quite obvious that the script counts the dotted lines as an entree. Can you tell it to ignore the dotted lines? So that 1. correspond to the first result, and not the dotted lines.

EDIT:

and btw, the original problem that I mistook for just a weird AP, was in fact the problem here. Where the essid was followed by dotted lines, trowing everything after that offset. So there is a big clue in Wash_Network_Scan-2.txt

quite obvious that the script counts the dotted lines as an entree. Can you tell it to ignore the dotted lines? So that 1. correspond to the first result, and not the dotted lines.

EDIT:

and btw, the original problem that I mistook for just a weird AP, was in fact the problem here. Where the essid was followed by dotted lines, trowing everything after that offset. So there is a big clue in Wash_Network_Scan-2.txt

Yeah the dotted lines are obviously whats causing your problem, can't believe it kept getting overlooked.
I'll make some changes and should upload it very soon for you to test. :-)

ok, but if mi rig explodes I'm calling my lawyers.

just a thought, if the script detects and eliminates double entrees (like the dotted lines), then if the dotted lines are not lined up perfectly they will appear twice, as observed in the Scan Results.

I think I've already solved that problem with a single sed command :-)
Recheck the wpa attack too. ;-)

Try this one:
http://www66.zippyshare.com/v/0vgOeFOf/file.html

will post a pic later so you can see, but now

1. the window went from being too large, to too narrow.
2. essid is not there.
3 it's all messed up
4 attacks don't work. Just hangs.

Slim the dotted line serve a purpose. It keeps the format of the window. Without it things are messed up. You'll see in the pic. Have to go in Windows to run that pic in Photoshop first.

I cannot believe that you don't get the same results on your installation. It would be super useful if you could get your rig straight, to see what we all see.

566 that's what it looks like.

will post a pic later so you can see, but now

1. the window went from being too large, to too narrow.
2. essid is not there.
3 it's all messed up
4 attacks don't work. Just hangs.

Slim the dotted line serve a purpose. It keeps the format of the window. Without it things are messed up. You'll see in the pic. Have to go in Windows to run that pic in Photoshop first.

I cannot believe that you don't get the same results on your installation. It would be super useful if you could get your rig straight, to see what we all see.

No, the dotted lines serve no purpose cause it's all being reformatted.
Who's we all LOL, Only two people including your self have reported this issue. LOL
I've tested FrankenScript on two different computers, one desktop pc and one laptop and FrankenScript functioned correctly on both machines.

What does the ScanResults.txt look like now?.

ok, let's wait for more feedback then, because if only me and nuroo have that problem it makes you chase ghosts.

I'm running Kali 1.1.0a x64 btw, not that it would change anything. Really curious where the difference is.

Did you do your test on 2 different comps with the same USB installation? If so, that might be the problem. Could you format that USB pendrive and reinstall fresh?

I'll do the same. Let's get this solved at least. Takes 30mins then we'll be on the same page. See you in a bit.

now get this.

I've installed the first version FrankenScript_Portable.26.April.2015.tar.gz, on my Kali 1.1.0a i386 USB

I'm seeing what you're seeing. No problems at all. No doted lines.

could it be a x64 vs i386 issue? What's your version x64 or i386?

ok, let's wait for more feedback then, because if only me and nuroo have that problem it makes you chase ghosts.

I'm running Kali 1.1.0a x64 btw, not that it would change anything. Really curious where the difference is.

Did you do your test on 2 different comps with the same USB installation? If so, that might be the problem. Could you format that USB pendrive and reinstall fresh?

I'll do the same. Let's get this solved at least. Takes 30mins then we'll be on the same page. See you in a bit.

Tested it on laptop and pc with kali installed to HDD, and I tested it using a kali-64bit-live usb on the desktop.

Anyway, try this one before you go through all that hassle.

http://www12.zippyshare.com/v/wGoo9X8v/file.html

well that would explain the lack of feedback if no one else is seeing what me and nuroo are seeing.

So now that everything works with on my i386 USB, lets keep the first version (FrankenScript_Portable.26.April.2015.tar.gz) and move on from there right? Because all the subsequent version after that one was ghost chasing. What do you think?

browsed the first page of this thread by mistake, and I found that bit interesting.. https://forums.kali.org/showthread.php?19913-FrankenScript-by-Slim76-It-Attacks-Access-Points-and-pcap-files&p=30226&viewfull=1#post30226

Anyways will wait to see how you want to proceed.

Hey guys when i go to try an attack,it tells me this.

/root/FrankenScript_Portable/Scripts/attack_wps.sh: line 504: /root/FrankenScript_Portable/Reaver/: Is a directory


also when it says "input the ammount of deauth requests to be sent" i press any number and enter and it dont do anything it keeps flashing and not sending any deauths at all,dont know why? any help would be appreciated :)

get this #2

I've fired up an older version, FrankenScript_v3.1Updated_9-10-14.deb, on my 1.1.0a x64 version (the one I'm having problems with), and did the same wash scan. The results are all messed up with the doted line.

So, it's obviously not the new version of FS that is causing this. I have no idea what is going on.

Hey guys when i go to try an attack,it tells me this.

/root/FrankenScript_Portable/Scripts/attack_wps.sh: line 504: /root/FrankenScript_Portable/Reaver/: Is a directory


also when it says "input the ammount of deauth requests to be sent" i press any number and enter and it dont do anything it keeps flashing and not sending any deauths at all,dont know why? any help would be appreciated :)

Hi memasonman, welcome to the nuthouse where weird things happen..

Please state your version of Kali and FS version also.

Hi memasonman, welcome to the nuthouse where weird things happen..

Please state your version of Kali and FS version also.

hi Quest yes i have the new kali 1.1.0a and FrankenScript_Portable.30th.April.2015.tar.gz

oh the "input the ammount of deauth requests to be sent" option is back in!? Thanks for informing me. Had no idea.

Will give it a spin later.

Hey guys when i go to try an attack,it tells me this.

/root/FrankenScript_Portable/Scripts/attack_wps.sh: line 504: /root/FrankenScript_Portable/Reaver/: Is a directory
I don't know what you mean by that. Are you talking about launching an attack from the FS interface with the available choices from the menu? If so which attacks are they? Or do you mean that you tried to start a script? Because that's what it looks like to me.




also when it says "input the ammount of deauth requests to be sent" i press any number and enter and it dont do anything it keeps flashing and not sending any deauths at all,dont know why? any help would be appreciated :)

I've tried it and I think that function is not ready. I have the same result.

ok when i pick
1] = Reaver.t6x + Pixiewps (Fixed Arguments)
it brings me to a list
[1] = Try Arguments(-a -P -K 1,2,3 -vv) Then (-a -K 1,2,3 -vv)
[2] = Try -a P -K 1 -vv (Ralink Chipset)
[3] = Try -a P -K 2 -vv (Broadcom Chipset)
[4] = Try -a P -K 3 -vv (Realtek Chipset)
[5] = Try -a K 1 -vv (Ralink Chipset)
[6] = Try -a K 2 -vv (Broadcom Chipset)
[7] = Try -a K 3 -vv (Realtek Chipset)
[8] = Try -a W 1 -vv (Belkin)
[9] = Try -a W 2 -vv (D-Link)
[r] = Return To The Main WPS Attack Menu
[p] = Proceed To Attack The Next Target, Or Quit WPS Attacks

all of these that i try from 1 to 9 gives me this
/root/FrankenScript_Portable/Scripts/attack_wps.sh: line 603: /root/FrankenScript_Portable/Reaver/: Is a directory

i have my folder in Home and everything else works but this.??

I don't know what you mean by that. Are you talking about launching an attack from the FS interface with the available choices from the menu? If so which attacks are they? Or do you mean that you tried to start a script? Because that's what it looks like to me.




I've tried it and I think that function is not ready. I have the same result.

Ok, the wpa issue is my bad, I put the deauth option back in but didn't test it, Sorry. :-(

What does the ScanResult.txt file look like now?

Hey guys when i go to try an attack,it tells me this.

/root/FrankenScript_Portable/Scripts/attack_wps.sh: line 504: /root/FrankenScript_Portable/Reaver/: Is a directory


also when it says "input the ammount of deauth requests to be sent" i press any number and enter and it dont do anything it keeps flashing and not sending any deauths at all,dont know why? any help would be appreciated :)

Can you post more information regarding the wps.sh error please.
What options did you choose and where abouts in the script did it happen?.

I really don't understand how people are getting different results from the same functions.
I'm thinking it must be something to do with what we have or haven't got installed in kali, or something to do with how kali has been customized.

also theres a different line number for each one

/root/FrankenScript_Portable/Scripts/attack_wps.sh: line 504: /root/FrankenScript_Portable/Reaver/: Is a directory

me and nuroo were both experimenting with the new Aircrack-ng suite. So it might be what is causing us to have different result. Regardless, I'm running Kali 1.1.0a i386 from now on, and all is good now, no offsets. Let's forget about the Wash Scan Results being offset, and move on.

What version of FS do you want to continue with?

Lets revert back to FrankenScript_Portable.26.April.2015.tar.gz, because after that we went on a ghost hunt, and all modifications are bound to cause problems like attacks not working.

me and nuroo were both experimenting with the new Aircrack-ng suite. So it might be what is causing us to have different result. Regardless, I'm running Kali 1.1.0a i386 from now on, and all is good now, no offsets. Let's forget about the Wash Scan Results being offset, so lets move on.

What version of FS do you want to continue with?

Lets revert back to FrankenScript_Portable.26.April.2015.tar.gz, because after that we went on a ghost hunt, and all modifications are bound to cause problems like attacks not working.

I did say I thought it was your kali setup. LOL
I'm going to upload another version just for testing, I've added some check points to help me locate the wps.sh issue memasonman mentioned.

TEST VERSION ONLY:
http://www58.zippyshare.com/v/ijvS4wQt/file.html

yes I think that you are a couple of post behind. https://forums.kali.org/showthread.php?19913-FrankenScript-by-Slim76-It-Attacks-Access-Points-and-pcap-files&p=44732&viewfull=1#post44732

But yeah, 50 posts later, the problem was on my end. I will use a dedicated Kali install to prevent such embarrassing situation from happening. That really sucked.

So start back with FrankenScript_Portable.26.April.2015.tar.gz if you can, and let's pickup from there.

yes I think that you are a couple of post behind. https://forums.kali.org/showthread.php?19913-FrankenScript-by-Slim76-It-Attacks-Access-Points-and-pcap-files&p=44732&viewfull=1#post44732

But yeah, 50 posts later, the problem was on my end. I will use a dedicated Kali install to prevent such embarrassing situation from happening. That really sucked.

So start back with FrankenScript_Portable.26.April.2015.tar.gz if you can, and let's pickup from there.

Lets just stick with the test version I posted. LOL

Hey guys when i go to try an attack,it tells me this.

/root/FrankenScript_Portable/Scripts/attack_wps.sh: line 504: /root/FrankenScript_Portable/Reaver/: Is a directory


also when it says "input the ammount of deauth requests to be sent" i press any number and enter and it dont do anything it keeps flashing and not sending any deauths at all,dont know why? any help would be appreciated :)

Try the test version I uploaded and report back please

I'm guessing it must be working for memasonman as the person didn't reply back.

there's two problems in his post. Which one are you referring to? And also he's on an admin approval post, so his posts are delayed.

like this one appeared sometime this morning https://forums.kali.org/showthread.php?19913-FrankenScript-by-Slim76-It-Attacks-Access-Points-and-pcap-files&p=44766&viewfull=1#post44766

like this one appeared sometime this morning https://forums.kali.org/showthread.php?19913-FrankenScript-by-Slim76-It-Attacks-Access-Points-and-pcap-files&p=44766&viewfull=1#post44766

I forgot about the admin approval thing, it's a bit of a pain in the *** but I guess its done for a good reason.

yes he's got another post after that one. I still don't understand his problem. Sounds like he did not install correctly?

masonman, Did you install FS by decompressing the archive in Home > double click on FrankenScript.sh > Run in the terminal ?


ok when i pick
1] = Reaver.t6x + Pixiewps (Fixed Arguments)
it brings me to a list
[1] = Try Arguments(-a -P -K 1,2,3 -vv) Then (-a -K 1,2,3 -vv)
[2] = Try -a P -K 1 -vv (Ralink Chipset)
[3] = Try -a P -K 2 -vv (Broadcom Chipset)
[4] = Try -a P -K 3 -vv (Realtek Chipset)
[5] = Try -a K 1 -vv (Ralink Chipset)
[6] = Try -a K 2 -vv (Broadcom Chipset)
[7] = Try -a K 3 -vv (Realtek Chipset)
[8] = Try -a W 1 -vv (Belkin)
[9] = Try -a W 2 -vv (D-Link)
[r] = Return To The Main WPS Attack Menu
[p] = Proceed To Attack The Next Target, Or Quit WPS Attacks

all of these that i try from 1 to 9 gives me this
/root/FrankenScript_Portable/Scripts/attack_wps.sh: line 603: /root/FrankenScript_Portable/Reaver/: Is a directory

i have my folder in Home and everything else works but this.??

hmm strange.

@ masonman

Use this test version and then post what the line under WPS Check Point 1 says, please.

http://www13.zippyshare.com/v/UtDGd1gJ/file.html

@ Quest
Can you test this version too please. :-)

there are no check points, and the deauth packets option still don't work. Other than that I don't see anything.

