alexandre/wifite2
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Compare commits

base: alexandre:eviltwin
Branches Tags
alexandre:master alexandre:eviltwin alexandre:refactor
alexandre:2.2.5 alexandre:2.2.4 alexandre:2.2.3 alexandre:2.2.2 alexandre:2.2.1 alexandre:2.1.9 alexandre:2.1.8 alexandre:2.1.7 alexandre:2.1.6 alexandre:2.1.0
...
compare: alexandre:2.1.7
Branches Tags
alexandre:master alexandre:eviltwin alexandre:refactor
alexandre:2.2.5 alexandre:2.2.4 alexandre:2.2.3 alexandre:2.2.2 alexandre:2.2.1 alexandre:2.1.9 alexandre:2.1.8 alexandre:2.1.7 alexandre:2.1.6 alexandre:2.1.0

24 Commits
eviltwin ... 2.1.7

Author SHA1 Message Date
derv82
ba847442d5 Don't overwrite john files in --crack output. 
For pull request #117
 2018-08-16 01:23:35 -07:00
derv82
f76c339bb7 Avoiding needless mac_address lookup, empty interfaces, banner tweak. 
mac_address lookup & empty iface for #112.
Banner tweak for #92
 2018-08-16 01:23:35 -07:00
derv82
d7120bca50 2.1.7: Version bump for recent updates (PMKID, AttributeError fix). 2018-08-16 01:23:35 -07:00
derv82
e48f3bb035 Avoid AttributeErrors, support re-cracking PMKIDs 
Process.__del__() swallows AttributeErrors now (for #120).

And hashcat won't output the key if it's already been cracked (it's in the pot file).
So we run hashcat again, with the --show parameter. This does not try to crack again.
 2018-08-16 01:23:35 -07:00
derv82
fd3c955c48 Added Hashcat library, PMKID is persisted in ./hs/ and re-used 2018-08-16 01:23:35 -07:00
derv82
dd7e93666a Cleaning up PMKID attack. 2018-08-16 01:23:35 -07:00
derv82
936230dd50 Added PMKID attack. Simplified attack-loop. 2018-08-16 01:23:35 -07:00
derv82
0d44a6bc3d Fix bug in dependency failure. 2018-08-16 01:23:35 -07:00
derv82
305d6b9e3b Cleaning up wifite.py, added wordlist. 
Moved logic from main module into helper classes.
Wordlist from https://github.com/berzerk0/Probable-Wordlists/tree/master/Real-Passwords/WPA-Length
 2018-08-16 01:23:35 -07:00
derv82
c335391bca Only depend on 'aicrack' to avoid messages for entire air* suite. 2018-08-16 01:23:35 -07:00
derv
53577e6031 Merge pull request #118 from examin/patch-2 
Fixed grammar ReadMe.md
 2018-08-16 01:23:28 -07:00
derv
830d68d027 Merge pull request #106 from rhertzog/skip-tests 
Don't run handshake tests when the required tools are not available
 2018-08-16 01:22:34 -07:00
manish sharma
6cf1b81d3f Fixed grammar ReadMe.md 2018-07-06 05:17:16 +05:30
Raphaël Hertzog
ccc0e806ec Don't run handshake tests when the required tools are not available 2018-06-15 14:33:28 +02:00
derv82
f24ec55999 Silently ignore failure to kill conflicting processes. 
Resolves #97
 2018-06-09 22:48:10 -04:00
derv82
9d1db5966b Change shebang from /usr/bin/python to /usr/bin/env python 
Resolves #99
 2018-06-09 22:46:30 -04:00
derv
c085a7e7f0 Merge pull request #98 from cclauss/patch-1 
Old style exception won't work in Python 3
 2018-06-09 19:37:00 -07:00
derv
4061bb9618 Merge pull request #96 from ChunshengZhao/master 
[wpa.py] Fixed TypeError in python3
 2018-06-09 19:35:55 -07:00
derv
d7fcda0d8c Merge pull request #94 from EdwardBetts/spelling 
Correct spelling mistakes.
 2018-06-09 19:35:16 -07:00
derv82
1edba23c32 2.1.6: Support non-ASCII ESSIDs in scanner. Don't silently exit on crash. 
Resolves #88
Resolves #92
Might be related to #85
 2018-06-09 22:22:38 -04:00
cclauss
64189a0bec Old style exception won't work in Python 3 
Old style exceptions were removed in Python 3.
 2018-06-09 21:59:12 +02:00
ZhaoChunsheng
92917a4bbd [wpa.py] Fixed TypeError in python3 
"TypeError: cannot use a string pattern on a bytes-like object"
The exception only happens in python3, python2 is all right.
 2018-06-09 22:40:51 +08:00
Edward Betts
feb9dafa16 Correct spelling mistakes. 2018-06-08 20:32:50 +01:00
derv82
96e846aa82 Removing EvilTwin-related dependencies 
Resolves #89
 2018-05-27 20:27:37 -04:00
47 changed files with 5539 additions and 274 deletions
Expand all files Collapse all files

2
Dockerfile
View File

@@ -3,7 +3,7 @@ FROM python:2.7.14-jessie
ENV DEBIAN_FRONTEND noninteractive
ENV HASHCAT_VERSION hashcat-3.6.0
# Intall requirements
# Install requirements
RUN echo "deb-src http://deb.debian.org/debian jessie main" >> /etc/apt/sources.list
RUN apt-get update && apt-get upgrade -y
RUN apt-get install ca-certificates gcc openssl make kmod nano wget p7zip build-essential libsqlite3-dev libpcap0.8-dev libpcap-dev sqlite3 pkg-config libnl-genl-3-dev libssl-dev net-tools iw ethtool usbutils pciutils wireless-tools git curl wget unzip macchanger pyrit tshark -y

33
PMKID.md Normal file
View File

@@ -0,0 +1,33 @@
### PMKID Attack
See https://hashcat.net/forum/thread-7717.html
### Steps
1. Start `hcxdumptool` (daemon)
* `sudo hcxdumptool -i wlan1mon -o pmkid.pcapng -t 10 --enable_status=1`
* Should also use `-c <channel>`, `--filterlist` and `--filtermode` to target a specific client
* Could be a new attack type: `wifite.attack.pmkid`
2. Detect when PMKID is found.
* `hcxpcaptool -z pmkid.16800 pmkid.pcapng`
* Single-line in pmkid.16800 will have PMKID, MACAP, MACStation, ESSID (in hex).
3. Save `.16800` file (to `./hs/`? or `./pmkids/`?)
* New result type: `pmkid_result`
* Add entry to `cracked.txt`
4. Run crack attack using hashcat:
* `./hashcat64.bin --force -m 16800 -a0 -w2 path/to/pmkid.16800 path/to/wordlist.txt`
### Problems
* Requires latest hashcat to be installed. This might be in a different directory.
* Use can specify path to hashcat? Yeck...
* % hashcat -h | grep 16800
* 16800 | WPA-PMKID-PBKDF2
* If target can't be attacked... we need to detect this failure mode.
* Might need to scrape `hcxdumptool`'s output
* Look at `pmkids()` func in .bashrc
* hcxpcaptool -z OUTPUT.16800 INPUT.pcapng > /dev/null
* Check OUTPUT.16800 for the ESSID.
* Wireless adapter support is minimal, apparently.
* hcxdumptool also deauths networks and captures handshakes... maybe unnecessarily

4
README.md
View File

@@ -34,7 +34,7 @@ What's gone in Wifite2?
What's not new?
---------------
* (Mostly) Backwards compatibile with the original `wifite`'s arguments.
* (Mostly) Backwards compatible with the original `wifite`'s arguments.
* Same text-based interface everyone knows and loves.
Brief Feature List
@@ -71,7 +71,7 @@ Only the latest versions of these programs are supported:
* `iwconfig`: For identifying wireless devices already in Monitor Mode.
* `ifconfig`: For starting/stopping wireless devices.
* `Aircrack-ng` suite, includes:
* `aircrack-ng`: For cracking WEP .cap files and and WPA handshake captures.
* `aircrack-ng`: For cracking WEP .cap files and WPA handshake captures.
* `aireplay-ng`: For deauthing access points, replaying capture files, various WEP attacks.
* `airmon-ng`: For enumerating and enabling Monitor Mode on wireless devices.
* `airodump-ng`: For target scanning & capture file generation.

