From b9c90b3d48dbca1075a7ddc19ff2d1fc9f907ab0 Mon Sep 17 00:00:00 2001
From: derv82 <derv82@gmail.com>
Date: Sun, 11 Jun 2017 17:36:41 -0400
Subject: [PATCH] Custom number of deauths.

Also fixed bug with Airodump's ESSID decloaking: now specifies target access point.

Should resolve #31
---
 py/Aireplay.py      | 3 ++-
 py/Airodump.py      | 4 ++--
 py/Arguments.py     | 7 +++++++
 py/AttackWEP.py     | 6 +++---
 py/AttackWPA.py     | 2 +-
 py/Configuration.py | 6 +++++-
 6 files changed, 20 insertions(+), 8 deletions(-)

diff --git a/py/Aireplay.py b/py/Aireplay.py
index 71a43d2..7965212 100644
--- a/py/Aireplay.py
+++ b/py/Aireplay.py
@@ -322,7 +322,8 @@ class Aireplay(Thread):
             return None
 
     @staticmethod
-    def deauth(target_bssid, essid=None, client_mac=None, num_deauths=1, timeout=2):
+    def deauth(target_bssid, essid=None, client_mac=None, num_deauths=None, timeout=2):
+        num_deauths = num_deauths or Configuration.num_deauths
         deauth_cmd = [
             "aireplay-ng",
             "-0", # Deauthentication
diff --git a/py/Airodump.py b/py/Airodump.py
index b947c1d..147bfef 100644
--- a/py/Airodump.py
+++ b/py/Airodump.py
@@ -269,7 +269,7 @@ class Airodump(object):
         deauth_cmd = [
             'aireplay-ng',
             '-0', # Deauthentication
-            '1', # Number of deauths to perform.
+            str(Configuration.num_deauths), # Number of deauth packets to send
             '--ignore-negative-one'
         ]
         for target in self.targets:
@@ -290,7 +290,7 @@ class Airodump(object):
             Process(deauth_cmd + ['-a', target.bssid, iface])
             # Deauth clients
             for client in target.clients:
-                Process(deauth_cmd + ['-c', client.bssid, iface])
+                Process(deauth_cmd + ['-a', target.bssid, '-c', client.bssid, iface])
 
 if __name__ == '__main__':
     ''' Example usage. wlan0mon should be in Monitor Mode '''
diff --git a/py/Arguments.py b/py/Arguments.py
index 51f6b1f..609d0fe 100644
--- a/py/Arguments.py
+++ b/py/Arguments.py
@@ -64,6 +64,13 @@ class Arguments(object):
             action='store_true',
             dest='no_deauth',
             help=Color.s('Do not deauthenticate clients *EVER* (default: {G}off{W})'))
+        glob.add_argument('--num-deauths',
+            action='store',
+            type=int,
+            dest='num_deauths',
+            metavar="[num]",
+            default=None,
+            help=Color.s('Number of deauth packets to send (default: {G}%d{W})' % Configuration.num_deauths))
 
         # WEP
         wep = parser.add_argument_group('WEP-RELATED')
diff --git a/py/AttackWEP.py b/py/AttackWEP.py
index 05b2382..c3bc48f 100644
--- a/py/AttackWEP.py
+++ b/py/AttackWEP.py
@@ -264,7 +264,7 @@ class AttackWEP(Attack):
 
         if answer == 1:
             # Deauth clients & retry
-            num_deauths = 1
+            deauth_count = 1
             Color.clear_entire_line()
             Color.p("\r{+} {O}Deauthenticating *broadcast*{W} (all clients)...")
             Aireplay.deauth(target.bssid, essid=target.essid)
@@ -272,9 +272,9 @@ class AttackWEP(Attack):
                 Color.clear_entire_line()
                 Color.p("\r{+} {O}Deauthenticating client {C}%s{W}..." % client.station)
                 Aireplay.deauth(target.bssid, client_mac=client.station, essid=target.essid)
-                num_deauths += 1
+                deauth_count += 1
             Color.clear_entire_line()
-            Color.pl("\r{+} Sent {C}%d {O}deauths{W}" % num_deauths)
+            Color.pl("\r{+} Sent {C}%d {O}deauths{W}" % deauth_count)
             # Re-insert current attack to top of list of attacks remaining
             attacks_remaining.insert(0, current_attack)
             return False # Don't stop
diff --git a/py/AttackWPA.py b/py/AttackWPA.py
index 771593a..fbbae6f 100644
--- a/py/AttackWPA.py
+++ b/py/AttackWPA.py
@@ -250,7 +250,7 @@ class AttackWPA(Attack):
                     target,
                     "Handshake capture",
                     "Deauthing {O}%s{W}" % target_name)
-            Aireplay.deauth(target.bssid, client_mac=client, num_deauths=1, timeout=2)
+            Aireplay.deauth(target.bssid, client_mac=client, timeout=2)
 
 if __name__ == '__main__':
     from Target import Target
diff --git a/py/Configuration.py b/py/Configuration.py
index f64671d..2f47abc 100644
--- a/py/Configuration.py
+++ b/py/Configuration.py
@@ -35,8 +35,9 @@ class Configuration(object):
         Configuration.target_bssid = None # User-defined AP BSSID
         Configuration.five_ghz = False # Scan 5Ghz channels
         Configuration.pillage = False # "All" mode to attack everything
-        Configuration.random_mac = False
+        Configuration.random_mac = False # Should generate a random Mac address at startup.
         Configuration.no_deauth = False # Deauth hidden networks & WPA handshake targets
+        Configuration.num_deauths = 1 # Number of deauth packets to send to each target.
 
         Configuration.encryption_filter = ['WEP', 'WPA', 'WPS']
 
@@ -131,6 +132,9 @@ class Configuration(object):
         if args.no_deauth == True:
             Configuration.no_deauth = True
             Color.pl('{+} {C}option:{W} will {R}not{W} {O}deauth{W} clients during scans or captures')
+        if args.num_deauths and args.num_deauths > 0:
+            Configuration.num_deauths = args.num_deauths
+            Color.pl('{+} {C}option:{W} will send {G}%d{W} deauth packets when deauthing' % Configuration.num_deauths)
         if args.target_essid:
             Configuration.target_essid = args.target_essid
             Color.pl('{+} {C}option:{W} targeting ESSID {G}%s{W}' % args.target_essid)