• Stars
    star
    2,528
  • Rank 18,142 (Top 0.4 %)
  • Language
    Python
  • License
    MIT License
  • Created almost 8 years ago
  • Updated almost 4 years ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Like nmap for mapping wifi networks you're not connected to, plus device tracking

trackerjacker

Like nmap for mapping wifi networks you're not connected to. Maps and tracks wifi networks and devices through raw 802.11 monitoring.

PyPI page: https://pypi.python.org/pypi/trackerjacker

Install

pip3 install trackerjacker

Supported platforms: Linux (tested on Ubuntu, Kali, and RPi) and macOS (pre-alpha)

visual description

trackerjacker can help with the following:

  • I want to know all the nearby wifi networks and know all the devices connected to each network.
  • I want to know who's hogging all the bandwidth.
  • I want to run a command when this MAC address sends more than 100000 bytes in a 30 second window (maybe to determine when an IP camera is uploading a video, which is indicative that it just saw motion).
  • I want to deauth anyone who uses more than 100000 bytes in a 10 second window.
  • I want to deauth every Dropcam in the area so my Airbnb hosts don't spy on me.
  • I want to be alerted when any MAC address is seen at a power level greater than -40dBm that I've never seen before.
  • I want to see when this particular person is nearby (based on the MAC of their mobile phone) and run a command to alert me.
  • I want to write my own plugin to run some script to do something fun every time a new Apple device shows up nearby.

Usage

Find detailed usage like this:

trackerjacker -h

There are 2 major usage modes for trackerjacker: map mode and track mode:

Map mode example

Map command:

trackerjacker -i wlan1337 --map

By default, this outputs the wifi_map.yaml YAML file, which is a map of all the nearby WiFi networks and all of their users. Here's an example wifi_map.yaml file:

TEST_SSID:
  00:10:18:6b:7a:ea:
    bssid: 00:10:18:6b:7a:ea
    bytes: 5430
    channels:
    - 11
    devices:
      3c:07:71:15:f1:48:
        bytes: 798
        signal: 1
        vendor: Sony Corporation
      78:31:c1:7f:25:43:
        bytes: 4632
        signal: -52
        vendor: Apple, Inc.
    signal: -86
    ssid: TEST_SSID
    vendor: Broadcom

BRANSONS_WIFI:
  90:48:9a:e3:58:25:
    bssid: 90:48:9a:e3:58:25
    bytes: 5073
    channels:
    - 1
    devices:
      01:00:5e:96:e1:89:
        bytes: 476
        signal: -62
        vendor: ''
      30:8c:fb:66:23:91:
        bytes: 278
        signal: -46
        vendor: Dropcam
      34:23:ba:1c:ba:e7:
        bytes: 548
        signal: 4
        vendor: SAMSUNG ELECTRO-MECHANICS(THAILAND)
    signal: -80
    ssid: BRANSONS_WIFI
    vendor: Hon Hai Precision Ind. Co.,Ltd.

hacker_network:
  80:2a:a8:e5:de:92:
    bssid: 80:2a:a8:e5:de:92
    bytes: 5895
    channels:
    - 11
    devices:
      80:1f:02:e6:44:96:
        bytes: 960
        signal: -46
        vendor: Edimax Technology Co. Ltd.
      80:2a:a8:8a:ec:c8:
        bytes: 472
        signal: 4
        vendor: Ubiquiti Networks Inc.
      80:2a:a8:be:09:a9:
        bytes: 5199
        signal: 4
        vendor: Ubiquiti Networks Inc.
      d8:49:2f:7a:f0:8f:
        bytes: 548
        signal: 4
        vendor: CANON INC.
    signal: -46
    ssid: hacker
    vendor: Ubiquiti Networks Inc.
  80:2a:a8:61:aa:2f:
    bssid: 80:2a:a8:61:aa:2f
    bytes: 5629
    channels:
    - 44
    - 48
    devices:
      78:88:6d:4e:e2:c9:
        bytes: 948
        signal: -52
        vendor: ''
      e4:8b:7f:d4:cb:25:
        bytes: 986
        signal: -48
        vendor: Apple, Inc.
    signal: -48
    ssid: null
    vendor: Ubiquiti Networks Inc.
  82:2a:a8:51:32:25:
    bssid: 82:2a:a8:51:32:25
    bytes: 3902
    channels:
    - 48
    devices:
      b8:e8:56:f5:a0:70:
        bytes: 1188
        signal: -34
        vendor: Apple, Inc.
    signal: -14
    ssid: hacker
    vendor: ''
  82:2a:a8:fc:33:b6:
    bssid: 82:2a:a8:fc:33:b6
    bytes: 7805
    channels:
    - 10
    - 11
    - 12
    devices:
      78:31:c1:7f:25:43:
        bytes: 4632
        signal: -52
        vendor: Apple, Inc.
      7c:dd:90:fe:b4:87:
        bytes: 423223
        signal: 4
        vendor: Shenzhen Ogemray Technology Co., Ltd.
      80:2a:a8:be:09:a9:
        bytes: 5199
        signal: 4
        vendor: Ubiquiti Networks Inc.
    signal: -62
    ssid: null
    vendor: ''

Note that, since this is YAML, you can easily use it as an input for other scripts of your own devising. I have an example script to parse this "YAML DB" here: parse_trackerjacker_wifi_map.py.

Example: Track mode with trigger command

Track mode allows you to specify some number of MAC addresses to watch, and if any specific devices exceeds the threshold (in bytes), specified here with the -t 4000 (specifying an alert threshold of 4000 bytes) an alert will be triggered.

trackerjacker --track -m 3c:2e:ff:31:32:59 --t 4000 --trigger-command "./alert.sh" --channels-to-monitor 10,11,12,44
Using monitor mode interface: wlan1337
Monitoring channels: {10, 11, 12, 44}

[@] Device (3c:2e:ff:31:32:59) threshold hit: 4734

[@] Device (3c:2e:ff:31:32:59) threshold hit: 7717

[@] Device (3c:2e:ff:31:32:59) threshold hit: 7124

[@] Device (3c:2e:ff:31:32:59) threshold hit: 8258

[@] Device (3c:2e:ff:31:32:59) threshold hit: 8922

In this particular example, I was watching a security camera to determine when it was uploading a video (indicating motion was detected) so that I could turn on my security system sirens (which was the original genesis of this project).

Example: Track mode with foxhunt plugin

trackerjacker -i wlan1337 --track --trigger-plugin foxhunt

Displays a curses screen like this:

  POWER        DEVICE ID                VENDOR
=======        =================        ================================
 -82dBm        1c:1b:68:35:c6:5d        ARRIS Group, Inc.
 -84dBm        fc:3f:db:ed:e9:8e        Hewlett Packard
 -84dBm        dc:0b:34:7a:11:63        LG Electronics (Mobile Communications)
 -84dBm        94:62:69:af:c3:64        ARRIS Group, Inc.
 -84dBm        90:48:9a:34:15:65        Hon Hai Precision Ind. Co.,Ltd.
 -84dBm        64:00:6a:07:48:13        Dell Inc.
 -84dBm        00:30:44:38:76:c8        CradlePoint, Inc
 -86dBm        44:1c:a8:fc:c0:53        Hon Hai Precision Ind. Co.,Ltd.
 -86dBm        18:16:c9:c0:3b:75        Samsung Electronics Co.,Ltd
 -86dBm        01:80:c2:62:9e:36
 -86dBm        01:00:5e:11:90:47
 -86dBm        00:24:a1:97:68:83        ARRIS Group, Inc.
 -88dBm        f8:2c:18:f8:f3:aa        2Wire Inc
 -88dBm        84:a1:d1:a6:34:08
  • Note that foxhunt is a builtin plugin, but you can define your own plugins using the same Plugin API.