4
TODO.md
View File

@@ -11,7 +11,7 @@ When a dependency is not found, Wifite should walk the user through installing a
The dependency-installation walkthrough should provide or auto-execute the install commands (`git clone`, `wget | tar && ./config`, etc).
Since we have a Python script for every dependency (under `wifite/tools/` or `wifite/util/`), we use Python's multiple-inheritance to achive this.
Since we have a Python script for every dependency (under `wifite/tools/` or `wifite/util/`), we use Python's multiple-inheritance to achieve this.
Requirements:
@@ -243,7 +243,7 @@ Not "/py":
**AIRCRACK**
* Start aircrack-ng for WEP: Needs pcap file with IVS
* Start aircrack-ng for WPA: Needs pcap file containig Handshake
* Start aircrack-ng for WPA: Needs pcap file containing Handshake
* Check status of aircrack-ng (`percenage`, `keys-tried`)
* Return cracked key

2
Wifite.py
View File

@@ -1,4 +1,4 @@
#!/usr/bin/python
#!/usr/bin/env python
from wifite import wifite

2
tests/test_Airmon.py
View File

@@ -1,4 +1,4 @@
#!/usr/bin/python2.7
#!/usr/bin/env python
# -*- coding: utf-8 -*-
import sys

2
tests/test_Airodump.py
View File

@@ -1,4 +1,4 @@
#!/usr/bin/python2.7
#!/usr/bin/env python
# -*- coding: utf-8 -*-
import sys

9
tests/test_Handshake.py
View File

@@ -1,10 +1,11 @@
#!/usr/bin/python2.7
#!/usr/bin/env python
# -*- coding: utf-8 -*-
import sys
sys.path.insert(0, '..')
from wifite.model.handshake import Handshake
from wifite.util.process import Process
import unittest
@@ -23,25 +24,29 @@ class TestHandshake(unittest.TestCase):
hs = Handshake(hs_file, bssid='A4:2B:8C:16:6B:3A')
try:
hs.analyze()
except Exception, e:
except Exception:
fail()
@unittest.skipUnless(Process.exists('tshark'), 'tshark is missing')
def testHandshakeTshark(self):
hs_file = self.getFile('handshake_exists.cap')
hs = Handshake(hs_file, bssid='A4:2B:8C:16:6B:3A')
assert(len(hs.tshark_handshakes()) > 0)
@unittest.skipUnless(Process.exists('pyrit'), 'pyrit is missing')
def testHandshakePyrit(self):
hs_file = self.getFile('handshake_exists.cap')
hs = Handshake(hs_file, bssid='A4:2B:8C:16:6B:3A')
assert(len(hs.pyrit_handshakes()) > 0)
@unittest.skipUnless(Process.exists('cowpatty'), 'cowpatty is missing')
def testHandshakeCowpatty(self):
hs_file = self.getFile('handshake_exists.cap')
hs = Handshake(hs_file, bssid='A4:2B:8C:16:6B:3A')
hs.divine_bssid_and_essid()
assert(len(hs.cowpatty_handshakes()) > 0)
@unittest.skipUnless(Process.exists('aircrack-ng'), 'aircrack-ng is missing')
def testHandshakeAircrack(self):
hs_file = self.getFile('handshake_exists.cap')
hs = Handshake(hs_file, bssid='A4:2B:8C:16:6B:3A')

2
tests/test_Target.py
View File

@@ -1,4 +1,4 @@
#!/usr/bin/python2.7
#!/usr/bin/env python
# -*- coding: utf-8 -*-
from wifite.tools.airodump import Airodump

2
wifite/args.py
View File

@@ -1,4 +1,4 @@
#!/usr/bin/python2.7
#!/usr/bin/env python
# -*- coding: utf-8 -*-
from .util.color import Color

105
wifite/attack/all.py Normal file
View File

@@ -0,0 +1,105 @@
#!/usr/bin/env python
# -*- coding: utf-8 -*-
from .wep import AttackWEP
from .wpa import AttackWPA
from .wps import AttackWPS
from .pmkid import AttackPMKID
from ..config import Configuration
from ..util.color import Color
from ..util.input import raw_input
class AttackAll(object):
@classmethod
def attack_multiple(cls, targets):
attacked_targets = 0
targets_remaining = len(targets)
for index, target in enumerate(targets, start=1):
attacked_targets += 1
targets_remaining -= 1
bssid = target.bssid
essid = target.essid if target.essid_known else "{O}ESSID unknown{W}"
Color.pl('\n{+} ({G}%d{W}/{G}%d{W})' % (index, len(targets)) +
' starting attacks against {C}%s{W} ({C}%s{W})' % (bssid, essid))
should_continue = cls.attack_single(target, targets_remaining)
if not should_continue:
break
return attacked_targets
@classmethod
def attack_single(cls, target, targets_remaining):
attacks = []
if Configuration.use_eviltwin:
pass # TODO:EvilTwin attack
elif 'WEP' in target.encryption:
attacks.append(AttackWEP(target))
elif 'WPA' in target.encryption:
# WPA can have multiple attack vectors
if target.wps:
attacks.append(AttackWPS(target))
attacks.append(AttackPMKID(target))
attacks.append(AttackWPA(target))
if len(attacks) == 0:
Color.pl("{!} {R}Error: {O}unable to attack: encryption not WEP or WPA")
return
for attack in attacks:
try:
result = attack.run()
if result and attack.success:
break # We cracked it.
except Exception as e:
Color.pl("\n{!} {R}Error: {O}%s" % str(e))
if Configuration.verbose > 0 or Configuration.print_stack_traces:
Color.pl('\n{!} {O}Full stack trace below')
from traceback import format_exc
Color.p('\n{!} ')
err = format_exc().strip()
err = err.replace('\n', '\n{W}{!} {W} ')
err = err.replace(' File', '{W}{D}File')
err = err.replace(' Exception: ', '{R}Exception: {O}')
Color.pl(err)
continue
except KeyboardInterrupt:
Color.pl('\n{!} {O}interrupted{W}\n')
if not cls.user_wants_to_continue(targets_remaining, 1):
return False # Stop attacking other targets
if attack.success:
attack.crack_result.save()
return True # Keep attacking other targets
@classmethod
def user_wants_to_continue(cls, targets_remaining, attacks_remaining=0):
''' Asks user if attacks should continue onto other targets '''
if attacks_remaining == 0 and targets_remaining == 0:
# No targets or attacksleft, drop out
return
prompt_list = []
if attacks_remaining > 0:
prompt_list.append(Color.s('{C}%d{W} attack(s)' % attacks_remaining))
if targets_remaining > 0:
prompt_list.append(Color.s('{C}%d{W} target(s)' % targets_remaining))
prompt = ' and '.join(prompt_list)
Color.pl('{+} %s remain, do you want to continue?' % prompt)
prompt = Color.s('{+} type {G}c{W} to {G}continue{W}' +
' or {R}s{W} to {R}stop{W}: ')
if raw_input(prompt).lower().startswith('s'):
return False
else:
return True

