├── __init__.py ├── conf ├── __init__.py ├── stats.pyc ├── __init__.pyc ├── notation.pyc ├── stats.py └── notation.py ├── core ├── __init__.py ├── nano.save.1 ├── forensiclib │ ├── __init__.py │ ├── assoclib.py │ ├── deauthlib.py │ ├── apfinder.py │ ├── capinfos.py │ ├── datalib.py │ ├── reconlib.py │ ├── authlib.py │ └── fakemaclib.py └── nano.save ├── interface ├── __init__.py ├── banner.py └── forensic.py ├── modules ├── __init__.py ├── set_file_path.py ├── recon.py ├── deauth.py ├── assoc.py ├── show_high_data.py ├── auth.py ├── fakemac.py └── capinfos.py ├── LICENSE ├── Screenshots └── Interface.png ├── cleanup.py ├── README.md └── wff.py /__init__.py: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /conf/__init__.py: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /core/__init__.py: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /core/nano.save.1: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /interface/__init__.py: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /modules/__init__.py: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /core/forensiclib/__init__.py: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /core/nano.save: -------------------------------------------------------------------------------- 1 | ls 2 | 3 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | This Program is Free to Distribute 2 | -------------------------------------------------------------------------------- /conf/stats.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nipunjaswal/Wireless-forensics-framework/HEAD/conf/stats.pyc -------------------------------------------------------------------------------- /conf/__init__.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nipunjaswal/Wireless-forensics-framework/HEAD/conf/__init__.pyc -------------------------------------------------------------------------------- /conf/notation.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nipunjaswal/Wireless-forensics-framework/HEAD/conf/notation.pyc -------------------------------------------------------------------------------- /Screenshots/Interface.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nipunjaswal/Wireless-forensics-framework/HEAD/Screenshots/Interface.png -------------------------------------------------------------------------------- /cleanup.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | # 3 | # WFF Interface Design 4 | # Created By Nipun Jaswal 5 | # Email : mail@nipunjaswal.info 6 | from conf import notation 7 | import os 8 | import colorama 9 | from colorama import Fore, Back, Style 10 | colorama.init() 11 | #os.system("rm conf/*.pyc") 12 | os.system("rm core/forensiclib/*.pyc") 13 | os.system("rm interface/*.pyc") 14 | os.system("rm modules/*.pyc") 15 | os.system("rm core/*.pyc") 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | -------------------------------------------------------------------------------- /conf/stats.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | # 3 | # WFF Interface Design 4 | # Created By Nipun Jaswal 5 | # Email : mail@nipunjaswal.info 6 | # Statitics Required Variables 7 | import os 8 | from conf import notation 9 | #=========================================== 10 | #Cap Infos 11 | cap="capinfos " 12 | #=========================================== 13 | #Current File Loaded 14 | #Capture File Stats 15 | start_time="-a "+notation.pack_file 16 | end_time="-e "+notation.pack_file 17 | duration="-u "+notation.pack_file 18 | nna="tshark -r "+notation.pack_file+" -R wlan.fc.type_subtype==0x04 -T fields -E separator=, wlan_mgt.ssid -e wlan.da -e | sort | uniq" 19 | 20 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | Name: 2 | Wireless Forensics Framework v0.1 3 | 4 | Author: 5 | Nipun Jaswal 6 | http://www.nipunjaswal.com 7 | 8 | About Project: 9 | This is An Open Source Project for Wireless Forensics and this project will be coded in python. 10 | This project will focus on Automated Wireless Penetration Testing and Carrying out Wireless Forensics. 11 | 12 | Expected Features: 13 | [+]Portable 14 | [+]Fake MAC Detection 15 | [+]Automated Detecion 16 | [+]Added Support for Decryption 17 | [+]Decryted Data Analysis 18 | [+]Automated Attacks 19 | [+]Geo Location 20 | [+]G.U.I 21 | [+]WIDPS 22 | 23 | Features In This Version: 24 | [+]Portable 25 | [+]Fake MAC Detection [Added 18/1/2014] 26 | [+]Automated Detection[In Development ] 27 | 28 | Project Start Date: 2/Jan/2014 29 | Last Updated : 29/1/2014 30 | -------------------------------------------------------------------------------- /core/forensiclib/assoclib.