[1] = Try Arguments(-a -P -K 1,2,3 -vv) Then (-a -K 1,2,3 -vv), works here. Though cannot really test as I never had luck with the whole pixie thing, and therefore cannot compare, and confirm that it is working. nuroo might be able to.

hi slim76, yes i tried your test one,and i cant get even the scans to show,


@Quest yes i extracted the tar file into my home folder,and then opened it up in terminal,everything works except what i posted above bud.weird.

i tried your test one ,it showed me my scans now, it didnt before,but its the same result as the other frankenscript i used,im just registered here so my posts takes a long time to get to you ,i understand :)

there are no check points, and the deauth packets option still don't work. Other than that I don't see anything.

[1] = Try Arguments(-a -P -K 1,2,3 -vv) Then (-a -K 1,2,3 -vv), works here. Though cannot really test as I never had luck with the whole pixie thing, and therefore cannot compare, and confirm that it is working. nuroo might be able to.

I just checked the deauth options and found the problem, i did fix it but I uploaded the wrong version.
I'm scrapping the test version and sticking to just one version from now on.

I hope to have everything fixed by tonight, I've added some other functions/options and will upload it once its finished.

pixiewps 1.1 https://forums.kali.org/showthread.php?25018-Pixiewps-wps-pixie-dust-attack-tool&p=44817&viewfull=1#post44817

and a reaver-wps-fork-t6x https://github.com/t6x/reaver-wps-fork-t6x

Heres the latest version.

FrankenScript_Portable.3rd.May.2015.tar.gz:

http://www12.zippyshare.com/v/0tnn263D/file.html

I plan to make some changes to the attacks next. :-)

1. The handshake works, thank you =]

2. If I capture more than 1 handshake from different clients connected to the same AP, the latest handshake crushes the previous one? So it's not possible to capture more than 1 handshake per AP? Keep the MAC of the client rather than the name of the AP for the cap file name maybe? Or XXXXX.cap, XXXXX2.cap, XXXX3.cap? Or separate folders?

3. It's easy to loose a handshake by mistake if choosing [2] = Pyrit Handshake Validation > [1] = Check For A Good Handshake, because 90% of the time it wont pass that check and the handshake will be evaporated. So it would be better to keep the validation in a separate process because...

4. The validation process should be available on the main menu from the start. The user should be able to verify any cap file at anytime.


############# Main Menu ##############
#
# [1] = Scans & Attacks
# [2] = View Recovered Passkeys
# [3] = Handshake Validation

# [4] = Update Backup Archives
# [5] = Reinstall FrankenScript Apps
#
# [q] = Exit FrankenScript
#
######################################


Please choose an option: 3


Cheers!

1. The handshake works, thank you =]

2. If I capture more than 1 handshake from different clients connected to the same AP, the latest handshake crushes the previous one? So it's not possible to capture more than 1 handshake per AP? Keep the MAC of the client rather than the name of the AP for the cap file name maybe? Or XXXXX.cap, XXXXX2.cap, XXXX3.cap? Or separate folders?

3. It's easy to loose a handshake by mistake if choosing [2] = Pyrit Handshake Validation > [1] = Check For A Good Handshake, because 90% of the time it wont pass that check and the handshake will be evaporated. So it would be better to keep the validation in a separate process because...

4. The validation process should be available on the main menu from the start. The user should be able to verify any cap file at anytime.



Cheers!

I see your point about not being able to target and store multiple handshakes, I'll look into capturing and storing multiple handshakes soon.

Regarding the Pyrit handshake check,:
The pyrit handshake check you mention only checks for a good handshake, so you need a good handshake to pass the check.
(try getting closer to the access poin If you're getting bad handshakes)
The other pyrit handshake check option might be the option you want, it checks for a good or workable handshake, or can you use the cowpatty check.
For the reason above I won't be changing the pyrit option.

Putting a handshake validation option on the main menu doesn't make sense to me.
FrankenScript offers the option to validate the handshake after one has been captured, doing it this way saves the user time as they wouldn't need to scan for a target again or setup their system to perform another capture.
FrankenScript only captures and stores the handshakes, it doesn't offer an option to crack them yet.
So why would you want to skip the original check?, and why would you want to check it later?.

For experiments purposes. Especially considering that if I run a check at the end of the routine it will not save that cap file.

it's good that the routine offers the choice to verify the .cap file, or not. But for some, verifying a .cap is a separate process, especially is you add .cap files from a different source and would like to check them. Then it is not possible to run a cap file check with FS, as that option is not there.

have you seen that post Slim..

https://forums.kali.org/showthread.php?24286-WPS-Pixie-Dust-Attack-(Offline-WPS-Attack)&p=44838&viewfull=1#post44838


Hey guys, I am a little bit confused as to the usage of -f in the new pixiewps. It refers to mode4??? anyone kind enough to clarify?

Yes sorry I should've clarified. The --force option is used only for what I call mode 4 which is Realtek 's PRNG seed bruteforce. I was planning on adding modes selection but I didn't and I left those modes on the usage screen and I didn't want to explicitly refer to vendors in the program.

The best practice is to run the program without -f and if you get a warning saying that the router might be vulnerable to mode 4 it means that you may want to try again with -f or with another set of data that could lead you (mode 2) secret nonces = enrollee nonce. I also refer to modes because that's how the program runs internally: it tries for every possible vulnerability. When it bruteforce the new PRNG though (that is mode 4) it tests normally for a small window of time (approximately 10 days) because the new bruteforce is more consuming power.

So --force is basically used only if the router has set its time to past (more than 10 days ago). To exhaust it probably takes 20 - 30 mins. Also -f doesn't take any argument. The program just doesn't complain if you pass it some extra arguments. I gotta fix that. :)

Also would you mind replying on the pixiewps thread for program related questions? Thanks.

have you seen that post Slim..

https://forums.kali.org/showthread.php?24286-WPS-Pixie-Dust-Attack-(Offline-WPS-Attack)&p=44838&viewfull=1#post44838

FrankenScript doesn't directly interact with pixiewps, t6x's reaver mod does that job and does it nicely too. :-)
FrankenScript only interacts with t6x's reaver mod, so hopefully t6x will add something for the -f into his version of reaver.

FrankenScript will only deal with things its processed by its self, so if you captured a handshake using other means FrankenScript wont check it.
Why wouldn't you just use FrankenScript to capture the handshake in the first place, what situation would involve capturing a handshake using other means and then needing FrankenScript to check it?.

I might want to use different means of capping then regroup all .cap in one place and/or want to verify those .cap at a later time. More options = better.

https://forums.kali.org/showthread.php?25123-Reaver-modfication-for-Pixie-Dust-Attack&p=43900&viewfull=1#post43900

wash -i mon0 -g -c 2
XX:XX:XX:XX:XX:XX| 1|-68|1.0|No |AAA| D-Link| DIR-615
XX:XX:XX:XX:XX:XX| 1|-58|1.0|No |CCC| ASUSTeK Computer Inc.| RT-N56U

I luv information gathering, if you could bring FS to scan like above as an option, for each AP, after a normal wash, that would be cool.

Also, the new Airodump totally rocks. If you could extract Airodump from the Aircrack-ng suite, and make it work with FS..

https://forums.kali.org/showthread.php?25131-*News*-Aircrack-Version-1-2-rc2-Released-10-April-2015&p=44149&viewfull=1#post44149

https://forums.kali.org/showthread.php?25123-Reaver-modfication-for-Pixie-Dust-Attack&p=43900&viewfull=1#post43900


I luv information gathering, if you could bring FS to scan like above as an option, for each AP, after a normal wash, that would be cool.

Also, the new Airodump totally rocks. If you could extract Airodump from the Aircrack-ng suite, and make it work with FS..

https://forums.kali.org/showthread.php?25131-*News*-Aircrack-Version-1-2-rc2-Released-10-April-2015&p=44149&viewfull=1#post44149

I've just quickly checked airodump-ng and I think I might be able to put something together.. LOL
I'd need to make a lot of changes, but i'll still look into it.

wow major turn of events here.. https://bugs.kali.org/view.php?id=2219&nbn=2#bugnotes



Aircrack-ng v1.2 RC2 Update

Aircrack-ng is the de facto penetration tool suite – essential for any wireless penetration tests or assessments. In this latest Aircrack-ng release, amongst the normal bug fixes and code improvements there has been a significant change to airmon-ng, the tool used to put wireless cards into monitor mode. Other new and notable features are that airtun-ng is now able to decrypt WPA as well as several new airodump-ng flags, such as – -wps and – -uptime.

https://www.kali.org/penetration-testing/pixiewps-reaver-aircrack-ng-updates/

In reaver 1.5.2, only -K1 is necessary. reaver now automatically does -K2,3.............

-K --pixie-dust=<number> [1] Run pixiewps with PKE, PKR, E-Hash1, E-Hash2 and E-Nonce (Ralink, Broadcom, Realtek)
no need to have your script execute -K1,2,3 >>> just -K1

In reaver 1.5.2 the -W1 and -W2 options are only for specific brands (belkin and dlink?). In my opinion the possible pins should not be displayed unless user attacking those brands, otherwise confusing.

As of reaver 1.5.2, user still must notice if new pixiewps 1.1 thinks router may be vulnerable to -f option, then try it manually. So that response should showed to user.

##############
If the user decides he wants a spoof/random mac address, does your script also pass the -m option to reaver
ie:
reaver -i mon0 -b 00:11:22:33:44:55:66 -m 11:00:11:00:11:00 -vv -S -N -K1
also in aireplay, the -h option:
aireplay-ng -1 6000 -o 1 -q 10 -e teddy -a 00:11:22:33:44:55:66 -h 11:00:11:00:11:00 mon0
I recommend for mac filtering routers. Reaver will still pass the real mac if above -m not used......

wow major turn of events here.. https://bugs.kali.org/view.php?id=2219&nbn=2#bugnotes




https://www.kali.org/penetration-testing/pixiewps-reaver-aircrack-ng-updates/

+1 new Aircrack-ng is much improved. Just hate that he changed monitor naming though. I cant even test this script on other pc, because of it.

yes Slim will have to re-write everything again I suppose. All good though, and better now than later. I worry abit about massive confusion until K1.1.1 comes out, as some will not see the same things and have different results. Though we inadvertently provided Slim with a practice run with that Wash Scan Results 50 posts episode.

Thanks for the feedback. Did you have any luck with that FS pixie attack? Can you confirm that it works?

Actually I did not. I got some association errors, from reaver. Against routers that were in range, and just attacked with command line. Could have been my fault. I will double check my process.

Curious to why Frankenstein insist on installing reaver and pixie---- i had latest versions already!! Plus no confirmation to install, Slim luv confirmation?

oh it does not install them, just decompress them in the FrankenScript_Portable. It does not change anything, but avoids the user from installing them if not installed.

Ok thanks for checking that for me because I don't have a pixie vulnerable AP, and therefore cannot really test that attack. Cheers!!

Oh ok That is brilliant idea. Save user from having to have preinstalled. And insure script has helper apps it needs. +A

Now when script ask if I want to update archive, ill know it only means it's archive copies.

In reaver 1.5.2, only -K1 is necessary. reaver now automatically does -K2,3.............

-K --pixie-dust=<number> [1] Run pixiewps with PKE, PKR, E-Hash1, E-Hash2 and E-Nonce (Ralink, Broadcom, Realtek)
no need to have your script execute -K1,2,3 >>> just -K1

In reaver 1.5.2 the -W1 and -W2 options are only for specific brands (belkin and dlink?). In my opinion the possible pins should not be displayed unless user attacking those brands, otherwise confusing.

As of reaver 1.5.2, user still must notice if new pixiewps 1.1 thinks router may be vulnerable to -f option, then try it manually. So that response should showed to user.

##############
If the user decides he wants a spoof/random mac address, does your script also pass the -m option to reaver
ie:
reaver -i mon0 -b 00:11:22:33:44:55:66 -m 11:00:11:00:11:00 -vv -S -N -K1
also in aireplay, the -h option:
aireplay-ng -1 6000 -o 1 -q 10 -e teddy -a 00:11:22:33:44:55:66 -h 11:00:11:00:11:00 mon0
I recommend for mac filtering routers. Reaver will still pass the real mac if above -m not used......

Cheers for the info, i'll be updating the attacks soon.
I left the -W options just incase any other ap's use the same pin generation method, it's a long shot I know but still worth a try.

@ Quest

I'm currently rewriting the wpa attack script, I think you might be happy with this next one if all goes to plan. LOL

I was enjoying that latest version of FS. The new Aircrack-ng, kinda put the brakes on my fun level. The two not being compatible. Still it's for the best, and I'm sure you will bring the creature, also known as Frank, back from the dead,.. again!

RIP mon0. You will be missed :)

Not at my computer at the moment. Can Frankenscript declock hide access points using client macs that may be connected during its scanning?

Older version of wifite, by Brian pow on github does it well. I was surprised by how many "hidden routers" it found.

Killer feature, what u guys think......lol adding extra work

oh yes, and that falls right in the information gathering category, so naturally I'm all for it.

I've got FrankenScript working with the new airmon-ng, but I'm having trouble capturing the wps info from the new airodump-ng.
When I manage to solve the airodump issue I'll upload the new version of FrankenScript. :-)

Not at my computer at the moment. Can Frankenscript declock hide access points using client macs that may be connected during its scanning?

Older version of wifite, by Brian pow on github does it well. I was surprised by how many "hidden routers" it found.

Killer feature, what u guys think......lol adding extra work

FrankenScript has 3 different scan functions:
1) iw dev scan
2) wash scan
3) airodump scan.

I could be wrong but doesn't airodump-ng decloak hidden access points automatically.

I receive an error: No usable WiFi devices were found, please fix the issue before running FrankenScript again. Is this talked about earlier in the threads? If not, what should i do?

