用python编写的无线AP扫描器

Posted

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了用python编写的无线AP扫描器相关的知识,希望对你有一定的参考价值。

代码如下:

  1 #coding=utf-8
  2 
  3 import os
  4 import sys
  5 import subprocess
  6 from scapy.all import *
  7 
  8 
  9 RSN = 48    #管理帧信息元素(Dot11Elt)ID48是RSN信息
 10 WPA = 221   #管理帧信息元素ID221是WPA信息
 11 Dot11i = {0:GroupCipher,
 12           1:WEP-40,
 13           2:TKIP,
 14           4:CCMP,
 15           5:WEP-104
 16           } #RSN信息的第6字节
 17 WPA_Auth = {1:802.11x/PMK,
 18             2:PSK
 19            } #RSN信息的第22字节
 20 DN = open(os.devnull,w)
 21 
 22 def get_wlan_interfaces():
 23     ‘‘‘
 24     返回当前PC上所有的无线网卡以及网卡所处的模式
 25     ‘‘‘
 26     interfaces = {monitor:[],managed:[],all:[]}
 27     proc = subprocess.Popen([iwconfig],stdout=subprocess.PIPE,stderr=DN)
 28     lines = proc.communicate()[0].split(\n)
 29     for line in lines:
 30         if line:
 31             if line[0] !=  :
 32                 iface = line.split( )[0]
 33                 if Mode:Monitor in line:
 34                     interfaces[monitor].append(iface)
 35                 if IEEE 802.11 in line:
 36                     interfaces[managed].append(iface)
 37                 interfaces[all].append(iface)
 38     if len(interfaces[managed]) == 0:
 39         sys.exit([!]没有无线网卡,请插入网卡)
 40     return interfaces
 41 
 42 interfaces = get_wlan_interfaces()  #获取当前的无线网卡
 43 
 44 def get_strongest_inface():
 45     ‘‘‘
 46     通过iwlist dev scan命令,根据无线网卡可获取到的AP数量来判断哪个网卡的功率最强
 47     ‘‘‘
 48     iface_APs = []
 49     #interfaces = get_wlan_interfaces()
 50     for iface in interfaces[managed]:
 51         count = 0
 52         if iface:
 53             proc = subprocess.Popen([iwlist,iface,scan],stdout=subprocess.PIPE,stderr=DN)
 54             lines = proc.communicate()[0].split(\n)
 55             for line in lines:
 56                 if line:
 57                     if - Address: in line:
 58                         count += 1
 59             iface_APs.append((count,iface))
 60     interface = max(iface_APs)[1]
 61     return interface
 62 
 63 def start_monitor_mode():
 64     ‘‘‘
 65     通过airmon-ng工具将无线网卡启动为监听状态
 66     ‘‘‘
 67     if interfaces[monitor]:
 68         print [*]监听网卡为:%s % interfaces[monitor][0]
 69         return interfaces[monitor][0]
 70     interface = get_strongest_inface()
 71     print [*]网卡%s开启监听模式... % interface
 72     try:
 73         os.system(/usr/sbin/airmon-ng start %s % interface)
 74         moni_inface = get_wlan_interfaces()[monitor]
 75         print [*]监听网卡为:%s % moni_inface[0]
 76         return moni_inface
 77     except:
 78         sys.exit([!]无法开启监听模式)
 79         
 80 def get_AP_info(pkt):
 81     ‘‘‘
 82     从Dot11数据包中获取AP的SSID,BSSID,chanle,加密等信息
 83     ‘‘‘
 84     AP_info = {}
 85     bssid = pkt[Dot11][Dot11Elt].info
 86     ssid = pkt[Dot11].addr2
 87     chanle = str(ord(pkt[Dot11][Dot11Elt][:3].info))
 88     AP_infos = [bssid,chanle]
 89     wpa_info,cipher_info = get_Dot11_RSN(pkt)
 90     if wpa_info and cipher_info:
 91         AP_infos = AP_infos + [wpa_info,cipher_info]
 92     AP_info[ssid]=AP_infos  
 93     return AP_info
 94 
 95 APs_info = {}
 96 def get_APs_info(pkt):
 97     global APs_info
 98     if pkt.haslayer(Dot11) and (pkt.haslayer(Dot11Beacon) or pkt.haslayer(Dot11ProbeResp)):
 99         AP_info = get_AP_info(pkt)
100         
101         if not APs_info.has_key(AP_info.keys()[0]):
102             APs_info.update(AP_info)   
103     return APs_info
104 
105 
106 already_shows = []
107 def show_APs_info(pkt):
108     global already_shows
109     APs_info = get_APs_info(pkt)
110     for (key,value) in APs_info.items():
111         if key not in already_shows:
112             already_shows.append(key)
113             print - * 40
114             print  [+]AP的BSSID:%s % value[0]
115             print  [+]AP的SSID:%s % key
116             print  [+]AP当前的chanle:%s % value[1]
117             if len(value) == 4:
118                 print  [+]AP的认证方式为:%s % value[2]
119                 print  [+]AP的加密算法为:%s % value[3]
120             else:
121                 print  [+]开放验证!!
122             print - * 40
123                 
124 def get_Dot11_RSN(pkt):
125     ‘‘‘
126     从Beacon帧以及ProbeResponse帧获取cipher及auth信息
127     ‘‘‘
128     ssid = pkt[Dot11].addr2
129     len_Elt = len(pkt[Dot11Elt].summary().split(/))
130     #print pkt.show()
131     for i in range(len_Elt):
132         if pkt[Dot11Elt][i].ID == RSN:
133             try:
134                 RSN_info = hexstr(pkt[Dot11Elt][i].info)
135                 cipher_index = RSN_info.find(ac) #第一个00 0f ac 02中的‘02’代表cipher
136                 auth_index = RSN_info.rfind(ac)   #从后往前数第一个00 0f ac 02中的‘02’代表AUTH
137                 cipher_num = int(RSN_info[(cipher_index + 3):(cipher_index + 5)])
138                 auth_num = int(RSN_info[(auth_index + 3):(auth_index + 5)])
139                 for key,value in Dot11i.items():
140                     if cipher_num == key:
141                         cipher_info = value
142                 for key,value in WPA_Auth.items():
143                     if auth_num == key:
144                         wpa_info = value
145             #print wpa_info,cipher_info 
146                 return wpa_info,cipher_info
147             except:
148                 pass
149     return None,None
150     
151             
152 
153        
154 
155 def sniffering(interface,action):
156     ‘‘‘
157     嗅探5000个数据包
158     ‘‘‘
159     print [*]附近AP信息如下:
160     sniff(iface=interface,prn=action,count=5000,store=0)
161     
162           
163 def main():
164     moni_inface = start_monitor_mode()
165     sniffering(moni_inface, show_APs_info)
166 
167 if __name__ == __main__:
168     main()
169

