首页 > 代码库 > 用python编写的无线AP扫描器
用python编写的无线AP扫描器
代码如下:
1 #coding=utf-8 2 3 import os 4 import sys 5 import subprocess 6 from scapy.all import * 7 8 9 RSN = 48 #管理帧信息元素(Dot11Elt)ID48是RSN信息 10 WPA = 221 #管理帧信息元素ID221是WPA信息 11 Dot11i = {0:‘GroupCipher‘, 12 1:‘WEP-40‘, 13 2:‘TKIP‘, 14 4:‘CCMP‘, 15 5:‘WEP-104‘ 16 } #RSN信息的第6字节 17 WPA_Auth = {1:‘802.11x/PMK‘, 18 2:‘PSK‘ 19 } #RSN信息的第22字节 20 DN = open(os.devnull,‘w‘) 21 22 def get_wlan_interfaces(): 23 ‘‘‘ 24 返回当前PC上所有的无线网卡以及网卡所处的模式 25 ‘‘‘ 26 interfaces = {‘monitor‘:[],‘managed‘:[],‘all‘:[]} 27 proc = subprocess.Popen([‘iwconfig‘],stdout=subprocess.PIPE,stderr=DN) 28 lines = proc.communicate()[0].split(‘\n‘) 29 for line in lines: 30 if line: 31 if line[0] != ‘ ‘: 32 iface = line.split(‘ ‘)[0] 33 if ‘Mode:Monitor‘ in line: 34 interfaces[‘monitor‘].append(iface) 35 if ‘IEEE 802.11‘ in line: 36 interfaces[‘managed‘].append(iface) 37 interfaces[‘all‘].append(iface) 38 if len(interfaces[‘managed‘]) == 0: 39 sys.exit(‘[!]没有无线网卡,请插入网卡‘) 40 return interfaces 41 42 interfaces = get_wlan_interfaces() #获取当前的无线网卡 43 44 def get_strongest_inface(): 45 ‘‘‘ 46 通过iwlist dev scan命令,根据无线网卡可获取到的AP数量来判断哪个网卡的功率最强 47 ‘‘‘ 48 iface_APs = [] 49 #interfaces = get_wlan_interfaces() 50 for iface in interfaces[‘managed‘]: 51 count = 0 52 if iface: 53 proc = subprocess.Popen([‘iwlist‘,iface,‘scan‘],stdout=subprocess.PIPE,stderr=DN) 54 lines = proc.communicate()[0].split(‘\n‘) 55 for line in lines: 56 if line: 57 if ‘- Address:‘ in line: 58 count += 1 59 iface_APs.append((count,iface)) 60 interface = max(iface_APs)[1] 61 return interface 62 63 def start_monitor_mode(): 64 ‘‘‘ 65 通过airmon-ng工具将无线网卡启动为监听状态 66 ‘‘‘ 67 if interfaces[‘monitor‘]: 68 print ‘[*]监听网卡为:%s‘ % interfaces[‘monitor‘][0] 69 return interfaces[‘monitor‘][0] 70 interface = get_strongest_inface() 71 print ‘[*]网卡%s开启监听模式...‘ % interface 72 try: 73 os.system(‘/usr/sbin/airmon-ng start %s‘ % interface) 74 moni_inface = get_wlan_interfaces()[‘monitor‘] 75 print ‘[*]监听网卡为:%s‘ % moni_inface[0] 76 return moni_inface 77 except: 78 sys.exit(‘[!]无法开启监听模式‘) 79 80 def get_AP_info(pkt): 81 ‘‘‘ 82 从Dot11数据包中获取AP的SSID,BSSID,chanle,加密等信息 83 ‘‘‘ 84 AP_info = {} 85 bssid = pkt[Dot11][Dot11Elt].info 86 ssid = pkt[Dot11].addr2 87 chanle = str(ord(pkt[Dot11][Dot11Elt][:3].info)) 88 AP_infos = [bssid,chanle] 89 wpa_info,cipher_info = get_Dot11_RSN(pkt) 90 if wpa_info and cipher_info: 91 AP_infos = AP_infos + [wpa_info,cipher_info] 92 AP_info[ssid]=AP_infos 93 return AP_info 94 95 APs_info = {} 96 def get_APs_info(pkt): 97 global APs_info 98 if pkt.haslayer(Dot11) and (pkt.haslayer(Dot11Beacon) or pkt.haslayer(Dot11ProbeResp)): 99 AP_info = get_AP_info(pkt)100 101 if not APs_info.has_key(AP_info.keys()[0]):102 APs_info.update(AP_info) 103 return APs_info104 105 106 already_shows = []107 def show_APs_info(pkt):108 global already_shows109 APs_info = get_APs_info(pkt)110 for (key,value) in APs_info.items():111 if key not in already_shows:112 already_shows.append(key)113 print ‘-‘ * 40114 print ‘ [+]AP的BSSID:%s‘ % value[0]115 print ‘ [+]AP的SSID:%s‘ % key116 print ‘ [+]AP当前的chanle:%s‘ % value[1]117 if len(value) == 4:118 print ‘ [+]AP的认证方式为:%s‘ % value[2]119 print ‘ [+]AP的加密算法为:%s‘ % value[3]120 else:121 print ‘ [+]开放验证!!