代码如下:

 #coding=utf-8

 import os
import sys
import subprocess
from scapy.all import * RSN = 48 #管理帧信息元素(Dot11Elt)ID48是RSN信息
WPA = 221 #管理帧信息元素ID221是WPA信息
Dot11i = {0:'GroupCipher',
1:'WEP-40',
2:'TKIP',
4:'CCMP',
5:'WEP-104'
} #RSN信息的第6字节
WPA_Auth = {1:'802.11x/PMK',
2:'PSK'
} #RSN信息的第22字节
DN = open(os.devnull,'w') def get_wlan_interfaces():
'''
返回当前PC上所有的无线网卡以及网卡所处的模式
'''
interfaces = {'monitor':[],'managed':[],'all':[]}
proc = subprocess.Popen(['iwconfig'],stdout=subprocess.PIPE,stderr=DN)
lines = proc.communicate()[0].split('\n')
for line in lines:
if line:
if line[0] != ' ':
iface = line.split(' ')[0]
if 'Mode:Monitor' in line:
interfaces['monitor'].append(iface)
if 'IEEE 802.11' in line:
interfaces['managed'].append(iface)
interfaces['all'].append(iface)
if len(interfaces['managed']) == 0:
sys.exit('[!]没有无线网卡,请插入网卡')
return interfaces interfaces = get_wlan_interfaces() #获取当前的无线网卡 def get_strongest_inface():
'''
通过iwlist dev scan命令,根据无线网卡可获取到的AP数量来判断哪个网卡的功率最强
'''
iface_APs = []
#interfaces = get_wlan_interfaces()
for iface in interfaces['managed']:
count = 0
if iface:
proc = subprocess.Popen(['iwlist',iface,'scan'],stdout=subprocess.PIPE,stderr=DN)
lines = proc.communicate()[0].split('\n')
for line in lines:
if line:
if '- Address:' in line:
count += 1
iface_APs.append((count,iface))
interface = max(iface_APs)[1]
return interface def start_monitor_mode():
'''
通过airmon-ng工具将无线网卡启动为监听状态
'''
if interfaces['monitor']:
print '[*]监听网卡为:%s' % interfaces['monitor'][0]
return interfaces['monitor'][0]
interface = get_strongest_inface()
print '[*]网卡%s开启监听模式...' % interface
try:
os.system('/usr/sbin/airmon-ng start %s' % interface)
moni_inface = get_wlan_interfaces()['monitor']
print '[*]监听网卡为:%s' % moni_inface[0]
return moni_inface
except:
sys.exit('[!]无法开启监听模式') def get_AP_info(pkt):
'''
从Dot11数据包中获取AP的SSID,BSSID,chanle,加密等信息
'''
AP_info = {}
bssid = pkt[Dot11][Dot11Elt].info
ssid = pkt[Dot11].addr2
chanle = str(ord(pkt[Dot11][Dot11Elt][:3].info))
AP_infos = [bssid,chanle]
wpa_info,cipher_info = get_Dot11_RSN(pkt)
if wpa_info and cipher_info:
AP_infos = AP_infos + [wpa_info,cipher_info]
AP_info[ssid]=AP_infos
return AP_info APs_info = {}
def get_APs_info(pkt):
global APs_info
if pkt.haslayer(Dot11) and (pkt.haslayer(Dot11Beacon) or pkt.haslayer(Dot11ProbeResp)):
AP_info = get_AP_info(pkt) if not APs_info.has_key(AP_info.keys()[0]):
APs_info.update(AP_info)
return APs_info already_shows = []
def show_APs_info(pkt):
global already_shows
APs_info = get_APs_info(pkt)
for (key,value) in APs_info.items():
if key not in already_shows:
already_shows.append(key)
print '-' * 40
print ' [+]AP的BSSID:%s' % value[0]
print ' [+]AP的SSID:%s' % key
print ' [+]AP当前的chanle:%s' % value[1]
if len(value) == 4:
print ' [+]AP的认证方式为:%s' % value[2]
print ' [+]AP的加密算法为:%s' % value[3]
else:
print ' [+]开放验证!!'
print '-' * 40 def get_Dot11_RSN(pkt):
'''
从Beacon帧以及ProbeResponse帧获取cipher及auth信息
'''
ssid = pkt[Dot11].addr2
len_Elt = len(pkt[Dot11Elt].summary().split('/'))
#print pkt.show()
for i in range(len_Elt):
if pkt[Dot11Elt][i].ID == RSN:
try:
RSN_info = hexstr(pkt[Dot11Elt][i].info)
cipher_index = RSN_info.find('ac') #第一个00 0f ac 02中的‘02’代表cipher
auth_index = RSN_info.rfind('ac') #从后往前数第一个00 0f ac 02中的‘02’代表AUTH
cipher_num = int(RSN_info[(cipher_index + 3):(cipher_index + 5)])
auth_num = int(RSN_info[(auth_index + 3):(auth_index + 5)])
for key,value in Dot11i.items():
if cipher_num == key:
cipher_info = value
for key,value in WPA_Auth.items():
if auth_num == key:
wpa_info = value
#print wpa_info,cipher_info
return wpa_info,cipher_info
except:
pass
return None,None def sniffering(interface,action):
'''
嗅探5000个数据包
'''
print '[*]附近AP信息如下:'
sniff(iface=interface,prn=action,count=5000,store=0) def main():
moni_inface = start_monitor_mode()
sniffering(moni_inface, show_APs_info) if __name__ == '__main__':
main()