运行结果如下:

 1 # python test_sniff.py 
 2 WARNING: No route found for IPv6 destination :: (no default route?)
 3 [*]监听网卡为:wlan1mon
 4 [*]附近AP信息如下:
 5 ----------------------------------------
 6  [+]AP的BSSID:100msh-XXX
 7  [+]AP的SSID:84:82:f4:xx:xx:xx
 8  [+]AP当前的chanle:11
 9  [+]开放验证!!
10 ----------------------------------------
11 ----------------------------------------
12  [+]AP的BSSID:??¡????
13  [+]AP的SSID:d0:c7:c0:xx:xx:xx
14  [+]AP当前的chanle:11
15  [+]AP的认证方式为:PSK
16  [+]AP的加密算法为:CCMP
17 ----------------------------------------
18 ----------------------------------------
19  [+]AP的BSSID:FAST_XXX
20  [+]AP的SSID:78:eb:14:xx:xx:xx
21  [+]AP当前的chanle:11
22  [+]AP的认证方式为:PSK
23  [+]AP的加密算法为:CCMP
24 ----------------------------------------
25 ----------------------------------------
26  [+]AP的BSSID:FAST_XXX
27  [+]AP的SSID:0c:72:2c:xx:xx:xx
28  [+]AP当前的chanle:11
29  [+]AP的认证方式为:PSK
30  [+]AP的加密算法为:CCMP
31 ----------------------------------------
32 ----------------------------------------
33  [+]AP的BSSID:XXX
34  [+]AP的SSID:80:81:10:xx:xx:xx
35  [+]AP当前的chanle:8
36  [+]AP的认证方式为:PSK
37  [+]AP的加密算法为:TKIP
38 ----------------------------------------
39 ----------------------------------------
40  [+]AP的BSSID:XXX
41  [+]AP的SSID:80:81:10:xx:xx:xx
42  [+]AP当前的chanle:8
43  [+]AP的认证方式为:PSK
44  [+]AP的加密算法为:TKIP
45 ----------------------------------------
46 ----------------------------------------
47  [+]AP的BSSID:360免费WiFi-44
48  [+]AP的SSID:24:05:0f:xx:xx:xx
49  [+]AP当前的chanle:11
50  [+]AP的认证方式为:PSK
51  [+]AP的加密算法为:CCMP
52 ----------------------------------------

 

以上是关于用python编写的无线AP扫描器的主要内容,如果未能解决你的问题,请参考以下文章

ESP32-C3入门教程 网络篇①——WiFi Scan 快速扫描附近AP无线热点

R7800能不能刷固件开起ap模式,桥接R9000

用大功率无线双频ap手机占用ip吗

NanoFramework 以 AP 模式扫描 wifi 网络

用hostapd自己架无线AP

华为模拟器里的无线ap 怎么升级的