Sniffair - A Framework For Wireless Pentesting


SniffAir is an open-source wireless safety framework which provides the mightiness to easily parse passively collected wireless information every bit good every bit launch sophisticated wireless attacks. SniffAir takes aid of the hassle associated alongside managing large or multiple pcap files land thoroughly cross-examining as well as analyzing the traffic, looking for potential safety flaws. Along alongside the prebuilt queries, SniffAir allows users to exercise custom queries for analyzing the wireless information stored inward the backend SQL database. SniffAir is built on the concept of using these queries to extract information for wireless penetration test reports. The information tin every bit good survive leveraged inward setting upwards sophisticated wireless attacks included inward SniffAir every bit modules.
SniffAir is developed past times @Tyl0us as well as @theDarracott

Install
SniffAir was developed alongside Python version 2.7
Tested as well as supported on Kali Linux, Debian as well as Ubuntu.
To install run the setup.sh script
$./setup.sh

Usage
                                                                     % *        ., %                                                                                              % ( ,#     (..# %                             /@@@@@&,    *@@%        &@,    @@#    /@@@@@@@@@   .@@@@@@@@@. ,/ # # (%%%* % (.(.  .@@     &@@@@@@%.       .@@&   *&@    %@@@@.      &@,    @@%    %@@,,,,,,,   ,@@,,,,,,,  .( % %  %%#  # % #   ,@@     @@(,,,#@@@.     %@%           %@@(@@.     &@,    @@%    %@@          ,@@          /* #   /*,   %.,,   ,@@     @@*     #@@     ,@@&          %@@ ,@@*    &@,    @@%    %@@          ,@@           .#   //#(,   (,    ,@@     @@*     &@%      .@@@@@.      %@@  .@@(   &@,    @@%    %@@%%%%%%*   ,@@%%%%%%#         (# ##.        ,@@     @@&%%%@@@%           *@@@@    %@@   .@@/  &@,    @@%    %@@,,,,,,    ,@@,,,,,,.        %#####%        ,@@     @@(,,%@@%               @@%   %@@     @@( &@,    @@%    %@@          ,@@              %  (*/  #       ,@@     @@*    @@@              %@%   %@@      @@&&@,    @@%    %@@          ,@@             %  #  .# .#      ,@@     @@*     @@%    .@@&/,,#@@@    %@@       &@@@,    @@%    %@@          ,@@            /(*       /(#     ,@@     @@*      @@#     *%@@@&*      *%#        ,%#     #%/    *%#           %%            #############.    .%#     #%.      .%%                                                                    (@Tyl0us & @theDarracott)   >>  [default]# aid Commands ======== workspace                Manages workspaces (create, list, load, delete) live_capture             Initiates a valid wireless interface to collect wireless pakcets to survive parsed (requires the interface name) offline_capture          Begins parsing wireless packets using a pcap file-kismet .pcapdump piece of occupation best (requires the total path) offline_capture_list     Begins parsing wireless packets using a listing of pcap file-kismet .pcapdump piece of occupation best (requires the total path) interrogation                    Executes a interrogation on the contents of the acitve workspace aid                     Displays this aid carte du jour clear                    Clears the enshroud exhibit                     Shows the contents of a table, specific information across all tables or the available modules inscope                  Add ESSID to scope. inscope [ESSID] SSID_Info                Displays all information (i.e all BSSID, Channels as well as Encrpytion) related to the inscope SSIDS move                      Use a SniffAir module information                     Displays all variable information regarding the selected module fix                      Sets a variable inward module exploit                  Runs the loaded module run                      Runs the loaded module perish                     Exit SniffAir  >>  [default]#

