Advertisement
opexxx

weape.sh

Sep 10th, 2013
267
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Bash 7.33 KB | None | 0 0
  1. #!/usr/bin/env bash
  2. # wEAPe - Wireless EAP Extractor
  3. # Daniel Compton
  4. # 08/2013
  5. # Daniel Compton
  6. # www.commonexploits.com
  7. # contact@commexploits.com
  8. # Twitter = @commonexploits
  9. # Tested on Bactrack 5 & Kali Nessus version 4 & 5
  10.  
  11.  
  12. # Script begins
  13. #===============================================================================
  14.  
  15. VERSION="0.2"
  16.  
  17. clear
  18. echo ""
  19. echo -e "\e[00;32m#############################################################\e[00m"
  20. echo ""
  21. echo -e "   wEAPe Wireless EAP Extractor $VERSION "
  22. echo ""
  23. echo -e "   EAP Domain Username Extractor"
  24. echo ""
  25. echo -e "\e[00;32m#############################################################\e[00m"
  26. echo ""
  27.  
  28. #Dependency checking
  29.  
  30. #Check for tshark
  31. which tshark>/dev/null
  32. if [ $? -eq 0 ]
  33.         then
  34.                 echo ""
  35. else
  36.                 echo ""
  37.             echo -e "\e[01;31m[!]\e[00m Unable to find the required Tshark program, install and try again"
  38.         exit 1
  39. fi
  40.  
  41.  
  42. #Check for Airmon-ng
  43. which airmon-ng >/dev/null
  44. if [ $? -eq 0 ]
  45.         then
  46.                 echo ""
  47. else
  48.                 echo ""
  49.         echo -e "\e[01;31m[!]\e[00m Unable to find the required Airmon-NG program, install and try again"
  50.         exit 1
  51. fi
  52.  
  53. #Dependency checking
  54.  
  55. #Check for Airodump-NG
  56. which airodump-ng >/dev/null
  57. if [ $? -eq 0 ]
  58.         then
  59.                 echo ""
  60. else
  61.                 echo ""
  62.         echo -e "\e[01;31m[!]\e[00m Unable to find the required Airodump-ng program, install and try again"
  63.         exit 1
  64. fi
  65.  
  66.  
  67. #Check for screen
  68. which screen >/dev/null
  69. if [ $? -eq 0 ]
  70.         then
  71.                 echo ""
  72. else
  73.                 echo ""
  74.         echo -e "\e[01;31m[!]\e[00m Unable to find the required Screen program, install and try again"
  75.         exit 1
  76. fi
  77.  
  78. echo -e "\e[01;33m[-]\e[00m In order to extract EAP packets you will need to associate (not authenticate) with the access point of interest"
  79. echo ""
  80. echo -e "\e[01;33m[-]\e[00m Your wireless network card must support packet injection."
  81. echo ""
  82. sleep 3
  83. echo -e "\e[01;32m[-]\e[00m Now checking your wireless card..."
  84. echo ""
  85. # fix for occasional RFKILL errors
  86. rfkill unblock all >/dev/null
  87.  
  88. # check for wifi mon interface
  89. MONCHK=$(airmon-ng |grep -i "mon" |wc -l)
  90. if [ "$MONCHK" = 0 ]
  91.     then
  92.     echo ""
  93.     echo -e "\e[01;31m[!]\e[00m Unable to find any wireless interfaces in monitor mode."
  94.     echo ""
  95.     echo -e "\e[01;32m[-]\e[00m The following interfaces exist:"
  96.     echo "--------------------------------------------------------"
  97.     airmon-ng
  98.         echo -e "\e[1;31m------------------------------------------------------------------------------------------------------------------\e[00m"
  99.         echo -e "\e[01;31m[?]\e[00m Enter the interface you would like to put into monitor mode and press ENTER. i.e wlan0"
  100.         echo -e "\e[1;31m------------------------------------------------------------------------------------------------------------------\e[00m"
  101.     echo ""
  102.     read WLANTMP
  103.     echo ""
  104.     echo -e "\e[01;32m[-]\e[00m Now attempting to put your adaptor "$WLANTMP" into monitor mode...please wait"
  105.     echo ""
  106.     sleep 2
  107.     airmon-ng stop "$WLANTMP" >/dev/null
  108.     sleep 3
  109.     airmon-ng start "$WLANTMP" >/dev/null
  110.     echo ""
  111.     echo -e "\e[01;33m[-]\e[00m If an "SIOCSIFFLAGS:" error was displayed against "$WLANTMP", then you card/driver is not compatable"
  112.     echo ""
  113.     echo -e "\e[01;32m[-]\e[00m Press Enter to continue if you did not see the "SIOCSIFFLAGS" error."