I'm experimenting with salt, garlic and besside-ng. What makes it interesting other than being a nasty little monster, is that it come with its own .cap file cleaning "Crawler"
besside-ng-crawler <SearchDir> <CapFileOut>


http://www.aircrack-ng.org/doku.php?id=besside-ng

It's not included in the Aircrack-ng 1.2 though. Have to download Aircrack-ng SVN version.


EDIT: meh it doesn't seem to do anything right.

I receive an error: No usable WiFi devices were found, please fix the issue before running FrankenScript again. Is this talked about earlier in the threads? If not, what should i do?

Correct. The new FS is not ready yet.

OT: Do you have a pixie attack vulnerable router smittyrock?

I've got FrankenScript working with the new airmon-ng, but I'm having trouble capturing the wps info from the new airodump-ng.
When I manage to solve the airodump issue I'll upload the new version of FrankenScript. :-)

Greet news that FrankenScript supports new aircrack because as u know, Kali officially upgraded its aricrack-ng to the newest version.

@slim
using wash maybe alot easier to parse, especially with -P option. It was intended for use by programmers, scriptwriters, embedded systems, etc., (also great on my netbook)
> wash -i mon0 -P -c1

00:00:00:00:70:2A| 1|-58|1.0|No |marg000000
00:00:00:00:AA:70| 1|-53|1.0|No |TG100000
00:00:00:00:15:00| 1|-58|1.0|No |TG10000
00:00:00:00:B4:7E| 1|-47|1.0|No |Leaf 0000000
00:00:00:00:AF:20| 1|-58|1.0|No |DG00000
00:00:00:00:93:CA| 1|-55|1.0|No |702
00:00:00:00:76:90| 1|-52|1.0|No |DG100000

I receive an error: No usable WiFi devices were found, please fix the issue before running FrankenScript again. Is this talked about earlier in the threads? If not, what should i do?

Can you provide more details.
1) What version of Frankencript are you using.

2) Are you using the new or old airmon-ng?.

3) Are you using kali-linux or a different os?.

Hey Slim!

he probably updated his Kali installation. That's what I'm getting also.

Greet news that FrankenScript supports new aircrack because as u know, Kali officially upgraded its aricrack-ng to the newest version.

@slim
using wash maybe alot easier to parse, especially with -P option. It was intended for use by programmers, scriptwriters, embedded systems, etc., (also great on my netbook)
> wash -i mon0 -P -c1

00:00:00:00:70:2A| 1|-58|1.0|No |marg000000
00:00:00:00:AA:70| 1|-53|1.0|No |TG100000
00:00:00:00:15:00| 1|-58|1.0|No |TG10000
00:00:00:00:B4:7E| 1|-47|1.0|No |Leaf 0000000
00:00:00:00:AF:20| 1|-58|1.0|No |DG00000
00:00:00:00:93:CA| 1|-55|1.0|No |702
00:00:00:00:76:90| 1|-52|1.0|No |DG100000

I've already sorted the wash scan and iw dev scan, I just need to finish the airodump scan.

you know what.. I've been thinking that it might be better for Frank to have its own Aircrack-ng, and run everything internally, independently. Otherwise it will be a huge mess until K1.1.1 comes out, or even way after it has.

That message up there from smittyrock_1, you will get alot of the same.

you know what.. I've been thinking that it might be better for Frank to have its own Aircrack-ng, and run everything internally, independently. Otherwise it will be a huge mess until K1.1.1 comes out, or even way after it has.

That message up there from smittyrock_1, you will get alot of the same.

I've sorted out all those issues already, I just need to finish editing the attacks. :-)

moreover if they make changes upstream (and there will probly be alot of that), boom back to square one, no worki. So if that's what you had in mind also great!!

Also, just a thought for future dev. Considering that many scripts don't work anymore, wouldn't that be a good time to reintroduce Script Launcher? So two Aircrack-ng? See what I mean?

moreover if they make changes upstream (and there will probly be alot of that), boom back to square one, no worki. So if that's what you had in mind also great!!

Also, just a thought for future dev. Considering that many scripts don't work anymore, wouldn't that be a good time to reintroduce Script Launcher? So two Aircrack-ng? See what I mean?

Dude that really doesn't make sense, what's the point of adding a script launcher if most of the scripts don't work anymore. Lol

They don't work because of the new Aircrack-ng. If you can make FS independent by running its own Aircrack-ng, then nothing prevents adding also the older Aircrack-ng, making the now defunct scripts work again. Daya follow me?

They don't work because of the new Aircrack-ng. If you can make FS independent by running its own Aircrack-ng, then nothing prevents adding also the older Aircrack-ng, making the now defunct scripts work again. Daya follow me?

That makes more sense to me now, and I think its actually a good idea too.
Changing things now is going to cause a further delay, so I might finish editing the attacks and then upload it, then I might make the changes

that would be great. You will save yourself alot of work in the long run, and make alot of friends in the process.

that would be great. You will save yourself alot of work in the long run, and make alot of friends in the process.

I don't mind the work really, I actually enjoy it. :-)
Make alot of friends you say LOL, dude you're about the only person that's bothered to reply and help. LOL
Well friends or no friends I'm not bothered lol, I'll add it for you cause you were good enough to help me by leaving feedback. :-)

I don't mind the work really, I actually enjoy it. :-)
Make alot of friends you say LOL, dude you're about the only person that's bothered to reply and help. LOL
Well friends or no friends I'm not bothered lol, I'll add it for you cause you were good enough to help me by leaving feedback. :-)
I'll probably need your help when I add the script launcher and options and such. :-)

I don't know what happend with this post, I was editing the previous post (At least I thought I was) but it created this post??, guess it must have been my error, sorry.

double posting? I never do that myself :rolleyes:

That internal Aircrack-ng implementation will also have the quality of making FS time proof. There are alot of changes on the horizon and to take these steps now will prevent future redundant re-writing of what was. All the work is nice, if you enjoy it, but focusing on improvements is even more rewarding and is where the progress is at. Cheers monster maker, and yes, lets roll :cool:

EDIT:

So what is a good older Aircrack-ng version to add in FS in addition to the more recent one?

I reinstalled Kali 1.0.7 because I know that everything was fine then. It runs Aircack-ng 1.2 beta3


root@kali:~# aircrack-ng

Aircrack-ng 1.2 beta3 - (C) 2006-2013 Thomas d'Otreppe
http://www.aircrack-ng.org
http://ftp.debian.org/debian/pool/main/a/aircrack-ng/ > aircrack-ng_1.2-0~beta3.orig.tar.gz


The latest Aircrack-ng is here http://www.aircrack-ng.org/ > Sources


Do we all agree on the old version of Aircrack-ng to be added with FS?

EDIT:

So what is a good older Aircrack-ng version to add in FS in addition to the more recent one?

I reinstalled Kali 1.0.7 because I know that everything was fine then. It runs Aircack-ng 1.2 beta3


http://ftp.debian.org/debian/pool/main/a/aircrack-ng/ > aircrack-ng_1.2-0~beta3.orig.tar.gz


The latest Aircrack-ng is here http://www.aircrack-ng.org/ > Sources


Do we all agree on the old version of Aircrack-ng to be added with FS?

I'm rewriting most of FrankenScript again, if all goes well it should contain the following:

svn version of aircrack and aircrack-ng-1.2-rc1 (Installed in FrankenScript), and whatever version the person has installed in kali.
airmon-ng (monX) and airmon-zc (wlanXmon), both will be installed to FrankenScript, I might do it so the user can choose which one to use.
Bully, pixiewps, reaver-1.3, reaver-1.4, reaver-wps-fork-read-only, reaver-wps-fork-t6x, all will be installed to FrankenScript.
DLink.py, easybox_wps.py, WPSpin.py, WPSPIN1.5_wps.pin.generator, all pingens will be installed to FrankenScript.
Dependencies required for building reaver and other required tools, .deb files will already be in the FrankenScript package so no need to download them.
Scan results will be displayed in white, but if the passkey for the network has previously been recovered the result will be displayed in red.
FrankenScript will be able to attack wep, wpa/wpa2, and wps enabled access points.
And as requested it should contain a script launcher and options for checking handshakes in capture files.

I think i've covered most of it lol, and things could change too. lol

sounds like an excellent plan :cool:

I'm experimenting with airmon-ng, because it is the 'problem', not the rest. So if I replace the new airmon-ng with the old one...

So instead of the whole aircrack-ng-1.2-rc1, all that is really needed is the old airmon-ng included with FS. Though I'm not sure hows that going to work. So the original idea of including Aircrack-ng with FS might be the easiest and the best solution. So don't change your plan. I will report back.


EDIT:

Ok, doing an update on a Kali live usb is not doable, so I cannot test the above. They wait too long to come out with an updated version, making the updates download and install 3hrs long. Let me know if you want me to test anything.

just trowing ingredients in the pot.

There might be discrepancies between installations when running certain programs. Some installations are updated running the new -ng, others that are not updated running the old -ng.

If FS runs its own -ng internally for everything it does, that will prevent such discrepancies.

Then maybe it's possible to copy and rename the old airmon-ng, to airmon-ngRC1 into that same directory, so that there will be two. One airmon-ng and one airmon-ngRC1

Everything that needs mon0 will use airmon-ngRC1

The rest will use the new airmon-ng

just trowing ingredients in the pot.

There might be discrepancies between installations when running certain programs. Some installations are updated running the new -ng, others that are not updated running the old -ng.

If FS runs its own -ng internally for everything it does, that will prevent such discrepancies.

Then maybe it's possible to copy and rename the old airmon-ng, to airmon-ngRC1 into that same directory, so that there will be two. One airmon-ng and one airmon-ngRC1

Everything that needs mon0 will use airmon-ngRC1

The rest will use the new airmon-ng

Lol, I did already say FrankenScript will be able to use both versions of airmon, and that it will use the old and new aircrack tool and such. Lol

and do you think that two (2) Aircrack-ng are necessary? All that is needed is 2 airmon. Correct?

and do you think that two (2) Aircrack-ng are necessary? All that is needed is 2 airmon. Correct?

Actually, I think only the old version of airmon is all thats needed. ;-)
I'll probably still add both versions of airmon and two versions of some of the aircrack tools too. LOL
I think its nice to have the choice as well as simplicity. ;-)

Actually, I think only the old version of airmon is all thats needed. ;-) that's the potential problem with all this. Anjelina has Kali 1.1.0a. Raquel also has the same version but updated, and therefore they both run different version of Aircrack-ng, thus two different airmon. If anything pertaining to FS is run outside of FrankenscriptPortable, then it will work for some, not for others. Moreover, if they makes changes upstream (like -ng RC3), then stuff' not gonna work. See the problem there?


I'll probably still add both versions of airmon and two versions of some of the aircrack tools too. LOL
I think its nice to have the choice as well as simplicity. ;-)agreed :)

that's the potential problem with all this. Anjelina has Kali 1.1.0a. Raquel also has the same version but updated, and therefore they both run different version of Aircrack-ng, thus two different airmon. If anything pertaining to FS is run outside of FrankenscriptPortable, then it will work for some, not for others. Moreover, if they makes changes upstream (like -ng RC3), then stuff' not gonna work. See the problem there?

agreed :)

Trust me it will work ok, I'm testing it on two different setups while I'm writing it.

looks like you will have more 'testers' than usual with that new version :D

Let me know when would be a good time for you to review the colors. Nothing wrong with them, just thought that certain key colors should be keep for situation awareness. Positive | Negative | Warning

585 oh I see it now. Better late than never :rolleyes:


Hey guys when i go to try an attack,it tells me this.

/root/FrankenScript_Portable/Scripts/attack_wps.sh: line 504: /root/FrankenScript_Portable/Reaver/: Is a directory


also when it says "input the ammount of deauth requests to be sent" i press any number and enter and it dont do anything it keeps flashing and not sending any deauths at all,dont know why? any help would be appreciated :)

Slim, on a fresh K1.1.0a i386 Live USB, I get the same as memasonman.

Reaver.t6x + Pixiewps Fixed Attack Arguments:
-i mon0 -c 6 -b 00:23:69:XX:XX:XX -a -P -K 1 -vv
/root/FrankenScript_Portable/Scripts/attack_wps.sh: line 464: /root/FrankenScript_Portable/Reaver/: Is a directory

The reavers are not in the Reaver folder for some reason. When starting FS, it detects that the reavers are not there and 'installs' them again, everytime it is launched, yet they never make it in the Reaver folder (see pic).



reaver.fork.t6x is missing, it will be reinstalled now.

checking for gcc... gcc
checking whether the C compiler works... yes
checking for C compiler default output file name... a.out
checking for suffix of executables...
checking whether we are cross compiling... no
checking for suffix of object files... o
checking whether we are using the GNU C compiler... yes
checking whether gcc accepts -g... yes
checking for gcc option to accept ISO C89... none needed
checking for pcap_open_live in -lpcap... no
error: pcap library not found!
make: *** No targets specified and no makefile found. Stop.
cp: cannot stat `reaver': No such file or directory

looks like you will have more 'testers' than usual with that new version :D

Let me know when would be a good time for you to review the colors. Nothing wrong with them, just thought that certain key colors should be keep for situation awareness. Positive | Negative | Warning

That's a good idea, but I've tried that already. lol
I've noticed that some of the colours don't show to good on some laptop screens and some tv's, I found the colours I use now are the most visable.
I'm straining my eyes right now just looking at the yellow warning. LOL

so how to use them now? last version was install deb and run fs3... before was .sh script...so how now run them? extracted trying to run them out:

fu3king@T3ype:~$ '/home/fu3king/FrankenScript.sh'
/home/fu3king/FrankenScript.sh: line 28: airmon-ng: command not found
No usable WiFi devices were found, please fix the issue before running FrankenScript again.

