SniffAir – A Framework For Wireless Pentesting

0
10
SniffAir - A Framework For Wireless Pentesting

SniffAir is an open-supply wi-fi safety framework which supplies the flexibility to simply parse passively collected wi-fi information in addition to launch subtle wi-fi assaults. SniffAir takes care of the trouble related to managing giant or a number of pcap recordsdata whereas completely cross-analyzing and analyzing the visitors, in search of potential safety flaws. Along with the prebuilt queries, SniffAir permits customers to create customized queries for analyzing the wi-fi information saved within the backend SQL database. SniffAir is constructed on the idea of utilizing these queries to extract information for wi-fi penetration test studies. The information will also be leveraged in establishing subtle wi-fi assaults included in SniffAir as modules.


Install
SniffAir was developed with Python model 2.7
Tested and supported on Kali Linux, Debian and Ubuntu.
To set up run the setup.sh script

$./setup.sh

Usage

                                                                     % *        ., %                         
                                                                    % ( ,#     (..# %                        
    /@@@@@&,    *@@%        &@,    @@#    /@@@@@@@@@   [email protected]@@@@@@@@. ,/ # # (%%%* % (.(.  [email protected]@     &@@@@@@%.    
  [email protected]@&   *&@    %@@@@.      &@,    @@%    %@@,,,,,,,   ,@@,,,,,,,  .( % %  %%#  # % #   ,@@     @@(,,,#@@@.  
  %@%           %@@(@@.     &@,    @@%    %@@          ,@@          /* #   /*,   %.,,   ,@@     @@*     #@@  
  ,@@&          %@@ ,@@*    &@,    @@%    %@@          ,@@           .#   //#(,   (,    ,@@     @@*     &@%  
   [email protected]@@@@.      %@@  [email protected]@(   &@,    @@%    %@@%%%%%%*   ,@@%%%%%%#         (# ##.        ,@@     @@&%%%@@@%   
       *@@@@    %@@   [email protected]@/  &@,    @@%    %@@,,,,,,    ,@@,,,,,,.        %#####%        ,@@     @@(,,%@@%    
          @@%   %@@     @@( &@,    @@%    %@@          ,@@              %  (*/  #       ,@@     @@*    @@@   
          %@%   %@@      @@&&@,    @@%    %@@          ,@@             %  #  .# .#      ,@@     @@*     @@%  
 [email protected]@&/,,#@@@    %@@       &@@@,    @@%    %@@          ,@@            /(*       /(#     ,@@     @@*      @@# 
   *%@@@&*      *%#        ,%#     #%/    *%#           %%            #############.    .%#     #%.      .%% 
                                                                  (@Tyl0us & @theDarracott)

 >>  [default]# assist
Commands
========
workspace                Manages workspaces (create, record, load, delete)
live_capture             Initiates a sound wi-fi interface to gather wi-fi pakcets to be parsed (requires the interface identify)
offline_capture          Begins parsing wi-fi packets utilizing a pcap file-kismet .pcapdump work finest (requires the total path)
offline_capture_list     Begins parsing wi-fi packets utilizing a listing of pcap file-kismet .pcapdump work finest (requires the total path)
question                    Executes a question on the contents of the acitve workspace
assist                     Displays this assist menu
clear                    Clears the display screen
present                     Shows the contents of a desk, particular data throughout all tables or the accessible modules
inscope                  Add ESSID to scope. inscope [ESSID]
SSID_Info                Displays all data (i.e all BSSID, Channels and Encrpytion) associated to the inscope SSIDS
use                      Use a SniffAir module
data                     Displays all variable data relating to the chosen module
set                      Sets a variable in module
exploit                  Runs the loaded module
run                      Runs the loaded module
exit                     Exit SniffAir
 >>  [default]# 

Begin
First create or load a brand new or present workspace utilizing the command workspace create <workspace> or workspace load <workspace> command. To view all present workspaces use the workspace record command and workspace delete <workspace> command to delete the specified workspace:

 >>  [default]# workspace
     Manages workspaces
 Command Option: workspaces [create|list|load|delete]
>>  [default]# workspace create demo
[+]  Workspace demo created

Load information right into a desired office from a pcap file utilizing the command offline_capture <the total path to the pcap file>. To load a collection of pcap recordsdata use the command offline_capture_list <the total path to the file containing the record of pcap identify> (this file ought to include the total patches to every pcap file). Use the live_capture <interface identify> command to seize reside wi-fi visitors utilizing a wi-fi interface.

