From aaf7845177c8d459a9145d256e2add482859dd46 Mon Sep 17 00:00:00 2001 From: derv82 Date: Wed, 28 Feb 2018 02:03:21 -0500 Subject: [PATCH] --bully option to use bully (instead of reaver). Previously used bully by-default. Removed Configurations named 'reaver' (instead of 'WPS attack') Should resolve #39 --- py/Arguments.py | 26 +++++++++++++---------- py/AttackWPS.py | 51 +++++++++++++++++++++++++++++++++------------ py/Bully.py | 2 ++ py/Configuration.py | 24 ++++++++++++--------- py/Reaver.py | 26 ----------------------- 5 files changed, 69 insertions(+), 60 deletions(-) diff --git a/py/Arguments.py b/py/Arguments.py index 6a5bb9e..4fa9c46 100644 --- a/py/Arguments.py +++ b/py/Arguments.py @@ -86,7 +86,7 @@ class Arguments(object): wep.add_argument('--wep', action='store_true', dest='wep_filter', - help=Color.s('Filter to display WEP-encrypted networks (default: {G}off{W})')) + help=Color.s('Filter to display only WEP-encrypted networks (default: {G}off{W})')) wep.add_argument('-wep', help=argparse.SUPPRESS, action='store_true', dest='wep_filter') wep.add_argument('--require-fakeauth', action='store_true', @@ -170,7 +170,7 @@ class Arguments(object): wpa.add_argument('--wpa', action='store_true', dest='wpa_filter', - help=Color.s('Filter to display WPA-encrypted networks (includes WPS)')) + help=Color.s('Filter to display only WPA-encrypted networks (includes WPS)')) wpa.add_argument('-wpa', help=argparse.SUPPRESS, action='store_true', dest='wpa_filter') wpa.add_argument('--wpadt', action='store', @@ -219,20 +219,24 @@ class Arguments(object): wps.add_argument('--wps', action='store_true', dest='wps_filter', - help=Color.s('Filter to display WPS-enabled networks')) + help=Color.s('Filter to display only WPS-enabled networks')) wps.add_argument('-wps', help=argparse.SUPPRESS, action='store_true', dest='wps_filter') - wps.add_argument('--reaver', + wps.add_argument('--no-wps', action='store_true', - dest='reaver_only', - help=Color.s('ONLY use Reaver on WPS networks (default: {G}off{W})')) - wps.add_argument('--no-reaver', + dest='no_wps', + help=Color.s('{O}NEVER{W} use WPS attacks (Pixie-Dust, PIN) (default: {G}off{W})')) + wps.add_argument('--wps-only', action='store_true', - dest='no_reaver', - help=Color.s('Do NOT use Reaver on WPS networks (default: {G}off{W})')) + dest='wps_only', + help=Color.s('Only perform WPS attacks on WPA networks (default: {G}off{W})')) + wps.add_argument('--bully', + action='store_true', + dest='use_bully', + help=Color.s('Use {C}bully{W} instead of {C}reaver{W} for WPS attacks (default: {G}reaver{W})')) wps.add_argument('--pixie', action='store_true', dest='pixie_only', - help=Color.s('Only use the WPS Pixie-Dust attack (default: {G}off{W})')) + help=Color.s('Only use the WPS Pixie-Dust attack (no PIN) (default: {G}off{W})')) wps.add_argument('--pixiet', action='store', dest='wps_pixie_timeout', @@ -268,7 +272,7 @@ class Arguments(object): dest='wps_fail_threshold', metavar='[fails]', type=int, - help=Color.s('Maximum number of Reaver Failures before failing attack (default: {G}%d{W})') + help=Color.s('Maximum number of WPS Failures before failing attack (default: {G}%d{W})') % Configuration.wps_fail_threshold) wps.add_argument('-wpsmf', help=argparse.SUPPRESS, action='store', dest='wps_fail_threshold', type=int) wps.add_argument('--wpsmt', diff --git a/py/AttackWPS.py b/py/AttackWPS.py index 99e2a23..7fa3102 100644 --- a/py/AttackWPS.py +++ b/py/AttackWPS.py @@ -8,6 +8,7 @@ from Configuration import Configuration from CrackResultWPS import CrackResultWPS from Process import Process from Bully import Bully +from Reaver import Reaver class AttackWPS(Attack): def __init__(self, target): @@ -18,21 +19,45 @@ class AttackWPS(Attack): def run(self): ''' Run all WPS-related attacks ''' - # Drop out if user specified to not use Reaver - if Configuration.no_reaver: + # Drop out if user specified to not use Reaver/Bully + if Configuration.no_wps: self.success = False return self.success - # Run Pixie-Dust attack - bully = Bully(self.target, pixie=True) - if bully.crack_result is not None: - # Pixie-Dust attack succeeded. We're done. - self.crack_result = bully.crack_result - elif Configuration.pixie_only: - Color.pl('\r{!} {O}--pixie{R} set, ignoring WPS-PIN attack{W}') + ################### + # Pixie-Dust attack + if Configuration.use_bully: + # Bully: Pixie-dust + bully = Bully(self.target, pixie=True) + if bully.crack_result is not None: + self.crack_result = bully.crack_result + return True else: - # Run WPS-PIN attack - bully = Bully(self.target, pixie=False) - self.crack_result = bully.crack_result - return self.crack_result is not None + reaver = Reaver(self.target) + if reaver.is_pixiedust_supported(): + # Reaver: Pixie-dust + reaver = Reaver(self.target) + if reaver.run_pixiedust_attack(): + return True + else: + Color.pl("{!