Press [Enter] to exit FrankenScript.

so how to use them now? last version was install deb and run fs3... before was .sh script...so how now run them? extracted trying to run them out:

fu3king@T3ype:~$ '/home/fu3king/FrankenScript.sh'
/home/fu3king/FrankenScript.sh: line 28: airmon-ng: command not found
No usable WiFi devices were found, please fix the issue before running FrankenScript again.

Press [Enter] to exit FrankenScript.

It sounds like you've updated aircrack and are using airmon-zc.
The version of FrankenScript you're using doesn't work with airmon-zc.
I'm currently rewriting FrankenScript, airmon-ng & airmon-zc & airodump (New version) are supported, I just have to rewrite the attacks now and i'll upload it when finished.

slim76,

Sorry I been away for sometime, I initially ran the earlier versions and was interested in cuda/Hashcat with FS. I dropped off the bandwagon because my Mother was ill and eventually passed away this past November. But I am back to learning Kali, regaining focus and I have FS in my sights again.

I am running Kali 1.1.0 and have the latest FrankenScript_Portable.3rd.May.2015.tar.gz extracted in root.

However like Quest I am also getting the following errors:


root@kali:~/FrankenScript# ./FrankenScript.sh

reaver.fork is missing, it will be reinstalled now.

checking for gcc... gcc
checking whether the C compiler works... yes
checking for C compiler default output file name... a.out
checking for suffix of executables...
checking whether we are cross compiling... no
checking for suffix of object files... o
checking whether we are using the GNU C compiler... yes
checking whether gcc accepts -g... yes
checking for gcc option to accept ISO C89... none needed
checking for pcap_open_live in -lpcap... no
error: pcap library not found!
make: *** No targets specified and no makefile found. Stop.
cp: cannot stat `reaver': No such file or directory

reaver.fork.t6x is missing, it will be reinstalled now.

checking for gcc... gcc
checking whether the C compiler works... yes
checking for C compiler default output file name... a.out
checking for suffix of executables...
checking whether we are cross compiling... no
checking for suffix of object files... o
checking whether we are using the GNU C compiler... yes
checking whether gcc accepts -g... yes
checking for gcc option to accept ISO C89... none needed
checking for pcap_open_live in -lpcap... no
error: pcap library not found!
make: *** No targets specified and no makefile found. Stop.
cp: cannot stat `reaver': No such file or directory

reaver v1.3 is missing, it will be reinstalled now.

checking for gcc... gcc
checking whether the C compiler works... yes
checking for C compiler default output file name... a.out
checking for suffix of executables...
checking whether we are cross compiling... no
checking for suffix of object files... o
checking whether we are using the GNU C compiler... yes
checking whether gcc accepts -g... yes
checking for gcc option to accept ISO C89... none needed
checking for pcap_open_live in -lpcap... no
error: pcap library not found!
make: *** No targets specified and no makefile found. Stop.
cp: cannot stat `reaver': No such file or directory

reaver v1.4 is missing, it will be reinstalled now.

checking for gcc... gcc
checking whether the C compiler works... yes
checking for C compiler default output file name... a.out
checking for suffix of executables...
checking whether we are cross compiling... no
checking for suffix of object files... o
checking whether we are using the GNU C compiler... yes
checking whether gcc accepts -g... yes
checking for gcc option to accept ISO C89... none needed
checking for pcap_open_live in -lpcap... no
error: pcap library not found!
make: *** No targets specified and no makefile found. Stop.
cp: cannot stat `reaver': No such file or directory


Any suggestions on how to solve this?

I am going to install reaver-wps-fork from t6x, Pixiewps and a few other new tools later this morning.

jar

Hi jar!

“Don't cry because it's over, smile because it happened.”

― Dr. Seuss


Best thing to do is wait for the next FS, but If you really want to test that latest FS, then do it on a unupdated kali 1.1.0 / a. It won't work on the updated kali version (aircrack-ng RC1 vs aircrack-ng RC2).

I think that the reaver problem might be because of the dependencies? Try to install them first.


apt-get install libsqlite3-dev && apt-get install libpcap0.8-dev

Hi jar!

“Don't cry because it's over, smile because it happened.”

― Dr. Seuss


Best thing to do is wait for the next FS, but If you really want to test that latest FS, then do it on a unupdated kali 1.1.0 / a. It won't work on the updated kali version (aircrack-ng RC1 vs aircrack-ng RC2).

I think that the reaver problem might be because of the dependencies? Try to install them first.


apt-get install libsqlite3-dev && apt-get install libpcap0.8-dev

Nice quote! Thanks.

Shortly after I made the post and I realized what was happening and corrected the issue given the error message:


error: pcap library not found! .

Now I have a problem with:


No usable WiFi devices were found, please fix the issue before running FrankenScript again.

Press [Enter] to exit FrankenScript.

The problem appears to with the sed commands & the latest version of Kali/Aircrack (Goodbye mon0, hello wlan0mon!). So I don't really want to wait for the new version of FS so I am tinkering with the FS and slowly dissecting it. Whats the worst that can happen :confused:

@ jar

I'm sorry for your loss mate.

There were to many problems with the previous versions of FrankenScript so currently rewriting it.
I have a lot going on at the moment and haven't had much time to write the script.
I've already rewritten most of FrankenScript, I just need to finish writing the attacks again and then the new version of FrankenScript will be finished.
I'm going to be very busy for the next few weeks so I cant say when it will be fininshed, sorry.

http://adaywithtape.blogspot.com/

"Basically I thought it would be cool to have some form of alert system based on mobiles so I could keep track of the coming and goings around the house."

*knocks on door* ready to roll bro? :p

trying to unconfuse myself with the new 2.0 interface here. I'll be running the i386 version on a clean, unmodified, sterilized, exorcised, normal Persistent LiveUSB.

Nice quote! Thanks.

Shortly after I made the post and I realized what was happening and corrected the issue given the error message:


error: pcap library not found! .

Now I have a problem with:


No usable WiFi devices were found, please fix the issue before running FrankenScript again.

Press [Enter] to exit FrankenScript.

The problem appears to with the sed commands & the latest version of Kali/Aircrack (Goodbye mon0, hello wlan0mon!). So I don't really want to wait for the new version of FS so I am tinkering with the FS and slowly dissecting it. Whats the worst that can happen :confused:

im having this problem too(not with FS but with the new reaver fork). ..I Dont know how to correct it

your problem is dependencies? Looks at post 345 above. If not here is the correct thread to ask for support only if you are using t6_x reaver version.
https://forums.kali.org/showthread.php?25123-Reaver-modfication-for-Pixie-Dust-Attack

Soxrok also explains that you need to install dependencies, here
https://forums.kali.org/showthread.php?24286-WPS-Pixie-Dust-Attack-%28Offline-WPS-Attack%29

"No useable... " you won't fix this with dependencies cause script is looking for the old mon0,1,2 etc. monitor. I guess there is more trouble ahead but i can fix it (what do you say slim?). Option number 2 is that you wget http://download.aircrack-ng.org/aircrack-ng-1.2-rc1.tar.gz and take the old airmon-ng out of the script folder. Make a backup
cp /usr/sbin/airmon-ng /usr/sbin/airmonnew-ng
and copy the old one to /usr/sbin/airmon-ng

fruchttiger, if you have made a modified version that works with KL2, feel free to share with the rest of us =] Hopefully Slim will defibrillate FS, eventually..

Sry i thought somebody would give feedback just in time. Or Slim as the creator may know some show stopper which makes it pretty useless to waste more time with it. But why not, lets give it a try :) After taking some hours of sleep i'll start code reviewing and give feedback

Sorry i've been really busy lately, I've stiil been working on FrankenScript though.
I've been rewriting FrankenScript for kali2.0, I'm hoping to have it finished and ready for uploading soon.

I was just about to call you an ambulance.

:cool:

I was just about to call you an ambulance.

:cool:

LOL, that reminds me of the old paddy and murphy joke. lol
Paddy and Murphy was walking down the street when paddy fell down a man-hole,
Murphy shouts down to paddy are you ok, paddy replies no I'm not can you please call me an ambulance,
Murphy replies ok you are an ambulance you are an ambulance. lol

yeah I'm sure some on the forum here will understand it that way xD

Good to see you back ambulance! How's Frank doin?

yeah I'm sure some on the forum here will understand it that way xD

Good to see you back ambulance! How's Frank doin?

It's been a total headache, I've had to rewrite most of it AGAIN. ;-(
I don't use airmon-ng to enable monitor mode anymore, so now multiple monitor modes can be created and internet access is still possible too. ;-)

Yes, that, thanks!!

I'm really hoping that you will make FS run its own internal aircrack-ng independently also. I hate to have my toys broken when they make changes upstream. The last FS lasted what, two weeks? Imagine where it would be now. I can.

Cheers :)

Yes, that, thanks!!

I'm really hoping that you will make FS run its own internal aircrack-ng independently also. I hate to have my toys broken when they make changes upstream. The last FS lasted what, two weeks? Imagine where it would be now. I can.

Cheers :)

I done that with an older version of FrankenScript and still had problems and needed to change things, I might see what I can do after I've completed this version for kali2.0.

Thanks for considering it. The redundancy of having 2 of the same programs is the only way to make FS time proof. That would also prevent you from experiencing 'groundhog days' http://www.imdb.com/title/tt0107048/ Personally I would include everything that FS uses. I do not trust anything they do upstream.

On a different note, do not hesitate to upload/post beta versions so we can start testing the latest monster :cool:

Thanks for considering it. The redundancy of having 2 of the same programs is the only way to make FS time proof. That would also prevent you from experiencing 'groundhog days' http://www.imdb.com/title/tt0107048/ Personally I would include everything that FS uses. I do not trust anything they do upstream.

On a different note, do not hesitate to upload/post beta versions so we can start testing the latest monster :cool:

I hope to have something for you to test very soon ;-), I just need to rewrite the attacks again then FrankenScript will be ready for testing.
I've added the script launcher again as you requested some time ago. LOL

scrip launcher will use aircrack-ng RC1 (mon0) ?

scrip launcher will use aircrack-ng RC1 (mon0) ?

Script launcher allows you to select a script and launch it with or without arguments, it can also create monitor mode interfaces (eg: mon1, mon2 and so on).

Script launcher allows you to select a script and launch it with or without arguments, it can also create monitor mode interfaces (eg: mon1, mon2 and so on).
Script launcher doesn't create a mon0 interface, interfaces start from mon1.

so the scripts that haven't been updated to the new Aircrack-ng RC2 (wlan1mon) will work?

That's the idea when I re-requested script launcher, was to make the defunct scripts work again in post #322 https://forums.kali.org/showthread.php?19913-FrankenScript-by-Slim76-It-Attacks-Access-Points-and-pcap-files&p=45168&viewfull=1#post45168

so the scripts that haven't been updated to the new Aircrack-ng RC2 (wlan1mon) will work?

That's the idea when I re-requested script launcher, was to make the defunct scripts work again in post #322 https://forums.kali.org/showthread.php?19913-FrankenScript-by-Slim76-It-Attacks-Access-Points-and-pcap-files&p=45168&viewfull=1#post45168

If the script only accepts that exact format then the answer would be no, I could change it if its a problem?.

I made a mistake in my earlier post, mon1 should be wlan0mon1.
FrankenScript creates the names for the monitor mode interfaces by taking the WiFi interface name (eg: wlan0) and then adding monX to the end of the WiFi device name.

Heres an example:
If you used wlan0 to create 5 monitor mode interfaces the interfaces would be named.
wlan0mon1
wlan0mon2
wlan0mon3
wlan0mon4
wlan0mon5

not a problem at all, it would be however a neat feature to resurrect older scrips that worked well with Aircrack-ng RC1 :)

So anyways let'see what you come up with in the next release!

not a problem at all, it would be however a neat feature to resurrect older scrips that worked well with Aircrack-ng RC1 :)

So anyways let'see what you come up with in the next release!

Whats the problem with older scripts and Aircrack-ng RC1?.

Whats the problem with older scripts and Aircrack-ng RC1?.

Hi slim76,

I'm very new to Linux but from my fickle understanding, the new Aircrack-ng calls the monitor device wlan0mon, instead of mon0.

So I'm guessing, older scripts look for instances of monX instead of looking for wlanXmonX.

For example, I tried to use ReVdK3-r1.sh last night running the latest version of Kali Live Persistence.

When asked to enter my monitor device (or words to that effect) it was looking for wlanX, and when I tried entering wlan0, wlan1 or wlan0mon, it kept stating no device could be found.

Going to give your script a go now. Thanks for your effort in creating it.

Regards,
OT

It's a mon0 vs wlan0mon issue where some scripts use the old monitor mode interface of RC1.

It's a mon0 vs wlan0mon issue where some scripts use the old monitor mode interface of RC1.

So you're saying the scripts that interact with aircrack will only work if the monitor interface is named mon0?.

Yes. Whether it's only scripts that put the card in monitor mode or all of them is not clear. I stop using Kali shortly after RC2 was introduced. I've read many complaints about scripts not working with RC2. Ignore it if it's not an issue.

Hi,

Are there any versions of Kali Linux live that the current version works with?

Thanks in advance,
OT

Yes. Whether it's only scripts that put the card in monitor mode or all of them is not clear. I stop using Kali shortly after RC2 was introduced. I've read many complaints about scripts not working with RC2. Ignore it if it's not an issue.

If the old scripts enable monitor mode then you could simply swap the new airmon-ng with the old airmon-ng, or you could edit the old script to work with the new version of airmon-ng.

