• Stars
    star
    944
  • Rank 48,415 (Top 1.0 %)
  • Language
    Python
  • License
    GNU General Publi...
  • Created over 6 years ago
  • Updated almost 4 years ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

A Wireless (WPA/WPA2) Pentest/Cracking tool. Captures & Crack 4-way handshake and PMKID key. Also, supports a deauthentication/jammer mode for stress testing

WiFiBroot

A Wireless Pentest/Cracking Tool for 4-way Handshake & PMKID

DESCRIPTION

WiFiBroot is built to provide clients all-in-one facility for cracking WiFi (WPA/WPA2) networks. It heavily depends on scapy, a well-featured packet manipulation library in Python. Almost every process within is dependent somehow on scapy layers and other functions except for operating the wireless interface on a different channel. That will be done via native linux command iwconfig for which you maybe need sudo privileges. It currently provides four independent working modes to deal with the target networks. Two of them are online cracking methods while the other runs in offline mode. The offline mode is provided to crack saved hashes from the first two modes. One is for deauthentication attack on wireless network and can also be used as a jamming handler. It can be run on a variety of linux platforms and atleast requires WN727N from tp-link to properly operate.

Installation:

It only works with Python 2

WiFiBroot heavily depends on scapy. So, you would need scapy installed. Almost, every other library would likely be installed on your system. Make sure the version you install for scapy should be <=2.4.0. Newer versions are likely to throw some unknown errors.

$ sudo pip install scapy==2.4.0

The script is supposed to be run under sudo but it will still work even if not run under the root mode. The basic necessary arguments are:

$ sudo python wifibroot.py -i [interface] -d /path/to/dictionary -m [mode]

Documentation :

WiFiBroot uses modes to identify which attack you want to perform on your target. Currently, there are three available modes. The usage of each mode can be seen by supplying the --help/-h option right after the -m/--mode option. Here's a list of available modes and what they do:

Modes:

Syntax:
    $ python wifibroot.py [--mode [modes]] [--options]
    $ python wifibroot.py --mode 2 -i wlan1mon --verbose -d /path/to/list -w pmkid.txt

Modes:
    #     Description                                 Value
    01    Capture 4-way handshake and crack MIC code    1
    02    Captures and Crack PMKID (PMKID Attack)       2
    03    Perform Manual cracking on available
          capture types. See --list-types               3
    04    Deauthentication. Disconnect two stations
          and jam the traffic.                          4

Use -h, --help after -m, --mode to get help on modes. 

Each mode has a specific purpose and has it's own options:

HANDSHAKE:

Mode: 
   01      Capture 4-way handshake and crack MIC code    1

Options:
   Args               Description                      Required
   -h, --help         Show this help manual              NO
   -i, --interface    Monitor Interface to use           YES
   -v, --verbose      Turn off Verbose mode.             NO
   -t, --timeout      Time Delay between two deauth
                      requests.                          NO
   -d, --dictionary   Dictionary for Cracking            YES
   -w, --write        Write Captured handshake to
                      a seperate file                    NO
       --deauth       Number of Deauthentication
                      frames to send                     NO 

Filters: 
   -e, --essid         ESSID of listening network
   -b, --bssid         BSSID of target network.
   -c, --channel       Channel interface should be listening
                       on. Default: ALL

PMKID ATTACK

Mode: 
   02      Captures and Crack PMKID (PMKID Attack)       1

Options:
   Args               Description                      Required
   -h, --help         Show this help manual              NO
   -i, --interface    Monitor Interface to use           YES
   -v, --verbose      Turn off Verbose mode.             NO
   -d, --dictionary   Dictionary for Cracking            YES
   -w, --write        Write Captured handshake to
                      a seperate file                    NO

Filters: 
   -e, --essid         ESSID of listening network
   -b, --bssid         BSSID of target network.
   -c, --channel       Channel interface should be listening
                       on. Default: ALL

Offline Cracking

Mode: 
   03    Perform Manaul cracking on available capture
         types. See --list-types                         3

