diff options
| author |   Laurent Ghigonis <laurent@p1sec.com> | 2013-07-24 15:26:47 +0200 |
|---|---|---|
| committer | Laurent Ghigonis <laurent@p1sec.com> | 2013-07-24 15:26:47 +0200 |
| commit | 63fdd690cc3590a07dd83956c6973cbcca1ff87c (patch) | |
| tree | d893834a505e5ee8f71e6738614761105eb03962 /autoscan/README.txt | |
| parent | autoscan: logging (diff) | |
| download | laurent-tools-63fdd690cc3590a07dd83956c6973cbcca1ff87c.tar.xz laurent-tools-63fdd690cc3590a07dd83956c6973cbcca1ff87c.zip | |
autoscan: add a README
Diffstat (limited to 'autoscan/README.txt')
| -rw-r--r-- | autoscan/README.txt | 153 |
1 files changed, 153 insertions, 0 deletions
diff --git a/autoscan/README.txt b/autoscan/README.txt new file mode 100644 index 0000000..dcc36b6 --- /dev/null +++ b/autoscan/README.txt @@ -0,0 +1,153 @@ +autoscan - automatic fingerprint of visited networks + +autscan remembers network parameters (addresses, dns...) and runs a basic fingerprinting (traceroute, scan) of the network you are connected to. +It has 2 modes: +* runnow: run the fingerprint on the specified interface +* monitor: daemonize and wait on the specified interface, and everytime you connect to a new network it will do the fingerprint + +Fingerprinting steps: +_test_pcap + records a 15s PCAP +_test_ifconfig + remembers attributed ipv4 and ipv6 +_test_iwconfig + remembers AP name and MAC +_test_route + remmebers routing table +_test_resolv + remembers DNS given by dhcp (resolv.conf) +_test_pubip_get + gets your internet public IP (curl ifconfig.me) +_test_pubip_ping + tests if an arbitrary public IP answers to ping (8.8.8.8) +_test_pubip_traceroute + runs a traceroute to an arbitrary public IP (8.8.8.8) +_test_resolv_traceroute + runs a traceroute to the DNS given by dhcp +The following steps can be disabled using -x to run faster: +_test_explor_traceroute + runs traceroute to arbitrary private IP ranges +_test_explor_scan + runs an nmap scan on the local IP range + +=============================================================================== +Example usage: Run fingerprinting on wlan0 + +$ sudo ./autoscan.py wlan0 +20130724-143501 [>] wlan0: _do_tests +20130724-143501 [-] wlan0: _test_pcap +20130724-143501 [-] wlan0: _test_ifconfig +20130724-143501 [-] wlan0: _test_iwconfig +20130724-143501 [-] wlan0: _test_route +20130724-143502 [-] wlan0: _test_resolv +20130724-143502 [-] wlan0: _test_pubip_get +20130724-143510 [-] wlan0: _test_pubip_ping +20130724-143510 [-] wlan0: _test_pubip_traceroute +20130724-143516 [-] wlan0: _test_resolv_traceroute +20130724-143527 [-] wlan0: _test_explor_traceroute +20130724-143710 [-] wlan0: _test_explor_scan +20130724-143725 [*] wlan0: ./20130724_123501_wlan0_82.247.114.4_freeflo + +List the generated files: + +find ./20130724_123501_wlan0_82.247.114.4_freeflo +./20130724_123501_wlan0_82.247.114.4_freeflo +./20130724_123501_wlan0_82.247.114.4_freeflo/resolv_traceroute +./20130724_123501_wlan0_82.247.114.4_freeflo/resolv_traceroute/out +./20130724_123501_wlan0_82.247.114.4_freeflo/pubip_get +./20130724_123501_wlan0_82.247.114.4_freeflo/pubip_get/ip +./20130724_123501_wlan0_82.247.114.4_freeflo/pubip_traceroute +./20130724_123501_wlan0_82.247.114.4_freeflo/pubip_traceroute/out +./20130724_123501_wlan0_82.247.114.4_freeflo/iwconfig +./20130724_123501_wlan0_82.247.114.4_freeflo/iwconfig/ap +./20130724_123501_wlan0_82.247.114.4_freeflo/iwconfig/essid +./20130724_123501_wlan0_82.247.114.4_freeflo/iwconfig/out +./20130724_123501_wlan0_82.247.114.4_freeflo/route +./20130724_123501_wlan0_82.247.114.4_freeflo/route/gw +./20130724_123501_wlan0_82.247.114.4_freeflo/route/out +./20130724_123501_wlan0_82.247.114.4_freeflo/pcap +./20130724_123501_wlan0_82.247.114.4_freeflo/pcap/tcpdump.pcap +./20130724_123501_wlan0_82.247.114.4_freeflo/resolv +./20130724_123501_wlan0_82.247.114.4_freeflo/resolv/dns0 +./20130724_123501_wlan0_82.247.114.4_freeflo/resolv/dns1 +./20130724_123501_wlan0_82.247.114.4_freeflo/resolv/resolv.conf +./20130724_123501_wlan0_82.247.114.4_freeflo/ifconfig +./20130724_123501_wlan0_82.247.114.4_freeflo/ifconfig/up +./20130724_123501_wlan0_82.247.114.4_freeflo/ifconfig/ip4 +./20130724_123501_wlan0_82.247.114.4_freeflo/ifconfig/ip6 +./20130724_123501_wlan0_82.247.114.4_freeflo/ifconfig/out +./20130724_123501_wlan0_82.247.114.4_freeflo/explor_scan +./20130724_123501_wlan0_82.247.114.4_freeflo/explor_scan/localnet.nmap +./20130724_123501_wlan0_82.247.114.4_freeflo/explor_scan/localnet.xml +./20130724_123501_wlan0_82.247.114.4_freeflo/explor_scan/localnet.gnmap +./20130724_123501_wlan0_82.247.114.4_freeflo/explor_scan/out +./20130724_123501_wlan0_82.247.114.4_freeflo/explor_traceroute +./20130724_123501_wlan0_82.247.114.4_freeflo/explor_traceroute/out_172.16.0.1 +./20130724_123501_wlan0_82.247.114.4_freeflo/explor_traceroute/out_192.168.0.1 +./20130724_123501_wlan0_82.247.114.4_freeflo/explor_traceroute/out_192.168.2.1 +./20130724_123501_wlan0_82.247.114.4_freeflo/explor_traceroute/out_10.0.0.1 +./20130724_123501_wlan0_82.247.114.4_freeflo/explor_traceroute/out_192.168.1.1 +./20130724_123501_wlan0_82.247.114.4_freeflo/pubip_ping +./20130724_123501_wlan0_82.247.114.4_freeflo/pubip_ping/code +./20130724_123501_wlan0_82.247.114.4_freeflo/pubip_ping/out + + +Look at the output of iwconfig: +$ more ./20130724_123501_wlan0_82.247.114.4_freeflo/iwconfig/out +wlan0 IEEE 802.11abgn ESSID:"freeflo" + Mode:Managed Frequency:2.462 GHz Access Point: 7A:A4:42:A7:92:34 + Bit Rate=54 Mb/s Tx-Power=15 dBm + Retry long limit:7 RTS thr:off Fragment thr:off + Encryption key:off + Power Management:off + Link Quality=62/70 Signal level=-48 dBm + Rx invalid nwid:0 Rx invalid crypt:0 Rx invalid frag:0 + Tx excessive retries:18 Invalid misc:1208 Missed beacon:0 + +Look at the SSID: +$ more ./20130724_123501_wlan0_82.247.114.4_freeflo/iwconfig/essid +freeflo + +Look at the public IP: +$ more ./20130724_123501_wlan0_82.247.114.4_freeflo/pubip_get/ip +82.247.82.44 + +=============================================================================== +Example usage: Run in monitor mode on wlan0 + +$ sudo ./autoscan.py -m wlan0 + +# Connect via WIFI to "freeflo" then "FreeWifi" networks + +$ cat autoscan.log +20130724-144805 [>] wlan0: _wait_up # autoscan waits for a network +20130724-144808 [>] wlan0: _do_tests # I just connected to "freeflo" +20130724-144808 [-] wlan0: _test_pcap +20130724-144808 [-] wlan0: _test_ifconfig +20130724-144811 [-] wlan0: _test_iwconfig +20130724-144811 [-] wlan0: _test_route +20130724-144811 [-] wlan0: _test_resolv +20130724-144811 [-] wlan0: _test_pubip_get +20130724-144814 [-] wlan0: _test_pubip_ping +20130724-144815 [-] wlan0: _test_pubip_traceroute +20130724-144821 [-] wlan0: _test_resolv_traceroute +20130724-144842 [-] wlan0: _test_explor_traceroute +20130724-145041 [-] wlan0: _test_explor_scan +20130724-145050 [*] wlan0: ./20130724_124808_wlan0_82.247.114.4_freeflo +20130724-145050 [>] wlan0: _wait_down # autoscan waits for me to disconnect +20130724-145455 [>] wlan0: _wait_up # I disconnected from "freeflo" +20130724-145514 [>] wlan0: _do_tests # I connect to "FreeWifi" +20130724-145514 [-] wlan0: _test_pcap +20130724-145514 [-] wlan0: _test_ifconfig +20130724-145514 [-] wlan0: _test_iwconfig +20130724-145514 [-] wlan0: _test_route +20130724-145514 [-] wlan0: _test_resolv +20130724-145514 [-] wlan0: _test_pubip_get +20130724-145515 [-] wlan0: _test_pubip_ping +20130724-145518 [-] wlan0: _test_pubip_traceroute +20130724-145549 [-] wlan0: _test_resolv_traceroute +20130724-145604 [-] wlan0: _test_explor_traceroute +20130724-145835 [-] wlan0: _test_explor_scan +20130724-150202 [*] wlan0: ./20130724_125514_wlan0_78.251.248.51_FreeWifi +20130724-150202 [>] wlan0: _wait_down + |