Results 1 to 8 of 8

Thread: New experimental WPS attack tool

  1. #1
    Join Date

    New experimental WPS attack tool

    Hello there, some weeks ago, after reading about the pixiedust attack and tried it myself.
    Worked better than expected, I thought that it will be hard to find a vulnerable router, but there is plenty of them around
    With a high powered wifi adapter and directional antenna it is pain to find which one is vulnerable, because you have to run reaver manually on all of them.. Ain't nobody got time for that

    So, I decided to make this, it can perform a scan for WPS enabled APs and then automatically try pixiedust on all of them.
    If some APs are on the same channel, it can even attack them at once (It is buggy on one of my wifi adapters, so there is a cmd option to disable this and do it one by one)
    Also if you want, standard pin bruteforce on multiple APs at once is supported too.
    I have also tested attacking single AP from two different MACs from single adapter - Didn't work, if you want to try it too, change this line:

    The third parameter is number of threads to attack the APs you specified with -b parameter

    Back to reality - Code is ***, needs to get memory leaks fixed and some heavy refactoring.
    WPS exchange code prorably needs to get fixed too, some APs that work on reaver probably wont work here, because it uses my own WPS implementation = probably buggy.

    So I need your help - test it yourself on your AP and report please, if it works with good old reaver but doesn't work with this, capture some WPS exchanges and send me .cap file - thanks.

    Download: penetrator.tar.gz

    tar xfv penetrator.tar.gz
    cd penetrator

    Command line options:
    -h Display help
    -i <dev> Set monitor mode device to use
    -s Scan for WPS enabled APs
    -c <channel> Set channel(s)
    -e <essid> Set ESSID for next target specified with -b
    -b <bssid> Set target(s)
    -A Scan for WPS APs and try pixiedust on all of them;
    -M Disable attacking multiple APs at once (only -A)
    -P Disable pixiewps after M3 is received
    -D Disable loading sessions - starts new
    -W Wait after every PIN attempt
    -v verbose - print info about WPS messages etc
    -vv verbose level 2 - print pixiewps data
    -t <seconds>Set time limit for scanning (default 10)
    -T <ms> Set timeout - when it occurs, resend last packet (default 1)
    -R <max> Set maximum resends (default 5)\n");
    -S <seconds> Sleep after 10 failures in a row (default 60)
    -N Ignore NACKs (debug)
    This tool is in very early development stage (assuming that stuff i am doing can be called development lol)
    So please report if some AP that works with reaver doesnt work with this and send me .cap files.
    Also, command line options are not verified, if you enter ***, you will get segmentation fault. Or a bug.
    Session saving/loading doesn't work good, if you get segmentation fault for no reason, delete "~/.penetrator" folder.
    Any suggestions? Speak


    new version

    Last edited by g0tmi1k; 2015-10-21 at 10:02. Reason: Swearing

  2. #2
    Join Date
    fixed serious bug that caused crash while scanning, if someone tested it and it didn't work, try again please

  3. #3
    will test it today

  4. #4
    Join Date
    Mteams tried to install to a -i368 persistent usb flashdrive of kali2.0

    The following error occurred

    fatal error: pcap.h: No such file or directory


  5. #5
    Join Date
    You need packages libpcap-dev and libssl-dev, use apt-get to install them

    However, there is a new bug with channel switching now, working on it

  6. #6
    Join Date
    @Dadas can you tell me what is your username on youtube?

  7. #7
    Join Date
    Last version of Wifite does it automatically, PixieScript too.
    It's a good job what you've made, but unfortunately useless, due to fact that there are two programms that do it automaticaly!

  8. #8
    Join Date
    Wifite can only attack APs in a row, not at the same time, as far as i know...
    This tool can attack more at once, in real time, if you have 5 APs at the same channel, it will attack them all, without switching

    New version: Added parameter -e <ESSID> (for networks that don't beacon SSID)
    It is used like this:
    penetrator -i mon0 -c 1 -b 11:22:33:44:55:66 -e example -b 66:55:44:33:22:11
    This means, that AP with BSSID 66:55:44:33:22:11 has ESSID "example"
    -e parameter is applied to the next specified bssid (-b)

    Also, fixed some bugs with quitting (ctrl+c), changing channels and obtaining source mac address
    Last edited by Dadas; 2015-09-13 at 00:57. Reason: more detailed.. sorry, OCD

Similar Threads

  1. Pixiewps: wps pixie dust attack tool
    By wiire in forum Project Archive
    Replies: 243
    Last Post: 2017-11-09, 19:31
  2. Replies: 3
    Last Post: 2017-01-03, 12:38
  3. Pixiewps: wps pixie dust attack tool
    By wiire in forum General Archive
    Replies: 89
    Last Post: 2015-05-04, 19:32

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts