-
Notifications
You must be signed in to change notification settings - Fork 19
/
configurationSettings
116 lines (97 loc) · 6.32 KB
/
configurationSettings
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
#!/bin/bash
# WARNING! In case you use old Airodump-ng 1.0 (instead of 1.2)
# And you haven't updated it from http://manpages.ubuntu.com/manpages/trusty/man8/airodump-ng-oui-update.8.html
# You should use "mon0" as a monitor name
MONITOR_NAME="wlan0mon";
############ AUTO-REAVER CONFIGURATION #######################################
#### Additional Reaver options besides bssid, spoofed mac, session file, channel
# d [seconds] = delay (seconds) between PIN attempts
# g [num attempts] = Quit after num pin attempts (for 1 iteration of loop)
# T [seconds] = Set the M5/M7 timeout period [0.20]
# t = receive timeout
# l = lockdown delay (if WPS is blocked)
# N = do not send NACK's if packets are out of order
# S = Use small DH keys to improve crack speed
# x [seconds] = Fail wait in seconds (When 10 consecutive unexpected WPS errors are encountered)
# E = Terminate each WPS session with an EAP FAIL packet (for poor AP implementations)
# A = No associate (you must associate with another program) (WARNING: NO_AIREPLAY must be set to 0 for aireplay-ng associacion)
# vv is Enabled by default below, because script relies on Reaver response
# --win7 = Mimic Windows 7 registrar
# WARNING! You can't turn off -vv flag, because script is analyzing Reaver output
ADDITIONAL_OPTIONS="-g 1 -E -S -N -T 1 -t 15 -d 0 --win7";
# since (2014-07-12)
# minimum number of minutes between pin attempts per access point
# this option ensures you that AP won't be checked more often than MINUTES_WAIT_BETWEEN_PIN_ATTEMPTS minutes
# so if AP blocks WPS often, consider to use this option to prevent blocking
MINUTES_WAIT_BETWEEN_PIN_ATTEMPTS=1;
# Time in minutes during which AP is skipped inside loop because of reach "AP rate limit"
# Notice: "...was blocked less than {LIMIT_WAIT_MINUTES} minutes ago, skipping"
LIMIT_WAIT_MINUTES=15;
# sleep in seconds before another re-check of whole list (outer loop iteration)
# Notice: "Sleeping before another list re-check for {SLEEP_BEFORE_LIST_RECHECK} seconds"
SLEEP_BEFORE_LIST_RECHECK=5;
# if 1 script shows average time between PINS, if it's 0 this won't be calculated
SHOW_AVERAGE_TIME_BETWEEN_PINS=0;
# Timeout in seconds during script waits for AP to show up in airodump, after that AP is considered offline
# Notice: "Wait {BSSID_ONLINE_TIMEOUT} seconds... scanning if XX:XX:XX:XX:XX:XX (XXXX) is online"
# Notice: "If you use random channels for AP's increase this value, since hopping between channels takes long time"
BSSID_ONLINE_TIMEOUT=30;
# After this time of inactivity reaver will be killed, and started again with another AP.
# Setting INACTIVITY_TIMEOUT=0 will prevent activityCheckerScript to run.
INACTIVITY_TIMEOUT=120;
# sleep in seconds between checking different AP's (inner loop iteration)
# Notice: "Sleeping between AP's for {SLEEP_BETWEEN_APS}"
SLEEP_BETWEEN_APS=0;
# Delay in seconds between association requests (aireplay-ng fake auth -l option)
FAKE_AUTH_DELAY_SECONDS=60;
# (1 or 0) if set to 1 means that additional airodump-ng (monitoring access point behavior) isn't started
# set this to 0 if you wan't to see what's going on with AP (signal, beacons...etc)
NO_AIRODUMP=1;
# (1 or 0) if set to 1 means that additional aireplay-ng (doing fake-auth) isn't started
# set this to 0 if you encountered something like "[!] WARNING: Failed to associate with xx:xx:xx:xx:xx:xx (ESSID: yyyyy)"
NO_AIREPLAY=0;
# macchanger can be "ALL", "PER_LOOP", "ONCE" or ""
# "ALL" - changes mac address of your wifi card, for all access points in the loop
# "PER_LOOP" - changes mac address once per loop (every list re-check)
# "ONCE" - changes mac address once at the beginning of the script
# "" - never changes mac adress (macchanger is off)
MACCHANGER_ON="ONCE";
# SPOOFED MAC (if you want to define your own spoofed mac for wifi card)
# If you leave this empty MAC will be randomly generated by perl below
SPOOFED_MAC=""; #"00:21:6B:B5:E5:22" /
# Reaver session files directory
REAVER_SESSION_DIR="/usr/local/etc/reaver";
# temporary directory for autoReaver script (containing some tmp files which are needed)
TMP_DIR="/tmp/autoReaver";
# dir with tmp files indicating, that BSSID reached limit of attempts, files are named just like reaver session files
# simply if MAC=AA:BB:CC:DD:EE:FF file name is AABBCCDDEEFF
# every file is checking if it was modified over last LIMIT_WAIT_MINUTES,
# if it was.. that means AP reached rate limit and will be skipped during the loop
LIMIT_TMP_DIR="$TMP_DIR/APLimitBSSID";
# directory with last dates of pin checks (if pin was checked, date of check was putted into PIN_DATE_TMP_DIR/BSSID file)
# Better don't set this directory in /tmp/ because it's cleared after system restart, and you loose your pin dates
# which are required to calculate average time between PINs
PIN_DATE_TMP_DIR=$(pwd)"/ReaverLastPinDates";
# file containing list of cracked access points
# if something goes wrong with this file remember you can always recover PIN / Passphrase
# from /usr/local/etc/reaver/reaver.db
# or recover last checked pin from session file /usr/local/etc/reaver/{MAC}.wpc
CRACKED_LIST_FILE_PATH=$(pwd)"/AUTOREAVER_CRACKED_WPS_LIST";
####### Checking activity ####
# makeActivityChecker checks if file CHECK_ACTIVITY_FILE was modified before ($NOW - $INACTIVITY_TIMEOUT)
# then reaver process is killed due to inactivity (probably hanged up)
# CHECK_ACTIVITY_FILE is touched while AP responds with messsages such like: Received M1-M6
# If there was no mentioned output from Reaver in INACTIVITY_TIMEOUT period (seconds)
CHECK_ACTIVITY_FILE="$TMP_DIR/autoReaverLastActivity";
# You should modify this in case you have other interface like ath0 or something else
WIRELESS_INTERFACE="wlan0";
# Here you can define your own regexp which if matched - means that Reaver is active
# If you want to be restrictive, you could change this to "Received WSC NACK",
# which means that only rejecting PIN will be considered as activity.
# Sometimes Reaver outputs only "Received M1" and won't go further, then you should change this to "Received M3".
# This value should depend on specific AP's behavior.
REAVER_ACTIVITY_PERL_REGEXP="Received M3";
# Here you can define your own regexp which if matched - means that one PIN has been checked and written to log file
# Logs are stored in PIN_DATE_TMP_DIR directory
REAVER_CHECKED_PIN_PERL_REGEXP="Received WSC NACK"
######################## END OF CONFIGURATION #######################################################