Rewrite of the popular wireless network auditor, "wifite".
This repo is a complete re-write of
wifite
, a Python script for auditing wireless networks.
Wifite runs existing wireless-auditing tools for you. Stop memorizing command arguments & switches!
Wifite is designed to use all known methods for retrieving the password of a wireless access point (router). These methods include:
- WPS: The Offline Pixie-Dust attack
- WPS: The Online Brute-Force PIN attack
- WPA: The WPA Handshake Capture + offline crack.
- WPA: The PMKID Hash Capture + offline crack.
- WEP: Various known attacks against WEP, including fragmentation, chop-chop, aireplay, etc.
Run wifite, select your targets, and Wifite will automatically start trying to capture or crack the password.
Supported Operating Systems
Wifite is designed specifically for the latest version of Kali Linux. ParrotSec is also supported.
Other pen-testing distributions (such as BackBox or Ubuntu) have outdated versions of the tools used by Wifite. Do not expect support unless you are using the latest versions of the Required Tools, and also patched wireless drivers that support injection.
Required Tools
First and foremost, you will need a wireless card capable of "Monitor Mode" and packet injection (see this tutorial for checking if your wireless card is compatible and also this guide). There are many cheap wireless cards that plug into USB available from online stores.
Second, only the latest versions of these programs are supported and must be installed for Wifite to work properly:
Required:
python
: Wifite is compatible with bothpython2
andpython3
.iwconfig
: For identifying wireless devices already in Monitor Mode.ifconfig
: For starting/stopping wireless devices.Aircrack-ng
suite, includes:airmon-ng
: For enumerating and enabling Monitor Mode on wireless devices.aircrack-ng
: For cracking WEP .cap files and WPA handshake captures.aireplay-ng
: For deauthing access points, replaying capture files, various WEP attacks.airodump-ng
: For target scanning & capture file generation.packetforge-ng
: For forging capture files.
Optional, but Recommended:
tshark
: For detecting WPS networks and inspecting handshake capture files.reaver
: For WPS Pixie-Dust & brute-force attacks.- Note: Reaver's
wash
tool can be used to detect WPS networks iftshark
is not found.
- Note: Reaver's
bully
: For WPS Pixie-Dust & brute-force attacks.- Alternative to Reaver. Specify
--bully
to use Bully instead of Reaver. - Bully is also used to fetch PSK if
reaver
cannot after cracking WPS PIN.
- Alternative to Reaver. Specify
coWPAtty
: For detecting handshake captures.pyrit
: For detecting handshake captures.hashcat
: For cracking PMKID hashes.hcxdumptool
: For capturing PMKID hashes.hcxpcaptool
: For converting PMKID packet captures intohashcat
's format.
Run Wifite
git clone https://github.com/derv82/wifite2.git
cd wifite2
sudo ./Wifite.py
Install Wifite
To install onto your computer (so you can just run
wifite
from any terminal), run:sudo python setup.py install
This will install
wifite
to /usr/sbin/wifite
which should be in your terminal path.
Note: Uninstalling is not as easy. The only way to uninstall is to record the files installed by the above command and remove those files:
sudo python setup.py install --record files.txt \
&& cat files.txt | xargs sudo rm \
&& rm -f files.txt
Brief Feature List
- PMKID hash capture (enabled by-default, force with:
--pmkid
) - WPS Offline Brute-Force Attack aka "Pixie-Dust". (enabled by-default, force with:
--wps-only --pixie
) - WPS Online Brute-Force Attack aka "PIN attack". (enabled by-default, force with:
--wps-only --no-pixie
) - WPA/2 Offline Brute-Force Attack via 4-Way Handshake capture (enabled by-default, force with:
--no-wps
) - Validates handshakes against
pyrit
,tshark
,cowpatty
, andaircrack-ng
(when available) - Various WEP attacks (replay, chopchop, fragment, hirte, p0841, caffe-latte)
- Automatically decloaks hidden access points while scanning or attacking.
- Note: Only works when channel is fixed. Use
-c
- Disable this using
--no-deauths
- Note: Only works when channel is fixed. Use
- 5Ghz support for some wireless cards (via
-5
switch).- Note: Some tools don't play well on 5GHz channels (e.g.
aireplay-ng
)
- Note: Some tools don't play well on 5GHz channels (e.g.
- Stores cracked passwords and handshakes to the current directory (
--cracked
)- Includes information about the cracked access point (Name, BSSID, Date, etc).
- Easy to try to crack handshakes or PMKID hashes against a wordlist (
--crack
)
What's new?
Comparing this repo to the "old wifite" @ https://github.com/derv82/wifite
- Less bugs
- Cleaner process management. Does not leave processes running in the background (the old
wifite
was bad about this). - No longer "one monolithic script". Has working unit tests. Pull requests are less-painful!
- Cleaner process management. Does not leave processes running in the background (the old
- Speed
- Target access points are refreshed every second instead of every 5 seconds.
- Accuracy
- Displays realtime Power level of currently-attacked target.
- Displays more information during an attack (e.g. % during WEP chopchop attacks, Pixie-Dust step index, etc)
- Educational
- The
--verbose
option (expandable to-vv
or-vvv
) shows which commands are executed & the output of those commands. - This can help debug why Wifite is not working for you. Or so you can learn how these tools are used.
