1
#!/usr/bin/env python
2
# -*- coding: utf-8 -*-
3

4
import os
5

6
from .util.color import Color
7
from .tools.macchanger import Macchanger
8

9
class Configuration(object):
10
    ''' Stores configuration variables and functions for Wifite. '''
11
    version = '2.2.5'
12

13
    initialized = False # Flag indicating config has been initialized
14
    temp_dir = None     # Temporary directory
15
    interface = None
16
    verbose = 0
17

18
    @classmethod
19
    def initialize(cls, load_interface=True):
20
        '''
21
            Sets up default initial configuration values.
22
            Also sets config values based on command-line arguments.
23
        '''
24
        # TODO: categorize configuration into separate classes (under config/*.py)
25
        # E.g. Configuration.wps.enabled, Configuration.wps.timeout, etc
26

27
        # Only initialize this class once
28
        if cls.initialized:
29
            return
30
        cls.initialized = True
31

32
        cls.verbose = 0 # Verbosity of output. Higher number means more debug info about running processes.
33
        cls.print_stack_traces = True
34

35
        cls.kill_conflicting_processes = False
36

37
        cls.scan_time = 0 # Time to wait before attacking all targets
38

39
        cls.tx_power = 0 # Wifi transmit power (0 is default)
40
        cls.interface = None
41
        cls.target_channel = None # User-defined channel to scan
42
        cls.target_essid = None # User-defined AP name
43
        cls.target_bssid = None # User-defined AP BSSID
44
        cls.ignore_essid = None # ESSIDs to ignore
45
        cls.clients_only = False # Only show targets that have associated clients
46
        cls.five_ghz = False # Scan 5Ghz channels
47
        cls.show_bssids = False # Show BSSIDs in targets list
48
        cls.random_mac = False # Should generate a random Mac address at startup.
49
        cls.no_deauth = False # Deauth hidden networks & WPA handshake targets
50
        cls.num_deauths = 1 # Number of deauth packets to send to each target.
51

52
        cls.encryption_filter = ['WEP', 'WPA', 'WPS']
53

54
        # EvilTwin variables
55
        cls.use_eviltwin = False
56
        cls.eviltwin_port = 80
57
        cls.eviltwin_deauth_iface = None
58
        cls.eviltwin_fakeap_iface = None
59

60
        # WEP variables
61
        cls.wep_filter = False # Only attack WEP networks
62
        cls.wep_pps = 600 # Packets per second
63
        cls.wep_timeout = 600 # Seconds to wait before failing
64
        cls.wep_crack_at_ivs = 10000 # Minimum IVs to start cracking
65
        cls.require_fakeauth = False
66
        cls.wep_restart_stale_ivs = 11 # Seconds to wait before restarting
67
                                                 # Aireplay if IVs don't increaes.
68
                                                 # '0' means never restart.
69
        cls.wep_restart_aircrack = 30  # Seconds to give aircrack to crack
70
                                                 # before restarting the process.
71
        cls.wep_crack_at_ivs = 10000   # Number of IVS to start cracking
72
        cls.wep_keep_ivs = False       # Retain .ivs files across multiple attacks.
73

74
        # WPA variables
75
        cls.wpa_filter = False # Only attack WPA networks
76
        cls.wpa_deauth_timeout = 15 # Wait time between deauths
77
        cls.wpa_attack_timeout = 500 # Wait time before failing
78
        cls.wpa_handshake_dir = 'hs' # Dir to store handshakes
79
        cls.wpa_strip_handshake = False # Strip non-handshake packets
80
        cls.ignore_old_handshakes = False # Always fetch a new handshake
81

82
        # PMKID variables
83
        cls.use_pmkid_only = False  # Only use PMKID Capture+Crack attack
84
        cls.pmkid_timeout = 30  # Time to wait for PMKID capture
85

