--bully option to use bully (instead of reaver).

Previously used bully by-default. Removed Configurations named 'reaver' (instead of 'WPS attack') Should resolve #39
2018-02-28 02:03:21 -05:00
parent 21e340ab08
commit aaf7845177
5 changed files with 69 additions and 60 deletions
--- a/py/Arguments.py
+++ b/py/Arguments.py
@@ -86,7 +86,7 @@ class Arguments(object):
        wep.add_argument('--wep',
            action='store_true',
            dest='wep_filter',
-            help=Color.s('Filter to display WEP-encrypted networks (default: {G}off{W})'))
+            help=Color.s('Filter to display only WEP-encrypted networks (default: {G}off{W})'))
        wep.add_argument('-wep', help=argparse.SUPPRESS, action='store_true', dest='wep_filter')
        wep.add_argument('--require-fakeauth',
            action='store_true',
@@ -170,7 +170,7 @@ class Arguments(object):
        wpa.add_argument('--wpa',
            action='store_true',
            dest='wpa_filter',
-            help=Color.s('Filter to display WPA-encrypted networks (includes WPS)'))
+            help=Color.s('Filter to display only WPA-encrypted networks (includes WPS)'))
        wpa.add_argument('-wpa', help=argparse.SUPPRESS, action='store_true', dest='wpa_filter')
        wpa.add_argument('--wpadt',
            action='store',
@@ -219,20 +219,24 @@ class Arguments(object):
        wps.add_argument('--wps',
            action='store_true',
            dest='wps_filter',
-            help=Color.s('Filter to display WPS-enabled networks'))
+            help=Color.s('Filter to display only WPS-enabled networks'))
        wps.add_argument('-wps', help=argparse.SUPPRESS, action='store_true', dest='wps_filter')
-        wps.add_argument('--reaver',
+        wps.add_argument('--no-wps',
            action='store_true',
-            dest='reaver_only',
-            help=Color.s('ONLY use Reaver on WPS networks (default: {G}off{W})'))
-        wps.add_argument('--no-reaver',
+            dest='no_wps',
+            help=Color.s('{O}NEVER{W} use WPS attacks (Pixie-Dust, PIN) (default: {G}off{W})'))
+        wps.add_argument('--wps-only',
            action='store_true',
-            dest='no_reaver',
-            help=Color.s('Do NOT use Reaver on WPS networks (default: {G}off{W})'))
+            dest='wps_only',
+            help=Color.s('Only perform WPS attacks on WPA networks (default: {G}off{W})'))
+        wps.add_argument('--bully',
+            action='store_true',
+            dest='use_bully',
+            help=Color.s('Use {C}bully{W} instead of {C}reaver{W} for WPS attacks (default: {G}reaver{W})'))
        wps.add_argument('--pixie',
            action='store_true',
            dest='pixie_only',
-            help=Color.s('Only use the WPS Pixie-Dust attack (default: {G}off{W})'))
+            help=Color.s('Only use the WPS Pixie-Dust attack (no PIN) (default: {G}off{W})'))
        wps.add_argument('--pixiet',
            action='store',
            dest='wps_pixie_timeout',
@@ -268,7 +272,7 @@ class Arguments(object):
            dest='wps_fail_threshold',
            metavar='[fails]',
            type=int,
-            help=Color.s('Maximum number of Reaver Failures before failing attack (default: {G}%d{W})')
+            help=Color.s('Maximum number of WPS Failures before failing attack (default: {G}%d{W})')
                % Configuration.wps_fail_threshold)
        wps.add_argument('-wpsmf', help=argparse.SUPPRESS, action='store', dest='wps_fail_threshold', type=int)
        wps.add_argument('--wpsmt',
--- a/py/AttackWPS.py
+++ b/py/AttackWPS.py
@@ -8,6 +8,7 @@ from Configuration import Configuration
 from CrackResultWPS import CrackResultWPS
 from Process import Process
 from Bully import Bully
+from Reaver import Reaver

 class AttackWPS(Attack):
    def __init__(self, target):
@@ -18,21 +19,45 @@ class AttackWPS(Attack):
    def run(self):
        ''' Run all WPS-related attacks '''

-        # Drop out if user specified to not use Reaver
-        if Configuration.no_reaver:
+        # Drop out if user specified to not use Reaver/Bully
+        if Configuration.no_wps:
            self.success = False
            return self.success

-        # Run Pixie-Dust attack
-        bully = Bully(self.target, pixie=True)
-        if bully.crack_result is not None:
-            # Pixie-Dust attack succeeded. We're done.
-            self.crack_result = bully.crack_result
-        elif Configuration.pixie_only:
-            Color.pl('\r{!} {O}--pixie{R} set, ignoring WPS-PIN attack{W}')
+        ###################
+        # Pixie-Dust attack
+        if Configuration.use_bully:
+            # Bully: Pixie-dust
+            bully = Bully(self.target, pixie=True)
+            if bully.crack_result is not None:
+                self.crack_result = bully.crack_result
+                return True
        else:
-            # Run WPS-PIN attack
-            bully = Bully(self.target, pixie=False)
-            self.crack_result = bully.crack_result
-        return self.crack_result is not None
+            reaver = Reaver(self.target)
+            if reaver.is_pixiedust_supported():
+                # Reaver: Pixie-dust
+                reaver = Reaver(self.target)
+                if reaver.run_pixiedust_attack():
+                    return True
+            else:
+                Color.pl("{!} {R}your version of 'reaver' does not support the {O}WPS pixie-dust attack{W}")