运行结果如下:

 # python test_sniff.py
WARNING: No route found for IPv6 destination :: (no default route?)
[*]监听网卡为:wlan1mon
[*]附近AP信息如下:
----------------------------------------
[+]AP的BSSID:100msh-XXX
[+]AP的SSID:84:82:f4:xx:xx:xx
[+]AP当前的chanle:11
[+]开放验证!!
----------------------------------------
----------------------------------------
[+]AP的BSSID:��¡����
[+]AP的SSID:d0:c7:c0:xx:xx:xx
[+]AP当前的chanle:11
[+]AP的认证方式为:PSK
[+]AP的加密算法为:CCMP
----------------------------------------
----------------------------------------
[+]AP的BSSID:FAST_XXX
[+]AP的SSID:78:eb:14:xx:xx:xx
[+]AP当前的chanle:11
[+]AP的认证方式为:PSK
[+]AP的加密算法为:CCMP
----------------------------------------
----------------------------------------
[+]AP的BSSID:FAST_XXX
[+]AP的SSID:0c:72:2c:xx:xx:xx
[+]AP当前的chanle:11
[+]AP的认证方式为:PSK
[+]AP的加密算法为:CCMP
----------------------------------------
----------------------------------------
[+]AP的BSSID:XXX
[+]AP的SSID:80:81:10:xx:xx:xx
[+]AP当前的chanle:8
[+]AP的认证方式为:PSK
[+]AP的加密算法为:TKIP
----------------------------------------
----------------------------------------
[+]AP的BSSID:XXX
[+]AP的SSID:80:81:10:xx:xx:xx
[+]AP当前的chanle:8
[+]AP的认证方式为:PSK
[+]AP的加密算法为:TKIP
----------------------------------------
----------------------------------------
[+]AP的BSSID:360免费WiFi-44
[+]AP的SSID:24:05:0f:xx:xx:xx
[+]AP当前的chanle:11
[+]AP的认证方式为:PSK
[+]AP的加密算法为:CCMP
----------------------------------------

用python编写的无线AP扫描器的更多相关文章

  1. 使用Python编写简单的端口扫描器的实例分享【转】

    转自 使用Python编写简单的端口扫描器的实例分享_python_脚本之家 http://www.jb51.net/article/76630.htm -*- coding:utf8 -*- #!/ ...

  2. 用python编写的简易端口扫描器

    #coding = utf-8 ''' python 3.4 通过简单的TCP端口连接来判断指定IP是否开放了指定端口. ''' import socket import optparse impor ...