179
wifite/attack/pmkid.py Normal file
View File

@@ -0,0 +1,179 @@
#!/usr/bin/env python
# -*- coding: utf-8 -*-
from ..model.attack import Attack
from ..config import Configuration
from ..tools.hashcat import HcxDumpTool, HcxPcapTool, Hashcat
from ..util.color import Color
from ..util.process import Process
from ..util.timer import Timer
from ..model.pmkid_result import CrackResultPMKID
from threading import Thread
import os
import time
import re
class AttackPMKID(Attack):
def __init__(self, target):
super(AttackPMKID, self).__init__(target)
self.crack_result = None
self.success = False
self.pcapng_file = Configuration.temp('pmkid.pcapng')
def get_existing_pmkid_file(self, bssid):
'''
Load PMKID Hash from a previously-captured hash in ./hs/
Returns:
The hashcat hash (hash*bssid*station*essid) if found.
None if not found.
'''
if not os.path.exists(Configuration.wpa_handshake_dir):
return None
bssid = bssid.lower().replace(':', '')
file_re = re.compile('.*pmkid_.*\.16800')
for filename in os.listdir(Configuration.wpa_handshake_dir):
pmkid_filename = os.path.join(Configuration.wpa_handshake_dir, filename)
if not os.path.isfile(pmkid_filename):
continue
if not re.match(file_re, pmkid_filename):
continue
with open(pmkid_filename, 'r') as pmkid_handle:
pmkid_hash = pmkid_handle.read().strip()
if pmkid_hash.count('*') < 3:
continue
existing_bssid = pmkid_hash.split('*')[1].lower().replace(':', '')
if existing_bssid == bssid:
return pmkid_filename
return None
def run(self):
# TODO: Check ./hs/ for previously-captured PMKID, skip to crack if found.
pmkid_file = None
# Load exisitng has from filesystem
if Configuration.ignore_old_handshakes == False:
pmkid_file = self.get_existing_pmkid_file(self.target.bssid)
if pmkid_file is not None:
Color.pattack('PMKID', self.target, 'CAPTURE',
'Loaded {C}existing{W} PMKID hash: {C}%s{W}\n' % pmkid_file)
# Capture hash from live target.
if pmkid_file is None:
pmkid_file = self.capture_pmkid()
if pmkid_file is None:
return False # No hash found.
# Crack it.
self.success = self.crack_pmkid_file(pmkid_file)
return self.success
def capture_pmkid(self):
self.keep_capturing = True
self.timer = Timer(60)
# Start hcxdumptool
t = Thread(target=self.dumptool_thread)
t.start()
# Repeatedly run pcaptool & check output for hash for self.target.essid
pmkid_hash = None
pcaptool = HcxPcapTool(self.target)
while self.timer.remaining() > 0:
pmkid_hash = pcaptool.get_pmkid_hash(self.pcapng_file)
if pmkid_hash is not None:
break # Got PMKID
Color.pattack('PMKID', self.target, 'CAPTURE',
'Waiting for PMKID ({C}%s{W})' % str(self.timer))
time.sleep(1)
self.keep_capturing = False
if pmkid_hash is None:
Color.pattack('PMKID', self.target, 'CAPTURE',
'{R}Failed{O} to capture PMKID\n')
Color.pl("")
return None # No hash found.
Color.clear_entire_line()
Color.pattack('PMKID', self.target, 'CAPTURE', '{G}Captured PMKID{W}')
pmkid_file = self.save_pmkid(pmkid_hash)
return pmkid_file
def crack_pmkid_file(self, pmkid_file):
'''
Cracks file containing PMKID hash (*.16800).
If cracked, saves results in self.crack_result
Returns:
True if cracked, False otherwise.
'''
# Check that wordlist exists before cracking.
if Configuration.wordlist is None:
Color.pl('\n{!} {O}Not cracking because {R}wordlist{O} is not found.')
Color.pl('{!} {O}Run Wifite with the {R}--crack{O} and {R}--dict{O} options to try again.')
key = None
else:
Color.clear_entire_line()
Color.pattack('PMKID', self.target, 'CRACK', 'Cracking PMKID...\n')
key = Hashcat.crack_pmkid(pmkid_file)
if key is None:
# Failed to crack.
Color.clear_entire_line()
Color.pattack('PMKID', self.target, '{R}CRACK',
'{R}Failed{O} to crack PMKID\n')
Color.pl("")
return False
else:
# Successfully cracked.
Color.clear_entire_line()
Color.pattack('PMKID', self.target, 'CRACKED', '{C}Key: {G}%s{W}' % key)
self.crack_result = CrackResultPMKID(self.target.bssid, self.target.essid,
pmkid_file, key)
Color.pl('\n')
self.crack_result.dump()
return True
def dumptool_thread(self):
dumptool = HcxDumpTool(self.target, self.pcapng_file)
# Let the dump tool run until we have the hash.
while self.keep_capturing and dumptool.poll() == None:
time.sleep(0.5)
dumptool.interrupt()
def save_pmkid(self, pmkid_hash):
'''
Saves a copy of the pmkid (handshake) to hs/
'''
# Create handshake dir
if not os.path.exists(Configuration.wpa_handshake_dir):
os.mkdir(Configuration.wpa_handshake_dir)
# Generate filesystem-safe filename from bssid, essid and date
essid_safe = re.sub('[^a-zA-Z0-9]', '', self.target.essid)
bssid_safe = self.target.bssid.replace(':', '-')
date = time.strftime('%Y-%m-%dT%H-%M-%S')
pmkid_file = 'pmkid_%s_%s_%s.16800' % (essid_safe, bssid_safe, date)
pmkid_file = os.path.join(Configuration.wpa_handshake_dir, pmkid_file)
Color.p('\n{+} Saving copy of {C}PMKID Hash{W} to {C}%s{W} ' % pmkid_file)
with open(pmkid_file, 'w') as pmkid_handle:
pmkid_handle.write(pmkid_hash)
pmkid_handle.write('\n')
return pmkid_file

8
wifite/attack/wep.py
View File

@@ -1,4 +1,4 @@
#!/usr/bin/python2.7
#!/usr/bin/env python
# -*- coding: utf-8 -*-
from ..model.attack import Attack
@@ -29,7 +29,7 @@ class AttackWEP(Attack):
'''
Initiates full WEP attack.
Including airodump-ng starting, cracking, etc.
Returns: True if attack is succesful, false otherwise
Returns: True if attack is successful, false otherwise
'''
aircrack = None # Aircrack process, not started yet
@@ -340,7 +340,7 @@ class AttackWEP(Attack):
'''
Attempts to fake-authenticate with target.
Returns: True if successful,
False is unsuccesful.
False is unsuccessful.
'''
Color.p('\r{+} attempting {G}fake-authentication{W} with {C}%s{W}...' % self.target.bssid)
fakeauth = Aireplay.fakeauth(self.target, timeout=AttackWEP.fakeauth_wait)
@@ -349,7 +349,7 @@ class AttackWEP(Attack):
else:
Color.pl(' {R}failed{W}')
if Configuration.require_fakeauth:
# Fakeauth is requried, fail
# Fakeauth is required, fail
raise Exception(
'Fake-authenticate did not complete within' +
' %d seconds' % AttackWEP.fakeauth_wait)

15
wifite/attack/wpa.py
View File

@@ -1,4 +1,4 @@
#!/usr/bin/python2.7
#!/usr/bin/env python
# -*- coding: utf-8 -*-
from ..model.attack import Attack
@@ -25,7 +25,7 @@ class AttackWPA(Attack):
def run(self):
'''
Initiates full WPA hanshake capture attack.
Initiates full WPA handshake capture attack.
'''
# Check if user only wants to run PixieDust attack
@@ -34,11 +34,8 @@ class AttackWPA(Attack):
self.success = False
return self.success
handshake = None
# Capture the handshake ("do it live!")
if handshake is None:
handshake = self.capture_handshake()
# Capture the handshake (or use an old one)
handshake = self.capture_handshake()
if handshake is None:
# Failed to capture handshake
@@ -187,8 +184,8 @@ class AttackWPA(Attack):
current_key = ''
while crack_proc.poll() is None:
line = crack_proc.pid.stdout.readline()
match_nums = aircrack_nums_re.search(line)
match_keys = aircrack_key_re.search(line)
match_nums = aircrack_nums_re.search(line.decode('utf-8'))
match_keys = aircrack_key_re.search(line.decode('utf-8'))
if match_nums:
num_tried = int(match_nums.group(1))
num_total = int(match_nums.group(2))

2
wifite/attack/wps.py
View File

@@ -1,4 +1,4 @@
#!/usr/bin/python2.7
#!/usr/bin/env python
# -*- coding: utf-8 -*-
from ..model.attack import Attack

5
wifite/config.py
View File

@@ -1,4 +1,4 @@
#!/usr/bin/python2.7
#!/usr/bin/env python
# -*- coding: utf-8 -*-
import os
@@ -8,7 +8,7 @@ from .tools.macchanger import Macchanger
class Configuration(object):
''' Stores configuration variables and functions for Wifite. '''
version = '2.1.5'
version = '2.1.7'
initialized = False # Flag indicating config has been initialized
temp_dir = None # Temporary directory
@@ -83,6 +83,7 @@ class Configuration(object):
# Default dictionary for cracking
cls.wordlist = None
wordlists = [
'./wordlist-top4800-probable.txt',
'/usr/share/wfuzz/wordlist/fuzzdb/wordlists-user-passwd/passwds/phpbb.txt',
'/usr/share/fuzzdb/wordlists-user-passwd/passwds/phpbb.txt',
'/usr/share/wordlists/fern-wifi/common.txt'

2
wifite/model/attack.py
View File

@@ -1,4 +1,4 @@
#!/usr/bin/python2.7
#!/usr/bin/env python
# -*- coding: utf-8 -*-
import time

2
wifite/model/client.py
View File

@@ -1,4 +1,4 @@
#!/usr/bin/python2.7
#!/usr/bin/env python
# -*- coding: utf-8 -*-
class Client(object):

26
wifite/model/handshake.py
View File

@@ -1,4 +1,4 @@
#!/usr/bin/python2.7
#!/usr/bin/env python
# -*- coding: utf-8 -*-
from ..util.process import Process
@@ -184,6 +184,30 @@ class Handshake(object):
Color.pl('%s ({G}%s{W})' % (out_str, essid))
@staticmethod
def check():
''' Analyzes .cap file(s) for handshake '''
from ..config import Configuration
if Configuration.check_handshake == '<all>':
Color.pl('{+} checking all handshakes in {G}"./hs"{W} directory\n')
try:
capfiles = [os.path.join('hs', x) for x in os.listdir('hs') if x.endswith('.cap')]
except OSError as e:
capfiles = []
if len(capfiles) == 0:
Color.pl('{!} {R}no .cap files found in {O}"./hs"{W}\n')
else:
capfiles = [Configuration.check_handshake]
for capfile in capfiles:
Color.pl('{+} checking for handshake in .cap file {C}%s{W}' % capfile)
if not os.path.exists(capfile):
Color.pl('{!} {O}.cap file {C}%s{O} not found{W}' % capfile)
return
hs = Handshake(capfile, bssid=Configuration.target_bssid, essid=Configuration.target_essid)
hs.analyze()
Color.pl('')
if __name__ == '__main__':
print('With BSSID & ESSID specified:')
hs = Handshake('./tests/files/handshake_has_1234.cap', bssid='18:d6:c7:6d:6b:18', essid='YZWifi')

53
wifite/model/pmkid_result.py Normal file
View File

@@ -0,0 +1,53 @@
#!/usr/bin/env python
# -*- coding: utf-8 -*-
from ..util.color import Color
from .result import CrackResult
class CrackResultPMKID(CrackResult):
def __init__(self, bssid, essid, pmkid_file, key):
self.result_type = 'PMKID'
self.bssid = bssid
self.essid = essid
self.pmkid_file = pmkid_file
self.key = key
super(CrackResultPMKID, self).__init__()
def dump(self):
if self.essid:
Color.pl('{+} %s: {C}%s{W}' %
('Access Point Name'.rjust(19), self.essid))
if self.bssid:
Color.pl('{+} %s: {C}%s{W}' %
('Access Point BSSID'.rjust(19), self.bssid))
Color.pl('{+} %s: {C}%s{W}' %
('Encryption'.rjust(19), self.result_type))
if self.pmkid_file:
Color.pl('{+} %s: {C}%s{W}' %
('PMKID File'.rjust(19), self.pmkid_file))
if self.key:
Color.pl('{+} %s: {G}%s{W}' % ('PSK (password)'.rjust(19), self.key))
else:
Color.pl('{!} %s {O}key unknown{W}' % ''.rjust(19))
def to_dict(self):
return {
'type' : self.result_type,
'date' : self.date,
'essid' : self.essid,
'bssid' : self.bssid,
'key' : self.key,
'pmkid_file' : self.pmkid_file
}
if __name__ == '__main__':
w = CrackResultPMKID('AA:BB:CC:DD:EE:FF', 'Test Router', 'hs/pmkid_blah-123213.16800', 'abcd1234')
w.dump()
w = CrackResultPMKID('AA:BB:CC:DD:EE:FF', 'Test Router', 'hs/pmkid_blah-123213.16800', 'Key')
print('\n')
w.dump()
w.save()
print(w.__dict__['bssid'])

30
wifite/model/result.py
View File

@@ -1,4 +1,4 @@
#!/usr/bin/python2.7
#!/usr/bin/env python
# -*- coding: utf-8 -*-
from ..util.color import Color
@@ -39,6 +39,27 @@ class CrackResult(object):
Color.pl('{+} saved crack result to {C}%s{W} ({G}%d total{W})'
% (name, len(json)))
@classmethod
def display(cls):
''' Show cracked targets from cracked.txt '''
name = cls.cracked_file
if not os.path.exists(name):
Color.pl('{!} {O}file {C}%s{O} not found{W}' % name)
return
with open(name, 'r') as fid:
cracked_targets = loads(fid.read())
if len(cracked_targets) == 0:
Color.pl('{!} {R}no results found in {O}%s{W}' % name)
else:
Color.pl('{+} displaying {G}%d {C}cracked target(s){W}\n' % len(cracked_targets))
for item in cracked_targets:
cr = cls.load(item)
cr.dump()
Color.pl('')
@classmethod
def load_all(cls):
if not os.path.exists(cls.cracked_file): return []
@@ -68,6 +89,13 @@ class CrackResult(object):
json['essid'],
json['pin'],
json['psk'])
elif json['type'] == 'PMKID':
from .pmkid_result import CrackResultPMKID
result = CrackResultPMKID(json['bssid'],
json['essid'],
json['pmkid_file'],
json['key'])
result.date = json['date']
return result