Heres a test version of FrankenScript:
This test version is incomplete at this time, the wep and wps attacks are not yet setup.

wmctrl needs to be installed for FrankenScript to function properly.
I've included a check function to check that wmctrl is installed, if its not installed then FrrankenScript will install it from the archives folder.

Download Link:
----------------------
http://multimirrorupload.com/ib14gyvsj2aa/Test-FrankenSript-Kali2.0.tar.gz

Dling nioooowwwww

:cool:

EDIT1: here is the direct DL link gawd damnit
http://www97.zippyshare.com/d/UaT5eHQz/3622/Test-FrankenSript-Kali2.0.tar.gz

I'm totally lost with this horrible kali 2 interface. How do you install FS and how do you start it?

I'm totally lost with this horrible kali 2 interface. How do you install FS and how do you start it?

Kali2.0 isn't that bad dude.
FrankenScript doesn't need to be installed.
Login as root, or open a root terminal if you're logged in as a normal restricted user.

1) Unpack the FrankenScript archive.
2) Look in the unpacked FrankenScript folder for FrankenScript.sh, then drag FrankenScript.sh onto the terminal and press the enter button to start FrankenScript.

Simples :-)

Oh works now. That is what I did but it opens the script in notpad or something. I'm hating this kali.



wmctrl is required but doesn't appear to be installed in Kali.

[1] = Install wmctrl
[q] = Exit FrankenScript

Please choose an option: 1
Selecting previously unselected package wmctrl.
(Reading database ... 323492 files and directories currently installed.)
Preparing to unpack .../wmctrl_1.07-7_i386.deb ...
Unpacking wmctrl (1.07-7) ...
Setting up wmctrl (1.07-7) ...
Processing triggers for man-db (2.7.0.2-5) ... :cool:



########### Main Menu ###########
# #
# [1] = Network Attacks #
# [2] = View Recovered Passkeys #
# [3] = Script Launcher #
# [q] = Exit FrankenScript #
# #
#################################

Please choose an option:
weeeee Hi Frank!!!! long time no see =]

quick observation:

Tryed on 3 diferent wep APs, doesn't work.


Target list is empty, returning to Scan Results.


Oh works now. That is what I did but it opens the script in notpad or something. I'm hating this kali.


:cool:


weeeee Hi Frank!!!! long time no see =]

I don't know why the menu is messed up, it was ok on the two machines I tested it on.

quick observation:

Tryed on 3 diferent wep APs, doesn't work.


Target list is empty, returning to Scan Results.
[3;J


I already said the wep and wps attacks isn't setup yet.

I don't know why the menu is messed up, it was ok on the two machines I tested it on.

It's fine here also. There are some problems with the menus, and I wish to show you a pic, but I cannot do graphics on this horrible kali 2.


Detected WiFi Interfaces:

1: wlan0 iwlwifi Intel
2: wlan1 ath9k_htc Atheros

#################################
# #
# [1-2] = Select An Interface To Use # <----- problem here where the text seems too long for the 'box'
# [m] = Return To The Main Menu #
# [q] = Exit FrankenScript #
# #
#################################

Please input an option:



wait got it now. *geezz not having fun here if it was not clear*

916

It's fine here also. There are some problems with the menus, and I wish to show you a pic, but I cannot do graphics on this horrible kali 2.



wait got it now. *geezz not having fun here if it was not clear*

916

Is that the only menu that is out of alignment or is there more?.

actually it's the only one.

I saw others but it was the same as in the pic, when lauching a scipt.

917

Edit: good job so far Slim :) I really like the [i] (info) option when scaning.

I might have to reinstall on a USB 3.0
KL2 is so slow on a normal USB it's unworkable.

actually it's the only one.

I saw others but it was the same as in the pic, when lauching a scipt.

917

Edit: good job so far Slim :) I really like the [i] (info) option when scaning.

I might have to reinstall on a USB 3.0
KL2 is so slow on a normal USB it's unworkable.

It's good to hear you like it and that its working ok.

if you can make it a 'portable' install like before, and bring back all the reavers and bully, that would be a good start me thinks.

Script launcher works.

if you can make it a 'portable' install like before, and bring back all the reavers and bully, that would be a good start me thinks.

Script launcher works.

Blimey dude you don't want much do ya!. LOL

You do know that the so-called portable setup wasn't really that portable lol, for it to work you still needed to have the tools installed to kali as well as FrankenScript.
I'm not sure if the portable setup would still work ok with all the updates to kali and the apps, but I guess time will tell.

the way it installed (decompressed) itself was brilliant. I would really like to see that packaging back even if it is not 'portable'.

the way it installed (decompressed) itself was brilliant. I would really like to see that packaging back even if it is not 'portable'.

There isn't anything in FrankenScript that needs to be compressed or decompressed, but that will probably change at some point.

I hate these f******* ******* ******** ******* links. I have over a TB of Dropbox storage and can add you guys as Users, then you can upload and change the script as much as you want without any ********** spam *** pop-ups. These zippyshare multimirror upload links make me sick.


Dling nioooowwwww

:cool:

EDIT1: here is the direct DL link gawd damnit
http://www97.zippyshare.com/d/UaT5eHQz/3622/Test-FrankenSript-Kali2.0.tar.gz


Edit:
Swearing

yup had to try about 7 times before it gave the right link. We told Slim numerous times, but he persist wanting to use it, so sanely I give up, and just post the direct DL link.


I see that even the direct link trick is not working anymore! :(

Jar, upload it to your account and post the DL link please. I will do the same so we always have many DL sources for others that want to DL it without punching their screen.

Test-FrankenSript-Kali2.0.tar.gz
File size: 58.6 KB
Uploaded: 2015-10-07 16:06:27
http://www.mediafire.com/download/qux2lt3cni5qznh/Test-FrankenSript-Kali2.0.tar.gz

voila.

yup had to try about 7 times before it gave the right link. We told Slim numerous times, but he persist wanting to use it, so sanely I give up, and just post the direct DL link.


I see that even the direct link trick is not working anymore! :(

Jar, upload it to your account and post the DL link please. I will do the same so we always have many DL sources for others that want to DL it without punching their screen.

Test-FrankenSript-Kali2.0.tar.gz
File size: 58.6 KB
Uploaded: 2015-10-07 16:06:27
http://www.mediafire.com/download/qux2lt3cni5qznh/Test-FrankenSript-Kali2.0.tar.gz

voila.

FrankenScript V2
https://www.dropbox.com/s/1whikauw9967p41/Test-FrankenSript-Kali2.0.tar.gz?dl=0


Test-FrankenSript-Kali2.0.tar.gz
File size: 58.6 KB
Uploaded: 2015-10-07 16:06:27

Remember if you break it you own it.......

there we go. Can't stop progress :p

Slim, here is an opening for the first post..



FrankenScript, is designed to facilitate wireless network auditing under Linux on WEP and WPA/2 protected access points (APs) by liberating the user from the tedious task of building elaborated command lines, as some of these attacks can be quite complex, saving the Operator time, minimizing inputs and errors. FrankenScript offers a wide spectrum of solutions to attack APs.

Test-FrankenSript-Kali2.0.tar.gz
File size: 58.6 KB
Uploaded: 2015-10-07 16:06:27

http://www.mediafire.com/download/qux2lt3cni5qznh/Test-FrankenSript-Kali2.0.tar.gz

https://www.dropbox.com/s/1whikauw9967p41/Test-FrankenSript-Kali2.0.tar.gz?dl=0

there we go. Can't stop progress :p

Slim, here is an opening for the first post..



FrankenScript, is designed to facilitate wireless network auditing under Linux on WEP and WPA/2 protected access points (APs) by liberating the user from the tedious task of building elaborated command lines, as some of these attacks can be quite complex, saving the Operator time, minimizing inputs and errors. FrankenScript offers a wide spectrum of solutions to attack APs.

Cheers matey I'll add it to the front page if I ever manage to get FrankenScript fully up and running.
It looks like I might have to change the monitor mode setup AGAIN as I can't get reaver to work, airodump-ng works ok with the current monitor mode setup but reaver doesn't like it for some reason. :-(
I have a bad feeling that the only way to solve the issue might be to use airmon-ng check kill and lose internet access while performing the attacks, I'll only do that if all else fails.
I'm going to have a play with the old airmon and see how that goes.

yep I believe you. All that because you are working with a dud. KL2.

If FS can restore Internet connection after the attacks, that would be somewhat acceptable, but really, ***.

Cheers buddy. We all know what is going on... ;)

Y'all may wanna check this out also :D https://forums.kali.org/showthread.php?27091-Solve-arimon-ng-issues-by-a-simple-modfication-of-NetworkManager-conf

:cool: Words of wisdom from above!

I've seen it before but dare not propose it, but seems like kcdtv is on to something there..

Y'all may wanna check this out also :D https://forums.kali.org/showthread.php?27091-Solve-arimon-ng-issues-by-a-simple-modfication-of-NetworkManager-conf

I've already blacklisted the interfaces by adding them to /etc/network/interfaces.

The only problem I'm having at the moment is reaver keeps giving me the failed to associate error message, the strange thing is airodump-ng works fine.
I'm sure I'll solve the issue soon, I just need a clear head so I can focus properly.

I've already blacklisted the interfaces by adding them to /etc/network/interfaces.

The only problem I'm having at the moment is reaver keeps giving me the failed to associate error message, the strange thing is airodump-ng works fine.
I'm sure I'll solve the issue soon, I just need a clear head so I can focus properly.

Have you tried multiple targets? Or do you get the same timeout for all of them? Does Reaver work if you try from the command line?

Have you tried multiple targets? Or do you get the same timeout for all of them? Does Reaver work if you try from the command line?

Yeah I tried it with multiple targets and I get the same error with all of them, its the same problem when using the command line.
I did have this issue before but I cant remember what caused it and how I solved it. ;-( LOL

Update:
With the interfaces blacklisted in /etc/network/interfaces and in /etc/NetworkManager/NetworkManager.conf the following happens.

1) If I use airmon-ng check kill and don't change the mac address for the monitor interface reaver works fine.
2) If I change the mac address for the monitor interface or restart network manager reaver fails to associate.

You will need to tell Reaver about the new MAC address with the argument '-m' maybe?
reaver -i wlan1mon -b e1:g4:d3:8s:35:g2 -vv -m 00:01:02:03:04:05

Hmmm, you are using Kali 2.0 I assume?

yes me and Slim are using 2.0

Man, makes me really wanna go back to Backtrack 5 when everything worked :/

They should have come out with an 'ultimate' Kali 1.1.1 before all these changes. I wish I'd kept the image of my updated 1.1.0a. Now I can't update it even if I reinstall it, or install the SDR metapackage. There is no going back. We must plow trough and make it work.

I may still have a Kali 1.1.0 ISO on my backup drive... 64-bit I think. Theres just too much incompatibility between a lot of the networking tools now.

I have the 1.1.0a ISO (aircrack-ng RC1, mon0), but we can't update (that might be good?) or the metapackages https://www.kali.org/news/kali-linux-metapackages/ won't work probly.

You will need to tell Reaver about the new MAC address with the argument '-m' maybe?
reaver -i wlan1mon -b e1:g4:d3:8s:35:g2 -vv -m 00:01:02:03:04:05

Cheers mate I completely overlooked that.
I used the above commands and added -A to them, then used aireplay-ng to associate.
That solved the association issue but the attack still failed for some reason.

Could you post all the syntax that you used?

Slim just thinking. Would you consider continuing dev under KL1.1.0a ? That KL2 thingy is abit ridiculous if you ask me, and everything worked well under 1.1.0. I'm all for progress, but when said 'progress' constitute turning everything on its head, that's when I stop playing. Anyways, still have KL2 on a USB, should you want me to test under that horrible POS, but will use mainly FrankenScript_Portable.3rd.May.2015.tar.gz and having alot of fun with it =]

Cheers bro!

Slim just thinking. Would you consider continuing dev under KL1.1.0a ? That KL2 thingy is abit ridiculous if you ask me, and everything worked well under 1.1.0. I'm all for progress, but when said 'progress' constitute turning everything on its head, that's when I stop playing. Anyways, still have KL2 on a USB, should you want me to test under that horrible POS, but will use mainly FrankenScript_Portable.3rd.May.2015.tar.gz and having alot of fun with it =]

Cheers bro!

Ok now i'll admit kali 2.0 sucks BIG TIME, there's way to many issues with it.

1)) The system keeps randomly locking up.
2) I lose internet access if any usb devices are plugged in, I have to unplug all USB devices and the WiFi device and then plug the WiFi device back in to regain network access.
3) Wired connection doesn't re-connect if I kill and restart network-manager.
4) Network-Manager keeps randomly disabling my WiFi device and keeps putting it in Aeroplane Mode??. LOL
5) Reaver doesn't associate if I change mac addresses.
6) Data transfer to any USB device is very slow, all my other OS's transfer data much faster than my kali-2.0-64bit OS.
7) Programs are slow at opening, eg: vlc takes about 8 seconds to open (only for the first time after every system startup).

I've given up on trying to get FrankenScript working on kali-2.0, I'm going to wait for the next kali release and then try again.
I think I might delete my kali-2.0 install and go back to the previous version, if I go back to the previous version of kali I'll continue working on the previous version of FrankenScript.

Like you, I'll be waiting for the next KL, and I'm gonna wish the Dev team to step their game up a notch, starting with the User Interface. Give us a true, PC, Technician's graphical interface to work with.

Again no later than today...

https://forums.kali.org/showthread.php?26550-Kali-2-0-good-or-bad&p=51450&viewfull=1#post51450

Hi, Just installed 2.0, so far all the tools I've had a quick look at run fine, but the UI is ****** horrible, everything take three times a long to do now. If it's not broke, don't fix it until it i!

