blob: aff847c350fe1826ec7adf0e90c62ded72e12b23 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
|
autoscan - automatic fingerprint of visited networks
autscan remembers network parameters (addresses, dns...) and runs a basic fingerprinting (traceroute, scan) of the network you are connected to.
It has 2 modes:
* runnow: run the fingerprint on the specified interface
* monitor: daemonize and wait on the specified interface, and everytime you connect to a new network it will do the fingerprint
Fingerprinting steps:
_test_pcap
records a 15s PCAP in the background (tcpdump)
_test_ifconfig
remembers ipv4 and ipv6 attributed by DHCP (ifconfig)
_test_iwconfig
remembers AP name and MAC (iwconfig)
_test_route
remembers routing table (route -n)
_test_resolv
remembers DNS attributed by dhcp (resolv.conf)
_test_pubip_get
gets your internet public IP (curl ifconfig.me)
_test_pubip_ping
tests if an arbitrary public IP answers to ping (ping 8.8.8.8)
_test_pubip_traceroute
runs a traceroute to an arbitrary public IP (ping 8.8.8.8)
_test_resolv_traceroute
runs a traceroute to the DNS given by dhcp (traceroute)
The following steps can be disabled using -x to run faster:
_test_explor_traceroute
runs traceroute to arbitrary private IP ranges (traceroute)
_test_explor_scan
runs an nmap scan on the local IP range (nmap)
===============================================================================
Example usage: Run fingerprinting on wlan0
$ sudo ./autoscan.py wlan0
20130724-143501 [>] wlan0: _do_tests
20130724-143501 [-] wlan0: _test_pcap
20130724-143501 [-] wlan0: _test_ifconfig
20130724-143501 [-] wlan0: _test_iwconfig
20130724-143501 [-] wlan0: _test_route
20130724-143502 [-] wlan0: _test_resolv
20130724-143502 [-] wlan0: _test_pubip_get
20130724-143510 [-] wlan0: _test_pubip_ping
20130724-143510 [-] wlan0: _test_pubip_traceroute
20130724-143516 [-] wlan0: _test_resolv_traceroute
20130724-143527 [-] wlan0: _test_explor_traceroute
20130724-143710 [-] wlan0: _test_explor_scan
20130724-143725 [*] wlan0: ./20130724_123501_wlan0_82.247.114.4_freeflo
List the generated files:
find ./20130724_123501_wlan0_82.247.114.4_freeflo
./20130724_123501_wlan0_82.247.114.4_freeflo
./20130724_123501_wlan0_82.247.114.4_freeflo/resolv_traceroute
./20130724_123501_wlan0_82.247.114.4_freeflo/resolv_traceroute/out
./20130724_123501_wlan0_82.247.114.4_freeflo/pubip_get
./20130724_123501_wlan0_82.247.114.4_freeflo/pubip_get/ip
./20130724_123501_wlan0_82.247.114.4_freeflo/pubip_traceroute
./20130724_123501_wlan0_82.247.114.4_freeflo/pubip_traceroute/out
./20130724_123501_wlan0_82.247.114.4_freeflo/iwconfig
./20130724_123501_wlan0_82.247.114.4_freeflo/iwconfig/ap
./20130724_123501_wlan0_82.247.114.4_freeflo/iwconfig/essid
./20130724_123501_wlan0_82.247.114.4_freeflo/iwconfig/out
./20130724_123501_wlan0_82.247.114.4_freeflo/route
./20130724_123501_wlan0_82.247.114.4_freeflo/route/gw
./20130724_123501_wlan0_82.247.114.4_freeflo/route/out
./20130724_123501_wlan0_82.247.114.4_freeflo/pcap
./20130724_123501_wlan0_82.247.114.4_freeflo/pcap/tcpdump.pcap
./20130724_123501_wlan0_82.247.114.4_freeflo/resolv
./20130724_123501_wlan0_82.247.114.4_freeflo/resolv/dns0
./20130724_123501_wlan0_82.247.114.4_freeflo/resolv/dns1
./20130724_123501_wlan0_82.247.114.4_freeflo/resolv/resolv.conf
./20130724_123501_wlan0_82.247.114.4_freeflo/ifconfig
./20130724_123501_wlan0_82.247.114.4_freeflo/ifconfig/up
./20130724_123501_wlan0_82.247.114.4_freeflo/ifconfig/ip4