2
wifite/model/target.py
View File

@@ -1,4 +1,4 @@
#!/usr/bin/python2.7
#!/usr/bin/env python
# -*- coding: utf-8 -*-
from ..util.color import Color

2
wifite/model/wep_result.py
View File

@@ -1,4 +1,4 @@
#!/usr/bin/python2.7
#!/usr/bin/env python
# -*- coding: utf-8 -*-
from ..util.color import Color

2
wifite/model/wpa_result.py
View File

@@ -1,4 +1,4 @@
#!/usr/bin/python2.7
#!/usr/bin/env python
# -*- coding: utf-8 -*-
from ..util.color import Color

2
wifite/model/wps_result.py
View File

@@ -1,4 +1,4 @@
#!/usr/bin/python2.7
#!/usr/bin/env python
# -*- coding: utf-8 -*-
from ..util.color import Color

2
wifite/tools/aircrack.py
View File

@@ -1,4 +1,4 @@
#!/usr/bin/python2.7
#!/usr/bin/env python
# -*- coding: utf-8 -*-
from .dependency import Dependency

4
wifite/tools/aireplay.py
View File

@@ -1,4 +1,4 @@
#!/usr/bin/python2.7
#!/usr/bin/env python
# -*- coding: utf-8 -*-
from .dependency import Dependency
@@ -204,7 +204,7 @@ class Aireplay(Thread, Dependency):
if 'Got RELAYED packet' in line:
self.status = 'got relayed packet'
# XX:XX:XX Thats our ARP packet!
# XX:XX:XX That's our ARP packet!
if 'Thats our ARP packet' in line:
self.status = 'relayed packet was our'

18
wifite/tools/airmon.py
View File

@@ -1,4 +1,4 @@
#!/usr/bin/python2.7
#!/usr/bin/env python
# -*- coding: utf-8 -*-
from .dependency import Dependency
@@ -19,7 +19,6 @@ class AirmonIface(object):
self.interface = interface
self.driver = driver
self.chipset = chipset
self.mac_address = Ifconfig.get_mac(interface)
# Max length of fields.
# Used for printing a table of interfaces.
@@ -101,6 +100,9 @@ class Airmon(Dependency):
if phy == 'PHY' or phy == 'Interface':
continue # Header
if len(interface.strip()) == 0:
continue
interfaces.append(AirmonIface(phy, interface, driver, chipset))
return interfaces
@@ -341,8 +343,11 @@ class Airmon(Dependency):
if not Configuration.kill_conflicting_processes:
# Don't kill processes, warn user
for pid, pname in pid_pnames:
Color.pl('{!} {O}conflicting process: {R}%s{O} (PID {R}%s{O})' % (pname, pid))
names_and_pids = ', '.join([
'{R}%s{O} (PID {R}%s{O})' % (pname, pid)
for pid, pname in pid_pnames
])
Color.pl('{!} {O}conflicting processes: %s' % names_and_pids)
Color.pl('{!} {O}if you have problems: {R}kill -9 PID{O} or re-run wifite with {R}--kill{O}){W}')
return
@@ -355,7 +360,10 @@ class Airmon(Dependency):
Airmon.killed_network_manager = True
else:
Color.pl('{!} {R}terminating {O}conflicting process {R}%s{O} (PID {R}%s{O})' % (pname, pid))
os.kill(int(pid), signal.SIGTERM)
try:
os.kill(int(pid), signal.SIGTERM)
except:
pass
@staticmethod

16
wifite/tools/airodump.py
View File

@@ -1,4 +1,4 @@
#!/usr/bin/python2.7
#!/usr/bin/env python
# -*- coding: utf-8 -*-
from .dependency import Dependency
@@ -137,7 +137,7 @@ class Airodump(Dependency):
if fil.startswith('replay_') and fil.endswith('.cap') or fil.endswith('.xor'):
os.remove(os.path.join(temp_dir, fil))
def get_targets(self, apply_filter=True):
def get_targets(self, old_targets=[], apply_filter=True):
''' Parses airodump's CSV file, returns list of Targets '''
# Find the .CSV file
@@ -150,13 +150,17 @@ class Airodump(Dependency):
return self.targets # No file found
targets = Airodump.get_targets_from_csv(csv_filename)
for old_target in old_targets:
for target in targets:
if old_target.bssid == target.bssid:
target.wps = old_target.wps
# Check targets for WPS
if not self.skip_wps:
capfile = csv_filename[:-3] + 'cap'
try:
Tshark.check_for_wps_and_update_targets(capfile, targets)
except Exception as e:
except ValueError:
# No tshark, or it failed. Fall-back to wash
Wash.check_for_wps_and_update_targets(capfile, targets)
@@ -178,9 +182,6 @@ class Airodump(Dependency):
new_target.decloaked = True
self.decloaked_bssids.add(new_target.bssid)
if self.pid.poll() is not None:
raise Exception('Airodump has stopped')
self.targets = targets
self.deauth_hidden_targets()
@@ -192,10 +193,9 @@ class Airodump(Dependency):
'''Returns list of Target objects parsed from CSV file.'''
targets = []
import csv
with open(csv_filename, 'rb') as csvopen:
with open(csv_filename, 'r') as csvopen:
lines = []
for line in csvopen:
if type(line) is bytes: line = line.decode('utf-8')
line = line.replace('\0', '')
lines.append(line)
csv_reader = csv.reader(lines,

2
wifite/tools/bully.py
View File

@@ -1,4 +1,4 @@
#!/usr/bin/python2.7
#!/usr/bin/env python
# -*- coding: utf-8 -*-
from .dependency import Dependency

42
wifite/tools/dependency.py
View File

@@ -1,4 +1,4 @@
#!/usr/bin/python2.7
#!/usr/bin/env python
# -*- coding: utf-8 -*-
class Dependency(object):
@@ -9,11 +9,49 @@ class Dependency(object):
for attr_name in cls.required_attr_names:
if not attr_name in cls.__dict__:
raise NotImplementedError(
"Attribute '{}' has not been overriden in class '{}'" \
"Attribute '{}' has not been overridden in class '{}'" \
.format(attr_name, cls.__name__)
)
@classmethod
def run_dependency_check(cls):
from ..util.color import Color
from .airmon import Airmon
from .airodump import Airodump
from .aircrack import Aircrack
from .aireplay import Aireplay
from .ifconfig import Ifconfig
from .iwconfig import Iwconfig
from .bully import Bully
from .reaver import Reaver
from .wash import Wash
from .pyrit import Pyrit
from .tshark import Tshark
from .macchanger import Macchanger
apps = [
# Aircrack
Aircrack, #Airodump, Airmon, Aireplay,
# wireless/net tools
Iwconfig, Ifconfig,
# WPS
Reaver, Bully,
# Cracking/handshakes
Pyrit, Tshark,
# Misc
Macchanger
]
missing_required = any([app.fails_dependency_check() for app in apps])
if missing_required:
Color.pl('{!} {R}required app(s) were not found, exiting.{W}')
import sys
sys.exit(-1)
@classmethod
def fails_dependency_check(cls):
from ..util.color import Color