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | # 3 | # WFF Interface Design 4 | # Created By Nipun Jaswal 5 | # Email : mail@nipunjaswal.info 6 | from conf import notation 7 | import os 8 | import colorama 9 | from colorama import Fore, Back, Style 10 | colorama.init() 11 | #Show All Authentication Requests Module 12 | def show_all_association_requests(): 13 | command=notation.libc+ " -r "+notation.pack_file+" -R "+notation.associations_req + notation.sort_source_dest 14 | execute=os.popen(command).read() 15 | if(execute==""): 16 | print "No Associations Found" 17 | else: 18 | line=execute.split("\n") 19 | j=len(line) 20 | j=j-2 21 | print "Source"+"\t\t\t\t====>\t\t"+"Destination" 22 | while(j>=0): 23 | k=line[j] 24 | source,dest=k.split(",") 25 | print Fore.GREEN 26 | print source+"\t\t====>\t\t"+dest 27 | print Style.RESET_ALL 28 | j=j-1 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | -------------------------------------------------------------------------------- /interface/banner.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | # 3 | # WFF Interface Design 4 | # Created By Nipun Jaswal 5 | # Email : mail@nipunjaswal.info 6 | 7 | import colorama 8 | from colorama import Fore, Back, Style 9 | colorama.init() 10 | def style(): 11 | Name= "#Wireless Forensics Framework 0.2v#" 12 | Author= "# Developer: Nipun Jaswal #" 13 | print(Fore.RED+"\\\ //===== ||======= ") 14 | print(Fore.RED+" \\\ // || ") 15 | print(Fore.RED+" \\\ //\\\ //======= ||======= ") 16 | print(Fore.RED+" \\\ // \\\ // || ") 17 | print(Fore.RED+" \\\/ \\// || ") 18 | print (Back.BLACK + Name + Style.RESET_ALL) 19 | print (Back.BLACK + Author + Style.RESET_ALL) 20 | 21 | def help(): 22 | print("Commands\t\t\t\tUsage") 23 | print("========\t\t\t\t=====") 24 | print Fore.GREEN+"(h)"+Style.RESET_ALL+"elp\t\t\t\t\tDisplay This Menu" 25 | print Fore.RED+"(f)"+Style.RESET_ALL+"orensics\t\t\t\tForensics Modules" 26 | print Fore.CYAN+"(au)"+Style.RESET_ALL+"thor\t\t\t\tAuthor Info" 27 | print Fore.BLUE+"(e)"+Style.RESET_ALL+"xit\t\t\t\t\tExit WFF" 28 | print("\n") 29 | 30 | -------------------------------------------------------------------------------- /modules/set_file_path.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | # 3 | # -------------------------------------------------- 4 | # Wireless Forensics Framework 5 | # -------------------------------------------------- 6 | # Copyright (C) <2014> 7 | # 8 | # This program is free software: you can redistribute it and/or modify 9 | # it under the terms of the GNU General Public License 10 | # 11 | # WFF is Wireless Forensics Framework Developed For Penetration Testing and Forensics of Wireless Networks 12 | # 13 | # 14 | # About Author : 15 | # 16 | # Founder :Ap3x Pr3Dat0r (Nipun Jaswal) 17 | # Location : India 18 | # Email : mail@nipunjaswal.info 19 | # Blog : www.nipunjaswal.com, www.nipunjaswal.info 20 | ################################################################################################################ 21 | from conf import notation 22 | def set_path(): 23 | new_path=raw_input("Enter New File Path (Ex- /abc/adc-01.cap):") 24 | notation.pack_file=new_path 25 | def show_path(): 26 | print "Current File:" 27 | print notation.pack_file 28 | 29 | 30 | -------------------------------------------------------------------------------- /wff.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | # 3 | # -------------------------------------------------- 4 | # Wireless Forensics Framework 5 | # -------------------------------------------------- 6 | # Copyright (C) <2014> 7 | # 8 | # This program is free software: you can redistribute it and/or modify 9 | # it under the terms of the GNU General Public License 10 | # 11 | # WFF is Wireless Forensics Framework Developed For Penetration Testing and Forensics of Wireless Networks 12 | # 13 | # 14 | # About Author : 15 | # 16 | # Founder :Ap3x Pr3Dat0r (Nipun Jaswal) 17 | # Location : India 18 | # Email : mail@nipunjaswal.info 19 | # Blog : www.nipunjaswal.com, www.nipunjaswal.info 20 | import os 21 | import sys 22 | from interface import banner 23 | from interface import forensic 24 | banner.style() 25 | def main(): 26 | option=raw_input('Wff>') 27 | if option=="help" or option=="h": 28 | banner.help() 29 | main() 30 | elif option=="forensics" or option=="f": 31 | forensic.forensic_menu() 32 | main() 33 | elif option=="exit" or option=="e": 34 | sys.exit(0) 35 | else: 36 | main() 37 | if __name__ == "__main__": 38 | main() 39 | 40 | -------------------------------------------------------------------------------- /core/forensiclib/deauthlib.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | # 3 | # WFF Interface Design 4 | # Created By Nipun Jaswal 5 | # Email : mail@nipunjaswal.info 6 | from conf import notation 7 | import urllib 8 | import os 9 | import colorama 10 | from core.forensiclib import fakemaclib 11 | from colorama import Fore, Back, Style 12 | colorama.init() 13 | def show_all_Deauth(): 14 | command=notation.libc+ " -r "+notation.pack_file+" -R "+notation.deauth+notation.sort_deauth 15 | execute=os.popen(command).read() 16 | line=execute.split("\n") 17 | j=len(line) 18 | j=j-2 19 | print("No.of Packets\t\tSource\t\t\t\t\tDestination") 20 | print("=============\t\t======\t\t\t\t\t===========") 21 | while(j>=0): 22 | k=line[j] 23 | num,source,dest=k.split(",") 24 | smc=fakemaclib.mac_check(source) 25 | dmc=fakemaclib.mac_check(dest) 26 | if(dmc=="none" and dest!