blob: dcc36b6bbbaf24384e4021c3368d7db52d11f586 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
|
autoscan - automatic fingerprint of visited networks
autscan remembers network parameters (addresses, dns...) and runs a basic fingerprinting (traceroute, scan) of the network you are connected to.
It has 2 modes:
* runnow: run the fingerprint on the specified interface
* monitor: daemonize and wait on the specified interface, and everytime you connect to a new network it will do the fingerprint
Fingerprinting steps:
_test_pcap
records a 15s PCAP
_test_ifconfig
remembers attributed ipv4 and ipv6
_test_iwconfig
remembers AP name and MAC
_test_route
remmebers routing table
_test_resolv
remembers DNS given by dhcp (resolv.conf)
_test_pubip_get
gets your internet public IP (curl ifconfig.me)
_test_pubip_ping
tests if an arbitrary public IP answers to ping (8.8.8.8)
_test_pubip_traceroute
runs a traceroute to an arbitrary public IP (8.8.8.8)
_test_resolv_traceroute
runs a traceroute to the DNS given by dhcp
The following steps can be disabled using -x to run faster:
_test_explor_traceroute
runs traceroute to arbitrary private IP ranges
_test_explor_scan
runs an nmap scan on the local IP range
===============================================================================
Example usage: Run fingerprinting on wlan0
$ sudo ./autoscan.py wlan0
20130724-143501 [>] wlan0: _do_tests
20130724-143501 [-] wlan0: _test_pcap
20130724-143501 [-] wlan0: _test_ifconfig
20130724-143501 [-] wlan0: _test_iwconfig
20130724-143501 [-] wlan0: _test_route
20130724-143502 [-] wlan0: _test_resolv
20130724-143502 [-] wlan0: _test_pubip_get
20130724-143510 [-] wlan0: _test_pubip_ping
20130724-143510 [-] wlan0: _test_pubip_traceroute
20130724-143516 [-] wlan0: _test_resolv_traceroute
20130724-143527 [-] wlan0: _test_explor_traceroute
20130724-143710 [-] wlan0: _test_explor_scan
20130724-143725 [*] wlan0: ./20130724_123501_wlan0_82.247.114.4_freeflo
List the generated files:
find ./20130724_123501_wlan0_82.247.114.4_freeflo
./20130724_123501_wlan0_82.247.114.4_freeflo
./20130724_123501_wlan0_82.247.114.4_freeflo/resolv_traceroute
./20130724_123501_wlan0_82.247.114.4_freeflo/resolv_traceroute/out
./20130724_123501_wlan0_82.247.114.4_freeflo/pubip_get
./20130724_123501_wlan0_82.247.114.4_freeflo/pubip_get/ip
./20130724_123501_wlan0_82.247.114.4_freeflo/pubip_traceroute
./20130724_123501_wlan0_82.247.114.4_freeflo/pubip_traceroute/out
./20130724_123501_wlan0_82.247.114.4_freeflo/iwconfig
./20130724_123501_wlan0_82.247.114.4_freeflo/iwconfig/ap
./20130724_123501_wlan0_82.247.114.4_freeflo/iwconfig/essid
./20130724_123501_wlan0_82.247.114.4_freeflo/iwconfig/out
./20130724_123501_wlan0_82.247.114.4_freeflo/route
./20130724_123501_wlan0_82.247.114.4_freeflo/route/gw
./20130724_123501_wlan0_82.247.114.4_freeflo/route/out
./20130724_123501_wlan0_82.247.114.4_freeflo/pcap
./20130724_123501_wlan0_82.247.114.4_freeflo/pcap/tcpdump.pcap
./20130724_123501_wlan0_82.247.114.4_freeflo/resolv
./20130724_123501_wlan0_82.247.114.4_freeflo/resolv/dns0
./20130724_123501_wlan0_82.247.114.4_freeflo/resolv/dns1
./20130724_123501_wlan0_82.247.114.4_freeflo/resolv/resolv.conf
./20130724_123501_wlan0_82.247.114.4_freeflo/ifconfig
./20130724_123501_wlan0_82.247.114.4_freeflo/ifconfig/up
./20130724_123501_wlan0_82.247.114.4_freeflo/ifconfig/ip4
./20130724_123501_wlan0_82.247.114.4_freeflo/ifconfig/ip6
