用python编写的无线AP扫描器
代码如下:
#coding=utf-8 import os
import sys
import subprocess
from scapy.all import * RSN = 48 #管理帧信息元素(Dot11Elt)ID48是RSN信息
WPA = 221 #管理帧信息元素ID221是WPA信息
Dot11i = {0:'GroupCipher',
1:'WEP-40',
2:'TKIP',
4:'CCMP',
5:'WEP-104'
} #RSN信息的第6字节
WPA_Auth = {1:'802.11x/PMK',
2:'PSK'
} #RSN信息的第22字节
DN = open(os.devnull,'w') def get_wlan_interfaces():
'''
返回当前PC上所有的无线网卡以及网卡所处的模式
'''
interfaces = {'monitor':[],'managed':[],'all':[]}
proc = subprocess.Popen(['iwconfig'],stdout=subprocess.PIPE,stderr=DN)
lines = proc.communicate()[0].split('\n')
for line in lines:
if line:
if line[0] != ' ':
iface = line.split(' ')[0]
if 'Mode:Monitor' in line:
interfaces['monitor'].append(iface)
if 'IEEE 802.11' in line:
interfaces['managed'].append(iface)
interfaces['all'].append(iface)
if len(interfaces['managed']) == 0:
sys.exit('[!]没有无线网卡,请插入网卡')
return interfaces interfaces = get_wlan_interfaces() #获取当前的无线网卡 def get_strongest_inface():
'''
通过iwlist dev scan命令,根据无线网卡可获取到的AP数量来判断哪个网卡的功率最强
'''
iface_APs = []
#interfaces = get_wlan_interfaces()
for iface in interfaces['managed']:
count = 0
if iface:
proc = subprocess.Popen(['iwlist',iface,'scan'],stdout=subprocess.PIPE,stderr=DN)
lines = proc.communicate()[0].split('\n')
for line in lines:
if line:
if '- Address:' in line:
count += 1
iface_APs.append((count,iface))
interface = max(iface_APs)[1]
return interface def start_monitor_mode():
'''
通过airmon-ng工具将无线网卡启动为监听状态
'''
if interfaces['monitor']:
print '[*]监听网卡为:%s' % interfaces['monitor'][0]
return interfaces['monitor'][0]
interface = get_strongest_inface()
print '[*]网卡%s开启监听模式...' % interface
try:
os.system('/usr/sbin/airmon-ng start %s' % interface)
moni_inface = get_wlan_interfaces()['monitor']
print '[*]监听网卡为:%s' % moni_inface[0]
return moni_inface
except:
sys.exit('[!]无法开启监听模式') def get_AP_info(pkt):
'''
从Dot11数据包中获取AP的SSID,BSSID,chanle,加密等信息
'''
AP_info = {}
bssid = pkt[Dot11][Dot11Elt].info
ssid = pkt[Dot11].addr2
chanle = str(ord(pkt[Dot11][Dot11Elt][:3].info))
AP_infos = [bssid,chanle]
wpa_info,cipher_info = get_Dot11_RSN(pkt)
if wpa_info and cipher_info:
AP_infos = AP_infos + [wpa_info,cipher_info]
AP_info[ssid]=AP_infos
return AP_info APs_info = {}
def get_APs_info(pkt):
global APs_info
if pkt.haslayer(Dot11) and (pkt.haslayer(Dot11Beacon) or pkt.haslayer(Dot11ProbeResp)):
AP_info = get_AP_info(pkt) if not APs_info.has_key(AP_info.keys()[0]):
APs_info.update(AP_info)
return APs_info already_shows = []
def show_APs_info(pkt):
global already_shows
APs_info = get_APs_info(pkt)
for (key,value) in APs_info.items():
if key not in already_shows:
already_shows.append(key)
print '-' * 40
print ' [+]AP的BSSID:%s' % value[0]
print ' [+]AP的SSID:%s' % key
print ' [+]AP当前的chanle:%s' % value[1]
if len(value) == 4:
print ' [+]AP的认证方式为:%s' % value[2]
print ' [+]AP的加密算法为:%s' % value[3]
else:
print ' [+]开放验证!!'