  3. 基于python编写的天气抓取程序

    以前一直使用中国天气网的天气预报组件都挺好,可是自从他们升级组件后数据加载变得非常不稳定,因为JS的阻塞常常导致网站打开速度很慢.为了解决这个问题决定现学现用python编写一个抓取程序,每天定时抓取 ...

  4. 【摘】【网络】无线AP与无线路由器有什么区别?

    参考网站: 1.无线上网百科 http://wifi.baike.com/article-290204.html 图片 1 今天我们从功能.应用.组网和成本四个方面为大家区分无线路由器和无线AP.当前 ...

  5. 用Python编写博客导出工具

    用Python编写博客导出工具 罗朝辉 (http://kesalin.github.io/) CC 许可,转载请注明出处   写在前面的话 我在 github 上用 octopress 搭建了个人博 ...

  6. 无线AP和无线路由器区别

    无线AP,即Access Point,也就是无线接入点.简单来说就是wifi共享上网中的无线交换机,它是移动终端用户进入有线网络的接入点. AD:51CTO技术沙龙 | 赋予APP不同凡响的交互和体验 ...

  7. 【转载】Python编写简易木马程序

    转载来自: http://drops.wooyun.org/papers/4751?utm_source=tuicool 使用Python编写一个具有键盘记录.截屏以及通信功能的简易木马. 首先准备好 ...

  8. 利用win7系统自带的dos命令把笔记本无线网卡当无线路由器(无线AP发射器)

    利用win7系统自带的dos命令把笔记本无线网卡当无线路由器(无线AP发射器). 1.打开win7开始菜单,找到命令提示符选项,以管理员身份运行cmd.2.在命令行上输入:netsh wlan set ...

  9. 用Python编写的第一个回测程序

    用Python编写的第一个回测程序 2016-08-06 def savfig(figureObj, fn_prefix1='backtest8', fn_prefix2='_1_'): import ...

随机推荐

  1. Codeforces 898E Squares and not squares

    题目大意 给定 $n$($n$ 是偶数,$2\le n\le 2\times 10^{5}$)个非负整数 $a_1,\dots, a_n$($a_i\le 10^9$). 要求将其中 $n/2$ 个数 ...

  2. [暑假集训--数位dp]hdu3555 Bomb

    The counter-terrorists found a time bomb in the dust. But this time the terrorists improve on the ti ...

  3. Enable and Use Remote Commands in Windows PowerShell

    The Windows PowerShell remoting features are supported by the WS-Management protocol and the Windows ...

  4. static变量的生命周期

    static生命周期 2011-07-15 16:01 静态变量的类型说明符是static.静态变量当然是属于静态存储方式,但是属于静态存储方式的量不一定就是静态变量,例如外部变量虽属于静态存储方式, ...

  5. LeetCode OJ--Add Two Numbers

    http://oj.leetcode.com/problems/add-two-numbers/ 将用链表表示的两个数相加,(2 -> 4 -> 3) + (5 -> 6 -> ...

  6. HDU 5890 Eighty seven(DP+bitset优化)

    题目链接 Eighty seven 背包(用bitset预处理)然后对于每个询问O(1)回答即可. 预处理的时候背包. #include <bits/stdc++.h> using nam ...

  7. TCP server和client

    http://blog.csdn.net/hguisu/article/details/7445768/ 原文:http://www.cnblogs.com/dolphinX/p/3460545.ht ...

  8. android 什么时候call super.onDestory()等

    Methods you override that are part of component creation (onCreate(), onStart(), onResume(), etc.), ...

  9. mysql 设置不了短串密码怎么办 You must reset your password using ALTER USER statement before executing this statement.

    centos7+ 安装 mysq 5.7 https://www.linuxidc.com/Linux/2016-09/135288.htm set global validate_password_ ...

  10. Linux下使用mv重命名文件或者移动文件(增强版的工具为rename)

    mv命令既可以重命名,又可以移动文件或文件夹. 例子:将目录A重命名为B mv A B 例子:将/a目录移动到/b下,并重命名为c mv /a /b/c 例子:将文件A.txt重命名为B.txt mv ...