airgeddon, a multi-use bash script for Linux systems to audit wireless networks

Started by v1s1t0r, May 23, 2017, 08:41:17 PM

Previous topic - Next topic

v1s1t0r

Hi, I'm developing a tool for wireless pentesting. Is GPL and 100% compatible with Backbox Linux. It has many features: DoS, Handshake capturing, WEP cracking, WPA/WPA2 cracking, WPS cracking, 5 different Evil Twin attacks, is on 7 languages, etc...

This is the link of the project: https://github.com/v1s1t0r1sh3r3/airgeddon

It's highly maintained. Very low issue ratio. It has a good wiki on Github for all documentation (requirements, compatibility, docker support, etc).

It's already included in other pentesting Linux distros like BlackArch, Wifislax, Parrot (soon), ArchStrike repositories, etc. Could be very nice to have it included in Backbox repositories if you like it.

Give it a try! Thank you.

ostendali

Hi v1s1t0r,
thanks for letting us know about your new tool and its development schedule for the feature maintenance/update (which is very good point).

we will run an evaluation using our community users and later on do the same with BB team.

We will then be able to see if to integrate your tool into BB repos.

in the meantime, if you can tell us with your words, what would the difference between this tool of yours and existent wireless audit tools that are present in BB and many other security distro that you mentioned. What are the features that the existent tools doesn't have and so on. This will help us to simplify the process and maybe do a quick evaluation for the integration of your tool.

thanks

v1s1t0r

Hi, I think airgeddon is very interesting because it has in only one application a lot of features. I always call it as a "wireless swiss knife". I'll put the entire list of features:


  • Interface mode switcher (Monitor-Managed) keeping selection even on interface name changing
  • DoS over wireless networks using different methods
  • Assisted Handshake file capturing
  • Cleaning and optimizing Handshake captured files
  • Offline password decrypting on WPA/WPA2 captured files (dictionary, bruteforce and rule based)
  • Evil Twin Only Rogue/Fake AP version to sniff using external sniffer (Hostapd + DHCP + DoS)
  • Evil Twin Simple integrated sniffing (Hostapd + DHCP + DoS + Ettercap)
  • Evil Twin Integrated sniffing, sslstrip (Hostapd + DHCP + DoS + Ettercap + Sslstrip)
  • Evil Twin Integrated sniffing, sslstrip2 and BeEF browser exploitation framework (Hostapd + DHCP + DoS + Bettercap + BeEF)
  • Evil Twin Captive portal with "DNS blackhole" to capture wifi passwords (Hostapd + DHCP + DoS + Dnsspoff + Lighttpd)
  • Optional MAC spoofing for all Evil Twin attacks
  • WPS scanning (wash). Self parameterization to avoid "bad fcs" problem
  • WPS Custom PIN association (bully and reaver)
  • WPS Pixie Dust attacks (bully and reaver)
  • WPS Bruteforce PIN attacks (bully and reaver)
  • WPS Parameterizable timeouts
  • Known WPS PINs attack (bully and reaver), based on online PIN database with auto-update
  • WPS Integration of the most common PIN generation algorithms
  • WEP All-in-One attack (combining different techniques: Chop-Chop, Caffe Latte, ARP Replay, Hirte, Fragmentation, Fake association, etc.)
  • Compatibility with many Linux distributions (see Requirements section)
  • Easy targeting and selection in every section
  • Drag and drop files on console window for entering file paths
  • Dynamic screen resolution detection and windows auto-sizing for optimal viewing
  • Controlled Exit. Cleaning tasks and temp files. Option to keep monitor mode if desired
  • Multilanguage support and autodetect OS language feature (see Supported Languages section)
  • Help hints in every zone/menu for easy use
  • Auto-update. Script checks for newer version if possible
  • Docker container for easy and quick deployment
  • Http proxy auto detection for updates

To be honest, I think the most of that features (not all) are existing in other tools or scripts... but airgeddon is compatible with more than 14 different Linux distributions and concentrate all of them in only one tool and to be used in a very simple way. I think there is no other tool making Evil Twin integrating Bettercap+BeEF which could be probably an exclusive feature.

On the other hand, the feedback of the users is very good because airgeddon is showing help tips along all the menues. That tips changes depending of the visited menu. This feature is "teaching" to the users and they reported this feature is nice because it seems they learn while "play hacking".

Other strong point about airgeddon is a "robust" application. Most of scripts which are using 3rd party tools are developed in a "if works is ok" style. In airgeddon, the code is organized, clear. We use https://github.com/koalaman/shellcheck application to verify every warning. Everything is validated. We try to control every possible error. Maybe is not perfect but you'll see is quite difficult "break it". We capture traps for CTRL+C, CTRL+Z, even if you close the terminal window suddenly, the trap is captured to revert the monitor mode of your card to try to avoid the problem of letting you isolated without internet access.