132
wifite/tools/hashcat.py Normal file
View File

@@ -0,0 +1,132 @@
#!/usr/bin/env python
# -*- coding: utf-8 -*-
from .dependency import Dependency
from ..config import Configuration
from ..util.process import Process
from ..util.color import Color
import os
class Hashcat(Dependency):
dependency_required = False
dependency_name = 'hashcat'
dependency_url = 'https://hashcat.net/hashcat/'
@staticmethod
def crack_pmkid(pmkid_file):
'''
Cracks a given pmkid_file using the PMKID/WPA2 attack (-m 16800)
Returns:
Key (str) if found; `None` if not found.
'''
# Run hashcat once normally, then with --show if it failed
# To catch cases where the password is already in the pot file.
for additional_arg in [ [], ['--show']]:
command = [
'hashcat',
'--force',
'--quiet', # Only output the password if found.
'-m', '16800', # WPA-PMKID-PBKDF2
'-a', '0', # TODO: Configure
'-w', '2', # TODO: Configure
pmkid_file,
Configuration.wordlist
]
command.extend(additional_arg)
# TODO: Check status of hashcat (%); it's impossible with --quiet
try:
hashcat_proc = Process(command)
hashcat_proc.wait()
stdout = hashcat_proc.stdout()
except KeyboardInterrupt: # In case user gets impatient
Color.pl('\n{!} {O}Interrupted hashcat cracking{W}')
stdout = ''
if ':' not in stdout:
# Failed
continue
else:
# Cracked
key = stdout.strip().split(':', 1)[1]
return key
class HcxDumpTool(Dependency):
dependency_required = False
dependency_name = 'hcxdumptool'
dependency_url = 'https://github.com/ZerBea/hcxdumptool'
def __init__(self, target, pcapng_file):
# Create filterlist
filterlist = Configuration.temp('pmkid.filterlist')
with open(filterlist, 'w') as filter_handle:
filter_handle.write(target.bssid.replace(':', ''))
if os.path.exists(pcapng_file):
os.remove(pcapng_file)
command = [
"hcxdumptool",
"-i", Configuration.interface,
"--filterlist", filterlist,
"--filtermode", "2",
"-c", str(target.channel),
"-o", pcapng_file
]
self.proc = Process(command)
def poll(self):
return self.proc.poll()
def interrupt(self):
self.proc.interrupt()
class HcxPcapTool(Dependency):
dependency_required = False
dependency_name = 'hcxpcaptool'
dependency_url = 'https://github.com/ZerBea/hcxtools'
def __init__(self, target):
self.target = target
self.bssid = self.target.bssid.lower().replace(':', '')
self.pmkid_file = Configuration.temp('pmkid-%s.16800' % self.bssid)
def get_pmkid_hash(self, pcapng_file):
if os.path.exists(self.pmkid_file):
os.remove(self.pmkid_file)
command = [
'hcxpcaptool',
'-z', self.pmkid_file,
pcapng_file
]
hcxpcap_proc = Process(command)
hcxpcap_proc.wait()
if not os.path.exists(self.pmkid_file):
return None
with open(self.pmkid_file, 'r') as f:
output = f.read()
# Each line looks like:
# hash*bssid*station*essid
# Note: The dumptool will record *anything* it finds, ignoring the filterlist.
# Check that we got the right target (filter by BSSID)
matching_pmkid_hash = None
for line in output.split('\n'):
fields = line.split('*')
if len(fields) >= 3 and fields[1].lower() == self.bssid:
# Found it
matching_pmkid_hash = line
break
os.remove(self.pmkid_file)
return matching_pmkid_hash

2
wifite/tools/ifconfig.py
View File

@@ -1,4 +1,4 @@
#!/usr/bin/python2.7
#!/usr/bin/env python
# -*- coding: utf-8 -*-
import re

12
wifite/tools/iwconfig.py
View File

@@ -1,4 +1,4 @@
#!/usr/bin/python2.7
#!/usr/bin/env python
# -*- coding: utf-8 -*-
from .dependency import Dependency
@@ -29,6 +29,7 @@ class Iwconfig(Dependency):
from ..util.process import Process
interfaces = set()
iface = ''
(out, err) = Process.call('iwconfig')
for line in out.split('\n'):
@@ -37,11 +38,16 @@ class Iwconfig(Dependency):
if not line.startswith(' '):
iface = line.split(' ')[0]
if '\t' in iface:
iface = iface.split('\t')[0]
iface = iface.split('\t')[0].strip()
iface = iface.strip()
if len(iface) == 0:
continue
if mode is None:
interfaces.add(iface)
if mode is not None and 'Mode:{}'.format(mode) in line:
if mode is not None and 'Mode:{}'.format(mode) in line and len(iface) > 0:
interfaces.add(iface)
return list(interfaces)

2
wifite/tools/macchanger.py
View File

@@ -1,4 +1,4 @@
#!/usr/bin/python2.7
#!/usr/bin/env python
# -*- coding: utf-8 -*-
from .dependency import Dependency

2
wifite/tools/pyrit.py
View File

@@ -1,4 +1,4 @@
#!/usr/bin/python2.7
#!/usr/bin/env python
# -*- coding: utf-8 -*-
from .dependency import Dependency

2
wifite/tools/reaver.py
View File

@@ -1,4 +1,4 @@
#!/usr/bin/python2.7
#!/usr/bin/env python
# -*- coding: utf-8 -*-
from .dependency import Dependency

4
wifite/tools/tshark.py
View File

@@ -1,4 +1,4 @@
#!/usr/bin/python2.7
#!/usr/bin/env python
# -*- coding: utf-8 -*-
from .dependency import Dependency
@@ -161,7 +161,7 @@ class Tshark(Dependency):
'''
if not Tshark.exists():
raise Exception('Cannot detect WPS networks: Tshark does not exist')
raise ValueError('Cannot detect WPS networks: Tshark does not exist')
command = [
'tshark',

2
wifite/tools/wash.py
View File

@@ -1,4 +1,4 @@
#!/usr/bin/python2.7
#!/usr/bin/env python
# -*- coding: utf-8 -*-
from .dependency import Dependency

2
wifite/util/color.py
View File

@@ -1,4 +1,4 @@
#!/usr/bin/python2.7
#!/usr/bin/env python
# -*- coding: utf-8 -*-
import sys