print '-' * 40 def get_Dot11_RSN(pkt):
'''
从Beacon帧以及ProbeResponse帧获取cipher及auth信息
'''
ssid = pkt[Dot11].addr2
len_Elt = len(pkt[Dot11Elt].summary().split('/'))
#print pkt.show()
for i in range(len_Elt):
if pkt[Dot11Elt][i].ID == RSN:
try:
RSN_info = hexstr(pkt[Dot11Elt][i].info)
cipher_index = RSN_info.find('ac') #第一个00 0f ac 02中的‘02’代表cipher
auth_index = RSN_info.rfind('ac') #从后往前数第一个00 0f ac 02中的‘02’代表AUTH
cipher_num = int(RSN_info[(cipher_index + 3):(cipher_index + 5)])
auth_num = int(RSN_info[(auth_index + 3):(auth_index + 5)])
for key,value in Dot11i.items():
if cipher_num == key:
cipher_info = value
for key,value in WPA_Auth.items():
if auth_num == key:
wpa_info = value
#print wpa_info,cipher_info
return wpa_info,cipher_info
except:
pass
return None,None def sniffering(interface,action):
'''
嗅探5000个数据包
'''
print '[*]附近AP信息如下:'
sniff(iface=interface,prn=action,count=5000,store=0) def main():
moni_inface = start_monitor_mode()
sniffering(moni_inface, show_APs_info) if __name__ == '__main__':
main()
运行结果如下:
# python test_sniff.py
WARNING: No route found for IPv6 destination :: (no default route?)
[*]监听网卡为:wlan1mon
[*]附近AP信息如下:
----------------------------------------
[+]AP的BSSID:100msh-XXX
[+]AP的SSID:84:82:f4:xx:xx:xx
[+]AP当前的chanle:11
[+]开放验证!!
----------------------------------------
----------------------------------------
[+]AP的BSSID:��¡����
[+]AP的SSID:d0:c7:c0:xx:xx:xx
[+]AP当前的chanle:11
[+]AP的认证方式为:PSK
[+]AP的加密算法为:CCMP
----------------------------------------
----------------------------------------
[+]AP的BSSID:FAST_XXX
[+]AP的SSID:78:eb:14:xx:xx:xx
[+]AP当前的chanle:11
[+]AP的认证方式为:PSK
[+]AP的加密算法为:CCMP
----------------------------------------
----------------------------------------
[+]AP的BSSID:FAST_XXX
[+]AP的SSID:0c:72:2c:xx:xx:xx
[+]AP当前的chanle:11
[+]AP的认证方式为:PSK
[+]AP的加密算法为:CCMP
----------------------------------------
----------------------------------------
[+]AP的BSSID:XXX
[+]AP的SSID:80:81:10:xx:xx:xx
[+]AP当前的chanle:8
[+]AP的认证方式为:PSK
[+]AP的加密算法为:TKIP
----------------------------------------
----------------------------------------
[+]AP的BSSID:XXX
[+]AP的SSID:80:81:10:xx:xx:xx
[+]AP当前的chanle:8
[+]AP的认证方式为:PSK
[+]AP的加密算法为:TKIP
----------------------------------------
----------------------------------------
[+]AP的BSSID:360免费WiFi-44
[+]AP的SSID:24:05:0f:xx:xx:xx
[+]AP当前的chanle:11
[+]AP的认证方式为:PSK
[+]AP的加密算法为:CCMP
----------------------------------------
用python编写的无线AP扫描器的更多相关文章
- 使用Python编写简单的端口扫描器的实例分享【转】
转自 使用Python编写简单的端口扫描器的实例分享_python_脚本之家 http://www.jb51.net/article/76630.htm -*- coding:utf8 -*- #!/ ...
- 用python编写的简易端口扫描器
#coding = utf-8 ''' python 3.4 通过简单的TCP端口连接来判断指定IP是否开放了指定端口. ''' import socket import optparse impor ...