Before that, it took me forever to understand what that guy was on about...
https://forums.kali.org/showthread.php?26367-Kali-Linux-2-0-your-review&p=47601&viewfull=1#post47601

i mean kali 1.x== linux
kali 2.x== windows 8
and i gess kali 3.x== windows 10:o:)He was so right.

So I'm with you, and not liking at all where this is going. Absent another distro, let's roll with KL1.1.0a

Hey guys, could you please try this command?

nmcli general show

I already tried it at my root ds but i have no access to a kali shell for some hours^^

btw.. nmcli is for controlling the i-make-my-own-thing network m.

I don't understand what you want us to try

The command in KL2
nmcli general show

returns

root@kali:~# nmcli general show
Usage: nmcli general { COMMAND | help }

COMMAND := { status | hostname | permissions | logging }

status

hostname [<hostname>]

permissions

logging [level <log level>] [domains <log domains>]

Error: 'general' command 'show' is not valid.
root@kali:~#

sry, as i said i just test it on non kali webserver

here we go

nmcli general permissions

give me some minutes, so i can find a suitable docu

edit: thats nice: https://www.hogarthuk.com/?q=node/8
so i hope you get what i mean. the nm is not that hard to configure. just take the **** automatism down. or did i missed something larger?

"Why you shouldn't hate and disable NetworkManager anymore"
Anything that start with that will get my attention. Looks interesting and if anyone can fix/improve that horrible networkmanager that I hate, would certainly be appreciated by all and help Slim in the process.

when/if that fixed, we could move on to try and fix that horrible UI that I also hate because it was created for tablets and phones, not for PCs.

I was going to give up on trying to get FrankenScript working on kali-2.0 but I changed my mind. LOL
I've solved all the network-manager issues a while ago, the problem I was having was trying to get reaver to associate after changing mac addresses.
I've solved the reaver not associating issue now too, so it looks like all might be good now. :-)

gr8 m8! It would be nice to move forward. Let me know

NOTE:
This version is for Kali-2.0.
The WEP attacks don't work yet, I'll fix them later.

Download Link:
http://multimirrorupload.com/twxyvqcckh3t/FrankenScript-Kali20.tar.gz

Please leave feedback.

FrankenScript-Kali20.tar.gz
File size: 86.5 KB
Uploaded: 2015-10-20 06:42:59
http://www.mediafire.com/download/cd6vgc8rj2071dc/FrankenScript-Kali20.tar.gz

Everything seems to work just fine, except the handshakes that I had no luck with today. Thank you.



- bring back reavers. 1.3, 1.4, and Bully.

- it would more efficient to have the scan results, last to first, instead of first to last. That would avoid scrolling up to see the first results, then scroll back down to enter a target number. = Faster operation.

- I pasted a previously cap hanshake in the /root/FrankenScript-Kali20/Captures/ , but when selecting the [v] = Validate Captured Handshake option, it automatically attack the last chosen target.

Everything seems to work just fine, except the handshakes that I had no luck with today. Thank you.

- I pasted a previously cap hanshake in the /root/FrankenScript-Kali20/Captures/ , but when selecting the [v] = Validate Captured Handshake option, it automatically attack the last chosen target.

The validate handshake error is obvious don't you think. Lol
The validate option will only check a handshake that has just been captured, it doesn't check the capture files in the capture folder.

Here's a Dropbox link as well:

https://www.dropbox.com/sh/7ampibg2mhg1nsd/AAD9TLyU-7XmArq1KTPoFXv0a?dl=0


FrankenScript-Kali20.tar.gz
File size: 86.5 KB
Uploaded: 2015-10-20 06:42:59
http://www.mediafire.com/download/cd6vgc8rj2071dc/FrankenScript-Kali20.tar.gz

^ ")


What's cooking monster maker?

^ ")


What's cooking monster maker?

Not much matey, I'm currently trying to add another function to FrankenScript. ;-)
So how are you getting on with the new version of FrankenScript?, any problems with it?.

I'm not using KL much, but like I've mentioned everything seems to work just fine, with the exception of the handshakes.

1. I did not know that I had to choose [s] to save a handshake. Now that I do, I find that a little unusual if you ask me.

2. Then when saving a handshake, the option [v] still automatically attack the last target instead of verifying it.

So I'm not understanding these two points.

On the positive, it is now possible to cap and save different handshakes from the same AP!! That's progress from previous version. Thanks :) On a side note, the last FS was DLd 20 times from my mediafire, and unrelated to FS, something tells me that there will be changes with the networkmanager(?) solely based upon incompatibility with aircrack-ng, and the confusion and dissatisfaction it generates.

So what's the new function??

Hey Slim, hey Quest

is it okay for pushing it to git? reason: i need some repos for putting this sweet tool to some postinstall scripting.

ok, actually i already prepared this under my profile so I hope you don't want to punish me for stealing your work :D
of course i will delete the repo if you want so, promise

https://github.com/fruchttiger00x0/FrankenScript

But if you like it then of course your commits will be highly welcome :)

it's about time that this project has a Github if you ask me, but let's wait for Slim input on the matter because it is his creation and I have nothing to do with it except complain about everything [insert evil laugh] ;)

Off topic but not by miles, imo, things are somewhat volatile, and I would wait for further dev before investing energy into it. FS was working just fine before they turned everything on its head, and we may not have seen the end of it.

Sure, we wait for slim
btw i took you to the creds ;)

you **** right! It's about time I get credits for my invaluable contribution!

loll

Hello.
I'm using FrankenScript for Kali2. My question is:
Does it include - 1) EAPOL Flood Attack; 2) Authentication Flood Attack ?
I haven't found it in the menu.

Seems to work great on my Kali 2, Would it work if i install in on my Nexus 7 running nethunter?

The -C switch in wash ignores FCS errors and IMHO should always be included as I always get them as I imagine others do.

@ fruchttiger00x0:
I don't mind you puttting it on github, but can you change the name slightly to include something to say that it has been modified by your self.

@ Quest:
Sorry for the late reply mate, To answer your earlier question I've been adding an automated attack feature. :-)

@ ravenwest:
I took those attack options out of FrankenScript a long time ago, sorry.

@ nexusnexus:
I do not use nethunter so I'm not sure, but I would guess it would work providing nethunter contained the same tools as kali-2.0.

@ Pippin:
The wash scan already uses the -C argument, it has used it since the start of FrankenScript.

Sorry if I missed anyone, and a big thank you to everyone.

I've nearly finished the interactive and automated wpa attacks, I'll upload the new version of FrankenScript soon for testing, if it is all good then I'll continue with the wep and wps attacks.

Looking forward to the updates :-)

Dang, almost 2 years and this project is still going strong! I remember when you first posted about it. Keep up the good work!

Dang, almost 2 years and this project is still going strong! I remember when you first posted about it. Keep up the good work!

Yeah I'm like a dog with a bone. (I can't let it go) LOL

Cheers for the support matey.

well you better hold on to your bone. Aircrack-ng 1.2 RC 3
https://bugs.kali.org/view.php?id=2862



...
Airmon-ng: Improved handling of non-monitor interfaces.
Airmon-ng: Fixed error when running 'check kill'.
...

well you better hold on to your bone. Aircrack-ng 1.2 RC 3
https://bugs.kali.org/view.php?id=2862

It shouldn't cause any problems for FrankenScript hopefully. LOL
I'll be uploading a nearly completed version of FrankenScript within the next few days, maybe sooner.

@ fruchttiger00x0:
I don't mind you puttting it on github, but can you change the name slightly to include something to say that it has been modified by your self.

@ Quest:
Sorry for the late reply mate, To answer your earlier question I've been adding an automated attack feature. :-)

@ ravenwest:
I took those attack options out of FrankenScript a long time ago, sorry.

@ nexusnexus:
I do not use nethunter so I'm not sure, but I would guess it would work providing nethunter contained the same tools as kali-2.0.

@ Pippin:
The wash scan already uses the -C argument, it has used it since the start of FrankenScript.

Sorry if I missed anyone, and a big thank you to everyone.

I've nearly finished the interactive and automated wpa attacks, I'll upload the new version of FrankenScript soon for testing, if it is all good then I'll continue with the wep and wps attacks.

So now this script can't bypass "Warning:detected AP rate limiting" error?

So now this script can't bypass "Warning:detected AP rate limiting" error?

I think the attack is too disruptive and too noticeable so I left it out of FrankenScript.
If you want to still use that attack method I'd suggest you download or create a script, then you could use the script via FrankenScript's built-in Script Launcher.

This might be an acceptable solution for locked APs, though I've never tried it. Here is a re-post...

https://forums.kali.org/showthread.php?23290-Implement-new-WPS-Pixie-Dust-Attack-into-Reaver&p=40956&viewfull=1#post40956

from the included help file..

...

The breakthrough came when MTeams turned their attention to WPS locked routers. It was soon discovered that a small number of WPS pins could be collected from some routers which wash and reaver reported as locked. Presumably no one was spending time attacking locked routers. After more testing, it was found that if these same WPS locked routers were subjected to short bursts of a mdk3 combination simultaneously, usually a mixture of DDOS and EAPOL, then the router would allow further pins to be harvested. In these cases the router did not reset, the WPS locking mechanism remained in place and sometimes the router changed channels. But what was important here was that more WPS pins could be collected. These routers would eventually stop providing pins, BUT if subjected to another dose of mdk3, the router would supply another batch of pins.

...



Maybe mmusket33 can shine on this?

This might be an acceptable solution for locked APs, though I've never tried it. Here is a re-post...

https://forums.kali.org/showthread.php?23290-Implement-new-WPS-Pixie-Dust-Attack-into-Reaver&p=40956&viewfull=1#post40956

from the included help file..



Maybe mmusket33 can shine on this?

I saw that some time ago, I think it's the same commands as the router reset method.
If I'm right then the only difference is that you still continue to try pins instead of giving up on the attack.
I could be very wrong on that cause I didn't read everything, I only had a quick browse through the info.

I've got some testing that needs doing soon if you're up for it?.

yes and mmusket33 never confirmed when I asked if that method does not reboot the AP. Then that thread was closed. Was always curious about that attack.

If it does not reboot the AP, then it's certainly interesting.

yes and mmusket33 never confirmed when I asked if that method does not reboot the AP. Then that thread was closed. Was always curious about that attack.

If it does not reboot the AP, then it's certainly interesting.

Like I said I could be wrong.
I think he was saying that some AP's that don't reset and lockup might still allow for more pins to be tried if you re-run the commands.
Oh and I think it does reset some AP's.

it's possible that I'm not reading this correctly. That would explain that he did not confirm about the AP not rebooting and the subsequent locking of that thread.

...
I've got some testing that needs doing soon if you're up for it?.

Testing my fav application under linux?..

I would like to install RC3 and try to run the present FS with it before anything else. If they brake my toys again I'm gonna be in a really bad mood. So yeah bring it on, but KL2.0.1 is scheduled for early December, and I don't see the point in having another version that will last two weeks.

Cheers!!


EDIT:

Can't install RC3, because when using the command line apt-get install, it's telling me that I already have the latest version, same for the package manager, and when trying to install manually, I'm missing dependencies, and those to are nowhere to be found or will lead to unreliable results (like the last time I installed RC2 for tests) making any test null and void. So waiting for the repos to update themselves so I can install and test.

Testing my fav application under linux?..

I would like to install RC3 and try to run the present FS with it before anything else. If they brake my toys again I'm gonna be in a really bad mood. So yeah bring it on, but KL2.0.1 is scheduled for early December, and I don't see the point in having another version that will last two weeks.

Cheers!!


EDIT:

Can't install RC3, because when using the command line apt-get install, it's telling me that I already have the latest version, same for the package manager, and when trying to install manually, I'm missing dependencies, and those to are nowhere to be found or will lead to unreliable results (like the last time I installed RC2 for tests) making any test null and void. So waiting for the repos to update themselves so I can install and test.

You might want to try again, I upgraded to aircrack RC3 and haven't noticed any issues as yet.

Can't install RC3, because when using the command line apt-get install, it's telling me that I already have the latest version, same for the package manager, and when trying to install manually, I'm missing dependencies, and those to are nowhere to be found or will lead to unreliable results (like the last time I installed RC2 for tests) making any test null and void. So waiting for the repos to update themselves so I can install and test.

Hey Quest,

rc3 is in the repos, I havent updated yet, so still on rc2. Did you
apt-get update && apt-get upgrade && apt-get dist-upgrade?


[root:~]# apt-cache policy aircrack-ng
aircrack-ng:
Installed: 1:1.2-0~rc2-0kali5
Candidate: 1:1.2-0~rc3-0kali1
Version table:
1:1.2-0~rc3-0kali1 0
500 http://http.kali.org/kali/ sana/main amd64 Packages
*** 1:1.2-0~rc2-0kali5 0
100 /var/lib/dpkg/status


Give the following a try to see what package you are on, and what is in the repos:
apt-get update
apt-cache policy aircrack-ng

For more info regarding a package and dependencies, use apt-cache show <package>. In this case with aircrack-ng:


[root:~]# apt-cache show aircrack-ng
Package: aircrack-ng
Version: 1:1.2-0~rc3-0kali1
Architecture: amd64
Maintainer: Carlos Alberto Lopez Perez <[email protected]>
Installed-Size: 3927
Depends: iw, wireless-tools, ethtool, usbutils, libc6 (>= 2.15), libgcrypt20 (>= 1.6.1), libnl-3-200 (>= 3.2.7), libnl-genl-3-200 (>= 3.2.7), libpcap0.8 (>= 0.9.8), libpcre3 (>= 1:8.35), libsqlite3-0 (>= 3.5.9), zlib1g (>= 1:1.1.4)
Recommends: ieee-data
Homepage: http://www.aircrack-ng.org/
Priority: optional
Section: net
Filename: pool/main/a/aircrack-ng/aircrack-ng_1.2-0~rc3-0kali1_amd64.deb
Size: 2682032
SHA256: 351541bab8b88d04598e6cb99eea35d5aac794f2c729b0a58a fb4110f123487f
SHA1: d6484e5d739995dcb6ef516cc6d9ee6d835bb0d8
MD5sum: 293f2143a0670f557a6594b2399fe2c1
Description: wireless WEP/WPA cracking utilities
aircrack-ng is an 802.11a/b/g WEP/WPA cracking program that can recover a
40-bit, 104-bit, 256-bit or 512-bit WEP key once enough encrypted packets
have been gathered. Also it can attack WPA1/2 networks with some advanced
methods or simply by brute force.
.
It implements the standard FMS attack along with some optimizations,
thus making the attack much faster compared to other WEP cracking tools.
It can also fully use a multiprocessor system to its full power in order
to speed up the cracking process.
.
aircrack-ng is a fork of aircrack, as that project has been stopped by
the upstream maintainer.
Description-md5: 9659071ca811e6a5bba38a9345409ece

Package: aircrack-ng
Status: install ok installed
Priority: optional
Section: net
Installed-Size: 1725
Maintainer: Carlos Alberto Lopez Perez <[email protected]>
Architecture: amd64
Version: 1:1.2-0~rc2-0kali5
Depends: iw, wireless-tools, ethtool, libc6 (>= 2.15), libgcrypt20 (>= 1.6.1), libnl-3-200 (>= 3.2.7), libnl-genl-3-200 (>= 3.2.7), libpcap0.8 (>= 0.9.8), libpcre3 (>= 1:8.35), libsqlite3-0 (>= 3.5.9), zlib1g (>= 1:1.1.4)
Recommends: ieee-data
Description: wireless WEP/WPA cracking utilities
aircrack-ng is an 802.11a/b/g WEP/WPA cracking program that can recover a
40-bit, 104-bit, 256-bit or 512-bit WEP key once enough encrypted packets
have been gathered. Also it can attack WPA1/2 networks with some advanced
methods or simply by brute force.
.
It implements the standard FMS attack along with some optimizations,
thus making the attack much faster compared to other WEP cracking tools.
It can also fully use a multiprocessor system to its full power in order
to speed up the cracking process.
.
aircrack-ng is a fork of aircrack, as that project has been stopped by
the upstream maintainer.
Description-md5: 9659071ca811e6a5bba38a9345409ece
Homepage: http://www.aircrack-ng.org/

It's ok now. Crash helped me out in the Kali General Use section, to install the **** thing, because after 24hrs of reading and trying different things I was about ready to blow a gasket...

Now that I got it installed, I beg to differ, and think something might be outta wack > FS/RC3 .

I will do more test with 3 different KL installations and comeback with a more comprehensive explanation, but for now I can tell you that when choosing an AP that is Pixie vulnerable and attacking it with the Pixie attack, the next time that the same AP is chosen, FS automatically attacks it with the Handshake, without any other attack possibility.

Moreover the scan results are somewhat messed up, but only for that AP, where instead of showing signal strength, it says "OPEN", which it is not.

Don't unbolt it yet until confirmation from someone else. I would hate to go onto another ghost hunt ;)

It's ok now. Crash helped me out in the Kali General Use section, to install the **** thing, because after 24hrs of reading and trying different things I was about ready to blow a gasket...

Now that I got it installed, I beg to differ, and think something might be outta wack > FS/RC3 .

I will do more test with 3 different KL installations and comeback with a more comprehensive explanation, but for now I can tell you that when choosing an AP that is Pixie vulnerable and attacking it with the Pixie attack, the next time that the same AP is chosen, FS automatically attacks it with the Handshake, without any other attack possibility.

Moreover the scan results are somewhat messed up, but only for that AP, where instead of showing signal strength, it says "OPEN", which it is not.

Don't unbolt it yet until confirmation from someone else. I would hate to go onto another ghost hunt ;)

Don't waste your time testing the last test version, try the new test version that I'll be uploading later tonight. :-)

Great!

Just for the record, after rebooting, everything was fine and the "problems" in post 452 above were not there anymore.

Forgot to exorcise that USB key I suppose. Glad that everything seems to work just fine and that this project can move forward, finally.

Hey just saw your post mw3demo,

That post delay is always throwing us off, but basically you are correct and thanks for the help!! I did not want to "apt-get update && apt-get upgrade && apt-get dist-upgrade" because the last time I tried that on a USB 2.0 it took forever. So I was a little nervous about that and tried to install some other way. Never got used to that repo / apt-get thingny, and probly never will, I prefer to DL packages where I can see what Im getting instead of working blind, but that is another story.

Welcome to the kitchen! =)

Well, that's a relief! I was starting to question my own sanity/memory regarding if I made the post or not, good to know. Glad you got everything working in the end, and thanks for the welcome. :)

Stick around for more 'WTH?' moments :) Though you are linux-wise and that will prevent you from being completely mystified like some are here :o Speaking of numnuts, I have "apt-cache policy" and "apt-cache show" copied in my notes now. Hopefully I will remember to use them next time ;)

@Slim standby for new/improved tools. A new Pixie from wiire on the way, and a new Reaver from t6_x, I would imagine. Interesting script from mmusket33 that I haven't tried also...
"Varmacscan2-0 an automatic multi-target reaver attack tool released"

FrankenScript For Kali-2.0 (Test Version) Updated 26/11/2015

Download Links:
http://multimirrorupload.com/iopj1184hfee/FS_Kali20.tar.gz

Notes:
This version doesn't have the WEP attacks setup yet, sorry.
I've added automated attack options.
Internet can be used while performing network attacks, Internet access would only be available during the automated attacks only.
FrankenScript works with aircrack-RC3.

FS_Kali20.tar.gz
File size: 44.49 KB
Uploaded: 2015-11-26 15:35:39

http://www.mediafire.com/download/swqr9bq82br1rrl/FS_Kali20.tar.gz

FS_Kali20.tar.gz
File size: 44.49 KB
Uploaded: 2015-11-26 15:35:39

http://www.mediafire.com/download/swqr9bq82br1rrl/FS_Kali20.tar.gz

You're getting quicker!!. lol
See it's not that much hassle to work out what to click on. PMSL

Slim, had to try 12 times / 3 different servers before it gave it to me. Some links flatly don't work others give a .exe. You as the uploader have a completely different experience than other I guaranty you. Erase your cookies and reboot your router to have a different IP, so you can pass as someone else, and you will see what a nightmare that place is. I'm not making this up.

PMSL ?.. what's that? is it contagious??

Oh I see! Well you won't once you really see what is going on that site. Try from another location/computer. If you can DL it within 6 tries I give you a brand new coconut.

Slim, had to try 12 times / 3 different servers before it gave it to me. Some links flatly don't work others give a .exe. You as the uploader have a completely different experience than other I guaranty you. Erase your cookies and reboot your router to have a different IP, so you can pass as someone else, and you will see what a nightmare that place is. I'm not making this up.

PMSL ?.. what's that? is it contagious??

Oh I see! Well you won't once you really see what is going on that site. Try from another location/computer. If you can DL it within 6 tries I give you a brand new coconut.

I tried from another computer and still managed to download it first time ;-), I downloaded it from RGhost.
Now where's my me coconut dude!!, I've not had cocnut for years. ;-( lol

You said something about pixiewps and reaver being updated, any idea what changes have or are being made to them?.

Yes, wiire is working on implementing "some features"
https://forums.kali.org/showthread.php?25018-Pixiewps-wps-pixie-dust-attack-tool&p=53012&viewfull=1#post53012
Then I suppose that t6_x will update reaver from that.

If you did not record the whole event of you DL it in one try from a different computer/line, then it didn't happen. The good news is that you can go buy yourself as many coconuts as you want. Did you know that Alzheimer's disease can be cured with coconuts?



Back on topic. I gave the last FS a spin and I hate it. I'm not a fan of automation, or a program deciding things for me as you may know.

- Make WPS attacks available after a Airodump scan (like it was). Now it goes into Hanshake mode automatically even if the target has WPS enebled.

- A more complete set of options to spoof the MAc (like it was). Now there is no option at all.

- Remove any automations (like it was). Let the user decide.

I think slim focused most of his time to implement the automation, telling him to flat out remove it sounds a lil' harsh. Why not have both? Let the user decide and move the automation to a seperate command like "auto". Will give it a test tomorrow, many thanks.

Nothing good will ever come out of automation for FS. Just use the auto-correct function in MS-Word as an example... If it was onboard a drone bound for a distant planet then yes, maybe I could see some uses for that, now I don't.

Let me re-state and add to this subject. Remove it and kill it with fire (nukes would work also).

Nothing good will ever come out of automation for FS. Just use the auto-correct function in MS-Word as an example... If it was onboard a drone bound for a distant planet then yes, maybe I could see some uses for that, now I don't.

Let me re-state and add to this subject. Remove it and kill it with fire (nukes would work also).

Blimey, are you ever happy with anything!!.
Use the interactive attack mode if you do want to use the automated attack option, problem solved. LOL
The automated attacks are here to stay, sorry.
You do have a point about mac changing though, I do plan do change it so the user can input any mac address they like.

I think slim focused most of his time to implement the automation, telling him to flat out remove it sounds a lil' harsh. Why not have both? Let the user decide and move the automation to a seperate command like "auto". Will give it a test tomorrow, many thanks.

It does contain both options already, I think Quest is having a blonde moment. LOL

Seems to be working fine on my laptop, grabbed a virgin handshake very quickly :-)

It does contain both options already, I think Quest is having a blonde moment. LOL or I can spot a bad design a mile away. Bring it back the way it was before it got broken by upstream changes. Even the "interactive mode" is largely automated, stating with the spoof, and then deciding which attack to use following the scan type, Airodump - Wash. That's making all kinds of assumptions on the users and how they will decide to use it. So yeah mw3demo, "Let the user decide"!


FrankenScript, is a script designed to facilitate wireless network auditing under Linux on WEP and WPA/2 protected access points(APs) by liberating the user from the tedious task of building elaborated command lines, as some of these attacks can be quite complex, saving the Operator time and minimizing user input and errors.
Remove human error from the equation, not the human.

or I can spot a bad design a mile away. Bring it back the way it was before it got broken by upstream changes. Even the "interactive mode" is largely automated, stating with the spoof, and then deciding which attack to use following the scan type, Airodump - Wash. That's making all kinds of assumptions on the users and how they will decide to use it. So yeah mw3demo, "Let the user decide"!


Remove human error from the equation, not the human.

Dude you're contradicting yourself and not making sense. LOL

FrankenScript is meant to be largely automated, its largely automated so the user can avoid having to remember and type so many commands into the command line.
If it wasn't largely automated the user would have to remember and type many commands into the command line, this is where humans make errors.

I didn't make assumptions regarding selecting attacks, the attack options are based on the access points encryption or WPS status.
There isn't any point putting WPS attack options in the menu if the access point doesn't have WPS enabled.
It's the same with the WEP attacks, there isn't any point putting WEP attack options in the menu if the access point isn't WEP enabled.
And it's the same for WPA/WPA2 enabled access points that don't have WPS or do not support WEP encryption.
I'd also like to point out that you can also perform a handshake capture from the WPS attack menu.

Seems to be working fine on my laptop, grabbed a virgin handshake very quickly :-)

Happy to hear it's working ok for you mate, many thanks for the feedback.

Hey if all you want to hear is ppl reporting positives, then let me apologize(not really) for my more 'profound' and ideological feedback.


Dude you're contradicting yourself and not making sense. LOL
Either that or your missing the subtlety of thought.



FrankenScript is meant to be largely automated, its largely automated so the user can avoid having to remember and type so many commands into the command line. If it wasn't largely automated the user would have to remember and type many commands into the command line, this is where humans make errors.
There is a big difference between automation and assisting the user. FS already do most of the work by monitoring, spoofing, giving the user the correct BSSID and chanel, and some other routines that I could not be bothered with. The rest are choices based upon signal strength, model, intuition, experience and preferences, APs being on a case to case basis. Automation in any form removes those abilities. So naturally I object and roll on the floor.



I didn't make assumptions regarding selecting attacks, the attack options are based on the access points encryption or WPS status.
There isn't any point putting WPS attack options in the menu if the access point doesn't have WPS enabled.
It's the same with the WEP attacks, there isn't any point putting WEP attack options in the menu if the access point isn't WEP enabled.
And it's the same for WPA/WPA2 enabled access points that don't have WPS or do not support WEP encryption.
I'd also like to point out that you can also perform a handshake capture from the WPS attack menu.

Great! I have this AP that is Pixie vulnerable and after an Airodump scan, selecting that AP it automatically went into Handshake mode.

Hey if all you want to hear is ppl reporting positives, then let me apologize(not really) for my more 'profound' and ideological feedback.


Either that or your missing the subtlety of thought.


There is a big difference between automation and assisting the user. FS already do most of the work by monitoring, spoofing, giving the user the correct BSSID and chanel, and some other routines that I could not be bothered with. The rest are choices based upon signal strength, model, intuition, experience and preferences, APs being on a case to case basis. Automation in any form removes those abilities. So naturally I object and roll on the floor.



Great! I have this AP that is Pixie vulnerable and after an Airodump scan, selecting that AP it automatically went into Handshake mode.

I don't just want positive feedback, I welcome all feedback.
Yes the automated attack option is meant to do that.
You're free to use the command line or you could edit the script if it offends you that badly.

nah that's your department. Mine being the complaints department.

Anyways not here to argue, just want good software.

I'm gunna agree with Quest. I rarely ever use automation (though I'm sure a lot of people do) but for the more advanced users looking to save a little time but still have control over what is happening, I'd agree to have a 'n00b' fully automated mode, and a 'l33t' advanced mode where the user has control over what happens.

I'm gunna agree with Quest. I rarely ever use automation (though I'm sure a lot of people do) but for the more advanced users looking to save a little time but still have control over what is happening, I'd agree to have a 'n00b' fully automated mode, and a 'l33t' advanced mode where the user has control over what happens.

Am I missing something??, there is two modes.

There is an interactive mode and the user can choose options, its the same attacks and options that has always been in FrankenScript so I'm confused as to why its suddenly become an issue.

The automated mode is new and doesn't allow the user to select options, if it allowed the user to select options it then wouldn't be an automated mode.

I really don't see what the problem is, if you dont like the automated attacks then use the original attacks and options (its not rocket science lol).

If I'm misunderstanding things then please explain more clearly.

NOTE:
I'm not going to strip things out of FrankenScript just because a couple of people don't think they'll use something, I actually find the automated attacks useful.
If you don't like something then don't use it, thats the whole point of having options.

I've tried my best to make FrankenScript useful to as many people as possible, but all I get in return is moaning.
From now on any changes to FrankenScript will be for my own benefit and not others, I'm not going to waste my time if its not appreciated.

here let me simplify things for you..

Now FrankenScript features two modes:

[1] Cretin mode
[2] Full idiot mode

How's that?

Speaking of "stripping out" things, what about bringing it back to what it was?.. as in many user options, not two modes designed for retarded 12 year olds LOL

here let me simplify things for you..

Now FrankenScript features two modes:

[1] Cretin mode
[2] Full idiot mode

How's that?

Speaking of "stripping out" things, what about bringing it back to what it was?.. as in many user options, not two modes designed for retarded 12 year olds LOL

Last time I'm going to say this.
The so-called [1] Cretin mode as you call it is the same mode as you've used in previous version FrankenScript, but now suddenly you have issues with it.

Am I missing something??, there is two modes.

There is an interactive mode and the user can choose options, its the same attacks and options that has always been in FrankenScript so I'm confused as to why its suddenly become an issue.

The automated mode is new and doesn't allow the user to select options, if it allowed the user to select options it then wouldn't be an automated mode.

I really don't see what the problem is, if you dont like the automated attacks then use the original attacks and options (its not rocket science lol).

If I'm misunderstanding things then please explain more clearly.

Ah, I hadn't actually tried it, I've just been reading the comments and from what I understood it was aimed more at complete automation. Good that there are two modes then!

Cant believe people can moan at somebody who spends their spare time on something that help others,
I for one am very happy just to get the chance to try the scripts that are available on these forums and hope they carry on creating them and sharing them.
Create your own scripts for Kali if Slims are not what you want.

it's called feedback nexusnexus, and that is what Slim came here for ;)

Cant believe people can moan at somebody who spends their spare time on something that help others,
I for one am very happy just to get the chance to try the scripts that are available on these forums and hope they carry on creating them and sharing them.
Create your own scripts for Kali if Slims are not what you want.

Cheers for the support mate, it's good to know you appreciate peoples efforts.

it's called feedback nexusnexus, and that is what Slim came here for ;)

I did ask for feedback, but I didn't ask for constant moaning.

Can we drop this now and move on please.

yup, Aye aye, sir! (watching an old series, Voyage to the bottom of the sea at the moment).

It takes just half an hour only to extract that archiv on my nexus nethunter xD
Is it some kind of interleaved or so?^^
But anyway, should i push it to git? Or maybe give you wright access?

edit: forget the part with the damaged archiv, my wget skills surprise me with html **** dressed in a .bz file ;)

It takes just half an hour only to extract that archiv on my nexus nethunter xD
Is it some kind of interleaved or so?^^
But anyway, should i push it to git? Or maybe give you wright access?

edit: forget the part with the damaged archiv, my wget skills surprise me with html **** dressed in a .bz file ;)

I used linux Archive-Manager without changing its settings to create the archive, It only takes a few seconds to unpack the archive on my desktop and laptop.

do not worry about, everything is fine. as i said i tried to wget the file from that hoster it pulls just a stupid FS_Kali20.tar.gz.html ^^
i was at work and behind a proxy. nethunter is my only choise. proxy is blocking all one-click hoster
btw. what do you think about a nethunter port. all dependencies are fullfield i guess. package for wmctrl is available. Only thing should be the preload. But looking at the nethunter repo, i would guess ist just a little adjustment. Just look at the wifite preload
https://github.com/offensive-security/kali-nethunter/blob/7912b7dc73751829b7be538c0ee4a3b551a5a8c5/flash/system/xbin/start-wifite

What do ya think, possible?

Hi,

got this error while doing the Automated attacks:


Attempting to deauthenticate client 00:AE:FA:XX:XX:XX...

18:40:38 Waiting for beacon frame (BSSID: 08:76:FF:XX:XX:XX) on channel -1
18:40:39 Sending 64 directed DeAuth. STMAC: [00:AE:FA:XX:XX:XX] [24|80 ACKs]
18:40:40 Sending 64 directed DeAuth. STMAC: [00:AE:FA:XX:XX:XX] [16|56 ACKs]
18:40:40 Sending 64 directed DeAuth. STMAC: [00:AE:FA:XX:XX:XX] [ 3|43 ACKs]
18:40:41 Sending 64 directed DeAuth. STMAC: [00:AE:FA:XX:XX:XX] [ 0|54 ACKs]

Checking for a handshake, this could take upto 30 seconds...

Attempting cowpatty handshake validation...
Cowpatty reported the handshake was valid.
Saving the handshake capture file to /root/Desktop/FrankenScript/Captures/XXX/00:AE:FA:XX:XX:XX_Mon-Jan-11-18:40:46-EST-2016_CowpattyChecked.cap.

Attempting pyrit handshake validation...
Traceback (most recent call last):
File "/usr/bin/pyrit", line 6, in <module>
pyrit_cli.Pyrit_CLI().initFromArgv()
File "/usr/lib/python2.7/dist-packages/pyrit_cli.py", line 115, in initFromArgv
func(self, **options)
File "/usr/lib/python2.7/dist-packages/pyrit_cli.py", line 163, in new_f
f(*args, **kwds)
File "/usr/lib/python2.7/dist-packages/pyrit_cli.py", line 447, in analyze
parser = self._getParser(capturefile)
File "/usr/lib/python2.7/dist-packages/pyrit_cli.py", line 179, in _getParser
parser.parse_pcapdevice(dev)
File "/usr/lib/python2.7/dist-packages/cpyrit/pckttools.py", line 600, in parse_pcapdevice
for pckt in reader:
File "/usr/lib/python2.7/dist-packages/cpyrit/pckttools.py", line 500, in next
pckt = self.read()
File "/usr/lib/python2.7/dist-packages/cpyrit/pckttools.py", line 488, in read
r = _cpyrit_cpu.PcapDevice.read(self)
IOError: libpcap-error while reading: truncated dump file; tried to read 16 captured bytes, only got 11
Pyrit reported the handshake was invalid.
Re-attempting pyrit handshake validation...
Traceback (most recent call last):
File "/usr/bin/pyrit", line 6, in <module>
pyrit_cli.Pyrit_CLI().initFromArgv()
File "/usr/lib/python2.7/dist-packages/pyrit_cli.py", line 115, in initFromArgv
func(self, **options)
File "/usr/lib/python2.7/dist-packages/pyrit_cli.py", line 163, in new_f
f(*args, **kwds)
File "/usr/lib/python2.7/dist-packages/pyrit_cli.py", line 447, in analyze
parser = self._getParser(capturefile)
File "/usr/lib/python2.7/dist-packages/pyrit_cli.py", line 179, in _getParser
parser.parse_pcapdevice(dev)
File "/usr/lib/python2.7/dist-packages/cpyrit/pckttools.py", line 600, in parse_pcapdevice
for pckt in reader:
File "/usr/lib/python2.7/dist-packages/cpyrit/pckttools.py", line 500, in next
pckt = self.read()
File "/usr/lib/python2.7/dist-packages/cpyrit/pckttools.py", line 488, in read
r = _cpyrit_cpu.PcapDevice.read(self)
IOError: libpcap-error while reading: truncated dump file; tried to read 16 captured bytes, only got 11
Pyrit reported the handshake was invalid.

Re-attempting to capture a handshake between access point XXX and client 00:AE:FA:XX:XX:XX...
Checking if the access point Thomson was detected
by airodump-ng, this could take upto 20 seconds...

Is it a problem with FS or Pyrit?

Hi,

got this error while doing the Automated attacks:


Attempting to deauthenticate client 00:AE:FA:XX:XX:XX...

18:40:38 Waiting for beacon frame (BSSID: 08:76:FF:XX:XX:XX) on channel -1
18:40:39 Sending 64 directed DeAuth. STMAC: [00:AE:FA:XX:XX:XX] [24|80 ACKs]
18:40:40 Sending 64 directed DeAuth. STMAC: [00:AE:FA:XX:XX:XX] [16|56 ACKs]
18:40:40 Sending 64 directed DeAuth. STMAC: [00:AE:FA:XX:XX:XX] [ 3|43 ACKs]
18:40:41 Sending 64 directed DeAuth. STMAC: [00:AE:FA:XX:XX:XX] [ 0|54 ACKs]

Checking for a handshake, this could take upto 30 seconds...

Attempting cowpatty handshake validation...
Cowpatty reported the handshake was valid.
Saving the handshake capture file to /root/Desktop/FrankenScript/Captures/XXX/00:AE:FA:XX:XX:XX_Mon-Jan-11-18:40:46-EST-2016_CowpattyChecked.cap.

Attempting pyrit handshake validation...
Traceback (most recent call last):
File "/usr/bin/pyrit", line 6, in <module>
pyrit_cli.Pyrit_CLI().initFromArgv()
File "/usr/lib/python2.7/dist-packages/pyrit_cli.py", line 115, in initFromArgv
func(self, **options)
File "/usr/lib/python2.7/dist-packages/pyrit_cli.py", line 163, in new_f
f(*args, **kwds)
File "/usr/lib/python2.7/dist-packages/pyrit_cli.py", line 447, in analyze
parser = self._getParser(capturefile)
File "/usr/lib/python2.7/dist-packages/pyrit_cli.py", line 179, in _getParser
parser.parse_pcapdevice(dev)
File "/usr/lib/python2.7/dist-packages/cpyrit/pckttools.py", line 600, in parse_pcapdevice
for pckt in reader:
File "/usr/lib/python2.7/dist-packages/cpyrit/pckttools.py", line 500, in next
pckt = self.read()
File "/usr/lib/python2.7/dist-packages/cpyrit/pckttools.py", line 488, in read
r = _cpyrit_cpu.PcapDevice.read(self)
IOError: libpcap-error while reading: truncated dump file; tried to read 16 captured bytes, only got 11
Pyrit reported the handshake was invalid.
Re-attempting pyrit handshake validation...
Traceback (most recent call last):
File "/usr/bin/pyrit", line 6, in <module>
pyrit_cli.Pyrit_CLI().initFromArgv()
File "/usr/lib/python2.7/dist-packages/pyrit_cli.py", line 115, in initFromArgv
func(self, **options)
File "/usr/lib/python2.7/dist-packages/pyrit_cli.py", line 163, in new_f
f(*args, **kwds)
File "/usr/lib/python2.7/dist-packages/pyrit_cli.py", line 447, in analyze
parser = self._getParser(capturefile)
File "/usr/lib/python2.7/dist-packages/pyrit_cli.py", line 179, in _getParser
parser.parse_pcapdevice(dev)
File "/usr/lib/python2.7/dist-packages/cpyrit/pckttools.py", line 600, in parse_pcapdevice
for pckt in reader:
File "/usr/lib/python2.7/dist-packages/cpyrit/pckttools.py", line 500, in next
pckt = self.read()
File "/usr/lib/python2.7/dist-packages/cpyrit/pckttools.py", line 488, in read
r = _cpyrit_cpu.PcapDevice.read(self)
IOError: libpcap-error while reading: truncated dump file; tried to read 16 captured bytes, only got 11
Pyrit reported the handshake was invalid.

Re-attempting to capture a handshake between access point XXX and client 00:AE:FA:XX:XX:XX...
Checking if the access point Thomson was detected
by airodump-ng, this could take upto 20 seconds...

Is it a problem with FS or Pyrit?

I believe the problem has something to do with pyrit and maybe the captured handshake.

I believe the problem has something to do with pyrit and maybe the captured handshake.
Ok, thanks. It's possible then to skip the WPA attack part of the automated mode and just do the "WPS magic"?

thanks for sharing and taking the time to make this. Very good job

Hello, I have read this whole 50 pages of thread. This sounds pretty promising and I plan on downloading and trying it out on my wps enabled router. I have a few questions before I get started.

Is there a specific Kali distro and FS that goes together for best results? I have an older Kali on my thumbdrive but am dling the newest kali2016.2 right meow.

I wish to either attempt to attack my wps or brute force the wpa2 psk. On the brute force attack is there a way to easily have it try only a certain length, numerical password? Since I know the router psk is numerical and how many digits already.

Thanks a lot for all the time spent on this and any help appreciated. I'm not a Linux expert but learn quickly. However as it stands I've only used aircrack to get passed wep and never wps or wpa2.