-
Notifications
You must be signed in to change notification settings - Fork 71
/
hoover.pl
executable file
·203 lines (187 loc) · 7.23 KB
/
hoover.pl
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
#!/usr/bin/perl
#
# hoover.pl - Wi-Fi probe requests sniffer
#
# Original idea by David Nelissen (twitter.com/davidnelissen)
# Thank to him for allowing me to reuse the idea!
#
# This script scans for wireless probe requests and prints them out.
# Hereby you can see for which SSID's devices nearby are searching.
#
# Copyright (c) 2012 David Nelissen & Xavier Mertens
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions
# are met:
# 1. Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# 2. Redistributions in binary form must reproduce the above copyright
# notice, this list of conditions and the following disclaimer in the
# documentation and/or other materials provided with the distribution.
# 3. Neither the name of copyright holders nor the names of its
# contributors may be used to endorse or promote products derived
# from this software without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
# ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
# TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL COPYRIGHT HOLDERS OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
# POSSIBILITY OF SUCH DAMAGE.
#
# History
# -------
# 2012/01/11 Created
# 2015/06/09 Fix: root detection
#
use strict;
use Getopt::Long;
$SIG{USR1} = \&dumpNetworks; # Catch SIGINT to dump the detected networks
$SIG{INT} = \&cleanKill;
$SIG{KILL} = \&cleanKill;
$SIG{TERM} = \&cleanKill;
my $uniqueSSID = 0; #uniq ssid counter
my %detectedSSID; # Detected network will be stored in a hash table
# SSID, Seen packets, Last timestamp
my $pid;
my $help;
my $verbose;
my $interface;
my $dumpFile;
my $ifconfigPath = "/sbin/ifconfig";
my $iwconfigPath = "/sbin/iwconfig";
my $tsharkPath = "/usr/local/bin/tshark";
my $options = GetOptions(
"verbose" => \$verbose,
"help" => \$help,
"interface=s" => \$interface,
"ifconfig-path=s" => \$ifconfigPath,
"iwconfig-path=s" => \$iwconfigPath,
"tshark-path=s" => \$tsharkPath,
"dumpfile=s" => \$dumpFile,
);
if ($help) {
print <<_HELP_;
Usage: $0 --interface=wlan0 [--help] [--verbose] [--iwconfig-path=/sbin/iwconfig] [--ipconfig-path=/sbin/ifconfig]
[--dumpfile=result.txt]
Where:
--interface : Specify the wireless interface to use
--help : This help
--verbose : Verbose output to STDOUT
--ifconfig-path : Path to your ifconfig binary
--iwconfig-path : Path to your iwconfig binary
--tshark-path : Path to your tshark binary
--dumpfile : Save found SSID's/MAC addresses in a flat file (SIGUSR1)
_HELP_
exit 0;
}
# We must be run by root
($> ne 0) && die "$0 must be run by root!\n";
# We must have an interface to listen to
(!$interface) && die "No wireless interface speficied!\n";
# Check ifconfig availability
( ! -x $ifconfigPath) && die "ifconfig tool not found!\n";
# Check iwconfig availability
( ! -x $iwconfigPath) && die "iwconfig tool not found!\n";
# Check tshark availability
( ! -x $tsharkPath) && die "tshark tool not available!\n";
# Configure wireless interface
(system("$ifconfigPath $interface up")) && "Cannot initialize interface $interface!\n";
# Set interface in monitor mode
(system("$iwconfigPath $interface mode monitor")) && die "Cannot set interface $interface in monitoring mode!\n";
# Create the child process to change wireless channels
(!defined($pid = fork)) && die "Cannot fork child process!\n";
if ($pid) {
# ---------------------------------
# Parent process: run the main loop
# ---------------------------------
($verbose) && print "!! Running with PID: $$ (child: $pid)\n";
open(TSHARK, "$tsharkPath -i $interface -n -l subtype probereq |") || die "Cannot spawn tshark process!\n";
while (<TSHARK>) {
chomp;
my $line = $_;
chomp($line = $_);
# Everything exept backslash (some probes contains the ssid in ascii, not usable)
#if($line = m/\d+\.\d+ ([a-zA-Z0-9:]+).+SSID=([a-zA-ZÀ-ÿ0-9"\s\!\@\$\%\^\&\*\(\)\_\-\+\=\[\]\{\}\,\.\?\>\<]+)/) {
if($line = m/\d+\.\d+ ([a-zA-Z0-9:_]+).+SSID=([a-zA-ZÀ-ÿ0-9"\s\!\@\$\%\^\&\*\(\)\_\-\+\=\[\]\{\}\,\.\?\>\<]+)/) {
if($2 ne "Broadcast") { # Ignore broadcasts
my $macAddress = $1;
my $newKey = $2;
print DEBUG "$macAddress : $newKey\n";
if (! $detectedSSID{$newKey})
{
# New network found!
my @newSSID = ( $newKey, # SSID
1, # First packet
$macAddress, # MAC Address
time()); # Seen now
$detectedSSID{$newKey} = [ @newSSID ];
$uniqueSSID++;
print "++ New probe request from $macAddress with SSID: $newKey [$uniqueSSID]\n";
}
else
{
# Existing SSID found!
$detectedSSID{$newKey}[1]++; # Increase packets counter
$detectedSSID{$newKey}[2] = $macAddress; # MAC Address
$detectedSSID{$newKey}[3] = time(); # Now
($verbose) && print "-- Probe seen before: $newKey [$uniqueSSID]\n";
}
}
}
}
}
else {
# --------------------------------------------------
# Child process: Switch channels at regular interval
# --------------------------------------------------
($verbose) && print STDOUT "!! Switching wireless channel every 5\".\n";
while (1) {
for (my $channel = 1; $channel <= 12; $channel++) {
(system("$iwconfigPath $interface channel $channel")) &&
die "Cannot set interface channel.\n";
sleep(5);
}
}
}
sub dumpNetworks {
my $i;
my $key;
print STDOUT "!! Dumping detected networks:\n";
print STDOUT "!! MAC Address SSID Count Last Seen\n";
print STDOUT "!! -------------------- ------------------------------ ---------- -------------------\n";
if ($dumpFile) {
open(DUMP, ">$dumpFile") || die "Cannot write to $dumpFile (Error: $?)";
print DUMP "MAC Address SSID Count Last Seen\n";
print DUMP "-------------------- ------------------------------ ---------- -------------------\n";
}
for $key ( keys %detectedSSID)
{
my ($sec,$min,$hour,$mday,$mon,$year,$wday,$yday,$isdst) = localtime($detectedSSID{$key}[2]);
my $lastSeen = sprintf("%04d/%02d/%02d %02d:%02d:%02d", $year+1900, $mon+1, $mday, $hour, $min, $sec);
print STDOUT sprintf("!! %-20s %-30s %10s %-20s\n", $detectedSSID{$key}[2],
$detectedSSID{$key}[0], $detectedSSID{$key}[1], $lastSeen);
($dumpFile) && print DUMP sprintf("%-20s %-30s %10s %-20s\n",
$detectedSSID{$key}[2], $detectedSSID{$key}[0],
$detectedSSID{$key}[1], $lastSeen);
}
print STDOUT "!! Total unique SSID: $uniqueSSID\n";
($dumpFile) && print DUMP "Total unique SSID: $uniqueSSID\n";
close(DUMP);
return;
}
sub cleanKill {
if ($pid) {
# Parent process: display information
print "!! Received kill signal!\n";
kill 1, $pid;
dumpNetworks;
}
exit 0;
}