="ff:ff:ff:ff:ff:ff"): 27 | print(num+"\t\t\t"+source+"\t\t"+dest+"(Suspicious)"+Style.RESET_ALL) 28 | elif(dest=="ff:ff:ff:ff:ff:ff"): 29 | print(Style.DIM+num+"\t\t\t"+source+"\t\t\t"+dest+"(Broadcast)"+Style.RESET_ALL) 30 | else: 31 | print(Fore.RED+Style.BRIGHT+num+"\t\t\t"+source+"("+smc+")"+"\t\t"+dest+"("+dmc+")"+Style.RESET_ALL) 32 | j=j-1 33 | 34 | 35 | 36 | 37 | -------------------------------------------------------------------------------- /core/forensiclib/apfinder.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | #Importing System Files for Using OS based Functions 3 | import os 4 | import re 5 | from conf import notation 6 | import time 7 | import warnings 8 | warnings.filterwarnings('ignore') 9 | import colorama 10 | import time 11 | from colorama import Fore, Back, Style 12 | colorama.init() 13 | def findap(): 14 | va=raw_input("Enter The Name of Network(Example- DLinkVWR):") 15 | command=notation.find+va 16 | k=100 17 | while(int(k)>10): 18 | yo=os.popen(command).read() 19 | #Separating the Output 20 | signal,ssid=yo.split(",") 21 | #Removing Additional Spaces 22 | newssid=ssid.strip() 23 | newsignal=signal.strip() 24 | #Finding Digits 25 | digits=re.findall(r'\d+',newsignal) 26 | #Finding the Sum up value 27 | k=digits[0] 28 | #Limits 29 | high=10 30 | med=25 31 | low=50 32 | #Finding the AP 33 | if(int(k)<=int(high)): 34 | print("Router Within 5 Feet") 35 | break 36 | elif(int(k)>int(high) and int(k)<=int(med)): 37 | print("Router Nearby within 10 to 25 feet Change Direction and for 5 Seconds") 38 | time.sleep(5) 39 | elif(int(k)>int(med) and int(k)<=int(low)): 40 | print("Router Nearby within 25 to 50 feet Change Direction and for 5 Seconds") 41 | else: 42 | print("Router Quite Far") 43 | continue 44 | 45 | 46 | 47 | -------------------------------------------------------------------------------- /core/forensiclib/capinfos.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | # 3 | # WFF Interface Design 4 | # Created By Nipun Jaswal 5 | # Email : mail@nipunjaswal.info 6 | # Statistics Module For Finding Start time End Time And Duration 7 | from conf import stats 8 | import os 9 | import colorama 10 | from colorama import Fore, Back, Style 11 | colorama.init() 12 | #Finding the Start Time of The Capture 13 | def capstart(): 14 | command=stats.cap+stats.start_time 15 | execute=os.popen(command).read() 16 | print(Fore.RED+execute+Style.RESET_ALL) 17 | #Finding the End time of the Capture 18 | def capend(): 19 | command=stats.cap+stats.end_time 20 | execute=os.popen(command).read() 21 | print(Fore.GREEN+execute+Style.RESET_ALL) 22 | def capdur(): 23 | command=stats.cap+stats.duration 24 | execute=os.popen(command).read() 25 | print(Fore.BLUE+execute+Style.RESET_ALL) 26 | 27 | def capnna(): 28 | command=stats.nna 29 | execute=os.popen(command).read() 30 | line=execute.split("\n") 31 | j=len(line) 32 | j=j-2 33 | while(j>=0): 34 | k=line[j] 35 | source,mac=k.split(",") 36 | print"MAC"+"\t\t\t\t\t\t"+"NAME" 37 | print"==="+"\t\t\t\t\t\t"+"====" 38 | print Fore.GREEN 39 | print source+"\t\t\t\t"+mac 40 | print Style.RESET_ALL 41 | j=j-1 42 | 43 | 44 | -------------------------------------------------------------------------------- /core/forensiclib/datalib.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | # 3 | # WFF Interface Design 4 | # Created By Nipun Jaswal 5 | # Email : mail@nipunjaswal.info 6 | from conf import notation 7 | import os 8 | import colorama 9 | from colorama import Fore, Back, Style 10 | colorama.init() 11 | from core.forensiclib import fakemaclib 12 | def show_high_data(): 13 | command=notation.libc+ " -r "+notation.pack_file+" -R "+notation.data+notation.sort_data_count 14 | execute=os.popen(command). read() 15 | line=execute.split("\n") 16 | j=len(line) 17 | j=j-2 18 | a=j 19 | max_bit=0 20 | int(max_bit) 21 | print("No.of Packets\tSource\t\t\t\tDestination") 22 | print("=============\t======\t\t\t\t===========") 23 | while(a>=0): 24 | b=line[a] 25 | bits1,source1,dest1=b.split(",") 26 | #Match With the Broadcast Addresses and Multicast Addresses 27 | if(source1=="01:00:5e:00:00:01" or source1=="01:00:5e:00:00:02" or source1=="01:00:5e:00:00:01" or source1=="33:33:00:00:00:fb" or source1=="33:33:00:00:00:02" or source1=="33:33:00:00:00:01" or source1=="01:00:5e:00:00:fb" or source1=="01:00:5e:7f:ff:fa"): 28 | print(Style.DIM+bits1+"\t\t"+dest1+"\t\t"+source1+"(MultiCast)"+Style.RESET_ALL) 29 | elif(source1=="ff:ff:ff:ff:ff:ff"): 30 | print(Style.DIM+bits1+"\t\t"+dest1+"\t\t"+source1+"(Broadcast)"+Style.RESET_ALL) 31 | else: 32 | dest=fakemaclib.mac_check(dest1) 33 | sour=fakemaclib.mac_check(source1) 34 | print Fore.RED+Style.BRIGHT+bits1+"\t\t"+dest1+"("+dest+")"+"\t"+source1+"("+sour+")"+Style.RESET_ALL 35 | a=a-1 36 | -------------------------------------------------------------------------------- /core/forensiclib/reconlib.