SEGURIDAD WIRLESS - WRIS (Wirless Rogue Identification System)

editado mayo 2013 en Seguridad Wireless
Les quiero compartir una herrramienta que he desarrollado para la identificación de ataques Rogue AP, si alguien tiene dudas o alguna sugerencia o corrección agradeceria que me lo comunicaran.

La herramienta esta desarrollada en python, por favor leer el readme file.

[hide]
https://mega.co.nz/#!1ZUGXIAQ!DKFvgWzgCRPIf0rEgY8s7WtRR11cdfbWzZJNP4M0yis
[/hide]



Espero comentarios.

Saludos,

Comentarios

  • editado 2:34
    Aqui el codigo de la herramienta, seria bueno que pusieras un poco mas de info sobre ella para anunciarla en las redes de la comunidad.

    [HIDE]
    # Wirelss ROUGE Identification System
    	#Developed by @hcjuan04 - twitter
    	# Credits Airoscapy for channel hooper and and most of the packet analisys method
    	# Also credits to @RaiderSec
    	
    	import sys, os, signal
    	from multiprocessing import Process
    	import codecs
    	import commands
    	import time
    	import datetime
    	
    	from scapy.all import *
    	
    	interface='' # monitor interface
    	aps = {} # dictionary to store unique APs
    	ssidarg = '' # SSID to adudit
    	ifile2 = open('autho.txt', 'r') # Authorized APs
    	autho=ifile2.readlines() # Authorized APs
    	unautho = {} # unauthorized AP
    	p= None
    	
    	# process unique sniffed Beacons and ProbeResponses.
    	def sniffAP(p):
    	    if ( (p.haslayer(Dot11Beacon) or p.haslayer(Dot11ProbeResp)) and not aps.has_key(p[Dot11].addr3)):
    	        ssid       = p[Dot11Elt].info
    	        bssid      = p[Dot11].addr3
    	        channel    = int( ord(p[Dot11Elt:3].info))
    	        capability = p.sprintf("{Dot11Beacon:%Dot11Beacon.cap%}
    	                {Dot11ProbeResp:%Dot11ProbeResp.cap%}")
    	        # Check for encrypted networks
    	        if re.search("privacy", capability): enc = 'Y'
    	        else: enc  = 'N'
    	        # Save discovered AP
    	        aps[p[Dot11].addr3] = enc
    	        # Compare authorized AP
    	        if ssid.strip() == ssidarg :
    	        x=0
    	        # Serch for unauthorized AP
    	        print "CH ENC BSSID             SSID"
    	        print "%02d  %s  %s %s" % (int(channel), enc, bssid, ssid)
    	        while x < len(autho) :
    	            strautho=autho[x]
    	            if strautho[0:17] == bssid.strip() :
    	                print "BSSID: ", bssid, " Authorized"
    	                x = len(autho)
    	            elif x == len(autho)-1 :
    	                print "WARNING - Unauthorized BSSID: ", bssid
    	                # Saving unauthorized
    	                unautho[bssid]=channel
    	
    	                # Wrinting in the Log fiel
    	                try:
    	                    flog= open("LOG.txt", "a")
    	                    try:
    	                        a=str(datetime.datetime.today())
    	                        #print a
    	                        flog.write(a + " WARNING - Unauthorized BSSID: "+ bssid +'n')
    	                    finally:
    	                        flog.close()
    	                        time.sleep(1)
    	                except IOError:
    	                    print "Error appending log file, verify if LOG.txt is present"
    	                    pass
    	            x = x + 1
    	
    	# Channel hopper
    	def channel_hopper():
    	    while True:
    	        try:
    	            channel = random.randrange(1,15)
    	            os.system("iw dev %s set channel %d" % (interface, channel))
    	            time.sleep(1)
    	        except OSError :
    	            break
    	
    	# Capture interrupt signal and cleanup before exiting
    	def signal_handler(signal, frame):
    	    global p
    	    p.terminate()
    	    p.join()
    	
    	    print "n==========  STATISTICS =========="
    	    print "Total APs found: %d" % len(aps)
    	    print "Encrypted APs  : %d" % len([ap for ap in aps if aps[ap] =='Y'])
    	    print "Unencrypted APs: %d" % len([ap for ap in aps if aps[ap] =='N'])
    	    #print unautho
    	    print "n======================================"
    	