  114.     echo ""
  115.     read ENTERKEY
  116.     sleep 3
  117.     airmon-ng |grep -i "mon" >/dev/null
  118.         if [ $? = 0 ]
  119.             then
  120.                 MADEMON=$(airmon-ng |grep -i "mon" |awk '{print $1}')
  121.                 echo -e "\e[01;32m[+]\e[00m Success, created "$MADEMON" interface in monitor mode."
  122.                 echo ""
  123.                 MONINT="$MADEMON"
  124.         else
  125.             echo ""
  126.             echo -e "\e[01;31m[!]\e[00m Unable to create a monitor interface, script will exit."
  127.             echo ""
  128.             echo -e "\e[01;31m[!]\e[00m Your card or driver may not be compatable. Fix and run the script again"
  129.             echo ""
  130.             exit 1
  131.         fi
  132.  
  133. elif [ "$MONCHK" = 1 ]
  134.     then
  135.     echo ""
  136.     MONINT=$(airmon-ng |grep "mon" |awk '{print $1}')
  137.     echo -e "\e[01;32m[+]\e[00m I found "$MONINT" interface, I will use that for the script."
  138.     echo ""
  139. else
  140.     echo ""
  141.     echo -e "\e[01;32m[-]\e[00m Multiple interfaces exist in monitor mode:"
  142.         echo "-------------------------------------------------------------------"
  143.     airmon-ng |grep -i "mon"
  144.     echo ""
  145.     echo -e "\e[1;31m------------------------------------------------------------------------------------------------------------------\e[00m"
  146.         echo -e "\e[01;31m[?]\e[00m Enter the interface you would like to use and press ENTER. i.e mon0"
  147.         echo -e "\e[1;31m------------------------------------------------------------------------------------------------------------------\e[00m"
  148.         echo ""
  149.     read MONINT
  150.     echo ""
  151. fi
  152. sleep 3
  153. clear
  154. echo ""
  155. echo -e "\e[01;33m[-]\e[00m You need to associate with the access point in question before any information can be extracted"
  156. echo ""
  157. echo -e "\e[01;33m[-]\e[00m Note: it should be access points that only have MGT within the AUTH column, which means it is using 802.1x"
  158. echo ""
  159. echo -e "\e[01;33m[-]\e[00m Also it should be an access point with traffic or is likely to have traffic. check under Data column"
  160. echo ""
  161. echo -e "\e[01;33m[-]\e[00m You will be presented a list all wireless networks. When you have identified the SSID of interest press CTRL C"
  162. echo ""
  163. echo -e "\e[01;32m[-]\e[00m Press ENTER to continue"
  164. echo ""
  165. read ENTERKEY
  166. airodump-ng $MONINT
  167.  
  168. echo -e "\e[1;31m------------------------------------------------------------------------------------------------------------------\e[00m"
  169. echo -e "\e[01;31m[?]\e[00m Please enter the BSSID from above for the access point of interest (not SSID) i.e '00:AE:x:x:x:x:x'"
  170. echo -e "\e[1;31m------------------------------------------------------------------------------------------------------------------\e[00m"
  171. echo ""
  172. read BSSIDTMP
  173. BSSID=$(echo "$BSSIDTMP"| sed -e 's/^[ \t]*//' |sed 's/[ \t]*$//')
  174. echo -e "\e[1;31m---------------------------------------------------------------------------------------\e[00m"
  175. echo -e "\e[01;31m[?]\e[00m Please enter the channel number of of the access point of interest i.e 6"
  176. echo -e "\e[1;31m---------------------------------------------------------------------------------------\e[00m"
  177. echo ""
  178. read CHAN
  179. echo ""
  180. echo -e "\e[01;32m[-]\e[00m I will now run a background process to assoicate with this access point..."
  181. echo ""
  182. screen -d -m -S eappeap_dump airodump-ng -i $MONINT -c $CHAN --bssid $BSSID
  183. echo ""
  184. echo -e "\e[01;32m[-]\e[00m Now sniffing traffic looking for EAP packets.."
  185. echo ""
  186. echo -e "\e[01;33m[-]\e[00m Note this can take some time as it depends on finding EAP traffic and users authenticating."
  187. echo ""
  188. echo -e "\e[01;32m[-]\e[00m Leave script running and users will appear if they authenticate, CTRL C to cancel"
  189. echo ""
  190. echo -e "\e[01;32m-------------------------------------------------------------------------------------\e[00m"
  191. echo -e "\e[01;32m[+]\e[00m Capturing Traffic, press CTRL C once you have seen sufficent usernames"
  192. echo -e "\e[01;32m-------------------------------------------------------------------------------------\e[00m"
  193. tshark -i "$MONINT" -R eap -V 2>&1 |grep "Identity: *[a-z]\|*[A-Z]\|*[0-9]"
  194. echo ""
  195. echo -e "\e[01;33m[-]\e[00m All airodump-ng processes are being stopped.."
  196. echo ""
  197. killall airodump-ng >/dev/null 2>&1
  198. exit 0
  199. # Script end
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement