首页 > 代码库 > 用python编写的无线AP扫描器

用python编写的无线AP扫描器

代码如下:

  1 #coding=utf-8  2   3 import os  4 import sys  5 import subprocess  6 from scapy.all import *  7   8   9 RSN = 48    #管理帧信息元素(Dot11Elt)ID48是RSN信息 10 WPA = 221   #管理帧信息元素ID221是WPA信息 11 Dot11i = {0:GroupCipher, 12           1:WEP-40, 13           2:TKIP, 14           4:CCMP, 15           5:WEP-104 16           } #RSN信息的第6字节 17 WPA_Auth = {1:802.11x/PMK, 18             2:PSK 19            } #RSN信息的第22字节 20 DN = open(os.devnull,w) 21  22 def get_wlan_interfaces(): 23     ‘‘‘ 24     返回当前PC上所有的无线网卡以及网卡所处的模式 25     ‘‘‘ 26     interfaces = {monitor:[],managed:[],all:[]} 27     proc = subprocess.Popen([iwconfig],stdout=subprocess.PIPE,stderr=DN) 28     lines = proc.communicate()[0].split(\n) 29     for line in lines: 30         if line: 31             if line[0] !=  : 32                 iface = line.split( )[0] 33                 if Mode:Monitor in line: 34                     interfaces[monitor].append(iface) 35                 if IEEE 802.11 in line: 36                     interfaces[managed].append(iface) 37                 interfaces[all].append(iface) 38     if len(interfaces[managed]) == 0: 39         sys.exit([!]没有无线网卡,请插入网卡) 40     return interfaces 41  42 interfaces = get_wlan_interfaces()  #获取当前的无线网卡 43  44 def get_strongest_inface(): 45     ‘‘‘ 46     通过iwlist dev scan命令,根据无线网卡可获取到的AP数量来判断哪个网卡的功率最强 47     ‘‘‘ 48     iface_APs = [] 49     #interfaces = get_wlan_interfaces() 50     for iface in interfaces[managed]: 51         count = 0 52         if iface: 53             proc = subprocess.Popen([iwlist,iface,scan],stdout=subprocess.PIPE,stderr=DN) 54             lines = proc.communicate()[0].split(\n) 55             for line in lines: 56                 if line: 57                     if - Address: in line: 58                         count += 1 59             iface_APs.append((count,iface)) 60     interface = max(iface_APs)[1] 61     return interface 62  63 def start_monitor_mode(): 64     ‘‘‘ 65     通过airmon-ng工具将无线网卡启动为监听状态 66     ‘‘‘ 67     if interfaces[monitor]: 68         print [*]监听网卡为:%s % interfaces[monitor][0] 69         return interfaces[monitor][0] 70     interface = get_strongest_inface() 71     print [*]网卡%s开启监听模式... % interface 72     try: 73         os.system(/usr/sbin/airmon-ng start %s % interface) 74         moni_inface = get_wlan_interfaces()[monitor] 75         print [*]监听网卡为:%s % moni_inface[0] 76         return moni_inface 77     except: 78         sys.exit([!]无法开启监听模式) 79          80 def get_AP_info(pkt): 81     ‘‘‘ 82     从Dot11数据包中获取AP的SSID,BSSID,chanle,加密等信息 83     ‘‘‘ 84     AP_info = {} 85     bssid = pkt[Dot11][Dot11Elt].info 86     ssid = pkt[Dot11].addr2 87     chanle = str(ord(pkt[Dot11][Dot11Elt][:3].info)) 88     AP_infos = [bssid,chanle] 89     wpa_info,cipher_info = get_Dot11_RSN(pkt) 90     if wpa_info and cipher_info: 91         AP_infos = AP_infos + [wpa_info,cipher_info] 92     AP_info[ssid]=AP_infos   93     return AP_info 94  95 APs_info = {} 96 def get_APs_info(pkt): 97     global APs_info 98     if pkt.haslayer(Dot11) and (pkt.haslayer(Dot11Beacon) or pkt.haslayer(Dot11ProbeResp)): 99         AP_info = get_AP_info(pkt)100         101         if not APs_info.has_key(AP_info.keys()[0]):102             APs_info.update(AP_info)   103     return APs_info104 105 106 already_shows = []107 def show_APs_info(pkt):108     global already_shows109     APs_info = get_APs_info(pkt)110     for (key,value) in APs_info.items():111         if key not in already_shows:112             already_shows.append(key)113             print - * 40114             print  [+]AP的BSSID:%s % value[0]115             print  [+]AP的SSID:%s % key116             print  [+]AP当前的chanle:%s % value[1]117             if len(value) == 4:118                 print  [+]AP的认证方式为:%s % value[2]119                 print  [+]AP的加密算法为:%s % value[3]120             else:121                 print  [+]开放验证!!122             print - * 40123                 124 def get_Dot11_RSN(pkt):125     ‘‘‘126     从Beacon帧以及ProbeResponse帧获取cipher及auth信息127     ‘‘‘128     ssid = pkt[Dot11].addr2129     len_Elt = len(pkt[Dot11Elt].summary().split(/))130     #print pkt.show()131     for i in range(len_Elt):132         if pkt[Dot11Elt][i].ID == RSN:133             try:134                 RSN_info = hexstr(pkt[Dot11Elt][i].info)135                 cipher_index = RSN_info.find(ac) #第一个00 0f ac 02中的‘02’代表cipher136                 auth_index = RSN_info.rfind(ac)   #从后往前数第一个00 0f ac 02中的‘02’代表AUTH137                 cipher_num = int(RSN_info[(cipher_index + 3):(cipher_index + 5)])138                 auth_num = int(RSN_info[(auth_index + 3):(auth_index + 5)])139                 for key,value in Dot11i.items():140                     if cipher_num == key:141                         cipher_info = value142                 for key,value in WPA_Auth.items():143                     if auth_num == key:144                         wpa_info = value145             #print wpa_info,cipher_info 146                 return wpa_info,cipher_info147             except:148                 pass149     return None,None150     151             152 153        154 155 def sniffering(interface,action):156     ‘‘‘157     嗅探5000个数据包158     ‘‘‘159     print [*]附近AP信息如下:160     sniff(iface=interface,prn=action,count=5000,store=0)161     162           163 def main():164     moni_inface = start_monitor_mode()165     sniffering(moni_inface, show_APs_info)166 167 if __name__ == __main__:168     main()169