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | # 3 | # WFF Interface Design 4 | # Created By Nipun Jaswal 5 | # Email : mail@nipunjaswal.info 6 | from conf import notation 7 | from core.forensiclib import fakemaclib 8 | import os 9 | import time 10 | import colorama 11 | from colorama import Fore, Back, Style 12 | colorama.init() 13 | def runmod(): 14 | command=notation.libc+" -r "+ notation.pack_file +" -R "+ notation.recon_packet+ notation.sort_recon 15 | execute=os.popen(command).read() 16 | line=execute.split("\n") 17 | j=len(line) 18 | j=j-2 19 | a=0 20 | while(a<=j): 21 | k=line[a] 22 | no,type,sor,dst,month,date,year,time=k.split(",") 23 | source_mac_check=fakemaclib.mac_check(sor) 24 | dest_mac_check=fakemaclib.mac_check(dst) 25 | if(type=="0x08"): 26 | print source_mac_check+"("+sor+")"+"Sends a Beacon Frame to "+"("+dst+")"+dest_mac_check+ " at "+time 27 | a=a+1 28 | elif(type=="0x00"): 29 | print Fore.MAGENTA+source_mac_check+"("+sor+")"+"Sends an Association request to "+"("+dst+")"+dest_mac_check+ " at "+time+Style.RESET_ALL 30 | a=a+1 31 | elif(type=="0x01"): 32 | print source_mac_check+"("+sor+")"+"Sends a Association response to "+"("+dst+")"+dest_mac_check+ " at "+time 33 | a=a+1 34 | elif(type=="0x04"): 35 | print source_mac_check+"("+sor+")"+"Sends a Probe request to "+"("+dst+")"+dest_mac_check+ " at "+time 36 | a=a+1 37 | elif(type=="0x05"): 38 | print source_mac_check+"("+sor+")"+"Sends a Probe response to "+"("+dst+")"+dest_mac_check+ "at "+time 39 | a=a+1 40 | else: 41 | a=a+1 42 | 43 | 44 | 45 | 46 | 47 | 48 | 49 | 50 | -------------------------------------------------------------------------------- /modules/recon.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | # 3 | # -------------------------------------------------- 4 | # Wireless Forensics Framework 5 | # -------------------------------------------------- 6 | # Copyright (C) <2014> 7 | # 8 | # This program is free software: you can redistribute it and/or modify 9 | # it under the terms of the GNU General Public License 10 | # 11 | # WFF is Wireless Forensics Framework Developed For Penetration Testing and Forensics of Wireless Networks 12 | # 13 | # 14 | # About Author : 15 | # 16 | # Founder :Ap3x Pr3Dat0r (Nipun Jaswal) 17 | # Location : India 18 | # Email : mail@nipunjaswal.info 19 | # Blog : www.nipunjaswal.com, www.nipunjaswal.info 20 | ################################################################################################################ 21 | from core.forensiclib import reconlib 22 | from core.forensiclib import apfinder 23 | def menu_recon(): 24 | option=raw_input('Wff:Forensic:APFinder>') 25 | if option=="help" or option=="h": 26 | print "General Command\t\t\t\tUsage Information" 27 | print "===============\t\t\t\t=================" 28 | print "(r)econ\t\t\t\t\tReconstruct the Crime Scene" 29 | print "(a)p\t\t\t\t\tAP Finder" 30 | print "(g)o (b)ack\t\t\t\tPrevious Menu" 31 | menu_recon() 32 | elif option=="run" or option=="r": 33 | reconlib.runmod() 34 | menu_recon() 35 | elif option=="ap" or option=="a": 36 | apfinder.findap() 37 | menu_recon() 38 | elif option=="go back" or option=="gb": 39 | return 40 | else: 41 | menu_recon() 42 | 43 | 44 | -------------------------------------------------------------------------------- /modules/deauth.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | # 3 | # -------------------------------------------------- 4 | # Wireless Forensics Framework 5 | # -------------------------------------------------- 6 | # Copyright (C) <2014> 7 | # 8 | # This program is free software: you can redistribute it and/or modify 9 | # it under the terms of the GNU General Public License 10 | # 11 | # WFF is Wireless Forensics Framework Developed For Penetration Testing and Forensics of Wireless Networks 12 | # 13 | # 14 | # About Author : 15 | # 16 | # Founder :Ap3x Pr3Dat0r (Nipun Jaswal) 17 | # Location : India 18 | # Email : mail@nipunjaswal.info 19 | # Blog : www.nipunjaswal.com, www.nipunjaswal.info 20 | ################################################################################################################ 21 | from core.forensiclib import deauthlib 22 | import colorama 23 | from colorama import Fore, Back, Style 24 | colorama.init() 25 | def menu_deauth(): 26 | option=raw_input('Wff:'+Fore.RED+'Forensic'+Style.RESET_ALL+':'+Fore.GREEN+'DeAuth'+Style.RESET_ALL+'>') 27 | if option=="help" or option=="h": 28 | print("General Command\t\t\t\tUsage Information ") 29 | print("===============\t\t\t\t================= ") 30 | print Fore.GREEN+"(sh)ow (t)rans\t\t\t\tShow Clients Sending DeAuth Packets"+Style.RESET_ALL 31 | print Fore.GREEN+"(g)o back\t\t\t\tPrevious Menu"+Style.RESET_ALL 32 | menu_deauth() 33 | elif option=="show trans" or option=="sht": 34 | deauthlib.show_all_Deauth() 35 | menu_deauth() 36 | elif option=="go back" or option=="gb": 37 | return 38 | else: 39 | menu_deauth() 40 | 41 | 42 | -------------------------------------------------------------------------------- /modules/assoc.