36
wifite/util/crack.py
View File

@@ -1,4 +1,4 @@
#!/usr/bin/python2.7
#!/usr/bin/env python
# -*- coding: utf-8 -*-
from ..util.process import Process
@@ -14,6 +14,8 @@ import os
class CrackHandshake(object):
def __init__(self):
self.wordlist = Configuration.wordlist or "path_to_wordlist_here"
if os.path.exists(self.wordlist):
self.wordlist = os.path.abspath(self.wordlist)
handshake = self.choose_handshake()
self.crack_handshake(handshake)
@@ -49,16 +51,18 @@ class CrackHandshake(object):
def print_john(self, cap_file):
Color.pl("")
if not Process.exists("john"):
Color.pl(" {R}john not found.");
Color.pl(" {O}More info on installing {R}John The Ripper{O} here: {C}http://www.openwall.com/john/{W}");
return
Color.pl(" {O}# JOHN: CPU or GPU-based cracking. Fast.")
Color.pl(" {O}# Use --format=wpapsk-cuda (or wpapsk-opengl) to enable GPU acceleration")
Color.pl(" {O}# See http://openwall.info/wiki/john/WPA-PSK for more info on this process")
if not Process.exists("john"):
Color.pl(" {O}# {R}john{O} is not installed. More info on installing {R}John The Ripper{O} here: {C}http://www.openwall.com/john/{W}");
else:
Color.pl(" {O}# Use --format=wpapsk-cuda (or wpapsk-opengl) to enable GPU acceleration")
Color.pl(" {O}# See http://openwall.info/wiki/john/WPA-PSK for more info on this process")
Color.pl(" {O}# Generate hccap file:")
Color.pl(" {G}aircrack-ng {W}-J hccap {C}%s{W}" % cap_file)
Color.pl(" {G}hccap2john {C}hccap.hccap {W}> {C}hccap.john{W}")
Color.pl(" {G}john {W}--wordlist {C}\"%s\" {W}--format=wpapsk {C}\"hccap.john\"{W}" % (self.wordlist))
Color.pl(" {O}# Convert hccap file to john file:")
Color.pl(" {G}hccap2john {C}hccap.hccap {W}> {C}%s.john{W}" % cap_file)
Color.pl(" {O}# Crack john file:")
Color.pl(" {G}john {W}--wordlist {C}\"%s\" {W}--format=wpapsk {C}\"%s.john\"{W}" % (self.wordlist, cap_file))
def print_oclhashcat(self, cap_file):
Color.pl("")
@@ -67,18 +71,20 @@ class CrackHandshake(object):
Color.pl(" {O}More info on installing {R}hashcat{O} here: {C}https://hashcat.net/hashcat/");
return
Color.pl(" {O}# HASHCAT: GPU-based cracking. Fast.")
Color.pl(" {O}# See {C}https://hashcat.net/wiki/doku.php?id=cracking_wpawpa2 {O}for more info")
Color.pl(" {O}# See {C}https://hashcat.net/wiki/doku.php?id=cracking_wpawpa2 {O}for more info")
Color.pl(" {O}# Step 1: Generate .hccapx file")
hccapx_file = "/tmp/generated.hccapx"
cap2hccapx = "/usr/lib/hashcat-utils/cap2hccapx.bin"
if os.path.exists(cap2hccapx):
Color.pl(" {G}%s {W}%s {C}%s{W}" % (cap2hccapx, cap_file, hccapx_file))
Color.pl(" {G} %s {W}%s {C}%s{W}" % (cap2hccapx, cap_file, hccapx_file))
else:
Color.pl(" {O}# Install hashcat-utils: {C}https://hashcat.net/wiki/doku.php?id=hashcat_utils")
Color.pl(" {C}cap2hccapx.bin {W}%s {C}%s{W}" % (cap_file, hccapx_file))
Color.pl(" {O}# OR visit https://hashcat.net/cap2hccapx to generate a .hccapx file{W}")
Color.pl(" {O}# Then click BROWSE -> %s -> CONVERT and save to %s" % (cap_file, hccapx_file))
Color.pl(" {O}# Install {R}cap2hccapx{O}: {C}https://hashcat.net/wiki/doku.php?id=hashcat_utils")
Color.pl(" {G}./cap2hccapx.bin {W}%s {C}%s{W}" % (cap_file, hccapx_file))
Color.pl(" {O}# OR visit https://hashcat.net/cap2hccapx to generate a .hccapx file{W}")
Color.pl(" {O}# Then click BROWSE -> %s -> CONVERT and save to %s" % (cap_file, hccapx_file))
Color.pl(" {O}# Step 2: Crack the .hccapx file")
Color.pl(" {G}hashcat {W}-m 2500 {C}%s %s{W}" % (hccapx_file, self.wordlist))
def choose_handshake(self):

2
wifite/util/input.py
View File

@@ -1,4 +1,4 @@
#!/usr/bin/python2.7
#!/usr/bin/env python
# -*- coding: utf-8 -*-
# Fix for raw_input on python3: https://stackoverflow.com/a/7321970

24
wifite/util/process.py
View File

@@ -1,4 +1,4 @@
#!/usr/bin/python2.7
#!/usr/bin/env python
# -*- coding: utf-8 -*-
import time
@@ -93,8 +93,11 @@ class Process(object):
Ran when object is GC'd.
If process is still running at this point, it should die.
'''
if self.pid and self.pid.poll() is None:
self.interrupt()
try:
if self.pid and self.pid.poll() is None:
self.interrupt()
except AttributeError:
pass
def stdout(self):
''' Waits for process to finish, returns stdout output '''
@@ -177,23 +180,30 @@ class Process(object):
if __name__ == '__main__':
Configuration.initialize(False)
p = Process('ls')
print(p.stdout(), p.stderr())
print(p.stdout())
print(p.stderr())
p.interrupt()
# Calling as list of arguments
(out, err) = Process.call(['ls', '-lah'])
print(out, err)
print(out)
print(err)
print('\n---------------------\n')
# Calling as string
(out, err) = Process.call('ls -l | head -2')
print(out, err)
print(out)
print(err)
print('"reaver" exists:', Process.exists('reaver'))
print('"reaver" exists: %s' % Process.exists('reaver'))
# Test on never-ending process
p = Process('yes')
print("Running yes...")
time.sleep(1)
print("yes should stop now")
# After program loses reference to instance in 'p', process dies.

15
wifite/util/scanner.py
View File

@@ -1,4 +1,4 @@
#!/usr/bin/python2.7
#!/usr/bin/env python
# -*- coding: utf-8 -*-
from ..tools.airodump import Airodump
@@ -36,18 +36,18 @@ class Scanner(object):
while True:
if airodump.pid.poll() is not None:
# Airodump process died
self.err_msg = '\r{!} {R}Airodump exited unexpectedly (Code: %d){O} Command: {W}%s' % (airodump.pid.poll(), " ".join(airodump.pid.command))
raise KeyboardInterrupt
return
try:
self.targets = airodump.get_targets()
except Exception as e:
break
self.targets = airodump.get_targets(old_targets=self.targets)
if self.found_target():
# We found the target we want
return
if airodump.pid.poll() is not None:
# Airodump process died
return
for target in self.targets:
if target.bssid in airodump.decloaked_bssids:
target.decloaked = True
@@ -72,6 +72,7 @@ class Scanner(object):
return
sleep(1)
except KeyboardInterrupt:
pass

2
wifite/util/timer.py
View File

@@ -1,4 +1,4 @@
#!/usr/bin/python2.7
#!/usr/bin/env python
# -*- coding: utf-8 -*-
import time