} {R}your version of 'reaver' does not support the {O}WPS pixie-dust attack{W}") + if Configuration.pixie_only: + Color.pl('\r{!} {O}--pixie{R} set, ignoring WPS-PIN attack{W}') + return False + + ################### + # PIN attack + if Configuration.use_bully: + # Bully: PIN guessing + bully = Bully(self.target, pixie=False) + if bully.crack_result is not None: + self.crack_result = bully.crack_result + return True + else: + # Reaver: PIN guessing + reaver = Reaver(self.target) + if reaver.run_wps_pin_attack(): + return True + + return False diff --git a/py/Bully.py b/py/Bully.py index 8940174..2d97a87 100644 --- a/py/Bully.py +++ b/py/Bully.py @@ -11,6 +11,8 @@ from Configuration import Configuration import os, time, re from threading import Thread +# TODO: Support Pixie/PIN settings in Configuration + class Bully(Attack): def __init__(self, target, pixie=False): super(Bully, self).__init__(target) diff --git a/py/Configuration.py b/py/Configuration.py index 9b032a5..5a84344 100644 --- a/py/Configuration.py +++ b/py/Configuration.py @@ -78,11 +78,12 @@ class Configuration(object): # WPS variables Configuration.wps_filter = False # Only attack WPS networks - Configuration.no_reaver = False # Do not use Reaver on WPS networks - Configuration.reaver = False # ONLY use Reaver on WPS networks + Configuration.no_wps = False # Do not use WPS attacks (Pixie-Dust & PIN attacks) + Configuration.wps_only = False # ONLY use WPS attacks on non-WEP networks + Configuration.use_bully = False # Use bully instead of reaver Configuration.pixie_only = False # ONLY use Pixie-Dust attack on WPS - Configuration.wps_pin_timeout = 600 # Seconds to wait for PIN before reaver fails - Configuration.wps_pixie_timeout = 300 # Seconds to wait for PIN before pixie fails + Configuration.wps_pin_timeout = 600 # Seconds to wait for PIN before WPS PIN attack fails + Configuration.wps_pixie_timeout = 300 # Seconds to wait for PIN before WPS Pixie attack fails Configuration.wps_pixie_step_timeout = 30 # Seconds to wait for a step to change before pixie fails Configuration.wps_max_retries = 20 # Retries before failing Configuration.wps_fail_threshold = 30 # Max number of failures @@ -197,12 +198,15 @@ class Configuration(object): # WPS if args.wps_filter: Configuration.wps_filter = args.wps_filter - if args.reaver_only: - Configuration.reaver_only = args.reaver_only - Color.pl('{+} {C}option:{W} will *only* use {G}reaver{W} to attack WPA targets') - if args.no_reaver: - Configuration.no_reaver = args.no_reaver - Color.pl('{+} {C}option:{W} will *never* use {G}reaver{W} to attack WPA targets') + if args.wps_only: + Configuration.wps_only = args.wps_only + Color.pl('{+} {C}option:{W} will *only* attack non-WEP networks with {G}WPS attacks{W} (no handshake capture)') + if args.no_wps: + Configuration.no_wps = args.no_wps + Color.pl('{+} {C}option:{W} will {O}never{W} use {C}WPS attacks{W} (Pixie-Dust/PIN) on targets') + if args.use_bully: + Configuration.use_bully = args.use_bully + Color.pl('{+} {C}option:{W} use {C}bully{W} instead of {C}reaver{W} for WPS Attacks') if args.pixie_only: Configuration.pixie_only = args.pixie_only Color.pl('{+} {C}option:{W} will only use {G}WPS pixie-dust attack{W} on WPS targets') diff --git a/py/Reaver.py b/py/Reaver.py index 329647c..3b19f5f 100644 --- a/py/Reaver.py +++ b/py/Reaver.py @@ -16,32 +16,6 @@ class Reaver(Attack): self.success = False self.crack_result = None - def run(self): - ''' Run all WPS-related attacks ''' - - # Drop out if user specified to not use Reaver - if Configuration.no_reaver: - self.success = False - return self.success - - # Run Pixie-Dust attack - if self.is_pixiedust_supported(): - if self.run_pixiedust_attack(): - # Pixie-Dust attack succeeded. We're done. - self.success = True - return self.success - else: - Color.pl("{!} {R}your version of 'reaver' does not support the {O}WPS pixie-dust attack{W}") - - if Configuration.pixie_only: - Color.pl('\r{!} {O}--pixie{R} set, ignoring WPS-PIN attack{W}') - self.success = False - else: - # Run WPS-PIN attack - self.success = self.run_wps_pin_attack() - return self.success - - def is_pixiedust_supported(self): ''' Checks if 'reaver' supports WPS Pixie-Dust attack ''' output = Process(['reaver', '-h']).stderr()