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | # 3 | # -------------------------------------------------- 4 | # Wireless Forensics Framework 5 | # -------------------------------------------------- 6 | # Copyright (C) <2014> 7 | # 8 | # This program is free software: you can redistribute it and/or modify 9 | # it under the terms of the GNU General Public License 10 | # 11 | # WFF is Wireless Forensics Framework Developed For Penetration Testing and Forensics of Wireless Networks 12 | # 13 | # 14 | # About Author : 15 | # 16 | # Founder :Ap3x Pr3Dat0r (Nipun Jaswal) 17 | # Location : India 18 | # Email : mail@nipunjaswal.info 19 | # Blog : www.nipunjaswal.com, www.nipunjaswal.info 20 | ################################################################################################################ 21 | import colorama 22 | from colorama import Fore, Back, Style 23 | colorama.init() 24 | from core.forensiclib import assoclib 25 | def menu_assoc(): 26 | option=raw_input('Wff:'+Fore.RED+'Forensic'+Style.RESET_ALL+':'+Fore.YELLOW+'Assoc'+Style.RESET_ALL+'>') 27 | if option=="help" or option=="h": 28 | print("General Command\t\t\t\tUsage Information") 29 | print("===============\t\t\t\t=================") 30 | print Fore.YELLOW+"(s)how (a)ssoc\t\t\t\tShow All Transmissions"+Style.RESET_ALL 31 | print Fore.YELLOW+"(g)o (b)ack\t\t\t\tPrevious Menu"+Style.RESET_ALL 32 | menu_assoc() 33 | elif option=="show assoc" or option=="sa": 34 | assoclib.show_all_association_requests() 35 | menu_assoc() 36 | elif option=="go back" or option=="gb": 37 | return 38 | else: 39 | menu_assoc() 40 | 41 | 42 | -------------------------------------------------------------------------------- /modules/show_high_data.py: -------------------------------------------------------------------------------- 1 | 2 | #!/usr/bin/env python 3 | # 4 | # -------------------------------------------------- 5 | # Wireless Forensics Framework 6 | # -------------------------------------------------- 7 | # Copyright (C) <2014> 8 | # 9 | # This program is free software: you can redistribute it and/or modify 10 | # it under the terms of the GNU General Public License 11 | # 12 | # WFF is Wireless Forensics Framework Developed For Penetration Testing and Forensics of Wireless Networks 13 | # 14 | # 15 | # About Author : 16 | # 17 | # Founder :Ap3x Pr3Dat0r (Nipun Jaswal) 18 | # Location : India 19 | # Email : mail@nipunjaswal.info 20 | # Blog : www.nipunjaswal.com, www.nipunjaswal.info 21 | ################################################################################################################ 22 | from core.forensiclib import datalib 23 | import colorama 24 | from colorama import Fore, Back, Style 25 | colorama.init() 26 | def menu_show_high_data(): 27 | option=raw_input('Wff:'+Fore.RED+'Forensic'+Style.RESET_ALL+':'+Fore.BLUE+'Data'+Style.RESET_ALL+'>') 28 | if option=="help" or option=="h": 29 | print "MAC SPOOF CHECK\t\t\t\tFake MAC Check Options Menu" 30 | print "================\t\t\t=============================" 31 | print Fore.BLUE+"(s)how (d)a(t)a\t\t\t\tShow All Destinations With Fake MAC Detect" 32 | print "(g)o (b)ack\t\t\t\tPrevious Menu"+Style.RESET_ALL 33 | menu_show_high_data() 34 | elif option=="show data" or option=="sdt": 35 | datalib.show_high_data() 36 | menu_show_high_data() 37 | elif option=="go back" or option=="gb": 38 | return 39 | else: 40 | menu_show_high_data() 41 | 42 | -------------------------------------------------------------------------------- /modules/auth.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | # 3 | # -------------------------------------------------- 4 | # Wireless Forensics Framework 5 | # -------------------------------------------------- 6 | # Copyright (C) <2014> 7 | # 8 | # This program is free software: you can redistribute it and/or modify 9 | # it under the terms of the GNU General Public License 10 | # 11 | # WFF is Wireless Forensics Framework Developed For Penetration Testing and Forensics of Wireless Networks 12 | # 13 | # 14 | # About Author : 15 | # 16 | # Founder :Ap3x Pr3Dat0r (Nipun Jaswal) 17 | # Location : India 18 | # Email : mail@nipunjaswal.info 19 | # Blog : www.nipunjaswal.com, www.nipunjaswal.info 20 | ################################################################################################################ 21 | import colorama 22 | from colorama import Fore, Back, Style 23 | colorama.init() 24 | from core.forensiclib import authlib 25 | def menu_auth(): 26 | option=raw_input('Wff:'+Fore.RED+'Forensic'+Style.RESET_ALL+':'+Fore.MAGENTA+'AuTh'+Style.RESET_ALL+'>') 27 | if option=="help" or option=="h": 28 | print "General Command\t\t\t\tUsage Information" 29 | print "===============\t\t\t\t=================" 30 | print Fore.MAGENTA+"(s)how (sa)uth\t\t\t\tShow Authentications Requests" 31 | print "(s)how (f)ailed\t\t\t\tShow Failed Authentication Tries" 32 | print "(g)o (b)ack\t\t\t\tPrevious Menu"+Style.RESET_ALL 33 | menu_auth() 34 | elif option=="show sauth" or option=="ssa": 35 | authlib.show_all_association_response() 36 | menu_auth() 37 | elif option=="show failed" or option=="sf": 38 | authlib.show_failed_attempts() 39 | menu_auth() 40 | elif option=="go back" or option=="gb": 41 | return 42 | else: 43 | menu_auth() 44 | 45 | 46 | -------------------------------------------------------------------------------- /conf/notation.py: -------------------------------------------------------------------------------- 1 | 2 | #!