Example: Track mode with trigger plugin

$ trackerjacker --track -m 3c:2e:ff:31:32:59 --threshold 10 --trigger-plugin examples/plugin_example1.py --channels-to-monitor 10,11,12,44 --trigger-cooldown 1
Using monitor mode interface: wlan1337
Monitoring channels: {10, 11, 12, 44}
[@] Device (device 3c:2e:ff:31:32:59) threshold hit: 34 bytes
3c:2e:ff:31:32:59 seen at: [1521926768.756529]
[@] Device (device 3c:2e:ff:31:32:59) threshold hit: 11880 bytes
3c:2e:ff:31:32:59 seen at: [1521926768.756529, 1521926769.758929]
[@] Device (device 3c:2e:ff:31:32:59) threshold hit: 18564 bytes
3c:2e:ff:31:32:59 seen at: [1521926768.756529, 1521926769.758929, 1521926770.7622838]

This runs examples/plugin_example1.py every time 3c:2e:ff:31:32:59 is seen sending/receiving 10 bytes or more.

trackerjacker plugins are simply python files that contain either:

  • Trigger class which defines a __call__(**kwargs) method (example: examples/plugin_example1.py)
  • trigger(**kwargs) function (example: examples/plugin_example2.py)

And optionally a __apiversion__ = 1 line (for future backward compatibility)

Example: Configuring with config file

trackerjacker.py -c my_config.json

And here's the example config file called my_config.json:

{
    "iface": "wlan1337",
    "devices_to_watch": {"5f:cb:53:1c:8a:2c": 1000, "32:44:1b:d7:a1:5b": 2000},
    "aps_to_watch": {"c6:23:ef:33:cc:a2": 500},
    "threshold_window": 10,
    "channels_to_monitor": [1, 6, 11, 52],
    "channel_switch_scheme": "round_robin"
}

A few notes about this:

  • threshold_bytes is the default threshold of bytes which, if seen, a causes the alert function to be called
  • threshold_window is the time window in which the threshold_bytes is analyzed.
  • devices_to_watch is a list which can contain either strings (representing MACs) or dicts (which allow the specification of a name and threshold)
    • name is simply what a label you want to be printed when this device is seen.
    • threshold in the "Security camera" is how many bytes must be seen
  • channels_to_monitor - list of 802.11 wifi channels to monitor. The list of channels your wifi card supports is printed when trackerjacker starts up. By default, all supported channels are monitored.
  • channel_switch_scheme - either default, round_robin, or traffic_based. traffic_based determines the channels of most traffic, and probabilistically monitors them more.

Example: Enable/Disable monitor mode on interface

Trackerjacker comes with a few other utility functions relevant to WiFi hacking. One of these is the ability to turn on monitor mode on a specific interface.

Enable monitor mode:

trackerjacker --monitor-mode-on -i wlan0

Disable monitor mode:

trackerjacker --monitor-mode-off -i wlan0mon

Note that trackerjacker will automatically enable/disable monitor mode if necessary. This functionality is just useful if you want to enable monitor mode on an interface for use with other applications (or for quicker starup of trackerjacker, if you plan to be starting/exiting to test stuff).

Example: Set adapter channel

trackerjacker --set-channel 11 -i wlan0

Note that trackerjacker will automatically switch channels as necessary during normal map/track actions. This option is just useful if you want to set the channel on an interface for use with other applications.

Recommended hardware

  • Panda PAU07 N600 Dual Band (nice, small, 2.4GHz and 5GHz)
  • Panda PAU09 N600 Dual Band (higher power, 2.4GHz and 5GHz)
  • Alfa AWUS052NH Dual-Band 2x 5dBi (high power, 2.4GHz and 5GHz, large, ugly)
  • TP-Link N150 (works well, but not dual band)

Roadmap

  • Hosted in PyPI
  • Radio signal strength for APs
  • Radio signal strength for individual macs
  • Build map by data exchanged (exclude beacons)
  • Packet count by AP
  • Packet count by MAC
  • Easier way to input per-device tracking thresholds
  • Plugin system
  • Fox hunt mode
  • Tracking by SSID (and not just BSSID)
  • Basic macOS (OS X) support (pre-alpha)
  • macOS support: get signal strength values correct (will be fixed in secdev/scapy#1381
  • macOS support: reverse airport binary to determine how to set true monitor mode
  • macOS support: diverse interface support (not just en0)
  • macOS support: get interface supported channels
  • Mapping a specific SSID
  • Performance enhancement: not shelling out for channel switching
  • "Jack" mode - deauth attacks

More Repositories

1

FourierTalkOSCON

Presentation Materials for my "Sound Analysis with the Fourier Transform and Python" OSCON Talk.
Jupyter Notebook
259
star
2

math-with-python

Various math-related things in Python code
Jupyter Notebook
156
star
3

algorithms-in-python

Algorithms and Data Structures implemented in Python
Python
94
star
4

asyncio-examples

A few examples of how to use asyncio
Python
90
star
5

radio-hacking-scripts

Scripts to aid in the manipulation of electromagnetic radiation (for use with gnu_radio and SDR).
Jupyter Notebook
70
star
6

network-hacking-scripts

Simple network tools written with Scapy.
Python
20
star
7

socks5-server-py

SOCKS5 server in a single python script.
Python
18
star
8

ipython-notebooks

iPython Notebooks I share with the world
Jupyter Notebook
9
star
9

probability-with-python

Solving various probability example problems with Python
Jupyter Notebook
8
star
10

audio-analysis

Audio Analysis with Python and the Fourier Transform
Python
7
star
11

python-scripts

Small python scripts I have written.
Python
6
star
12

get-local-ip

Python library for getting a computer's local IP
Python
6
star
13

expressjs-messageboard

A simple RESTful API with ExpressJS on NodeJS to provide a very simple message board functionality.
JavaScript
6
star
14

truthygraph

Postmodern graphing
HTML
5
star
15

machine-learning-learning

Jupyter notebook to help learn machine learning.
Jupyter Notebook
5
star
16

static-shared-lib

An example of how to statically compile a shared linux library (.so).
Makefile
5
star
17

machine-learning-algorithms

Machine Learning Algorithms
Python
4
star
18

nyancat

Nyan cat on Docker. We do what we must because we can.
Shell
3
star
19

insurance-plan-analysis

IPython Notebook (Project Jupyter) notebooks I put together to analyze my personal insurance options.
3
star
20

raspberry-pi-scripts

Scripts for the Raspberry Pi, for things like controlling GPIOs and getting wifi working.
Python
2
star
21

ipython-notebook-vagrant-docker

IPython Notebook running in Docker running in Vagrant
Shell
2
star
22

my-udacity-cs373-code

Code to solve homework and quizes from the Udacity CS373 Robotic Car class.
Python
2
star
23

p2p-signed-keyval-lookup

Peer-to-peer signed distributed key/value lookup
Python
2
star
24

mandelbrot-py

Rendering the Mandelbrot set with Python
Python
1
star
25

python-snippets

Little bits of python goodness
Python
1
star
26

vagrant-docker

Docker in Vagrant starter project.
Shell
1
star
27

calebmadrigal-blog

calebmadrigal.com - my Pelican-powered blog.
Jupyter Notebook
1
star
28

code-art-class

A class for learning to do art with math and code (Python).
Python
1
star
29

caleb-vim-config

My vim config
Vim Script
1
star
30

RestKit-DeleteOldDb

A small category on RestKit's RKManagedObjectStore which deletes and re-creates the Core Data database (which is great if you are using Core Data only for caching).
1
star
31

hn-tracker

HackerNews Tracker
Python
1
star
32

haskell-playing

Various experiments with Haskell.
Haskell
1
star
33

email-extractor

Extracts emails from stdin and prints them out as a comma-separated list.
Python
1
star
34

investment-analysis

General analysis of various investment strategies
Jupyter Notebook
1
star
35

boxstarter-scripts

My generic boxstarter script for provisioning Windows 8.1 as a development box (minus Visual Studio installation)
1
star
36

fuel-efficiency-cost-analysis

An IPython Notebook-based analysis to answer the question: how much fuel cost will I save per year with a 30 mpg car compared to a 25 mpg car (and similar mpg differences)?
1
star