- The
- More-actively developed.
- Python 3 support.
- Sweet new ASCII banner.
What's gone?
- Some command-line arguments (
--wept
,--wpst
, and other confusing switches).- You can still access some of these obscure options, try
wifite -h -v
- You can still access some of these obscure options, try
What's not new?
- (Mostly) Backwards compatible with the original
wifite
's arguments. - Same text-based interface everyone knows and loves.
Screenshots
-----
-----
监听附近网络 Wi-Fi 设备,通过邮件和微信进行消息推送.
hmpa-pi
在树莓派上,利用 Wireshark 扫描附近网络 WiFi 设备,并对扫描结果通过邮件或者微信进行推送。
临近春节回老家过年,家里没人,又不想安装摄像头监控,参考 howmanypeoplearearound 写了一个监测脚本,当有手机或其它 Wi-Fi 设备在附近时,通过邮件或者微信提醒。
特性
- Wi-Fi 设备扫描
- 邮件提醒
- 微信提醒(Server 酱)
- 陌生设备检测
原理
在 Wi-Fi 网络中,无线网卡是以广播模式发射信号的。当无线网卡将信息广播出去后,所有的设备都可以接收到该信息。将无线网卡设置为监听模式后,就可以捕获到该网卡接收范围的所有数据包。 通过这些数据包,就可以扫描出附近 Wi-Fi 的网络内的设备与信号强度。
监听模式的网卡
一些支持监听模式的网卡
- USB Rt3070 $14
- Panda PAU5 $14
- Panda PAU6 $15
- Panda PAU9 $36
- Alfa AWUSO36NH $33
- Alfa AWUS036NHA $40
- Alfa AWUS036NEH $40
- Sabrent NT-WGHU $15 (b/g) only
软件安装
Mac
brew install wireshark
brew cask install wireshark-chmodbpf
Linux 或 Raspberry Pi
sudo apt-get install tshark
# run as non-root
sudo dpkg-reconfigure wireshark-common (select YES)
sudo usermod -a -G wireshark ${USER:-root}
newgrp wireshark
配置网卡
- 如果是支持监听模式的网卡,可以直接运行
- 如果刚好在使用
rtl8188 usb Wi-Fi 网卡
+ Raspberry Pi ,需要先卸载rtl8192
驱动,再加载rtl8188
驱动#!/usr/bin/env bash uname -a # disable rtl8192 driver sudo depmod 4.14.79-v7+ sudo rmmod 8192cu sudo modprobe rtl8192cu # set RTL8188 monitor mode sudo ifconfig wlan1 down sudo iwconfig wlan1 mode monitor sudo ifconfig wlan1 up
运行代码
下载代码
git clone https://github.com/wangshub/hmpa-pi.git
cd hmpa-pi/ && pip install -r requirements.txt
编辑配置文件
cp config/config.py.example config/config.py
vi config/config.py
参考配置
adapter = 'wlan1'
use_email = True
email = {"host": "smtp.163.com",
"port": 465,
"user": "xxxxxxx@163.com",
"password": "xxxxxxxxxx",
"to_user": "xxxxxxxx@xxxx.com"}
use_wechat = True
serverchan = {"sckey": "xxxxxxxxxxxxxxxxxxxxx"}
known_devices = {"94:65:2d:xx:xx:xx": "my cellPhone",
"dc:a4:ca:xx:xx:xx": "my Mac",
"b8:27:eb:xx:xx:xx": "my raspberry"}
运行
python main.py
消息推送
- Server 酱微信推送,需要 Github 登录获取
sckey
- yagmail 邮箱推送
运行结果
2019-01-24 07:37:01.211617 一共发现了 67 台设备
Known Devices:
- my cellPhone
- my raspberry
- my mac
All Devices:
- 00:e0:70:3e:xx:xx 14 DH TECHNOLOGY
- 94:65:2d:91:xx:xx 14 OnePlus Technology (Shenzhen) Co., Ltd
- dc:d9:16:7e:xx:xx -12 HUAWEI TECHNOLOGIES CO.,LTD
- b8:27:eb:12:xx:xx -20 Raspberry Pi Foundation
- 98:01:a7:eb:xx:xx -40 Apple, Inc.
- 20:5d:47:44:xx:xx -44 vivo Mobile Communication Co., Ltd.
- ac:b5:7d:5f:xx:xx -46 Liteon Technology Corporation
- 04:03:d6:1f:xx:xx -47 Nintendo Co.,Ltd
- d4:ee:07:55:xx:xx -48 HIWIFI Co., Ltd.
- 44:6e:e5:63:xx:xx -51 HUAWEI TECHNOLOGIES CO.,LTD
- 14:75:90:8d:xx:xx -51 TP-LINK TECHNOLOGIES CO.,LTD.
- 34:96:72:1d:xx:xx -56 TP-LINK TECHNOLOGIES CO.,LTD.
- d8:cb:8a:74:xx:xx -57 Micro-Star INTL CO., LTD.
- 40:8d:5c:21:xx:xx -57 GIGA-BYTE TECHNOLOGY CO.,LTD.
- 6c:59:40:25:xx:xx -58 SHENZHEN MERCURY COMMUNICATION TECHNOLOGIES CO.,LTD.
More ...
from
https://github.com/wangshub/hmpa-pi
No comments:
Post a Comment