/usr/bin/env python 3 | # 4 | # WFF Interface Design 5 | # Created By Nipun Jaswal 6 | # Email : mail@nipunjaswal.info 7 | import os 8 | #=========================================== 9 | #Name of The Packet Filterer 10 | libc="tshark" 11 | #=========================================== 12 | #Current File Loaded 13 | pack_file="~/wff/Anya.cap" 14 | #=========================================== 15 | #Filter Variables Mgmt Frames 16 | success_auth=""" "wlan.fc.type_subtype==0x0B && wlan_mgt.fixed.auth_seq == 0x0002 && wlan_mgt.fixed.status_code==0x0000" """ 17 | associations_req="wlan.fc.type_subtype==0x00" 18 | deauth="wlan.fc.type_subtype==0x0C" 19 | recon_packet=""" "wlan.fc.type_subtype==0x00||wlan.fc.type_subtype==0x01||wlan.fc.type_subtype==0x04||wlan.fc.type_subtype==0x05||wlan.fc.type_subtype==0x08" """ 20 | auth_deauth=""" "wlan.fc.type_subtype==0x0B || wlan.fc.type_subtype==0x0C" """ 21 | #========================================== 22 | #Filter Variables Data Frames 23 | data="wlan.fc.type==2" 24 | #=========================================== 25 | #Sorting and Unique Functions 26 | sorts=" -T fields -e wlan.sa | sort | uniq" 27 | sortd=" -T fields -e wlan.da | sort | uniq" 28 | sort_auth_deauth=" -T fields -E separator=, -e wlan.sa -e wlan.da -e wlan.fc.type_subtype -e frame.number -e frame.time | tr -s ' ' ','" 29 | sort_auth=" -T fields -E separator=, -e wlan.sa -e wlan.da -e frame.time| tr -s ' ' ','" 30 | sort_source_dest=" -T fields -E separator=, -e wlan.sa -e wlan.da | sort| uniq" 31 | sort_deauth=" -T fields -E separator=, -e wlan.sa -e wlan.da| sort | uniq -c | tr -s ' ' ',' | sed 's/^,*//g'" 32 | sort_data_count=" -T fields -E separator=, wlan.sa -e wlan.da -e | sort | uniq -c | tr -s ' ' ',' | sed 's/,//'" 33 | sort_recon=" -T fields -E separator=, -e frame.number -e wlan.fc.type_subtype -e wlan.sa -e wlan.da -e frame.time| tr -s ' ' ','" 34 | frame=" -T fields -e wlan_mgt.fixed.reason_code | tr -s ' ' ','" 35 | #=========================================== 36 | #AP Finder 37 | find="iw dev wlan0 scan ssid | grep -e SSID -e signal | paste - - -d, | grep " 38 | 39 | -------------------------------------------------------------------------------- /modules/fakemac.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | # 3 | # -------------------------------------------------- 4 | # Wireless Forensics Framework 5 | # -------------------------------------------------- 6 | # Copyright (C) <2014> 7 | # 8 | # This program is free software: you can redistribute it and/or modify 9 | # it under the terms of the GNU General Public License 10 | # 11 | # WFF is Wireless Forensics Framework Developed For Penetration Testing and Forensics of Wireless Networks 12 | # 13 | # 14 | # About Author : 15 | # 16 | # Founder :Ap3x Pr3Dat0r (Nipun Jaswal) 17 | # Location : India 18 | # Email : mail@nipunjaswal.info 19 | # Blog : www.nipunjaswal.com, www.nipunjaswal.info 20 | ################################################################################################################ 21 | from core.forensiclib import fakemaclib 22 | import colorama 23 | from colorama import Fore, Back, Style 24 | colorama.init() 25 | def menu_fakemac(): 26 | option=raw_input('Wff:'+Fore.RED+'Forensic'+Style.RESET_ALL+':'+Fore.CYAN+'FakeMAC'+Style.RESET_ALL+'>') 27 | if option=="help" or option=="h": 28 | print "MAC SPOOF CHECK\t\t\t\tFake MAC Check Options Menu" 29 | print "================\t\t\t===========================" 30 | print Fore.CYAN+"(s)how (d)est (m)ac\t\t\tShow All Destinations With Fake MAC Detect" 31 | print "(s)how (s)ourc (m)ac\t\t\tShow All Sources With Fake MAC Detect" 32 | print "(g)o (b)ack\t\t\t\tPrevious Menu"+Style.RESET_ALL 33 | menu_fakemac() 34 | elif option=="show dest mac" or option=="sdm": 35 | fakemaclib.show_all_destination() 36 | menu_fakemac() 37 | elif option=="show sourc mac" or option=="ssm": 38 | fakemaclib.show_all_source() 39 | menu_fakemac() 40 | elif option=="go back" or option=="gb": 41 | return 42 | else: 43 | menu_fakemac() 44 | 45 | -------------------------------------------------------------------------------- /core/forensiclib/authlib.