-
Notifications
You must be signed in to change notification settings - Fork 1
/
minidump.py
executable file
·160 lines (133 loc) · 7.18 KB
/
minidump.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
#!/usr/bin/python
import sys
if len(sys.argv) < 3:
print 'Usage : ./minidump.py interface NumOfPackets'
sys.exit()
import os,oui
from scapy.all import *
conf.iface = sys.argv[1]
np = int(sys.argv[2])
# initial value to start packet counting
ini = 0
bssids = []
clients = []
# bssids set
bs = set()
# clients set
cs = set()
# probe requests set
ps = set()
# data packect set
ds = set()
# global channel number
ch = 0
# this function is used to hop channels
# you can use your own code to hop channels but the performance is bit low
# this dummy function you can write your logic here
def hopper():
global ch
if ch == 12:
ch = 0
ch = ch + 1
#print 'hopping to ' + str(ch)
#os.system('iwconfig ' + conf.iface + ' channel ' + str(ch) )
# function returning authentication type only for beacon frames
def auth(pkt):
f = 0
while pkt.payload and f == 0:
if pkt.name == '802.11 Information Element':
# WPA2 checking
if pkt.ID == 48:
f = 1
val = 'WPA2' + '$'
if pkt.info[2:6] == '\x00\x0f\xac\x04':
val = val + 'CCMP' + '$'
elif pkt.info[2:6] == '\x00\x0f\xac\x02':
val = val + 'TKIP' + '$'
if pkt.info[14:18] == '\x00\x0f\xac\x02':
val = val + 'PSK'
elif pkt.info[14:18] == '\x00\x0f\xac\x01':
val = val + 'MGT'
# WPA and WEP checking
elif pkt.ID == 221 and pkt.info[0:4] == '\x00P\xf2\x01':
f = 1
# WEP checking
if pkt.info[12:16] == '\x00P\xf2\x04':
val = 'WPA' + '$' + 'CCMP' + '$'
if pkt.info[18:22] == '\x00P\xf2\x02':
val = val + 'PSK'
elif pkt.info[18:22] == '\x00P\xf2\x01':
val = val + 'MGT'
elif pkt.info[12:16] == '\x00P\xf2\x02':
val = 'WPA' + '$' + 'TKIP' + '$'
if pkt.info[18:22] == '\x00P\xf2\x02':
val = val + 'PSK'
elif pkt.info[18:22] == '\x00P\xf2\x01':
val = val + 'MGT'
# WEP checking
if pkt.info[12:16] == '\x00P\xf2\x02':
val = 'WEP' + '$'
if pkt.info[18:22] == '\x00P\xf2\x02':
val = val + 'PSK' + '$ '
else:
val = val + 'OPN' + '$ '
pkt = pkt.payload
if f == 0:
val = 'OPN$ $ '
return val
def final():
print chr(27) + "[2J"
global bssids
global clients
print "miniDump "
print "==============================================================================================================="
print '{0:30} {1:15} {2:2} {3:4} {4:4} {5:3}'.format('BSSID','ESSID','CH','ENC','CIPHER','AUTH')
for i in bssids:
print '{0:30} {1:15} {2:2} {3:4} {4:4} {5:3}'.format(*i.split('$'))
print "==============================================================================================================="
print '{0:30} {1:30} {2:30} {3:2}'.format('CLIENT','BSSID','PROBE/DATA','CH')
for i in clients:
print '{0:30} {1:30} {2:30} {3:2}'.format(*i.split('$'))
# callback function to handle all packets
def cb(pkt):
# checking for 802.11 packets only
if pkt.haslayer(Dot11):
# checking for all access points by looking at beacon frames
if pkt.payload.payload.name == '802.11 Beacon':
if (pkt.addr2 + pkt.payload.payload.payload.info + str(((ord(pkt.notdecoded[18])) - 108)/5 + 1) not in bs):
