Skip to content
Permalink
Browse files
Added ssid and mac-level ACLs
  • Loading branch information
s0lst1c3 committed Oct 3, 2019
1 parent 7751214 commit 6a421a0edf637fd4f336b7a5dadeb4c17e0a313b
Showing 15 changed files with 502 additions and 63 deletions.
@@ -4,7 +4,7 @@ by Gabriel Ryan ([s0lst1c3](https://twitter.com/s0lst1c3))(gryan[at]specterops.i

[![Foo](https://rawcdn.githack.com/toolswatch/badges/8bd9be6dac2a1d445367001f2371176cc50a5707/arsenal/usa/2017.svg)](https://www.blackhat.com/us-17/arsenal.html#eaphammer)

Current release: [v1.9.0](https://github.com/s0lst1c3/eaphammer/releases/tag/v1.9.0)
Current release: [v1.10.0](https://github.com/s0lst1c3/eaphammer/releases/tag/v1.10.0)

Supports _Python 3.5+_.

@@ -1,4 +1,4 @@
__version__ = '1.9.1'
__version__ = '1.10.0'
__codename__ = 'Power Overwhelming'
__author__ = '@s0lst1c3'
__contact__ = 'gryan@specterops.io'
@@ -16,6 +16,10 @@
'capture_wpa_handshakes',
'psk_capture_file',
'pmkid',
'mac_whitelist',
'mac_blacklist',
'ssid_whitelist',
'ssid_blacklist',
'hostile_portal',
'captive_portal',
'debug',
@@ -408,6 +412,38 @@ def set_options():
action='store_true',
help='Enable karma.')

access_point_group.add_argument('--mac-whitelist',
dest='mac_whitelist',
type=str,
default=None,
help='Enable MAC address whitelisting '
'and specify path to whitelist '
'file.')

access_point_group.add_argument('--mac-blacklist',
dest='mac_blacklist',
type=str,
default=None,
help='Enable MAC address blacklisting '
'and specify path to blacklist '
'file.')

access_point_group.add_argument('--ssid-whitelist',
dest='ssid_whitelist',
type=str,
default=None,
help='Enable MAC address whitelisting '
'and specify path to whitelist '
'file.')

access_point_group.add_argument('--ssid-blacklist',
dest='ssid_blacklist',
type=str,
default=None,
help='Enable MAC address blacklisting '
'and specify path to blacklist '
'file.')

karma_group = parser.add_argument_group('Karma Options')

karma_group.add_argument('--loud', '--singe',
@@ -966,6 +1002,57 @@ def set_options():
if invalid_args:
sys.exit()

if options['mac_whitelist'] is not None and options['mac_blacklist'] is not None:

parser.print_usage()
print()
msg = ('[!] Cannot use --mac-whitelist and '
'--mac-blacklist flags simultaneously.')
print(msg, end='')
sys.exit()

if options['ssid_whitelist'] is not None and options['ssid_blacklist'] is not None:

parser.print_usage()
print()
msg = ('[!] Cannot use --ssid-whitelist and '
'--ssid-blacklist flags simultaneously.')
print(msg, end='')
sys.exit()

# these sanity checks probably needs to be moved somewhere else,
# but whatever. fuckit shipit.
if options['ssid_whitelist']:
with open(options['ssid_whitelist']) as input_handle:
for index,line in enumerate(input_handle):
ssid = line.strip()
if len(ssid) > 32:
parser.print_usage()
print()
msg = ('[!] In SSID whitelist file {} line {}: '
'Length of SSID {} is too long. SSIDS must '
'have a length of no more than 32 '
'characters.'.format(options['ssid_whitelist'],
index+1, ssid))
print(msg, end='')
sys.exit()

if options['ssid_blacklist']:
with open(options['ssid_blacklist']) as input_handle:
for index,line in enumerate(input_handle):
ssid = line.strip()
if len(ssid) > 32:
parser.print_usage()
print()
msg = ('[!] In SSID blacklist file {} line {}: '
'Length of SSID {} is too long. SSIDS must '
'have a length of no more than 32 '
'characters.'.format(options['ssid_blacklist'],
index+1, ssid))
print(msg, end='')
sys.exit()


except SystemExit:

print()
@@ -499,7 +499,20 @@ def populate_general(self, settings, options):
general_configs['logger_syslog_level'] = settings.dict['core']['hostapd']['general']['logger_syslog_level']
general_configs['logger_stdout'] = settings.dict['core']['hostapd']['general']['logger_stdout']
general_configs['logger_stdout_level'] = settings.dict['core']['hostapd']['general']['logger_stdout_level']
general_configs['macaddr_acl'] = settings.dict['core']['hostapd']['general']['macaddr_acl']

if options['mac_whitelist'] is not None:
general_configs['accept_mac_file'] = settings.dict['paths']['hostapd']['mac_whitelist']
general_configs['macaddr_acl'] = '1'
elif options['mac_blacklist'] is not None:
general_configs['deny_mac_file'] = settings.dict['paths']['hostapd']['mac_blacklist']
general_configs['macaddr_acl'] = '0'

if options['ssid_whitelist'] is not None:
general_configs['ssid_acl_file'] = settings.dict['paths']['hostapd']['ssid_whitelist']
general_configs['ssid_acl_mode'] = '0'
elif options['ssid_blacklist'] is not None:
general_configs['ssid_acl_file'] = settings.dict['paths']['hostapd']['ssid_blacklist']
general_configs['ssid_acl_mode'] = '1'

if options['karma']:
general_configs['use_karma'] = '1'
@@ -0,0 +1,61 @@
import os
import shutil
import sys

class HostapdMACACL(object):

def __init__(self,
settings,
options):

self.debug = options['debug']

assert not (options['mac_whitelist'] is not None and options['mac_blacklist'] is not None)

if options['mac_whitelist'] is not None:
self.input_path = options['mac_whitelist']
self.output_path = settings.dict['paths']['hostapd']['mac_whitelist']
self.mode = 'mac_whitelist'
elif options['mac_blacklist'] is not None:
self.input_path = options['mac_blacklist']
self.output_path = settings.dict['paths']['hostapd']['mac_blacklist']
self.mode = 'mac_blacklist'
else:
raise Exception('[HostapdACL] this should never happen')


if self.debug:
print('[HostapdACL] self.input_path: ', self.input_path)
print('[HostapdACL] self.output_path: ', self.output_path)
print('[HostapdACL] self.mode: ', self.output_path)

def remove(self):

if not self.debug:

try:

os.remove(self.output_path)

except FileNotFoundError:

print('[HostapdACL] Cannot remove file that does not exist')

def path(self, path=None):

if path is not None:
self.output_path = path

return self.output_path

def generate(self):

try:

shutil.copy(self.input_path, self.output_path)

except FileNotFoundError:

sys.exit('[HostapdACL] ACL file not found: {}'.format(self.input_path))

return self.path()
@@ -0,0 +1,61 @@
import os
import shutil
import sys

class HostapdSSIDACL(object):

def __init__(self,
settings,
options):

self.debug = options['debug']

assert not (options['ssid_whitelist'] is not None and options['ssid_blacklist'] is not None)

if options['ssid_whitelist'] is not None:
self.input_path = options['ssid_whitelist']
self.output_path = settings.dict['paths']['hostapd']['ssid_whitelist']
self.mode = 'ssid_whitelist'
elif options['ssid_blacklist'] is not None:
self.input_path = options['ssid_blacklist']
self.output_path = settings.dict['paths']['hostapd']['ssid_blacklist']
self.mode = 'ssid_blacklist'
else:
raise Exception('[HostapdSSIDACL] this should never happen')


if self.debug:
print('[HostapdSSIDACL] self.input_path: ', self.input_path)
print('[HostapdSSIDACL] self.output_path: ', self.output_path)
print('[HostapdSSIDACL] self.mode: ', self.output_path)

def remove(self):

if not self.debug:

try:

os.remove(self.output_path)

except FileNotFoundError:

print('[HostapdSSIDACL] Cannot remove file that does not exist')

def path(self, path=None):

if path is not None:
self.output_path = path

return self.output_path

def generate(self):

try:

shutil.copy(self.input_path, self.output_path)

except FileNotFoundError:

sys.exit('[HostapdSSIDACL] ACL file not found: {}'.format(self.input_path))

return self.path()

0 comments on commit 6a421a0

Please sign in to comment.