-
Notifications
You must be signed in to change notification settings - Fork 86
/
Copy pathpidense.py
132 lines (116 loc) · 4.78 KB
/
pidense.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
# coding=utf-8
from scapy.all import *
from scapy.layers.dot11 import Dot11Beacon
from termcolor import colored
import time
banner = """
PiDense can detects,
[*] Pineapple activity
[*] KARMA Attacks
[*] Enviroment threats
[*] Deauth Attacks
[*] Other Fake AP Tactics
-----------------------------------------
"""
def logging(log):
with open("/var/log/pidens.log", "a") as f:
f.write(str(log)+"\n")
f.flush()
f.close()
def sniff_channel_hop(iface):
for i in range(1, 14):
os.system("iwconfig " + iface + " channel " + str(i))
sniff(iface=iface, count=15, prn=air_scan)
def air_scan(pkt):
"""
Scan all network with channel hopping
Collected all ssid and mac address information
:param pkt: result of sniff function
"""
if pkt.haslayer(Dot11Beacon):
ssid, bssid = pkt.info, pkt.addr2
if ssid not in ssidlist and len(ssid)!=0:
ssidlist.append(ssid)
capability = pkt.sprintf("{Dot11Beacon:%Dot11Beacon.cap%}\
{Dot11ProbeResp:%Dot11ProbeResp.cap%}")
enc = "Y"
if "privacy" not in capability and len(ssid)!=0:
enc = 'N'
info = "{}=*={}".format(enc, ssid)
if info not in info_list and info_list_2:
info_list.append(info)
info_list_2.append(info)
elif "privacy" in capability and len(ssid)!=0:
info = "{}=*={}".format(enc, ssid)
if info not in info_list_2:
info_list_2.append(info)
elif pkt.haslayer(Dot11ProbeResp):
ssid, bssid = pkt.info, pkt.addr2
info = "{}=*={}".format(bssid, ssid)
if len(ssid)!=0 and info not in info_list:
karmalist.append(info)
elif pkt.haslayer(Dot11Deauth):
pass
#if pkt.reason == 7:
# deauth_list.append(pkt.reason)
def same_ssid(info_list_2, same_ssids):
for i in range(0, len(info_list_2)):
for j in range(i+1, len(info_list_2)):
ssid1 = info_list_2[i].split("=*=")[1]
ssid2 = info_list_2[j].split("=*=")[1]
enc1= info_list_2[i].split("=*=")[0]
enc2= info_list_2[j].split("=*=")[0]
if ssid1 == ssid2 and enc1 != enc2 and (ssid1 or ssid2) != '':
same_ssids += 1
print u"\n\u001b[41;1mCritical\u001b[0m\t\033[1mFakeAP\t\t\u001b[41;1msame ssid, different encryption\u001b[0m\t" + "\033[1mSSID: ", ssid1
return same_ssids
def karma_attack_check(karmalist, karma):
for i in karmalist:
bssid, ssid= i.split("=*=")
if bssid not in karma.keys():
karma[bssid] = []
karma[bssid].append(ssid)
elif bssid in karma.keys() and ssid not in karma[bssid]:
karma[bssid].append(ssid)
for v in karma.keys():
if len(karma[v]) >= 3 and v not in karma_mac_address:
print u"\n\u001b[41;1mCritical\u001b[0m\t\033[1mFakeAP\t\t\u001b[41;1mKARMA Attacks\u001b[0m\t\t\t" + "\033[1mMAC: ", v
karma_mac_address.append(v)
def blackssid_check(info_list_2):
blackssids = open("blacklist.txt","r").readlines()
blackssids = [black[:-1].lower() for black in blackssids]
for black in blackssids:
for info in info_list_2:
ssid = info.split("=*=")[1]
enc = info.split("=*=")[0]
if black in ssid and enc == "N":
print u"\n\u001b[41;1mCritical\u001b[0m\t\033[1mCritical SSID\t\u001b[41;1mBlacklist\u001b[0m\t\t\t" + "\033[1mSSID: ", ssid
if __name__ == '__main__':
density = 5
iface = "wlan0mon"
now = time.strftime("%c")
print banner
print u"\u001b[40;1m T \u001b[41;1m H \u001b[42;1m R \u001b[43;1m E \u001b[45;1m A \u001b[46;1m T \u001b[41;1m S \u001b[0m____________________________________________________\n"
print u"\u001b[4m\u001b[240;1mSeverity\tAttack Type\tDescription\t\t\tContent\u001b[0m"
while True:
threat_time = time.strftime("%c")
time.sleep(45)
karmalist = []
karma_mac_address = []
karma = {}
same_ssids = 0
info_list = []
info_list_2 = []
ssidlist = []
deauth_list = []
sniff_channel_hop(iface)
p = same_ssid(info_list_2, same_ssids)
blackssid_check(info_list_2)
karma_attack_check(karmalist, karma)
if p >= 3:
print u"\n\u001b[41;1mCritical\u001b[0m\t\033[1mPineapple\t\u001b[41;1mUnencrypted WiFi\u001b[0m\t\t" + "\033[1mCount: ", p
elif len(info_list) >= density:
print u"\n\u001b[43;1mMEDIUM\t\u001b[0m\t\033[1mDensity\t\t\u001b[43;1mOPN Networks\u001b[0m\t\t\t" + "\033[1mCount: ", len(info_list)
#elif len(deauth_list) >=0:
# print u"\n\u001b[44;1mInformation\u001b[0m\t\033[1mDeauth Packets\t\u001b[44;1mDeauthentication Attacks\u001b[0m\t" + "\033[1mCount: ", len(deauth_list)
print "______________________________________________________: ", threat_time