wifi_db
Script to parse Aircrack-ng captures into a SQLite database, get handshakes (in 22000 hashcat format) and extract MGT identities.
Install
DockerHub (RECOMMENDED)
Fromdocker pull raulcalvolaorden/wifi_db
Manual installation
Dependencies:
- tshark
- hcxtools
sudo apt install tshark
git clone https://github.com/ZerBea/hcxtools.git
cd hcxtools
make
sudo make install
cd ..
Installation
sudo apt install python3-pip
git clone https://github.com/RaulCalvoLaorden/wifi_db
cd wifi_db
pip3 install -r requirements.txt
Usage
Scan with airodump-ng
Run airodump-ng saving the output with -w:
sudo airodump-ng wlan0mon -w scan --manufacturer --wps --gpsd
Create the SQLite database using Docker
#Folder with captures
CAPTURESFOLDER=/home/user/wifi
# Output database
touch db.SQLITE
docker run -t -v $PWD/db.SQLITE:/db.SQLITE -v $CAPTURESFOLDER:/captures/ raulcalvolaorden/wifi_db
- '-v $PWD/db.SQLITE:/db.SQLITE': To save de output in current folder db.SQLITE file
- '-v $CAPTURESFOLDER:/captures/': To share the folder with the captures with the docker
Create the SQLite database using manual installation
Once the capture is created, we can create the database by importing the capture. To do this, put the name of the capture without format.
python3 wifi_db.py scan-01
In the event that we have multiple captures we can load the folder in which they are directly. And with -d we can rename the output database.
python3 wifi_db.py -d database.sqlite scan-folder
Open database
The database can be open with:
Optional arguments
-h, --help show this help message and exit
-v, --verbose increase output verbosity
--debug increase output verbosity to debug
-t LAT, --lat LAT insert a fake lat in the new elements
-n LON, --lon LON insert a fake lon in the new elements
--source [{aircrack-ng,kismet,wigle}]
source from capture data (default: aircrack-ng)
Kismet
TODO
Wigle
TODO
Views
-
ProbeClients: It shows the complete information of the users with their probes
-
ConnectedAP: It shows the information of the clients connected to the APs. With this view you can easily filter by scope and check connected clients.
-
ProbeClientsConnected: Displays the list of poor users connected to WiFi networks. This is useful to check the problems of users connecting to networks in the scope.
-
HandshakeAP: Show the APs, client file and hashcat hash for each handshake in the Handshake table
-
IdentityAP: Show the APs, client and Identity for each identity its table
TODO
-
Aircrack-ng
-
All in 1 file (and separately)
-
Kismet
-
Wigle
-
install
-
parse all files in folder -f --folder
-
Fix Extended errors, tildes, etc (fixed in aircrack-ng 1.6)
-
Support bash multi files: "capture*-1*"
-
Script to delete client or AP from DB (mac). - (Whitelist)
-
Whitelist to don't add mac to DB (file whitelist.txt, add macs, create DB)
-
Overwrite if there is new info (old ESSID='', New ESSID='WIFI')
-
Table Handhsakes and PMKID
-
Hashcat hash format 22000
-
Table files, if file exists skip (full path)
-
Get HTTP POST passwords
-
DNS querys
This program is a continuation of a part of: https://github.com/T1GR3S/airo-heat
Author
- Raúl Calvo Laorden (@raulcalvolaorden)