Anyway, all of this are words and words... the best method to balance is: Try it yourself!  :P

v1s1t0r

Hello, more than a year passed since I put the post. airgeddon has grown a lot since I put the post with many new interesting features. Here are some of them:

- Full 5ghz support. All attacks available for this band.
- Some new languages added (Italian, Polish, German, Turkish, etc)
- DoS pursuit mode feature to avoid victim AP channel hopping
- Extended cards compatibility. Now airmon non compatible cards can be used
and many more...

Now working one WPA/WPA2 enterprise attacks for future version.

I downloaded new backbox 5.2. Everything tested and it's fully supported.

Regards.

ostendali

Quote from: v1s1t0r on August 22, 2018, 11:10:56 PM
Hello, more than a year passed since I put the post. airgeddon has grown a lot since I put the post with many new interesting features. Here are some of them:

- Full 5ghz support. All attacks available for this band.
- Some new languages added (Italian, Polish, German, Turkish, etc)
- DoS pursuit mode feature to avoid victim AP channel hopping
- Extended cards compatibility. Now airmon non compatible cards can be used
and many more...

Now working one WPA/WPA2 enterprise attacks for future version.

I downloaded new backbox 5.2. Everything tested and it's fully supported.

Regards.
Thanks for the follow up and exhaustive information about this tool.

May I ask you if you have launchpad account and if you can package the tool in your repo?

v1s1t0r

No, sorry, I don't have launchpad account. Anyway, all the source code and needed info is on my github repo. There is a detailed wiki showing all the needed info: https://github.com/v1s1t0r1sh3r3/airgeddon/wiki

Yes, we can do a package and add it to the repo if needed. I guess that should be a ".deb" package. We are already packaging binaries for Kali and Arch. You can find them at our github. To perform a good .deb package I think is needed to have available all the dependencies at the repositories in order to do a good dependency check on .deb installation. Is all available at backbox repositories? Probably almost all packages will be available. Anyway the best option could be to add the tool directly to your repositories to be able to install it just using apt. It's a bash script and that should be easy to do in the same way it is already included at BlackArch or at Parrot Security repositories. What do you say? If you are interested send me a private message, mail or contact me on IRC.

Regards.

ostendali

Quote from: v1s1t0r on September 01, 2018, 09:52:23 AM
No, sorry, I don't have launchpad account. Anyway, all the source code and needed info is on my github repo. There is a detailed wiki showing all the needed info: https://github.com/v1s1t0r1sh3r3/airgeddon/wiki

Yes, we can do a package and add it to the repo if needed. I guess that should be a ".deb" package. We are already packaging binaries for Kali and Arch. You can find them at our github. To perform a good .deb package I think is needed to have available all the dependencies at the repositories in order to do a good dependency check on .deb installation. Is all available at backbox repositories? Probably almost all packages will be available. Anyway the best option could be to add the tool directly to your repositories to be able to install it just using apt. It's a bash script and that should be easy to do in the same way it is already included at BlackArch or at Parrot Security repositories. What do you say? If you are interested send me a private message, mail or contact me on IRC.

Regards.
one of the problem we may encounter is that your tool using several other tools, so lots of requirements to build up one single tool.

at higl level seeing that this tool relies on several other products some which are already in BackBox may influence our decision in including this tool. A tool that have dependency on several other tools cannot enable the author to take a decision about the continuity of support and development simply because you don't have control on the 3rd party tools. This is where BackBox distinguishes itself from the other security distros i.e. Kali likes etc. we don't just throw in like a bin any new coming tools if they don't satisfy requirements. Some of those 3rd party tools are also in dissatisfaction of BB requirements. Although we are always excited and welcome new tools, we'd like to verify their genuineness and utility which is part of main requirements we have.

These are just my thoughts and some of our community staff/users will take a look and give better feedback on your tool. In the meantime your feedback is welcome of course.

v1s1t0r

Great, let me know if finally are interested to include it. I can put some examples about how other Linux distributions created their packages:

BlackArch: https://github.com/BlackArch/blackarch/blob/master/packages/airgeddon/PKGBUILD
Parrot Security: https://dev.parrotsec.org/security-tools/airgeddon
ArchStrike: https://github.com/ArchStrike/ArchStrike/blob/master/archstrike/airgeddon-git/PKGBUILD

There you can see the dependency packages and how they change the var "auto_update=1" to "auto_update=0" in order to let the airgeddon updates to the respository itself. Thank you and regards.

ostendali

again, let me go back to original question I have had asked.

from what I see it relays on aircrack suite and BackBox already comes with aircrack suite, what is so special that your tool does that aircrack doesn't beside being collection of other tools, in terms of functionality?

it is a duplicate to me and we don't include dupes in BackBox. We will be choosing either your tool or aircrack and given the size of aircrack project I don't think it is the case for us to opt for this tool.

We are not really interested in the facts that other distros have included your tool.

Essentially what is that your tool do better than wifi-tools that we already have in BackBox?

The feedback/answer for the last question should come from you and it shouldn't be us studying your tool so if you want to help us, pls provide brief feedback.