+        if Configuration.pixie_only:
+            Color.pl('\r{!} {O}--pixie{R} set, ignoring WPS-PIN attack{W}')
+            return False
+
+        ###################
+        # PIN attack
+        if Configuration.use_bully:
+            # Bully: PIN guessing
+            bully = Bully(self.target, pixie=False)
+            if bully.crack_result is not None:
+                self.crack_result = bully.crack_result
+                return True
+        else:
+            # Reaver: PIN guessing
+            reaver = Reaver(self.target)
+            if reaver.run_wps_pin_attack():
+                return True
+
+        return False
--- a/py/Bully.py
+++ b/py/Bully.py
@@ -11,6 +11,8 @@ from Configuration import Configuration
 import os, time, re
 from threading import Thread

+# TODO: Support Pixie/PIN settings in Configuration
+
 class Bully(Attack):
    def __init__(self, target, pixie=False):
        super(Bully, self).__init__(target)
--- a/py/Configuration.py
+++ b/py/Configuration.py
@@ -78,11 +78,12 @@ class Configuration(object):

        # WPS variables
        Configuration.wps_filter  = False  # Only attack WPS networks
-        Configuration.no_reaver   = False  # Do not use Reaver on WPS networks
-        Configuration.reaver      = False  # ONLY use Reaver on WPS networks
+        Configuration.no_wps      = False  # Do not use WPS attacks (Pixie-Dust & PIN attacks)
+        Configuration.wps_only    = False  # ONLY use WPS attacks on non-WEP networks
+        Configuration.use_bully   = False  # Use bully instead of reaver
        Configuration.pixie_only  = False  # ONLY use Pixie-Dust attack on WPS
-        Configuration.wps_pin_timeout = 600        # Seconds to wait for PIN before reaver fails
-        Configuration.wps_pixie_timeout = 300      # Seconds to wait for PIN before pixie fails
+        Configuration.wps_pin_timeout = 600        # Seconds to wait for PIN before WPS PIN attack fails
+        Configuration.wps_pixie_timeout = 300      # Seconds to wait for PIN before WPS Pixie attack fails
        Configuration.wps_pixie_step_timeout = 30  # Seconds to wait for a step to change before pixie fails
        Configuration.wps_max_retries = 20 # Retries before failing
        Configuration.wps_fail_threshold = 30  # Max number of failures
@@ -197,12 +198,15 @@ class Configuration(object):
        # WPS
        if args.wps_filter:
            Configuration.wps_filter  = args.wps_filter
-        if args.reaver_only:
-            Configuration.reaver_only = args.reaver_only
-            Color.pl('{+} {C}option:{W} will *only* use {G}reaver{W} to attack WPA targets')
-        if args.no_reaver:
-            Configuration.no_reaver   = args.no_reaver
-            Color.pl('{+} {C}option:{W} will *never* use {G}reaver{W} to attack WPA targets')
+        if args.wps_only:
+            Configuration.wps_only    = args.wps_only
+            Color.pl('{+} {C}option:{W} will *only* attack non-WEP networks with {G}WPS attacks{W} (no handshake capture)')
+        if args.no_wps:
+            Configuration.no_wps   = args.no_wps
+            Color.pl('{+} {C}option:{W} will {O}never{W} use {C}WPS attacks{W} (Pixie-Dust/PIN) on targets')
+        if args.use_bully:
+            Configuration.use_bully   = args.use_bully
+            Color.pl('{+} {C}option:{W} use {C}bully{W} instead of {C}reaver{W} for WPS Attacks')
        if args.pixie_only:
            Configuration.pixie_only  = args.pixie_only
            Color.pl('{+} {C}option:{W} will only use {G}WPS pixie-dust attack{W} on WPS targets')
--- a/py/Reaver.py
+++ b/py/Reaver.py
@@ -16,32 +16,6 @@ class Reaver(Attack):
        self.success = False
        self.crack_result = None

-    def run(self):
-        ''' Run all WPS-related attacks '''
-
-        # Drop out if user specified to not use Reaver
-        if Configuration.no_reaver:
-            self.success = False
-            return self.success
-
-        # Run Pixie-Dust attack
-        if self.is_pixiedust_supported():
-            if self.run_pixiedust_attack():
-                # Pixie-Dust attack succeeded. We're done.
-                self.success = True
-                return self.success
-        else:
-            Color.pl("{!} {R}your version of 'reaver' does not support the {O}WPS pixie-dust attack{W}")
-
-        if Configuration.pixie_only:
-            Color.pl('\r{!} {O}--pixie{R} set, ignoring WPS-PIN attack{W}')
-            self.success = False
-        else:
-            # Run WPS-PIN attack
-            self.success = self.run_wps_pin_attack()
-        return self.success
-
-
    def is_pixiedust_supported(self):
        ''' Checks if 'reaver' supports WPS Pixie-Dust attack '''
        output = Process(['reaver', '-h']).stderr()