>>  [demo]# offline_capture /root/sniffair/demo.pcapdump
[+] Importing /root/sniffair/demo.pcapdump

[+] Completed
[+] Cleaning Up Duplicates
[+] ESSIDs Observed

Show Command
The present command shows the contents of a desk, particular data throughout all tables or the accessible modules, utilizing the next syntax:

 >>  [demo]# present desk AP
+------+-----------+-------------------+-------------------------------+--------+-------+-------+----------+--------+
|   ID | ESSID     | BSSID             | VENDOR                        |   CHAN |   PWR | ENC   | CIPHER   | AUTH   |
|------+-----------+-------------------+-------------------------------+--------+-------+-------+----------+--------|
|    1 | HoneyPot  | c4:6e:1f:##:##:## | TP-LINK TECHNOLOGIES CO. LTD. |      4 |   -17 | WPA2  | TKIP     | MGT    |
|    2 | Demo      | 80:2a:a8:##:##:## | Ubiquiti Networks Inc.        |     11 |   -19 | WPA2  | CCMP     | PSK    |
|    3 | Demo5ghz  | 82:2a:a8:##:##:## | Unknown                       |     36 |   -27 | WPA2  | CCMP     | PSK    |
|    4 | HoneyPot1 | c4:6e:1f:##:##:## | TP-LINK TECHNOLOGIES CO. LTD. |     36 |   -29 | WPA2  | TKIP     | PSK    |
|    5 | BELL456   | 44:e9:dd:##:##:## | Sagemcom Broadband SAS        |      6 |   -73 | WPA2  | CCMP     | PSK    |
+------+-----------+-------------------+-------------------------------+--------+-------+-------+----------+--------+
 >>  [demo]# present SSIDS
---------
HoneyPot
Demo
HoneyPot1
BELL456
Hidden
Demo5ghz
---------

The question command can be utilized to show a novel set of information based mostly on the parememters specificed. The question command makes use of sql syntax.

Inscope
the inscope <SSID> command can be utilized so as to add a SSID to the inscope tables, loading all associated information to the inscope_AP, inscope_proberequests and inscope_proberesponses tables. To view a abstract of all inscope SSIDS run the SSID_Info command.

Modules
Modules can be utilized to investigate the information contained within the workspaces or carry out offensive wi-fi assaults utilizing the use <module identify> command. For some modules extra variables might should be set. They could be set utilizing the set command set <variable identify> <variable worth>:

 >>  [demo]# present modules
Available Modules
=================
[+] Auto EAP - Automated Brute-Force Login Attack Against EAP Networks
[+] Auto PSK - Automated Brute-Force Passphrase Attack Against PSK Networks
[+] AP Hunter - Discover Access Point Within  a Certain Range Using a Specific Type of Encrpytion
[+] Captive Portal - Web Based Login Portal to Capture User Entered Credentials (Runs as an OPEN Network)
[+] Certificate Generator - Generates a Certificate Used by Evil Twin Attacks
[+] Exporter - Exports Data Stored in a Workspace to a CSV File
[+] Evil Twin - Creates a Fake Access Point, Clients Connect to Divulging MSCHAP Hashes or Cleartext Passwords
[+] Handshaker - Parses Database or .pcapdump Files Extracting the Pre-Shared Handshake for Password Guessing (Hashcat or JTR Format)
[+] Mac Changer - Changes The Mac Address of an Interface
[+] Probe Packet - Sends Out Deauth Packets Targeting SSID(s)
[+] Proof Packet - Parses Database or .pcapdump Files Extracting all Packets Related to the Inscope SSDIS
[+] Hidden SSID - Discovers the Names of HIDDEN SSIDS
[+] Suspicious AP - Looks for Access Points that: Is On Different Channel, use a Different Vendor or Encrpytion Type Then the Rest of The Network
[+] Wigle Search SSID - Queries wigle for SSID (i.e. Bob's wifi)
[+] Wigle Search MAC - Queries wigle for all observations of a single mac deal with
 >>  [demo]# 
 >>  [demo]# use Captive Portal
 >>  [demo][Captive Portal]# data
Globally Set Varibles
=====================
 Module: Captive Portal
 Interface: 
 SSID: 
 Channel: 
 Template: Cisco (More to be added quickly)
 >>  [demo][Captive Portal]# set Interface wlan0
 >>  [demo][Captive Portal]# set SSID demo
 >>  [demo][Captive Portal]# set Channel 1
 >>  [demo][Captive Portal]# data
Globally Set Varibles
=====================
 Module: Captive Portal
 Interface: wlan0
 SSID: demo
 Channel: 1
 Template: Cisco (More to be added quickly)
 >>  [demo][Captive Portal]# 

Once all varibles are set, then execute the exploit or run command to run the specified assault.

Export
To export all data saved in a workspace’s tables utilizing the Exporter module and setting the specified path.

Acknowledgments
Sniffiar incorporates work from the next repoisoties:

MoreTip.com

LEAVE A REPLY

Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.