Begin
First exercise or charge a novel or existing workspace using the ascendence workspace exercise <workspace> or workspace charge <workspace> command. To sentiment all existing workspaces move the workspace list ascendence as well as workspace delete <workspace> ascendence to delete the desired workspace:
 >>  [default]# workspace      Manages workspaces  Command Option: workspaces [create|list|load|delete] >>  [default]# workspace exercise demo [+]  Workspace demo created
Load information into a desired workplace from a pcap file using the ascendence offline_capture <the total path to the pcap file>. To charge a serial of pcap files move the ascendence offline_capture_list <the total path to the file containing the listing of pcap name> (this file should comprise the total patches to each pcap file). Use the live_capture <interface name> ascendence to capture alive wireless traffic using a wireless interface.
>>  [demo]# offline_capture /root/sniffair/demo.pcapdump [+] Importing /root/sniffair/demo.pcapdump \ [+] Completed [+] Cleaning Up Duplicates [+] ESSIDs Observed

Show Command
The show ascendence displays the contents of a table, specific information across all tables or the available modules, using the next syntax:
 >>  [demo]# exhibit tabular array AP +------+-----------+-------------------+-------------------------------+--------+-------+-------+----------+--------+ |   ID | ESSID     | BSSID             | VENDOR                        |   CHAN |   PWR | ENC   | CIPHER   | AUTH   | |------+-----------+-------------------+-------------------------------+--------+-------+-------+----------+--------| |    1 | HoneyPot  | c4:6e:1f:##:##:## | TP-LINK TECHNOLOGIES CO. LTD. |      iv |   -17 | WPA2  | TKIP     | MGT    | |    2 | Demo      | 80:2a:a8:##:##:## | Ubiquiti Networks Inc.        |     eleven |   -19 | WPA2  | CCMP     | PSK    | |    three | Demo5ghz  | 82:2a:a8:##:##:## | Unknown                       |     36 |   -27 | WPA2  | CCMP     | PSK    | |    iv | HoneyPot1 | c4:6e:1f:##:##:## | TP-LINK TECHNOLOGIES CO. LTD. |     36 |   -29 | WPA2  | TKIP     | PSK    | |    five | BELL456   | 44:e9:dd:##:##:## | Sagemcom Broadband SAS        |      six |   -73 | WPA2  | CCMP     | PSK    | +------+-----------+-------------------+-------------------------------+--------+-------+-------+----------+--------+  >>  [demo]# exhibit SSIDS --------- HoneyPot Demo HoneyPot1 BELL456 Hidden Demo5ghz ---------
The query ascendence tin survive used to display a unique fix of information based on the parememters specificed. The query ascendence uses sql syntax.

Inscope
the inscope <SSID> ascendence tin survive used to add together a SSID to the inscope tables, loading all related information to the inscope_AP, inscope_proberequests as well as inscope_proberesponses tables. To sentiment a summary of all inscope SSIDS run the SSID_Info command.

Modules
Modules tin survive used to analyze the information contained inward the workspaces or perform offensive wireless attacks using the use <module name> command. For roughly modules additional variables may involve to survive set. They tin survive fix using the fix ascendence set <variable name> <variable value>:
 >>  [demo]# exhibit modules Available Modules ================= [+] Auto EAP - Automated Brute-Force Login Attack Against EAP Networks [+] Auto PSK - Automated Brute-Force Passphrase Attack Against PSK Networks [+] AP Hunter - Discover Access Point Within  a Certain Range Using a Specific Type of Encrpytion [+] Captive Portal - Web Based Login Portal to Capture User Entered Credentials (Runs every bit an OPEN Network) [+] Certificate Generator - Generates a Certificate Used past times Evil Twin Attacks [+] Exporter - Exports Data Stored inward a Workspace to a CSV File [+] Evil Twin - Creates a Fake Access Point, Clients Connect to Divulging MSCHAP Hashes or Cleartext Passwords [+] Handshaker - Parses Database or .pcapdump Files Extracting the Pre-Shared Handshake for Password Guessing (Hashcat or JTR Format) [+] Mac Changer - Changes The Mac Address of an Interface [+] Probe Packet - Sends Out Deauth Packets Targeting SSID(s) [+] Proof Packet - Parses Database or .pcapdump Files Extracting all Packets Related to the Inscope SSDIS [+] Hidden SSID - Discovers the Names of HIDDEN SSIDS [+] Suspicious AP - Looks for Access Points that: Is On Different Channel, move a Different Vendor or Encrpytion Type Then the Rest of The Network [+] Wigle Search SSID - Queries wigle for SSID (i.e. Bob's wifi) [+] Wigle Search MAC - Queries wigle for all observations of a unmarried mac address  >>  [demo]#   >>  [demo]# move Captive Portal  >>  [demo][Captive Portal]# information Globally Set Varibles =====================  Module: Captive Portal  Interface:   SSID:   Channel:   Template: Cisco (More to survive added soon)  >>  [demo][Captive Portal]# fix Interface wlan0  >>  [demo][Captive Portal]# fix SSID demo  >>  [demo][Captive Portal]# fix Channel 1  >>  [demo][Captive Portal]# information Globally Set Varibles =====================  Module: Captive Portal  Interface: wlan0  SSID: demo  Channel: 1  Template: Cisco (More to survive added soon)  >>  [demo][Captive Portal]#
Once all varibles are set, hence execute the exploit or run ascendence to run the desired attack.

Export
To export all information stored inward a workspace’s tables using the Exporter module as well as setting the desired path.

Acknowledgments
Sniffiar contains piece of occupation from the next repoisoties:


Popular posts from this blog

Kerbrute - A Tool To Perform Kerberos Pre-Auth Bruteforcing

Image
Influenza A virus subtype H5N1 tool to speedily bruteforce together with enumerate valid Active Directory accounts through Kerberos Pre-Authentication Grab the latest binaries from the releases page to acquire started. Background This tool grew out of approximately bash scripts I wrote a few years agone to perform bruteforcing using the Heimdal Kerberos customer from Linux. I wanted something that didn't demand privileges to install a Kerberos client, together with when I works life the amazing pure Go implementation of Kerberos gokrb5 , I decided to lastly acquire Go together with write this. Bruteforcing Windows passwords amongst Kerberos is much faster than whatever other approach I know of, together with potentially stealthier since pre-authentication failures produce non trigger that "traditional" An job organisation human relationship failed to log on final result 4625. With Kerberos, y'all tin validate a username or exam a login past times s
Read more

Cameradar V2.1.0 - Hacks Its Mode Into Rtsp Videosurveillance Cameras

Image
   An RTSP flow access tool that comes alongside its library Cameradar allows you lot to Detect opened upward RTSP hosts on whatever accessible target host Detect which device model is streaming Launch automated dictionary attacks to larn their stream route (e.g.: /live.sdp ) Launch automated lexicon attacks to larn the username in addition to password of the cameras Retrieve a consummate in addition to user-friendly study of the results Docker Image for Cameradar Install docker on your machine, in addition to run the next command: docker run -t ullaakut/cameradar -t <target> <other command-line options> See command-line options . e.g.: docker run -t ullaakut/cameradar -t 192.168.100.0/24 -l volition scan the ports 554 in addition to 8554 of hosts on the 192.168.100.0/24 subnetwork in addition to laid on the discovered RTSP streams in addition to volition output debug logs. YOUR_TARGET tin hold out a subnet (e.g.: 172.16.100.0/24 ), an IP (
Read more

Efiguard - Disable Patchguard Together With Dse At Kicking Time

Image
EfiGuard is a portable x64 UEFI bootkit that patches the Windows kicking manager, kicking loader too center at kicking fourth dimension inward club to disable PatchGuard too Driver Signature Enforcement (DSE). Features Currently supports all EFI-compatible versions of Windows x64 e'er released, from Vista SP1 to Server 2019. Easy to use: tin live on booted from a USB stick via a loader application that automatically finds too boots Windows. The driver tin also live on loaded too configured manually using either the UEFI rhythm out or the loader. Makes extensive utilization of the Zydis disassembler library for fast runtime pedagogy decoding to back upwardly to a greater extent than robust analysis than what is possible amongst signature matching, which oftentimes requires changes amongst novel OS updates. Works passively: the driver does non charge or start the Windows kicking manager. Instead it acts on a charge of bootmgfw.efi yesteryear the firmware kicking
Read more