‘122 print ‘-‘ * 40123 124 def get_Dot11_RSN(pkt):125 ‘‘‘126 从Beacon帧以及ProbeResponse帧获取cipher及auth信息127 ‘‘‘128 ssid = pkt[Dot11].addr2129 len_Elt = len(pkt[Dot11Elt].summary().split(‘/‘))130 #print pkt.show()131 for i in range(len_Elt):132 if pkt[Dot11Elt][i].ID == RSN:133 try:134 RSN_info = hexstr(pkt[Dot11Elt][i].info)135 cipher_index = RSN_info.find(‘ac‘) #第一个00 0f ac 02中的‘02’代表cipher136 auth_index = RSN_info.rfind(‘ac‘) #从后往前数第一个00 0f ac 02中的‘02’代表AUTH137 cipher_num = int(RSN_info[(cipher_index + 3):(cipher_index + 5)])138 auth_num = int(RSN_info[(auth_index + 3):(auth_index + 5)])139 for key,value in Dot11i.items():140 if cipher_num == key:141 cipher_info = value142 for key,value in WPA_Auth.items():143 if auth_num == key:144 wpa_info = value145 #print wpa_info,cipher_info 146 return wpa_info,cipher_info147 except:148 pass149 return None,None150 151 152 153 154 155 def sniffering(interface,action):156 ‘‘‘157 嗅探5000个数据包158 ‘‘‘159 print ‘[*]附近AP信息如下:‘160 sniff(iface=interface,prn=action,count=5000,store=0)161 162 163 def main():164 moni_inface = start_monitor_mode()165 sniffering(moni_inface, show_APs_info)166 167 if __name__ == ‘__main__‘:168 main()169
运行结果如下:
1 # python test_sniff.py 2 WARNING: No route found for IPv6 destination :: (no default route?) 3 [*]监听网卡为:wlan1mon 4 [*]附近AP信息如下: 5 ---------------------------------------- 6 [+]AP的BSSID:100msh-XXX 7 [+]AP的SSID:84:82:f4:xx:xx:xx 8 [+]AP当前的chanle:11 9 [+]开放验证!!10 ----------------------------------------11 ----------------------------------------12 [+]AP的BSSID:??¡????13 [+]AP的SSID:d0:c7:c0:xx:xx:xx14 [+]AP当前的chanle:1115 [+]AP的认证方式为:PSK16 [+]AP的加密算法为:CCMP17 ----------------------------------------18 ----------------------------------------19 [+]AP的BSSID:FAST_XXX20 [+]AP的SSID:78:eb:14:xx:xx:xx21 [+]AP当前的chanle:1122 [+]AP的认证方式为:PSK23 [+]AP的加密算法为:CCMP24 ----------------------------------------25 ----------------------------------------26 [+]AP的BSSID:FAST_XXX27 [+]AP的SSID:0c:72:2c:xx:xx:xx28 [+]AP当前的chanle:1129 [+]AP的认证方式为:PSK30 [+]AP的加密算法为:CCMP31 ----------------------------------------32 ----------------------------------------33 [+]AP的BSSID:XXX34 [+]AP的SSID:80:81:10:xx:xx:xx35 [+]AP当前的chanle:836 [+]AP的认证方式为:PSK37 [+]AP的加密算法为:TKIP38 ----------------------------------------39 ----------------------------------------40 [+]AP的BSSID:XXX41 [+]AP的SSID:80:81:10:xx:xx:xx42 [+]AP当前的chanle:843 [+]AP的认证方式为:PSK44 [+]AP的加密算法为:TKIP45 ----------------------------------------46 ----------------------------------------47 [+]AP的BSSID:360免费WiFi-4448 [+]AP的SSID:24:05:0f:xx:xx:xx49 [+]AP当前的chanle:1150 [+]AP的认证方式为:PSK51 [+]AP的加密算法为:CCMP52 ----------------------------------------
用python编写的无线AP扫描器
声明:以上内容来自用户投稿及互联网公开渠道收集整理发布,本网站不拥有所有权,未作人工编辑处理,也不承担相关法律责任,若内容有误或涉及侵权可进行投诉: 投诉/举报 工作人员会在5个工作日内联系你,一经查实,本站将立刻删除涉嫌侵权内容。