derv82 / wifite2

Rewrite of the popular wireless network auditor, "wifite"
GNU General Public License v2.0
6.47k stars 1.32k forks source link

Resurection of the -pow or --power argument #169

Open marcus-brutus opened 6 years ago

marcus-brutus commented 6 years ago

Apologies in advance, I have a limited use case on a functionally difficult device that relied on this argument existing. For the moment, I have been using the previous version (wifite) but as you are aware, it's missing several new features and has some stability issues. I'd like to also add PMKID to the arrangement which requires the newer version. Is there anyway with the current version to emulate the functionality that was previously offered with the "-pow" or "--power" arguments? I thought I found similar functionality with the -p 'pillage' command although that doesn't appear to allow the ability to then specify a power level (i.e. it just runs all found networks).

Basically, wifite is being called from a simple bash script on a small difficult to use device (a cell phone running nethunter), that was allowed to be stealth carried. The script would then cycle channels on wifite and then run through the smart deauth - wpa handshake capture process for every network above 35 Db using settings that 'failed quick' and moved on in order to capture the maximum amount of handshakes in the shortest amount of time. This has been working very well, (generally capturing anything that has a high enough signal where capture is likely possible).

So basically i need a command string that says 'ignore networks that have no chance of success'.

Apologies if unclear, English is not my primary language

dividedby-0 commented 6 years ago

I would also love to see this useful feature resurrected.

RaduNico commented 6 years ago

I've implemented the --power option inside my infinite attack branch, I think it would go especially well with your usecase - an automatic attack. However an issue does arrise because of how targets get printed.

Say for example you first get 10 targets...but the next second because target power slightly changes works you could for example get only 8 targets. Because of this the new target list cannot cover the previous target list so all targets will get printed on the next line. Tl;dr wifite would jut spam multiple times the found AP's.

This is rather a silly effect, implementing the --power option takes about 20 lines of code but breaks the neat display. I have some ideas on how to do a rework on how the targets are displayed - for example a fixed window that starts from the top line and just fills lines with the targets, instead for being a bottom-up display - very much like airodump does it. But for this kind of changes I would like @derv82 opinion.

Another approach is pretty much ignoring the output because in automation cases you just need a log of the result to read later. User input is very close to none when you want to fully automate the attack. Anyhow, I will make the --power option on my infitite attack branch https://github.com/RaduNico/wifite2/tree/infinite_attack. I might later change the location of this change and post the new branch name. Issues and comments are more than welcome on my changes :)

EDIT: It just occured to me as I was writing this - you can keep all the targets that had at any point during that scan at least \<power>. It is a compromise at least until we get some input from the owner. It doesn't work very well in the case of wardriving - the power might drop to very low levels before you start the actual attack, but currently wifite does not play very nice with wardriving - the target might completely disappear and wifite would still lose a lot of time trying to attack that target. I think the --berlin flag needs to be used for airodump-ng so that it would drop targets it has no updates on faster than 120 seconds. 2 minutes is a very long time in case you are wardriving. @marcus-brutus @phlame64 how would you feel about this compromise? It would allow this feature to be pushed faster in the main repo and still be useful.

RaduNico commented 6 years ago

I've made the PR #181 that implements --power. For now --power works by looking at the maximum power an AP had during a scan and comparing that to the parameter sent.