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | # 3 | # WFF Interface Design 4 | # Created By Nipun Jaswal 5 | # Email : mail@nipunjaswal.info 6 | from conf import notation 7 | import os 8 | import warnings 9 | warnings.filterwarnings('ignore') 10 | import colorama 11 | import time 12 | from colorama import Fore, Back, Style 13 | colorama.init() 14 | #Show All Successful Authentication Response Module 15 | def show_all_association_response(): 16 | command=notation.libc+ " -r "+notation.pack_file+" -R "+notation.success_auth+ notation.sort_auth 17 | execute=os.popen(command).read() 18 | line=execute.split("\n") 19 | j=len(line) 20 | j=j-2 21 | print"Source ====> Destination" 22 | while(j>=0): 23 | k=line[j] 24 | source,dest,mon,date,year,time=k.split(",") 25 | print dest+" ====> "+source+" ====> "+time 26 | j=j-1 27 | 28 | def show_failed_attempts(): 29 | warnings.filterwarnings('ignore') 30 | command=notation.libc+ " -r " + notation.pack_file+" -R"+notation.auth_deauth+ notation.sort_auth_deauth 31 | execute=os.popen(command).read() 32 | line=execute.split("\n") 33 | j=len(line) 34 | j=j-2 35 | count=0 36 | summer=0 37 | at=0 38 | while(count<=j): 39 | k=line[count] 40 | source,dest,type,frame,mon,date,year,time=k.split(",") 41 | if(summer!=10001): 42 | if(type=="0x0b"): 43 | summer=summer+5000 44 | count=count+1 45 | else: 46 | summer=summer+1 47 | if(summer==10001): 48 | comm=notation.libc+ " -r "+notation.pack_file+" -R "+"frame.number=="+frame+notation.frame 49 | execute2=os.popen(comm).read() 50 | execute2= execute2 [:6] 51 | if(execute2=="0x0006"): 52 | print Style.DIM+source+"==================>"+dest+"=============>"+time+"(Due To Failed Attempt)"+Style.RESET_ALL 53 | summer=0 54 | elif(execute2=="0x0003"): 55 | print Fore.RED+Style.BRIGHT+source+"==================>"+dest+"=============>"+time+"(Intentional DE-AUTH)"+Style.RESET_ALL 56 | summer=0 57 | count=count+1 58 | 59 | 60 | -------------------------------------------------------------------------------- /modules/capinfos.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | # 3 | # -------------------------------------------------- 4 | # Wireless Forensics Framework 5 | # -------------------------------------------------- 6 | # Copyright (C) <2014> 7 | # 8 | # This program is free software: you can redistribute it and/or modify 9 | # it under the terms of the GNU General Public License 10 | # 11 | # WFF is Wireless Forensics Framework Developed For Penetration Testing and Forensics of Wireless Networks 12 | # 13 | # 14 | # About Author : 15 | # 16 | # Founder :Ap3x Pr3Dat0r (Nipun Jaswal) 17 | # Location : India 18 | # Email : mail@nipunjaswal.info 19 | # Blog : www.nipunjaswal.com, www.nipunjaswal.info 20 | ################################################################################################################ 21 | # Calling Statitistics Modules 22 | import colorama 23 | from colorama import Fore, Back, Style 24 | colorama.init() 25 | from core.forensiclib import capinfos 26 | def menu_capinfo(): 27 | option=raw_input('Wff:'+Fore.RED+'forensic'+Style.RESET_ALL+':'+Fore.RED+'stats'+Style.RESET_ALL+'>') 28 | if option=="help" or option=="h": 29 | print "MAC SPOOF CHECK\t\t\t\tFake MAC Check Options Menu" 30 | print "================\t\t\t=============================" 31 | print Fore.RED+"(c)ap(s)t\t\t\t\tShow Capture Start Time" 32 | print "(c)ap(e)n\t\t\t\tShow Capture End Time" 33 | print "(c)ap(d)ur\t\t\t\tShow Capture Duration" 34 | print "(n)etwork(n)(a)me\t\t\t\tNetwork Name and Address" 35 | print "(g)o (b)ack\t\t\t\tPrevious Menu"+Style.RESET_ALL 36 | menu_capinfo() 37 | elif option=="capst" or option=="cs": 38 | capinfos.capstart() 39 | menu_capinfo() 40 | elif option=="capen" or option=="ce": 41 | capinfos.capend() 42 | menu_capinfo() 43 | elif option=="capdur" or option=="cd": 44 | capinfos.capdur() 45 | menu_capinfo() 46 | elif option=="nna": 47 | capinfos.capnna() 48 | menu_capinfo() 49 | elif option=="go back" or option=="gb": 50 | return 51 | else: 52 | menu_capinfo() 53 | 54 | -------------------------------------------------------------------------------- /interface/forensic.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | # 3 | # WFF Interface Design 4 | # Created By Nipun Jaswal 5 | # Email : mail@nipunjaswal.info 6 | import colorama 7 | from colorama import Fore, Back, Style 8 | colorama.init() 9 | import os 10 | import sys 11 | from modules import show_high_data 12 | from modules import capinfos 13 | from modules import deauth 14 | from modules import assoc 15 | from modules import fakemac 16 | from modules import set_file_path 17 | from modules import auth 18 | from modules import recon 19 | def forensic_menu(): 20 | option=raw_input('Wff:'+Fore.RED+'Forensic'+Style.RESET_ALL+'>') 21 | if option=="help" or option=="h": 22 | print "GENERAL COMMANDS\t\t\tUsage Information" 23 | print "================\t\t\t=================" 24 | print Fore.YELLOW+"(a)"+Style.RESET_ALL+"p"+Fore.YELLOW+"(f)"+Style.RESET_ALL+"inder\t\t\t\tAP Finder Module" 25 | print Fore.RED+"(s)"+Style.RESET_ALL+"tats\t\t\t\t\tDisplay Time,Duration Etc." 26 | print Fore.GREEN+"(h)"+Style.RESET_ALL+"elp\t\t\t\t\tDisplay This Menu" 27 | print Fore.BLACK+"(g)"+Style.RESET_ALL+"o "+Fore.BLACK+"(b)"+Style.RESET_ALL+"ack\t\t\t\tPrevious