86
        # Default dictionary for cracking
87
        cls.cracked_file = 'cracked.txt'
88
        cls.wordlist = None
89
        wordlists = [
90
            './wordlist-top4800-probable.txt',  # Local file (ran from cloned repo)
91
            '/usr/share/dict/wordlist-top4800-probable.txt',  # setup.py with prefix=/usr
92
            '/usr/local/share/dict/wordlist-top4800-probable.txt',  # setup.py with prefix=/usr/local
93
            # Other passwords found on Kali
94
            '/usr/share/wfuzz/wordlist/fuzzdb/wordlists-user-passwd/passwds/phpbb.txt',
95
            '/usr/share/fuzzdb/wordlists-user-passwd/passwds/phpbb.txt',
96
            '/usr/share/wordlists/fern-wifi/common.txt'
97
        ]
98
        for wlist in wordlists:
99
            if os.path.exists(wlist):
100
                cls.wordlist = wlist
101
                break
102

103
        # WPS variables
104
        cls.wps_filter  = False  # Only attack WPS networks
105
        cls.no_wps      = False  # Do not use WPS attacks (Pixie-Dust & PIN attacks)
106
        cls.wps_only    = False  # ONLY use WPS attacks on non-WEP networks
107
        cls.use_bully   = False  # Use bully instead of reaver
108
        cls.wps_pixie   = True
109
        cls.wps_pin     = True
110
        cls.wps_ignore_lock = False  # Skip WPS PIN attack if AP is locked.
111
        cls.wps_pixie_timeout = 300      # Seconds to wait for PIN before WPS Pixie attack fails
112
        cls.wps_fail_threshold = 100     # Max number of failures
113
        cls.wps_timeout_threshold = 100  # Max number of timeouts
114

115
        # Commands
116
        cls.show_cracked = False
117
        cls.check_handshake = None
118
        cls.crack_handshake = False
119

120
        # Overwrite config values with arguments (if defined)
121
        cls.load_from_arguments()
122

123
        if load_interface:
124
            cls.get_monitor_mode_interface()
125

126

127
    @classmethod
128
    def get_monitor_mode_interface(cls):
129
        if cls.interface is None:
130
            # Interface wasn't defined, select it!
131
            from .tools.airmon import Airmon
132
            cls.interface = Airmon.ask()
133
            if cls.random_mac:
134
                Macchanger.random()
135

136
    @classmethod
137
    def load_from_arguments(cls):
138
        ''' Sets configuration values based on Argument.args object '''
139
        from .args import Arguments
140

141
        args = Arguments(cls).args
142
        cls.parse_settings_args(args)
143
        cls.parse_wep_args(args)
144
        cls.parse_wpa_args(args)
145
        cls.parse_wps_args(args)
146
        cls.parse_pmkid_args(args)
147
        cls.parse_encryption()
148

149
        # EvilTwin
150
        '''
151
        if args.use_eviltwin:
152
            cls.use_eviltwin = True
153
            Color.pl('{+} {C}option:{W} using {G}eviltwin attacks{W} against all targets')
154
        '''
155

156
        cls.parse_wep_attacks()
157

158
        cls.validate()
159

160
        # Commands
161
        if args.cracked:         cls.show_cracked = True
162
        if args.check_handshake: cls.check_handshake = args.check_handshake
163
        if args.crack_handshake: cls.crack_handshake = True
164

165

166
    @classmethod
167
    def validate(cls):
168
        if cls.use_pmkid_only and cls.wps_only:
169
            Color.pl('{!} {R}Bad Configuration:{O} --pmkid and --wps-only are not compatible')
170
            raise RuntimeError('Unable to attack networks: --pmkid and --wps-only are not compatible together')
171

172

173
    @classmethod
174
    def parse_settings_args(cls, args):
175
        '''Parses basic settings/configurations from arguments.'''
176
        if args.random_mac:
177
            cls.random_mac = True
178
            Color.pl('{+} {C}option:{W} using {G}random mac address{W} ' +
179
                    'when scanning & attacking')
180

181
        if args.channel:
182
            cls.target_channel = args.channel
183
            Color.pl('{+} {C}option:{W} scanning for targets on channel ' +
184
                    '{G}%s{W}' % args.channel)
185

186
        if args.interface:
187
            cls.interface = args.interface
188
            Color.pl('{+} {C}option:{W} using wireless interface ' +
189
                    '{G}%s{W}' % args.interface)
190

191
        if args.target_bssid:
192
            cls.target_bssid = args.target_bssid
193
            Color.pl('{+} {C}option:{W} targeting BSSID ' +
194
                    '{G}%s{W}' % args.target_bssid)
195

196
        if args.five_ghz == True:
197
            cls.five_ghz = True
198
            Color.pl('{+} {C}option:{W} including {G}5Ghz networks{W} in scans')
199

200
        if args.show_bssids == True:
201
            cls.show_bssids = True
202
            Color.pl('{+} {C}option:{W} showing {G}bssids{W} of targets during scan')
203

204
        if args.no_deauth == True:
205
            cls.no_deauth = True
206
            Color.pl('{+} {C}option:{W} will {R}not{W} {O}deauth{W} clients ' +
207
                    'during scans or captures')
208

209
        if args.num_deauths and args.num_deauths > 0:
210
            cls.num_deauths = args.num_deauths
211
            Color.pl('{+} {C}option:{W} send {G}%d{W} deauth packets when deauthing' % (
212
                cls.num_deauths))
213

214
        if args.target_essid:
215
            cls.target_essid = args.target_essid
216
            Color.pl('{+} {C}option:{W} targeting ESSID {G}%s{W}' % args.target_essid)
217

218
        if args.ignore_essid is not None:
219
            cls.ignore_essid = args.ignore_essid
220
            Color.pl('{+} {C}option:{W} {O}ignoring ESSIDs that include {R}%s{W}' % (
221
                args.ignore_essid))
222

223
        if args.clients_only == True:
224
            cls.clients_only = True
225
            Color.pl('{+} {C}option:{W} {O}ignoring targets that do not have ' +
226
                'associated clients')
227

228
        if args.scan_time:
229
            cls.scan_time = args.scan_time
230
            Color.pl('{+} {C}option:{W} ({G}pillage{W}) attack all targets ' +
231
                'after {G}%d{W}s' % args.scan_time)
232

233
        if args.verbose:
234
            cls.verbose = args.verbose
235
            Color.pl('{+} {C}option:{W} verbosity level {G}%d{W}' % args.verbose)
236

237
        if args.kill_conflicting_processes:
238
            cls.kill_conflicting_processes = True
239
            Color.pl('{+} {C}option:{W} kill conflicting processes {G}enabled{W}')
240

241

242
    @classmethod
243
    def parse_wep_args(cls, args):
244
        '''Parses WEP-specific arguments'''
245
        if args.wep_filter:
246
            cls.wep_filter = args.wep_filter
247

248
        if args.wep_pps:
249
            cls.wep_pps = args.wep_pps
250
            Color.pl('{+} {C}option:{W} using {G}%d{W} packets/sec on WEP attacks' % (
251
                args.wep_pps))
252

253
        if args.wep_timeout:
254
            cls.wep_timeout = args.wep_timeout
255
            Color.pl('{+} {C}option:{W} WEP attack timeout set to ' +
256
                '{G}%d seconds{W}' % args.wep_timeout)
257

258
        if args.require_fakeauth:
259
            cls.require_fakeauth = True
260
            Color.pl('{+} {C}option:{W} fake-authentication is ' +
261
                '{G}required{W} for WEP attacks')
262

263
        if args.wep_crack_at_ivs:
264
            cls.wep_crack_at_ivs = args.wep_crack_at_ivs
265
            Color.pl('{+} {C}option:{W} will start cracking WEP keys at ' +
266
                '{G}%d IVs{W}' % args.wep_crack_at_ivs)
267

268
        if args.wep_restart_stale_ivs:
269
            cls.wep_restart_stale_ivs = args.wep_restart_stale_ivs
270
            Color.pl('{+} {C}option:{W} will restart aireplay after ' +
271
                '{G}%d seconds{W} of no new IVs' % args.wep_restart_stale_ivs)
272

273
        if args.wep_restart_aircrack:
274
            cls.wep_restart_aircrack = args.wep_restart_aircrack
275
            Color.pl('{+} {C}option:{W} will restart aircrack every ' +
276
                '{G}%d seconds{W}' % args.wep_restart_aircrack)
277

278
        if args.wep_keep_ivs:
279
            cls.wep_keep_ivs = args.wep_keep_ivs
280
            Color.pl('{+} {C}option:{W} keep .ivs files across multiple WEP attacks')
281

282
    @classmethod
283
    def parse_wpa_args(cls, args):
284
        '''Parses WPA-specific arguments'''
285
        if args.wpa_filter:
286
            cls.wpa_filter = args.wpa_filter
287

288
        if args.wordlist:
289
            if not os.path.exists(args.wordlist):
290
                cls.wordlist = None
291
                Color.pl('{+} {C}option:{O} wordlist {R}%s{O} was not found, wifite will NOT attempt to crack handshakes' % args.wordlist)
292
            elif os.path.isfile(args.wordlist):
293
                cls.wordlist = args.wordlist
294
                Color.pl('{+} {C}option:{W} using wordlist {G}%s{W} to crack WPA handshakes' % args.wordlist)
295
            elif os.path.isdir(args.wordlist):
296
                cls.wordlist = None
297
                Color.pl('{+} {C}option:{O} wordlist {R}%s{O} is a directory, not a file. Wifite will NOT attempt to crack handshakes' % args.wordlist)
298

299
        if args.wpa_deauth_timeout:
300
            cls.wpa_deauth_timeout = args.wpa_deauth_timeout
301
            Color.pl('{+} {C}option:{W} will deauth WPA clients every ' +
302
                    '{G}%d seconds{W}' % args.wpa_deauth_timeout)
303

304
        if args.wpa_attack_timeout:
305
            cls.wpa_attack_timeout = args.wpa_attack_timeout
306
            Color.pl('{+} {C}option:{W} will stop WPA handshake capture after ' +
307
                    '{G}%d seconds{W}' % args.wpa_attack_timeout)
308

309
        if args.ignore_old_handshakes:
310
            cls.ignore_old_handshakes = True
311
            Color.pl('{+} {C}option:{W} will {O}ignore{W} existing handshakes ' +
312
                    '(force capture)')
313

314
        if args.wpa_handshake_dir:
315
            cls.wpa_handshake_dir = args.wpa_handshake_dir
316
            Color.pl('{+} {C}option:{W} will store handshakes to ' +
317
                    '{G}%s{W}' % args.wpa_handshake_dir)
318

319
        if args.wpa_strip_handshake:
320
            cls.wpa_strip_handshake = True
321
            Color.pl('{+} {C}option:{W} will {G}strip{W} non-handshake packets')
322

323
    @classmethod
324
    def parse_wps_args(cls, args):
325
        '''Parses WPS-specific arguments'''
326
        if args.wps_filter:
327
            cls.wps_filter = args.wps_filter
328

329
        if args.wps_only:
330
            cls.wps_only = True
331
            cls.wps_filter = True  # Also only show WPS networks
332
            Color.pl('{+} {C}option:{W} will *only* attack WPS networks with ' +
333
                    '{G}WPS attacks{W} (avoids handshake and PMKID)')
334

335
        if args.no_wps:
336
            # No WPS attacks at all
337
            cls.no_wps = args.no_wps
338
            cls.wps_pixie = False
339
            cls.wps_pin = False
340
            Color.pl('{+} {C}option:{W} will {O}never{W} use {C}WPS attacks{W} ' +
341
                    '(Pixie-Dust/PIN) on targets')
342

343
        elif args.wps_pixie:
344
            # WPS Pixie-Dust only
345
            cls.wps_pixie = True
346
            cls.wps_pin = False
347
            Color.pl('{+} {C}option:{W} will {G}only{W} use {C}WPS Pixie-Dust ' +
348
                    'attack{W} (no {O}PIN{W}) on targets')
349

350
        elif args.wps_no_pixie:
351
            # WPS PIN only
352
            cls.wps_pixie = False
353
            cls.wps_pin = True
354
            Color.pl('{+} {C}option:{W} will {G}only{W} use {C}WPS PIN attack{W} ' +
355
                    '(no {O}Pixie-Dust{W}) on targets')
356

357
        if args.use_bully:
358
            from .tools.bully import Bully
359
            if not Bully.exists():
360
                Color.pl('{!} {R}Bully not found. Defaulting to {O}reaver{W}')
361
                cls.use_bully = False
362
            else:
363
                cls.use_bully = args.use_bully
364
                Color.pl('{+} {C}option:{W} use {C}bully{W} instead of {C}reaver{W} ' +
365
                        'for WPS Attacks')
366

367
        if args.wps_pixie_timeout:
368
            cls.wps_pixie_timeout = args.wps_pixie_timeout
369
            Color.pl('{+} {C}option:{W} WPS pixie-dust attack will fail after ' +
370
                    '{O}%d seconds{W}' % args.wps_pixie_timeout)
371

372
        if args.wps_fail_threshold:
373
            cls.wps_fail_threshold = args.wps_fail_threshold
374
            Color.pl('{+} {C}option:{W} will stop WPS attack after ' +
375
                    '{O}%d failures{W}' % args.wps_fail_threshold)
376

377
        if args.wps_timeout_threshold:
378
            cls.wps_timeout_threshold = args.wps_timeout_threshold
379
            Color.pl('{+} {C}option:{W} will stop WPS attack after ' +
380
                    '{O}%d timeouts{W}' % args.wps_timeout_threshold)
381

382
        if args.wps_ignore_lock:
383
            cls.wps_ignore_lock = True
384
            Color.pl('{+} {C}option:{W} will {O}ignore{W} WPS lock-outs')
385

386
    @classmethod
387
    def parse_pmkid_args(cls, args):
388
        if args.use_pmkid_only:
389
            cls.use_pmkid_only = True
390
            Color.pl('{+} {C}option:{W} will ONLY use {C}PMKID{W} attack on WPA networks')
391

392
        if args.pmkid_timeout:
393
            cls.pmkid_timeout = args.pmkid_timeout
394
            Color.pl('{+} {C}option:{W} will wait {G}%d seconds{W} during {C}PMKID{W} capture' % args.pmkid_timeout)
395

396
    @classmethod
397
    def parse_encryption(cls):
398
        '''Adjusts encryption filter (WEP and/or WPA and/or WPS)'''
399
        cls.encryption_filter = []
400
        if cls.wep_filter: cls.encryption_filter.append('WEP')
401
        if cls.wpa_filter: cls.encryption_filter.append('WPA')
402
        if cls.wps_filter: cls.encryption_filter.append('WPS')
403

404
        if len(cls.encryption_filter) == 3:
405
            Color.pl('{+} {C}option:{W} targeting {G}all encrypted networks{W}')
406
        elif len(cls.encryption_filter) == 0:
407
            # Default to scan all types
408
            cls.encryption_filter = ['WEP', 'WPA', 'WPS']
409
        else:
410
            Color.pl('{+} {C}option:{W} ' +
411
                     'targeting {G}%s-encrypted{W} networks'
412
                        % '/'.join(cls.encryption_filter))
413

414
    @classmethod
415
    def parse_wep_attacks(cls):
416
        '''Parses and sets WEP-specific args (-chopchop, -fragment, etc)'''
417
        cls.wep_attacks = []
418
        from sys import argv
419
        seen = set()
420
        for arg in argv:
421
            if arg in seen: continue
422
            seen.add(arg)
423
            if arg == '-arpreplay':  cls.wep_attacks.append('replay')
424
            if arg == '-fragment':   cls.wep_attacks.append('fragment')
425
            if arg == '-chopchop':   cls.wep_attacks.append('chopchop')
426
            if arg == '-caffelatte': cls.wep_attacks.append('caffelatte')
427
            if arg == '-p0841':      cls.wep_attacks.append('p0841')
428
            if arg == '-hirte':      cls.wep_attacks.append('hirte')
429

430
        if len(cls.wep_attacks) == 0:
431
            # Use all attacks
432
            cls.wep_attacks = ['replay',
433
                'fragment',
434
                'chopchop',
435
                'caffelatte',
436
                'p0841',
437
                'hirte'
438
            ]
439
        elif len(cls.wep_attacks) > 0:
440
            Color.pl('{+} {C}option:{W} using {G}%s{W} WEP attacks'
441
                % '{W}, {G}'.join(cls.wep_attacks))
442

443

444
    @classmethod
445
    def temp(cls, subfile=''):
446
        ''' Creates and/or returns the temporary directory '''
447
        if cls.temp_dir is None:
448
            cls.temp_dir = cls.create_temp()
449
        return cls.temp_dir + subfile
450

451
    @staticmethod
452
    def create_temp():
453
        ''' Creates and returns a temporary directory '''
454
        from tempfile import mkdtemp
455
        tmp = mkdtemp(prefix='wifite')
456
        if not tmp.endswith(os.sep):
457
            tmp += os.sep
458
        return tmp
459

460
    @classmethod
461
    def delete_temp(cls):
462
        ''' Remove temp files and folder '''
463
        if cls.temp_dir is None: return
464
        if os.path.exists(cls.temp_dir):
465
            for f in os.listdir(cls.temp_dir):
466
                os.remove(cls.temp_dir + f)
467
            os.rmdir(cls.temp_dir)
468

469

470
    @classmethod
471
    def exit_gracefully(cls, code=0):
472
        ''' Deletes temp and exist with the given code '''
473
        cls.delete_temp()
474
        Macchanger.reset_if_changed()
475
        from .tools.airmon import Airmon
476
        if cls.interface is not None and Airmon.base_interface is not None:
477
            Color.pl('{!} {O}Note:{W} Leaving interface in Monitor Mode!')
478
            Color.pl('{!} To disable Monitor Mode when finished: ' +
479
                    '{C}airmon-ng stop %s{W}' % cls.interface)
480

481
            # Stop monitor mode
482
            #Airmon.stop(cls.interface)
483
            # Bring original interface back up
484
            #Airmon.put_interface_up(Airmon.base_interface)
485

486
        if Airmon.killed_network_manager:
487
            Color.pl('{!} You can restart NetworkManager when finished ({C}service network-manager start{W})')
488
            #Airmon.start_network_manager()
489

490
        exit(code)
491

492
    @classmethod
493
    def dump(cls):
494
        ''' (Colorful) string representation of the configuration '''
495
        from .util.color import Color
496

497
        max_len = 20
498
        for key in cls.__dict__.keys():
499
            max_len = max(max_len, len(key))
500

501
        result  = Color.s('{W}%s  Value{W}\n' % 'cls Key'.ljust(max_len))
502
        result += Color.s('{W}%s------------------{W}\n' % ('-' * max_len))
503

504
        for (key,val) in sorted(cls.__dict__.items()):
505
            if key.startswith('__') or type(val) in [classmethod, staticmethod] or val is None:
506
                continue
507
            result += Color.s('{G}%s {W} {C}%s{W}\n' % (key.ljust(max_len),val))
508
        return result
509

510
if __name__ == '__main__':
511
    Configuration.initialize(False)
512
    print(Configuration.dump())
513

514