I am still waiting for some feedback from the community users as well so we will see by then.

v1s1t0r

Hi, airgeddon combines aircrack and other tools to automatize processes that doing manually could get some time to the user. For example, it can create 5 types of evil twin attacks on which you should set up a lot of different stuff like interface config, access point, DoS, DHCP, routes and in some cases a captive portal web or a sniffer!, and then everything is dismantled easily just clicking a button. Another interesting feature is the own pin db for wps attacks and the integration of some known pin generation algorithms to automatize wps attacks. The wep "all-in-one" attack will save you a lot of time launching all the possible stuff over the AP and collecting quickly the enough data to crack it instead of trying manually each attack one by one until find the attack that works for your concrete case. The DoS pursuit mode is a unique feature non present in other tools, with that, using a secondary interface a lot of time can be saved too avoiding the channel hopping of a target AP. The same for the almost developed (they are at 80%) enterprise attacks, helping the user parsing the logs to get quickly the captured hashes, etc.

There are so many other "more standard" features on which you are going to save only how to launch a couple of commands but a good point is that everything is integrated in a very robust framework on which everything is validated and on which you are going to be informed about all the events.

So if I should summarize what is this this tool for, I can say that definitely is a real time saver for pentesters.

Cheers.

v1s1t0r

v9.01 released with attacks for enterprise networks, offline cracking for enterprise captured hashes and the new options system on which a lot of options can be customized (silent dependency checks, skip intro, remove colors, disable 5ghz, etc). A link to the changelog: https://github.com/v1s1t0r1sh3r3/airgeddon/blob/master/CHANGELOG.md

v1s1t0r

Hi, new airgeddon release v9.21 with custom certificates creation for enterprise attacks, mdk backwards compatibility (now mdk3 or mdk4 can be chosen) and some fixes. Happy hacking!

v1s1t0r

Hi, so many time since last update. I must admin that I lost the "faith" in BackBox time ago... but I saw you released a new BackBox version, so it seems the project is still alive. Downloading it to give it a try again, why not?

airgeddon was evolved a lot during these last years. Current stable version is 11.21. The tool was included as part of the base tools in so many pentest distros like Kali, Parrot Security, Wifislax, Pentoo, BlackArch, etc. I'd still like to see it included in BackBox because we keep maintaining the compatibility as we are also compatible with Ubuntu which is the base of BackBox. Actually, after download your new release I'll check if everything is still going smoothly or if something should be modified to keep it working right on BackBox.

Currently airgeddon has a Discord community with more than 2000 people (Invitation link https://discord.gg/sQ9dgt9). And we are still developing adding each new wireless attack or technique which is released to try to automatize it to ease the wireless pentesting task. We have some unique features like the WPA3 online dictionary attack and other new things not present on any other tool. So airgeddon is not only wrapping other tools, is innovating about some stuff. A very open plugins system is in place which allows users to customize or create content in an easy and open way. We also have different branches on our GitHub (https://github.com/v1s1t0r1sh3r3/airgeddon) for different purposes. One of them, is to prepare the tool for the coming soon Wifi6E (6ghz), and more stuff! so the tool is highly maintained and very alive as you can see.

So please, I encourage you to consider giving it a try to see if it finally can fit as an useful tool on your repositories. Thanks and regards.

EDIT: tested the tool on your new release, everything ok, as always! just some missing dependencies not available by apt on your repos: asleap, hostapd-wpe and BeEF. As I said, they are optional tools. So this is not a blocker. Essential tools and so many optionals are in place and available. Without these only a couple of attacks can't be performed but the tool is handling the situation. Let me know if you decide finally to include it and how can I help.

raffaele

Hi v1s1t0r, I've just finished working on it. I've created the first package for BackBox Linux 8.1, and you can find it on my Launchpad repository. Test it, and if everything works, we'll publish it on the official repository.
raffaele@backbox:~$ Get root or die tryin'

v1s1t0r

great news! thank you.

I added your testing repo and installed airgeddon. Everything went well. It installed flawlessly. Just two comments:

1. The missing dependencies (asleap, BeEF and hostapd-wpe) are still missing. Do you have planned to add any of them? at least two of them (asleap and hostapd-wpe) are pretty simple and easy-to-add packages. I know that BeEF could be harder.
2. During the installation I noticed, it uninstalled ettercap-graphical package and installed ettercap-text-only. So it seems you have by default installed on backbox ettercap-graphical which is also valid. I mean, airgeddon can work with any of them (text-only or graphical), so no need to uninstall ettercap-graphical. I think ettercap-text-only and ettercap-graphical are conflicting packages between them, aren't they? but maybe you could set the dependency as other type (maybe recommend? not sure) to try to not uninstall its conflicting package.

I saw you disabled the autoupdate feature in options file, good point. Better to be updated by apt if package is at repos.

Anyway, despite of these comments, as I said, everything went very well and smoothly. Let me know if you need anything else.