189
wifite/wifite.py
View File

@@ -1,4 +1,4 @@
#!/usr/bin/python3.7
#!/usr/bin/env python
# -*- coding: utf-8 -*-
try:
@@ -11,13 +11,11 @@ from .util.process import Process
from .util.color import Color
from .util.crack import CrackHandshake
from .util.input import raw_input
from .attack.wep import AttackWEP
from .attack.wpa import AttackWPA
from .attack.wps import AttackWPS
from .attack.all import AttackAll
from .model.result import CrackResult
from .model.handshake import Handshake
from .tools.dependency import Dependency
import json
import os
import sys
@@ -33,13 +31,13 @@ class Wifite(object):
Configuration.initialize(load_interface=False)
self.dependency_check()
Dependency.run_dependency_check()
if Configuration.show_cracked:
self.display_cracked()
CrackResult.display()
elif Configuration.check_handshake:
self.check_handshake(Configuration.check_handshake)
Handshake.check()
elif Configuration.crack_handshake:
CrackHandshake()
else:
@@ -47,91 +45,6 @@ class Wifite(object):
self.run()
def dependency_check(self):
''' Check that required programs are installed '''
from .tools.airmon import Airmon
from .tools.airodump import Airodump
from .tools.aircrack import Aircrack
from .tools.aireplay import Aireplay
from .tools.ifconfig import Ifconfig
from .tools.iwconfig import Iwconfig
from .tools.hostapd import Hostapd
from .tools.dnsmasq import Dnsmasq
from .tools.iptables import Iptables
from .tools.bully import Bully
from .tools.reaver import Reaver
from .tools.wash import Wash
from .tools.pyrit import Pyrit
from .tools.tshark import Tshark
from .tools.macchanger import Macchanger
apps = [
# Aircrack
Airmon, Airodump, Aircrack, Aireplay,
# wireless/net tools
Iwconfig, Ifconfig,
# WPS
Reaver, Bully,
# Cracking/handshakes
Pyrit, Tshark,
# Misc
Macchanger
]
if Configuration.use_eviltwin:
apps.extend([Hostapd, Dnsmasq, Iptables])
missing_required = any([app.fails_dependency_check() for app in apps])
if missing_required:
Color.pl('{!} {R}required app(s) were not found, exiting.{W}')
sys.exit(-1)
#if missing_optional:
# Color.pl('{!} {O}recommended app(s) were not found')
# Color.pl('{!} {O}wifite may not work as expected{W}')
def display_cracked(self):
''' Show cracked targets from cracked.txt '''
name = CrackResult.cracked_file
if not os.path.exists(name):
Color.pl('{!} {O}file {C}%s{O} not found{W}' % name)
return
with open(name, 'r') as fid:
cracked_targets = json.loads(fid.read())
if len(cracked_targets) == 0:
Color.pl('{!} {R}no results found in {O}%s{W}' % name)
else:
Color.pl('{+} displaying {G}%d {C}cracked target(s){W}\n' % len(cracked_targets))
for item in cracked_targets:
cr = CrackResult.load(item)
cr.dump()
Color.pl('')
def check_handshake(self, capfile):
''' Analyzes .cap file for handshake '''
if capfile == '<all>':
Color.pl('{+} checking all handshakes in {G}"./hs"{W} directory\n')
try:
capfiles = [os.path.join('hs', x) for x in os.listdir('hs') if x.endswith('.cap')]
except OSError as e:
capfiles = []
if len(capfiles) == 0:
Color.pl('{!} {R}no .cap files found in {O}"./hs"{W}\n')
else:
capfiles = [capfile]
for capfile in capfiles:
Color.pl('{+} checking for handshake in .cap file {C}%s{W}' % capfile)
if not os.path.exists(capfile):
Color.pl('{!} {O}.cap file {C}%s{O} not found{W}' % capfile)
return
hs = Handshake(capfile, bssid=Configuration.target_bssid, essid=Configuration.target_essid)
hs.analyze()
Color.pl('')
def run(self):
'''
Main program.
@@ -145,93 +58,19 @@ class Wifite(object):
else:
targets = s.select_targets()
attacked_targets = 0
targets_remaining = len(targets)
for idx, t in enumerate(targets, start=1):
attacked_targets += 1
targets_remaining -= 1
Color.pl('\n{+} ({G}%d{W}/{G}%d{W})' % (idx, len(targets)) +
' starting attacks against {C}%s{W} ({C}%s{W})'
% (t.bssid, t.essid if t.essid_known else "{O}ESSID unknown"))
# TODO: Check if Eviltwin attack is selected.
if Configuration.use_eviltwin:
pass
elif 'WEP' in t.encryption:
attack = AttackWEP(t)
elif 'WPA' in t.encryption:
# TODO: Move WPS+WPA decision to a combined attack
if t.wps:
attack = AttackWPS(t)
result = False
try:
result = attack.run()
except Exception as e:
Color.pl("\n{!} {R}Error: {O}%s" % str(e))
if Configuration.verbose > 0 or Configuration.print_stack_traces:
Color.pl('\n{!} {O}Full stack trace below')
from traceback import format_exc
Color.p('\n{!} ')
err = format_exc().strip()
err = err.replace('\n', '\n{W}{!} {W} ')
err = err.replace(' File', '{W}{D}File')
err = err.replace(' Exception: ', '{R}Exception: {O}')
Color.pl(err)
except KeyboardInterrupt:
Color.pl('\n{!} {O}interrupted{W}\n')
if not self.user_wants_to_continue(targets_remaining, 1):
break
if result and attack.success:
# We cracked it.
attack.crack_result.save()
continue
else:
# WPS failed, try WPA handshake.
attack = AttackWPA(t)
else:
# Not using WPS, try WPA handshake.
attack = AttackWPA(t)
else:
Color.pl("{!} {R}Error: {O}unable to attack: encryption not WEP or WPA")
continue
try:
attack.run()
except Exception as e:
Color.pl("\n{!} {R}Error: {O}%s" % str(e))
if Configuration.verbose > 0 or True:
Color.pl('\n{!} {O}Full stack trace below')
from traceback import format_exc
Color.p('\n{!} ')
err = format_exc().strip()
err = err.replace('\n', '\n{W}{!} {W} ')
err = err.replace(' File', '{W}{D}File')
err = err.replace(' Exception: ', '{R}Exception: {O}')
Color.pl(err)
except KeyboardInterrupt:
Color.pl('\n{!} {O}interrupted{W}\n')
if not self.user_wants_to_continue(targets_remaining):
break
if attack.success:
attack.crack_result.save()
attacked_targets = AttackAll.attack_multiple(targets)
Color.pl("{+} Finished attacking {C}%d{W} target(s), exiting" % attacked_targets)
def print_banner(self):
""" Displays ASCII art of the highest caliber. """
Color.pl('''\
{G} . {GR}{D} {W}{G} . {W}
{G}.´ · .{GR}{D} {W}{G}. · `. {G}wifite {D}%s{W}
{G}: : : {GR}{D} (¯) {W}{G} : : : {W}{D}automated wireless auditor
{G}`. · `{GR}{D} \ {W}{G}´ · .´ {C}{D}https://github.com/derv82/wifite2
{G} ` {GR}{D}/¯¯¯\{W}{G} ´ {W}
''' % Configuration.version)
Color.pl(r'{G} . {GR}{D} {W}{G} . {W}')
Color.pl(r'{G}.´ · .{GR}{D} {W}{G}. · `. {G}wifite {D}%s{W}' % Configuration.version)
Color.pl(r'{G}: : : {GR}{D} (¯) {W}{G} : : : {W}{D}automated wireless auditor{W}')
Color.pl(r'{G}`. · `{GR}{D} \ {W}{G}´ · .´ {C}{D}https://github.com/derv82/wifite2{W}')
Color.pl(r'{G} ` {GR}{D}¯¯\{W}{G} ´ {W}')
Color.pl('')
def user_wants_to_continue(self, targets_remaining, attacks_remaining=0):
''' Asks user if attacks should continue onto other targets '''

4800
wordlist-top4800-probable.txt Normal file
View File

File diff suppressed because it is too large Load Diff