W} seconds of no new IVs' % stale_seconds) + Color.pl("\naireplay output:\n%s" % aireplay.get_output()) aireplay = Aireplay(self.target, \ wep_attack_type, \ - client_mac=client_mac) + client_mac=client_mac, \ + devnull=True, + replay_file=replay_file) time_unchanged_ivs = time.time() previous_ivs = airodump_target.ivs diff --git a/py/AttackWPA.py b/py/AttackWPA.py index 20f3197..0eea437 100644 --- a/py/AttackWPA.py +++ b/py/AttackWPA.py @@ -34,6 +34,7 @@ class AttackWPA(Attack): # First, start Airodump process with Airodump(channel=self.target.channel, target_bssid=self.target.bssid, + skip_wash=True, output_file_prefix='wpa') as airodump: Color.clear_entire_line() @@ -216,7 +217,8 @@ class AttackWPA(Attack): station_bssid - Client BSSID to deauth Deauths 'broadcast' if no client is specified. ''' - # TODO: Print that we are deauthing and who we are deauthing! + if Configuration.no_deauth: return + target_name = station_bssid if target_name == None: target_name = 'broadcast' diff --git a/py/AttackWPS.py b/py/AttackWPS.py index dcc15f0..3cf1033 100644 --- a/py/AttackWPS.py +++ b/py/AttackWPS.py @@ -77,7 +77,7 @@ class AttackWPS(Attack): with Airodump(channel=self.target.channel, target_bssid=self.target.bssid, - skip_wash=False, + skip_wash=True, output_file_prefix='pixie') as airodump: Color.clear_line() @@ -214,7 +214,7 @@ class AttackWPS(Attack): with Airodump(channel=self.target.channel, target_bssid=self.target.bssid, - skip_wash=False, + skip_wash=True, output_file_prefix='wps') as airodump: Color.clear_line() diff --git a/py/Color.py b/py/Color.py index 2ea7b06..45a5511 100644 --- a/py/Color.py +++ b/py/Color.py @@ -21,7 +21,8 @@ class Color(object): # Helper string replacements replacements = { '{+}': ' {W}[{G}+{W}]', - '{!}': ' {O}[{R}!{O}]{W}' + '{!}': ' {O}[{R}!{O}]{W}', + '{?}': ' {W}[{C}?{W}]' } last_sameline_length = 0 diff --git a/py/Configuration.py b/py/Configuration.py index 81589c1..c6010d2 100644 --- a/py/Configuration.py +++ b/py/Configuration.py @@ -36,6 +36,7 @@ class Configuration(object): Configuration.five_ghz = False # Scan 5Ghz channels Configuration.pillage = False # "All" mode to attack everything Configuration.random_mac = False + Configuration.no_deauth = False # Deauth hidden networks & WPA handshake targets Configuration.encryption_filter = ['WEP', 'WPA', 'WPS'] @@ -127,6 +128,9 @@ class Configuration(object): if args.five_ghz == True: Configuration.five_ghz = True Color.pl('{+} {C}option:{W} including {G}5Ghz networks{W} in scans') + if args.no_deauth == True: + Configuration.no_deauth = True + Color.pl('{+} {C}option:{W} will {R}not{W} {O}deauth{W} clients during scans or captures') if args.target_essid: Configuration.target_essid = args.target_essid Color.pl('{+} {C}option:{W} targeting ESSID {G}%s{W}' % args.target_essid)