    	# Deauthentication method for Unauthorized APs
    	def deauth(bssid, client, count):
    	    pckt = Dot11(subtype=12, addr1=client, addr2=bssid, addr3=bssid) / Dot11Deauth(reason=7)
    	    cli_to_ap_pckt = None
    	    if client != 'FF:FF:FF:FF:FF:FF' :
    	        cli_to_ap_pckt = Dot11(subtype=12, addr1=bssid, addr2=client, addr3=bssid) / Dot11Deauth(reason=7)
    	    print 'Sending Deauth to ' + client + ' from ' + bssid
    	    if not count:
    	        print 'Press CTRL+C to quit'
    	    while count != 0:
    	        try:
    	            for i in range(64):
    	                # Send out deauth from the AP
    	                send(pckt)
    	                if client != 'FF:FF:FF:FF:FF:FF':
    	                    send(cli_to_ap_pckt)
    	            count -= 1
    	        except KeyboardInterrupt:
    	            break
    	def main() :
    	    # Reset global variables
    	    try :
    	        while True :
    	            global aps
    	            global unautho
    	            aps = {}
    	            unautho = {}
    	
    	            # Start the channel hopper
    	            global p
    	            p = Process(target = channel_hopper)
    	            p.start()
    	            # Capture timer
    	            signal.signal(signal.SIGALRM, signal_handler)
    	            signal.alarm(17)
    	            # Start the sniffer
    	            global interface
    	            sniff(iface=interface,prn=sniffAP,timeout=15)
    	            #print "Sniff finished"
    	            time.sleep(3) #Wait for Alarm
    	            ######### TRIGER #########
    	            global unautho
    	            global interface
    	            if unautho != {} :
    	                for key in unautho :
    	                    chan=unautho[key]
    	                    conf.iface=interface
    	                    os.system("iw dev %s set channel %d" % (interface, chan))
    	                    print "set card command: iw dev %s set channel %d" % (interface, chan)
    	                    deauth(key, 'FF:FF:FF:FF:FF:FF', 50)
    	                    print "deauthorization attack sent"
    	    except KeyboardInterrupt:
    	            print "WRIS terminated"
    	
    	
    	
    	if __name__ == "__main__":
    	    if len(sys.argv) != 3:
    	        print "Usage %s monitor_interface SSID_to_audit" % sys.argv[0]
    	        sys.exit(1)
    	    interface = sys.argv[1]
    	    ssidarg = sys.argv[2]
    	    print ssidarg
    	    # Print the program header
    	    print ""
    	    print "======= Wirelss ROUGE Identification System - WRIS ======="
    	    #==================DEBUG
    	    #import pdb
    	    #pdb.set_trace()
    	    main()
    
    [/HIDE]
  • me pide contraseña mi amigo =S
  • editado 2:34
    assasdassasdassasdassasdassasdassasdassasdassasdassasdassasdassasdassasdassasdassasd assasdassasdassasdassasd vassasdassasd
  • editado 2:34
    Que pena la demora, aqui el readme file...
    En resumen es una aplicacion que monitorea un ambiente en busca de APs no autorizados (bssid) y deautentica los clientes que se encuentran conenctados a este.
    Para tener en cuenta: crear un archivo autho.txt donde se encuentren los bssid de los APs autorizados y un archivo LOG.txt que registra las detecciones.
    codigo: [Python] WRIS - Wirelss ROUGE Identification System - Pastebin.com

    WRIS is a tool built in python who use the power of SCAPY to sniff, detect and
    deauthenticate ROUGE APs

    This Tool just has been proved in UBUNTU and GNM whit scapy 2.0.1 and 2.2.0.

    How to use it

    1. Ensure you have a wifi monitor mode interface running
    2. Fill the autho.txt file wiht the bssid of the authorized APs eg:
    aa:aa:aa:aa:aa:aa
    bb:bb:bb:bb:bb:bb
    3. Standing on the folder where the aplication is, run the command -> python WRIS-1.0.py interface SSID_to_audit
    4. to terminated it just press CRTL+C

    thats it!

    Note: in the autho.txt file don't type capital leters.
Accede o Regístrate para comentar.