./20130724_123501_wlan0_82.247.114.4_freeflo/ifconfig/out
./20130724_123501_wlan0_82.247.114.4_freeflo/explor_scan
./20130724_123501_wlan0_82.247.114.4_freeflo/explor_scan/localnet.nmap
./20130724_123501_wlan0_82.247.114.4_freeflo/explor_scan/localnet.xml
./20130724_123501_wlan0_82.247.114.4_freeflo/explor_scan/localnet.gnmap
./20130724_123501_wlan0_82.247.114.4_freeflo/explor_scan/out
./20130724_123501_wlan0_82.247.114.4_freeflo/explor_traceroute
./20130724_123501_wlan0_82.247.114.4_freeflo/explor_traceroute/out_172.16.0.1
./20130724_123501_wlan0_82.247.114.4_freeflo/explor_traceroute/out_192.168.0.1
./20130724_123501_wlan0_82.247.114.4_freeflo/explor_traceroute/out_192.168.2.1
./20130724_123501_wlan0_82.247.114.4_freeflo/explor_traceroute/out_10.0.0.1
./20130724_123501_wlan0_82.247.114.4_freeflo/explor_traceroute/out_192.168.1.1
./20130724_123501_wlan0_82.247.114.4_freeflo/pubip_ping
./20130724_123501_wlan0_82.247.114.4_freeflo/pubip_ping/code
./20130724_123501_wlan0_82.247.114.4_freeflo/pubip_ping/out
Look at the output of iwconfig:
$ more ./20130724_123501_wlan0_82.247.114.4_freeflo/iwconfig/out
wlan0 IEEE 802.11abgn ESSID:"freeflo"
Mode:Managed Frequency:2.462 GHz Access Point: 7A:A4:42:A7:92:34
Bit Rate=54 Mb/s Tx-Power=15 dBm
Retry long limit:7 RTS thr:off Fragment thr:off
Encryption key:off
Power Management:off
Link Quality=62/70 Signal level=-48 dBm
Rx invalid nwid:0 Rx invalid crypt:0 Rx invalid frag:0
Tx excessive retries:18 Invalid misc:1208 Missed beacon:0
Look at the SSID:
$ more ./20130724_123501_wlan0_82.247.114.4_freeflo/iwconfig/essid
freeflo
Look at the public IP:
$ more ./20130724_123501_wlan0_82.247.114.4_freeflo/pubip_get/ip
82.247.82.44
===============================================================================
Example usage: Run in monitor mode on wlan0
$ sudo ./autoscan.py -m wlan0
# Connect via WIFI to "freeflo" then "FreeWifi" networks
$ cat autoscan.log
20130724-144805 [>] wlan0: _wait_up # autoscan waits for a network
20130724-144808 [>] wlan0: _do_tests # I just connected to "freeflo"
20130724-144808 [-] wlan0: _test_pcap
20130724-144808 [-] wlan0: _test_ifconfig
20130724-144811 [-] wlan0: _test_iwconfig
20130724-144811 [-] wlan0: _test_route
20130724-144811 [-] wlan0: _test_resolv
20130724-144811 [-] wlan0: _test_pubip_get
20130724-144814 [-] wlan0: _test_pubip_ping
20130724-144815 [-] wlan0: _test_pubip_traceroute
20130724-144821 [-] wlan0: _test_resolv_traceroute
20130724-144842 [-] wlan0: _test_explor_traceroute
20130724-145041 [-] wlan0: _test_explor_scan
20130724-145050 [*] wlan0: ./20130724_124808_wlan0_82.247.114.4_freeflo
20130724-145050 [>] wlan0: _wait_down # autoscan waits for me to disconnect
20130724-145455 [>] wlan0: _wait_up # I disconnected from "freeflo"
20130724-145514 [>] wlan0: _do_tests # I connect to "FreeWifi"
20130724-145514 [-] wlan0: _test_pcap
20130724-145514 [-] wlan0: _test_ifconfig
20130724-145514 [-] wlan0: _test_iwconfig
20130724-145514 [-] wlan0: _test_route
20130724-145514 [-] wlan0: _test_resolv
20130724-145514 [-] wlan0: _test_pubip_get
20130724-145515 [-] wlan0: _test_pubip_ping
20130724-145518 [-] wlan0: _test_pubip_traceroute
20130724-145549 [-] wlan0: _test_resolv_traceroute
20130724-145604 [-] wlan0: _test_explor_traceroute
20130724-145835 [-] wlan0: _test_explor_scan
20130724-150202 [*] wlan0: ./20130724_125514_wlan0_78.251.248.51_FreeWifi
20130724-150202 [>] wlan0: _wait_down
|