- 基于python编写的天气抓取程序
以前一直使用中国天气网的天气预报组件都挺好,可是自从他们升级组件后数据加载变得非常不稳定,因为JS的阻塞常常导致网站打开速度很慢.为了解决这个问题决定现学现用python编写一个抓取程序,每天定时抓取 ...
- 【摘】【网络】无线AP与无线路由器有什么区别?
参考网站: 1.无线上网百科 http://wifi.baike.com/article-290204.html 图片 1 今天我们从功能.应用.组网和成本四个方面为大家区分无线路由器和无线AP.当前 ...
- 用Python编写博客导出工具
用Python编写博客导出工具 罗朝辉 (http://kesalin.github.io/) CC 许可,转载请注明出处 写在前面的话 我在 github 上用 octopress 搭建了个人博 ...
- 无线AP和无线路由器区别
无线AP,即Access Point,也就是无线接入点.简单来说就是wifi共享上网中的无线交换机,它是移动终端用户进入有线网络的接入点. AD:51CTO技术沙龙 | 赋予APP不同凡响的交互和体验 ...
- 【转载】Python编写简易木马程序
转载来自: http://drops.wooyun.org/papers/4751?utm_source=tuicool 使用Python编写一个具有键盘记录.截屏以及通信功能的简易木马. 首先准备好 ...
- 利用win7系统自带的dos命令把笔记本无线网卡当无线路由器(无线AP发射器)
利用win7系统自带的dos命令把笔记本无线网卡当无线路由器(无线AP发射器). 1.打开win7开始菜单,找到命令提示符选项,以管理员身份运行cmd.2.在命令行上输入:netsh wlan set ...
- 用Python编写的第一个回测程序
用Python编写的第一个回测程序 2016-08-06 def savfig(figureObj, fn_prefix1='backtest8', fn_prefix2='_1_'): import ...
随机推荐
- Codeforces 898E Squares and not squares
题目大意 给定 $n$($n$ 是偶数,$2\le n\le 2\times 10^{5}$)个非负整数 $a_1,\dots, a_n$($a_i\le 10^9$). 要求将其中 $n/2$ 个数 ...
- [暑假集训--数位dp]hdu3555 Bomb
The counter-terrorists found a time bomb in the dust. But this time the terrorists improve on the ti ...
- Enable and Use Remote Commands in Windows PowerShell
The Windows PowerShell remoting features are supported by the WS-Management protocol and the Windows ...
- static变量的生命周期
static生命周期 2011-07-15 16:01 静态变量的类型说明符是static.静态变量当然是属于静态存储方式,但是属于静态存储方式的量不一定就是静态变量,例如外部变量虽属于静态存储方式, ...
- LeetCode OJ--Add Two Numbers
http://oj.leetcode.com/problems/add-two-numbers/ 将用链表表示的两个数相加,(2 -> 4 -> 3) + (5 -> 6 -> ...
- HDU 5890 Eighty seven(DP+bitset优化)
题目链接 Eighty seven 背包(用bitset预处理)然后对于每个询问O(1)回答即可. 预处理的时候背包. #include <bits/stdc++.h> using nam ...
- TCP server和client
http://blog.csdn.net/hguisu/article/details/7445768/ 原文:http://www.cnblogs.com/dolphinX/p/3460545.ht ...
- android 什么时候call super.onDestory()等
Methods you override that are part of component creation (onCreate(), onStart(), onResume(), etc.), ...
- mysql 设置不了短串密码怎么办 You must reset your password using ALTER USER statement before executing this statement.
centos7+ 安装 mysq 5.7 https://www.linuxidc.com/Linux/2016-09/135288.htm set global validate_password_ ...
- Linux下使用mv重命名文件或者移动文件(增强版的工具为rename)
mv命令既可以重命名,又可以移动文件或文件夹. 例子:将目录A重命名为B mv A B 例子:将/a目录移动到/b下,并重命名为c mv /a /b/c 例子:将文件A.txt重命名为B.txt mv ...