运行结果如下:

 1 # python test_sniff.py  2 WARNING: No route found for IPv6 destination :: (no default route?) 3 [*]监听网卡为:wlan1mon 4 [*]附近AP信息如下: 5 ---------------------------------------- 6  [+]AP的BSSID:100msh-XXX 7  [+]AP的SSID:84:82:f4:xx:xx:xx 8  [+]AP当前的chanle:11 9  [+]开放验证!!10 ----------------------------------------11 ----------------------------------------12  [+]AP的BSSID:??¡????13  [+]AP的SSID:d0:c7:c0:xx:xx:xx14  [+]AP当前的chanle:1115  [+]AP的认证方式为:PSK16  [+]AP的加密算法为:CCMP17 ----------------------------------------18 ----------------------------------------19  [+]AP的BSSID:FAST_XXX20  [+]AP的SSID:78:eb:14:xx:xx:xx21  [+]AP当前的chanle:1122  [+]AP的认证方式为:PSK23  [+]AP的加密算法为:CCMP24 ----------------------------------------25 ----------------------------------------26  [+]AP的BSSID:FAST_XXX27  [+]AP的SSID:0c:72:2c:xx:xx:xx28  [+]AP当前的chanle:1129  [+]AP的认证方式为:PSK30  [+]AP的加密算法为:CCMP31 ----------------------------------------32 ----------------------------------------33  [+]AP的BSSID:XXX34  [+]AP的SSID:80:81:10:xx:xx:xx35  [+]AP当前的chanle:836  [+]AP的认证方式为:PSK37  [+]AP的加密算法为:TKIP38 ----------------------------------------39 ----------------------------------------40  [+]AP的BSSID:XXX41  [+]AP的SSID:80:81:10:xx:xx:xx42  [+]AP当前的chanle:843  [+]AP的认证方式为:PSK44  [+]AP的加密算法为:TKIP45 ----------------------------------------46 ----------------------------------------47  [+]AP的BSSID:360免费WiFi-4448  [+]AP的SSID:24:05:0f:xx:xx:xx49  [+]AP当前的chanle:1150  [+]AP的认证方式为:PSK51  [+]AP的加密算法为:CCMP52 ----------------------------------------

 

用python编写的无线AP扫描器