bs.add(pkt.addr2 + pkt.payload.payload.payload.info + str(((ord(pkt.notdecoded[18])) - 108)/5 + 1))
bssids.append(pkt.addr2 + ' ' + oui.oui(pkt.addr2).split(' ')[0] + '$' + pkt.payload.payload.payload.info + '$' + str(((ord(pkt.notdecoded[18])) - 108)/5 + 1) + '$' + auth(pkt))
#print pkt.payload.payload.payload.info,auth(pkt)
# looking for clients by association requests or probe requests or reassociation requests or if to ds is 1 (client to ap) and looking at transmitter address
elif pkt.payload.payload.name == '802.11 Association Request' or pkt.payload.payload.name == '802.11 Probe Request' or pkt.payload.FCfield == 1L or pkt.payload.payload.name == '802.11 Reassociation Request':
# checking for probe requests and printing probed ssid
if pkt.__contains__('Dot11ProbeReq') and (pkt.addr2 + pkt.addr1 + pkt[Dot11ProbeReq].payload.info + str(((ord(pkt.notdecoded[18])) - 108)/5 + 1) not in ps):
ps.add(pkt.addr2 + pkt.addr1 + pkt[Dot11ProbeReq].payload.info + str(((ord(pkt.notdecoded[18])) - 108)/5 + 1))
clients.append(pkt.addr2 + ' ' + oui.oui(pkt.addr2).split(' ')[0] +'$' + pkt.addr1 +' ' + oui.oui(pkt.addr1).split(' ')[0] + '$' + pkt[Dot11ProbeReq].payload.info + '$' + str(((ord(pkt.notdecoded[18])) - 108)/5 + 1) )
# printing if packet is data packet or not
if pkt.payload.type == 2L and (pkt.addr2 + pkt.addr1 + 'data' +str(((ord(pkt.notdecoded[18])) - 108)/5 + 1) not in ds):
ds.add(pkt.addr2 + pkt.addr1 + 'data' + str(((ord(pkt.notdecoded[18])) - 108)/5 + 1))
clients.append(pkt.addr2 + ' ' + oui.oui(pkt.addr2).split(' ')[0] + '$' + pkt.addr1 + ' ' + oui.oui(pkt.addr1).split(' ')[0] + '$' + 'data' + '$' + str(((ord(pkt.notdecoded[18])) - 108)/5 + 1))
# showing if device is associating or resassociating
if ( pkt.payload.payload.name == '802.11 Association Request' or pkt.payload.payload.name == '802.11 Reassociation Request' ) and (pkt.addr2 + pkt.addr1 + pkt.payload.payload.name + str(((ord(pkt.notdecoded[18])) - 108)/5 + 1) not in cs):
cs.add(pkt.addr2 + pkt.addr1 + pkt.payload.payload.name + str(((ord(pkt.notdecoded[18])) - 108)/5 + 1))
clients.append(pkt.addr2 + ' ' + oui.oui(pkt.addr2).split(' ')[0] + '$' + pkt.addr1 + ' ' + oui.oui(pkt.addr1).split(' ')[0] + '$' + pkt.payload.payload.name + '$' + str(((ord(pkt.notdecoded[18])) - 108)/5 + 1))
# looking for clients by association response or probe response or re-association response and if from ds = 1 (ap to client ) by looking at reciever address
elif pkt.payload.FCfield == 2L :
# printing if packet is data packet or not
if pkt.payload.type == 2L and (pkt.addr1 + pkt.addr2 + 'data' +str(((ord(pkt.notdecoded[18])) - 108)/5 + 1) not in ds):
ds.add(pkt.addr1 + pkt.addr2 + 'data' + str(((ord(pkt.notdecoded[18])) - 108)/5 + 1))
clients.append(pkt.addr1 + ' ' + oui.oui(pkt.addr1).split(' ')[0] + '$' + pkt.addr2 + ' ' + oui.oui(pkt.addr2).split(' ')[0] + '$' + 'data' + '$' + str(((ord(pkt.notdecoded[18])) - 108)/5 + 1))
global ini
ini = ini + 1
# hopping the channels after capturing 20 packets
#if ini%20 == 0:
# hopper()
# printing the screen after capturing 50 packets
if ini%50 == 0:
final()
try:
print chr(27) + "[2J"
sniff(count=np,prn=cb)
except KeyboardInterrupt:
sys.exit()