airbash: a fully automated WPA PSK handshake capture script

airbash

Airbash is a fully automated WPA PSK handshake capture script aimed at penetration testing. It is compatible with Bash and Android Shell (CM 10.2) and uses aircrack-ng to scan for clients that are currently connected to access points (AP). Those clients are then deauthenticated in order to capture the handshake when attempting to reconnect to the AP. Verification of a captured handshake is done using aircrack-ng. If one or more handshakes are captured, they are entered into an SQLite3 database, along with the time of capture and current GPS data (if properly configured).

After capture, the database can be tested for vulnerable router models using crackdefault.sh. It will search for entries that match the implemented modules, which currently include algorithms to compute default keys for Speedport 500-700 series, Thomson/SpeedTouch and UPC 7 digits (UPC1234567) routers.

Requirement

WiFi interface in monitor mode aircrack-ng SQLite3 openssl for the compilation of modules (optional)

Calculating default keys

After capturing a new handshake, the database can be queried for vulnerable router models. If a module applies, the default keys for this router series are calculated and used as input for aircrack-ng to try and recover the passphrase.

Compiling Modules

The modules for calculating Thomson/SpeedTouch and UPC1234567 (7 random digits) default keys are included in modules/

Credits for the code go to the authors Kevin Devine and peter@haxx.in.

On Linux:

gcc -fomit-frame-pointer -O3 -funroll-all-loops -o modules/st modules/stkeys.c -lcrypto
gcc -O2 -o modules/upckeys modules/upc_keys.c -lcrypto

 

 

If on Android, you may need to copy the binaries to /system/xbin/ or to another directory where binary execution is allowed.

Install

git clone https://github.com/tehw0lf/airbash.git
cd airbash
install.sh

Usage

./airba.sh

starts the script, automatically scanning and attacking targets that are not found in the database. ./crackdefault.sh attempts to break known default key algorithms.

Copyright (c) 2018 Robert WeyresOn

Source: https://github.com/tehw0lf/