./20130724_123501_wlan0_82.247.114.4_freeflo/ifconfig/ip6
./20130724_123501_wlan0_82.247.114.4_freeflo/ifconfig/out
./20130724_123501_wlan0_82.247.114.4_freeflo/explor_scan
./20130724_123501_wlan0_82.247.114.4_freeflo/explor_scan/localnet.nmap
./20130724_123501_wlan0_82.247.114.4_freeflo/explor_scan/localnet.xml
./20130724_123501_wlan0_82.247.114.4_freeflo/explor_scan/localnet.gnmap
./20130724_123501_wlan0_82.247.114.4_freeflo/explor_scan/out
./20130724_123501_wlan0_82.247.114.4_freeflo/explor_traceroute
./20130724_123501_wlan0_82.247.114.4_freeflo/explor_traceroute/out_172.16.0.1
./20130724_123501_wlan0_82.247.114.4_freeflo/explor_traceroute/out_192.168.0.1
./20130724_123501_wlan0_82.247.114.4_freeflo/explor_traceroute/out_192.168.2.1
./20130724_123501_wlan0_82.247.114.4_freeflo/explor_traceroute/out_10.0.0.1
./20130724_123501_wlan0_82.247.114.4_freeflo/explor_traceroute/out_192.168.1.1
./20130724_123501_wlan0_82.247.114.4_freeflo/pubip_ping
./20130724_123501_wlan0_82.247.114.4_freeflo/pubip_ping/code
./20130724_123501_wlan0_82.247.114.4_freeflo/pubip_ping/out
Look at the output of iwconfig:
$ more ./20130724_123501_wlan0_82.247.114.4_freeflo/iwconfig/out
wlan0 IEEE 802.11abgn ESSID:"freeflo"
Mode:Managed Frequency:2.462 GHz Access Point: 7A:A4:42:A7:92:34
Bit Rate=54 Mb/s Tx-Power=15 dBm
Retry long limit:7 RTS thr:off Fragment thr:off
Encryption key:off
Power Management:off
Link Quality=62/70 Signal level=-48 dBm
Rx invalid nwid:0 Rx invalid crypt:0 Rx invalid frag:0
Tx excessive retries:18 Invalid misc:1208 Missed beacon:0
Look at the SSID:
$ more ./20130724_123501_wlan0_82.247.114.4_freeflo/iwconfig/essid
freeflo
Look at the public IP:
$ more ./20130724_123501_wlan0_82.247.114.4_freeflo/pubip_get/ip
82.247.82.44
===============================================================================
Example usage: Run in monitor mode on wlan0
$ sudo ./autoscan.py -m wlan0
# Connect via WIFI to "freeflo" then "FreeWifi" networks
$ cat autoscan.log
20130724-144805 [>] wlan0: _wait_up # autoscan waits for a network
20130724-144808 [>] wlan0: _do_tests # I just connected to "freeflo"
20130724-144808 [-] wlan0: _test_pcap
20130724-144808 [-] wlan0: _test_ifconfig
20130724-144811 [-] wlan0: _test_iwconfig
20130724-144811 [-] wlan0: _test_route
20130724-144811 [-] wlan0: _test_resolv
20130724-144811 [-] wlan0: _test_pubip_get
20130724-144814 [-] wlan0: _test_pubip_ping
20130724-144815 [-] wlan0: _test_pubip_traceroute
20130724-144821 [-] wlan0: _test_resolv_traceroute
20130724-144842 [-] wlan0: _test_explor_traceroute
20130724-145041 [-] wlan0: _test_explor_scan
20130724-145050 [*] wlan0: ./20130724_124808_wlan0_82.247.114.4_freeflo
20130724-145050 [>] wlan0: _wait_down # autoscan waits for me to disconnect
20130724-145455 [>] wlan0: _wait_up # I disconnected from "freeflo"
20130724-145514 [>] wlan0: _do_tests # I connect to "FreeWifi"
20130724-145514 [-] wlan0: _test_pcap
20130724-145514 [-] wlan0: _test_ifconfig
20130724-145514 [-] wlan0: _test_iwconfig
20130724-145514 [-] wlan0: _test_route
20130724-145514 [-] wlan0: _test_resolv
20130724-145514 [-] wlan0: _test_pubip_get
20130724-145515 [-] wlan0: _test_pubip_ping
20130724-145518 [-] wlan0: _test_pubip_traceroute
20130724-145549 [-] wlan0: _test_resolv_traceroute
20130724-145604 [-] wlan0: _test_explor_traceroute
20130724-145835 [-] wlan0: _test_explor_scan
20130724-150202 [*] wlan0: ./20130724_125514_wlan0_78.251.248.51_FreeWifi
20130724-150202 [>] wlan0: _wait_down
|