Menu" 28 | print Fore.BLACK+"(e)"+Style.RESET_ALL+"xit\t\t\t\t\tExit WFF" 29 | print("\n") 30 | print "SUB MENU\t\t\t\tComplex Mgmt Frame Operations" 31 | print "========\t\t\t\t=============================" 32 | print Fore.YELLOW+"(A)"+Style.RESET_ALL+"ssoc\t\t\t\t\tAssociation Operations Menu" 33 | print Fore.GREEN+"(D)"+Style.RESET_ALL+"eauth\t\t\t\tDeauth Operations Menu" 34 | print Fore.CYAN+"(F)"+Style.RESET_ALL+"akeMac\t\t\t\tFake MAC Detection Menu" 35 | print Fore.BLUE+"(D)"+Style.RESET_ALL+"a"+Fore.BLUE+"(T)"+Style.RESET_ALL+"a\t\t\t\tData Operations Menu" 36 | print Fore.MAGENTA+"(A)"+Style.RESET_ALL+"u"+Fore.MAGENTA+"(T)"+Style.RESET_ALL+"h\t\t\t\tAuthentication Operations Menu" 37 | print("\n") 38 | print "File Options\t\t\t\tUsage Information" 39 | print "============\t\t\t\t=================" 40 | print Fore.GREEN+"(s)"+Style.RESET_ALL+"et "+Fore.GREEN+"(f)"+Style.RESET_ALL+"ile\t\t\t\tSet File" 41 | print Fore.RED+"(sh)"+Style.RESET_ALL+"ow "+Fore.RED+"(f)"+Style.RESET_ALL+"ile\t\t\t\t"+"Show File" 42 | print("\n") 43 | forensic_menu() 44 | elif option=="set file" or option=="sf": 45 | set_file_path.set_path() 46 | forensic_menu() 47 | elif option=="show file" or option=="shf": 48 | set_file_path.show_path() 49 | forensic_menu() 50 | elif option=="Assoc" or option=="A": 51 | assoc.menu_assoc() 52 | forensic_menu() 53 | elif option=="Data" or option=="DT": 54 | show_high_data.menu_show_high_data() 55 | forensic_menu() 56 | elif option=="stats" or option=="s": 57 | capinfos.menu_capinfo() 58 | forensic_menu() 59 | elif option=="FakeMac" or option=="F": 60 | fakemac.menu_fakemac() 61 | forensic_menu() 62 | elif option=="DeAuth" or option=="D": 63 | deauth.menu_deauth() 64 | forensic_menu() 65 | elif option=="AuTh" or option=="AT": 66 | auth.menu_auth() 67 | forensic_menu() 68 | elif option=="go back" or option=="gb": 69 | return 70 | elif option=="ReCon" or option=="R": 71 | recon.menu_recon() 72 | forensic_menu() 73 | elif option=="ap finder" or option=="af": 74 | recon.menu_recon() 75 | forensic_menu() 76 | elif option=="exit" or option=="e": 77 | sys.exit(0) 78 | else: 79 | forensic_menu() 80 | return 81 | 82 | 83 | -------------------------------------------------------------------------------- /core/forensiclib/fakemaclib.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | # 3 | # WFF Interface Design 4 | # Created By Nipun Jaswal 5 | # Email : mail@nipunjaswal.info 6 | from conf import notation 7 | import urllib 8 | import os 9 | import colorama 10 | from colorama import Fore, Back, Style 11 | colorama.init() 12 | def show_all_destination(): 13 | command=notation.libc+ " -r "+notation.pack_file+notation.sortd 14 | execute=os.popen(command).read() 15 | line= [] 16 | line=execute.split("\n") 17 | j=len(line) 18 | j=j-2 19 | print("Destination MAC Details") 20 | print("=======================\n") 21 | while(j>0): 22 | url="http://www.macvendorlookup.com/api/BOKEvPx/"+line[j] 23 | response = urllib.urlopen(url) 24 | html = response.read() 25 | addr=html 26 | if(addr=="none"): 27 | bd=line[j] 28 | if(bd=="ff:ff:ff:ff:ff:ff"): 29 | print(Fore.GREEN) 30 | print("MAC ID:") 31 | print(line[j]) 32 | print("Vendor Details And Address:") 33 | print("BroadCast Address") 34 | print(Style.RESET_ALL) 35 | else: 36 | print(Fore.RED) 37 | print("MAC ID:") 38 | print(line[j]) 39 | print("Vendor Details And Address:") 40 | print("Suspicious") 41 | print(Style.RESET_ALL) 42 | else: 43 | print(Fore.GREEN) 44 | print("MAC ID:") 45 | print(line[j]) 46 | print("Vendor Details And Address:") 47 | print(addr) 48 | print(Style.RESET_ALL) 49 | j=j-1 50 | 51 | def show_all_source(): 52 | command=notation.libc+ " -r "+notation.pack_file+notation.sorts 53 | execute=os.popen(command).read() 54 | line= [] 55 | line=execute.split("\n") 56 | j=len(line) 57 | j=j-2 58 | print("Source MAC Details") 59 | print("=======================\n") 60 | while(j>0): 61 | url="http://www.macvendorlookup.com/api/BOKEvPx/"+line[j] 62 | response = urllib.urlopen(url) 63 | html = response.read() 64 | addr=html 65 | if(addr=="none"): 66 | bd=line[j] 67 | if(bd=="ff:ff:ff:ff:ff:ff"): 68 | print(Fore.GREEN) 69 | print("MAC ID:") 70 | print(line[j]) 71 | print("Vendor Details And Address:") 72 | print("BroadCast Address") 73 | print(Style.RESET_ALL) 74 | else: 75 | print(Fore.RED) 76 | print("MAC ID:") 77 | print(line[j]) 78 | print("Vendor Details And Address:") 79 | print("Suspicious") 80 | print(Style.RESET_ALL) 81 | else: 82 | print(Fore.GREEN) 83 | print("MAC ID:") 84 | print(line[j]) 85 | print("Vendor Details And Address:") 86 | print(addr) 87 | print(Style.RESET_ALL) 88 | j=j-1 89 | 90 | 91 | def mac_check(macaddr): 92 | url="http://www.macvendorlookup.com/api/BOKEvPx/"+macaddr 93 | response = urllib.urlopen(url) 94 | html = response.read() 95 | addr=html [:7] 96 | return addr 97 | 98 | 99 | 100 | 101 | 102 | 103 | --------------------------------------------------------------------------------