Options:
   Args               Description                      Required 
   -h, --help         Show this help manual              NO
       --list-types   List available cracking types      NO
       --type         Type of capture to crack           YES
   -v, --verbose      Turn off Verbose mode.             NO
   -d, --dictionary   Dictionary for Cracking            YES
   -e, --essid        ESSID of target network. 
                      Only for HANDSHAKE Type            YES
   -r, --read         Captured file to crack             YES

DEAUTHENTICATION ATTACK (Stress Testing)

Mode:
    04   Deauthentication. Disconnect two stations
         and jam the traffic.                            4

Options:
    Args              Description                      Required
    -h, --help        Show this help manual              NO
    -i, --interface   Monitor Mode Interface to use      YES
    -0, --count       Number of Deauthentication
                      frames to send. '0' specifies
                      unlimited frames                   YES
        --ap          Access Point MAC Address           NO
        --client      STA (Station) MAC Address          NO

Examples

To Capture 4-way handshake and crack MIC code:

$ python wifibroot.py --mode 1 -i wlan1mon --verbose -d dicts/list.txt -w output.cap 

To Capture and Crack PMKID:

$ python wifibroot.py --mode 2 -i wlan1mon --verbose -d dicts/list.txt -w output.txt

Offline Crack Handshake and PMKID:

$ python wifibroot.py --mode 3 --type handshake --essid "TARGET ESSID" --verbose -d dicts/list.txt --read output.cap
$ python wifibroot.py --mode 3 --type pmkid --verbose -d dicts/list.txt --read output.txt

Deauthentication attack in various form:

# Ultimate Deauthentication attack: 
$ python wifibroot.py --mode 4 -i wlan1mon -00 --verbose
# Disconnect All Clients from Acess Point:
$ python wifibroot.py --mode 4 -i wlan1mon --ap [AP MAC] --verbose
# Disconnect a Specific Client: 
$ python wifibroot.py --mode 4 -i wlan1mon --ap [AP MAC] --client [STA MAC] --verbose

Support

Website: https://www.shelvoide.com
Twitter: @hash3liZer
Email: [email protected]

More Repositories

1

SillyRAT

A Python based RAT πŸ€ (Remote Access Trojan) for getting reverse shell πŸ–₯️
Python
687
star
2

Subrake

πŸš€ A DNS automated scanner and tool πŸ–±οΈ (Zone Transfer, DNS Zone Takeover, Subdomain Takeover).
CSS
283
star
3

wifijammer

Wireless Jammer to Disconnect Nearby Access-Points and Stations.
Python
196
star
4

phishlets

Phishlets for Evilginx2 (MITM proxy Framework)
142
star
5

evilginx2

Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies, allowing for the bypass of 2-factor authentication
Go
96
star
6

airpydump

Analyze Wireless Packets on the fly. Currently supporting three working Modes (Reader, Live, Stealth)
Python
51
star
7

Proxverter

Cross platform system wide proxy server & TLS Interception library for Python
Python
23
star
8

CVE-2019-9978

CVE-2019-9978 - (PoC) RCE in Social WarFare Plugin (<=3.5.2)
Python
20
star
9

Blunder

A Simple Keylogger with the ability of FTP Transfer and Local Storage
C++
19
star
10

BruteList

Combined Worldlist from various projects Including Seclists, fuzzdb and other Database Management Tools
PHP
16
star
11

locohunt

Search for Secrets and Other Confidential Information Through Directories and Files Based on Regex and Search Strings.
Python
10
star
12

Syntax-Checker

A Simple Syntax Checker to check for basic errors in a file. Written in C++
C++
6
star
13

hash3liZer

Hey, Its ME
6
star
14

profileo

🫠 A portfolio that i literally worked on for you πŸ‘‰πŸ»πŸ‘ˆπŸ» CI/CD Integrated.
JavaScript
4
star
15

SubTap

Subdomain Takeover
Python
2
star
16

kysyandbox

Sandbox for KYPO Cyber Range (Testing)
1
star
17

tag

TAG is django powered something platform.
Python
1
star
18

netsand

A Simple network topology designed for KYPO Cyber Range (Scenario)
PHP
1
star
19

khatta

πŸ“” A Khatta (urdu for ledger). Based on Urara 🌸 (A sweet Svelte based theme)
Svelte
1
star